Commit 0dad4064 authored by Yann Garcia's avatar Yann Garcia
Browse files

ITS-CMS6 Plugtest validation

parent 4ba5fda7
......@@ -202,7 +202,7 @@ int http_codec::encode_request(const LibItsHttp__TypesAndValues::Request& p_requ
p_encoding_buffer.put_cs("Content-Length: ");
if (_ec.length != 0) {
loggers::get_instance().log("http_codec::encode_request: Content-Length: %s", static_cast<const char*>(int2str(_ec.length + 2/*Stand for the last CRLF*/)));
p_encoding_buffer.put_cs(static_cast<const char*>(int2str(_ec.length + 2/*Stand for the last CRLF*/)));
p_encoding_buffer.put_cs(static_cast<const char*>(int2str(_ec.length)));
_ec.is_content_length_present = 0x01;
} else {
p_encoding_buffer.put_cs("0");
......@@ -216,7 +216,7 @@ int http_codec::encode_request(const LibItsHttp__TypesAndValues::Request& p_requ
if (_ec.is_content_length_present == 0x01) {
loggers::get_instance().log_msg("http_codec::encode_request: Add body ", os);
p_encoding_buffer.put_os(os);
p_encoding_buffer.put_cs("\r\n");
//p_encoding_buffer.put_cs("\r\n");
}
loggers::get_instance().log_to_hexa("<<< http_codec::encode_request: ", p_encoding_buffer);
......@@ -300,7 +300,7 @@ int http_codec::encode_response (const LibItsHttp__TypesAndValues::Response& p_r
p_encoding_buffer.put_cs("Content-Length: ");
if (_ec.length != 0) {
loggers::get_instance().log("http_codec::encode_request: Content-Length: %s", static_cast<const char*>(int2str(_ec.length + 2/*Stand for the last CRLF*/)));
p_encoding_buffer.put_cs(static_cast<const char*>(int2str(_ec.length + 2/*Stand for the last CRLF*/)));
p_encoding_buffer.put_cs(static_cast<const char*>(int2str(_ec.length)));
_ec.is_content_length_present = 0x01;
} else {
p_encoding_buffer.put_cs("0");
......
......@@ -11,9 +11,9 @@ LibItsSecurity_Pixits.PX_IUT_SEC_CONFIG_NAME := "asn1c_cert"
LibItsHttp_Pics.PICS_HEADER_CONTENT_TYPE := "application/x-its-request"
LibItsHttp_Pics.PICS_HEADER_HOST := "etsi-dc-noes.labtlclivorno.it" #192.168.171.18
LibItsPki_Pics.PICS_HTTP_POST_URI_EC :="/dc/ea"
LibItsPki_Pics.PICS_HTTP_POST_URI_EC :="/dc/ea/validate"
LibItsPki_Pics.PICS_HTTP_POST_URI_AT :="/dc/aa"
LibItsPki_Pics.PICS_HTTP_POST_URI_ATV :="/"
LibItsPki_Pics.PICS_HTTP_POST_URI_ATV :="/dc"
LibItsPki_Pics.PICS_ITS_S_SIGN_NITSP256_PRIVATE_KEY := '5C25F97607DFC62972A147FAD8B7A7C939569F0F95ECD4C641724A68B51836E5'O
LibItsPki_Pics.PICS_ITS_S_SIGN_NISTP256_PUBLIC_KEY := '020144E5174B0AFDA86BDB8B643B68D40030F5BDB9A9F090C64852CC3C20C9D5AD'O
......@@ -54,7 +54,7 @@ system.httpPort.params := "HTTP(codecs=http_its:http_etsi_ieee1609dot2_codec)/TC
# The EnrolmentResponse message shall be encrypted using an ETSI TS 103 097 approved algorithm and the encryption shall be
#done with the same AES key as the one used by the ITS-S requestor for the encryption of the EnrolmentRequest message.
ItsPki_TestCases.TC_SECPKI_EA_ENR_01_BV
#ItsPki_TestCases.TC_SECPKI_EA_ENR_01_BV
#ItsPki_TestCases.TC_SECPKI_EA_ENR_02_BV
#ItsPki_TestCases.TC_SECPKI_EA_ENR_03_BV
#ItsPki_TestCases.TC_SECPKI_EA_ENR_04_BV
......@@ -69,7 +69,7 @@ ItsPki_TestCases.TC_SECPKI_EA_ENR_01_BV
# The AuthorizationValidationResponse message shall be sent by the EA to the AA across the interface at reference point S4
#in response to a received AuthorizationValidationRequest message
#ItsPki_TestCases.TC_SECPKI_EA_AUTHVAL_RCV_01_BV
ItsPki_TestCases.TC_SECPKI_EA_AUTHVAL_RCV_01_BV
#ItsPki_TestCases.TC_SECPKI_AA_AUTH_RCV_01_BV
......
......@@ -25,6 +25,7 @@ LibItsPki_Pics.PICS_TS_AA_CERTIFICATE_ID := "CERT_ESCRYPT_AA"
#LibItsPki_Pixits.PX_VE_ALG := e_brainpool_p256_r1
LibItsPki_Pixits.PX_EC_ALG_FOR_EC := e_brainpool_p256_r1
LibItsPki_Pixits.PX_EC_ALG_FOR_AT := e_nist_p256
LibItsPki_Pixits.PX_EC_ALG_FOR_ATV := e_brainpool_p256_r1
LibItsPki_Pixits.PX_INCLUDE_ENCRYPTION_KEYS := false # No encryption key in Authorization request
#LibItsPki_Pixits.PICS_PKI_AUTH_POP := false # Do not use Signed for PoP in Authorization requet
......@@ -77,12 +78,12 @@ system.httpPort.params := "HTTP(codecs=http_its:http_etsi_ieee1609dot2_codec)/TC
#ItsPki_TestCases.TC_SECPKI_EA_AUTHVAL_RCV_01_BV
#
ItsPki_TestCases.TC_SECPKI_AA_AUTH_RCV_01_BV
#ItsPki_TestCases.TC_SECPKI_AA_AUTH_RCV_01_BV
#ItsPki_TestCases.TC_SECPKI_AA_AUTH_RCV_03_BI
#ItsPki_TestCases.TC_SECPKI_AA_AUTH_RCV_04_BI
#ItsPki_TestCases.TC_SECPKI_AA_AUTH_RCV_05_BI
#ItsPki_TestCases.TC_SECPKI_AA_AUTH_RCV_06_BI
#ItsPki_TestCases.TC_SECPKI_AA_AUTH_RCV_07_BI
ItsPki_TestCases.TC_SECPKI_AA_AUTH_RCV_07_BI
#ItsPki_TestCases.TC_SECPKI_AA_AUTHVAL_01_BV
......
[MODULE_PARAMETERS]
# This section shall contain the values of all parameters that are defined in your TTCN-3 modules.
# Enable Security support
LibItsGeoNetworking_Pics.PICS_GN_SECURITY := true
# Root path to access certificate stored in files, identified by certficate ID
LibItsSecurity_Pixits.PX_CERTIFICATE_POOL_PATH := "/home/vagrant/tmp"
# Configuration sub-directory to access certificate stored in files
LibItsSecurity_Pixits.PX_IUT_SEC_CONFIG_NAME := "asn1c_cert"
LibItsHttp_Pics.PICS_HEADER_CONTENT_TYPE := "application/x-its-request"
LibItsHttp_Pics.PICS_HEADER_HOST := "v2x-pki-test.microsec.com"
LibItsPki_Pics.PICS_HTTP_POST_URI_EC := "/api/ecRequest"
LibItsPki_Pics.PICS_HTTP_POST_URI_AT := "/aa/authorization"
LibItsPki_Pics.PICS_HTTP_POST_URI_ATV := "/ea/validation"
#LibItsPki_Pics.PICS_ITS_S_WITH_PRIVACY := false
LibItsPki_Pics.PICS_ITS_S_SIGN_NITSP256_PRIVATE_KEY := '5C25F97607DFC62972A147FAD8B7A7C939569F0F95ECD4C641724A68B51836E5'O
LibItsPki_Pics.PICS_ITS_S_SIGN_NISTP256_PUBLIC_KEY := '020144E5174B0AFDA86BDB8B643B68D40030F5BDB9A9F090C64852CC3C20C9D5AD'O
LibItsPki_Pics.PICS_ITS_S_CANONICAL_ID := '45534352595054000000000000000011'O
LibItsPki_Pics.PICS_TS_EA_CERTIFICATE_ID := "CERT_MICROSEC_EA"
LibItsPki_Pics.PICS_TS_AA_CERTIFICATE_ID := "CERT_MICROSEC_AA"
#LibItsPki_Pixits.PX_VE_ALG := e_brainpool_p256_r1
#LibItsPki_Pixits.PX_EC_ALG_FOR_EC := e_brainpool_p256_r1
#LibItsPki_Pixits.PX_EC_ALG_FOR_AT := e_nist_p256
#LibItsPki_Pixits.PX_INCLUDE_ENCRYPTION_KEYS := false # No encryption key in Authorization request
#LibItsPki_Pixits.PICS_PKI_AUTH_POP := false # Do not use Signed for PoP in Authorization requet
#LibItsPki_Pics.PICS_SECPKI_REENROLMENT := false # Check in logs the pattern '==> EC ' to find the required information for re-enrolment
#LibItsPki_Pixits.PX_EC_PRIVATE_KEY := '170D1EA638C300BD16F0025768C0F1FAA6BE23963E46AD10F79103914265D294'O
#LibItsPki_Pixits.PX_EC_HASH := 'DFEFC2A74C8ADD0C8B74B958EE072229D25DEAAAE30D134193D091890E8F3C2C'O
#LibItsPki_Pixits.PX_EC_HASHED_ID8 := '93D091890E8F3C2C'O
[LOGGING]
# In this section you can specify the name of the log file and the classes of events
# you want to log into the file or display on console (standard error).
LogFile := "../logs/%e.%h-%r.%s"
FileMask := LOG_ALL | USER | DEBUG | MATCHING
ConsoleMask := LOG_ALL | USER | DEBUG | MATCHING
#FileMask := ERROR | WARNING | USER | MATCHING | EXECUTOR_RUNTIME | VERDICTOP
#ConsoleMask := ERROR | WARNING | USER | MATCHING | EXECUTOR_RUNTIME | VERDICTOP
LogSourceInfo := Stack
LogEntityName:= Yes
LogEventTypes:= Yes
#TimeStampFormat := DateTime
[TESTPORT_PARAMETERS]
# Single HTTP component port
system.httpPort.params := "HTTP(codecs=http_its:http_etsi_ieee1609dot2_codec)/TCP(debug=1,server=v2x-pki-test.microsec.com)"
[EXECUTE]
# The EnrolmentResponse message shall be sent by the EA to the ITS-S across the interface at reference point S3 in response to a received EnrolmentRequest message
ItsPki_TestCases.TC_SECPKI_EA_ENR_RCV_01_BV
# Check that EA doesn't accept Enrolment rekeying request when enrolment is not permitted by signing certificate
#ItsPki_TestCases.TC_SECPKI_EA_ENR_RCV_02_BI
# The EnrolmentResponse message shall be encrypted using an ETSI TS 103 097 approved algorithm and the encryption shall be done with the same AES key as the one used by the ITS-S requestor for the encryption of the EnrolmentRequest message.
#ItsPki_TestCases.TC_SECPKI_EA_ENR_01_BV
#ItsPki_TestCases.TC_SECPKI_EA_ENR_02_BV
#ItsPki_TestCases.TC_SECPKI_EA_ENR_03_BV
#ItsPki_TestCases.TC_SECPKI_EA_ENR_04_BV
#ItsPki_TestCases.TC_SECPKI_EA_ENR_05_BV
#ItsPki_TestCases.TC_SECPKI_EA_ENR_06_BV
#ItsPki_TestCases.TC_SECPKI_EA_ENR_07_BV
#ItsPki_TestCases.TC_SECPKI_EA_ENR_01_BV
#ItsPki_TestCases.TC_SECPKI_EA_ENR_08_BV
#ItsPki_TestCases.TC_SECPKI_EA_ENR_09_BV
#ItsPki_TestCases.TC_SECPKI_EA_ENR_10_BV
#ItsPki_TestCases.TC_SECPKI_EA_ENR_11_BV
#ItsPki_TestCases.TC_SECPKI_EA_ENR_RCV_02_BI
#
#ItsPki_TestCases.TC_SECPKI_EA_AUTHVAL_RCV_01_BV
#
#ItsPki_TestCases.TC_SECPKI_AA_AUTH_RCV_01_BV
#ItsPki_TestCases.TC_SECPKI_AA_AUTH_RCV_03_BI
#ItsPki_TestCases.TC_SECPKI_AA_AUTH_RCV_04_BI
#ItsPki_TestCases.TC_SECPKI_AA_AUTH_RCV_05_BI
#ItsPki_TestCases.TC_SECPKI_AA_AUTH_RCV_06_BI
#ItsPki_TestCases.TC_SECPKI_AA_AUTH_RCV_07_BI
#ItsPki_TestCases.TC_SECPKI_AA_AUTHVAL_01_BV
[MAIN_CONTROLLER]
# The options herein control the behavior of MC.
KillTimer := 10.0
LocalAddress := 127.0.0.1
TCPPort := 12000
NumHCs := 1
......@@ -39,12 +39,24 @@
# stationCountryCode := 250, #33,
# mid := 'b680025e2a44'O
#} # LaCroix
#LibItsGeoNetworking_Pics.PICS_GN_LOCAL_GN_ADDR := {
# typeOfAddress := e_manual,
# stationType := e_passengerCar,
# stationCountryCode := 0,
# mid := '04e548000001'O
#} # Codha
#LibItsGeoNetworking_Pics.PICS_GN_LOCAL_GN_ADDR := {
# typeOfAddress := e_initial,
# stationType := e_passengerCar,
# stationCountryCode := 310,
# mid := '70b3d5f2a627'O
#} # Comsignia
LibItsGeoNetworking_Pics.PICS_GN_LOCAL_GN_ADDR := {
typeOfAddress := e_initial,
stationType := e_unknown,
stationCountryCode := 140, #33,
mid := '00e06a016537'O
} # Codha
typeOfAddress := e_manual,
stationType := e_passengerCar,
stationCountryCode := 1,
mid := '00005e900101'O
} # Savari
#LibItsGeoNetworking_Pics.PICS_GN_LOCAL_GN_ADDR := {
# typeOfAddress := e_initial,
# stationType := e_unknown, #e_roadSideUnit,
......@@ -167,7 +179,8 @@ system.geoNetworkingPort.params := "GN(ll_address=4C5E0C14D2EB,latitude=43551050
#system.utPort.params := "UT_DENM/UDP(dst_ip=172.23.0.1,dst_port=8000)" # Nordsys
#system.utPort.params := "UT_CAM/UDP(dst_ip=10.8.0.1,dst_port=56000)" # Commsignia
#system.utPort.params := "UT_CAM/UDP(dst_ip=10.100.60.95,dst_port=56000)" # Commsignia
#system.camUtPort.params := "UT_CAM/UDP(dst_ip=10.100.60.95,src_port=12345,dst_port=56000)" # Commsignia
#system.utPort.params := "UT_CAM/UDP(dst_ip=10.100.62.1,dst_port=10005)" # Marben
......@@ -175,7 +188,13 @@ system.geoNetworkingPort.params := "GN(ll_address=4C5E0C14D2EB,latitude=43551050
#system.utPort.params := "UT_CAM/UDP(dst_ip=192.168.42.10,dst_port=4200)" # Lacroix
system.utPort.params := "UT_CAM/UDP(dst_ip=192.168.3.2,dst_port=5001)" # Codha
#system.utPort.params := "UT_CAM/UDP(dst_ip=10.100.60.220)" # Codha
#system.utPort.params := "UT_CAM/UDP(dst_ip=10.100.60.72)" # Codha
system.utPort.params := "UT_CAM/UDP(dst_ip=159.254.75.6,dst_port=1999)" # Savari
#system.camUtPort.params := "UT_CAM/UDP(dst_ip=159.254.75.6,src_port=12345,dst_port=1999)" # Savari
system.denmUtPort.params := "UT_DENM/UDP(dst_ip=159.254.75.6,src_port=12345,dst_port=1999)" # Savari
[EXECUTE]
......@@ -187,7 +206,7 @@ system.utPort.params := "UT_CAM/UDP(dst_ip=192.168.3.2,dst_port=5001)" # Codha
# ------------------------- CAM ---------------------------
# Check that IUT sends the secured CAM using SignedData container.
ItsSecurity_TestCases.TC_SEC_ITSS_SND_CAM_01_BV
#ItsSecurity_TestCases.TC_SEC_ITSS_SND_CAM_01_BV
# Check that IUT sends the secured CAM containing the HeaderInfo field psid set to 'AID_CAM'.
#ItsSecurity_TestCases.TC_SEC_ITSS_SND_CAM_02_BV
......@@ -307,7 +326,7 @@ ItsSecurity_TestCases.TC_SEC_ITSS_SND_CAM_01_BV
#ItsSecurity_TestCases.TC_SEC_ITSS_SND_CAM_27_BV
#--------------------------------------- DENM ------------------------------------------
#ItsSecurity_TestCases.TC_SEC_ITSS_SND_DENM_01_BV
ItsSecurity_TestCases.TC_SEC_ITSS_SND_DENM_01_BV
#ItsSecurity_TestCases.TC_SEC_ITSS_SND_DENM_02_BV
#ItsSecurity_TestCases.TC_SEC_ITSS_SND_DENM_03_BV
#ItsSecurity_TestCases.TC_SEC_ITSS_SND_DENM_04_BV
......
......@@ -208,21 +208,38 @@ module ItsPki_TestCases {
if (ispresent(p_inner_at_request.publicKeys.encryptionKey)) {
v_encoded_tag := v_encoded_tag & bit2oct(encvalue(p_inner_at_request.publicKeys.encryptionKey));
}
// TODO Verify HMAC-SHA256
// Verify HMAC-SHA256
log("f_verify_http_at_request_from_iut_itss: v_encoded_tag= ", v_encoded_tag);
v_key_tag := substr(
fx_hmac_sha256( // TODO Rename and use a wrapper function
p_inner_at_request.hmacKey,
v_encoded_tag
),
0,
16); // Leftmost 128 bits of the HMAC-SHA256 tag computed previously
log("f_verify_http_at_request_from_iut_itss: v_key_tag: ", v_key_tag);
log("f_verify_http_at_request_from_iut_itss: keyTag= ", p_inner_at_request.sharedAtRequest.keyTag);
// Send OK message
log("f_verify_http_at_request_from_iut_itss: Receive ", p_inner_at_request);
if (p_force_response_code == ok) {
f_http_build_authorization_response(p_inner_at_request, ok, v_request_hash, vc_eaPrivateKey, vc_eaWholeHash, v_aes_enc_key, v_inner_at_response, v_ieee1609dot2_signed_and_encrypted_data);
log("f_verify_http_at_request_from_iut_itss: matching: ", match(p_inner_at_request.sharedAtRequest.keyTag, v_key_tag));
if (match(p_inner_at_request.sharedAtRequest.keyTag, v_key_tag) == false) {
// Send error message: No enrolment request
f_http_build_authorization_response(p_inner_at_request, its_aa_keysdontmatch, v_request_hash, -, -, v_aes_enc_key, v_inner_at_response, v_ieee1609dot2_signed_and_encrypted_data);
v_response := m_http_response(m_http_response_ok(m_http_message_body_binary(m_binary_body_ieee1609dot2_data(v_ieee1609dot2_signed_and_encrypted_data)), p_headers));
// Set verdict
p_result := -5;
} else {
log("f_verify_http_at_request_from_iut_itss: Succeed built force error code ", p_force_response_code);
f_http_build_authorization_response(p_inner_at_request, p_force_response_code, v_request_hash, -, -, v_aes_enc_key, v_inner_at_response, v_ieee1609dot2_signed_and_encrypted_data);
}
// Send OK message
log("f_verify_http_at_request_from_iut_itss: Receive ", p_inner_at_request);
if (p_force_response_code == ok) {
f_http_build_authorization_response(p_inner_at_request, ok, v_request_hash, vc_eaPrivateKey, vc_eaWholeHash, v_aes_enc_key, v_inner_at_response, v_ieee1609dot2_signed_and_encrypted_data);
} else {
log("f_verify_http_at_request_from_iut_itss: Succeed built force error code ", p_force_response_code);
f_http_build_authorization_response(p_inner_at_request, p_force_response_code, v_request_hash, -, -, v_aes_enc_key, v_inner_at_response, v_ieee1609dot2_signed_and_encrypted_data);
}
v_response := m_http_response(m_http_response_ok(m_http_message_body_binary(m_binary_body_ieee1609dot2_data(v_ieee1609dot2_signed_and_encrypted_data)), p_headers));
// Set verdict
p_result := 0;
// Set verdict
p_result := 0;
}
}
}
}
......
Subproject commit 7f9ffa8eaf73998f6b565a5e595ed2e54dcba9e8
Subproject commit c2b587e66d74a936f870db1a9a17fd9e051f40cf
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment