Commit 1f9880f9 authored by garciay's avatar garciay
Browse files

STF538: Certificate generation script

parent 2c55012b
......@@ -31,9 +31,7 @@ module ItsGenCert_Functions {
log("f_generate_signing_keys: Unsupported curve");
return -1;
}
log("f_generate_signing_keys: p_certificate_details.certificate = ", p_certificate_details.certificate);
return 0;
} // End of function f_generate_signing_keys
......@@ -58,8 +56,6 @@ module ItsGenCert_Functions {
p_certificate_params.issuing_permissions
)));
log("f_fill_certificate: p_certificate_details.certificate = ", p_certificate_details.certificate);
return 0;
} // End of function f_fill_certificate
......@@ -111,8 +107,6 @@ module ItsGenCert_Functions {
return -1;
}
log("f_generate_certificate: p_certificate_details = ", p_certificate_details);
return 0;
} // End of function f_generate_certificate
......@@ -158,13 +152,11 @@ module ItsGenCert_Functions {
if (p_certificate_params.certificate_id == p_certificate_params.signed_by) { // Root certificate
log("f_finalyse_certificate: Root certificate");
p_certificate_details.issuer := p_certificate_details.hashid8
}
log("f_finalyse_certificate: p_certificate_details = ", p_certificate_details);
}
return 0;
} // End of function f_finalyse_certificate
function f_store_certificates(
in certificate_details_list p_certificate_details_list
) return integer {
......
......@@ -26,6 +26,8 @@ module ItsGencert_TestCases {
import from ItsGenCert_Functions all;
import from ItsGenCert_TestSystem all;
import from ItsGenCert_Pics all;
modulepar boolean PX_VALIDATE_CERTIFICATES_ONLY := false;
testcase TC_GEN_CERT() runs on TCType system TCType {
var certificate_details_list v_certificate_details_list;
......@@ -98,37 +100,38 @@ module ItsGencert_TestCases {
v_idx := v_idx + 1;
}
} // End of 'for' statement
log("v_certificate_list = ", v_certificate_list);
log("TC_VALIDATE_CERT: v_certificate_list = ", v_certificate_list);
// 3. Check signature
for (var integer v_counter := 0; v_counter < lengthof(v_certificate_list); v_counter := v_counter + 1) {
var EtsiTs103097Certificate v_certificate;
var EtsiTs103097Certificate v_certificate := v_certificate_list[v_counter];
log("TC_VALIDATE_CERT: Processing certificate ", v_certificate.toBeSigned.id.name, " - ", v_certificate.issuer);
if (ischosen(v_certificate.issuer.self_)) {
if (f_verifyCertificateSignatureWithIssuingCertificate(v_certificate, v_certificate) == false) {
setverdict(fail, "Failed to verify signature for CA certificate ", v_certificate.toBeSigned.id.name);
stop;
}
if (f_verifyCertificateSignatureWithIssuingCertificate(v_certificate, v_certificate) == false) {
setverdict(fail, "Failed to verify signature for CA certificate ", v_certificate.toBeSigned.id.name);
stop;
}
} else {
var EtsiTs103097Certificate v_issuing_certificate;
var HashedId8 v_issuer;
if (ischosen(v_issuing_certificate.issuer.sha256AndDigest)) {
v_issuer := v_issuing_certificate.issuer.sha256AndDigest;
} else if (ischosen(v_issuing_certificate.issuer.sha256AndDigest)) {
v_issuer := v_issuing_certificate.issuer.sha384AndDigest;
} else {
setverdict(fail, "Unsupported issuer");
stop;
}
if (f_getCertificateFromDigest(v_issuer, v_issuing_certificate) == false) {
setverdict(fail, "Failed to get certificate from digest ", v_issuer);
stop;
}
if (f_verifyCertificateSignatureWithIssuingCertificate(v_certificate, v_issuing_certificate) == false) {
setverdict(fail, "Failed to verify signature for CA certificate ", v_certificate.toBeSigned.id.name);
stop;
}
var EtsiTs103097Certificate v_issuing_certificate;
var HashedId8 v_issuer;
if (ischosen(v_certificate.issuer.sha256AndDigest)) {
v_issuer := v_certificate.issuer.sha256AndDigest;
} else if (ischosen(v_certificate.issuer.sha384AndDigest)) {
v_issuer := v_certificate.issuer.sha384AndDigest;
} else {
setverdict(fail, "Unsupported issuer");
stop;
}
if (f_getCertificateFromDigest(v_issuer, v_issuing_certificate) == false) {
setverdict(fail, "Failed to get certificate from digest ", v_issuer);
stop;
}
if (f_verifyCertificateSignatureWithIssuingCertificate(v_certificate, v_issuing_certificate) == false) {
setverdict(fail, "Failed to verify signature for CA certificate ", v_certificate.toBeSigned.id.name);
stop;
}
}
} // End of 'for' statement
......@@ -136,7 +139,9 @@ module ItsGencert_TestCases {
} // End of testcase TC_VALIDATE_CERT
control {
execute(TC_GEN_CERT(), 1.0);
if (PX_VALIDATE_CERTIFICATES_ONLY == false) {
execute(TC_GEN_CERT(), 1.0);
}
execute(TC_VALIDATE_CERT(), 1.0);
} // End of 'control' statement
......
......@@ -964,7 +964,7 @@ module ItsSecurity_TestCases {
/**
* @desc Check that IUT sends the secured CAM containing the signing certificate when the IUT received
* a CAM from an unknown ITS-S
* a CAM from an unknown ITS-S.
* <pre>
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
......@@ -972,7 +972,7 @@ module ItsSecurity_TestCases {
* with {
* the IUT is authorized with AT certificate (CERT_IUT_A_AT)
* and the IUT is configured to send more than one CAM per second
* and the IUT having already sent CAM
* and the IUT having already sent CAM
* containing certificate
* at TIME_1
* and the IUT having received a Ieee1609Dot2Data
......@@ -1111,7 +1111,7 @@ module ItsSecurity_TestCases {
} // End of testcase TC_SEC_ITSS_SND_CAM_08_BV
/**
* @desc Check that IUT restarts the certificate sending timer when the certificate has been sent
* @desc Check that IUT restarts the certificate sending timer when the certificate has been sent.
* <pre>
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
......@@ -1301,7 +1301,7 @@ module ItsSecurity_TestCases {
* Initial conditions:
* with {
* the IUT is authorized with AT certificate (CERT_IUT_A_AT)
* and the IUT has receiving a CAM
* and the IUT has receiving a EtsiTs103097Data
* containing signer
* containing digest
* indicating HashedId8 value DIGEST_A
......@@ -1322,7 +1322,7 @@ module ItsSecurity_TestCases {
*
* @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CAM_10_BV
* @reference ETSI TS 103 097 [1] Clause 7.1.1
* IEEE 1609.2 [2], Clauses 6.3.9, 8.2.4.1.2
* IEEE 1609.2 [2], Clauses 6.3.9 & 8.2.4.1.2
*/
testcase TC_SEC_ITSS_SND_CAM_10_BV() runs on ItsGeoNetworking system ItsSecSystem {
......@@ -1330,6 +1330,8 @@ module ItsSecurity_TestCases {
var GeoNetworkingInd v_geoNwInd;
var HashedId8 v_hashedId8;
var HashedId3 v_expectedHashedId3;
var ItsCam v_component;
timer t_maxTransInterval := 0.5;
// Test control
if (not(PICS_GN_SECURITY) or not(PICS_SEC_P2P_AT_DISTRIBUTION)) {
......@@ -1349,18 +1351,49 @@ module ItsSecurity_TestCases {
v_hashedId8
);
v_expectedHashedId3 := f_HashedId3FromHashedId8(v_hashedId8);
f_sendSecuredCam(
cc_taCert_B, // SHA-256/NIST P-256
valueof(m_headerInfo_cam(-, f_computeGnTimestamp())),
valueof(
m_signerIdentifier_digest(
v_hashedId8
)
)
);
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
geoNetworkingPort.clear;
v_component := f_setCamFrequencyGreatherThan1Hz();
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mw_etsiTs103097Data_signed(
mw_signedData(
-,
mw_toBeSignedData(
mw_signedDataPayload,
mw_headerInfo_cam
),
mw_signerIdentifier_certificate // containing certificate
)
),
mw_geoNwShbPacket
))) {
tc_ac.stop;
log("*** " & testcasename() & ": INFO: Initial conditions: First CA message with certificate received ***");
// Send secured message from unknown ITS-S
geoNetworkingPort.clear;
f_sendSecuredCam(
cc_taCert_B, // SHA-256/NIST P-256
valueof(m_headerInfo_cam(-, f_computeGnTimestamp())),
valueof(
m_signerIdentifier_digest(
v_hashedId8
)
)
);
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Initial conditions: CA message with certificate not received ***");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
}
} // End of 'alt' statement
// Test Body
t_maxTransInterval.start;
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
......@@ -1372,8 +1405,7 @@ module ItsSecurity_TestCases {
mw_toBeSignedData(
mw_signedDataPayload,
mw_headerInfo_cam(
-,
-,
-, -,
{ v_expectedHashedId3 }
)
)
......@@ -1394,15 +1426,17 @@ module ItsSecurity_TestCases {
mw_toBeSignedData(
mw_signedDataPayload,
mw_headerInfo_cam
),
mw_signerIdentifier_digest // containing digest
)
)
),
mw_geoNwShbPacket
))) {
log("*** " & testcasename() & ": INFO: CA message retransmission w/o certificate request ***");
repeat;
}
[] t_maxTransInterval.timeout {
log("*** " & testcasename() & ": FAIL: CAM was transmited w/o unrecognized request header ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected CA message not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
......@@ -1410,6 +1444,7 @@ module ItsSecurity_TestCases {
} // End of 'alt' statement
// Postamble
f_terminateCam(v_component);
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_CAM_10_BV
......@@ -1418,7 +1453,7 @@ module ItsSecurity_TestCases {
* @desc Check that the IUT sends certificate request when it receives secured CAM
* containing certificate signed by unknown AA certificate.
* <pre>
* Pics Selection: PICS_GN_SECURITY, PICS_SEC_P2P_AT_DISTRIBUTION
* Pics Selection: PICS_GN_SECURITY and PICS_SEC_P2P_AT_DISTRIBUTION and (PICS_SEC_SHA256 or PICS_SEC_SHA384)
* Config Id: CF01
* Initial conditions:
* with {
......@@ -1444,7 +1479,7 @@ module ItsSecurity_TestCases {
*
* @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CAM_11_BV
* @reference ETSI TS 103 097 [1] Clause 7.1.1
* IEEE 1609.2 [2], Clauses 6.3.9, 8.2.4.1.2
* IEEE 1609.2 [2], Clauses 6.3.9 & 8.2.4.1.2
*/
testcase TC_SEC_ITSS_SND_CAM_11_BV() runs on ItsGeoNetworking system ItsSecSystem {
......@@ -1452,10 +1487,11 @@ module ItsSecurity_TestCases {
var GeoNetworkingInd v_geoNwInd;
var HashedId8 v_hashedId8;
var HashedId3 v_expectedHashedId3;
var ItsCam v_component;
// Test control
if (not(PICS_GN_SECURITY) or not(PICS_SEC_P2P_AT_DISTRIBUTION)) {
log("*** " & testcasename() & ": ERROR: 'PICS_GN_SECURITY and PICS_SEC_P2P_AT_DISTRIBUTION' required for executing the TC ***");
if (not(PICS_GN_SECURITY and PICS_SEC_P2P_AT_DISTRIBUTION and (PICS_SEC_SHA256 or PICS_SEC_SHA384))) {
log("*** " & testcasename() & ": ERROR: 'PICS_GN_SECURITY and PICS_SEC_P2P_AT_DISTRIBUTION and (PICS_SEC_SHA256 or PICS_SEC_SHA384)' required for executing the TC ***");
stop;
}
......@@ -1478,16 +1514,46 @@ module ItsSecurity_TestCases {
);
}
v_expectedHashedId3 := f_HashedId3FromHashedId8(v_hashedId8);
f_sendSecuredCam(
cc_taCert_B,
valueof(m_headerInfo_cam(-, f_computeGnTimestamp())),
valueof(
m_signerIdentifier_digest(
v_hashedId8
)
)
);
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
geoNetworkingPort.clear;
v_component := f_setCamFrequencyGreatherThan1Hz();
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mw_etsiTs103097Data_signed(
mw_signedData(
-,
mw_toBeSignedData(
mw_signedDataPayload,
mw_headerInfo_cam
),
mw_signerIdentifier_certificate // containing certificate
)
),
mw_geoNwShbPacket
))) {
tc_ac.stop;
log("*** " & testcasename() & ": INFO: Initial conditions: First CA message with certificate received ***");
// Send secured message from unknown ITS-S
geoNetworkingPort.clear;
f_sendSecuredCam(
cc_taCert_B,
valueof(m_headerInfo_cam(-, f_computeGnTimestamp())),
valueof(
m_signerIdentifier_digest(
v_hashedId8
)
)
);
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Initial conditions: CA message with certificate not received ***");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
}
} // End of 'alt' statement;
// Test Body
tc_ac.start;
......@@ -1539,6 +1605,7 @@ module ItsSecurity_TestCases {
} // End of 'alt' statement
// Postamble
f_terminateCam(v_component);
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_CAM_11_BV
......@@ -1579,7 +1646,7 @@ module ItsSecurity_TestCases {
*
* @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CAM_12_BV
* @reference ETSI TS 103 097 [1] Clause 7.1.1
* IEEE 1609.2 [2], Clauses 6.3.9, 8.2.4.2.3
* IEEE 1609.2 [2], Clauses 6.3.9 & 8.2.4.2.3
*/
testcase TC_SEC_ITSS_SND_CAM_12_BV() runs on ItsGeoNetworking system ItsSecSystem {
......@@ -1771,7 +1838,7 @@ module ItsSecurity_TestCases {
*
* @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CAM_13_BV
* @reference ETSI TS 103 097 [1] Clause 7.1.1
* IEEE 1609.2 [2], Clauses 6.3.9, 8.2.4.2.3
* IEEE 1609.2 [2], Clauses 6.3.9 & 8.2.4.2.3
*/
testcase TC_SEC_ITSS_SND_CAM_13_BV() runs on ItsGeoNetworking system ItsSecSystem {
......@@ -1949,7 +2016,7 @@ module ItsSecurity_TestCases {
*
* @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CAM_14_BV
* @reference ETSI TS 103 097 [1] Clause 7.1.1
* IEEE 1609.2 [2], Clauses 6.3.9, 8.2.4.2.3
* IEEE 1609.2 [2], Clauses 6.3.9 & 8.2.4.2.3
*/
testcase TC_SEC_ITSS_SND_CAM_14_BV() runs on ItsGeoNetworking system ItsSecSystem {
......@@ -2106,7 +2173,7 @@ module ItsSecurity_TestCases {
*
* @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CAM_15_BV
* @reference ETSI TS 103 097 [1] Clause 7.1.1
* IEEE 1609.2 [2], Clauses 6.3.9, 8.2.4.2.3
* IEEE 1609.2 [2], Clauses 6.3.9 & 8.2.4.2.3
*/
testcase TC_SEC_ITSS_SND_CAM_15_BV() runs on ItsGeoNetworking system ItsSecSystem {
......@@ -2262,7 +2329,7 @@ module ItsSecurity_TestCases {
*
* @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CAM_16_BV
* @reference ETSI TS 103 097 [1] Clause 7.1.1
* IEEE 1609.2 [2], Clauses 6.3.9, 8.2.4.2.3
* IEEE 1609.2 [2], Clauses 6.3.9 & 8.2.4.2.3
*/
testcase TC_SEC_ITSS_SND_CAM_16_BV() runs on ItsGeoNetworking system ItsSecSystem {
......@@ -2438,7 +2505,7 @@ module ItsSecurity_TestCases {
*
* @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CAM_17_BV
* @reference ETSI TS 103 097 [1] Clause 7.1.1
* IEEE 1609.2 [2], Clauses 6.3.9, 8.2.4.2.3
* IEEE 1609.2 [2], Clauses 6.3.9 & 8.2.4.2.3
*/
testcase TC_SEC_ITSS_SND_CAM_17_BV() runs on ItsGeoNetworking system ItsSecSystem {
......@@ -522,6 +522,18 @@ module TestCodec_Certificates {
} // End of testcase tc_at_certificate_sha256_2
testcase tc_at_certificate_sha256_3() runs on TCType system TCType {
var octetstring v_enc_msg := '80030080EAF64113B8B74C6610810D434552545F4955545F415F415400000000005A497A008410E001038001248104038300018001258104038300018002008D8104038300018080849574CBDD2E471BA599CD99E4C350C415761B368D82BB9D9D7BE202A16E69CE41276EEC554EEBC2EFFC12B15132BD8398CB58BB7CE47B1AEB1238FA6F741C469280809BD2B881DBD1ABD7B997A1C55E7F2E55E305F7351CA7514765C900371B4D3DD1C52B8C4613FA8B54754B56B73B1B61E452A99F3B3EB7A37F7BE3FDC0F804BF96'O;
var EtsiTs103097Certificate v_decMsg;
var bitstring v_encMsg;
var integer v_res;
v_encMsg := oct2bit(v_enc_msg);
v_res := decvalue(v_encMsg, v_decMsg);
log("Decoded message: ", v_decMsg);
setverdict(pass);
} // End of testcase tc_at_certificate_sha256_3
testcase tc_certificate_asn1c_1() runs on TCType system TCType {
var template (value) EtsiTs103097Certificate v_cert;
var charstring v_certId := "vehicle-test.example.com";
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment