Skip to content
GitLab
Find file Normal viewHistoryPermalink
ItsPki_TestCases.ttcn 515 KB
Newer Older
YannGarcia's avatar
Implement additional BI test purposes proposal  
YannGarcia committed
5001 5002 5003 5004 5005 5006 5007 5008 5009 5010 5011 5012 5013 5014 5015 5016 5017 5018 5019 5020 5021 5022 5023 5024 5025 5026 5027 5028 5029 5030 5031 5032 5033 5034 5035 5036 5037 5038 5039 5040 5041 5042 5043 5044 5045 5046 5047 5048 5049 5050 5051 5052 5053 5054 5055 5056 5057 5058 5059 5060 5061 5062 
                                                              in Oct16 p_authentication_vector,
                                                              in Oct32 p_request_hash,
                                                              out InnerAtResponse p_inner_at_response,
                                                              //TODO out EtsiTs103097Data p_authorization_validation_response,
                                                              out integer p_result
                                                              ) runs on ItsPkiHttp {
          // Local variables
          var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
          var EtsiTs102941Data v_etsi_ts_102941_data;
          var Oct16 v_aes_enc_key;
          var InnerEcResponse v_inner_ec_response;
          
          log(">>> f_verify_http_at_response_from_iut_atv_error: p_inner_at_request= ", p_inner_at_request);
          log(">>> f_verify_http_at_response_from_iut_atv_error: p_response= ", p_response);
          log(">>> f_verify_http_at_response_from_iut_atv_error: p_private_key= ", p_private_key);
          log(">>> f_verify_http_at_response_from_iut_atv_error: p_aes_sym_key= ", p_aes_sym_key);
          log(">>> f_verify_http_at_response_from_iut_atv_error: p_authentication_vector= ", p_authentication_vector);
          log(">>> f_verify_http_at_response_from_iut_atv_error: p_request_hash= ", p_request_hash);
          
          p_result := 0;
          
          if (f_verify_pki_response_message(p_private_key, p_aes_sym_key, p_authentication_vector, vc_eaWholeHash, p_response.body.binary_body.ieee1609dot2_data, true, 1, v_etsi_ts_102941_data) == false) {
            // Set verdict
            p_result := -1;
          } else {
            log("f_verify_http_at_response_from_iut_atv_error: Receive ", v_etsi_ts_102941_data);
            log(match(v_etsi_ts_102941_data.content, mw_authorizationValidationResponse(mw_authorizationValidationResponse_ko(substr(p_request_hash, 0, 16))))); // TODO In TITAN, this is the only way to get the unmatching in log
            if (match(v_etsi_ts_102941_data.content, mw_authorizationValidationResponse(mw_authorizationValidationResponse_ko(substr(p_request_hash, 0, 16)))) == false) { 
              // Set verdict
              p_result := -2;
            } else {
              // TODO Refined expected mw_signature_ecdsaNistP256
              log("f_verify_http_at_response_from_iut_atv_error: Well-formatted error response received");
            }
          }
          
          log("<<< f_verify_http_at_response_from_iut_atv_error: p_result: ", p_result);
        } // End of function f_verify_http_at_response_from_iut_atv_error
        
      } // End of group atv_helpers
      
      /**
       * @desc The AuthorizationValidationResponse message shall be sent by the EA to the AA across the interface 
       *       at reference point S4 in response to a received AuthorizationValidationRequest message
       * <pre>
       * Pics Selection: PICS_IUT_EA_ROLE
       * Initial conditions: 
       *     with {
       *         the IUT being in the "operational state"
       *     }
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives a AuthorizationValidationRequest message
       *         }
       *         then {
       *             the IUT sends a AuthorizationValidationResponse message
       *                 across the reference point S4 to the AA
       *         }
       *     }
       * </pre>
       *
YannGarcia's avatar
Add TC_RCA_CTLGEN_01_BV  
YannGarcia committed
5063 
       * @see       ETSI TS 103 525-2 TP SECPKI_EA_AUTHVAL_RCV_01_BV
YannGarcia's avatar
Implement additional BI test purposes proposal  
YannGarcia committed
5064 5065 5066 5067 5068 5069 5070 5071 5072 5073 5074 5075 5076 5077 5078 5079 5080 5081 5082 5083 5084 5085 5086 5087 5088 5089 5090 5091 5092 5093 5094 5095 5096 5097 5098 5099 5100 5101 5102 5103 5104 5105 5106 5107 5108 5109 5110 5111 5112 5113 5114 
       * @reference ETSI TS 102 941, clause 6.2.3.4
       */
      testcase TC_SECPKI_EA_AUTHVAL_RCV_01_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
        // Local variables
        var Oct32 v_private_key_ec;
        var Oct32 v_public_compressed_key_ec;
        var integer v_compressed_key_mode_ec;
        var InnerEcResponse v_inner_ec_response;
        var Oct32 v_private_key_at;
        var Oct32 v_public_compressed_key_at;
        var integer v_compressed_key_mode_at;
        var Oct32 v_private_enc_key_at;
        var Oct32 v_public_compressed_enc_key_at;
        var integer v_compressed_enc_mode_at;
        var InnerAtRequest v_inner_at_request;
        var Oct32 v_request_hash;
        var Oct16 v_encrypted_sym_key;
        var Oct16 v_aes_sym_key;
        var HashedId8 v_aes_sym_key_hashed_id8;
        var Oct16 v_authentication_vector;
        var Oct12 v_nonce;
        var octetstring v_salt;
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
        var HeaderLines v_headers;
        var HttpMessage v_response;
        var EtsiTs102941Data v_etsi_ts_102941_data;
        
        // Test control
        if (not PICS_IUT_EA_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);
        
        // Test adapter configuration
        
        // Preamble
        // Trigger an enrolment request
        if (f_await_http_inner_ec_request_response(v_private_key_ec, v_public_compressed_key_ec, v_compressed_key_mode_ec, v_inner_ec_response) == false) {
          log("*** " & testcasename() & ": INCONC: Enrolment failed ***");
          f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
        } else {
          log("*** " & testcasename() & ": INFO: Enrolment succeed ***");
          f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
        }
        log("*** " & testcasename() & ": DEBUG: v_inner_ec_response= ", v_inner_ec_response);
        log("*** " & testcasename() & ": DEBUG: v_private_key_ec= ", v_private_key_ec);
        // Generate an InnerAtRequest
YannGarcia's avatar
Update after ETSI ITS CMS-7  
YannGarcia committed
5115 
        if (f_generate_inner_at_request(vc_aaCertificate, -, vc_aaHashedId8, vc_eaCertificate, vc_eaWholeHash/*salt*/, vc_eaHashedId8, v_inner_ec_response.certificate, v_private_key_ec, v_private_key_at, v_public_compressed_key_at, v_compressed_key_mode_at, v_private_enc_key_at, v_public_compressed_enc_key_at, v_compressed_enc_mode_at, v_inner_at_request) == false) {
YannGarcia's avatar
Implement additional BI test purposes proposal  
YannGarcia committed
5116 5117 5118 5119 5120 5121 5122 5123 5124 5125 5126 5127 5128 5129 5130 5131 5132 5133 5134 5135 5136 5137 5138 5139 5140 5141 5142 5143 5144 5145 5146 5147 5148 5149 5150 5151 5152 5153 5154 5155 5156 5157 5158 5159 5160 5161 5162 5163 5164 5165 5166 5167 5168 5169 5170 5171 5172 5173 5174 5175 5176 5177 5178 5179 5180 5181 5182 5183 5184 5185 5186 5187 5188 5189 5190 5191 5192 5193 5194 5195 5196 5197 5198 
          log("*** " & testcasename() & ": ERROR: Failed to generate AuthorizationValidationRequest ***");
          f_selfOrClientSyncAndVerdict("error", e_error);
        }
        log("*** " & testcasename() & ": DEBUG: v_inner_at_request= ", v_inner_at_request);
        log("*** " & testcasename() & ": DEBUG: v_private_key_at= ", v_private_key_at);
        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
        
        // Test Body
        f_http_build_authorization_validation_request(v_inner_at_request, v_public_compressed_key_at, v_compressed_key_mode_at, v_private_enc_key_at, v_public_compressed_enc_key_at, v_compressed_enc_mode_at, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
        v_aes_sym_key_hashed_id8 := f_HashedId8FromSha256(f_hashWithSha256('80'O & v_aes_sym_key)); // Used to macth the response
        f_init_default_headers_list(-, "inner_atv_request", v_headers);
        f_http_send(
                    v_headers,
                    m_http_request(
                                   m_http_request_post(
                                                       PICS_HTTP_POST_URI_ATV,
                                                       v_headers,
                                                       m_http_message_body_binary(
                                                                                  m_binary_body_ieee1609dot2_data(
                                                                                                                  v_ieee1609dot2_signed_and_encrypted_data
                                                                                                                  )))));
        tc_ac.start;
        alt {
          [] a_await_atv_http_response_from_iut(
                                                mw_http_response(
                                                                 mw_http_response_ok(
                                                                                     mw_http_message_body_binary(
                                                                                                                 mw_binary_body_ieee1609dot2_data(
                                                                                                                                                  mw_authorizationResponseMessage(
                                                                                                                                                                                  mw_encryptedData(
                                                                                                                                                                                                   { *, mw_recipientInfo_pskRecipInfo(v_aes_sym_key_hashed_id8), * },
                                                                                                                                                                                                   mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                                                   )))))),
                                                v_response
                                                ) {
            var integer v_result;
            var InnerAtResponse v_inner_at_response;
            
            tc_ac.stop;
            
            f_verify_http_at_response_from_iut_atv(v_inner_at_request, v_response.response, v_private_key_at, v_aes_sym_key, v_authentication_vector, v_request_hash, v_inner_at_response, v_result);
            // Set verdict
            if (v_result == 0) {
              log("*** " & testcasename() & ": PASS: Well-secured AT certificate received ***");
              f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
            } else {
              log("*** " & testcasename() & ": FAIL: Failed to verify AT response  ***");
              f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
            }
          }
          [] tc_ac.timeout {
            log("*** " & testcasename() & ": INCONC: Expected message not received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
          }
        } // End of 'alt' statement
        
        // Postamble
        f_cfHttpDown();
        
      } // End of testcase TC_SECPKI_EA_AUTHVAL_RCV_01_BV
      
      /**
       * @desc Check that EA doesn't accept Authorization Validation Request when 
       *       SharedAtRequest is signed with certificate without appropriate 
       *       permissions
       * <pre>
       * Pics Selection: PICS_IUT_EA_ROLE
       * Initial conditions: 
       *     with {
       *         the IUT being in the "operational state"
       *     }
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives a AuthorizationValidationRequest  message
       *         }
       *         then {
       *             the IUT sends a AuthorizationValidationResponse message
       *                 across the reference point S4 to the AA
       *         }
       *     }
       * </pre>
       *
YannGarcia's avatar
Add TC_RCA_CTLGEN_01_BV  
YannGarcia committed
5199 
       * @see       ETSI TS 103 525-2 TP SECPKI_EA_AUTHVAL_RCV_02_BI
YannGarcia's avatar
Implement additional BI test purposes proposal  
YannGarcia committed
5200 5201 5202 5203 5204 5205 5206 5207 5208 5209 5210 5211 5212 5213 5214 5215 5216 5217 5218 5219 5220 5221 5222 5223 5224 5225 5226 5227 5228 5229 5230 5231 5232 5233 5234 
       * @reference ETSI TS 102 941, clause B[5]
       */
      testcase TC_SECPKI_EA_AUTHVAL_RCV_02_BI() runs on ItsPkiHttp system ItsPkiHttpSystem {
        // Local variables
        var Oct32 v_private_key_ec;
        var Oct32 v_public_compressed_key_ec;
        var integer v_compressed_key_mode_ec;
        var InnerEcResponse v_inner_ec_response;
        var Oct32 v_private_key_at;
        var Oct32 v_public_compressed_key_at;
        var integer v_compressed_key_mode_at;
        var Oct32 v_private_enc_key_at;
        var Oct32 v_public_compressed_enc_key_at;
        var integer v_compressed_enc_mode_at;
        var InnerAtRequest v_inner_at_request;
        var Oct32 v_request_hash;
        var Oct16 v_encrypted_sym_key;
        var Oct16 v_aes_sym_key;
        var HashedId8 v_aes_sym_key_hashed_id8;
        var Oct16 v_authentication_vector;
        var Oct12 v_nonce;
        var octetstring v_salt;
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
        var HeaderLines v_headers;
        var HttpMessage v_response;
        var EtsiTs102941Data v_etsi_ts_102941_data;
        
        // Test control
        if (not PICS_IUT_EA_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
YannGarcia's avatar
ITS CMS-7 Plugtest bug fixes  
YannGarcia committed
5235 5236 
        //f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);
        f_cfHttpUp("CERT_TS_A_EA_AA_AUTHVAL_RCV_02_BI_01", PICS_TS_AA_CERTIFICATE_ID);
YannGarcia's avatar
Implement additional BI test purposes proposal  
YannGarcia committed
5237 5238 5239 5240 5241 5242 5243 5244 5245 5246 5247 5248 5249 5250 5251 
        
        // Test adapter configuration
        
        // Preamble
        // Trigger an enrolment request
        if (f_await_http_inner_ec_request_response(v_private_key_ec, v_public_compressed_key_ec, v_compressed_key_mode_ec, v_inner_ec_response) == false) {
          log("*** " & testcasename() & ": INCONC: Enrolment failed ***");
          f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
        } else {
          log("*** " & testcasename() & ": INFO: Enrolment succeed ***");
          f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
        }
        log("*** " & testcasename() & ": DEBUG: v_inner_ec_response= ", v_inner_ec_response);
        log("*** " & testcasename() & ": DEBUG: v_private_key_ec= ", v_private_key_ec);
        // Generate an InnerAtRequest
YannGarcia's avatar
Update after ETSI ITS CMS-7  
YannGarcia committed
5252 
        if (f_generate_inner_at_request(vc_aaCertificate, -, vc_aaHashedId8, vc_eaCertificate, vc_eaWholeHash/*salt*/, vc_eaHashedId8, v_inner_ec_response.certificate, v_private_key_ec, v_private_key_at, v_public_compressed_key_at, v_compressed_key_mode_at, v_private_enc_key_at, v_public_compressed_enc_key_at, v_compressed_enc_mode_at, v_inner_at_request) == false) {
YannGarcia's avatar
Implement additional BI test purposes proposal  
YannGarcia committed
5253 5254 5255 5256 5257 5258 5259 5260 5261 5262 5263 5264 5265 5266 5267 5268 5269 5270 5271 5272 5273 5274 5275 5276 5277 5278 5279 5280 5281 5282 5283 5284 5285 5286 5287 5288 5289 5290 5291 5292 5293 5294 5295 5296 5297 5298 5299 5300 5301 5302 5303 5304 5305 5306 5307 5308 5309 5310 5311 5312 5313 5314 5315 5316 5317 5318 5319 5320 5321 5322 5323 5324 5325 5326 5327 5328 5329 5330 5331 5332 5333 5334 5335 5336 5337 5338 5339 5340 5341 5342 5343 5344 5345 5346 5347 5348 5349 
          log("*** " & testcasename() & ": ERROR: Failed to generate AuthorizationValidationRequest ***");
          f_selfOrClientSyncAndVerdict("error", e_error);
        }
        log("*** " & testcasename() & ": DEBUG: v_inner_at_request= ", v_inner_at_request);
        log("*** " & testcasename() & ": DEBUG: v_private_key_at= ", v_private_key_at);
        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
        
        // Test Body
        f_http_build_authorization_validation_request(v_inner_at_request, v_public_compressed_key_at, v_compressed_key_mode_at, v_private_enc_key_at, v_public_compressed_enc_key_at, v_compressed_enc_mode_at, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
        v_aes_sym_key_hashed_id8 := f_HashedId8FromSha256(f_hashWithSha256('80'O & v_aes_sym_key)); // Used to macth the response
        f_init_default_headers_list(-, "inner_atv_request", v_headers);
        f_http_send(
                    v_headers,
                    m_http_request(
                                   m_http_request_post(
                                                       PICS_HTTP_POST_URI_ATV,
                                                       v_headers,
                                                       m_http_message_body_binary(
                                                                                  m_binary_body_ieee1609dot2_data(
                                                                                                                  v_ieee1609dot2_signed_and_encrypted_data
                                                                                                                  )))));
        tc_ac.start;
        alt {
          [] a_await_atv_http_response_from_iut(
                                                mw_http_response(
                                                                 mw_http_response_ok(
                                                                                     mw_http_message_body_binary(
                                                                                                                 mw_binary_body_ieee1609dot2_data(
                                                                                                                                                  mw_authorizationResponseMessage(
                                                                                                                                                                                  mw_encryptedData(
                                                                                                                                                                                                   { *, mw_recipientInfo_pskRecipInfo(v_aes_sym_key_hashed_id8), * },
                                                                                                                                                                                                   mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                                                   )))))),
                                                v_response
                                                ) {
            var integer v_result;
            var InnerAtResponse v_inner_at_response;
            
            tc_ac.stop;
            
            if (f_verify_pki_response_message(v_private_key_at, v_aes_sym_key, v_authentication_vector, vc_eaWholeHash, v_response.response.body.binary_body.ieee1609dot2_data, true, 1, v_etsi_ts_102941_data) == false) {
              log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***");
              f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
            } else {
              log(match(v_etsi_ts_102941_data, mw_etsiTs102941Data_inner_ec_response(mw_innerEcResponse_ko(substr(v_request_hash, 0, 16)))));
              if (match(v_etsi_ts_102941_data, mw_etsiTs102941Data_inner_ec_response(mw_innerEcResponse_ko(substr(v_request_hash, 0, 16)))) == false) {
                log("*** " & testcasename() & ": FAIL: Invalid InnerEcResponse received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
              } else {
                log("*** " & testcasename() & ": PASS: InnerEcResponse received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
              }
            }
          }
          [] tc_ac.timeout {
            log("*** " & testcasename() & ": INCONC: Expected message not received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
          }
        } // End of 'alt' statement
        
        // Postamble
        f_cfHttpDown();
        
      } // End of testcase TC_SECPKI_EA_AUTHVAL_RCV_02_BI
      
    } // End of group authorization_validation_request

    group authorization_validation_response {
      
      /**
       * @desc The EtsiTs103097Data-Encrypted is build with the component recipients containing one instance of RecipientInfo 
       *       of choice pskRecipInfo, which contains the HashedId8 of the symmetric key used by the ITS-S to encrypt the 
       *       AuthorizationRequest message to which the response is built and the component ciphertext containing the encrypted 
       *       representation of the EtsiTs103097Data-Signed. The encryption uses a ETSI TS 103 097 [3] approved algorithm.
       * <pre>
       * Pics Selection: PICS_IUT_EA_ROLE
       * Initial conditions: 
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives a AuthorizationValidationRequest message
       *                 containing encKey
       *                     containing the encrypted symmetric data encryption key (SYMKEY)
       *         }
       *         then {
       *             the IUT sends a AuthorizationValidationResponse message
       *                 containing EtsiTs103097Data-Encrypted
       *                     containing recipients
       *                         containing one instance of RecipientInfo of choice pskRecipInfo
       *                             indicating the HashedId8 of SYMKEY
       *                     and containing ciphertext
       *                         containing EtsiTs103097Data-Signed
       *                             being encrypted using SYMKEY and an ETSI TS 103 097 approved algorithm
       *         }
       *     }
       * </pre>
       *
YannGarcia's avatar
Add TC_RCA_CTLGEN_01_BV  
YannGarcia committed
5350 
       * @see       ETSI TS 103 525-2 TP SECPKI_EA_AUTHVAL_01_BV
YannGarcia's avatar
Implement additional BI test purposes proposal  
YannGarcia committed
5351 5352 5353 5354 5355 5356 5357 5358 5359 5360 5361 5362 5363 5364 5365 5366 5367 5368 5369 5370 5371 5372 5373 5374 5375 5376 5377 5378 5379 5380 5381 5382 5383 5384 5385 5386 5387 5388 5389 5390 5391 5392 5393 5394 5395 5396 5397 5398 5399 5400 5401 
       * @reference ETSI TS 102 941, clause 6.2.3.4.2
       */
      testcase TC_SECPKI_EA_AUTHVAL_01_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
        // Local variables
        var Oct32 v_private_key_ec;
        var Oct32 v_public_compressed_key_ec;
        var integer v_compressed_key_mode_ec;
        var InnerEcResponse v_inner_ec_response;
        var Oct32 v_private_key_at;
        var Oct32 v_public_compressed_key_at;
        var integer v_compressed_key_mode_at;
        var Oct32 v_private_enc_key_at;
        var Oct32 v_public_compressed_enc_key_at;
        var integer v_compressed_enc_mode_at;
        var InnerAtRequest v_inner_at_request;
        var Oct32 v_request_hash;
        var Oct16 v_encrypted_sym_key;
        var Oct16 v_aes_sym_key;
        var HashedId8 v_aes_sym_key_hashed_id8;
        var Oct16 v_authentication_vector;
        var Oct12 v_nonce;
        var octetstring v_salt;
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
        var HeaderLines v_headers;
        var HttpMessage v_response;
        var EtsiTs102941Data v_etsi_ts_102941_data;
        
        // Test control
        if (not PICS_IUT_EA_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);
        
        // Test adapter configuration
        
        // Preamble
        // Trigger an enrolment request
        if (f_await_http_inner_ec_request_response(v_private_key_ec, v_public_compressed_key_ec, v_compressed_key_mode_ec, v_inner_ec_response) == false) {
          log("*** " & testcasename() & ": INCONC: Enrolment failed ***");
          f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
        } else {
          log("*** " & testcasename() & ": INFO: Enrolment succeed ***");
          f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
        }
        log("*** " & testcasename() & ": DEBUG: v_inner_ec_response= ", v_inner_ec_response);
        log("*** " & testcasename() & ": DEBUG: v_private_key_ec= ", v_private_key_ec);
        // Generate an InnerAtRequest
YannGarcia's avatar
Update after ETSI ITS CMS-7  
YannGarcia committed
5402 
        if (f_generate_inner_at_request(vc_aaCertificate, -, vc_aaHashedId8, vc_eaCertificate, vc_eaWholeHash/*salt*/, vc_eaHashedId8, v_inner_ec_response.certificate, v_private_key_ec, v_private_key_at, v_public_compressed_key_at, v_compressed_key_mode_at, v_private_enc_key_at, v_public_compressed_enc_key_at, v_compressed_enc_mode_at, v_inner_at_request) == false) {
YannGarcia's avatar
Implement additional BI test purposes proposal  
YannGarcia committed
5403 5404 5405 5406 5407 5408 5409 5410 5411 5412 5413 5414 5415 5416 5417 5418 5419 5420 5421 5422 5423 5424 5425 5426 5427 5428 5429 5430 5431 5432 5433 5434 5435 5436 5437 5438 5439 5440 5441 5442 5443 5444 5445 5446 5447 5448 5449 5450 5451 5452 5453 5454 5455 5456 5457 5458 5459 5460 5461 5462 5463 5464 5465 5466 5467 5468 5469 5470 5471 5472 5473 5474 5475 5476 5477 5478 5479 5480 5481 5482 5483 
          log("*** " & testcasename() & ": ERROR: Failed to generate AuthorizationValidationRequest ***");
          f_selfOrClientSyncAndVerdict("error", e_error);
        }
        log("*** " & testcasename() & ": DEBUG: v_inner_at_request= ", v_inner_at_request);
        log("*** " & testcasename() & ": DEBUG: v_private_key_at= ", v_private_key_at);
        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
        
        // Test Body
        f_http_build_authorization_validation_request(v_inner_at_request, v_public_compressed_key_at, v_compressed_key_mode_at, v_private_enc_key_at, v_public_compressed_enc_key_at, v_compressed_enc_mode_at, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
        v_aes_sym_key_hashed_id8 := f_HashedId8FromSha256(f_hashWithSha256('80'O & v_aes_sym_key)); // Used to macth the response
        f_init_default_headers_list(-, "inner_atv_request", v_headers);
        f_http_send(
                    v_headers,
                    m_http_request(
                                   m_http_request_post(
                                                       PICS_HTTP_POST_URI_ATV,
                                                       v_headers,
                                                       m_http_message_body_binary(
                                                                                  m_binary_body_ieee1609dot2_data(
                                                                                                                  v_ieee1609dot2_signed_and_encrypted_data
                                                                                                                  )))));
        tc_ac.start;
        alt {
          [] a_await_atv_http_response_from_iut(
                                                mw_http_response(
                                                                 mw_http_response_ok(
                                                                                     mw_http_message_body_binary(
                                                                                                                 mw_binary_body_ieee1609dot2_data(
                                                                                                                                                  mw_authorizationResponseMessage(
                                                                                                                                                                                  mw_encryptedData(
                                                                                                                                                                                                   { *, mw_recipientInfo_pskRecipInfo(v_aes_sym_key_hashed_id8), * },
                                                                                                                                                                                                   mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                                                   )))))),
                                                v_response
                                                ) {
            var integer v_result;
            var InnerAtResponse v_inner_at_response;
            
            tc_ac.stop;
            
            f_verify_http_at_response_from_iut_atv(v_inner_at_request, v_response.response, v_private_key_at, v_aes_sym_key, v_authentication_vector, v_request_hash, v_inner_at_response, v_result);
            // Set verdict
            if (v_result == 0) {
              log("*** " & testcasename() & ": PASS: Well-secured AT certificate received ***");
              f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
            } else {
              log("*** " & testcasename() & ": FAIL: Failed to verify AT response  ***");
              f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
            }
          }
          [] tc_ac.timeout {
            log("*** " & testcasename() & ": INCONC: Expected message not received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
          }
        } // End of 'alt' statement
        
        // Postamble
        f_cfHttpDown();
        
      } // End of testcase TC_SECPKI_EA_AUTHVAL_01_BV
      
      /**
       * @desc To read an authorization validation response, the AA shall receive an EtsiTs103097Data-Encrypted structure, 
       *       containing a EtsiTs103097Data-Signed structure, containing a EtsiTs102941Data structure, containing an 
       *       AuthorizationValidationResponse structure.
       * <pre>
       * Pics Selection: PICS_IUT_EA_ROLE
       * Initial conditions: 
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives a AuthorizationValidationRequest message
       *         }
       *         then {
       *             the IUT sends a AuthorizationValidationResponse message
       *                 containing EtsiTs103097Data-Signed
       *                     containing AuthorizationValidationResponse
       *         }
       *     }
       * </pre>
       *
YannGarcia's avatar
Add TC_RCA_CTLGEN_01_BV  
YannGarcia committed
5484 
       * @see       ETSI TS 103 525-2 TP SECPKI_EA_AUTHVAL_02_BV
YannGarcia's avatar
Implement additional BI test purposes proposal  
YannGarcia committed
5485 5486 5487 5488 5489 5490 5491 5492 5493 5494 5495 5496 5497 5498 5499 5500 5501 5502 5503 5504 5505 5506 5507 5508 5509 5510 5511 5512 5513 5514 5515 5516 5517 5518 5519 5520 5521 5522 5523 5524 5525 5526 5527 5528 5529 5530 5531 5532 5533 5534 5535 
       * @reference ETSI TS 102 941, clause 6.2.3.4.2
       */
      testcase TC_SECPKI_EA_AUTHVAL_02_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
        // Local variables
        var Oct32 v_private_key_ec;
        var Oct32 v_public_compressed_key_ec;
        var integer v_compressed_key_mode_ec;
        var InnerEcResponse v_inner_ec_response;
        var Oct32 v_private_key_at;
        var Oct32 v_public_compressed_key_at;
        var integer v_compressed_key_mode_at;
        var Oct32 v_private_enc_key_at;
        var Oct32 v_public_compressed_enc_key_at;
        var integer v_compressed_enc_mode_at;
        var InnerAtRequest v_inner_at_request;
        var Oct32 v_request_hash;
        var Oct16 v_encrypted_sym_key;
        var Oct16 v_aes_sym_key;
        var HashedId8 v_aes_sym_key_hashed_id8;
        var Oct16 v_authentication_vector;
        var Oct12 v_nonce;
        var octetstring v_salt;
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
        var HeaderLines v_headers;
        var HttpMessage v_response;
        var EtsiTs102941Data v_etsi_ts_102941_data;
        
        // Test control
        if (not PICS_IUT_EA_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);
        
        // Test adapter configuration
        
        // Preamble
        // Trigger an enrolment request
        if (f_await_http_inner_ec_request_response(v_private_key_ec, v_public_compressed_key_ec, v_compressed_key_mode_ec, v_inner_ec_response) == false) {
          log("*** " & testcasename() & ": INCONC: Enrolment failed ***");
          f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
        } else {
          log("*** " & testcasename() & ": INFO: Enrolment succeed ***");
          f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
        }
        log("*** " & testcasename() & ": DEBUG: v_inner_ec_response= ", v_inner_ec_response);
        log("*** " & testcasename() & ": DEBUG: v_private_key_ec= ", v_private_key_ec);
        // Generate an InnerAtRequest
YannGarcia's avatar
Update after ETSI ITS CMS-7  
YannGarcia committed
5536 
        if (f_generate_inner_at_request(vc_aaCertificate, -, vc_aaHashedId8, vc_eaCertificate, vc_eaWholeHash/*salt*/, vc_eaHashedId8, v_inner_ec_response.certificate, v_private_key_ec, v_private_key_at, v_public_compressed_key_at, v_compressed_key_mode_at, v_private_enc_key_at, v_public_compressed_enc_key_at, v_compressed_enc_mode_at, v_inner_at_request) == false) {
YannGarcia's avatar
Implement additional BI test purposes proposal  
YannGarcia committed
5537 5538 5539 5540 5541 5542 5543 5544 5545 5546 5547 5548 5549 5550 5551 5552 5553 5554 5555 5556 5557 5558 5559 5560 5561 5562 5563 5564 5565 5566 5567 5568 5569 5570 5571 5572 5573 5574 5575 5576 5577 5578 5579 5580 5581 5582 5583 5584 5585 5586 5587 5588 5589 5590 5591 5592 5593 5594 5595 5596 5597 5598 5599 5600 5601 5602 5603 5604 5605 5606 5607 5608 5609 5610 5611 5612 5613 5614 5615 5616 5617 5618 5619 5620 5621 5622 
          log("*** " & testcasename() & ": ERROR: Failed to generate AuthorizationValidationRequest ***");
          f_selfOrClientSyncAndVerdict("error", e_error);
        }
        log("*** " & testcasename() & ": DEBUG: v_inner_at_request= ", v_inner_at_request);
        log("*** " & testcasename() & ": DEBUG: v_private_key_at= ", v_private_key_at);
        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
        
        // Test Body
        f_http_build_authorization_validation_request(v_inner_at_request, v_public_compressed_key_at, v_compressed_key_mode_at, v_private_enc_key_at, v_public_compressed_enc_key_at, v_compressed_enc_mode_at, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
        v_aes_sym_key_hashed_id8 := f_HashedId8FromSha256(f_hashWithSha256('80'O & v_aes_sym_key)); // Used to macth the response
        f_init_default_headers_list(-, "inner_atv_request", v_headers);
        f_http_send(
                    v_headers,
                    m_http_request(
                                   m_http_request_post(
                                                       PICS_HTTP_POST_URI_ATV,
                                                       v_headers,
                                                       m_http_message_body_binary(
                                                                                  m_binary_body_ieee1609dot2_data(
                                                                                                                  v_ieee1609dot2_signed_and_encrypted_data
                                                                                                                  )))));
        tc_ac.start;
        alt {
          [] a_await_atv_http_response_from_iut(
                                                mw_http_response(
                                                                 mw_http_response_ok(
                                                                                     mw_http_message_body_binary(
                                                                                                                 mw_binary_body_ieee1609dot2_data(
                                                                                                                                                  mw_authorizationResponseMessage(
                                                                                                                                                                                  mw_encryptedData(
                                                                                                                                                                                                   { *, mw_recipientInfo_pskRecipInfo(v_aes_sym_key_hashed_id8), * },
                                                                                                                                                                                                   mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                                                   )))))),
                                                v_response
                                                ) {
            var integer v_result;
            var InnerAtResponse v_inner_at_response;
            
            tc_ac.stop;
            
            f_verify_http_at_response_from_iut_atv(v_inner_at_request, v_response.response, v_private_key_at, v_aes_sym_key, v_authentication_vector, v_request_hash, v_inner_at_response, v_result);
            // Set verdict
            if (v_result == 0) {
              log("*** " & testcasename() & ": PASS: Well-secured ATV certificate received ***");
              f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
            } else {
              log("*** " & testcasename() & ": FAIL: Failed to verify ATV response  ***");
              f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
            }
          }
          [] tc_ac.timeout {
            log("*** " & testcasename() & ": INCONC: Expected message not received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
          }
        } // End of 'alt' statement
        
        // Postamble
        f_cfHttpDown();
        
      } // End of testcase TC_SECPKI_EA_AUTHVAL_02_BV
      
      /**
       * @desc The AuthorizationValidationResponse structure contains the requestHash being the left-most 16 octets of 
       *       the SHA256 digest of the EtsiTs103097Data-Signed structure received in the AuthorizationValidationRequest 
       *       and a responseCode.
       * <pre>
       * Pics Selection: PICS_IUT_EA_ROLE
       * Initial conditions: 
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives a AuthorizationValidationRequest message
       *                 containing EtsiTs103097Data-Signed structure (REQDSS)
       *         }
       *         then {
       *             the IUT sends a AuthorizationValidationResponse message
       *                 containing EtsiTs103097Data-Signed
       *                     containing EtsiTs102941Data
       *                         containing AuthorizationValidationResponse
       *                             containing requestHash
       *                                 indicating the left-most 16 octets of the SHA256 digest of REQDSS
       *                             and containing responseCode
       *         }
       *     }
       * </pre>
       *
YannGarcia's avatar
Add TC_RCA_CTLGEN_01_BV  
YannGarcia committed
5623 
       * @see       ETSI TS 103 525-2 TP SECPKI_EA_AUTHVAL_03_BV
YannGarcia's avatar
Implement additional BI test purposes proposal  
YannGarcia committed
5624 5625 5626 5627 5628 5629 5630 5631 5632 5633 5634 5635 5636 5637 5638 5639 5640 5641 5642 5643 5644 5645 5646 5647 5648 5649 5650 5651 5652 5653 5654 5655 5656 5657 5658 5659 5660 5661 5662 5663 5664 5665 5666 5667 5668 5669 5670 5671 5672 5673 5674 
       * @reference ETSI TS 102 941, clause 6.2.3.4.2
       */
      testcase TC_SECPKI_EA_AUTHVAL_03_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
        // Local variables
        var Oct32 v_private_key_ec;
        var Oct32 v_public_compressed_key_ec;
        var integer v_compressed_key_mode_ec;
        var InnerEcResponse v_inner_ec_response;
        var Oct32 v_private_key_at;
        var Oct32 v_public_compressed_key_at;
        var integer v_compressed_key_mode_at;
        var Oct32 v_private_enc_key_at;
        var Oct32 v_public_compressed_enc_key_at;
        var integer v_compressed_enc_mode_at;
        var InnerAtRequest v_inner_at_request;
        var Oct32 v_request_hash;
        var Oct16 v_encrypted_sym_key;
        var Oct16 v_aes_sym_key;
        var HashedId8 v_aes_sym_key_hashed_id8;
        var Oct16 v_authentication_vector;
        var Oct12 v_nonce;
        var octetstring v_salt;
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
        var HeaderLines v_headers;
        var HttpMessage v_response;
        var EtsiTs102941Data v_etsi_ts_102941_data;
        
        // Test control
        if (not PICS_IUT_EA_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);
        
        // Test adapter configuration
        
        // Preamble
        // Trigger an enrolment request
        if (f_await_http_inner_ec_request_response(v_private_key_ec, v_public_compressed_key_ec, v_compressed_key_mode_ec, v_inner_ec_response) == false) {
          log("*** " & testcasename() & ": INCONC: Enrolment failed ***");
          f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
        } else {
          log("*** " & testcasename() & ": INFO: Enrolment succeed ***");
          f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
        }
        log("*** " & testcasename() & ": DEBUG: v_inner_ec_response= ", v_inner_ec_response);
        log("*** " & testcasename() & ": DEBUG: v_private_key_ec= ", v_private_key_ec);
        // Generate an InnerAtRequest
YannGarcia's avatar
Update after ETSI ITS CMS-7  
YannGarcia committed
5675 
        if (f_generate_inner_at_request(vc_aaCertificate, -, vc_aaHashedId8, vc_eaCertificate, vc_eaWholeHash/*salt*/, vc_eaHashedId8, v_inner_ec_response.certificate, v_private_key_ec, v_private_key_at, v_public_compressed_key_at, v_compressed_key_mode_at, v_private_enc_key_at, v_public_compressed_enc_key_at, v_compressed_enc_mode_at, v_inner_at_request) == false) {
YannGarcia's avatar
Implement additional BI test purposes proposal  
YannGarcia committed
5676 5677 5678 5679 5680 5681 5682 5683 5684 5685 5686 5687 5688 5689 5690 5691 5692 5693 5694 5695 5696 5697 5698 5699 5700 5701 5702 5703 5704 5705 5706 5707 5708 5709 5710 5711 5712 5713 5714 5715 5716 5717 5718 5719 5720 5721 5722 5723 5724 5725 5726 5727 5728 5729 5730 5731 5732 5733 5734 5735 5736 5737 5738 5739 5740 5741 5742 5743 5744 5745 5746 5747 5748 5749 5750 5751 5752 5753 5754 5755 5756 5757 5758 5759 5760 5761 
          log("*** " & testcasename() & ": ERROR: Failed to generate AuthorizationValidationRequest ***");
          f_selfOrClientSyncAndVerdict("error", e_error);
        }
        log("*** " & testcasename() & ": DEBUG: v_inner_at_request= ", v_inner_at_request);
        log("*** " & testcasename() & ": DEBUG: v_private_key_at= ", v_private_key_at);
        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
        
        // Test Body
        f_http_build_authorization_validation_request(v_inner_at_request, v_public_compressed_key_at, v_compressed_key_mode_at, v_private_enc_key_at, v_public_compressed_enc_key_at, v_compressed_enc_mode_at, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
        v_aes_sym_key_hashed_id8 := f_HashedId8FromSha256(f_hashWithSha256('80'O & v_aes_sym_key)); // Used to macth the response
        f_init_default_headers_list(-, "inner_atv_request", v_headers);
        f_http_send(
                    v_headers,
                    m_http_request(
                                   m_http_request_post(
                                                       PICS_HTTP_POST_URI_ATV,
                                                       v_headers,
                                                       m_http_message_body_binary(
                                                                                  m_binary_body_ieee1609dot2_data(
                                                                                                                  v_ieee1609dot2_signed_and_encrypted_data
                                                                                                                  )))));
        tc_ac.start;
        alt {
          [] a_await_atv_http_response_from_iut(
                                                mw_http_response(
                                                                 mw_http_response_ok(
                                                                                     mw_http_message_body_binary(
                                                                                                                 mw_binary_body_ieee1609dot2_data(
                                                                                                                                                  mw_authorizationResponseMessage(
                                                                                                                                                                                  mw_encryptedData(
                                                                                                                                                                                                   { *, mw_recipientInfo_pskRecipInfo(v_aes_sym_key_hashed_id8), * },
                                                                                                                                                                                                   mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                                                   )))))),
                                                v_response
                                                ) {
            var integer v_result;
            var InnerAtResponse v_inner_at_response;
            
            tc_ac.stop;
            
            f_verify_http_at_response_from_iut_atv(v_inner_at_request, v_response.response, v_private_key_at, v_aes_sym_key, v_authentication_vector, v_request_hash, v_inner_at_response, v_result);
            // Set verdict
            if (v_result == 0) {
              log("*** " & testcasename() & ": PASS: Well-secured ATV certificate received ***");
              f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
            } else {
              log("*** " & testcasename() & ": FAIL: Failed to verify ATV response  ***");
              f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
            }
          }
          [] tc_ac.timeout {
            log("*** " & testcasename() & ": INCONC: Expected message not received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
          }
        } // End of 'alt' statement
        
        // Postamble
        f_cfHttpDown();
        
      } // End of testcase TC_SECPKI_EA_AUTHVAL_03_BV
      
      /**
       * @desc If the responseCode is 0, the AuthorizationValidationResponse structure contains the component 
       *       confirmedSubjectAttributes with the attributes the EA wishes to confirm, except for certIssuePermissions 
       *       which is not allowed to be present.
       * <pre>
       * Pics Selection: PICS_IUT_EA_ROLE
       * Initial conditions: 
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives a AuthorizationValidationRequest message
       *             and the IUT responds with a AuthorizationValidationResponse message
       *                 containing AuthorizationValidationResponse
       *                     containing responseCode
       *                         indicating 0
       *         }
       *         then {
       *             the IUT sends a AuthorizationValidationResponse message
       *                 contains an AuthorizationValidationResponse structure
       *                     containing confirmedSubjectAttributes
       *                         not containing certIssuePermissions
       *         }
       *     }
       * </pre>
       *
YannGarcia's avatar
Add TC_RCA_CTLGEN_01_BV  
YannGarcia committed
5762 
       * @see       ETSI TS 103 525-2 TP SECPKI_EA_AUTHVAL_04_BV
YannGarcia's avatar
Implement additional BI test purposes proposal  
YannGarcia committed
5763 5764 5765 5766 5767 5768 5769 5770 5771 5772 5773 5774 5775 5776 5777 5778 5779 5780 5781 5782 5783 5784 5785 5786 5787 5788 5789 5790 5791 5792 5793 5794 5795 5796 5797 5798 5799 5800 5801 5802 5803 5804 5805 5806 5807 5808 5809 5810 5811 5812 5813 
       * @reference ETSI TS 102 941, clause 6.2.3.4.2
       */
      testcase TC_SECPKI_EA_AUTHVAL_04_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
        // Local variables
        var Oct32 v_private_key_ec;
        var Oct32 v_public_compressed_key_ec;
        var integer v_compressed_key_mode_ec;
        var InnerEcResponse v_inner_ec_response;
        var Oct32 v_private_key_at;
        var Oct32 v_public_compressed_key_at;
        var integer v_compressed_key_mode_at;
        var Oct32 v_private_enc_key_at;
        var Oct32 v_public_compressed_enc_key_at;
        var integer v_compressed_enc_mode_at;
        var InnerAtRequest v_inner_at_request;
        var Oct32 v_request_hash;
        var Oct16 v_encrypted_sym_key;
        var Oct16 v_aes_sym_key;
        var HashedId8 v_aes_sym_key_hashed_id8;
        var Oct16 v_authentication_vector;
        var Oct12 v_nonce;
        var octetstring v_salt;
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
        var HeaderLines v_headers;
        var HttpMessage v_response;
        var EtsiTs102941Data v_etsi_ts_102941_data;
        
        // Test control
        if (not PICS_IUT_EA_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);
        
        // Test adapter configuration
        
        // Preamble
        // Trigger an enrolment request
        if (f_await_http_inner_ec_request_response(v_private_key_ec, v_public_compressed_key_ec, v_compressed_key_mode_ec, v_inner_ec_response) == false) {
          log("*** " & testcasename() & ": INCONC: Enrolment failed ***");
          f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
        } else {
          log("*** " & testcasename() & ": INFO: Enrolment succeed ***");
          f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
        }
        log("*** " & testcasename() & ": DEBUG: v_inner_ec_response= ", v_inner_ec_response);
        log("*** " & testcasename() & ": DEBUG: v_private_key_ec= ", v_private_key_ec);
        // Generate an InnerAtRequest
YannGarcia's avatar
Update after ETSI ITS CMS-7  
YannGarcia committed
5814 
        if (f_generate_inner_at_request(vc_aaCertificate, -, vc_aaHashedId8, vc_eaCertificate, vc_eaWholeHash/*salt*/, vc_eaHashedId8, v_inner_ec_response.certificate, v_private_key_ec, v_private_key_at, v_public_compressed_key_at, v_compressed_key_mode_at, v_private_enc_key_at, v_public_compressed_enc_key_at, v_compressed_enc_mode_at, v_inner_at_request) == false) {
YannGarcia's avatar
Implement additional BI test purposes proposal  
YannGarcia committed
5815 5816 5817 5818 5819 5820 5821 5822 5823 5824 5825 5826 5827 5828 5829 5830 5831 5832 5833 5834 5835 5836 5837 5838 5839 5840 5841 5842 5843 5844 5845 5846 5847 5848 5849 5850 5851 5852 5853 5854 5855 5856 5857 5858 5859 5860 5861 5862 5863 5864 5865 5866 5867 5868 5869 5870 5871 5872 5873 5874 5875 5876 5877 5878 5879 5880 5881 5882 5883 5884 5885 5886 5887 5888 5889 5890 5891 5892 5893 5894 5895 5896 5897 5898 
          log("*** " & testcasename() & ": ERROR: Failed to generate AuthorizationValidationRequest ***");
          f_selfOrClientSyncAndVerdict("error", e_error);
        }
        log("*** " & testcasename() & ": DEBUG: v_inner_at_request= ", v_inner_at_request);
        log("*** " & testcasename() & ": DEBUG: v_private_key_at= ", v_private_key_at);
        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
        
        // Test Body
        f_http_build_authorization_validation_request(v_inner_at_request, v_public_compressed_key_at, v_compressed_key_mode_at, v_private_enc_key_at, v_public_compressed_enc_key_at, v_compressed_enc_mode_at, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
        v_aes_sym_key_hashed_id8 := f_HashedId8FromSha256(f_hashWithSha256('80'O & v_aes_sym_key)); // Used to macth the response
        f_init_default_headers_list(-, "inner_atv_request", v_headers);
        f_http_send(
                    v_headers,
                    m_http_request(
                                   m_http_request_post(
                                                       PICS_HTTP_POST_URI_ATV,
                                                       v_headers,
                                                       m_http_message_body_binary(
                                                                                  m_binary_body_ieee1609dot2_data(
                                                                                                                  v_ieee1609dot2_signed_and_encrypted_data
                                                                                                                  )))));
        tc_ac.start;
        alt {
          [] a_await_atv_http_response_from_iut(
                                                mw_http_response(
                                                                 mw_http_response_ok(
                                                                                     mw_http_message_body_binary(
                                                                                                                 mw_binary_body_ieee1609dot2_data(
                                                                                                                                                  mw_authorizationResponseMessage(
                                                                                                                                                                                  mw_encryptedData(
                                                                                                                                                                                                   { *, mw_recipientInfo_pskRecipInfo(v_aes_sym_key_hashed_id8), * },
                                                                                                                                                                                                   mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                                                   )))))),
                                                v_response
                                                ) {
            var integer v_result;
            var InnerAtResponse v_inner_at_response;
            
            tc_ac.stop;
            
            f_verify_http_at_response_from_iut_atv(v_inner_at_request, v_response.response, v_private_key_at, v_aes_sym_key, v_authentication_vector, v_request_hash, v_inner_at_response, v_result);
            // Set verdict
            if (v_result == 0) {
              log("*** " & testcasename() & ": PASS: Well-secured ATV certificate received ***");
              f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
            } else {
              log("*** " & testcasename() & ": FAIL: Failed to verify ATV response  ***");
              f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
            }
          }
          [] tc_ac.timeout {
            log("*** " & testcasename() & ": INCONC: Expected message not received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
          }
        } // End of 'alt' statement
        
        // Postamble
        f_cfHttpDown();
        
      } // End of testcase TC_SECPKI_EA_AUTHVAL_04_BV
      
      /**
       * @desc If the responseCode is different than 0, the AuthorizationValidationResponse structure does not contain 
       *       the component confirmedSubjectAttributes.
       * <pre>
       * Pics Selection: PICS_IUT_EA_ROLE
       * Initial conditions: 
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives a AuthorizationValidationRequest message
       *             and the IUT responds with a AuthorizationValidationResponse message
       *                 containing AuthorizationValidationResponse
       *                     containing responseCode
       *                         indicating a value different than 0
       *         }
       *         then {
       *             the IUT sends a AuthorizationValidationResponse message
       *                 contains an AuthorizationValidationResponse structure
       *                     not containing confirmedSubjectAttributes
       *         }
       *     }
       * </pre>
       *
YannGarcia's avatar
Add TC_RCA_CTLGEN_01_BV  
YannGarcia committed
5899 
       * @see       ETSI TS 103 525-2 TP SECPKI_EA_AUTHVAL_05_BV
YannGarcia's avatar
Implement additional BI test purposes proposal  
YannGarcia committed
5900 5901 5902 5903 5904 5905 5906 5907 5908 5909 5910 5911 5912 5913 5914 5915 5916 5917 5918 5919 5920 5921 5922 5923 5924 5925 5926 5927 5928 5929 5930 5931 5932 5933 5934 5935 5936 5937 5938 5939 5940 5941 5942 5943 5944 5945 5946 5947 5948 5949 5950 
       * @reference ETSI TS 102 941, clause 6.2.3.4.2
       */
      testcase TC_SECPKI_EA_AUTHVAL_05_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
        // Local variables
        var Oct32 v_private_key_ec;
        var Oct32 v_public_compressed_key_ec;
        var integer v_compressed_key_mode_ec;
        var InnerEcResponse v_inner_ec_response;
        var Oct32 v_private_key_at;
        var Oct32 v_public_compressed_key_at;
        var integer v_compressed_key_mode_at;
        var Oct32 v_private_enc_key_at;
        var Oct32 v_public_compressed_enc_key_at;
        var integer v_compressed_enc_mode_at;
        var InnerAtRequest v_inner_at_request;
        var Oct32 v_request_hash;
        var Oct16 v_encrypted_sym_key;
        var Oct16 v_aes_sym_key;
        var HashedId8 v_aes_sym_key_hashed_id8;
        var Oct16 v_authentication_vector;
        var Oct12 v_nonce;
        var octetstring v_salt;
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
        var HeaderLines v_headers;
        var HttpMessage v_response;
        var EtsiTs102941Data v_etsi_ts_102941_data;
        
        // Test control
        if (not PICS_IUT_EA_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);
        
        // Test adapter configuration
        
        // Preamble
        // Trigger an enrolment request
        if (f_await_http_inner_ec_request_response(v_private_key_ec, v_public_compressed_key_ec, v_compressed_key_mode_ec, v_inner_ec_response) == false) {
          log("*** " & testcasename() & ": INCONC: Enrolment failed ***");
          f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
        } else {
          log("*** " & testcasename() & ": INFO: Enrolment succeed ***");
          f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
        }
        log("*** " & testcasename() & ": DEBUG: v_inner_ec_response= ", v_inner_ec_response);
        log("*** " & testcasename() & ": DEBUG: v_private_key_ec= ", v_private_key_ec);
        // Generate an InnerAtRequest
YannGarcia's avatar
Update after ETSI ITS CMS-7  
YannGarcia committed
5951 
        if (f_generate_inner_at_request(vc_aaCertificate, -, vc_aaHashedId8, vc_eaCertificate, vc_eaWholeHash/*salt*/, vc_eaHashedId8, v_inner_ec_response.certificate, v_private_key_ec, v_private_key_at, v_public_compressed_key_at, v_compressed_key_mode_at, v_private_enc_key_at, v_public_compressed_enc_key_at, v_compressed_enc_mode_at, v_inner_at_request) == false) {
YannGarcia's avatar
Implement additional BI test purposes proposal  
YannGarcia committed
5952 5953 5954 5955 5956 5957 5958 5959 5960 5961 5962 5963 5964 5965 5966 5967 5968 5969 5970 5971 5972 5973 5974 5975 5976 5977 5978 5979 5980 5981 5982 5983 5984 5985 5986 5987 5988 5989 5990 5991 5992 5993 5994 5995 5996 5997 5998 5999 6000 
          log("*** " & testcasename() & ": ERROR: Failed to generate AuthorizationValidationRequest ***");
          f_selfOrClientSyncAndVerdict("error", e_error);
        }
        log("*** " & testcasename() & ": DEBUG: v_inner_at_request= ", v_inner_at_request);
        log("*** " & testcasename() & ": DEBUG: v_private_key_at= ", v_private_key_at);
        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
        
        // Test Body
        f_http_build_invalid_authorization_validation_request(v_inner_at_request, v_public_compressed_key_at, v_compressed_key_mode_at, v_private_enc_key_at, v_public_compressed_enc_key_at, v_compressed_enc_mode_at, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
        v_aes_sym_key_hashed_id8 := f_HashedId8FromSha256(f_hashWithSha256('80'O & v_aes_sym_key)); // Used to macth the response
        f_init_default_headers_list(-, "inner_atv_request", v_headers);
        f_http_send(
                    v_headers,
                    m_http_request(
                                   m_http_request_post(
                                                       PICS_HTTP_POST_URI_ATV,
                                                       v_headers,
                                                       m_http_message_body_binary(
                                                                                  m_binary_body_ieee1609dot2_data(
                                                                                                                  v_ieee1609dot2_signed_and_encrypted_data
                                                                                                                  )))));
        tc_ac.start;
        alt {
          [] a_await_atv_http_response_from_iut(
                                                mw_http_response(
                                                                 mw_http_response_ok(
                                                                                     mw_http_message_body_binary(
                                                                                                                 mw_binary_body_ieee1609dot2_data(
                                                                                                                                                  mw_authorizationResponseMessage(
                                                                                                                                                                                  mw_encryptedData(
                                                                                                                                                                                                   { *, mw_recipientInfo_pskRecipInfo(v_aes_sym_key_hashed_id8), * },
                                                                                                                                                                                                   mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                                                   )))))),
                                                v_response
                                                ) {
            var integer v_result;
            var InnerAtResponse v_inner_at_response;
            
            tc_ac.stop;
            
            f_verify_http_at_response_from_iut_atv_error(v_inner_at_request, v_response.response, v_private_key_at, v_aes_sym_key, v_authentication_vector, v_request_hash, v_inner_at_response, v_result);
            // Set verdict
            if (v_result == 0) {
              log("*** " & testcasename() & ": PASS: Well-formatted error response received ***");
              f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
            } else {
              log("*** " & testcasename() & ": FAIL: Failed to verify AT response ***");
              f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
            }
Show full blame