Newer
Older
v_attrs := v_at_cert.subject_attributes;
for (var integer v_counter := 1; v_counter < lengthof(v_attrs); v_counter := v_counter + 1 ) {
if (v_attrs[v_counter].type_ <= v_attrs[v_counter-1].type_) {
log("*** " & testcasename() & ": FAIL: AT certificate subject attributes are not arranged in ascending order ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
} // End of 'for' statement
log("*** " & testcasename() & ": PASS: All required AT certificate subject attributes are presents and arranged in ascending order ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
// Postamble
f_poNeighbour();
f_cf01Down();
/**
* @desc Check that time_start_and_end is included in the AT certificate validation restrictions
* Check that time_start_and_end is inside the AA certificate time restrictions
* Check that validity restriction of AT certificate is inside the validity restriction of its issuing certificate
* Config Id: CF01
* with {
* the IUT being in the 'authorized' state
* the IUT being requested to include certificate chain in the next CAM
* } ensure that {
* when {
* the IUT is requested to send a CAM
* } then {
* the IUT sends a SecuredMessage
* containing subject_info.subject_type
* indicating 'authorization_ticket' (1)
* not containing validity_restrictions['time_end']
* and not containing validity_restrictions['time_start_and_duration']
* and containing validity_restrictions['time_start_and_end']
* and containing certificates[last-1]
* containing validity_restrictions['time_end']
* containing end_validity
* indicating value > AT_END_VALIDITY
* or containing validity_restrictions['time_start_and_end']
* containing start_validity
* indicating value <= AT_START_VALIDITY
* containing end_validity
* indicating value > AT_END_VALIDITY
* or containing validity_restrictions['time_start_and_duration']
* containing start_validity
* indicating X_START_VALIDITY <= AT_START_VALIDITY
* and containing duration
* indicating value > AT_END_VALIDITY - X_START_VALIDITY
* }
* }
* </pre>
* @see ETSI TS 103 096-2 v1.2.2 TP_SEC_ITSS_SND_CERT_AT_05_01_BV
testcase TC_SEC_ITSS_SND_CERT_AT_05_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
var CertificateChain v_chain;
var Certificate v_aa_cert, v_at_cert;
var ValidityRestriction v_vr, v_aa_vr;
// Test control
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
8073
8074
8075
8076
8077
8078
8079
8080
8081
8082
8083
8084
8085
8086
8087
8088
8089
8090
8091
8092
8093
8094
8095
8096
8097
8098
8099
8100
8101
8102
8103
8104
8105
8106
8107
8108
8109
8110
8111
8112
8113
8114
8115
8116
8117
8118
8119
8120
8121
stop;
}
// Test component configuration
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain ***");
tc_ac.start;
if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
}
tc_ac.stop;
if (lengthof(v_chain) < 2) {
log("*** " & testcasename() & ": FAIL: Certificate chain is too short ***");
f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_error);
}
v_aa_cert := v_chain[lengthof(v_chain) - 2];
v_at_cert := v_chain[lengthof(v_chain) - 1];
if (match (
v_at_cert.validity_restrictions,
(
superset(
mw_validity_restriction_time_end,
mw_validity_restriction_time_start_and_duration
)
)
)) {
log("*** " & testcasename() & ": FAIL: AT certificate must not contain time_end and time_start_and_duration restrictions ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
if ( true != f_getCertificateValidityRestriction(v_at_cert, e_time_start_and_end, v_vr)) {
log("*** " & testcasename() & ": FAIL: AT certificate must contain time_start_and_end restrictions ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
if (v_vr.validity.time_start_and_end.start_validity > v_vr.validity.time_start_and_end.end_validity ) {
log("*** " & testcasename() & ": FAIL: start validity must not be greater then end validity in the validity restrictions of AT certificate ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
8122
8123
8124
8125
8126
8127
8128
8129
8130
8131
8132
8133
8134
8135
8136
8137
8138
8139
8140
8141
8142
8143
8144
8145
if (true == f_getCertificateValidityRestriction(v_aa_cert, e_time_start_and_end, v_aa_vr)) {
if (
(v_vr.validity.time_start_and_end.start_validity < v_aa_vr.validity.time_start_and_end.start_validity) or
(v_vr.validity.time_start_and_end.end_validity > v_aa_vr.validity.time_start_and_end.end_validity)
) {
log("*** " & testcasename() & ": FAIL: AT certificate time validity restriction must be inside the AA certificate time validity restriction ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
} else if (true == f_getCertificateValidityRestriction(v_aa_cert, e_time_end, v_aa_vr)) {
if (v_vr.validity.time_start_and_end.end_validity > v_aa_vr.validity.end_validity) {
log("*** " & testcasename() & ": FAIL: AT certificate time validity restriction must be inside the AA certificate time validity restriction ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
} else if (true == f_getCertificateValidityRestriction(v_aa_cert, e_time_start_and_duration, v_aa_vr)) {
var Time64 v_end := v_aa_vr.validity.time_start_and_duration.start_validity + f_duration2time(v_aa_vr.validity.time_start_and_duration.duration_);
if (
(v_vr.validity.time_start_and_end.start_validity < v_aa_vr.validity.time_start_and_duration.start_validity) or
(v_vr.validity.time_start_and_end.end_validity > v_end)
) {
log("*** " & testcasename() & ": FAIL: AT certificate time validity restriction must be inside the AA certificate time validity restriction ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
} else {
log("*** " & testcasename() & ": FAIL: Wrong AA certificate time restrictions ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
log("*** " & testcasename() & ": PASS: Time validity restriction of the AT certificate is good ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
// Postamble
f_poNeighbour();
f_cf01Down();
* @desc Check that all AIDs containing in the its_aid_ssp_list in AT certificate are unique
* Check that all AIDs containing in the its_aid_ssp_list in AT certificate are also containing in the
* its_aid_list in the correspondent AA certificate
* Check that the length of SSP of each AID is 31 octet maximum
* Config Id: CF01
* with {
* the IUT being in the 'authorized' state
* the IUT being requested to include certificate chain in the next CAM
* } ensure that {
* when {
* the IUT is requested to send a CAM
* } then {
* the IUT sends a SecuredMessage
* containing subject_info.subject_type
* indicating 'authorization_authority' (2)
* containing subject_attributes['its_aid_list']
* containing its_aid_list[0..N]
* indicating ITS_AID_LIST_AA
* containing subject_info.subject_type
* indicating 'authorization_ticket' (1)
* containing subject_attributes['its_aid_ssp_list']
* containing its_aid_ssp_list[0..N]
* containing its_aid_ssp_list[n]
* containing its_aid
* indicating unique value containing in the ITS_AID_LIST_AA
* containing service_specific_permissions
* indicating length <= 31 octet
* }
* }
* </pre>
* @see ETSI TS 103 096-2 v1.2.2 TP_SEC_ITSS_SND_CERT_AT_07_01_BV
testcase TC_SEC_ITSS_SND_CERT_AT_07_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
var CertificateChain v_chain;
var Certificate v_aa_cert, v_at_cert;
var SubjectAttribute v_sa;
var IntXs v_aid_list;
var ItsAidSsps v_aid_ssp_list;
// Test control
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
8207
8208
8209
8210
8211
8212
8213
8214
8215
8216
8217
8218
8219
8220
8221
8222
8223
8224
8225
8226
8227
8228
8229
8230
8231
8232
8233
8234
8235
8236
8237
8238
8239
8240
8241
8242
8243
8244
8245
8246
8247
8248
8249
8250
8251
8252
stop;
}
// Test component configuration
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain ***");
tc_ac.start;
if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
}
tc_ac.stop;
if (lengthof(v_chain) < 2) {
log("*** " & testcasename() & ": FAIL: Certificate chain is too short ***");
f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_error);
}
v_aa_cert := v_chain[lengthof(v_chain) - 2];
v_at_cert := v_chain[lengthof(v_chain) - 1];
if (not f_getCertificateSubjectAttribute(v_aa_cert, e_its_aid_list, v_sa)) {
log("*** " & testcasename() & ": FAIL: AA certificate does not contain its_aid_list subject attribute ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
v_aid_list := v_sa.attribute.its_aid_list;
if (not f_getCertificateSubjectAttribute(v_at_cert, e_its_aid_ssp_list, v_sa)) {
log("*** " & testcasename() & ": FAIL: AA certificate does not contain its_aid_list subject attribute ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
v_aid_ssp_list := v_sa.attribute.its_aid_ssp_list;
for (var integer v_counter :=0; v_counter < lengthof(v_aid_ssp_list); v_counter := v_counter + 1) {
// Check unique
for (var integer j :=0; j < lengthof(v_aid_ssp_list); j := j + 1) {
if (v_counter != j and v_aid_ssp_list[v_counter].its_aid == v_aid_ssp_list[j].its_aid) {
log("*** " & testcasename() & ": FAIL: ITS-AID " & int2str(v_aid_ssp_list[v_counter].its_aid) & " is duplicated in AT certificate ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
} // End of 'for' statement
// if (not match(v_aid_ssp_list[v_counter], (all from v_aid_list))) {
// log("*** " & testcasename() & ": FAIL: ITS-AID " & int2str(v_aid_ssp_list[v_counter].its_aid) & " is not exist in AA certificate ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
// }
// if (lengthof(v_aid_ssp_list[v_counter].service_specific_permissions.sspContainer) > 31) {
// log("*** " & testcasename() & ": FAIL: ITS-AID " & int2str(v_aid_ssp_list[v_counter].its_aid) & " has too long service_specific_permissions ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
// }
} // End of 'for' statement
log("*** " & testcasename() & ": PASS: The ITS_AID_SSP list of the AT certificate is good ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
// Postamble
f_poNeighbour();
f_cf01Down();
/**
* @desc Check that AT certificate is signed by AA cert
* <pre>
* Config Id: CF01
* with {
* the IUT being in the 'authorized' state
* the IUT being requested to include certificate chain in the next CAM
* } ensure that {
* when {
* indicating 'certificate_chain'
* containing certificates[last-1] (CERT_AA)
* containing subject_info.subject_type
* indicating 'authorization_authority' (2)
* and containing subject_attributes['verification key'] (KEY)
* containing subject_info.subject_type
* indicating 'authorization_ticket' (1)
* containing type
* indicating 'certificate_digest_with_sha256'
* containing digest
* referencing to CERT_AA
* and containing signature
* verifiable using KEY
* }
* }
* </pre>
* @see ETSI TS 103 096-2 v1.2.2 TP_SEC_ITSS_SND_CERT_AT_08_01_BV
* @reference ETSI TS 103 097 [1], clause 6.3
*/
testcase TC_SEC_ITSS_SND_CERT_AT_08_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
var CertificateChain v_chain;
var Certificate v_aa_cert, v_at_cert;
var HashedId8 v_aa_digest;
// Test control
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
8316
8317
8318
8319
8320
8321
8322
8323
8324
8325
8326
8327
8328
8329
8330
8331
8332
8333
8334
8335
8336
8337
8338
8339
8340
8341
8342
8343
8344
8345
8346
8347
8348
8349
8350
8351
8352
8353
8354
8355
8356
8357
8358
8359
8360
stop;
}
// Test component configuration
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain ***");
tc_ac.start;
if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
}
tc_ac.stop;
if (lengthof(v_chain) < 2) {
log("*** " & testcasename() & ": FAIL: Certificate chain is too short ***");
f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_error);
}
v_at_cert := v_chain[lengthof(v_chain) - 1];
v_aa_cert := v_chain[lengthof(v_chain) - 2];
v_aa_digest := f_calculateDigestFromCertificate(v_aa_cert);
if (not match(v_at_cert, mw_at_certificate(mw_signerInfo_digest(v_aa_digest)))) {
log("*** " & testcasename() & ": FAIL: AT certificate signer info doesn't reference the AA certificate from the chain ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
if (not f_verifyCertificateSignatureWithIssuingCertificate(v_at_cert, v_aa_cert)) {
log("*** " & testcasename() & ": FAIL: AT certificate signature verification failed ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
log("*** " & testcasename() & ": PASS: AT certificate was signed by the AA certificate from the given chain ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_CERT_AT_08_01_BV
* @desc Check that all necessary validity restrictions are present and arranged in ascending order
* Config Id: CF01
* with {
* the IUT being in the 'authorized' state
* the IUT being requested to include certificate in the next CAM
* } ensure that {
* when {
* the IUT is requested to send a CAM
* } then {
* the IUT sends a SecuredMessage
* indicating 'certificate'
* containing certificate
* containing subject_attributes [0..N]
* indicating subject_attributes[n].type < subject_attributes[n+ 1].type
* containing subject_attributes['verification_key']
* containing subject_attributes['assurance_level']
* containing subject_attributes['its_aid_ssp_list']
* @see ETSI TS 103 096-2 v1.2.2 TP_SEC_ITSS_SND_CERT_AT_10_01_BV
* @reference ETSI TS 103 097 [1], clauses 6.1
testcase TC_SEC_ITSS_SND_CERT_AT_10_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
var Certificate v_at_cert;
var ValidityRestriction v_vr;
var ValidityRestrictions v_vrs;
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
log("*** " & testcasename() & ": INFO: Waiting for the message containing certificate ***");
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
}
tc_ac.stop;
if (not match(
v_at_cert,
mw_at_certificate(
mw_signerInfo_certificate
))) {
if (true != f_getCertificateValidityRestriction(v_at_cert.signer_info.signerInfo.certificate, e_time_start_and_end, v_vr)) {
log("*** " & testcasename() & ": FAIL: Required 'time_start_and_end' validity_restriction attribute of AT certificate is not found ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
v_vrs := v_at_cert.signer_info.signerInfo.certificate.validity_restrictions;
for (var integer v_counter := 1; v_counter < lengthof(v_vrs); v_counter := v_counter + 1 ) {
if (v_vrs[v_counter].type_ <= v_vrs[v_counter-1].type_) {
log("*** " & testcasename() & ": FAIL: AT certificate subject attributes are not arranged in ascending order ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
} // End of 'for' statement
log("*** " & testcasename() & ": PASS: All required AT certificate subject attributes are presents and arranged in ascending order ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
} // End of group AT_Certificates
} // End of group sendCertificatesProfile
} // End of group sendingBehavior
/**
* @desc Receiver behaviour test cases
* @see ETSI TS 103 096-2 V1.2.2 (2016-01) Clause 5.3 Receiver behaviour
*/
group receiverBehavior {
/**
* @see ETSI TS 103 096-2 V1.2.2 (2016-01) Clause 5.3.2 CAM Profile
*/
group recvCamProfile {
/**
* @desc Check that IUT accepts a well-formed Secured CAM containing certificate in signer_info
* <pre>
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* and the IUT current time is inside the time validity period of CERT_TS_A_AT
* }
* ensure that {
* when {
* the IUT is receiving a SecuredMessage
* containing protocol_version
* indicating value '2'
* and containing header_fields[0]
* containing type
* indicating 'signer_info'
* containing subject_info.subject_type
* indicating 'authorization_ticket' (2)
* and containing subject_attributes['verification key'] (KEY)
* containing type
* indicating 'generation_time'
* containing generation_time
* indicating CURRENT_TIME
* containing type
* indicating 'its_aid'
* containing its_aid
* indicating 'AID_CAM'
* and not containing any other header fields
* containing type
* indicating 'signed'
* containing data
* indicating length > 0
* containing CAM payload
* and containing trailer_fields
* containing single instance of type TrailerField
* containing type
* indicating 'signature'
* containing signature
* verifiable using KEY
* } then {
* the IUT accepts the message
* }
* }
* </pre>
*
* @see ETSI TS 103 096-2 v1.2.2 TP_SEC_ITSS_RCV_CAM_01_01_BV
* @reference ETSI TS 103 097 [1], clause 7.1
*/
testcase TC_SEC_ITSS_RCV_CAM_01_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var integer i;
var GeoNetworkingPdu v_securedGnPdu;
var GnRawPayload v_sentRawPayload;
// Test adapter configuration
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
v_securedGnPdu := f_sendSecuredCam(cc_taCert_A, omit, e_certificate);
v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload);
for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) {
}
if (i < lengthof(vc_utInds)) {
log("*** " & testcasename() & ": PASS: GN was transmitted to upper layer ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
log("*** " & testcasename() & ": FAIL: GN was not transmitted to upper layer ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
// Postamble
f_poNeighbour();
f_cf01Down();
* @desc Check that IUT accepts a well-formed Secured CAM containing certificate digest of the known certificate in signer_info
* <pre>
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* and the IUT current time is inside the time validity period of CERT_TS_A_AT
* and the IUT already sent a Secured message containing certificate (CERT_TS_A_AT)
* containing subject_info.subject_type
* indicating 'authorization_ticket' (2)
* and containing subject_attributes['verification key'] (KEY)
* }
* ensure that {
* when {
* the IUT is receiving a SecuredMessage
* containing protocol_version
* indicating value '2'
* and containing header_fields[0]
* containing type
* indicating 'signer_info'
* containing type
* indicating 'certificate_digest_with_sha256'
* and containing digest
* containing type
* indicating 'generation_time'
* containing generation_time
* indicating CURRENT_TIME
* containing type
* indicating 'its_aid'
* containing its_aid
* indicating 'AID_CAM'
* and not containing any other header fields
* containing type
* indicating 'signed'
* containing data
* indicating length > 0
* containing CAM payload
* and containing trailer_fields
* containing single instance of type TrailerField
* containing type
* indicating 'signature'
* containing signature
* verifiable using KEY
* } then {
* the IUT accepts the message
* }
* }
* </pre>
*
* @see ETSI TS 103 096-2 v1.2.2 TP_SEC_ITSS_RCV_CAM_01_02_BV
* @reference ETSI TS 103 097 [1], clause 7.1
*/
testcase TC_SEC_ITSS_RCV_CAM_01_02_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var integer i;
var GeoNetworkingPdu v_securedGnPdu;
var GnRawPayload v_sentRawPayload;
// Test adapter configuration
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
v_securedGnPdu := f_sendSecuredCam(cc_taCert_A, omit, e_certificate_digest_with_sha256);
v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload);
for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) {
}
if (i < lengthof(vc_utInds)) {
log("*** " & testcasename() & ": PASS: GN was transmitted to upper layer ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
log("*** " & testcasename() & ": FAIL: GN was not transmitted to upper layer ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
// Postamble
f_poNeighbour();
f_cf01Down();
* @desc Check that IUT accepts a well-formed Secured CAM containing certificate chain in signer_info
* <pre>
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* and the IUT current time is inside the time validity period of CERT_TS_A_AT
* }
* ensure that {
* when {
* the IUT is receiving a SecuredMessage
* containing protocol_version
* indicating value '2'
* and containing header_fields[0]
* containing type
* indicating 'signer_info'
* containing type
* indicating 'certificate_chain'
* and containing certificates
* containing subject_info.subject_type
* indicating 'authorization_authority'
* and containing subject_attributes['verification key'] (KEY_TS_AA)
* and containing certificate (CERT_TS_A_AT) at index 1
* containing subject_info.subject_type
* indicating 'authorization_ticket'
* containing type
* indicating 'certificate_digest_with_sha256'
* containing digest
* verifiable using KEY_TS_AA
* and containing subject_attributes['verification key'] (KEY_TS_AT)
* containing type
* indicating 'generation_time'
* containing generation_time
* indicating CURRENT_TIME
* containing type
* indicating 'its_aid'
* containing its_aid
* indicating 'AID_CAM'
* and not containing any other header fields
* containing type
* indicating 'signed'
* containing data
* indicating length > 0
* containing CAM payload
* and containing trailer_fields
* containing single instance of type TrailerField
* containing type
* indicating 'signature'
* containing signature
* } then {
* the IUT accepts the message
* }
* }
* </pre>
*
* @see ETSI TS 103 096-2 v1.2.2 TP_SEC_ITSS_RCV_CAM_01_03_BV
* @reference ETSI TS 103 097 [1], clause 7.1
*/
testcase TC_SEC_ITSS_RCV_CAM_01_03_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var integer i;
var GeoNetworkingPdu v_securedGnPdu;
var GnRawPayload v_sentRawPayload;
// Test adapter configuration
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
v_securedGnPdu := f_sendSecuredCam(cc_taCert_A, -, e_certificate_chain);
v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload);
for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) {
}
if (i < lengthof(vc_utInds)) {
log("*** " & testcasename() & ": PASS: GN was transmitted to upper layer ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
log("*** " & testcasename() & ": FAIL: GN was not transmitted to upper layer ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
// Postamble
f_poNeighbour();
f_cf01Down();
* @desc Check that IUT discards a Secured CAM containing protocol version set to a value less then 2
* <pre>
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* and the IUT current time is inside the time validity period of CERT_TS_A_AT
* the IUT is receiving a SecuredMessage (MSG_SEC_RCV_CAM_01)
* containing protocol_version
* indicating 1
* } then {
* the IUT discards a SecuredMessage
* }
* }
* </pre>
*
* @see ETSI TS 103 096-2 v1.2.2 TP_SEC_ITSS_RCV_CAM_02_01_BO
*/
testcase TC_SEC_ITSS_RCV_CAM_02_01_BO() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var integer i;
var GeoNetworkingPdu v_securedGnPdu;
var GnRawPayload v_sentRawPayload;
// Test adapter configuration
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
v_securedGnPdu := f_sendSecuredCam_Bo(cc_taCert_A, PX_WRONG_PROTOCOL_VERSION);
v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload);
for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) {
}
if (i < lengthof(vc_utInds)) {
log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
else {
log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
// Postamble
f_poNeighbour();
f_cf01Down();
* @desc Check that IUT discards a Secured CAM containing protocol version set to a value greater then 2
* <pre>
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* }
* ensure that {
* when {
* the IUT is receiving a SecuredMessage (MSG_SEC_RCV_CAM_01)
* containing protocol_version
* indicating 3
* } then {
* the IUT discards a SecuredMessage
* }
* }
* </pre>
*
* @see ETSI TS 103 096-2 v1.2.2 TP_SEC_ITSS_RCV_CAM_02_02_BO
*/
testcase TC_SEC_ITSS_RCV_CAM_02_02_BO() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var integer i;
var GeoNetworkingPdu v_securedGnPdu;
var GnRawPayload v_sentRawPayload;
// Test adapter configuration
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
v_securedGnPdu := f_sendSecuredCam_Bo(cc_taCert_A, PX_WRONG_PROTOCOL_VERSION); // Change PX_WRONG_PROTOCOL_VERSION to 3
v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload);
for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) {
log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
else {
log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
// Postamble
f_poNeighbour();
f_cf01Down();
* @desc Check that IUT discards a secured CAM if the header_fields contains more than one element of header field type: signer_info
* <pre>
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* and the IUT current time is inside the time validity period of CERT_TS_A_AT
* when {
* the IUT is receiving a SecuredMessage (MSG_SEC_RCV_CAM_01)
* containing header_fields[0].type
* indicating 'signer_info'
* and containing header_fields[1].type
* indicating 'signer_info'
* and containing header_fields[2].type
* indicating 'generation_time'
* containing type
* indicating 'its_aid'
* containing its_aid
* indicating 'AID_CAM'
* and not containing other header fields
* } then {
* the IUT discards the message
* }
* }
* </pre>
*
* @see ETSI TS 103 096-2 v1.2.2 TP_SEC_ITSS_RCV_CAM_04_01_BO
* @reference ETSI TS 103 097 [1], clause 7.1
*/
testcase TC_SEC_ITSS_RCV_CAM_04_01_BO() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var integer i;
var GeoNetworkingPdu v_securedGnPdu;
var GnRawPayload v_sentRawPayload;
// Test adapter configuration
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
v_securedGnPdu := f_prepareSecuredCam(
cc_taCert_A,
{
m_header_field_signer_info(
m_signerInfo_digest(
vc_atCertificate.signer_info.signerInfo.digest
)),
m_header_field_signer_info(
m_signerInfo_certificate(
vc_aaCertificate
)),
m_header_field_generation_time(1000 * f_getCurrentTime()), // In us
m_header_field_its_aid_CAM
},
e_certificate_digest_with_sha256,
false
);
f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu));
v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload);
for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) {
// empty on purpose
} // End of 'for' statement
if (i < lengthof(vc_utInds)) {
log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}