ItsPki_TestCases.ttcn 267 KB
Newer Older
        f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
        
        // Cleanup
        f_cfMtcDown(v_itss, v_ea);
        
      } // End of testcase TC_SECPKI_ITSS_AUTH_02_BV
      
      /**
       * @desc Check that the AuthorizationRequest message is encrypted using the encryptionKey found in the AA certificate referenced in recipientId.
       * <pre>
       * Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION
       * Initial conditions: 
       *     with {
       *         the IUT being in the "operational state"
       *             authorized with CERT_AA certificate
       *                 containing encryptionKey (AA_ENC_PUB_KEY)
       *     }
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT is triggered to requested a new Authorization Ticket (AT)
       *         }
       *         then {
       *             the IUT sends EtsiTs103097Data to the AA
       *                 containing content.encryptedData
       *                     containing ciphertext
       *                         containing data
       *                             encrypted using AA_ENC_PUB_KEY
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 v0.0.10 SECPKI_ITSS_AUTH_03_BV
       * @reference ETSI TS 102 941 [2], clause 6.2.3.3.1
       */
      testcase TC_SECPKI_ITSS_AUTH_03_BV() runs on ItsMtc /*system ItsPkiItssSystem*/ {
        // Local variables
        var ItsPkiItss v_itss;
        var ItsPkiHttp v_ea;
        
        // Test control
        if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_AUTHORIZATION) {
          log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfMtcUp(v_itss, v_ea);
        
        // Start component
        v_itss.start(f_TC_SECPKI_ITSS_AUTH_01_BV_itss());
        v_ea.start(f_TC_SECPKI_ITSS_AUTH_01_BV_pki());
        
        // Synchronization
        f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
        
        // Cleanup
        f_cfMtcDown(v_itss, v_ea);
        
      } // End of testcase TC_SECPKI_ITSS_AUTH_03_BV
      
      /**
       * @desc Check that the AuthorizationRequest message is never reused the same encryption key and nonce.
       * <pre>
       * Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION
       * Initial conditions: 
       *     with {
       *         the IUT being in the "operational state"
       *     }
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT is triggered to requested a new Authorization Ticket (AT)
       *         }
       *         then {
       *             the IUT sends EtsiTs103097Data to the AA
       *                 containing content.encryptedData
       *                     containing ciphertext.aes128ccm.nonce
       *                         indicating value not equal to the nonce in N previous messages
       *                 and containing recipients[0].certRecipInfo.encKey
       *                     containing encrypted symmetric key (S_KEY)
       *                         indicating symmetric key not equal to the key was used in N previous messages
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 v0.0.10 SECPKI_ITSS_AUTH_04_BV
       * @reference ETSI TS 102 941 [2], clause 6.2.3.3.1
       */
      testcase TC_SECPKI_ITSS_AUTH_04_BV() runs on ItsMtc /*system ItsPkiItssSystem*/ {
        // Local variables
        var ItsPkiItss v_itss;
        var ItsPkiHttp v_ea;
        
        // Test control
        if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_AUTHORIZATION) {
          log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfMtcUp(v_itss, v_ea);
        
        // Start component
        v_itss.start(f_TC_SECPKI_ITSS_AUTH_04_BV_itss());
        v_ea.start(f_TC_SECPKI_ITSS_AUTH_04_BV_pki());
        
        // Synchronization
        f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
        
        // Cleanup
        f_cfMtcDown(v_itss, v_ea);
        
      } // End of testcase TC_SECPKI_ITSS_AUTH_04_BV
      
      group f_TC_SECPKI_ITSS_AUTH_04_BV {
        
        function f_TC_SECPKI_ITSS_AUTH_04_BV_itss() runs on ItsPkiItss /*system ItsPkiItssSystem*/ {
          // Local variables
          var HashedId8               v_certificate_digest;
          var EtsiTs103097Certificate v_certificate;
          
          // Test component configuration
          f_cfUp_itss();
          
          // Test adapter configuration
          
          // Preamble
          // First enrolment
          geoNetworkingPort.clear;
          tc_ac.start;
          alt {
            [] a_await_cam_with_current_cert(v_certificate_digest, v_certificate) {
              tc_ac.stop;

              if (PX_TRIGGER_EC_BEFORE_AT) {
                f_sendUtTriggerEnrolmentRequestPrimitive();
                f_selfOrClientSyncAndVerdict(c_prDone, e_success);
              }
            }
            [] geoNetworkingPort.receive(
                                         mw_geoNwInd(
                                                     mw_geoNwSecPdu(
                                                                    mw_etsiTs103097Data_signed
                                                                    ))) {
              repeat;
            }
            [] tc_ac.timeout {
              log("*** " & testcasename() & ": INCONC: Expected CA message not received ***");
              f_selfOrClientSyncAndVerdict(c_prDone, e_timeout);
            }
          } // End of 'alt' statement
          
          // Test Body
          // N authorization
          for (var integer v_i := 0; v_i < PX_RE_AUTHORIZATION_COUNTER; v_i := v_i + 1) {
            f_sendUtTriggerAuthorizationRequestPrimitive();
            f_sleep(PX_RE_AUTHORIZATION_DELAY);
          } // End of 'for' statement
          log("*** " & testcasename() & ": PASS: Enrolment trigger sent succesfully ***");
          f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
          
          // Postamble
          f_cfDown_itss();
        } // End of function f_TC_SECPKI_ITSS_AUTH_04_BV_itss
        
        function f_TC_SECPKI_ITSS_AUTH_04_BV_pki() runs on ItsPkiHttp /*system ItsPkiHttpSystem*/ {
          // Local variable
          var integer v_counter := 0;
          var HeaderLines v_headers;
          var HttpMessage v_request;
          var HttpMessage v_response;
          var InnerAtRequest v_inner_at_request;
          var ListOfPublicVerificationKey v_generated_keys;
          var integer v_result;
          
          // Test component configuration
          f_cfHttpUp();
          
          // Test adapter configuration
          
          // Preamble
          f_init_default_headers_list(-, "inner_at_response", v_headers);
          // Wait for the first enrolment response
          tc_ac.start;
          alt {
            [] a_await_at_http_response_from_iut(
                                                 mw_http_request(
                                                                 mw_http_request_post(
                                                                                      PICS_HTTP_POST_URI_EC,
                                                                                      -,
                                                                                      mw_http_message_body_binary(
                                                                                                                  mw_binary_body_ieee1609dot2_data(
                                                                                                                                                   mw_enrolmentRequestMessage(
                                                                                                                                                                              mw_encryptedData(
                                                                                                                                                                                               -,
                                                                                                                                                                                               mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                                               )))))),
                                                 v_request
                                                 ) {
              tc_ac.stop;

              // Verify IUT response
              f_verify_http_at_request_from_iut_itss(v_request.request, v_headers, v_inner_at_request, v_response, v_result);
              // Send response
              if (isvalue(v_response)) {
                httpPort.send(v_response);
              }
              // Set verdict
              if (v_result == 0) {
                v_generated_keys[v_counter] := v_inner_at_request.publicKeys.verificationKey;
                v_counter := v_counter + 1;
                f_selfOrClientSyncAndVerdictTestBody(c_prDone, e_success);
              } else {
                log("*** " & testcasename() & ": FAIL: Failed to verify EA an EnrolmentRequestMessage ***");
                f_selfOrClientSyncAndVerdict(c_prDone, e_error);
              }
            }
            [] tc_ac.timeout {
              log("*** " & testcasename() & ": INCONC: Expected message not received ***");
              f_selfOrClientSyncAndVerdict(c_prDone, e_timeout);
            }
          } // End of 'alt' statement
          
          // Test Body
          tc_ac.start;
          alt {
            [] a_await_at_http_response_from_iut(
                                                 mw_http_request(
                                                                 mw_http_request_post(
                                                                                      PICS_HTTP_POST_URI_AT,
                                                                                      -,
                                                                                      mw_http_message_body_binary(
                                                                                                                  mw_binary_body_ieee1609dot2_data(
                                                                                                                                                   mw_enrolmentRequestMessage(
                                                                                                                                                                              mw_encryptedData(
                                                                                                                                                                                               -,
                                                                                                                                                                                               mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                                               )))))),
                                                 v_request
                                                 ) {
              tc_ac.stop;

              // Verify IUT response
              f_verify_http_at_request_from_iut_itss(v_request.request, v_headers, v_inner_at_request, v_response, v_result);
              // Send response
              if (isvalue(v_response)) {
                httpPort.send(v_response);
              }
              // Set verdict
              if (v_result == 0) {
                log("*** " & testcasename() & ": LOG: ", match(v_generated_keys, superset(v_inner_at_request.publicKeys.verificationKey)), "***");
                if (match(v_generated_keys, superset(v_inner_at_request.publicKeys.verificationKey))) {
                  v_generated_keys[v_counter] := v_inner_at_request.publicKeys.verificationKey;
                  v_counter := v_counter + 1;
                  f_selfOrClientSyncAndVerdictTestBody(c_prDone, e_success);
                } else {
                  log("*** " & testcasename() & ": FAIL: Duplication of generated public keys ***");
                  f_selfOrClientSyncAndVerdict(c_prDone, e_error);
                }
              } else {
                log("*** " & testcasename() & ": FAIL: Failed to verify EA an EnrolmentRequestMessage ***");
                f_selfOrClientSyncAndVerdict(c_prDone, e_error);
              }
            }
            [] tc_ac.timeout {
              if (v_counter == PX_RE_AUTHORIZATION_COUNTER) {
                log("*** " & testcasename() & ": PASS: InnerAtRequest received with different key pairs ***");
                f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
              } else {
                log("*** " & testcasename() & ": INCONC: Expected message not received ***");
                f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout);
              }
            }
          } // End of 'alt' statement
          
          // Postamble
          f_cfHttpDown();
        } // End of function f_TC_SECPKI_ITSS_AUTH_04_BV_pki
        
      } // End of group f_TC_SECPKI_ITSS_AUTH_04_BV
      
      /**
       * @desc Check that the Authozation request protocol version is set to 1.
       * <pre>
       * Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION
       * Initial conditions: 
       *     with {
       *         the IUT being in the "operational state"
       *     }
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT is triggered to requested a new Authorization Ticket (AT)
       *         }
       *         then {
       *             the IUT sends EtsiTs103097Data to the AA
       *                 containing version
       *                     indicating value 1
       *                 and containing content
       *                     containing autihorizationRequest
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 v0.0.10 SECPKI_ITSS_AUTH_05_BV
       * @reference ETSI TS 102 941 [2], clause 6.2.3.3.1
       */
      testcase TC_SECPKI_ITSS_AUTH_05_BV() runs on ItsMtc /*system ItsPkiItssSystem*/ {
        // Local variables
        var ItsPkiItss v_itss;
        var ItsPkiHttp v_ea;
        
        // Test control
        if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_AUTHORIZATION) {
          log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfMtcUp(v_itss, v_ea);
        
        // Start component
        v_itss.start(f_TC_SECPKI_ITSS_AUTH_01_BV_itss());
        v_ea.start(f_TC_SECPKI_ITSS_AUTH_01_BV_pki());
        
        // Synchronization
        f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
        
        // Cleanup
        f_cfMtcDown(v_itss, v_ea);
        
      } // End of testcase TC_SECPKI_ITSS_AUTH_05_BV
      
    } // End of group itss_authorization_request
    
    group itss_authorization_response {
      // TODO
    } // End of group itss_authorization_response
    
    group itss_ctl_handling {
      // TODO
    } // End of group itss_ctl_handling
    
    group itss_crl_handling {
      // TODO
    } // End of group itss_crl_handling
    
  } // End of group itss_behavior
  
  group ea_behavior {

    group ea_helpers {

      
    } // End of group ea_helpers

    group enrolment_request_handling {
      /**
       * @desc The EnrolmentResponse message shall be sent by the EA to the  ITS-S across the interface at 
       *       reference point S3 in response to a received EnrolmentRequest message.
       * <pre>
       * Pics Selection: PICS_IUT_EA_ROLE
       * Initial conditions: 
       *     with {
       *         the IUT being in the "operational state"
       *     }
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives an EnrolmentRequestMessage across the interface at the reference point S3
       *         }
       *         then {
       *             the IUT answers with an EnrolmentResponseMessage across the interface at reference point S3
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 v0.0.10 TP SECPKI_EA_ENR_RCV_01_BV
       * @reference ETSI TS 102 941, clause 6.2.3.2.2
       */
      testcase TC_SECPKI_EA_ENR_RCV_01_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
        // Local variables
        var Oct32 v_private_key;
        var Oct32 v_public_compressed_key;
        var integer v_compressed_mode;
        var Oct32 v_request_hash;
        var Oct16 v_encrypted_sym_key;
        var Oct16 v_aes_sym_key;
        var Oct16 v_authentication_vector;
        var Oct12 v_nonce;
        var octetstring v_salt;
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
        var HeaderLines v_headers;
        var HttpMessage v_response;
        var EtsiTs102941Data v_etsi_ts_102941_data;
        
        // Test control
        if (not PICS_IUT_EA_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID);
        
        // Test adapter configuration
        
        // Preamble
        f_http_build_inner_ec_request(v_private_key, v_public_compressed_key, v_compressed_mode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
        f_init_default_headers_list(-, "inner_ec_request", v_headers);
        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
        
        // Test Body
Yann Garcia's avatar
Yann Garcia committed
        f_http_send(
                    v_headers,
                    m_http_request(
                                   m_http_request_post(
                                                       PICS_HTTP_POST_URI_EC,
                                                       v_headers,
                                                       m_http_message_body_binary(
                                                                                  m_binary_body_ieee1609dot2_data(
                                                                                                                  v_ieee1609dot2_signed_and_encrypted_data
                                                                                                                  )))));
          [] a_await_ec_http_response_from_iut(
                                               mw_http_response(
                                                                mw_http_response_ok(
                                                                                    mw_http_message_body_binary(
                                                                                                                mw_binary_body_ieee1609dot2_data(
                                                                                                                                                 mw_enrolmentResponseMessage(
                                                                                                                                                                             mw_encryptedData(
                                                                                                                                                                                              -,
                                                                                                                                                                                              mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                                              )))))),
                                               v_response
                                               ) {
            tc_ac.stop;
            
            if (f_verify_pki_response_message(v_private_key, v_aes_sym_key, v_authentication_vector, vc_eaWholeHash, v_response.response.body.binary_body.ieee1609dot2_data, false, v_etsi_ts_102941_data) == false) {
              log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***");
              f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
            } else {
              log("*** " & testcasename() & ": PASS: InnerEcResponse received ***");
              f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
            }
          }
          [] tc_ac.timeout {
            log("*** " & testcasename() & ": INCONC: Expected message not received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
          }
        } // End of 'alt' statement
        
        // Postamble
        f_cfHttpDown();
        
      } // End of testcase TC_SECPKI_EA_ENR_RCV_01_BV

      /**
Yann Garcia's avatar
Yann Garcia committed
       * @desc Check that EA doesn't accept Enrolment rekeying request when enrolment is not permitted 
       *       by signing certificate.
       * <pre>
       * Pics Selection: PICS_IUT_EA_ROLE
       * Initial conditions: 
       *     with {
       *         the IUT being in the "operational state"
       *     }
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives an EnrolmentRequestMessage
       *                 containing an encrypted EtsiTs103097Data-Signed
       *                     containing signer
       *                         containing digest
       *                             indicating HashedId8 of the certificate CERT
       *                                 containing appPermissions
       *                                     not containing an item of type PsidSsp
       *                                         containing psid
       *                                             indicating AID_CERT_REQ
       *                                     or containing an item of type PsidSsp
       *                                         containing psid
       *                                             indicating AID_CERT_REQ
       *                                         and containing ssp
       *                                             containing opaque[0] (version)
       *                                                 indicating other value than 1
       *                                             or containing opaque[1] (value)
       *                                                 indicating "Enrolment Request" (bit 1) set to 0
       *         }
       *         then {
       *             the IUT answers with an EnrolmentResponseMessage
       *                 containing InnerECResponse
       *                     containing responseCode
       *                         indicating "deniedpermissions"
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 v0.0.10 TP SECPKI_EA_ENR_RCV_02_BI
       * @reference ETSI TS 102 941, clause B.5
       */
      testcase TC_SECPKI_EA_ENR_RCV_02_BI() runs on ItsPkiHttp system ItsPkiHttpSystem {
        // Local variables
        var Oct32 v_private_key;
        var Oct32 v_public_compressed_key;
        var integer v_compressed_mode;
        var Oct32 v_request_hash;
        var Oct16 v_encrypted_sym_key;
        var Oct16 v_aes_sym_key;
        var Oct16 v_authentication_vector;
        var Oct12 v_nonce;
        var octetstring v_salt;
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
        var HeaderLines v_headers;
        var HttpMessage v_response;
        var EtsiTs102941Data v_etsi_ts_102941_data;
        
        // Test control
        if (not PICS_IUT_EA_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfHttpUp("CERT_TS_EC_ENR_RCV_02_BI_02");
        
        // Test adapter configuration
        
        // Preamble
        f_http_build_inner_ec_request(v_private_key, v_public_compressed_key, v_compressed_mode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
        f_init_default_headers_list(-, "inner_ec_request", v_headers);
        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
        
        // Test Body
        f_http_send(
                    v_headers,
                    m_http_request(
                                   m_http_request_post(
                                                       PICS_HTTP_POST_URI_EC,
                                                       v_headers,
                                                       m_http_message_body_binary(
                                                                                  m_binary_body_ieee1609dot2_data(
                                                                                                                  v_ieee1609dot2_signed_and_encrypted_data
                                                                                                                  )))));
          [] a_await_ec_http_response_from_iut(
                                               mw_http_response(
                                                                mw_http_response_ok(
                                                                                    mw_http_message_body_binary(
                                                                                                                mw_binary_body_ieee1609dot2_data(
                                                                                                                                                 mw_enrolmentResponseMessage(
                                                                                                                                                                             mw_encryptedData(
                                                                                                                                                                                              -,
                                                                                                                                                                                              mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                                              )))))),
                                               v_response
                                               ) {
Yann Garcia's avatar
Yann Garcia committed
            if (f_verify_pki_response_message(v_private_key, v_aes_sym_key, v_authentication_vector, vc_eaWholeHash, v_response.response.body.binary_body.ieee1609dot2_data, false, v_etsi_ts_102941_data) == false) {
              log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***");
              f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
            } else {
              log(match(v_etsi_ts_102941_data, mw_etsiTs102941Data_inner_ec_response(mw_innerEcResponse_ko(substr(v_request_hash, 0, 16)))));
              if (match(v_etsi_ts_102941_data, mw_etsiTs102941Data_inner_ec_response(mw_innerEcResponse_ko(substr(v_request_hash, 0, 16)))) == false) {
                log("*** " & testcasename() & ": FAIL: Invalid InnerEcResponse received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
              } else {
                log("*** " & testcasename() & ": PASS: InnerEcResponse received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
              }
            }
          }
          [] tc_ac.timeout {
            log("*** " & testcasename() & ": INCONC: Expected message not received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
          }
        } // End of 'alt' statement
        
        // Postamble
        f_cfHttpDown();

      } // End of testcase TC_SECPKI_EA_ENR_RCV_02_BI
    } // End of group enrolment_request_handling
    group enrolment_response {
garciay's avatar
garciay committed
      /**
       * @desc The EnrolmentResponse message shall be encrypted using an ETSI TS 103 097 approved 
       *       algorithm and the encryption shall be done with the same AES key as the one used 
       *       by the ITS-S requestor for the encryption of the EnrolmentRequest message
garciay's avatar
garciay committed
       * <pre>
garciay's avatar
garciay committed
       * Pics Selection: PICS_IUT_EA_ROLE
garciay's avatar
garciay committed
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives an EnrolmentRequestMessage
       *                 containing encKey
       *                     containing an encrypted AES key (SYMKEY)
garciay's avatar
garciay committed
       *         }
       *         then {
       *             the IUT answers with an EnrolmentResponseMessage
       *                 containing cipherTex
       *                     being encrypted using SYMKEY
garciay's avatar
garciay committed
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 v0.0.10 TP SECPKI_EA_ENR_01_BV
garciay's avatar
garciay committed
       * @reference ETSI TS 102 941, clause 6.2.3.2.2
       */
      testcase TC_SECPKI_EA_ENR_01_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
garciay's avatar
garciay committed
        // Local variables
        var Oct32 v_private_key;
        var Oct32 v_public_compressed_key;
        var integer v_compressed_mode;
        var Oct32 v_request_hash;
Yann Garcia's avatar
Yann Garcia committed
        var Oct16 v_encrypted_sym_key;
        var Oct16 v_aes_sym_key;
        var Oct16 v_authentication_vector;
        var Oct12 v_nonce;
        var octetstring v_salt;
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
        var HeaderLines v_headers;
        var HttpMessage v_response;
        var EtsiTs102941Data v_etsi_ts_102941_data;
garciay's avatar
garciay committed
        
        // Test control
        if (not PICS_IUT_EA_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
Yann Garcia's avatar
Yann Garcia committed
        }
garciay's avatar
garciay committed
        
        // Test component configuration
        f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID);
garciay's avatar
garciay committed
        
        // Test adapter configuration
        
        // Preamble
        f_http_build_inner_ec_request(v_private_key, v_public_compressed_key, v_compressed_mode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
        f_init_default_headers_list(-, "inner_ec_request", v_headers);
garciay's avatar
garciay committed
        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
        
        // Test Body
Yann Garcia's avatar
Yann Garcia committed
        httpPort.send(
                      m_http_request(
                                     m_http_request_post(
Yann Garcia's avatar
Yann Garcia committed
                                                         PICS_HTTP_POST_URI_EC,
Yann Garcia's avatar
Yann Garcia committed
                                                         v_headers,
                                                         m_http_message_body_binary(
                                                                                    m_binary_body_ieee1609dot2_data(
                                                                                                                    v_ieee1609dot2_signed_and_encrypted_data
                                                                                                                    )))));
garciay's avatar
garciay committed
        tc_ac.start;
        alt {
Yann Garcia's avatar
Yann Garcia committed
          [not(PICS_MULTIPLE_END_POINT)] httpPort.receive(
Yann Garcia's avatar
Yann Garcia committed
                              mw_http_response(
                                               mw_http_response_ok(
                                                                   mw_http_message_body_binary(
                                                                                               mw_binary_body_ieee1609dot2_data(
                                                                                                                                mw_enrolmentResponseMessage(
                                                                                                                                                            mw_encryptedData(
                                                                                                                                                                             -,
                                                                                                                                                                             mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                             ))))))) -> value v_response {
garciay's avatar
garciay committed
            tc_ac.stop;
Yann Garcia's avatar
Yann Garcia committed
            if (f_verify_pki_response_message(v_private_key, v_aes_sym_key, v_authentication_vector, vc_eaWholeHash, v_response.response.body.binary_body.ieee1609dot2_data, false, v_etsi_ts_102941_data) == false) {
Yann Garcia's avatar
Yann Garcia committed
              log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***");
              f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
            } else {
              log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***");
              log("*** " & testcasename() & ": DEBUG: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16)))), " ***"); // TODO In TITAN, this is the only way to get the unmatching in log
              if (match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16))))) {
                log("*** " & testcasename() & ": PASS: InnerEcResponse received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
              } else {
                log("*** " & testcasename() & ": FAIL: Unexpected message received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
              }
Yann Garcia's avatar
Yann Garcia committed
          [not(PICS_MULTIPLE_END_POINT)] httpPort.receive(
Yann Garcia's avatar
Yann Garcia committed
                              mw_http_response(
                                               mw_http_response_ko
                                               )) {
            tc_ac.stop;
            
            log("*** " & testcasename() & ": FAIL: Unexpected message received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
garciay's avatar
garciay committed
          }
          [] tc_ac.timeout {
            log("*** " & testcasename() & ": INCONC: Expected message not received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
          }
        } // End of 'alt' statement
garciay's avatar
garciay committed
        // Postamble
Yann Garcia's avatar
Yann Garcia committed
        f_cfHttpDown();
      } // End of testcase TC_SECPKI_EA_ENR_01_BV
    
garciay's avatar
garciay committed
      /**
       * @desc The EnrolmentResponse message shall be encrypted using an ETSI TS 103 097 approved 
       *       algorithm and the encryption shall be done with the same AES key as the one used 
       *       by the ITS-S requestor for the encryption of the EnrolmentRequest message.
garciay's avatar
garciay committed
       * <pre>
garciay's avatar
garciay committed
       * Pics Selection: PICS_IUT_EA_ROLE
garciay's avatar
garciay committed
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives an EnrolmentRequestMessage
       *                 containing encKey
       *                     containing an encrypted AES key (SYMKEY)
       *         }
       *         then {
       *             the IUT answers with an EnrolmentResponseMessage
       *                 containing cipherTex
       *                     being encrypted
       *                         using SYMKEY
       *                         and using an ETSI TS 103 097 approved algorithm
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 v0.0.10 TP 22
garciay's avatar
garciay committed
       * @reference ETSI TS 102 941, clause 6.2.3.2.2
       */
      testcase TC_SECPKI_EA_ENR_02_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
garciay's avatar
garciay committed
        // Local variables
        var Oct32 v_private_key;
        var Oct32 v_public_compressed_key;
        var integer v_compressed_mode;
        var Oct32 v_request_hash;
        var Oct16 v_encrypted_sym_key;
        var Oct16 v_aes_sym_key;
        var Oct16 v_authentication_vector;
        var Oct12 v_nonce;
        var octetstring v_salt;
garciay's avatar
garciay committed
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
        var HeaderLines v_headers;
        var HttpMessage v_response;
        var EtsiTs102941Data v_etsi_ts_102941_data;
garciay's avatar
garciay committed
        // Test control
        if (not PICS_IUT_EA_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
garciay's avatar
garciay committed
        // Test component configuration
        f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID);
garciay's avatar
garciay committed
        // Test adapter configuration
garciay's avatar
garciay committed
        // Preamble
        f_http_build_inner_ec_request(v_private_key, v_public_compressed_key, v_compressed_mode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
        f_init_default_headers_list(-, "inner_ec_request", v_headers);
garciay's avatar
garciay committed
        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
garciay's avatar
garciay committed
        // Test Body
        httpPort.send(
                      m_http_request(
garciay's avatar
garciay committed
                                     m_http_request_post(
Yann Garcia's avatar
Yann Garcia committed
                                                         PICS_HTTP_POST_URI_EC,
garciay's avatar
garciay committed
                                                         v_headers,
                                                         m_http_message_body_binary(
                                                                                    m_binary_body_ieee1609dot2_data(
                                                                                                                    v_ieee1609dot2_signed_and_encrypted_data
                                                                                                                    )))));
garciay's avatar
garciay committed
        tc_ac.start;
        alt {
Yann Garcia's avatar
Yann Garcia committed
          [not(PICS_MULTIPLE_END_POINT)] httpPort.receive(
garciay's avatar
garciay committed
                              mw_http_response(
                                               mw_http_response_ok(
                                                                   mw_http_message_body_binary(
                                                                                               mw_binary_body_ieee1609dot2_data(
                                                                                                                                mw_enrolmentResponseMessage(
                                                                                                                                                            mw_encryptedData(
                                                                                                                                                                             -,
                                                                                                                                                                             mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                             ))))))) -> value v_response {
            tc_ac.stop;
Yann Garcia's avatar
Yann Garcia committed
            if (f_verify_pki_response_message(v_private_key, v_aes_sym_key, v_authentication_vector, vc_eaWholeHash, v_response.response.body.binary_body.ieee1609dot2_data, false, v_etsi_ts_102941_data) == false) {
garciay's avatar
garciay committed
              log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***");
              f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
            } else {
garciay's avatar
garciay committed
              log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***");
              log("*** " & testcasename() & ": DEBUG: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16)))), " ***"); // TODO In TITAN, this is the only way to get the unmatching in log
              if (match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16))))) {
garciay's avatar
garciay committed
                log("*** " & testcasename() & ": PASS: InnerEcResponse received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
              } else {
                log("*** " & testcasename() & ": FAIL: Unexpected message received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
garciay's avatar
garciay committed
              }
Yann Garcia's avatar
Yann Garcia committed
          [not(PICS_MULTIPLE_END_POINT)] httpPort.receive(
garciay's avatar
garciay committed
                              mw_http_response(
                                               mw_http_response_ko
                                               )) {
            tc_ac.stop;
            
            log("*** " & testcasename() & ": FAIL: Unexpected message received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
          }
garciay's avatar
garciay committed
          [] tc_ac.timeout {
            log("*** " & testcasename() & ": INCONC: Expected message not received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
          }
        } // End of 'alt' statement
garciay's avatar
garciay committed
        // Postamble
        f_cfHttpDown();
      } // End of testcase TC_SECPKI_EA_ENR_02_BV
garciay's avatar
garciay committed
      /**
       * @desc The outermost structure is an EtsiTs103097Data-Encrypted structure containing 
       *       the component recipients containing one instance of RecipientInfo of choice 
       *       pskRecipInfo, which contains the HashedId8 of the symmetric key used by the 
       *       ITS-S to encrypt the EnrolmentRequest message to which the response is built 
       *       and containing the component ciphertext, once decrypted, contains an 
       *       EtsiTs103097Data-Signed structure
       * <pre>
garciay's avatar
garciay committed
       * Pics Selection: PICS_IUT_EA_ROLE
garciay's avatar
garciay committed
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives an EnrolmentRequestMessage
       *         }
       *         then {
       *             the IUT sends an EtsiTs103097Data-Encrypted structure
       *                 containing recipients
       *                     containing one instance of RecipientInfo of choice pskRecipInfo
       *                         containing the HashedId8 of the symmetric key used to encrypt the EnrolmentRequestMessage
       *                 and containing cipherText
       *                     being an encrypted EtsiTs103097Data-Signed structure
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 v0.0.10 TP SECPKI_EA_ENR_03_BV
garciay's avatar
garciay committed
       * @reference ETSI TS 102 941, clause 6.2.3.2.2
       */
      testcase TC_SECPKI_EA_ENR_03_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
garciay's avatar
garciay committed
        // Local variables
        var Oct32 v_private_key;
        var Oct32 v_public_compressed_key;
        var integer v_compressed_mode;
        var Oct32 v_request_hash;
garciay's avatar
garciay committed
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
        var Oct16 v_aes_sym_key;
        var Oct16 v_encrypted_sym_key;
        var Oct16 v_authentication_vector;
        var Oct12 v_nonce;
        var octetstring v_salt;
garciay's avatar
garciay committed
        var HeaderLines v_headers;
        var HttpMessage v_response;
        var EtsiTs102941Data v_etsi_ts_102941_data;
garciay's avatar
garciay committed
        // Test control
        if (not PICS_IUT_EA_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
garciay's avatar
garciay committed
        // Test component configuration
        f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID);
garciay's avatar
garciay committed
        // Test adapter configuration
garciay's avatar
garciay committed
        // Preamble
        f_http_build_inner_ec_request(v_private_key, v_public_compressed_key, v_compressed_mode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
        f_init_default_headers_list(-, "inner_ec_request", v_headers);
garciay's avatar
garciay committed
        httpPort.send(
                      m_http_request(
garciay's avatar
garciay committed
                                     m_http_request_post(
Yann Garcia's avatar
Yann Garcia committed
                                                         PICS_HTTP_POST_URI_EC,
garciay's avatar
garciay committed
                                                         v_headers,
                                                         m_http_message_body_binary(
                                                                                    m_binary_body_ieee1609dot2_data(
                                                                                                                    v_ieee1609dot2_signed_and_encrypted_data
                                                                                                                    )))));
garciay's avatar
garciay committed
        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
garciay's avatar
garciay committed
        // Test Body
        tc_ac.start;
        alt {
Yann Garcia's avatar
Yann Garcia committed
          [not(PICS_MULTIPLE_END_POINT)] httpPort.receive(
garciay's avatar
garciay committed
                              mw_http_response(
                                               mw_http_response_ok(
                                                                   mw_http_message_body_binary(
                                                                                               mw_binary_body_ieee1609dot2_data(
                                                                                                                                mw_enrolmentResponseMessage(
                                                                                                                                                            mw_encryptedData(
                                                                                                                                                                             -,
                                                                                                                                                                             mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                             ))))))) -> value v_response {
            tc_ac.stop;
Yann Garcia's avatar
Yann Garcia committed
            if (f_verify_pki_response_message(v_private_key, v_aes_sym_key, v_authentication_vector, vc_eaWholeHash, v_response.response.body.binary_body.ieee1609dot2_data, true, v_etsi_ts_102941_data) == false) {
garciay's avatar
garciay committed
              log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***");
              f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
            } else {
garciay's avatar
garciay committed
              log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***");
              log("*** " & testcasename() & ": DEBUG: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16)))), " ***"); // TODO In TITAN, this is the only way to get the unmatching in log
              if (match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16))))) {
garciay's avatar
garciay committed
                log("*** " & testcasename() & ": PASS: InnerEcResponse received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
              } else {
                log("*** " & testcasename() & ": FAIL: Unexpected message received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
garciay's avatar
garciay committed
              }
          [] tc_ac.timeout {
            log("*** " & testcasename() & ": INCONC: Expected message not received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
          }
        } // End of 'alt' statement
        
        // Postamble
        f_cfHttpDown();
        
      } // End of testcase TC_SECPKI_EA_ENR_03_BV
      /**
       * @desc If the ITS-S has been able to decrypt the content, this expected EtsiTs103097Data-Signed structure shall 
       *       contain hashId, tbsData, signer and signature. The hashId shall indicate the hash algorithm to be used as 
       *       specified in ETSI TS 103 097, the signer shall be declared as a digest, containing the HashedId8 of the 
       *       EA certificate and the signature over tbsData shall be computed using the EA private key corresponding to 
       *       its publicVerificationKey found in the referenced EA certificate.
       * <pre>
garciay's avatar
garciay committed
       * Pics Selection: PICS_IUT_EA_ROLE
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives an EnrolmentRequestMessage
       *         }
       *         then {
       *             the IUT sends an EtsiTs103097Data-Encrypted structure
       *                 containing an encrypted EtsiTs103097Data-Signed structure
       *                     containing hashId
       *                        indicating the hash algorithm to be used as specified in ETSI TS 103 097
       *                     and containing tbsData
       *                     and containing signer
       *                         declared as a digest
       *                             containing the HashedId8 of the EA certificate
       *                     and containing signature
       *                         computed over tbsData
       *                             using the EA private key
       *                                 corresponding to the publicVerificationKey found in the referenced EA certificate
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 v0.0.10 TP SECPKI_EA_ENR_04_BV
       * @reference ETSI TS 102 941, clause 6.2.3.2.2
       */
      testcase TC_SECPKI_EA_ENR_04_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
        // Local variables
        var Oct32 v_private_key;
        var Oct32 v_public_compressed_key;
        var integer v_compressed_mode;
        var Oct32 v_request_hash;
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
        var Oct16 v_aes_sym_key;
        var Oct16 v_encrypted_sym_key;
        var Oct16 v_authentication_vector;
        var Oct12 v_nonce;
        var octetstring v_salt;
        var HeaderLines v_headers;
        var HttpMessage v_response;
        var EtsiTs102941Data v_etsi_ts_102941_data;
      
        // Test control
        if (not PICS_IUT_EA_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID);
        
        // Test adapter configuration