ItsSecurity_TestCases.ttcn3 1.4 MB
Newer Older
                                        mw_header_field(
                                            e_generation_location
                                        ),
                                        mw_header_field_signer_info_certificate,
                                        complement(
                                            mw_header_field_its_aid_CAM,
                                            mw_header_field_its_aid_DENM
                                        )
                    ))))) {
                        // The certificate doesn't contain region restrictions because such messages was catched before 
                        tc_ac.stop;
                        log("*** " & testcasename() & ": PASS: DENM contains generation location ***");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                    }
                    [] geoNetworkingPort.receive(
                        mw_geoNwInd(
                            mw_geoNwSecPdu(
                                mdw_securedMessage_Others(
                                    mw_header_field_signer_info_certificate
                    )))) {
                        // The message does not contain generation location 
                        tc_ac.stop;
                        log("*** " & testcasename() & ": PASS: DENM contains generation location ***");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                    }
                    [] tc_ac.timeout {
                        log("*** " & testcasename() & ": INCONC: Expected DENM not received ***");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
                    }
                } // End of 'alt' statement
                
                // Postamble
                f_acTriggerEvent(m_stopPassBeaconing);
                f_poNeighbour();
                f_cf01Down();
            } // End of testcase TC_SEC_ITSS_SND_GENMSG_05_01_BV
            
            /**
             * @desc   Check that the secured GN Beacon contains exactly one HeaderField generation_location 
             *         which is inside the circular region containing in the validity restriction of the 
             *         certificate pointed by the signer_info field     
             * <pre>
             * Pics Selection: PICS_GN_SECURITY and PICS_ITS_AID_OTHER_PROFILE and PICS_CERTIFICATE_SELECTION and PICS_USE_CIRCULAR_REGION
             * Config Id: CF01
             * with {
garciay's avatar
garciay committed
             *   the IUT has been authorized with the AT certificate (CERT_IUT_B)
             *       containing validity_restrictions['region']
             *           containing region
             *               containing region_type
             *                   indicating 'circle'
             *               and containing circular_region
             *                   indicating REGION
             * }
             * ensure that {
             *   when {
             *     the IUT is requested to send a GN Beacon
             *   } then {
garciay's avatar
garciay committed
             *     the IUT sends a SecuredMessage 
             *         containing exactly one header_fields['generation_location']
             *             containing generation_location
             *                 indicating value inside the REGION
garciay's avatar
garciay committed
             * @see          ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_GENMSG_05_02_BV
garciay's avatar
garciay committed
             * @reference    ETSI TS 103 097 [1], clause 7.3
            testcase TC_SEC_ITSS_SND_GENMSG_05_02_BV() runs on ItsGeoNetworking system ItsSecSystem {
                
                // Local variables
                var LongPosVector   v_longPosVectorIut;
                
                // Test control
                if (not(PICS_GN_SECURITY) or not(PICS_ITS_AID_OTHER_PROFILE) or not(PICS_CERTIFICATE_SELECTION) or not(PICS_USE_CIRCULAR_REGION)) {
garciay's avatar
garciay committed
                    log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_ITS_AID_OTHER_PROFILE and PICS_USE_CIRCULAR_REGION' required for executing the TC ***");
                
                // Test component configuration
                vc_hashedId8ToBeUsed := cc_iutCert_B; 
                f_cf01Up();
                v_longPosVectorIut := f_getPosition(c_compIut);
                
                // Test adapter configuration
                
                // Preamble
                f_prNeighbour();
                f_acTriggerEvent(m_startPassBeaconing(m_beaconHeader(v_longPosVectorIut).beaconHeader)); // Authorize the TA to forward the received beacons
                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);    
                
                // Test Body
                f_TC_SEC_ITSS_SND_GENMSG_05_BV(mw_geographicRegion_circle);
                
                // Postamble
                f_acTriggerEvent(m_stopPassBeaconing);
                f_poNeighbour();
                f_cf01Down();
            } // End of testcase TC_SEC_ITSS_SND_GENMSG_05_02_BV
            /**
             * @desc   Check that the secured GN Beacon contains exactly one HeaderField generation_location 
             *         which is inside the rectangular region containing in the validity restriction 
             *         of the certificate pointed by the signer_info field     
             * <pre>
             * Pics Selection: PICS_GN_SECURITY and PICS_ITS_AID_OTHER_PROFILE and PICS_CERTIFICATE_SELECTION and PICS_USE_RECTANGULAR_REGION
             * Config Id: CF01
             * with {
garciay's avatar
garciay committed
             *   the IUT has been authorized with the AT certificate (CERT_IUT_C)
garciay's avatar
garciay committed
             *       containing validity_restrictions ['region']
             *           containing region
             *               containing region_type
             *                   indicating 'rectangle'
             *               containing rectangular_region
             *                   indicating REGION
             * }
             * ensure that {
             *   when {
garciay's avatar
garciay committed
             *       the IUT is requested to send a DENM
garciay's avatar
garciay committed
             *       the IUT sends a SecuredMessage
             *           containing exactly one header_fields ['generation_location']
             *               containing generation_location
             *                   containing instance of RectangularRegion
             *                       indicating value inside the REGION
garciay's avatar
garciay committed
             * @see          ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_GENMSG_05_03_BV
garciay's avatar
garciay committed
             * @reference    ETSI TS 103 097 [1], clause 7.3
            testcase TC_SEC_ITSS_SND_GENMSG_05_03_BV() runs on ItsGeoNetworking system ItsSecSystem {
                
                // Local variables
                var LongPosVector   v_longPosVectorIut;
                
                // Test adapter configuration
                if (not(PICS_GN_SECURITY) or not(PICS_ITS_AID_OTHER_PROFILE) or not(PICS_CERTIFICATE_SELECTION) or not(PICS_USE_RECTANGULAR_REGION)) {
garciay's avatar
garciay committed
                    log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_ITS_AID_OTHER_PROFILE and PICS_USE_RECTANGULAR_REGION' required for executing the TC ***");
                
                // Test component configuration
                vc_hashedId8ToBeUsed := cc_iutCert_C; // Load IUT certificate CERT_IUT_C 
                f_cf01Up();
                v_longPosVectorIut := f_getPosition(c_compIut);
                
                // Test adapter configuration
                
                // Preamble
                f_prNeighbour();
                f_acTriggerEvent(m_startPassBeaconing(m_beaconHeader(v_longPosVectorIut).beaconHeader)); // Authorize the TA to forward the received beacons
                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);    
                
                // Test Body
                f_TC_SEC_ITSS_SND_GENMSG_05_BV(mw_geographicRegion_rectangular);
                
                // Postamble
                f_acTriggerEvent(m_stopPassBeaconing);
                f_poNeighbour();
                f_cf01Down();
            } // End of testcase TC_SEC_ITSS_SND_GENMSG_05_03_BV
            
            /**
             * @desc   Check that the secured GN Message contains exactly one HeaderField generation_location 
             *         which is inside the polygonal region containing in the validity restriction 
             *         of the certificate pointed by the signer_info field     
             * <pre>
             * Pics Selection: PICS_GN_SECURITY and PICS_ITS_AID_OTHER_PROFILE and PICS_CERTIFICATE_SELECTION and PICS_USE_POLYGONAL_REGION
             * Config Id: CF01
             * with {
garciay's avatar
garciay committed
             *   the IUT has been authorized with the AT certificate (CERT_AT_D)
             *       containing validity_restrictions ['region']
             *           containing region
             *               containing region_type
             *                   indicating 'polygon'
             *               containing polygonal_region
             *                   indicating REGION
             * }
             * ensure that {
             *   when {
             *     the IUT is requested to send a Beacon
             *   } then {
garciay's avatar
garciay committed
             *     the IUT sends a SecuredMessage
             *       containing exactly one header_fields ['generation_location']
             *         containing generation_location
             *           indicating value inside the REGION
             *   }
             * }
             * </pre>
garciay's avatar
garciay committed
             * @see          ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_GENMSG_05_04_BV
garciay's avatar
garciay committed
             * @reference    ETSI TS 103 097 [1], clause 7.3
            testcase TC_SEC_ITSS_SND_GENMSG_05_04_BV() runs on ItsGeoNetworking system ItsSecSystem {
                
                // Local variables
                var LongPosVector   v_longPosVectorIut;
                
                // Test adapter configuration
                if (not(PICS_GN_SECURITY) or not(PICS_ITS_AID_OTHER_PROFILE) or not(PICS_CERTIFICATE_SELECTION) or not(PICS_USE_POLYGONAL_REGION)) {
garciay's avatar
garciay committed
                    log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_ITS_AID_OTHER_PROFILE and PICS_USE_POLYGONAL_REGION' required for executing the TC ***");
                
                // Test component configuration
                vc_hashedId8ToBeUsed := cc_iutCert_D; // Load IUT certificate CERT_IUT_D 
                f_cf01Up();
                v_longPosVectorIut := f_getPosition(c_compIut);
                
                // Test adapter configuration
                
                // Preamble
                f_prNeighbour();
                f_acTriggerEvent(m_startPassBeaconing(m_beaconHeader(v_longPosVectorIut).beaconHeader)); // Authorize the TA to forward the received beacons
                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);    
                
                // Test Body
                f_TC_SEC_ITSS_SND_GENMSG_05_BV(mw_geographicRegion_polygonal);
                
                // Postamble
                f_acTriggerEvent(m_stopPassBeaconing);
                f_poNeighbour();
                f_cf01Down();
            } // End of testcase TC_SEC_ITSS_SND_GENMSG_05_04_BV
            
            /**
             * @desc   Check that the secured GN Message contains exactly one HeaderField generation_location 
             *         which is inside the identified region containing in the validity restriction 
garciay's avatar
garciay committed
             *         of the certificate pointed by the signer_info field
             * Pics Selection: PICS_GN_SECURITY and PICS_ITS_AID_OTHER_PROFILE and PICS_USE_IDENTIFIED_REGION and PICS_CERTIFICATE_SELECTION
             * Config Id: CF01
             * with {
garciay's avatar
garciay committed
             *   the IUT has been authorized with the AT certificate (CERT_IUT_E) 
             *       containing validity_restrictions ['region'] 
             *           containing region
             *               containing region_type
             *                   indicating 'id_region'
             *               containing identified_region
             *                   indicating REGION
             * }
             * ensure that {
             *   when {
             *     the IUT is requested to send a Beacon
             *   } then {
garciay's avatar
garciay committed
             *     the IUT sends a SecuredMessage
             *       containing exactly one header_fields ['generation_location']
             *         containing generation_location
             *           indicating value inside the REGION
             *   }
             * }
             * </pre>
garciay's avatar
garciay committed
             * @see          ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_GENMSG_05_05_BV
garciay's avatar
garciay committed
             * @reference    ETSI TS 103 097 [1], clause 7.3
            testcase TC_SEC_ITSS_SND_GENMSG_05_05_BV() runs on ItsGeoNetworking system ItsSecSystem {
                // Local variables
                var LongPosVector   v_longPosVectorIut;
                
                // Test adapter configuration
                if (not(PICS_GN_SECURITY) or not(PICS_ITS_AID_OTHER_PROFILE) or not(PICS_CERTIFICATE_SELECTION) or not(PICS_USE_IDENTIFIED_REGION)) {
garciay's avatar
garciay committed
                    log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_ITS_AID_OTHER_PROFILE and PICS_USE_IDENTIFIED_REGION' required for executing the TC ***");
                
                // Test component configuration
                vc_hashedId8ToBeUsed := cc_iutCert_E; // Load IUT certificate CERT_IUT_E 
                f_cf01Up();
                v_longPosVectorIut := f_getPosition(c_compIut);
                
                // Test adapter configuration
                
                // Preamble
                f_prNeighbour();
                f_acTriggerEvent(m_startPassBeaconing(m_beaconHeader(v_longPosVectorIut).beaconHeader)); // Authorize the TA to forward the received beacons
                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);    
                
                // Test Body
                f_TC_SEC_ITSS_SND_GENMSG_05_BV(mw_geographicRegion_identified);
                
                // Postamble
                f_acTriggerEvent(m_stopPassBeaconing);
                f_poNeighbour();
                f_cf01Down();
            } // End of testcase TC_SEC_ITSS_SND_GENMSG_05_05_BV
            
            /**
             * @desc   Check that the secured GN Message contains exactly one HeaderField generation_location 
garciay's avatar
garciay committed
             *         which is inside the  certificate pointed by the signer_info field
garciay's avatar
garciay committed
             * Pics Selection: PICS_GN_SECURITY and PICS_ITS_AID_OTHER_PROFILE and not PICS_CERTIFICATE_SELECTION
             * Config Id: CF01
             * with {
             *   the IUT being in the 'authorized' state
             * }
             * ensure that {
             *   when {
             *     the IUT is requested to send a Beacon
             *   } then {
garciay's avatar
garciay committed
             *     the IUT sends a SecuredMessage
             *       containing header_fields['signed_info'].certificate
             *         containing validity_restrictions ['region']
             *           containing region.region_type
             *             indicating 'circle'
             *           containing region.circular_region
             *             indicating REGION
garciay's avatar
garciay committed
             *         or containing region.region_type
             *             indicating 'rectangle'
             *           containing region.rectangular_region
             *             containing array of rectangles
             *               indicating REGION
garciay's avatar
garciay committed
             *         or containing region.region_type
             *             indicating 'polygonal'
             *           containing region.polygonal_region
             *             indicating REGION
garciay's avatar
garciay committed
             *         or containing region.region_type
             *             indicating 'id_region'
             *           containing region.circular_region
             *             indicating REGION
garciay's avatar
garciay committed
             *       and containing exactly one header_fields['generation_location']
             *         containing generation_location
             *           indicating location inside the REGION
             *   }
             * }
             * </pre>
garciay's avatar
garciay committed
             * @see          ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_GENMSG_05_06_BV
garciay's avatar
garciay committed
             * @reference    ETSI TS 103 097 [1], clause 7.3
            testcase TC_SEC_ITSS_SND_GENMSG_05_06_BV() runs on ItsGeoNetworking system ItsSecSystem {
                // Local variables
                var LongPosVector   v_longPosVectorIut;
                
                // Test adapter configuration
garciay's avatar
garciay committed
                if (not(PICS_GN_SECURITY) or not(PICS_ITS_AID_OTHER_PROFILE) or PICS_CERTIFICATE_SELECTION) {
                    log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_ITS_AID_OTHER_PROFILE and not PICS_CERTIFICATE_SELECTION' required for executing the TC ***");
                
                // Test component configuration
                vc_hashedId8ToBeUsed := cc_iutCert_B; // Load IUT certificate CERT_IUT_B 
                f_cf01Up();
                v_longPosVectorIut := f_getPosition(c_compIut);
                
                // Test adapter configuration
                
                // Preamble
                f_prNeighbour();
                f_acTriggerEvent(m_startPassBeaconing(m_beaconHeader(v_longPosVectorIut).beaconHeader)); // Authorize the TA to forward the received beacons
                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);    
                
                // Test Body
                f_TC_SEC_ITSS_SND_GENMSG_05_BV(); // any type of regions
                
                // Postamble
                f_acTriggerEvent(m_stopPassBeaconing);
                f_poNeighbour();
                f_cf01Down();
            } // End of testcase TC_SEC_ITSS_SND_GENMSG_05_06_BV
            
            group f_TC_SEC_ITSS_SND_GENMSG_05_xx {
                
                function f_TC_SEC_ITSS_SND_GENMSG_05_BV(
garciay's avatar
garciay committed
                                                        in template (present) GeographicRegion p_region := ?
                ) runs on ItsGeoNetworking {
                    
                    // Local variables
                    var GeoNetworkingInd v_geoNwInd;
                    
                    tc_ac.start;
                    alt {
                        // GN message must contain generation location and the certificate with region restrictions  
                        [] geoNetworkingPort.receive(
                            mw_geoNwInd(
                                mw_geoNwSecPdu(
                                    mdw_securedMessage(
                                        superset(
                                            mw_header_field(e_generation_location),
                                            mw_header_field_signer_info_certificate(
                                                mw_certificate(
                                                    ?,
                                                    ?,
                                                    ?, 
                                                    superset(
                                                        mw_validity_restriction_region(
                                                            p_region
                        ))))))))) -> value v_geoNwInd {
                            var ValidityRestriction v_vr;
                            var HeaderField         v_hf;
                            
                            tc_ac.stop;
                            // Check that generation location 
                            if (
                                f_getMsgHeaderField(v_geoNwInd.msgIn.gnPacket.securedMsg, e_generation_location, v_hf) and 
                                f_getCertificateValidityRestriction(v_geoNwInd.msgIn.gnPacket.securedMsg.header_fields[0].headerField.signer.signerInfo.certificate, e_region, v_vr)
                            ) {
                                if (f_isLocationInsideRegion(v_vr.validity.region, v_hf.headerField.generation_location)) {
                                    log("*** " & testcasename() & ": PASS: DENM contains generation location inside the certificate validity region ***");
                                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                                } else {
                                    log("v_vr.validity.region=", v_vr.validity.region);
                                    log("v_hf.headerField.generation_location=", v_hf.headerField.generation_location);
                                    log("*** " & testcasename() & ": FAIL: Invalid location");
                                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                                }
                            } else {
                                log("*** " & testcasename() & ": FAIL: IMPOSSIBLE!!! DENM generation location or certificate region restriction header field does not exist");
                                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                            }
                        }
                        // GN message doesn't contain generation location 
                        [] geoNetworkingPort.receive(
                            mw_geoNwInd(
                                mw_geoNwSecPdu(
                                    mdw_securedMessage_Others
                        ))) -> value v_geoNwInd {
                            var HeaderField v_hf;
                            
                            tc_ac.stop;
                            
                            // Check that generation location is not present
                            f_getMsgHeaderField(v_geoNwInd.msgIn.gnPacket.securedMsg, e_generation_location, v_hf);
                            if (not isbound(v_hf)) {
                                log("*** " & testcasename() & ": FAIL: DENM doesn't contain generation location header");
                                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                            }
                        }
                        // GN signing certificate doesn't contains region restriction 
                        [] geoNetworkingPort.receive(
                            mw_geoNwInd(
                                mw_geoNwSecPdu(
                                    mdw_securedMessage_Others(
                                        mw_header_field_signer_info_certificate(
                                            mw_certificate(
                                                ?,
                                                ?,
                                                ?, 
                                                { } // GN signing certificate doesn't contains region restriction
                        )))))) {
                            tc_ac.stop;
                            log("*** " & testcasename() & ": INCONC: DENM certificate doesn't contain region restriction");
                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                        }
                        [] tc_ac.timeout {
                            log("*** " & testcasename() & ": INCONC: Expected DENM not received ***");
                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
                        }
                    } // End of 'alt' statement
                } // End of function f_TC_SEC_ITSS_SND_GENMSG_05_BV 
                
            } // End of group f_TC_SEC_ITSS_SND_GENMSG_05_xx
            
            /**
garciay's avatar
garciay committed
             * @desc        Check that the secured message contains of type signed, signed_external or signed_and_encrypted 
             * Pics Selection: PICS_GN_SECURITY and PICS_ITS_AID_OTHER_PROFILE
             * Config Id: CF01
             * Initial conditions:
             * with {
             *     the IUT being in the 'authorized' state
             * }
             * Expected results:
             * ensure that {
             *     when {
             *         the IUT is requested to send a Beacon
             *     } then {
             *         the IUT sends a SecuredMessage {
garciay's avatar
garciay committed
             *             containing payload_fields
             *                 containing exactly one element of type Payload
             *                     containing type
garciay's avatar
garciay committed
             *                         indicating 'signed' or 'signed_external' or 'signed_and_encrypted'
garciay's avatar
garciay committed
             * @see          ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_GENMSG_06_01_BV
garciay's avatar
garciay committed
             * @reference    ETSI TS 103 097 [1], clause 7.3
            testcase TC_SEC_ITSS_SND_GENMSG_06_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
                
                // Local variables
                var LongPosVector v_longPosVectorIut;
                
                // Test adapter configuration
                if (not(PICS_GN_SECURITY) or not(PICS_ITS_AID_OTHER_PROFILE)) {
                    log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_ITS_AID_OTHER_PROFILE' required for executing the TC ***");
                    stop;
                }
                
                // Test component configuration
                f_cf01Up();
                v_longPosVectorIut := f_getPosition(c_compIut);
                
                // Test adapter configuration
                
                // Preamble
                f_prNeighbour();
                f_acTriggerEvent(m_startPassBeaconing(m_beaconHeader(v_longPosVectorIut).beaconHeader)); // Authorize the TA to forward the received beacons
garciay's avatar
garciay committed
                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
                
                // Test Body
                tc_ac.start;
                alt {
                    [] geoNetworkingPort.receive(
                        mw_geoNwInd(
                            mw_geoNwSecPdu(
                                mdw_securedMessage_Others(
                                    ?, 
                                    mw_payload(
                                        e_signed
                                    ) 
                                ),
                                mw_geoNwBeaconPacket(
                                    ?
                    )))) { 
                        log("*** " & testcasename() & ": PASS: Beacon payload is 'signed'");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                    }
                    [] geoNetworkingPort.receive(
                        mw_geoNwInd(
                            mw_geoNwSecPdu(
                                mdw_securedMessage_Others(
                                    ?, 
garciay's avatar
garciay committed
                                    mw_payload(
                                        e_signed_external
                                    ) 
                                ),
                                mw_geoNwBeaconPacket(
                                    ?
                    )))) { 
garciay's avatar
garciay committed
                        log("*** " & testcasename() & ": PASS: Beacon payload is 'e_signed_external'");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                    }
                    [] geoNetworkingPort.receive(
                        mw_geoNwInd(
                            mw_geoNwSecPdu(
                                mdw_securedMessage_Others(
                                    ?, 
                                    mw_payload(
garciay's avatar
garciay committed
                                        e_signed_and_encrypted
                                    ) 
                                ),
                                mw_geoNwBeaconPacket(
                                    ?
                    )))) { 
                        log("*** " & testcasename() & ": PASS: Beacon payload is 'e_signed_and_encrypted'");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                    }
                    [] geoNetworkingPort.receive(
                        mw_geoNwInd(
                            mw_geoNwSecPdu(
                                mdw_securedMessage_Others(
                                    ?, 
                                    mw_payload
                                ),
                                mw_geoNwBeaconPacket(
                                    ?
                    )))) { 
garciay's avatar
garciay committed
                        log("*** " & testcasename() & ": FAIL: Beacon payload is not signed, signed_external or signed_and_encrypted");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                    }
                    [] tc_ac.timeout {
                        log("*** " & testcasename() & ": INCONC: Expected Message not received ***");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
                    }
                } // End of 'alt' statement
                
                // Postamble
                f_acTriggerEvent(m_stopPassBeaconing);
                f_poNeighbour();
                f_cf01Down();
            } // End of testcase TC_SEC_ITSS_SND_GENMSG_06_01_BV
garciay's avatar
garciay committed
             * @desc   Check that the secured GN Message contains only one TrailerField of type signature ;
             *         Check that the signature contained in the SecuredMessage is calculated over the right fields by 
             *         cryptographically verifying the signature 
             * Pics Selection: PICS_GN_SECURITY and PICS_ITS_AID_OTHER_PROFILE
             * Config Id: CF01
             * Initial conditions:
             * with {
             *   the IUT being in the 'authorized' state
             * }
             * ensure that {
             *   when {
             *     the IUT is requested to send Beacon
             *   } then {
garciay's avatar
garciay committed
             *     the IUT sends a SecuredMessage
             *         containing header_fields ['signer_info']
             *             containing signer
             *                 containing type
             *                     indicating 'certificate'
             *             and containing certificate
             *                 indicating CERT
             *         and containing trailer_fields['signature']
             *             containing signature
             *                 verifiable using CERT.subject_attributes['verification_key'] 
garciay's avatar
garciay committed
             * @see          ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_GENMSG_07_01_BV
garciay's avatar
garciay committed
             * @reference    ETSI TS 103 097 [1], clause 7.3
            testcase TC_SEC_ITSS_SND_GENMSG_07_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
                
                //  Local variables
                var LongPosVector v_longPosVectorIut;
                var GeoNetworkingInd v_geoNwInd;
                var SignerInfo v_signerInfo;
                
                // Test adapter configuration
                if (not(PICS_GN_SECURITY) or not(PICS_ITS_AID_OTHER_PROFILE)) {
                    log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_ITS_AID_OTHER_PROFILE' required for executing the TC ***");
                    stop;
                }
                
garciay's avatar
garciay committed
                // Test component configuration
                f_cf01Up();
                v_longPosVectorIut := f_getPosition(c_compIut);
                
                // Test adapter configuration
                
                // Preamble
                f_prNeighbour();
                f_acTriggerEvent(m_startPassBeaconing(m_beaconHeader(v_longPosVectorIut).beaconHeader)); // Authorize the TA to forward the received beacons
                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
                    
                // Test Body
                tc_ac.start;
                alt {
                    [] geoNetworkingPort.receive(
                        mw_geoNwInd(
                            mw_geoNwSecPdu(
                                mdw_securedMessage_Others(
                                    mw_header_field_signer_info_certificate
                    )))) -> value v_geoNwInd { 
                        tc_ac.stop;
                        log("*** " & testcasename() & ": INFO: Beacon message with certificate received ***");
                        f_getMsgSignerInfo(v_geoNwInd.msgIn.gnPacket.securedMsg, v_signerInfo);
                        
                        if (f_verifyGnSecuredMessageSignatureWithCertificate(v_geoNwInd.msgIn.gnPacket.securedMsg, v_signerInfo.signerInfo.certificate) == false) {
                            log("*** " & testcasename() & ": FAIL: Beacon received with invalide signature");
                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                        }
                    }
                    [] geoNetworkingPort.receive(
                        mw_geoNwInd(
                            mw_geoNwSecPdu(
                                mdw_securedMessage_Others
                    ))) { 
                        tc_ac.stop;
                        log("*** " & testcasename() & ": FAIL: Beacon message without certificate received");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                    }
                    [] tc_ac.timeout {
                        log("*** " & testcasename() & ": INCONC: Expected GN Message not received");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
                    }
                } // End of 'alt' statement
                log("*** " & testcasename() & ": PASS: GN Message received with correct signature");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                
                // Postamble
                f_acTriggerEvent(m_stopPassBeaconing);
                f_poNeighbour();
                f_cf01Down();
            } // End of testcase TC_SEC_ITSS_SND_DENM_07_01_BV
garciay's avatar
garciay committed
        } // End of group sendOtherProfile
garciay's avatar
garciay committed
        /**
         * @desc Sending behaviour test cases for certificates profile
         * @see ETSI TS 103 096-2 V1.2.2 (2016-01) Clause 5.2.7 Profiles for certificates
         */
        group sendCertificatesProfile {
garciay's avatar
garciay committed
             * @desc    Check that AT certificate has version 2
             * Pics Selection: PICS_GN_SECURITY
             * Config Id: CF01
             * Initial conditions:
garciay's avatar
garciay committed
             * with {
             *   the IUT being in the 'authorized' state
             *   the IUT being requested to include certificate in the next CAM
             * }
             * Expected Behaviour:
             * ensure that {
             *    when {
             *     the IUT is requested to send a CAM
             *   } then {
             *     the IUT sends a SecuredMessage
             *         containing header_fields['signer_info'].signer
             *             containing type
             *                 indicating certificate
             *             containing certificate
             *                 containing version
             *                     indicating '2'
             *   }
             * }
garciay's avatar
garciay committed
             * @see         ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_01_01_BV
garciay's avatar
garciay committed
             * @reference   ETSI TS 103 097 [1], clauses 6.1 and 7.4.1
garciay's avatar
garciay committed
            testcase TC_SEC_ITSS_SND_CERT_01_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
                // Local variables
garciay's avatar
garciay committed
                // Test control
                if (not(PICS_GN_SECURITY)) {
                    log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
                    stop;
                }
garciay's avatar
garciay committed
                // Test component configuration
garciay's avatar
garciay committed
                    
                // Test adapter configuration
garciay's avatar
garciay committed
                    
                // Preamble
                f_prNeighbour();
                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
                
                // Test Body
garciay's avatar
garciay committed
                tc_ac.start;
                alt {
                    [] geoNetworkingPort.receive(
                        mw_geoNwInd(
                            mw_geoNwSecPdu(
                                mdw_securedMessage(
                                    superset(
                                        mw_header_field_signer_info_certificate(
                                            mw_certificate(
                    ))))))) {
                        tc_ac.stop;
                        log("*** " & testcasename() & ": PASS: AT Certificate version set to " & int2char(c_certificate_version) & " ***");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                    }
                    [] geoNetworkingPort.receive(
                        mw_geoNwInd(
                            mw_geoNwSecPdu(
                                mdw_securedMessage(
                                    superset(
                                        mw_header_field_signer_info_certificate(
                                            ?
                    )))))) {
                        tc_ac.stop;
                        log("*** " & testcasename() & ": FAIL: AT Certificate version mismatch ***");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                    }
                    [] tc_ac.timeout {
                        log("*** " & testcasename() & ": INCONC: Expected message not received ***");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
                    }
                } // End of 'alt' statement
                
                // Postamble
                f_poNeighbour();
                f_cf01Down();
garciay's avatar
garciay committed
            } // End of testcase TC_SEC_ITSS_SND_CERT_01_01_BV
garciay's avatar
garciay committed
             * @desc    Check that AA certificate has version 2
garciay's avatar
garciay committed
             * Pics Selection: PICS_GN_SECURITY
             * Config Id: CF01
             * Initial conditions:
garciay's avatar
garciay committed
             * with {
             *   the IUT being in the 'authorized' state
             *      the IUT being requested to include certificate chain in the next CAM
             * }
             * Expected Behaviour:
             * ensure that {
             *    when {
             *     the IUT is requested to send a CAM
             *   } then {
             *     the IUT sends a SecuredMessage
             *         containing header_fields['signer_info'].signer
             *             containing type
garciay's avatar
garciay committed
             *                 indicating 'certificate_chain'
garciay's avatar
garciay committed
             *             and containing certificates
             *                 indicating length > 0
             *                 and containing certificates[n] (0..N)
             *                     containing version
             *                         indicating '2'
             *   }
             * }
garciay's avatar
garciay committed
             * @see         ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_01_02_BV
garciay's avatar
garciay committed
             * @reference   ETSI TS 103 097 [1], clauses 6.1 and 7.4.1
garciay's avatar
garciay committed
            testcase TC_SEC_ITSS_SND_CERT_01_02_BV() runs on ItsGeoNetworking system ItsSecSystem {
                // Local variables
garciay's avatar
garciay committed
                var SecuredMessage v_recv;
                var Certificate v_cert;
                var SignerInfo v_si;
                var HashedId8 v_digest;
garciay's avatar
garciay committed
                // Test control
                if (not(PICS_GN_SECURITY)) {
                    log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
                    stop;
                }
garciay's avatar
garciay committed
                    
                // Test component configuration
garciay's avatar
garciay committed
                    
                // Test adapter configuration
garciay's avatar
garciay committed
                    
                // Preamble
                f_prNeighbour();
                
garciay's avatar
garciay committed
                // Wait for the message with the certificate to retrieve the AA digest.
                // Ask for the chain, containing AT and AA certificate
                // Check AA Certificate
                log("*** " & testcasename() & ": INFO: Wait for certificate and ask for certificate chain  ***");
                tc_ac.start;
                f_askForCertificateChain(f_generateDefaultCam());
                tc_ac.stop;
                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
garciay's avatar
garciay committed
                // Test Body
                tc_ac.start;
                alt {
                    [] geoNetworkingPort.receive(
                        mw_geoNwInd(
                            mw_geoNwSecPdu(
                                mdw_securedMessage(
                                    superset(
                                        mw_header_field_signer_info_certificate_chain(
                                            superset(
                                                mw_aa_certificate
                    ))))))) {
garciay's avatar
garciay committed
                        tc_ac.stop;
                        log("*** " & testcasename() & ": PASS: AA certificate version set to " & int2char(c_certificate_version) & " ***");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                    }
                    [] geoNetworkingPort.receive(
                        mw_geoNwInd(
                            mw_geoNwSecPdu(
                                mdw_securedMessage(
                                    superset(
                                        mw_header_field_signer_info_certificate_chain
                    ))))) {
                        tc_ac.stop;
                        log("*** " & testcasename() & ": FAIL: AA certificate version mismatch or no AA cert received***");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                    }
                    [] tc_ac.timeout {
                        log("*** " & testcasename() & ": INCONC: Expected message not received ***");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
                    }
                } // End of 'alt' statement
                
                // Postamble
                f_poNeighbour();
                f_cf01Down();
garciay's avatar
garciay committed
                
garciay's avatar
garciay committed
            } // End of testcase TC_SEC_ITSS_SND_CERT_01_02_BV
garciay's avatar
garciay committed
             * @desc    Check that the references in the certificate chain are valid
             *          Check that signer_info type of all certificates in the chain are 'certificate_digest_with_sha256', 
             *          'certificate_digest_with_other_algorithm' or 'self'
             * Pics Selection: PICS_GN_SECURITY
             * Config Id: CF01
             * Initial conditions:
garciay's avatar
garciay committed
             * with {
             *   the IUT being in the 'authorized' state
             *   the IUT being requested to include certificate chain in the next CAM
             * } ensure that {
             *    when {
             *     the IUT is requested to send a CAM
             *   } then {
             *     the IUT sends a SecuredMessage
             *         containing header_fields['signer_info'].signer
             *             containing type
garciay's avatar
garciay committed
             *                 indicating 'certificate_chain'
garciay's avatar
garciay committed
             *             and containing certificates
             *                 indicating length > 0
             *             and containing certificates[0]
             *                 containing signer_info
             *                     containing type
             *                         indicating 'certificate_digest_with_sha256'
             *                         or indicating 'certificate_digest_with_other_algorythm'
             *                     and containing digest
             *                         referenced to the trusted certificate
             *                 or containing signer_info
             *                     containing type
             *                         indicating 'self'
             *             and containing certificates[n] (1..N)
             *                 containing signer_info
             *                     containing type
             *                         indicating 'certificate_digest_with_sha256'
             *                         or indicating 'certificate_digest_with_other_algorythm'
             *                     and containing digest
             *                         referenced to the certificates[n-1]
             * }
garciay's avatar
garciay committed
             * @see         ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_02_01_BV
garciay's avatar
garciay committed
             * @reference   ETSI TS 103 097 [1], clause 4.2.10, 6.1 and 7.4.1
garciay's avatar
garciay committed
            testcase TC_SEC_ITSS_SND_CERT_02_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
garciay's avatar
garciay committed
                // Local declarations
                var CertificateChain v_chain;
                var SignerInfo v_si;
                var HashedId8 v_digest;
garciay's avatar
garciay committed
                // Test control
                if (not(PICS_GN_SECURITY)) {
                    log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
                    stop;
                }
garciay's avatar
garciay committed
                
garciay's avatar
garciay committed
                // Test component configuration
garciay's avatar
garciay committed
                    
                // Test adapter configuration
garciay's avatar
garciay committed
                    
                // Preamble
                f_prNeighbour();
                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
                
garciay's avatar
garciay committed
                log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain  ***");
                tc_ac.start;
                if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) {
                    log("*** " & testcasename() & ": INCONC: Expected message not received ***");
                    f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
garciay's avatar
garciay committed
                tc_ac.stop;
                
                // Test Body
                for (var integer v_counter := lengthof(v_chain) - 1; v_counter > 1; v_counter := v_counter - 1) { // Loop on []N-1..1]
                    if (not f_getCertificateSignerInfo(v_chain[v_counter], v_si)) {
                        log("*** " & testcasename() & ": FAIL: Certificate[ " & int2str(v_counter) & "] doesn't contain signer info ***");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                    }
                    if (not match(v_si.type_, e_certificate_digest_with_sha256)) {
                    	if (not match(v_si.type_, e_certificate_digest_with_other_algorithm) or PICS_PLUGTEST_VERSION) {
                        	log("*** " & testcasename() & ": FAIL: Certificate is not signed with digest ***");
	                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                    	}
garciay's avatar
garciay committed
                    }
                    // signer_info.type indicates 'certificate_digest_with_sha256' or 'certificate_digest_with_other_algorythm'
                    
                    v_digest := f_calculateDigestFromCertificate(v_chain[v_counter - 1]);
                    if (not match (v_si.signerInfo.digest, v_digest)) {
                        log("*** " & testcasename() & ": FAIL: Certificate chain is not valid ***");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                    }
                } // End of 'for' statement
                // Process certificate[0]
                if (not f_getCertificateSignerInfo(v_chain[0], v_si)) {
                    log("*** " & testcasename() & ": FAIL: Certificate[0] doesn't contain signer info ***");
                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
garciay's avatar
garciay committed
                // Process certificate[0]
                if (not match (v_si.type_, e_certificate_digest_with_sha256)) {
                    log("*** " & testcasename() & ": FAIL: Certificate[0] is not signed with digest ***");
                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                }
garciay's avatar
garciay committed
                // signer_info.type indicates 'certificate_digest_with_sha256' only
                log("*** " & testcasename() & ": PASS: Certificate chain is well signed ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                
                // Postamble
                f_poNeighbour();
                f_cf01Down();
garciay's avatar
garciay committed
                
garciay's avatar
garciay committed
            } // End of testcase TC_SEC_ITSS_SND_CERT_02_01_BV
garciay's avatar
garciay committed
             * @desc Check that the rectangular region validity restriction of the message signing certificate 
             *       contains not more than six valid rectangles; 
             *       Check that the rectangular region validity restriction of the message signing certificate is 
             *       continuous and does not contain any holes 
garciay's avatar
garciay committed
             * Pics Selection: PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_RECTANGULAR_REGION
             * Config Id: CF01
garciay's avatar
garciay committed
             * with {
             *   the IUT being in the 'authorized' state
             *   the IUT being requested to include certificate in the next CAM
             * } ensure that {
             *    when {
             *     the IUT is requested to send a CAM
             *   } then {
             *     the IUT sends a SecuredMessage
             *         containing header_fields['signer_info'].signer
             *             containing type
             *                 indicating 'certificate'
             *             containing certificate
             *                 containing validity_restrictions['region']
             *                     containing region_type
             *                         indicating 'rectangle'
             *                     and containing rectangular_region
             *                         indicating length <= 6
             *                         and containing elements of type RectangularRegion
             *                             indicating continuous region without holes
             *                             and containing northwest and southeast
             *                                 indicating northwest is on the north from southeast
             *   }
             * }
             * @remark Certificate: cc_taCert_C