Newer
Older
* containing ciphertext
* containing encrypted data
* containing COER encoded data
* containing structure of type EtsiTs103097Data
* }
* }
* </pre>
*
* @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_ENC_04_BV
* @reference IEEE 1609.2 [2], clauses 6.3.31
* @reference ETSI TS 103 097 [1] Clause 7.1.4
*/
testcase TC_SEC_ITSS_SND_ENC_04_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var EtsiTs103097Data v_decryptedMsg;
7018
7019
7020
7021
7022
7023
7024
7025
7026
7027
7028
7029
7030
7031
7032
7033
7034
7035
7036
7037
7038
7039
7040
7041
7042
7043
7044
7045
7046
7047
7048
var GeoNetworkingInd v_geoNwInd;
// Test control
if (not(PICS_GN_SECURITY) or not(PICS_SEC_ENCRYPTION_SUPPORT)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_SEC_ENCRYPTION_SUPPORT' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up(); // Initialise IUT with CERT_IUT_A_AT signed with CERT_IUT_A_AA
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mw_etsiTs103097Data_encrypted(
mw_encryptedData(
-,
mw_SymmetricCiphertext_aes128ccm(
mw_aesCcmCiphertext
)))))) -> value v_geoNwInd {
tc_ac.stop;
if (f_decrypt(vc_encryptPrivateKey, f_getSecuredMessage(v_geoNwInd.msgIn), ''O, v_decryptedMsg, v_aes_sym_enc_key) == false) { // No salt value
log("*** " & testcasename() & ": FAIL: Unable to process encryption data ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else if (match(v_decryptedMsg, mw_etsiTs103097Data) == false) {
log("*** " & testcasename() & ": FAIL: Unable to parse EtsiTs103097Data data ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else {
log("*** " & testcasename() & ": PASS: IUT sends signed and encrypted message ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_ENC_04_BV
/**
* @desc Check that when the IUT sends SignedAndEncrypted message then it sends the
7074
7075
7076
7077
7078
7079
7080
7081
7082
7083
7084
7085
7086
7087
7088
7089
7090
7091
7092
7093
7094
7095
7096
7097
7098
7099
7100
7101
7102
7103
7104
7105
* EtsiTs103097Data-Encrypted message containing the EtsiTs103097Data-Signed
* structure as the ToBeSignedDataContent.
* <pre>
* Pics Selection: PICS_GN_SECURITY AND PICS_SEC_ENCRYPTION_SUPPORT
* Config Id: CF01
* Initial conditions:
* with {
* the IUT is authorized with AT certificate (CERT_IUT_A_AT)
* }
* Expected behaviour:
* ensure that {
* when {
* the IUT is requested to send an encrypted and signed message
* } then {
* the IUT sends a message of type EtsiTs103097Data
* containing encryptedData
* containing ciphertext
* containing encrypted data
* containing COER encoded data
* containing structure of type EtsiTs103097Data
* containing signedData
* }
* }
* </pre>
*
* @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_ENC_05_BV
* @reference IEEE 1609.2 [2], clauses 6.3.31
* @reference ETSI TS 103 097 [1] Clause 7.1.5
*/
testcase TC_SEC_ITSS_SND_ENC_05_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var EtsiTs103097Data v_decryptedMsg;
7108
7109
7110
7111
7112
7113
7114
7115
7116
7117
7118
7119
7120
7121
7122
7123
7124
7125
7126
7127
7128
7129
7130
7131
7132
7133
7134
7135
7136
7137
7138
var GeoNetworkingInd v_geoNwInd;
// Test control
if (not(PICS_GN_SECURITY) or not(PICS_SEC_ENCRYPTION_SUPPORT)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_SEC_ENCRYPTION_SUPPORT' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up(); // Initialise IUT with CERT_IUT_A_AT signed with CERT_IUT_A_AA
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mw_etsiTs103097Data_encrypted(
mw_encryptedData(
-,
mw_SymmetricCiphertext_aes128ccm(
mw_aesCcmCiphertext
)))))) -> value v_geoNwInd {
tc_ac.stop;
if (f_decrypt(vc_encryptPrivateKey, f_getSecuredMessage(v_geoNwInd.msgIn), ''O, v_decryptedMsg, v_aes_sym_enc_key) == false) { // No salt value
log("*** " & testcasename() & ": FAIL: Unable to process encryption data ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else if (match(v_decryptedMsg, mw_etsiTs103097Data_signed) == false) {
log("*** " & testcasename() & ": FAIL: Unable to parse signed data ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else {
// TODO Check signature?
log("*** " & testcasename() & ": PASS: IUT sends signed and encrypted message ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_ENC_05_BV
} // End of group encryptedMessagesProfile
/**
* @desc Sending behaviour test cases for certificates profile
* @see ETSI TS 103 096-2 V1.3.32 (2018-01) Clause 5.2.8 Profiles for certificates
*/
7171
7172
7173
7174
7175
7176
7177
7178
7179
7180
7181
7182
7183
7184
7185
7186
7187
7188
7189
7190
7191
7192
7193
7194
7195
7196
7197
/**
* @desc Check that IUT certificate is explicit and has version 3.
* <pre>
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* }
* Expected behaviour:
* ensure that {
* when {
* the AA is issued the certificate
* } then {
* this certificate is of type EtsiTs103097Certificate
* containing version
* indicating 3
* and containing type
* indicating 'explicit'
* and containing toBeSigned
* containing verifyKeyIndicator
* containing verificationKey
* }
* }
* </pre>
*
* @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_01_BV
* @reference ETSI TS 103 097 [1], Clauses 6
* @reference IEEE 1609.2 [2] Clause 6.4.3
*/
testcase TC_SEC_ITSS_SND_CERT_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
// Test control
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
f_cf01Up(); // Initialise IUT with CERT_IUT_A_AT signed with CERT_IUT_A_AA
// Test adapter configuration
// Preamble
f_prNeighbour();
log("*** " & testcasename() & ": INFO: Wait for certificate and ask for AA certificate ***");
f_askForCertificateChain(f_generateDefaultCam()); // TODO Rename f_askForCertificateChain into f_askForCertificateAA
tc_ac.stop;
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mw_etsiTs103097Data_signed(
mw_signedData(
mw_ieee1609Dot2_headerInfo_request_certificate(
7237
7238
7239
7240
7241
7242
7243
7244
7245
7246
7247
7248
7249
7250
7251
7252
7253
7254
7255
7256
7257
7258
7259
7260
7261
7262
7263
7264
7265
7266
7267
7268
7269
7270
7271
7272
7273
7274
7275
7276
7277
7278
7279
7280
7281
7282
7283
7284
7285
7286
7287
mw_etsiTs103097Certificate(
-,
mw_toBeSignedCertificate_aa
)))))))) {
tc_ac.stop;
log("*** " & testcasename() & ": PASS: Security protocol version set to 3 ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_CERT_01_BV
/**
* @desc Check that IUT certificate is conformed to ETSI TS 103 097 clause 6.
* <pre>
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* }
* Expected behaviour:
* ensure that {
* when {
* the AA is issued the certificate
* } then {
* this certificate is of type EtsiTs103097Certificate
* containing toBeSigned
* containing id
* indicating 'none'
* or indicating 'name'
* and containing cracaId
* indicating '000000'H
* and containing crlSeries
* indicating '0'D
* and not containing certRequestPermissions
* and not containing canRequestRollover
* and containing signature
* }
* }
* </pre>
*
* @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_02_BV
* @reference ETSI TS 103 097 [1], Clauses 6
*/
testcase TC_SEC_ITSS_SND_CERT_02_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
// Test control
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
// Test component configuration
f_cf01Up(); // Initialise IUT with CERT_IUT_A_AT signed with CERT_IUT_A_AA
// Test adapter configuration
// Preamble
f_prNeighbour();
log("*** " & testcasename() & ": INFO: Wait for certificate and ask for AA certificate ***");
7308
7309
7310
7311
7312
7313
7314
7315
7316
7317
7318
7319
7320
7321
7322
7323
7324
7325
7326
7327
7328
7329
7330
7331
7332
7333
7334
7335
7336
7337
7338
7339
7340
7341
7342
7343
7344
7345
7346
7347
7348
7349
7350
7351
7352
7353
7354
7355
7356
7357
7358
7359
7360
7361
7362
7363
7364
7365
7366
7367
7368
7369
7370
7371
7372
7373
7374
7375
7376
7377
7378
7379
7380
7381
7382
7383
7384
7385
7386
7387
7388
7389
7390
7391
7392
7393
tc_ac.start;
f_askForCertificateChain(f_generateDefaultCam());
tc_ac.stop;
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mw_etsiTs103097Data_signed(
mw_signedData(
-,
mw_toBeSignedData(
-,
mw_ieee1609Dot2_headerInfo_request_certificate(
-,
mw_etsiTs103097Certificate(
-,
mw_toBeSignedCertificate_aa(
mw_certificateId_name
))))))))) {
tc_ac.stop;
log("*** " & testcasename() & ": PASS: AA certificate is conformed to ETSI TS 103 097 clause 6, with named id ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mw_etsiTs103097Data_signed(
mw_signedData(
-,
mw_toBeSignedData(
-,
mw_ieee1609Dot2_headerInfo_request_certificate(
-,
mw_etsiTs103097Certificate(
-,
mw_toBeSignedCertificate_aa(
mw_certificateId_none
))))))))) {
tc_ac.stop;
log("*** " & testcasename() & ": PASS: AA certificate is conformed to ETSI TS 103 097 clause 6, with none id ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_CERT_02_BV
/**
* @desc Check that the certificate issuer of certificates is referenced using digest;
* Check that right digest field is used to reference to the certificate.
* <pre>
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Initial conditions:
* with {
* the IUT is authorized with AT certificate (X_CERTIFICATE)
* }
* ensure that {
* when {
* the CA is issued the certificate
* } then {
* this certificate is of type EtsiTs103097Certificate
* containing signedData
* containing self
* or containing X_DIGEST
* indicating last 8 bytes of the hash of the certificate calculated using X_ALGORITHM
* referenced to certificate
* containing toBeSigned
* containing verifyKeyIndicator
* containing verificationKey
* containing X_KEY
* }
* }
* </pre>
*
* @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_03_BV
* @reference ETSI TS 103 097 [1], Clauses 5.2 & 7.1.3
* @reference IEEE 1609.2 [2], Clauses 5.3.1, 6.3.4, 6.3.29, 6.3.30, 6.3.31
testcase TC_SEC_ITSS_SND_CERT_03_BV() runs on ItsGeoNetworking system ItsSecSystem {
var EtsiTs103097Certificate v_ca_certificate;
var EtsiTs103097Certificate v_aa_certificate;
var EtsiTs103097Certificate v_at_certificate;
var HashedId8 v_ca_hashedId8;
var HashedId8 v_aa_hashedId8;
// Test control
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
// Test component configuration
7414
7415
7416
7417
7418
7419
7420
7421
7422
7423
7424
7425
7426
7427
7428
7429
7430
7431
7432
7433
7434
7435
7436
7437
7438
7439
7440
7441
7442
7443
7444
7445
7446
7447
7448
7449
7450
7451
7452
7453
7454
7455
7456
7457
7458
7459
7460
7461
7462
7463
7464
7465
7466
7467
7468
7469
7470
7471
7472
7473
7474
7475
7476
7477
7478
7479
7480
7481
7482
7483
7484
7485
7486
7487
7488
7489
7490
7491
7492
7493
7494
7495
7496
7497
7498
7499
7500
7501
7502
7503
7504
7505
7506
7507
7508
7509
7510
7511
7512
7513
7514
7515
7516
7517
7518
7519
7520
7521
7522
7523
7524
7525
7526
7527
7528
7529
7530
7531
7532
7533
7534
7535
7536
7537
7538
7539
7540
7541
7542
7543
7544
7545
7546
7547
// Test adapter configuration
// Preamble
f_readCertificate(cc_taCert_CA1, v_ca_certificate); // TODO Use PIXIT as array of strings to change
// certificates to be checked
f_readCertificate(cc_taCert_CC_AA, v_aa_certificate);
f_readCertificate(cc_iutCert_A, v_at_certificate);
f_getCertificateDigest(cc_taCert_CC_AA, v_ca_hashedId8);
f_getCertificateDigest(cc_taCert_CC_AA, v_aa_hashedId8);
// Test Body
// 1. Check certificate format
if (match(
v_ca_certificate,
mw_etsiTs103097Certificate(
mw_issuerIdentifier_self,
mw_toBeSignedCertificate_ca
)) == true) {
log("*** " & testcasename() & ": INFO: CA certificate are well formatted ***");
} else {
log("*** " & testcasename() & ": FAIL: Invalid CA certificate ***");
setverdict(fail);
} // End of 'alt' statement
if (match(
v_aa_certificate,
mw_etsiTs103097Certificate(
?,
mw_toBeSignedCertificate_aa
)) == true) {
log("*** " & testcasename() & ": INFO: AA certificate are well formatted ***");
} else {
log("*** " & testcasename() & ": FAIL: Invalid AA certificate ***");
setverdict(fail);
} // End of 'alt' statement
if (match(
v_at_certificate,
mw_etsiTs103097Certificate(
?,
mw_toBeSignedCertificate_at
)) == true) {
log("*** " & testcasename() & ": INFO: AT sertificate are well formatted ***");
} else {
log("*** " & testcasename() & ": Invalid AT certificate ***");
setverdict(fail);
} // End of 'alt' statement
// 2. Check issuers
if (v_ca_certificate.issuer.self_ == sha256) {
if (match(v_ca_hashedId8, v_aa_certificate.issuer.sha256AndDigest) == true) {
log("*** " & testcasename() & ": INFO: AA certificate is issued from CA certificate ***");
} else {
log("*** " & testcasename() & ": FAIL: Invalid AA certificate ***");
setverdict(fail);
} // End of 'alt' statement
if (match(v_aa_hashedId8, v_at_certificate.issuer.sha256AndDigest) == true) {
log("*** " & testcasename() & ": INFO: AT certificate is issued from CA certificate ***");
setverdict(pass, "Certificates are well-formated and issuer chain is correct");
} else {
log("*** " & testcasename() & ": FAIL: Invalid AA certificate ***");
setverdict(fail);
} // End of 'alt' statement
} else if (v_ca_certificate.issuer.self_ == sha384) {
if (match(v_ca_hashedId8, v_aa_certificate.issuer.sha384AndDigest) == true) {
log("*** " & testcasename() & ": INFO: AA certificate is issued from CA certificate ***");
} else {
log("*** " & testcasename() & ": FAIL: Invalid AA certificate ***");
setverdict(fail);
} // End of 'alt' statement
if (match(v_aa_hashedId8, v_at_certificate.issuer.sha384AndDigest) == true) {
log("*** " & testcasename() & ": INFO: AT certificate is issued from CA certificate ***");
setverdict(pass, "Certificates are well-formated and issuer chain is correct");
} else {
log("*** " & testcasename() & ": FAIL: Invalid AA certificate ***");
setverdict(fail);
} // End of 'alt' statement
} else {
log("*** " & testcasename() & ": FAIL: Invalid CA certificate issuer ***");
setverdict(fail);
}
// Postamble
} // End of testcase TC_SEC_ITSS_SND_CERT_03_BV
/**
* @desc Check that the rectangular certificate validity region of the subordinate certificate is well formed
* and inside the validity region of the issuing certificate.
* <pre>
* Pics Selection: PICS_GN_SECURITY and PICS_SEC_RECTANGULAR_REGION
* Config Id: CF01
* Initial conditions:
* with {
* the CA is authorized with AA certificate
* containing toBeSigned
* containing region
* indicating REGION
* }
* Expected behaviour:
* ensure that {
* when {
* the IUT issued the AT certificate
* } then {
* this certificate is of type EtsiTs103097Certificate
* containing toBeSigned
* containing region
* containing rectangularRegion
* containing items of type RectangularRegion
* containing northwest
* indicating a point inside the REGION
* and containing southeast
* indicating a point on the south from northwest
* and inside the REGION
* }
* }
* </pre>
*
* @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_04_BV
* @reference ETSI TS 103 097 [1], Clauses 6
*/
testcase TC_SEC_ITSS_SND_CERT_04_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var SequenceOfCertificate v_aa_certificate;
var SignerIdentifier v_signerIdentifier;
var GeoNetworkingInd v_geoNwInd;
// Test control
if (not(PICS_GN_SECURITY) or not(PICS_SEC_RECTANGULAR_REGION)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_SEC_RECTANGULAR_REGION' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up(); // Initialise IUT with CERT_IUT_A_AT signed with CERT_IUT_A_AA
// Test adapter configuration
// Preamble
f_prNeighbour();
log("*** " & testcasename() & ": INFO: Wait for certificate and ask for AA certificate ***");
tc_ac.start;
f_askAndWaitForCertificateChain(v_aa_certificate, f_generateDefaultCam());
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mw_etsiTs103097Data_signed(
mw_signedData(
mw_toBeSignedData(
mw_signedDataPayload,
mw_signerIdentifier_certificate(
mw_etsiTs103097Certificate(
-,
mw_toBeSignedCertificate_at(
-, -, -,
mw_geographicRegion_rectangular
)))))))) -> value v_geoNwInd {
if (f_getMsgSignerIdentifier(f_getSecuredMessage(v_geoNwInd.msgIn), v_signerIdentifier)) {
var integer v_counter;
for (v_counter := 0; v_counter < lengthof(v_signerIdentifier.certificate); v_counter := v_counter + 1) {
if (f_areRectanglesInside(v_signerIdentifier.certificate[v_counter].toBeSigned.region.rectangularRegion, v_aa_certificate[0].toBeSigned.region.rectangularRegion) == false) {
break;
}
} // End of of for statement
if (v_counter == lengthof(v_signerIdentifier.certificate)) {
log("*** " & testcasename() & ": PASS: AT certificate is inside the validity region of the issuing certificate ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
} else {
log("*** " & testcasename() & ": FAIL: AT certificate is not inside the validity region of the issuing certificate ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
} else {
log("*** " & testcasename() & ": FAIL: IMPOSSIBLE!!! CAM generation location or certificate region restriction header field does not exist ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mw_etsiTs103097Data_signed(
mw_signedData(
mw_toBeSignedData(
mw_signedDataPayload,
mw_signerIdentifier_digest // containing digest
))) {
log("*** " & testcasename() & ": INFO: Generation of CAM messages including digest ***");
repeat;
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_CERT_04_BV
* @desc Check that the IUT supports at least 8 entries in the rectangular certificate validity
* region in the AT certificate.
* <pre>
* Pics Selection: PICS_GN_SECURITY and PICS_SEC_RECTANGULAR_REGION
* Config Id: CF01
* Initial conditions:
* with {
* the IUT is authorized with AT certificate (CERT_IUT_C_AT_8)
* containing toBeSigned
* containing region
* containing rectangularRegion
* containing 8 entries
* containing one entry (ENTRY)
* containing current IUT position
* }
* Expected behaviour:
* ensure that {
* when {
* the IUT is requested to send a secured DENM
* } then {
* this certificate is of type EtsiTs103097Certificate
* containing headerInfo
* containing generationLocation
* indicating position inside the ENTRY
* }
* }
* </pre>
*
* @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_05_BV
* @reference ETSI TS 103 097 [1], Clauses 6.4.17
*/
testcase TC_SEC_ITSS_SND_CERT_05_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var GeoNetworkingInd v_geoNwInd;
var HeaderInfo v_headerInfo;
var SignerIdentifier v_signerIdentifier;
var Certificate v_cert;
var ItsDenm v_denmComponent;
// Test control
if (not(PICS_GN_SECURITY) or not(PICS_SEC_RECTANGULAR_REGION)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_SEC_RECTANGULAR_REGION' required for executing the TC ***");
stop;
}
// Test component configuration
vc_hashedId8ToBeUsed := cc_iutCert_A; // FIXME Review certificate to be used
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
v_denmComponent := f_triggerDenmEvent();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mw_etsiTs103097Data_signed(
mw_signedData(
-,
mw_toBeSignedData(
mw_signedDataPayload,
),
mw_signerIdentifier_certificate(
mw_etsiTs103097Certificate(
mw_toBeSignedCertificate_at(
-, -, -,
mw_geographicRegion_rectangular
)
)
)
)
),
mw_geoNwBroadcastPacket
))) -> value v_geoNwInd {
if (f_getMsgHeaderInfo(f_getSecuredMessage(v_geoNwInd.msgIn), v_headerInfo) and f_getMsgSignerIdentifier(f_getSecuredMessage(v_geoNwInd.msgIn), v_signerIdentifier)) {
var ThreeDLocation v_location := { v_headerInfo.generationLocation.latitude, v_headerInfo.generationLocation.longitude, v_headerInfo.generationLocation.elevation };
for (v_counter := 0; v_counter < lengthof(v_signerIdentifier.certificate); v_counter := v_counter + 1) {
if (f_isLocationInsideRegion(v_signerIdentifier.certificate[v_counter].toBeSigned.region, v_location) == false) {
break;
}
} // End of of for statement
if (v_counter == lengthof(v_signerIdentifier.certificate)) {
log("*** " & testcasename() & ": PASS: AT certificate is inside the validity region of the issuing certificate ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
} else {
log("*** " & testcasename() & ": FAIL: AT certificate is not inside the validity region of the issuing certificate ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
} else {
log("*** " & testcasename() & ": FAIL: IMPOSSIBLE!!! CAM generation location or certificate region restriction header field does not exist ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mw_etsiTs103097Data_signed(
mw_signedData(
-,
mw_toBeSignedData(
mw_signedDataPayload,
),
mw_signerIdentifier_digest // containing digest
)
))) {
log("*** " & testcasename() & ": INFO: Generation of CAM messages including digest ***");
repeat;
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_CERT_05_BV
7765
7766
7767
7768
7769
7770
7771
7772
7773
7774
7775
7776
7777
7778
7779
7780
7781
7782
7783
7784
7785
7786
7787
7788
7789
7790
7791
7792
7793
7794
7795
7796
7797
7798
7799
7800
7801
7802
7803
7804
7805
7806
7807
7808
7809
7810
7811
7812
7813
7814
7815
7816
7817
7818
7819
7820
7821
7822
7823
7824
7825
7826
7827
7828
7829
7830
7831
7832
7833
7834
7835
7836
7837
7838
7839
7840
7841
7842
7843
7844
7845
7846
7847
7848
7849
7850
7851
7852
7853
7854
7855
7856
7857
7858
7859
7860
7861
7862
7863
7864
7865
7866
7867
7868
7869
7870
7871
7872
7873
7874
7875
7876
7877
7878
7879
7880
7881
7882
7883
7884
7885
7886
7887
7888
7889
7890
7891
7892
7893
7894
7895
7896
7897
7898
7899
7900
7901
7902
7903
7904
7905
7906
7907
7908
7909
7910
7911
7912
7913
7914
7915
7916
7917
7918
7919
7920
7921
7922
7923
7924
7925
7926
7927
7928
7929
7930
7931
7932
7933
7934
7935
7936
7937
7938
7939
7940
7941
7942
7943
7944
7945
7946
7947
7948
7949
7950
7951
7952
7953
7954
7955
7956
7957
7958
7959
7960
7961
7962
7963
7964
7965
7966
7967
7968
7969
7970
7971
7972
7973
7974
7975
7976
7977
7978
7979
7980
7981
7982
7983
7984
7985
7986
7987
7988
7989
7990
7991
7992
7993
7994
7995
7996
7997
7998
7999
8000
/**
* @desc Check that the rectangular certificate validity region of the subordinate certificate is well formed
* and inside the validity region of the issuing certificate.
* <pre>
* Pics Selection: PICS_GN_SECURITY and PICS_SEC_POLYGONAL_REGION
* Config Id: CF01
* Initial conditions:
* with {
* the CA is authorized with AA certificate
* containing toBeSigned
* containing region
* indicating REGION
* }
* Expected behaviour:
* ensure that {
* when {
* the IUT issued the AT certificate
* } then {
* this certificate is of type EtsiTs103097Certificate
* containing toBeSigned
* containing region
* containing polygonalRegion
* containing more than 2 items of type TwoDLocation
* indicating points inside the REGION
* and indicating unintercepting segments
* }
* }
* </pre>
*
* @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_06_BV
* @reference ETSI TS 103 097 [1], Clauses 6.4.21, 6.4.17,5.1.2.4
*/
testcase TC_SEC_ITSS_SND_CERT_06_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var SequenceOfCertificate v_aa_certificate;
var SignerIdentifier v_signerIdentifier;
var GeoNetworkingInd v_geoNwInd;
// Test control
if (not(PICS_GN_SECURITY) or not(PICS_SEC_POLYGONAL_REGION)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_SEC_POLYGONAL_REGION' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up(); // Initialise IUT with CERT_IUT_A_AT signed with CERT_IUT_A_AA
// Test adapter configuration
// Preamble
f_prNeighbour();
// Wait for the message with the certificate to retrieve the AA digest.
// Ask for the chain, containing AT and AA certificate
// Check AA Certificate
log("*** " & testcasename() & ": INFO: Wait for certificate and ask for AA certificate ***");
f_askAndWaitForCertificateChain(v_aa_certificate, f_generateDefaultCam());
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mw_etsiTs103097Data_signed(
mw_signedData(
-,
mw_toBeSignedData(
mw_signedDataPayload,
mw_headerInfo_cam
),
mw_signerIdentifier_certificate(
mw_etsiTs103097Certificate(
-,
mw_toBeSignedCertificate_at(
-, -, -,
mw_geographicRegion_polygonal
)))))))) -> value v_geoNwInd {
tc_ac.stop;
if (f_getMsgSignerIdentifier(f_getSecuredMessage(v_geoNwInd.msgIn), v_signerIdentifier)) {
var integer v_counter;
for (v_counter := 0; v_counter < lengthof(v_signerIdentifier.certificate); v_counter := v_counter + 1) {
if (f_arePolygonsInside(v_signerIdentifier.certificate[v_counter].toBeSigned.region.polygonalRegion, v_aa_certificate[0].toBeSigned.region.polygonalRegion) == false) {
break;
}
} // End of of for statement
if (v_counter == lengthof(v_signerIdentifier.certificate)) {
log("*** " & testcasename() & ": PASS: AT certificate is inside the validity region of the issuing certificate ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
} else {
log("*** " & testcasename() & ": FAIL: AT certificate is not inside the validity region of the issuing certificate ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
} else {
log("*** " & testcasename() & ": FAIL: IMPOSSIBLE!!! CAM generation location or certificate region restriction header field does not exist ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mw_etsiTs103097Data_signed(
mw_signedData(
-,
mw_toBeSignedData(
mw_signedDataPayload,
mw_headerInfo_cam
),
mw_signerIdentifier_digest // containing digest
)
)
))) {
log("*** " & testcasename() & ": INFO: Generation of CAM messages including digest ***");
repeat;
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_CERT_06_BV
/**
* @desc Check that the IUT supports at least 8 entries in the polygonal certificate validity
* region in the AT certificate.
* <pre>
* Pics Selection: PICS_GN_SECURITY and PICS_SEC_POLYGONAL_REGION
* Config Id: CF01
* Initial conditions:
* with {
* the IUT is authorized with AT certificate (CERT_IUT_D_AT_8)
* containing toBeSigned
* containing region
* containing polygonalRegion
* containing 8 entries
* indicating polygon P
* and the IUT’s position is inside the polygon P
* }
* Expected behaviour:
* ensure that {
* when {
* the IUT is requested to send a secured DENM
* } then {
* this certificate is of type EtsiTs103097Certificate
* containing headerInfo
* containing generationLocation
* indicating position inside the P
* }
* }
* </pre>
*
* @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_07_BV
* @reference ETSI TS 103 097 [1], Clauses 6.4.17
*/
testcase TC_SEC_ITSS_SND_CERT_07_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var GeoNetworkingInd v_geoNwInd;
var HeaderInfo v_headerInfo;
var SignerIdentifier v_signerIdentifier;
var Certificate v_cert;
var ItsDenm v_denmComponent;
// Test control
if (not(PICS_GN_SECURITY) or not(PICS_SEC_POLYGONAL_REGION)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_SEC_POLYGONAL_REGION' required for executing the TC ***");
stop;
}
// Test component configuration
vc_hashedId8ToBeUsed := cc_iutCert_A; // FIXME Review certificate to be used
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
v_denmComponent := f_triggerDenmEvent();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mw_etsiTs103097Data_signed(
mw_signedData(
-,
mw_toBeSignedData(
mw_signedDataPayload,
mw_headerInfo_denm
),
mw_signerIdentifier_certificate(
mw_etsiTs103097Certificate(
?,
mw_toBeSignedCertificate_at(
-, -, -,
mw_geographicRegion_polygonal
)
)
)
)
),
mw_geoNwBroadcastPacket
))) -> value v_geoNwInd {
tc_ac.stop;
if (f_getMsgHeaderInfo(f_getSecuredMessage(v_geoNwInd.msgIn), v_headerInfo) and f_getMsgSignerIdentifier(f_getSecuredMessage(v_geoNwInd.msgIn), v_signerIdentifier)) {
var ThreeDLocation v_location := { v_headerInfo.generationLocation.latitude, v_headerInfo.generationLocation.longitude, v_headerInfo.generationLocation.elevation };
var integer v_counter;
for (v_counter := 0; v_counter < lengthof(v_signerIdentifier.certificate); v_counter := v_counter + 1) {
if (f_isLocationInsideRegion(v_signerIdentifier.certificate[v_counter].toBeSigned.region, v_location) == false) {
break;
}
} // End of of for statement
if (v_counter == lengthof(v_signerIdentifier.certificate)) {
log("*** " & testcasename() & ": PASS: AT certificate is inside the validity region of the issuing certificate ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
} else {
log("*** " & testcasename() & ": FAIL: AT certificate is not inside the validity region of the issuing certificate ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
} else {
log("*** " & testcasename() & ": FAIL: IMPOSSIBLE!!! CAM generation location or certificate region restriction header field does not exist ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}
[] geoNetworkingPort.receive(