ITS-CMS6 Plugtest validation

ccsrc/Protocols/Http/http_codec.cc

@@ -202,7 +202,7 @@ int http_codec::encode_request(const LibItsHttp__TypesAndValues::Request& p_requ
   p_encoding_buffer.put_cs("Content-Length: ");
   if (_ec.length != 0) {
     loggers::get_instance().log("http_codec::encode_request: Content-Length: %s", static_cast<const char*>(int2str(_ec.length + 2/*Stand for the last CRLF*/)));
-    p_encoding_buffer.put_cs(static_cast<const char*>(int2str(_ec.length + 2/*Stand for the last CRLF*/)));
+    p_encoding_buffer.put_cs(static_cast<const char*>(int2str(_ec.length)));
     _ec.is_content_length_present = 0x01;
   } else {
     p_encoding_buffer.put_cs("0");
@@ -216,7 +216,7 @@ int http_codec::encode_request(const LibItsHttp__TypesAndValues::Request& p_requ
   if (_ec.is_content_length_present == 0x01) {
     loggers::get_instance().log_msg("http_codec::encode_request: Add body ", os);
     p_encoding_buffer.put_os(os);
-    p_encoding_buffer.put_cs("\r\n");
+    //p_encoding_buffer.put_cs("\r\n");
   }
 
   loggers::get_instance().log_to_hexa("<<< http_codec::encode_request: ", p_encoding_buffer);
@@ -300,7 +300,7 @@ int http_codec::encode_response (const LibItsHttp__TypesAndValues::Response& p_r
   p_encoding_buffer.put_cs("Content-Length: ");
   if (_ec.length != 0) {
     loggers::get_instance().log("http_codec::encode_request: Content-Length: %s", static_cast<const char*>(int2str(_ec.length + 2/*Stand for the last CRLF*/)));
-    p_encoding_buffer.put_cs(static_cast<const char*>(int2str(_ec.length + 2/*Stand for the last CRLF*/)));
+    p_encoding_buffer.put_cs(static_cast<const char*>(int2str(_ec.length)));
     _ec.is_content_length_present = 0x01;
   } else {
     p_encoding_buffer.put_cs("0");

etc/AtsPki/AtsPki_Cnit.cfg_

@@ -11,9 +11,9 @@ LibItsSecurity_Pixits.PX_IUT_SEC_CONFIG_NAME := "asn1c_cert"
 LibItsHttp_Pics.PICS_HEADER_CONTENT_TYPE := "application/x-its-request"
 LibItsHttp_Pics.PICS_HEADER_HOST         := "etsi-dc-noes.labtlclivorno.it" #192.168.171.18
 
-LibItsPki_Pics.PICS_HTTP_POST_URI_EC :="/dc/ea"
+LibItsPki_Pics.PICS_HTTP_POST_URI_EC :="/dc/ea/validate"
 LibItsPki_Pics.PICS_HTTP_POST_URI_AT :="/dc/aa"
-LibItsPki_Pics.PICS_HTTP_POST_URI_ATV :="/"
+LibItsPki_Pics.PICS_HTTP_POST_URI_ATV :="/dc"
 
 LibItsPki_Pics.PICS_ITS_S_SIGN_NITSP256_PRIVATE_KEY        := '5C25F97607DFC62972A147FAD8B7A7C939569F0F95ECD4C641724A68B51836E5'O
 LibItsPki_Pics.PICS_ITS_S_SIGN_NISTP256_PUBLIC_KEY         := '020144E5174B0AFDA86BDB8B643B68D40030F5BDB9A9F090C64852CC3C20C9D5AD'O
@@ -54,7 +54,7 @@ system.httpPort.params := "HTTP(codecs=http_its:http_etsi_ieee1609dot2_codec)/TC
 
 # The EnrolmentResponse message shall be encrypted using an ETSI TS 103 097 approved algorithm and the encryption shall be
 #done with the same AES key as the one used by the ITS-S requestor for the encryption of the EnrolmentRequest message.
-ItsPki_TestCases.TC_SECPKI_EA_ENR_01_BV
+#ItsPki_TestCases.TC_SECPKI_EA_ENR_01_BV
 #ItsPki_TestCases.TC_SECPKI_EA_ENR_02_BV
 #ItsPki_TestCases.TC_SECPKI_EA_ENR_03_BV
 #ItsPki_TestCases.TC_SECPKI_EA_ENR_04_BV
@@ -69,7 +69,7 @@ ItsPki_TestCases.TC_SECPKI_EA_ENR_01_BV
 
 # The AuthorizationValidationResponse message shall be sent by the EA to the AA across the interface at reference point S4
 #in response to a received AuthorizationValidationRequest message
-#ItsPki_TestCases.TC_SECPKI_EA_AUTHVAL_RCV_01_BV
+ItsPki_TestCases.TC_SECPKI_EA_AUTHVAL_RCV_01_BV
 
 #ItsPki_TestCases.TC_SECPKI_AA_AUTH_RCV_01_BV
 

etc/AtsPki/AtsPki_Escrypt.cfg_

@@ -25,6 +25,7 @@ LibItsPki_Pics.PICS_TS_AA_CERTIFICATE_ID                  := "CERT_ESCRYPT_AA"
 #LibItsPki_Pixits.PX_VE_ALG                               := e_brainpool_p256_r1
 LibItsPki_Pixits.PX_EC_ALG_FOR_EC                        := e_brainpool_p256_r1
 LibItsPki_Pixits.PX_EC_ALG_FOR_AT                        := e_nist_p256
+LibItsPki_Pixits.PX_EC_ALG_FOR_ATV                       := e_brainpool_p256_r1
 
 LibItsPki_Pixits.PX_INCLUDE_ENCRYPTION_KEYS := false # No encryption key in Authorization request
 #LibItsPki_Pixits.PICS_PKI_AUTH_POP          := false # Do not use Signed for PoP in Authorization requet
@@ -77,12 +78,12 @@ system.httpPort.params := "HTTP(codecs=http_its:http_etsi_ieee1609dot2_codec)/TC
 #ItsPki_TestCases.TC_SECPKI_EA_AUTHVAL_RCV_01_BV
 
 #
-ItsPki_TestCases.TC_SECPKI_AA_AUTH_RCV_01_BV
+#ItsPki_TestCases.TC_SECPKI_AA_AUTH_RCV_01_BV
 #ItsPki_TestCases.TC_SECPKI_AA_AUTH_RCV_03_BI
 #ItsPki_TestCases.TC_SECPKI_AA_AUTH_RCV_04_BI
 #ItsPki_TestCases.TC_SECPKI_AA_AUTH_RCV_05_BI
 #ItsPki_TestCases.TC_SECPKI_AA_AUTH_RCV_06_BI
-#ItsPki_TestCases.TC_SECPKI_AA_AUTH_RCV_07_BI
+ItsPki_TestCases.TC_SECPKI_AA_AUTH_RCV_07_BI
 
 #ItsPki_TestCases.TC_SECPKI_AA_AUTHVAL_01_BV
 

etc/AtsPki/AtsPki_Microsec.cfg_

+
+[MODULE_PARAMETERS]
+# This section shall contain the values of all parameters that are defined in your TTCN-3 modules.
+
+# Enable Security support
+LibItsGeoNetworking_Pics.PICS_GN_SECURITY := true
+# Root path to access certificate stored in files, identified by certficate ID
+LibItsSecurity_Pixits.PX_CERTIFICATE_POOL_PATH := "/home/vagrant/tmp"
+# Configuration sub-directory to access certificate stored in files
+LibItsSecurity_Pixits.PX_IUT_SEC_CONFIG_NAME := "asn1c_cert"
+
+LibItsHttp_Pics.PICS_HEADER_CONTENT_TYPE  := "application/x-its-request"
+LibItsHttp_Pics.PICS_HEADER_HOST          := "v2x-pki-test.microsec.com"
+
+LibItsPki_Pics.PICS_HTTP_POST_URI_EC      := "/api/ecRequest"
+LibItsPki_Pics.PICS_HTTP_POST_URI_AT      := "/aa/authorization"
+LibItsPki_Pics.PICS_HTTP_POST_URI_ATV     := "/ea/validation"
+
+#LibItsPki_Pics.PICS_ITS_S_WITH_PRIVACY                    := false
+LibItsPki_Pics.PICS_ITS_S_SIGN_NITSP256_PRIVATE_KEY  := '5C25F97607DFC62972A147FAD8B7A7C939569F0F95ECD4C641724A68B51836E5'O
+LibItsPki_Pics.PICS_ITS_S_SIGN_NISTP256_PUBLIC_KEY   := '020144E5174B0AFDA86BDB8B643B68D40030F5BDB9A9F090C64852CC3C20C9D5AD'O
+LibItsPki_Pics.PICS_ITS_S_CANONICAL_ID                    := '45534352595054000000000000000011'O
+LibItsPki_Pics.PICS_TS_EA_CERTIFICATE_ID                  := "CERT_MICROSEC_EA"
+LibItsPki_Pics.PICS_TS_AA_CERTIFICATE_ID                  := "CERT_MICROSEC_AA"
+
+#LibItsPki_Pixits.PX_VE_ALG                               := e_brainpool_p256_r1
+#LibItsPki_Pixits.PX_EC_ALG_FOR_EC                        := e_brainpool_p256_r1
+#LibItsPki_Pixits.PX_EC_ALG_FOR_AT                        := e_nist_p256
+
+#LibItsPki_Pixits.PX_INCLUDE_ENCRYPTION_KEYS := false # No encryption key in Authorization request
+#LibItsPki_Pixits.PICS_PKI_AUTH_POP          := false # Do not use Signed for PoP in Authorization requet
+
+#LibItsPki_Pics.PICS_SECPKI_REENROLMENT := false # Check in logs the pattern '==> EC ' to find the required information for re-enrolment
+#LibItsPki_Pixits.PX_EC_PRIVATE_KEY     := '170D1EA638C300BD16F0025768C0F1FAA6BE23963E46AD10F79103914265D294'O
+#LibItsPki_Pixits.PX_EC_HASH            := 'DFEFC2A74C8ADD0C8B74B958EE072229D25DEAAAE30D134193D091890E8F3C2C'O
+#LibItsPki_Pixits.PX_EC_HASHED_ID8      := '93D091890E8F3C2C'O
+
+[LOGGING]
+# In this section you can specify the name of the log file and the classes of events
+# you want to log into the file or display on console (standard error).
+
+LogFile := "../logs/%e.%h-%r.%s"
+FileMask := LOG_ALL | USER | DEBUG | MATCHING
+ConsoleMask := LOG_ALL | USER | DEBUG | MATCHING
+#FileMask := ERROR | WARNING | USER | MATCHING | EXECUTOR_RUNTIME | VERDICTOP
+#ConsoleMask := ERROR | WARNING | USER | MATCHING | EXECUTOR_RUNTIME | VERDICTOP
+LogSourceInfo := Stack
+LogEntityName:= Yes
+LogEventTypes:= Yes
+#TimeStampFormat := DateTime
+
+[TESTPORT_PARAMETERS]
+# Single HTTP component port
+system.httpPort.params := "HTTP(codecs=http_its:http_etsi_ieee1609dot2_codec)/TCP(debug=1,server=v2x-pki-test.microsec.com)"
+
+[EXECUTE]
+# The EnrolmentResponse message shall be sent by the EA to the ITS-S across the interface at reference point S3 in response to a received EnrolmentRequest message
+ItsPki_TestCases.TC_SECPKI_EA_ENR_RCV_01_BV
+# Check that EA doesn't accept Enrolment rekeying request when enrolment is not permitted by signing certificate
+#ItsPki_TestCases.TC_SECPKI_EA_ENR_RCV_02_BI
+
+# The EnrolmentResponse message shall be encrypted using an ETSI TS 103 097 approved algorithm and the encryption shall be done with the same AES key as the one used by the ITS-S requestor for the encryption of the EnrolmentRequest message.
+#ItsPki_TestCases.TC_SECPKI_EA_ENR_01_BV
+#ItsPki_TestCases.TC_SECPKI_EA_ENR_02_BV
+#ItsPki_TestCases.TC_SECPKI_EA_ENR_03_BV
+#ItsPki_TestCases.TC_SECPKI_EA_ENR_04_BV
+#ItsPki_TestCases.TC_SECPKI_EA_ENR_05_BV
+#ItsPki_TestCases.TC_SECPKI_EA_ENR_06_BV
+#ItsPki_TestCases.TC_SECPKI_EA_ENR_07_BV
+#ItsPki_TestCases.TC_SECPKI_EA_ENR_01_BV
+#ItsPki_TestCases.TC_SECPKI_EA_ENR_08_BV
+#ItsPki_TestCases.TC_SECPKI_EA_ENR_09_BV
+#ItsPki_TestCases.TC_SECPKI_EA_ENR_10_BV
+#ItsPki_TestCases.TC_SECPKI_EA_ENR_11_BV
+#ItsPki_TestCases.TC_SECPKI_EA_ENR_RCV_02_BI
+
+# 
+#ItsPki_TestCases.TC_SECPKI_EA_AUTHVAL_RCV_01_BV
+
+#
+#ItsPki_TestCases.TC_SECPKI_AA_AUTH_RCV_01_BV
+#ItsPki_TestCases.TC_SECPKI_AA_AUTH_RCV_03_BI
+#ItsPki_TestCases.TC_SECPKI_AA_AUTH_RCV_04_BI
+#ItsPki_TestCases.TC_SECPKI_AA_AUTH_RCV_05_BI
+#ItsPki_TestCases.TC_SECPKI_AA_AUTH_RCV_06_BI
+#ItsPki_TestCases.TC_SECPKI_AA_AUTH_RCV_07_BI
+
+#ItsPki_TestCases.TC_SECPKI_AA_AUTHVAL_01_BV
+
+[MAIN_CONTROLLER]
+# The options herein control the behavior of MC.
+KillTimer := 10.0
+LocalAddress := 127.0.0.1
+TCPPort := 12000
+NumHCs := 1
+

etc/AtsSecurity/AtsSecurity.cfg

@@ -39,12 +39,24 @@
 #  stationCountryCode := 250, #33,
 #  mid := 'b680025e2a44'O
 #} # LaCroix
+#LibItsGeoNetworking_Pics.PICS_GN_LOCAL_GN_ADDR := {
+#  typeOfAddress := e_manual,
+#  stationType := e_passengerCar,
+#  stationCountryCode := 0,
+#  mid := '04e548000001'O
+#} # Codha
+#LibItsGeoNetworking_Pics.PICS_GN_LOCAL_GN_ADDR := {
+#  typeOfAddress := e_initial,
+#  stationType := e_passengerCar,
+#  stationCountryCode := 310,
+#  mid := '70b3d5f2a627'O
+#} # Comsignia
 LibItsGeoNetworking_Pics.PICS_GN_LOCAL_GN_ADDR := {
-  typeOfAddress := e_initial,
-  stationType := e_unknown,
-  stationCountryCode := 140, #33,
-  mid := '00e06a016537'O
-} # Codha
+  typeOfAddress := e_manual,
+  stationType := e_passengerCar,
+  stationCountryCode := 1,
+  mid := '00005e900101'O
+} # Savari
 #LibItsGeoNetworking_Pics.PICS_GN_LOCAL_GN_ADDR := {
 #  typeOfAddress := e_initial,
 #  stationType := e_unknown, #e_roadSideUnit,
@@ -167,7 +179,8 @@ system.geoNetworkingPort.params := "GN(ll_address=4C5E0C14D2EB,latitude=43551050
 
 #system.utPort.params := "UT_DENM/UDP(dst_ip=172.23.0.1,dst_port=8000)" # Nordsys
 
-#system.utPort.params     := "UT_CAM/UDP(dst_ip=10.8.0.1,dst_port=56000)" # Commsignia
+#system.utPort.params     := "UT_CAM/UDP(dst_ip=10.100.60.95,dst_port=56000)" # Commsignia
+#system.camUtPort.params     := "UT_CAM/UDP(dst_ip=10.100.60.95,src_port=12345,dst_port=56000)" # Commsignia
 
 #system.utPort.params     := "UT_CAM/UDP(dst_ip=10.100.62.1,dst_port=10005)" # Marben
 
@@ -175,7 +188,13 @@ system.geoNetworkingPort.params := "GN(ll_address=4C5E0C14D2EB,latitude=43551050
 
 #system.utPort.params := "UT_CAM/UDP(dst_ip=192.168.42.10,dst_port=4200)" # Lacroix
 
-system.utPort.params  := "UT_CAM/UDP(dst_ip=192.168.3.2,dst_port=5001)" # Codha
+#system.utPort.params  := "UT_CAM/UDP(dst_ip=10.100.60.220)" # Codha
+
+#system.utPort.params  := "UT_CAM/UDP(dst_ip=10.100.60.72)" # Codha
+
+system.utPort.params     := "UT_CAM/UDP(dst_ip=159.254.75.6,dst_port=1999)" # Savari
+#system.camUtPort.params     := "UT_CAM/UDP(dst_ip=159.254.75.6,src_port=12345,dst_port=1999)" # Savari
+system.denmUtPort.params     := "UT_DENM/UDP(dst_ip=159.254.75.6,src_port=12345,dst_port=1999)" # Savari
 
 [EXECUTE]
 
@@ -187,7 +206,7 @@ system.utPort.params  := "UT_CAM/UDP(dst_ip=192.168.3.2,dst_port=5001)" # Codha
 
 # ------------------------- CAM ---------------------------
 # Check that IUT sends the secured CAM using SignedData container.
-ItsSecurity_TestCases.TC_SEC_ITSS_SND_CAM_01_BV
+#ItsSecurity_TestCases.TC_SEC_ITSS_SND_CAM_01_BV
 
 # Check that IUT sends the secured CAM containing the HeaderInfo field psid set to 'AID_CAM'.
 #ItsSecurity_TestCases.TC_SEC_ITSS_SND_CAM_02_BV
@@ -307,7 +326,7 @@ ItsSecurity_TestCases.TC_SEC_ITSS_SND_CAM_01_BV
 #ItsSecurity_TestCases.TC_SEC_ITSS_SND_CAM_27_BV
 
 #--------------------------------------- DENM ------------------------------------------            
-#ItsSecurity_TestCases.TC_SEC_ITSS_SND_DENM_01_BV
+ItsSecurity_TestCases.TC_SEC_ITSS_SND_DENM_01_BV
 #ItsSecurity_TestCases.TC_SEC_ITSS_SND_DENM_02_BV
 #ItsSecurity_TestCases.TC_SEC_ITSS_SND_DENM_03_BV
 #ItsSecurity_TestCases.TC_SEC_ITSS_SND_DENM_04_BV

ttcn/AtsPki/ItsPki_TestCases.ttcn

@@ -208,21 +208,38 @@ module ItsPki_TestCases {
                 if (ispresent(p_inner_at_request.publicKeys.encryptionKey)) {
                   v_encoded_tag := v_encoded_tag & bit2oct(encvalue(p_inner_at_request.publicKeys.encryptionKey));
                 }
-                // TODO Verify HMAC-SHA256
+                // Verify HMAC-SHA256
                 log("f_verify_http_at_request_from_iut_itss: v_encoded_tag= ", v_encoded_tag);
+                v_key_tag := substr(
+                                    fx_hmac_sha256( // TODO Rename and use a wrapper function
+                                                   p_inner_at_request.hmacKey,
+                                                   v_encoded_tag
+                                                    ),
+                                    0,
+                                    16); // Leftmost 128 bits of the HMAC-SHA256 tag computed previously
+                log("f_verify_http_at_request_from_iut_itss: v_key_tag: ", v_key_tag);
                 log("f_verify_http_at_request_from_iut_itss: keyTag= ", p_inner_at_request.sharedAtRequest.keyTag);
-                
-                // Send OK message
-                log("f_verify_http_at_request_from_iut_itss: Receive ", p_inner_at_request);
-                if (p_force_response_code == ok) {
-                  f_http_build_authorization_response(p_inner_at_request, ok, v_request_hash, vc_eaPrivateKey, vc_eaWholeHash, v_aes_enc_key, v_inner_at_response, v_ieee1609dot2_signed_and_encrypted_data);
+                log("f_verify_http_at_request_from_iut_itss: matching: ", match(p_inner_at_request.sharedAtRequest.keyTag, v_key_tag));
+                if (match(p_inner_at_request.sharedAtRequest.keyTag, v_key_tag) == false) {
+                  // Send error message: No enrolment request
+                  f_http_build_authorization_response(p_inner_at_request, its_aa_keysdontmatch, v_request_hash, -, -, v_aes_enc_key, v_inner_at_response, v_ieee1609dot2_signed_and_encrypted_data);
+                v_response := m_http_response(m_http_response_ok(m_http_message_body_binary(m_binary_body_ieee1609dot2_data(v_ieee1609dot2_signed_and_encrypted_data)), p_headers));
+                  // Set verdict
+                  p_result := -5;
+                  
                 } else {
-                  log("f_verify_http_at_request_from_iut_itss: Succeed built force error code ", p_force_response_code);
-                  f_http_build_authorization_response(p_inner_at_request, p_force_response_code, v_request_hash, -, -, v_aes_enc_key, v_inner_at_response, v_ieee1609dot2_signed_and_encrypted_data);
-                }
+                  // Send OK message
+                  log("f_verify_http_at_request_from_iut_itss: Receive ", p_inner_at_request);
+                  if (p_force_response_code == ok) {
+                    f_http_build_authorization_response(p_inner_at_request, ok, v_request_hash, vc_eaPrivateKey, vc_eaWholeHash, v_aes_enc_key, v_inner_at_response, v_ieee1609dot2_signed_and_encrypted_data);
+                  } else {
+                    log("f_verify_http_at_request_from_iut_itss: Succeed built force error code ", p_force_response_code);
+                    f_http_build_authorization_response(p_inner_at_request, p_force_response_code, v_request_hash, -, -, v_aes_enc_key, v_inner_at_response, v_ieee1609dot2_signed_and_encrypted_data);
+                  }
                 v_response := m_http_response(m_http_response_ok(m_http_message_body_binary(m_binary_body_ieee1609dot2_data(v_ieee1609dot2_signed_and_encrypted_data)), p_headers));
-                // Set verdict
-                p_result := 0;
+                  // Set verdict
+                  p_result := 0;
+                }
               }
             }
           }

LibIts @ c2b587e6

-Subproject commit 7f9ffa8eaf73998f6b565a5e595ed2e54dcba9e8
+Subproject commit c2b587e66d74a936f870db1a9a17fd9e051f40cf