ItsPki_TestCases.ttcn 122 KB
Newer Older
garciay's avatar
garciay committed
/**
 *  @author   ETSI / STF545
 *  @version  $URL$
 *            $Id$
 *  @desc     Testcases  file for Security Protocol
 *  @reference   ETSI TS ITS-00546v006
 *  @copyright   ETSI Copyright Notification
 *               No part may be reproduced except as authorized by written permission.
 *               The copyright and the foregoing restriction extend to reproduction in all media.
 *               All rights reserved.
 */
module ItsPki_TestCases {
Yann Garcia's avatar
Yann Garcia committed
  
garciay's avatar
garciay committed
  // Libcommon
  import from LibCommon_Time all;
  import from LibCommon_VerdictControl all;
  import from LibCommon_Sync all;
  import from LibCommon_BasicTypesAndValues all;
Yann Garcia's avatar
Yann Garcia committed
  import from LibCommon_DataStrings all;
garciay's avatar
garciay committed
  // LibIts
  import from IEEE1609dot2BaseTypes language "ASN.1:1997" all;
  import from IEEE1609dot2 language "ASN.1:1997" all;
  import from EtsiTs102941BaseTypes language "ASN.1:1997" all;
  import from EtsiTs102941TypesEnrolment language "ASN.1:1997" all;
  import from EtsiTs102941TypesAuthorization language "ASN.1:1997" all;
  import from EtsiTs102941TypesAuthorizationValidation language "ASN.1:1997" all;
  import from EtsiTs102941MessagesCa language "ASN.1:1997" all;
garciay's avatar
garciay committed
  import from EtsiTs103097Module language "ASN.1:1997" all;
  import from ITS_Container language "ASN.1:1997" all;
  import from CAM_PDU_Descriptions language "ASN.1:1997" all;
Yann Garcia's avatar
Yann Garcia committed
  
garciay's avatar
garciay committed
  // LibItsCommon
Yann Garcia's avatar
Yann Garcia committed
  import from LibItsCommon_TypesAndValues all;
garciay's avatar
garciay committed
  import from LibItsCommon_Functions all;
Yann Garcia's avatar
Yann Garcia committed
  import from LibItsCommon_TypesAndValues all;
garciay's avatar
garciay committed
  import from LibItsCommon_ASN1_NamedNumbers all;
Yann Garcia's avatar
Yann Garcia committed
  
  // LibItsGeoNetworking
  import from LibItsGeoNetworking_TypesAndValues all;
Yann Garcia's avatar
Yann Garcia committed
  import from LibItsGeoNetworking_Functions all;
  import from LibItsGeoNetworking_Templates all;
  import from LibItsGeoNetworking_Pics all;
  import from LibItsGeoNetworking_TestSystem all;
Yann Garcia's avatar
Yann Garcia committed
  
garciay's avatar
garciay committed
  // LibItsSecurity
  import from LibItsSecurity_TypesAndValues all;
  import from LibItsSecurity_TestSystem all;
  import from LibItsSecurity_Templates all;
  import from LibItsSecurity_Functions all;
  import from LibItsSecurity_Pixits all;
  import from LibItsSecurity_Pics all;
Yann Garcia's avatar
Yann Garcia committed
  
garciay's avatar
garciay committed
  // LibItsHttp
  import from LibItsHttp_TypesAndValues all;
  import from LibItsHttp_Templates all;
  import from LibItsHttp_BinaryTemplates all;
  import from LibItsHttp_Functions all;
Yann Garcia's avatar
Yann Garcia committed
  import from LibItsHttp_TestSystem all;
garciay's avatar
garciay committed
  // LibItsPki
  import from LibItsPki_Templates all;
Yann Garcia's avatar
Yann Garcia committed
  import from LibItsPki_Functions all;
garciay's avatar
garciay committed
  import from LibItsPki_TestSystem all;
  import from LibItsPki_Pics all;
  import from LibItsPki_Pixits all;
garciay's avatar
garciay committed
  // AtsPki
  import from ItsPki_Functions all;

  /**
   * @desc 5.2	ITS-S behaviour
   */
  group itss_behavior {

    group itss_manufacturing {
Yann Garcia's avatar
Yann Garcia committed
      
garciay's avatar
garciay committed
      /**
       * @desc Check that IUT sends an enrolment request when triggered.
       * <pre>
       * Pics Selection: 
       * Initial conditions: 
       *     with {
       *         the IUT being in the "initial state"
       *     }
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT is triggered to requested a new Enrolment Certificate (EC)
       *         }
       *         then {
       *             the IUT sends to EA an EnrolmentRequestMessage
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS ITS-00546v006 TP 2
       * @reference ETSI TS 102 941 [2], clause 6.1.3
       */
      testcase TC_SEC_PKI_ITSS_ENR_BV_01() runs on ItsMtc /*system ItsPkiItssSystem*/ {
garciay's avatar
garciay committed
        // Local variables
        var Oct32      v_private_key;
        var Oct32      v_publicKeyX;
        var Oct32      v_publicKeyY;
        var Oct32      v_publicKeyCompressed;
        var integer    v_compressedMode;
Yann Garcia's avatar
Yann Garcia committed
        var ItsPkiItss v_itss;
Yann Garcia's avatar
Yann Garcia committed
        var ItsPkiHttp v_ea;
        // Test control
        if (not PICS_IUT_ITS_S_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
garciay's avatar
garciay committed
        // Test component configuration
        if (f_generate_key_pair_nistp256(v_private_key, v_publicKeyX, v_publicKeyY, v_publicKeyCompressed, v_compressedMode) == false) {
          log("*** " & testcasename() & ": FAIL: Failed to setup InnerEcRequest message ***")
          setverdict(inconc);
          stop;
        }
        v_itss.start(f_TC_SEC_PKI_ITSS_ENR_BV_01_itss(cc_taCert_A, v_private_key, v_publicKeyCompressed, v_compressedMode));
        v_ea.start(f_TC_SEC_PKI_ITSS_ENR_BV_01_pki(cc_taCert_A, v_private_key, v_publicKeyCompressed, v_compressedMode));
Yann Garcia's avatar
Yann Garcia committed
        
        // Synchronization
        f_serverSync2ClientsAndStop({c_prDone, c_tbDone, c_poDone});
garciay's avatar
garciay committed
        
Yann Garcia's avatar
Yann Garcia committed
        // Cleanup
garciay's avatar
garciay committed
        
      } // End of testcase TC_SEC_PKI_ITSS_ENR_BV_01
      
Yann Garcia's avatar
Yann Garcia committed
      group f_TC_SEC_PKI_ITSS_ENR_BV_01 {
        
        function f_TC_SEC_PKI_ITSS_ENR_BV_01_itss(
garciay's avatar
garciay committed
                                                  in charstring p_certificate_id,
                                                  in octetstring p_private_key,
                                                  in octetstring p_publicKeyCompressed,
                                                  in integer p_compressedMode
                                                  ) runs on ItsPkiItss /*system ItsPkiItssSystem*/ {
garciay's avatar
garciay committed
          // Local variables
garciay's avatar
garciay committed
          // Test component configuration
          f_cfUp_itss();
garciay's avatar
garciay committed
          // Test adapter configuration
garciay's avatar
garciay committed
          // Preamble
          f_sendUtTriggerPrimitive(PICS_ITS_S_CANONICAL_ID, '00'O, p_private_key, p_publicKeyCompressed, p_compressedMode);
          f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
garciay's avatar
garciay committed
          // Test Body
          f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
          
garciay's avatar
garciay committed
          // Postamble
          f_cfDown_itss();
        } // End of function f_TC_SEC_PKI_ITSS_ENR_BV_01_itss
        function f_TC_SEC_PKI_ITSS_ENR_BV_01_pki(
                                                 in charstring p_certificate_id,
                                                 in octetstring p_private_key,
                                                 in octetstring p_publicKeyCompressed,
                                                 in integer p_compressedMode
Yann Garcia's avatar
Yann Garcia committed
                                                 ) runs on ItsPkiHttp /*system ItsPkiHttpSystem*/ {
          // Local variable
          var HttpMessage v_response;
          var EtsiTs102941Data v_etsi_ts_102941_data;
          var InnerEcRequest v_inner_ec_request;
Yann Garcia's avatar
Yann Garcia committed
          f_cfHttpUp();
Yann Garcia's avatar
Yann Garcia committed
          f_selfOrClientSyncAndVerdictTestBody(c_prDone, e_success);
          
          // Test Body
Yann Garcia's avatar
Yann Garcia committed
            [] httpPort.receive(
                                mw_http_response(
                                                 mw_http_response_ok(
                                                                     mw_http_message_body_binary(
                                                                                                 mw_binary_body_ieee1609dot2_data(
                                                                                                                                  mw_enrolmentRequestMessage(
                                                                                                                                                             mw_encryptedData(
                                                                                                                                                                              -,
                                                                                                                                                                              mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                              ))))))) -> value v_response {
              tc_ac.stop;
              
              /*if (f_verify_pki_message(vc_eaPrivateEncKey, int2oct(0, 32), vc_eaCertificate, v_response.response.body.binary_body.ieee1609dot2_data, false, v_etsi_ts_102941_data) == false) {
                log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
              } else {
                log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***");
                log("*** " & testcasename() & ": DEBUG: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentRequest(mw_innerEcRequestSignedForPop(mw_signedData))), " ***"); // TODO In TITAN, this is the only way to get the unmatching in log
                if (match(v_etsi_ts_102941_data.content, mw_enrolmentRequest(mw_innerEcRequestSignedForPop(mw_signedData)))) {
                  // TODO Verify signature of mw_innerEcRequestSignedForPop
                  log("*** " & testcasename() & ": PASS: InnerEcRequestSignedForPop received ***");
                  f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                } else {
                  log("*** " & testcasename() & ": FAIL: Unexpected message received ***");
                  f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                }
                }*/
            }
            [] tc_ac.timeout {
              log("*** " & testcasename() & ": INCONC: Expected message not received ***");
Yann Garcia's avatar
Yann Garcia committed
              f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
Yann Garcia's avatar
Yann Garcia committed
          f_cfHttpDown();
        } // End of function f_TC_SEC_PKI_ITSS_ENR_BV_01_pki
      } // End of group f_TC_SEC_PKI_ITSS_ENR_BV_01
garciay's avatar
garciay committed
      /**
       * @desc If the enrolment request of the IUT is an initial enrolment request, the itsId 
       *       (contained in the InnerECRequest) shall be set to the canonical identifier, the 
       *       signer (contained in the outer EtsiTs1030971Data-Signed) shall be set to self and 
       *       the outer signature shall be computed using the canonical private key.
       * <pre>
       * Pics Selection: 
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT is requested to send an EnrolmentRequestMessage
       *         }
       *         then {
       *             the IUT sends an EtsiTs103097Data-Encrypted
       *                 containing an encrypted EtsiTs103097Data-Signed
       *                     containing EtsiTs103097Data
       *                          containing InnerECRequestSignedForPOP
       *                             containing InnerEcRequest
       *                                 containing itsId
       *                                     indicating the canonical identifier of the ITS-S 
       *                 and containing signer
       *                     declared as self
       *                 and containing signature 
       *                     computed using the canonical private key
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS ITS-00546v006 TP 3
       * @reference ETSI TS 102 941, clause 6.1.3
       */
      testcase TC_SEC_PKI_ITSS_ENR_BV_02() runs on ItsMtc /*system ItsPkiItssSystem*/ {
        // Local variables
        var Oct32      v_private_key;
        var Oct32      v_publicKeyX;
        var Oct32      v_publicKeyY;
        var Oct32      v_publicKeyCompressed;
        var integer    v_compressedMode;
        var ItsPkiItss v_itss;
        var ItsPkiHttp v_ea;
garciay's avatar
garciay committed
        
        // Test control
        if (not PICS_IUT_ITS_S_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        
        if (f_generate_key_pair_nistp256(v_private_key, v_publicKeyX, v_publicKeyY, v_publicKeyCompressed, v_compressedMode) == false) {
          log("*** " & testcasename() & ": FAIL: Failed to setup InnerEcRequest message ***")
          setverdict(inconc);
          stop;
        }
        v_itss.start(f_TC_SEC_PKI_ITSS_ENR_BV_02_itss(cc_taCert_A, v_private_key, v_publicKeyCompressed, v_compressedMode));
        v_ea.start(f_TC_SEC_PKI_ITSS_ENR_BV_02_pki(cc_taCert_A, v_private_key, v_publicKeyCompressed, v_compressedMode));
        
        // Synchronization
        f_serverSync2ClientsAndStop({c_prDone, c_tbDone, c_poDone});
        
        // Cleanup
        
      } // End of TC_SEC_PKI_ITSS_ENR_BV_02
      
      group f_TC_SEC_PKI_ITSS_ENR_BV_02 {
        
        function f_TC_SEC_PKI_ITSS_ENR_BV_02_itss(
                                                  in charstring p_certificate_id,
                                                  in octetstring p_private_key,
                                                  in octetstring p_publicKeyCompressed,
                                                  in integer p_compressedMode
                                                  ) runs on ItsPkiItss /*system ItsPkiItssSystem*/ {
          // Local variables
          
          // Test component configuration
          f_cfUp_itss();
          
          // Test adapter configuration
          
          // Preamble
          f_sendUtTriggerPrimitive(PICS_ITS_S_CANONICAL_ID, '00'O, p_private_key, p_publicKeyCompressed, p_compressedMode);
          f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
          
          // Test Body
          f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
          
          // Postamble
          f_cfDown_itss();
        } // End of function f_TC_SEC_PKI_ITSS_ENR_BV_02_itss
        
        function f_TC_SEC_PKI_ITSS_ENR_BV_02_pki(
                                                 in charstring p_certificate_id,
                                                 in octetstring p_private_key,
                                                 in octetstring p_publicKeyCompressed,
                                                 in integer p_compressedMode
Yann Garcia's avatar
Yann Garcia committed
                                                 ) runs on ItsPkiHttp /*system ItsPkiHttpSystem*/ {
          // Local variable
          var HttpMessage v_response;
          var EtsiTs102941Data v_etsi_ts_102941_data;
          var InnerEcRequest v_inner_ec_request;
          
          // Test component configuration
          f_cfHttpUp();
          
          // Test adapter configuration
          
          // Preamble
          f_selfOrClientSyncAndVerdictTestBody(c_prDone, e_success);
          
          // Test Body
          tc_ac.start;
          alt {
            [] httpPort.receive(
                                mw_http_response(
                                                 mw_http_response_ok(
                                                                     mw_http_message_body_binary(
                                                                                                 mw_binary_body_ieee1609dot2_data(
                                                                                                                                  mw_enrolmentRequestMessage(
                                                                                                                                                             mw_encryptedData(
                                                                                                                                                                              -,
                                                                                                                                                                              mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                              ))))))) -> value v_response {
              tc_ac.stop;
              
              /*if (f_verify_pki_message(vc_eaPrivateEncKey, int2oct(0, 32), vc_eaCertificate, v_response.response.body.binary_body.ieee1609dot2_data, false, v_etsi_ts_102941_data) == false) {
                log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
              } else {
                log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***");
                log("*** " & testcasename() & ": DEBUG: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentRequest(mw_innerEcRequestSignedForPop(mw_signedData))), " ***"); // TODO In TITAN, this is the only way to get the unmatching in log
                if (match(v_etsi_ts_102941_data.content, mw_enrolmentRequest(mw_innerEcRequestSignedForPop(mw_signedData)))) {
                  // TODO Verify signature of mw_innerEcRequestSignedForPop
                  log("*** " & testcasename() & ": PASS: InnerEcRequestSignedForPop received ***");
                  f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                } else {
                  log("*** " & testcasename() & ": FAIL: Unexpected message received ***");
                  f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                }
            }
            [] tc_ac.timeout {
              log("*** " & testcasename() & ": INCONC: Expected message not received ***");
              f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
            }
          } // End of 'alt' statement
          
          // Postamble
          f_cfHttpDown();
        } // End of function f_TC_SEC_PKI_ITSS_ENR_BV_02_pki
      } // End of f_TC_SEC_PKI_ITSS_ENR_BV_02
      
garciay's avatar
garciay committed
    } // End of group itss_manufacturing
    
  } // End of group itss_behavior
garciay's avatar
garciay committed
  group ea_behavior {
garciay's avatar
garciay committed

    group enrolment_request_handling {
garciay's avatar
garciay committed
      /**
Yann Garcia's avatar
Yann Garcia committed
       * @desc The EnrolmentResponse message shall be sent by the EA to the  ITS-S across the interface at reference point S3 in response 
garciay's avatar
garciay committed
       *       to a received EnrolmentRequest message.
       * <pre>
garciay's avatar
garciay committed
       * Pics Selection: PICS_IUT_EA_ROLE
garciay's avatar
garciay committed
       * Initial conditions: 
       *     with {
       *         the IUT being in the "operational state"
       *     }
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives an EnrolmentRequestMessage across the interface at the reference point S3
       *         }
       *         then {
       *             the IUT answers with an EnrolmentResponseMessage across the interface at reference point S3
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS ITS-00546v006 TP 20
       * @reference ETSI TS 102 941, clause 6.2.3.2.2
       */
Yann Garcia's avatar
Yann Garcia committed
      testcase TC_SEC_PKI_SND_EA_BV_01() runs on ItsPkiHttp system ItsPkiHttpSystem {
garciay's avatar
garciay committed
        // Local variables
        var Oct32 v_private_key;
        var Oct32 v_publicKeyCompressed;
        var integer v_compressedMode;
        var Oct32 v_request_hash;
Yann Garcia's avatar
Yann Garcia committed
        var Oct16 v_encrypted_sym_key;
        var Oct16 v_aes_sym_key;
        var Oct16 v_authentication_vector;
        var Oct12 v_nonce;
        var octetstring v_salt;
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
        var HeaderLines v_headers;
        var HttpMessage v_response;
        var EtsiTs102941Data v_etsi_ts_102941_data;
garciay's avatar
garciay committed
        
        // Test control
        if (not PICS_IUT_EA_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
Yann Garcia's avatar
Yann Garcia committed
        }
garciay's avatar
garciay committed
        
        // Test component configuration
        f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID);
garciay's avatar
garciay committed
        
        // Test adapter configuration
        
        // Preamble
        f_http_build_inner_ec_request(v_private_key, v_publicKeyCompressed, v_compressedMode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
        f_init_default_headers_list(-, "inner_ec_request", v_headers);
garciay's avatar
garciay committed
        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
        
        // Test Body
Yann Garcia's avatar
Yann Garcia committed
        httpPort.send(
                      m_http_request(
                                     m_http_request_post(
                                                         PICS_HTTP_POST_URI,
Yann Garcia's avatar
Yann Garcia committed
                                                         v_headers,
                                                         m_http_message_body_binary(
                                                                                    m_binary_body_ieee1609dot2_data(
                                                                                                                    v_ieee1609dot2_signed_and_encrypted_data
                                                                                                                    )))));
garciay's avatar
garciay committed
        tc_ac.start;
        alt {
Yann Garcia's avatar
Yann Garcia committed
          [] httpPort.receive(
                              mw_http_response(
                                               mw_http_response_ok(
                                                                   mw_http_message_body_binary(
                                                                                               mw_binary_body_ieee1609dot2_data(
                                                                                                                                mw_enrolmentResponseMessage(
                                                                                                                                                            mw_encryptedData(
                                                                                                                                                                             -,
                                                                                                                                                                             mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                             ))))))) -> value v_response {
garciay's avatar
garciay committed
            tc_ac.stop;
Yann Garcia's avatar
Yann Garcia committed

            if (f_verify_pki_message(v_private_key, v_aes_sym_key, v_authentication_vector, vc_eaWholeHash, vc_eaCertificate, v_response.response.body.binary_body.ieee1609dot2_data, false, v_etsi_ts_102941_data) == false) {
              log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***");
              f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
            } else {
              log("*** " & testcasename() & ": PASS: InnerEcResponse received ***");
              f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
            }
          }
          [] httpPort.receive(
                              mw_http_response(
                                               mw_http_response_ko
                                               )) {
            tc_ac.stop;
            
            log("*** " & testcasename() & ": FAIL: Unexpected message received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
garciay's avatar
garciay committed
          }
          [] tc_ac.timeout {
            log("*** " & testcasename() & ": INCONC: Expected message not received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
          }
        } // End of 'alt' statement
garciay's avatar
garciay committed
        // Postamble
Yann Garcia's avatar
Yann Garcia committed
        f_cfHttpDown();
garciay's avatar
garciay committed
      } // End of testcase TC_SEC_PKI_SND_EA_BV_01
garciay's avatar
garciay committed
    } // End of group enrolment_request_handling
garciay's avatar
garciay committed
    group enrolment_response {
      
      /**
       * @desc The EnrolmentResponse message shall be encrypted using an ETSI TS 103 097 approved 
       *       algorithm and the encryption shall be done with the same AES key as the one used 
       *       by the ITS-S requestor for the encryption of the EnrolmentRequest message
       * <pre>
garciay's avatar
garciay committed
       * Pics Selection: PICS_IUT_EA_ROLE
garciay's avatar
garciay committed
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives an EnrolmentRequestMessage
       *                 containing encKey
       *                     containing an encrypted AES key (SYMKEY)
       *         }
       *         then {
       *             the IUT answers with an EnrolmentResponseMessage
       *                 containing cipherTex
       *                     being encrypted
       *                         using SYMKEY
       *                         and using an ETSI TS 103 097 approved algorithm
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS ITS-00546v006 TP 22
       * @reference ETSI TS 102 941, clause 6.2.3.2.2
       */
      testcase TC_SEC_PKI_SND_EA_BV_02() runs on ItsPkiHttp system ItsPkiHttpSystem {
        // Local variables
        var Oct32 v_private_key;
        var Oct32 v_publicKeyCompressed;
        var integer v_compressedMode;
        var Oct32 v_request_hash;
        var Oct16 v_encrypted_sym_key;
        var Oct16 v_aes_sym_key;
        var Oct16 v_authentication_vector;
        var Oct12 v_nonce;
        var octetstring v_salt;
garciay's avatar
garciay committed
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
        var HeaderLines v_headers;
        var HttpMessage v_response;
        var EtsiTs102941Data v_etsi_ts_102941_data;
garciay's avatar
garciay committed
        // Test control
        if (not PICS_IUT_EA_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
garciay's avatar
garciay committed
        // Test component configuration
        f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID);
garciay's avatar
garciay committed
        // Test adapter configuration
garciay's avatar
garciay committed
        // Preamble
        f_http_build_inner_ec_request(v_private_key, v_publicKeyCompressed, v_compressedMode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
        f_init_default_headers_list(-, "inner_ec_request", v_headers);
garciay's avatar
garciay committed
        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
garciay's avatar
garciay committed
        // Test Body
        httpPort.send(
                      m_http_request(
garciay's avatar
garciay committed
                                     m_http_request_post(
                                                         PICS_HTTP_POST_URI,
garciay's avatar
garciay committed
                                                         v_headers,
                                                         m_http_message_body_binary(
                                                                                    m_binary_body_ieee1609dot2_data(
                                                                                                                    v_ieee1609dot2_signed_and_encrypted_data
                                                                                                                    )))));
garciay's avatar
garciay committed
        tc_ac.start;
        alt {
          [] httpPort.receive(
                              mw_http_response(
                                               mw_http_response_ok(
                                                                   mw_http_message_body_binary(
                                                                                               mw_binary_body_ieee1609dot2_data(
                                                                                                                                mw_enrolmentResponseMessage(
                                                                                                                                                            mw_encryptedData(
                                                                                                                                                                             -,
                                                                                                                                                                             mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                             ))))))) -> value v_response {
            tc_ac.stop;
Yann Garcia's avatar
Yann Garcia committed
            if (f_verify_pki_message(v_private_key, v_aes_sym_key, v_authentication_vector, vc_eaWholeHash, vc_eaCertificate, v_response.response.body.binary_body.ieee1609dot2_data, false, v_etsi_ts_102941_data) == false) {
garciay's avatar
garciay committed
              log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***");
              f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
            } else {
garciay's avatar
garciay committed
              log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***");
              log("*** " & testcasename() & ": DEBUG: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16)))), " ***"); // TODO In TITAN, this is the only way to get the unmatching in log
              if (match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16))))) {
garciay's avatar
garciay committed
                log("*** " & testcasename() & ": PASS: InnerEcResponse received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
              } else {
                log("*** " & testcasename() & ": FAIL: Unexpected message received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
garciay's avatar
garciay committed
              }
garciay's avatar
garciay committed
          [] httpPort.receive(
                              mw_http_response(
                                               mw_http_response_ko
                                               )) {
            tc_ac.stop;
            
            log("*** " & testcasename() & ": FAIL: Unexpected message received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
          }
garciay's avatar
garciay committed
          [] tc_ac.timeout {
            log("*** " & testcasename() & ": INCONC: Expected message not received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
          }
        } // End of 'alt' statement
garciay's avatar
garciay committed
        // Postamble
        f_cfHttpDown();
garciay's avatar
garciay committed
      } // End of testcase TC_SEC_PKI_SND_EA_BV_02
garciay's avatar
garciay committed
      /**
       * @desc The outermost structure is an EtsiTs103097Data-Encrypted structure containing 
       *       the component recipients containing one instance of RecipientInfo of choice 
       *       pskRecipInfo, which contains the HashedId8 of the symmetric key used by the 
       *       ITS-S to encrypt the EnrolmentRequest message to which the response is built 
       *       and containing the component ciphertext, once decrypted, contains an 
       *       EtsiTs103097Data-Signed structure
       * <pre>
garciay's avatar
garciay committed
       * Pics Selection: PICS_IUT_EA_ROLE
garciay's avatar
garciay committed
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives an EnrolmentRequestMessage
       *         }
       *         then {
       *             the IUT sends an EtsiTs103097Data-Encrypted structure
       *                 containing recipients
       *                     containing one instance of RecipientInfo of choice pskRecipInfo
       *                         containing the HashedId8 of the symmetric key used to encrypt the EnrolmentRequestMessage
       *                 and containing cipherText
       *                     being an encrypted EtsiTs103097Data-Signed structure
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS ITS-00546v006 TP 24
       * @reference ETSI TS 102 941, clause 6.2.3.2.2
       */
      testcase TC_SEC_PKI_SND_EA_BV_03() runs on ItsPkiHttp system ItsPkiHttpSystem {
        // Local variables
        var Oct32 v_private_key;
        var Oct32 v_publicKeyCompressed;
        var integer v_compressedMode;
        var Oct32 v_request_hash;
garciay's avatar
garciay committed
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
        var Oct16 v_aes_sym_key;
        var Oct16 v_encrypted_sym_key;
        var Oct16 v_authentication_vector;
        var Oct12 v_nonce;
        var octetstring v_salt;
garciay's avatar
garciay committed
        var HeaderLines v_headers;
        var HttpMessage v_response;
        var EtsiTs102941Data v_etsi_ts_102941_data;
garciay's avatar
garciay committed
        // Test control
        if (not PICS_IUT_EA_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
garciay's avatar
garciay committed
        // Test component configuration
        f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID);
garciay's avatar
garciay committed
        // Test adapter configuration
garciay's avatar
garciay committed
        // Preamble
        f_http_build_inner_ec_request(v_private_key, v_publicKeyCompressed, v_compressedMode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
        f_init_default_headers_list(-, "inner_ec_request", v_headers);
garciay's avatar
garciay committed
        httpPort.send(
                      m_http_request(
garciay's avatar
garciay committed
                                     m_http_request_post(
                                                         PICS_HTTP_POST_URI,
garciay's avatar
garciay committed
                                                         v_headers,
                                                         m_http_message_body_binary(
                                                                                    m_binary_body_ieee1609dot2_data(
                                                                                                                    v_ieee1609dot2_signed_and_encrypted_data
                                                                                                                    )))));
garciay's avatar
garciay committed
        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
garciay's avatar
garciay committed
        // Test Body
        tc_ac.start;
        alt {
          [] httpPort.receive(
                              mw_http_response(
                                               mw_http_response_ok(
                                                                   mw_http_message_body_binary(
                                                                                               mw_binary_body_ieee1609dot2_data(
                                                                                                                                mw_enrolmentResponseMessage(
                                                                                                                                                            mw_encryptedData(
                                                                                                                                                                             -,
                                                                                                                                                                             mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                             ))))))) -> value v_response {
            tc_ac.stop;
            if (f_verify_pki_message(v_private_key, v_aes_sym_key, v_authentication_vector, vc_eaWholeHash, vc_eaCertificate, v_response.response.body.binary_body.ieee1609dot2_data, true, v_etsi_ts_102941_data) == false) {
garciay's avatar
garciay committed
              log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***");
              f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
            } else {
garciay's avatar
garciay committed
              log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***");
              log("*** " & testcasename() & ": DEBUG: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16)))), " ***"); // TODO In TITAN, this is the only way to get the unmatching in log
              if (match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16))))) {
garciay's avatar
garciay committed
                log("*** " & testcasename() & ": PASS: InnerEcResponse received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
              } else {
                log("*** " & testcasename() & ": FAIL: Unexpected message received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
garciay's avatar
garciay committed
              }
          [] tc_ac.timeout {
            log("*** " & testcasename() & ": INCONC: Expected message not received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
          }
        } // End of 'alt' statement
        
        // Postamble
        f_cfHttpDown();
        
      } // End of testcase TC_SEC_PKI_SND_EA_BV_03
      /**
       * @desc If the ITS-S has been able to decrypt the content, this expected EtsiTs103097Data-Signed structure shall 
       *       contain hashId, tbsData, signer and signature. The hashId shall indicate the hash algorithm to be used as 
       *       specified in ETSI TS 103 097, the signer shall be declared as a digest, containing the HashedId8 of the 
       *       EA certificate and the signature over tbsData shall be computed using the EA private key corresponding to 
       *       its publicVerificationKey found in the referenced EA certificate.
       * <pre>
garciay's avatar
garciay committed
       * Pics Selection: PICS_IUT_EA_ROLE
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives an EnrolmentRequestMessage
       *         }
       *         then {
       *             the IUT sends an EtsiTs103097Data-Encrypted structure
       *                 containing an encrypted EtsiTs103097Data-Signed structure
       *                     containing hashId
       *                        indicating the hash algorithm to be used as specified in ETSI TS 103 097
       *                     and containing tbsData
       *                     and containing signer
       *                         declared as a digest
       *                             containing the HashedId8 of the EA certificate
       *                     and containing signature
       *                         computed over tbsData
       *                             using the EA private key
       *                                 corresponding to the publicVerificationKey found in the referenced EA certificate
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS ITS-00546v006 TP 25
       * @reference ETSI TS 102 941, clause 6.2.3.2.2
       */
      testcase TC_SEC_PKI_SND_EA_BV_04() runs on ItsPkiHttp system ItsPkiHttpSystem {
        // Local variables
        var Oct32 v_private_key;
        var Oct32 v_publicKeyCompressed;
        var integer v_compressedMode;
        var Oct32 v_request_hash;
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
        var Oct16 v_aes_sym_key;
        var Oct16 v_encrypted_sym_key;
        var Oct16 v_authentication_vector;
        var Oct12 v_nonce;
        var octetstring v_salt;
        var HeaderLines v_headers;
        var HttpMessage v_response;
        var EtsiTs102941Data v_etsi_ts_102941_data;
      
        // Test control
        if (not PICS_IUT_EA_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID);
        
        // Test adapter configuration
        
        // Preamble
        f_http_build_inner_ec_request(v_private_key, v_publicKeyCompressed, v_compressedMode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
        f_init_default_headers_list(-, "inner_ec_request", v_headers);
        httpPort.send(
                      m_http_request(
garciay's avatar
garciay committed
                                     m_http_request_post(
                                                         PICS_HTTP_POST_URI,
garciay's avatar
garciay committed
                                                         v_headers,
                                                         m_http_message_body_binary(
                                                                                    m_binary_body_ieee1609dot2_data(
                                                                                                                    v_ieee1609dot2_signed_and_encrypted_data
                                                                                                                    )))));
        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
        
        // Test Body
        tc_ac.start;
        alt {
          [] httpPort.receive(
garciay's avatar
garciay committed
                              mw_http_response(
                                               mw_http_response_ok(
                                                                   mw_http_message_body_binary(
                                                                                               mw_binary_body_ieee1609dot2_data(
                                                                                                                                mw_enrolmentResponseMessage(
                                                                                                                                                            mw_encryptedData(
                                                                                                                                                                             -,
                                                                                                                                                                             mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                             ))))))) -> value v_response {
garciay's avatar
garciay committed
            tc_ac.stop;
            if (f_verify_pki_message(v_private_key, v_aes_sym_key, v_authentication_vector, vc_eaWholeHash, vc_eaCertificate, v_response.response.body.binary_body.ieee1609dot2_data, true, v_etsi_ts_102941_data) == false) {
              log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***");
              f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
            } else {
              log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***");
              log("*** " & testcasename() & ": DEBUG: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16)))), " ***"); // TODO In TITAN, this is the only way to get the unmatching in log
              if (match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16))))) {
                if (f_verify_ea_certificate(v_etsi_ts_102941_data.content.enrolmentResponse.certificate, v_publicKeyCompressed, v_compressedMode)) {
                  log("*** " & testcasename() & ": PASS: Well-secured EA certificate received ***");
                  f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                } else {
                  log("*** " & testcasename() & ": FAIL: Cannot verify EA certificate signature ***");
                  f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                }
              } else {
                log("*** " & testcasename() & ": FAIL: Unexpected message received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
              }
          }
          [] tc_ac.timeout {
            log("*** " & testcasename() & ": INCONC: Expected message not received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
garciay's avatar
garciay committed
          }
        } // End of 'alt' statement
        
        // Postamble
        f_cfHttpDown();
        
      } // End of testcase TC_SEC_PKI_SND_EA_BV_04
      
      /**
       * @desc Within the headerInfo of the tbsData, the psid shall be set to “secured certificate request” as assigned in 
       *       ETSI TS 102 965 and the generationTime shall be present.
       * <pre>
garciay's avatar
garciay committed
       * Pics Selection: PICS_IUT_EA_ROLE
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives an EnrolmentRequestMessage
       *         }
       *         then {
       *             the IUT sends an EtsiTs103097Data-Encrypted structure
       *                 containing an encrypted EtsiTs103097Data-Signed structure
       *                     containing tbsData
       *                         containing headerInfo
       *                             containing psid
       *                                 indicating AID_CERT_REQ
       *                             and containing generationTime
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS ITS-00546v006 TP 26
       * @reference ETSI TS 102 941, clause 6.2.3.2.2
       */
      testcase TC_SEC_PKI_SND_EA_BV_05() runs on ItsPkiHttp system ItsPkiHttpSystem {
        // Local variables
        var Oct32 v_private_key;
        var Oct32 v_publicKeyCompressed;
        var integer v_compressedMode;
        var Oct32 v_request_hash;
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
        var Oct16 v_aes_sym_key;
        var Oct16 v_encrypted_sym_key;
        var Oct16 v_authentication_vector;
        var Oct12 v_nonce;
        var octetstring v_salt;
        var HeaderLines v_headers;
        var HttpMessage v_response;
        var EtsiTs102941Data v_etsi_ts_102941_data;
        
        // Test control
        if (not PICS_IUT_EA_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID);
        
        // Test adapter configuration
        
        // Preamble
        f_http_build_inner_ec_request(v_private_key, v_publicKeyCompressed, v_compressedMode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
        f_init_default_headers_list(-, "inner_ec_request", v_headers);
        httpPort.send(
                      m_http_request(
garciay's avatar
garciay committed
                                     m_http_request_post(
                                                        PICS_HTTP_POST_URI,
                                                        v_headers,
                                                        m_http_message_body_binary(
                                                                                   m_binary_body_ieee1609dot2_data(
                                                                                                                   v_ieee1609dot2_signed_and_encrypted_data
                                                                                                                   )))));
        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
        
        // Test Body
        tc_ac.start;
        alt {
          [] httpPort.receive(
                              mw_http_response(
                                               mw_http_response_ok(
                                                                   mw_http_message_body_binary(
                                                                                               mw_binary_body_ieee1609dot2_data(
                                                                                                                                mw_enrolmentResponseMessage(
                                                                                                                                                            mw_encryptedData(
                                                                                                                                                                             -,
                                                                                                                                                                             mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                             ))))))) -> value v_response {
garciay's avatar
garciay committed
            tc_ac.stop;
            if (f_verify_pki_message(v_private_key, v_aes_sym_key, v_authentication_vector, vc_eaWholeHash, vc_eaCertificate, v_response.response.body.binary_body.ieee1609dot2_data, true, v_etsi_ts_102941_data) == false) {
              log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***");
              f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
            } else {
              log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***");
              log("*** " & testcasename() & ": DEBUG: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16)))), " ***"); // TODO In TITAN, this is the only way to get the unmatching in log
              if (match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16))))) {
                if (f_verify_ea_certificate(v_etsi_ts_102941_data.content.enrolmentResponse.certificate, v_publicKeyCompressed, v_compressedMode)) {
                  log("*** " & testcasename() & ": PASS: Well-secured EA certificate received ***");
                  f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                } else {
                  log("*** " & testcasename() & ": FAIL: Cannot verify EA certificate signature ***");
                  f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                }
              } else {
                log("*** " & testcasename() & ": FAIL: Unexpected message received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
              }
garciay's avatar
garciay committed
          }
          [] tc_ac.timeout {
            log("*** " & testcasename() & ": INCONC: Expected message not received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
          }
        } // End of 'alt' statement
        
        // Postamble
        f_cfHttpDown();
        
      } // End of testcase TC_SEC_PKI_SND_EA_BV_05
      
      /**
       * @desc Within the headerInfo of the tbsData, aside from psid and generationTime, 
       *       all other components of the component tbsData.headerInfo not used and absent.
       * <pre>
garciay's avatar
garciay committed
       * Pics Selection: PICS_IUT_EA_ROLE
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives an EnrolmentRequestMessage
       *         }
       *         then {
       *             the IUT sends an EtsiTs103097Data-Encrypted structure
       *                 containing an encrypted EtsiTs103097Data-Signed structure
       *                     containing tbsData
       *                         containing headerInfo
       *                             containing psid
       *                             and containing generationTime
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS ITS-00546v006 TP 27
       * @reference ETSI TS 102 941, clause 6.2.3.2.2
       */
      testcase TC_SEC_PKI_SND_EA_BV_06() runs on ItsPkiHttp system ItsPkiHttpSystem {
        // Local variables
        var Oct32 v_private_key;
        var Oct32 v_publicKeyCompressed;
        var integer v_compressedMode;
        var Oct32 v_request_hash;
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
        var Oct16 v_aes_sym_key;
        var Oct16 v_encrypted_sym_key;
        var Oct16 v_authentication_vector;
        var Oct12 v_nonce;
        var octetstring v_salt;
        var HeaderLines v_headers;
        var HttpMessage v_response;
        var EtsiTs102941Data v_etsi_ts_102941_data;
      
        // Test control
        if (not PICS_IUT_EA_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID);
        
        // Test adapter configuration
        
        // Preamble
        f_http_build_inner_ec_request(v_private_key, v_publicKeyCompressed, v_compressedMode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
        f_init_default_headers_list(-, "inner_ec_request", v_headers);
        httpPort.send(
                      m_http_request(
garciay's avatar
garciay committed
                                     m_http_request_post(
                                                        PICS_HTTP_POST_URI,
                                                        v_headers,
                                                        m_http_message_body_binary(
                                                                                   m_binary_body_ieee1609dot2_data(
                                                                                                                   v_ieee1609dot2_signed_and_encrypted_data
                                                                                                                   )))));
        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
        
        // Test Body
        tc_ac.start;
        alt {
          [] httpPort.receive(
                              mw_http_response(
                                               mw_http_response_ok(
                                                                   mw_http_message_body_binary(
                                                                                               mw_binary_body_ieee1609dot2_data(
                                                                                                                                mw_enrolmentResponseMessage(
                                                                                                                                                            mw_encryptedData(
                                                                                                                                                                             -,
                                                                                                                                                                             mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                             ))))))) -> value v_response {
            tc_ac.stop;
            
            if (f_verify_pki_message(v_private_key, v_aes_sym_key, v_authentication_vector, vc_eaWholeHash, vc_eaCertificate, v_response.response.body.binary_body.ieee1609dot2_data, true, v_etsi_ts_102941_data) == false) {
              log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***");
              f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
            } else {
              log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***");
              log("*** " & testcasename() & ": DEBUG: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16)))), " ***"); // TODO In TITAN, this is the only way to get the unmatching in log
              if (match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16))))) {
                if (f_verify_ea_certificate(v_etsi_ts_102941_data.content.enrolmentResponse.certificate, v_publicKeyCompressed, v_compressedMode)) {
                  log("*** " & testcasename() & ": PASS: Well-secured EA certificate received ***");
                  f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                } else {
                  log("*** " & testcasename() & ": FAIL: Cannot verify EA certificate signature ***");
                  f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                }
              } else {
                log("*** " & testcasename() & ": FAIL: Unexpected message received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
              }
          }
          [] tc_ac.timeout {
            log("*** " & testcasename() & ": INCONC: Expected message not received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
          }
        } // End of 'alt' statement
        
        // Postamble
        f_cfHttpDown();
        
      } // End of testcase TC_SEC_PKI_SND_EA_BV_06
      
      /**
       * @desc The EtsiTS102941Data shall contain the version set to v1 (integer value set to 1) 
       *       and the content set to InnerECResponse.
       * <pre>
garciay's avatar
garciay committed
       * Pics Selection: PICS_IUT_EA_ROLE
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives an EnrolmentRequestMessage
       *         }
       *         then {
       *             the IUT sends an EtsiTs103097Data-Encrypted structure
       *                 containing an encrypted EtsiTs103097Data-Signed structure
       *                     containing tbsData
       *                         containing EtsiTS102941Data
       *                             containing version
       *                                 indicating v1 (integer value set to 1)
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS ITS-00546v006 TP 28
       * @reference ETSI TS 102 941, clause 6.2.3.2.2
       */
      testcase TC_SEC_PKI_SND_EA_BV_07() runs on ItsPkiHttp system ItsPkiHttpSystem {
        // Local variables
        var Oct32 v_private_key;
        var Oct32 v_publicKeyCompressed;
        var integer v_compressedMode;
        var Oct32 v_request_hash;
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
        var Oct16 v_aes_sym_key;
        var Oct16 v_encrypted_sym_key;
        var Oct16 v_authentication_vector;
        var Oct12 v_nonce;
        var octetstring v_salt;
        var HeaderLines v_headers;
        var HttpMessage v_response;
        var EtsiTs102941Data v_etsi_ts_102941_data;
        
        // Test control
        if (not PICS_IUT_EA_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID);
        
        // Test adapter configuration
        
        // Preamble
        f_http_build_inner_ec_request(v_private_key, v_publicKeyCompressed, v_compressedMode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
        f_init_default_headers_list(-, "inner_ec_request", v_headers);
        httpPort.send(
                      m_http_request(
garciay's avatar
garciay committed
                                     m_http_request_post(
                                                        PICS_HTTP_POST_URI,
                                                        v_headers,
                                                        m_http_message_body_binary(
                                                                                   m_binary_body_ieee1609dot2_data(
                                                                                                                   v_ieee1609dot2_signed_and_encrypted_data
                                                                                                                   )))));
        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
        
        // Test Body
        tc_ac.start;
        alt {
          [] httpPort.receive(
                              mw_http_response(
                                               mw_http_response_ok(
                                                                   mw_http_message_body_binary(
                                                                                               mw_binary_body_ieee1609dot2_data(
                                                                                                                                mw_enrolmentResponseMessage(
                                                                                                                                                            mw_encryptedData(
                                                                                                                                                                             -,
                                                                                                                                                                             mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                             ))))))) -> value v_response {
            tc_ac.stop;
            
            if (f_verify_pki_message(v_private_key, v_aes_sym_key, v_authentication_vector, vc_eaWholeHash, vc_eaCertificate, v_response.response.body.binary_body.ieee1609dot2_data, true, v_etsi_ts_102941_data) == false) {
              log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***");
              f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
            } else {
              log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***");
              log("*** " & testcasename() & ": DEBUG: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16)))), " ***"); // TODO In TITAN, this is the only way to get the unmatching in log
              if (match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16))))) {
                log("*** " & testcasename() & ": PASS: Well-secured EA certificate received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
              } else {
                log("*** " & testcasename() & ": FAIL: Unexpected message received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
              }
          }
          [] tc_ac.timeout {
            log("*** " & testcasename() & ": INCONC: Expected message not received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
          }
        } // End of 'alt' statement
        
        // Postamble
        f_cfHttpDown();
        
      } // End of testcase TC_SEC_PKI_SND_EA_BV_07
      
      /**
       * @desc The InnerECResponse shall contain the requestHash, which is the left-most 16 octets of the SHA256 digest of the 
       *       EtsiTs103097Data - Signed structure received in the request and a responseCode indicating the result of the request.
       * <pre>
garciay's avatar
garciay committed
       * Pics Selection: PICS_IUT_EA_ROLE
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives an EnrolmentRequestMessage
       *         }
       *         then {
       *             the IUT sends an EtsiTs103097Data-Encrypted structure
       *                 containing an encrypted EtsiTs103097Data-Signed structure
       *                     containing tbsData
       *                         containing EtsiTS102941Data
       *                             containing requestHash
       *                                 indicating the left-most 16 octets of the SHA256 digest of the EtsiTs103097Data-Signed structure received in the request
       *                             and containing responseCode
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS ITS-00546v006 TP 29
       * @reference ETSI TS 102 941, clause 6.2.3.2.2
       */
      testcase TC_SEC_PKI_SND_EA_BV_08() runs on ItsPkiHttp system ItsPkiHttpSystem {
        // Local variables
        var Oct32 v_private_key;
        var Oct32 v_publicKeyCompressed;
        var integer v_compressedMode;
        var Oct32 v_request_hash;
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
        var Oct16 v_aes_sym_key;
        var Oct16 v_encrypted_sym_key;
        var Oct16 v_authentication_vector;
        var Oct12 v_nonce;
        var octetstring v_salt;
        var HeaderLines v_headers;
        var HttpMessage v_response;
        var EtsiTs102941Data v_etsi_ts_102941_data;
        
        // Test control
        if (not PICS_IUT_EA_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID);
        
        // Test adapter configuration
        
        // Preamble
        f_http_build_inner_ec_request(v_private_key, v_publicKeyCompressed, v_compressedMode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
        f_init_default_headers_list(-, "inner_ec_request", v_headers);
        httpPort.send(
                      m_http_request(
garciay's avatar
garciay committed
                                     m_http_request_post(
                                                        PICS_HTTP_POST_URI,
                                                        v_headers,
                                                        m_http_message_body_binary(
                                                                                   m_binary_body_ieee1609dot2_data(
                                                                                                                   v_ieee1609dot2_signed_and_encrypted_data
                                                                                                                   )))));
        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
        
        // Test Body
        tc_ac.start;
        alt {
          [] httpPort.receive(
                              mw_http_response(
                                               mw_http_response_ok(
                                                                   mw_http_message_body_binary(
                                                                                               mw_binary_body_ieee1609dot2_data(
                                                                                                                                mw_enrolmentResponseMessage(
                                                                                                                                                            mw_encryptedData(
                                                                                                                                                                             -,
                                                                                                                                                                             mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                             ))))))) -> value v_response {
            tc_ac.stop;
            
            if (f_verify_pki_message(v_private_key, v_aes_sym_key, v_authentication_vector, vc_eaWholeHash, vc_eaCertificate, v_response.response.body.binary_body.ieee1609dot2_data, true, v_etsi_ts_102941_data) == false) {
              log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***");
              f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
            } else {
              log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***");
              log("*** " & testcasename() & ": DEBUG: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16)))), " ***"); // TODO In TITAN, this is the only way to get the unmatching in log
              if (match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16))))) {
                log("*** " & testcasename() & ": PASS: Well-secured EA certificate received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
              } else {
                log("*** " & testcasename() & ": FAIL: Unexpected message received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
              }
          }
          [] tc_ac.timeout {
            log("*** " & testcasename() & ": INCONC: Expected message not received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
          }
        } // End of 'alt' statement
        
        // Postamble
        f_cfHttpDown();
        
      } // End of testcase TC_SEC_PKI_SND_EA_BV_08
      
      /**
       * @desc If the responseCode is 0, the InnerECResponse shall also contain an (enrolment) certificate.
       * <pre>
garciay's avatar
garciay committed
       * Pics Selection: PICS_IUT_EA_ROLE
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives an EnrolmentRequestMessage
       *         }
       *         then {
       *             the IUT sends an EtsiTs103097Data-Encrypted structure
       *                 containing an encrypted EtsiTs103097Data-Signed structure
       *                     containing tbsData
       *                         containing EtsiTS102941Data
       *                             containing InnerECResponse
       *                                 containing an enrolment certificate
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS ITS-00546v006 TP 30
       * @reference ETSI TS 102 941, clause 6.2.3.2.2
       */
      testcase TC_SEC_PKI_SND_EA_BV_09() runs on ItsPkiHttp system ItsPkiHttpSystem {
        // Local variables
        var Oct32 v_private_key;
        var Oct32 v_publicKeyCompressed;
        var integer v_compressedMode;
        var Oct32 v_request_hash;
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
        var Oct16 v_aes_sym_key;
        var Oct16 v_encrypted_sym_key;
        var Oct16 v_authentication_vector;
        var Oct12 v_nonce;
        var octetstring v_salt;
        var HeaderLines v_headers;
        var HttpMessage v_response;
        var EtsiTs102941Data v_etsi_ts_102941_data;
        
        // Test control
        if (not PICS_IUT_EA_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID);
        
        // Test adapter configuration
        
        // Preamble
        f_http_build_inner_ec_request(v_private_key, v_publicKeyCompressed, v_compressedMode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
        f_init_default_headers_list(-, "inner_ec_request", v_headers);
        httpPort.send(
                      m_http_request(
garciay's avatar
garciay committed
                                     m_http_request_post(
                                                        PICS_HTTP_POST_URI,
                                                        v_headers,
                                                        m_http_message_body_binary(
                                                                                   m_binary_body_ieee1609dot2_data(
                                                                                                                   v_ieee1609dot2_signed_and_encrypted_data
                                                                                                                   )))));
        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
        
        // Test Body
        tc_ac.start;
        alt {
          [] httpPort.receive(
                              mw_http_response(
                                               mw_http_response_ok(
                                                                   mw_http_message_body_binary(
                                                                                               mw_binary_body_ieee1609dot2_data(
                                                                                                                                mw_enrolmentResponseMessage(
                                                                                                                                                            mw_encryptedData(
                                                                                                                                                                             { mw_recipientInfo_pskRecipInfo },
                                                                                                                                                                             mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                             ))))))) -> value v_response {
            tc_ac.stop;
            
            if (f_verify_pki_message(v_private_key, v_aes_sym_key, v_authentication_vector, vc_eaWholeHash, vc_eaCertificate, v_response.response.body.binary_body.ieee1609dot2_data, true, v_etsi_ts_102941_data) == false) {
              log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***");
              f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
            } else {
              log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***");
              log("*** " & testcasename() & ": DEBUG: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16), mw_etsiTs103097Certificate(mw_issuerIdentifier_self, mw_toBeSignedCertificate_ea, mw_signature_ecdsaNistP256)))), " ***"); // TODO In TITAN, this is the only way to get the unmatching in log
              if (match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16), mw_etsiTs103097Certificate(mw_issuerIdentifier_self, mw_toBeSignedCertificate_ea, mw_signature_ecdsaNistP256))))) { // TODO Refine mw_signature_ecdsaNistP256
                log("*** " & testcasename() & ": PASS: Well-secured EC certificate received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
              } else {
                log("*** " & testcasename() & ": FAIL: Unexpected message received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
              }
          }
          [] tc_ac.timeout {
            log("*** " & testcasename() & ": INCONC: Expected message not received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
          }
        } // End of 'alt' statement
        
        // Postamble
        f_cfHttpDown();
        
      } // End of testcase TC_SEC_PKI_SND_EA_BV_09
      
      /**
       * @desc If the responseCode is 0, the InnerECResponse shall also contain an (enrolment) certificate.
       * <pre>
garciay's avatar
garciay committed
       * Pics Selection: PICS_IUT_EA_ROLE
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives an EnrolmentRequestMessage
       *         }
       *         then {
       *             the IUT sends an EtsiTs103097Data-Encrypted structure
       *                 containing an encrypted EtsiTs103097Data-Signed structure
       *                     containing tbsData
       *                         containing EtsiTS102941Data
       *                             containing InnerECResponse
       *                                 containing an enrolment certificate
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS ITS-00546v006 TP 31
       * @reference ETSI TS 102 941, clause 6.2.3.2.2
       */
      testcase TC_SEC_PKI_SND_EA_BV_10() runs on ItsPkiHttp system ItsPkiHttpSystem {
        // Local variables
        var Oct32 v_private_key;
        var Oct32 v_publicKeyCompressed;
        var integer v_compressedMode;
        var Oct32 v_request_hash;
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
        var Oct16 v_aes_sym_key;
        var Oct16 v_encrypted_sym_key;
        var Oct16 v_authentication_vector;
        var Oct12 v_nonce;
        var octetstring v_salt;
        var HeaderLines v_headers;
        var HttpMessage v_response;
        var EtsiTs102941Data v_etsi_ts_102941_data;
        
        // Test control
        if (not PICS_IUT_EA_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID);
        
        // Test adapter configuration
        
        // Preamble
        f_http_build_invalid_enrolment_request(v_private_key, v_publicKeyCompressed, v_compressedMode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
        f_init_default_headers_list(-, "inner_ec_request", v_headers);
        httpPort.send(
                      m_http_request(
garciay's avatar
garciay committed
                                     m_http_request_post(
                                                        PICS_HTTP_POST_URI,
                                                        v_headers,
                                                        m_http_message_body_binary(
                                                                                   m_binary_body_ieee1609dot2_data(
                                                                                                                   v_ieee1609dot2_signed_and_encrypted_data
                                                                                                                   )))));
        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
        
        // Test Body
        tc_ac.start;
        alt {
          [] httpPort.receive(
                              mw_http_response(
                                               mw_http_response_ok(
                                                                   mw_http_message_body_binary(
                                                                                               mw_binary_body_ieee1609dot2_data(
                                                                                                                                mw_enrolmentResponseMessage(
                                                                                                                                                            mw_encryptedData(
                                                                                                                                                                             -,
                                                                                                                                                                             mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                             ))))))) -> value v_response {
            tc_ac.stop;
            
            if (f_verify_pki_message(v_private_key, v_aes_sym_key, v_authentication_vector, vc_eaWholeHash, vc_eaCertificate, v_response.response.body.binary_body.ieee1609dot2_data, true, v_etsi_ts_102941_data) == false) {
              log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***");
              f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
            } else {
              log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***");
              if (match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ko))) {
                log("*** " & testcasename() & ": PASS: Well-secured EA certificate received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
              } else {
                log("*** " & testcasename() & ": FAIL: Unexpected message received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
              }
          }
          [] tc_ac.timeout {
            log("*** " & testcasename() & ": INCONC: Expected message not received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
          }
        } // End of 'alt' statement
        
        // Postamble
        f_cfHttpDown();
        
      } // End of testcase TC_SEC_PKI_SND_EA_BV_10
      
    } // End of group enrolment_response

    group authorization_vaidation_response {
      
      /**
       * @desc The AuthorizationValidationResponse message shall be sent by the EA to the AA across the interface 
       *       at reference point S4 in response to a received AuthorizationValidationRequest message
       * <pre>
garciay's avatar
garciay committed
       * Pics Selection: PICS_IUT_EA_ROLE
       * Initial conditions: 
       *     with {
       *         the IUT being in the "operational state"
       *     }
       * Expected behaviour:
       *     ensure that {
       *         when {
garciay's avatar
garciay committed
       *             the IUT receives a AuthorizationValidationRequest  message
garciay's avatar
garciay committed
       *             the IUT sends a AuthorizationValidationResponse message
       *                 across the reference point S4 to the AA
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS ITS-00546v006 TP AuthValRes_1_EA
       * @reference ETSI TS 102 941, clause 6.2.3.4
       */
Yann Garcia's avatar
Yann Garcia committed
      testcase TC_SEC_PKI_SND_EA_BV_11() runs on ItsPkiHttp system ItsPkiHttpSystem {
        // Local variables
        var Oct32 v_private_key;
        var Oct32 v_publicKeyCompressed;
        var integer v_compressedMode;
Yann Garcia's avatar
Yann Garcia committed
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
        var HeaderLines v_headers;
        var HttpMessage v_response;
        if (not PICS_IUT_EA_ROLE or PICS_IUT_COMBINED_EA_AA_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_EA_ROLE and not PICS_IUT_COMBINED_EA_AA_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        
        // Test adapter configuration
        
        // Preamble
Yann Garcia's avatar
Yann Garcia committed
        f_http_build_authorization_validation_request(v_private_key, v_publicKeyCompressed, v_compressedMode, v_ieee1609dot2_signed_and_encrypted_data);
        f_init_default_headers_list(-, "inner_ec_request", v_headers);
Yann Garcia's avatar
Yann Garcia committed
        httpPort.send(
                      m_http_request(
                                     m_http_request_post(
                                                        PICS_HTTP_POST_URI,
Yann Garcia's avatar
Yann Garcia committed
                                                        v_headers,
                                                        m_http_message_body_binary(
                                                                                   m_binary_body_ieee1609dot2_data(
                                                                                                                   v_ieee1609dot2_signed_and_encrypted_data
                                                                                                                   )))));
        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
        
        // Test Body
        tc_ac.start;
        alt {
Yann Garcia's avatar
Yann Garcia committed
          [] httpPort.receive(
                              mw_http_response(
                                               mw_http_response_ok(
                                                                   mw_http_message_body_binary(
                                                                                               mw_binary_body_ieee1609dot2_data(
                                                                                                                                mw_authorizationValidationResponseMessage(
                                                                                                                                                                         mw_encryptedData(
                                                                                                                                                                                          -,
                                                                                                                                                                                          mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                                          ))))))) -> value v_response {
            tc_ac.stop;
            log("*** " & testcasename() & ": PASS: AuthorizationValidationResponse received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
          }
          [] tc_ac.timeout {
            log("*** " & testcasename() & ": INCONC: Expected message not received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
          }
        } // End of 'alt' statement
        
        // Postamble
Yann Garcia's avatar
Yann Garcia committed
        f_cfHttpDown();
        
      } // End of testcase TC_SEC_PKI_SND_EA_BV_11
Yann Garcia's avatar
Yann Garcia committed
      
      /**
       * @desc The AuthorizationValidationResponse message shall be sent by the EA to the AA across the interface 
       *       at reference point S4 in response to a received AuthorizationValidationRequest message
       * <pre>
garciay's avatar
garciay committed
       * Pics Selection: PICS_IUT_EA_ROLE
Yann Garcia's avatar
Yann Garcia committed
       * Initial conditions: 
       *     with {
       *         the IUT being in the "operational state"
       *     }
       * Expected behaviour:
       *     ensure that {
       *         when {
garciay's avatar
garciay committed
       *             the IUT receives a AuthorizationValidationRequest  message
Yann Garcia's avatar
Yann Garcia committed
       *         }
       *         then {
garciay's avatar
garciay committed
       *             the IUT sends a AuthorizationValidationResponse message
       *                 across the reference point S4 to the AA
Yann Garcia's avatar
Yann Garcia committed
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS ITS-00546v006 TP AuthValRes_1_EA
       * @reference ETSI TS 102 941, clause 6.2.3.4
       */
      testcase TC_SEC_PKI_SND_EA_BV_12() runs on ItsPkiHttp system ItsPkiHttpSystem {
        // Local variables
        var Oct32 v_private_key;
        var Oct32 v_publicKeyCompressed;
        var integer v_compressedMode;
garciay's avatar
garciay committed
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
Yann Garcia's avatar
Yann Garcia committed
        var HeaderLines v_headers;
        var HttpMessage v_response;
        
        // Test control
        if (not PICS_IUT_EA_ROLE or PICS_IUT_COMBINED_EA_AA_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_EA_ROLE and not PICS_IUT_COMBINED_EA_AA_ROLE required for executing the TC ***");
Yann Garcia's avatar
Yann Garcia committed
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
Yann Garcia's avatar
Yann Garcia committed
        
        // Test adapter configuration
        
        // Preamble
        f_http_build_authorization_validation_request(v_private_key, v_publicKeyCompressed, v_compressedMode, v_ieee1609dot2_signed_and_encrypted_data);
        f_init_default_headers_list(-, "inner_ec_request", v_headers);
Yann Garcia's avatar
Yann Garcia committed
        httpPort.send(
                      m_http_request(
garciay's avatar
garciay committed
                                     m_http_request_post(
                                                        PICS_HTTP_POST_URI,
Yann Garcia's avatar
Yann Garcia committed
                                                        v_headers,
                                                        m_http_message_body_binary(
                                                                                   m_binary_body_ieee1609dot2_data(
                                                                                                                   v_ieee1609dot2_signed_and_encrypted_data
                                                                                                                   )))));
        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
        
        // Test Body
        tc_ac.start;
        alt {
          [] httpPort.receive(
                              mw_http_response(
                                               mw_http_response_ok(
                                                                   mw_http_message_body_binary(
                                                                                               mw_binary_body_ieee1609dot2_data(
                                                                                                                                mw_authorizationValidationResponseMessage(
                                                                                                                                                                         mw_encryptedData(
                                                                                                                                                                                          -,
                                                                                                                                                                                          mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                                          ))))))) -> value v_response {
            tc_ac.stop;
            log("*** " & testcasename() & ": PASS: AuthorizationValidationResponse received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
          }
          [] tc_ac.timeout {
            log("*** " & testcasename() & ": INCONC: Expected message not received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
          }
        } // End of 'alt' statement
        
        // Postamble
        f_cfHttpDown();
        
      } // End of testcase TC_SEC_PKI_SND_EA_BV_12
      
    } // End of group authorization_vaidation_response
garciay's avatar
garciay committed
  } // End of group ea_behavior

  group aa_behavior {
garciay's avatar
garciay committed
    
    group authorization_request {


      testcase TC_SEC_PKI_SND_AA_BV_00() runs on ItsPkiHttp system ItsPkiHttpSystem {
        var Oct32 v_private_key_ec;
        var Oct32 v_publicKeyCompressed_ec;
        var integer v_compressedMode_ec;
        var Oct32 v_private_key_at;
        var Oct32 v_publicKeyCompressed_at;
        var integer v_compressedMode_at;
        var Oct32 v_private_enc_key_at;
        var Oct32 v_publicEncKeyCompressed_at;
        var integer v_compressedEncMode_at;
        var Oct32 v_request_hash;
        var Oct16 v_encrypted_sym_key;
        var Oct16 v_aes_sym_key;
        var Oct16 v_authentication_vector;
        var Oct12 v_nonce;
        var octetstring v_salt;
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
        var HeaderLines v_headers;
        var InnerEcResponse v_inner_ec_response;
        var HttpMessage v_response;
        var EtsiTs102941Data v_etsi_ts_102941_data;
        
        // Test control
        if (not PICS_IUT_COMBINED_EA_AA_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_COMBINED_EA_AA_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);
        
        // Test adapter configuration
        
        // Preamble
        f_init_default_headers_list(-, "inner_ec_request", v_headers);
        // TODO Create a f_await_http_inner_ec_request_response(v_private_key_ec, v_publicKeyCompressed_ec, v_compressedMode_ec, v_inner_ec_response);
        f_http_build_inner_ec_request(v_private_key_ec, v_publicKeyCompressed_ec, v_compressedMode_ec, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
        httpPort.send(
                      m_http_request(
                                     m_http_request_post(
                                                        PICS_HTTP_POST_URI,
                                                        v_headers,
                                                        m_http_message_body_binary(
                                                                                   m_binary_body_ieee1609dot2_data(
                                                                                                                   v_ieee1609dot2_signed_and_encrypted_data
                                                                                                                   )))));
        tc_ac.start;
        alt {
          [] httpPort.receive(
                              mw_http_response(
                                               mw_http_response_ok(
                                                                   mw_http_message_body_binary(
                                                                                               mw_binary_body_ieee1609dot2_data(
                                                                                                                                mw_enrolmentResponseMessage(
                                                                                                                                                            mw_encryptedData(
                                                                                                                                                                             -,
                                                                                                                                                                             mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                             ))))))) -> value v_response {
            tc_ac.stop;

            if (f_verify_pki_message(v_private_key_ec, v_aes_sym_key, v_authentication_vector, vc_eaWholeHash, vc_eaCertificate, v_response.response.body.binary_body.ieee1609dot2_data, false, v_etsi_ts_102941_data) == false) {
              log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***");
              f_selfOrClientSyncAndVerdictTestBody(c_prDone, e_timeout);
            } else {
              log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***");
              log("*** " & testcasename() & ": DEBUG: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16), mw_etsiTs103097Certificate(mw_issuerIdentifier_self, mw_toBeSignedCertificate_ea, mw_signature_ecdsaNistP256)))), " ***"); // TODO In TITAN, this is the only way to get the unmatching in log
              if (match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16), mw_etsiTs103097Certificate(mw_issuerIdentifier_self, mw_toBeSignedCertificate_ea, mw_signature_ecdsaNistP256))))) {
                v_inner_ec_response := v_etsi_ts_102941_data.content.enrolmentResponse;
                log("*** " & testcasename() & ": INFO: Well-secured EA certificate received ***");
                log("v_inner_ec_response= ", v_inner_ec_response);
                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
              } else {
                log("*** " & testcasename() & ": FAIL: Unexpected message received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_prDone, e_timeout);
              }
            }
          }
          [] httpPort.receive(
                              mw_http_response(
                                               mw_http_response_ko
                                               )) {
            tc_ac.stop;
            
            log("*** " & testcasename() & ": FAIL: Unexpected message received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_prDone, e_timeout);
          }
          [] tc_ac.timeout {
            log("*** " & testcasename() & ": INCONC: Expected message not received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_prDone, e_timeout);
          }
        } // End of 'alt' statement
        
        // Test Body
        f_http_build_authorization_request(v_inner_ec_response.certificate, v_private_key_ec, v_private_key_at, v_publicKeyCompressed_at, v_compressedMode_at, v_private_enc_key_at, v_publicEncKeyCompressed_at, v_compressedEncMode_at, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
        f_set_headears_list({c_header_content_text}, {"authorization_request"}, v_headers);
        log("v_headers= ", v_headers);
        httpPort.send(
                      m_http_request(
                                     m_http_request_post(
                                                        PICS_HTTP_POST_URI,
                                                        v_headers,
                                                        m_http_message_body_binary(
                                                                                   m_binary_body_ieee1609dot2_data(
                                                                                                                   v_ieee1609dot2_signed_and_encrypted_data
                                                                                                                   )))));
        tc_ac.start;
        alt {
          [] httpPort.receive(
                              mw_http_response(
                                               mw_http_response_ok(
                                                                   mw_http_message_body_binary(
                                                                                               mw_binary_body_ieee1609dot2_data(
                                                                                                                                mw_authorizationResponseMessage(
                                                                                                                                                                mw_encryptedData(
                                                                                                                                                                                 -,
                                                                                                                                                                                 mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                                 ))))))) -> value v_response {
            tc_ac.stop;
            
            if (f_verify_pki_message(v_private_key_at, v_aes_sym_key, v_authentication_vector, vc_eaWholeHash, vc_eaCertificate, v_response.response.body.binary_body.ieee1609dot2_data, false, v_etsi_ts_102941_data) == false) {
              log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***");
              f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
            } else {
              log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***");
              f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
              log(match(v_etsi_ts_102941_data.content, mw_authorizationResponse(mw_innerAtResponse_ok(substr(v_request_hash, 0, 16), mw_etsiTs103097Certificate(mw_issuerIdentifier_self, mw_toBeSignedCertificate_ea, mw_signature_ecdsaNistP256))))); // TODO In TITAN, this is the only way to get the unmatching in log
              if (match(v_etsi_ts_102941_data.content, mw_authorizationResponse(mw_innerAtResponse_ok(substr(v_request_hash, 0, 16), mw_etsiTs103097Certificate(mw_issuerIdentifier_self, mw_toBeSignedCertificate_ea, mw_signature_ecdsaNistP256))))) { 
                // TODO Refined expected mw_signature_ecdsaNistP256
                log("*** " & testcasename() & ": PASS: Well-secured AT certificate received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
              } else {
                log("*** " & testcasename() & ": FAIL: Unexpected message received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
            }
          }
          [] tc_ac.timeout {
            log("*** " & testcasename() & ": INCONC: Expected message not received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
          }
        } // End of 'alt' statement
        
        // Postamble
        f_cfHttpDown();
        
      }

garciay's avatar
garciay committed
      /**
       * @desc Check that the AA is able to decrypt the AuthorizationRequest message using the encryption private key corresponding to the recipient certificate
       *       Check that the AA is able to verify the inner signature
       *       Check that the AA is able to verify the request authenticity using the hmacKey verification
       *       Check that the AA sends the AuthorizationValidationRequest message to the correspondent EA
       * <pre>
       * Pics Selection: PICS_IUT_AA_ROLE
       * Initial conditions: 
       *     with {
       *          the AA in "operational state"
       *              authorized with the certificate CERT_AA
       *                  containing encryptionKey (AA_ENC_PUB_KEY)
       *     }
       * Expected behaviour:
       *     ensure that {
       *         when {
       *            the IUT receives an EtsiTs103097Data message
       *                containing content.encryptedData
       *                    containing recipients
       *                        containing the instance of RecipientInfo
       *                            containing certRecipInfo
       *                                containing recipientId
       *                                    indicating HashedId8 of the certificate CERT_AA
       *                                and containing encKey
       *                                    indicating symmetric key (S_KEY)
       *                                        encrypted with the private key correspondent to the AA_ENC_PUB_KEY
       *                    and containing cyphertext (ENC_DATA)
       *                        containing encrypted representation of the EtsiTs103097Data-Signed
       *                            containing content.signedData
       *                                containing hashId
       *                                    indicating valid hash algorythm
       *                and containing signer
       *                    containing self
       *                and containing tbsData (SIGNED_DATA)
       *                    containing payload
       *                        containing EtsiTs102941Data
       *                            containing content.authorizationRequest
       *                                containing publicKeys.verificationKey (V_KEY)
       *                                and containing hmacKey (HMAC)
       *                                and containing sharedAtRequest
       *                                    containing keyTag (KEY_TAG)
       *                                    and containing eaId (EA_ID)
       (                                        indicating HashedId8 of the known EA certificate
       *                and containing signature (SIGNATURE)
       *         }
       *         then {
       *            the IUT is able to decrypt the S_KEY
       *                using the private key
       *                    corresponding to the AA_ENC_PUB_KEY
       *            and the IUT is able to decrypt the cypthertext ENC_DATA
       *                using the S_KEY
       *            and the IUT is able to verify the signature SIGNATURE over the SIGNED_DATA
       *                using the V_KEY
       *            and the IUT is able to verify integrity of HMAC and KEY_TAG
       *            and the IUT sends the AuthorizationValidationRequest message to the EA
       *                identified by the EA_ID
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS ITS-00546v006 TP BV
       * @reference ETSI TS 102 941, clause 6.2.3.3.1
       */
      testcase TC_SEC_PKI_SND_AA_BV_01() runs on ItsPkiHttp system ItsPkiHttpSystem {
        var Oct32 v_private_key;
        var Oct32 v_publicKeyCompressed;
        var integer v_compressedMode;
        var Oct32 v_request_hash;
garciay's avatar
garciay committed
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
        var HeaderLines v_headers;
        var HttpMessage v_response;
        var EtsiTs102941Data v_etsi_ts_102941_data;
        
        // Test control
        if (not PICS_IUT_AA_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_AA_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfHttpUp(
                   PICS_TS_CERTIFICATE_ID, // TS role is ITS-S
                   PICS_IUT_AA_CERTIFICATE_ID // Peer certificate, IUT
                   );
        
        // Test adapter configuration
        
        // Preamble
        // TODO f_http_build_inner_at_request(v_private_key, v_publicKeyCompressed, v_compressedMode, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
        f_init_default_headers_list(-, -, v_headers);
garciay's avatar
garciay committed
        httpPort.send(
                      m_http_request(
garciay's avatar
garciay committed
                                     m_http_request_post(
                                                        PICS_HTTP_POST_URI,
garciay's avatar
garciay committed
                                                        v_headers,
                                                        m_http_message_body_binary(
                                                                                   m_binary_body_ieee1609dot2_data(
                                                                                                                   v_ieee1609dot2_signed_and_encrypted_data
                                                                                                                   )))));
        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
        
        // Test Body
        tc_ac.start;
        alt {
          [] httpPort.receive(
                              mw_http_response(
                                               mw_http_response_ok(
                                                                   mw_http_message_body_binary(
                                                                                               mw_binary_body_ieee1609dot2_data(
                                                                                                                                mw_authorizationResponseMessage(
                                                                                                                                                                mw_encryptedData(
                                                                                                                                                                                 -,
                                                                                                                                                                                 mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                                 ))))))) -> value v_response {
            tc_ac.stop;
            
            /*if (f_verify_pki_message(vc_eaPrivateEncKey, vc_eaPeerWholeHash, vc_eaCertificate, v_response.response.body.binary_body.ieee1609dot2_data, false, v_etsi_ts_102941_data, v_request_hash) == false) {
garciay's avatar
garciay committed
              log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***");
              f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
            } else {
              log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***");
              if (match(v_etsi_ts_102941_data.content, mw_authorizationValidationResponse(mw_authorizationValidationResponse_ok))) { 
                // TODO Refined expected  mw_authorizationValidationResponse_ok
garciay's avatar
garciay committed
                log("*** " & testcasename() & ": PASS: Well-secured EA certificate received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
              } else {
                log("*** " & testcasename() & ": FAIL: Unexpected message received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
              }
garciay's avatar
garciay committed
          }
          [] tc_ac.timeout {
            log("*** " & testcasename() & ": INCONC: Expected message not received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
          }
        } // End of 'alt' statement
        
        // Postamble
        f_cfHttpDown();
        
      } // End of testcase TC_SEC_PKI_SND_AA_BV_01
      
      /**
       * @desc Check that the AA is able to decrypt the AuthorizationRequest message using the encryption private key corresponding to the recipient certificate
       *       Check that the AA is able to verify the request authenticity using the hmacKey verification
       *       Check that the AA sends the AuthorizationValidationRequest message to the correspondent EA
       * <pre>
       * Pics Selection: PICS_IUT_AA_ROLE
       * Initial conditions: 
       *     with {
       *          the AA in "operational state"
       *              authorized with the certificate CERT_AA
       *                  containing encryptionKey (AA_ENC_PUB_KEY)
       *     }
       * Expected behaviour:
       *     ensure that {
       *         when {
       *            the IUT receives an EtsiTs103097Data message
       *                containing content.encryptedData
       *                    containing recipients
       *                        containing the instance of RecipientInfo
       *                            containing certRecipInfo
       *                                containing recipientId
       *                                    indicating HashedId8 of the certificate CERT_AA
       *                                and containing encKey
       *                                    indicating symmetric key (S_KEY)
       *                                        encrypted with the private key correspondent to the AA_ENC_PUB_KEY
       *                    and containing cyphertext (ENC_DATA)
       *                        containing EtsiTs102941Data
       *                            containing content.authorizationRequest
       *                                containing hmacKey (HMAC)
       *                                and containing sharedAtRequest
       *                                    containing keyTag (KEY_TAG)
       *                                    and containing eaId (EA_ID)
       *                                        indicating HashedId8 of the known EA certificate
       *         }
       *         then {
       *            the IUT is able to decrypt the S_KEY
       *                using the private key
       *                    corresponding to the AA_ENC_PUB_KEY
       *            and the IUT is able to decrypt the cypthertext ENC_DATA
       *                using the S_KEY
       *            and the IUT is able to verify integrity of HMAC and KEY_TAG
       *            and the IUT sends the AuthorizationValidationRequest message to the EA
       *                identified by the EA_ID
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS ITS-00546v006 TP BV
       * @reference ETSI TS 102 941, clause 6.2.3.3.1
       */
      testcase TC_SEC_PKI_SND_AA_BV_02() runs on ItsPkiHttp system ItsPkiHttpSystem {
        var Oct32 v_private_key;
        var Oct32 v_publicKeyCompressed;
        var integer v_compressedMode;
        var Oct32 v_request_hash;
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
        var HeaderLines v_headers;
        var HttpMessage v_response;
        var EtsiTs102941Data v_etsi_ts_102941_data;
        
        // Test control
        if (not PICS_IUT_AA_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_AA_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfHttpUp(
                   PICS_TS_CERTIFICATE_ID, // TS role is ITS-S
                   PICS_IUT_AA_CERTIFICATE_ID // Peer certificate, IUT
                   );
        
        // Test adapter configuration
        
        // Preamble
        // TODO f_http_build_inner_at_request(v_private_key, v_publicKeyCompressed, v_compressedMode, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
        f_init_default_headers_list(-, -, v_headers);
garciay's avatar
garciay committed
                                     m_http_request_post(
                                                         PICS_HTTP_POST_URI,
garciay's avatar
garciay committed
                                                         v_headers,
                                                         m_http_message_body_binary(
                                                                                    m_binary_body_ieee1609dot2_data(
                                                                                                                    v_ieee1609dot2_signed_and_encrypted_data
                                                                                                                    )))));
        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
        
        // Test Body
        tc_ac.start;
        alt {
          [] httpPort.receive(
                              mw_http_response(
                                               mw_http_response_ok(
                                                                   mw_http_message_body_binary(
                                                                                               mw_binary_body_ieee1609dot2_data(
                                                                                                                                mw_authorizationResponseMessage(
                                                                                                                                                                mw_encryptedData(
                                                                                                                                                                                 -,
                                                                                                                                                                                 mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                                 ))))))) -> value v_response {
            tc_ac.stop;
            
            /*if (f_verify_pki_message(vc_eaPrivateEncKey, vc_eaPeerWholeHash, vc_eaCertificate, v_response.response.body.binary_body.ieee1609dot2_data, false, v_etsi_ts_102941_data, v_request_hash) == false) {
              log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***");
              f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
            } else {
              log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***");
              if (match(v_etsi_ts_102941_data.content, mw_authorizationValidationResponse(mw_authorizationValidationResponse_ok))) { 
                // TODO Refined expected  mw_authorizationValidationResponse_ok
                log("*** " & testcasename() & ": PASS: Well-secured EA certificate received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
              } else {
                log("*** " & testcasename() & ": FAIL: Unexpected message received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
              }
          }
          [] tc_ac.timeout {
            log("*** " & testcasename() & ": INCONC: Expected message not received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
          }
        } // End of 'alt' statement
        
        // Postamble
        f_cfHttpDown();
        
      } // End of testcase TC_SEC_PKI_SND_AA_BV_02
      
      /**
       * @desc Check that the AA skips the AuthorizationRequest message if it is not addressed to this AA
       * <pre>
       * Pics Selection: PICS_IUT_AA_ROLE
       * Initial conditions: 
       *     with {
       *          the AA in "operational state"
       *              authorized with the certificate CERT_AA
       *                  containing encryptionKey (AA_ENC_PUB_KEY)
       *     }
       * Expected behaviour:
       *     ensure that {
       *         when {
       *            the IUT receives an EtsiTs103097Data message
       *                containing content.encryptedData
       *                    containing recipients
       *                        containing the instance of RecipientInfo
       *                            containing certRecipInfo
       *                                containing recipientId
       *                                    indicating value
       *                                        NOT equal to the HashedId8 of the certificate CERT_AA
       *                                and containing encKey
       *                                    indicating symmetric key (S_KEY)
       *                                        encrypted with the private key correspondent to the AA_ENC_PUB_KEY
       *         }
       *         then {
       *            the IUT does not send the AuthorizationValidationRequest message
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS ITS-00546v006 TP BV
       * @reference ETSI TS 102 941, clause 6.2.3.3.1
       */
      testcase TC_SEC_PKI_SND_AA_BV_03() runs on ItsPkiHttp system ItsPkiHttpSystem {
        var Oct32 v_private_key;
        var Oct32 v_publicKeyCompressed;
        var integer v_compressedMode;
        var Oct32 v_request_hash;
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
        var HeaderLines v_headers;
        var HttpMessage v_response;
        var EtsiTs102941Data v_etsi_ts_102941_data;
        
        // Test control
        if (not PICS_IUT_AA_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_AA_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfHttpUp(
                   PICS_TS_CERTIFICATE_ID, // TS role is ITS-S
                   PICS_IUT_AA_CERTIFICATE_ID // Peer certificate, IUT
                   );
        
        // Test adapter configuration
        
        // Preamble
        // TODO f_http_build_inner_at_request(v_private_key, v_publicKeyCompressed, v_compressedMode, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
        f_init_default_headers_list(-, -, v_headers);
        httpPort.send(
                      m_http_request(
                                     m_http_request_post(
                                                         PICS_HTTP_POST_URI,
                                                         v_headers,
                                                         m_http_message_body_binary(
                                                                                    m_binary_body_ieee1609dot2_data(
                                                                                                                    v_ieee1609dot2_signed_and_encrypted_data
                                                                                                                    )))));
        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
        
        // Test Body
        tc_noac.start;
        alt {
          [] httpPort.receive(
                              mw_http_response(
                                               mw_http_response_ok(
                                                                   mw_http_message_body_binary(
                                                                                               mw_binary_body_ieee1609dot2_data(
                                                                                                                                mw_authorizationResponseMessage(
                                                                                                                                                                mw_encryptedData(
                                                                                                                                                                                 -,
                                                                                                                                                                                 mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                                 ))))))) -> value v_response {
            tc_noac.stop;
            
            log("*** " & testcasename() & ": FAIL: Unexpected message received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
          }
          [] tc_noac.timeout {
            log("*** " & testcasename() & ": INCONC: Expected message not received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
          }
        } // End of 'alt' statement
        
        // Postamble
        f_cfHttpDown();
        
      } // End of testcase TC_SEC_PKI_SND_AA_BV_03
      
garciay's avatar
garciay committed
    } // End of group authorization_request
    
garciay's avatar
garciay committed
  } // End of group aa_beavior
  
} // End of module ItsPki_TestCases