STF538: Certificate generation script (1f9880f9) · Commits · ITS - Intelligent Transport Systems / ITS

ttcn/AtsGenCert/ItsGenCert_Functions.ttcn

+4 −12

Original line number	Diff line number	Diff line
		@@ -32,8 +32,6 @@ module ItsGenCert_Functions {
		return -1;
		}

		log("f_generate_signing_keys: p_certificate_details.certificate = ", p_certificate_details.certificate);

		return 0;
		} // End of function f_generate_signing_keys

		@@ -58,8 +56,6 @@ module ItsGenCert_Functions {
		p_certificate_params.issuing_permissions
		)));

		log("f_fill_certificate: p_certificate_details.certificate = ", p_certificate_details.certificate);

		return 0;
		} // End of function f_fill_certificate

		@@ -111,8 +107,6 @@ module ItsGenCert_Functions {
		return -1;
		}

		log("f_generate_certificate: p_certificate_details = ", p_certificate_details);

		return 0;
		} // End of function f_generate_certificate

		@@ -160,8 +154,6 @@ module ItsGenCert_Functions {
		p_certificate_details.issuer := p_certificate_details.hashid8
		}

		log("f_finalyse_certificate: p_certificate_details = ", p_certificate_details);

		return 0;
		} // End of function f_finalyse_certificate

ttcn/AtsGenCert/ItsGenCert_TestCases.ttcn

+32 −27

Original line number	Diff line number	Diff line
		@@ -27,6 +27,8 @@ module ItsGencert_TestCases {
		import from ItsGenCert_TestSystem all;
		import from ItsGenCert_Pics all;

		modulepar boolean PX_VALIDATE_CERTIFICATES_ONLY := false;

		testcase TC_GEN_CERT() runs on TCType system TCType {
		var certificate_details_list v_certificate_details_list;
		var integer v_idx := 0;
		@@ -98,11 +100,12 @@ module ItsGencert_TestCases {
		v_idx := v_idx + 1;
		}
		} // End of 'for' statement
		log("v_certificate_list = ", v_certificate_list);
		log("TC_VALIDATE_CERT: v_certificate_list = ", v_certificate_list);
		// 3. Check signature
		for (var integer v_counter := 0; v_counter < lengthof(v_certificate_list); v_counter := v_counter + 1) {
		var EtsiTs103097Certificate v_certificate;
		var EtsiTs103097Certificate v_certificate := v_certificate_list[v_counter];

		log("TC_VALIDATE_CERT: Processing certificate ", v_certificate.toBeSigned.id.name, " - ", v_certificate.issuer);
		if (ischosen(v_certificate.issuer.self_)) {
		if (f_verifyCertificateSignatureWithIssuingCertificate(v_certificate, v_certificate) == false) {
		setverdict(fail, "Failed to verify signature for CA certificate ", v_certificate.toBeSigned.id.name);
		@@ -112,10 +115,10 @@ module ItsGencert_TestCases {
		var EtsiTs103097Certificate v_issuing_certificate;
		var HashedId8 v_issuer;

		if (ischosen(v_issuing_certificate.issuer.sha256AndDigest)) {
		v_issuer := v_issuing_certificate.issuer.sha256AndDigest;
		} else if (ischosen(v_issuing_certificate.issuer.sha256AndDigest)) {
		v_issuer := v_issuing_certificate.issuer.sha384AndDigest;
		if (ischosen(v_certificate.issuer.sha256AndDigest)) {
		v_issuer := v_certificate.issuer.sha256AndDigest;
		} else if (ischosen(v_certificate.issuer.sha384AndDigest)) {
		v_issuer := v_certificate.issuer.sha384AndDigest;
		} else {
		setverdict(fail, "Unsupported issuer");
		stop;
		@@ -136,7 +139,9 @@ module ItsGencert_TestCases {
		} // End of testcase TC_VALIDATE_CERT

		control {
		if (PX_VALIDATE_CERTIFICATES_ONLY == false) {
		execute(TC_GEN_CERT(), 1.0);
		}
		execute(TC_VALIDATE_CERT(), 1.0);
		} // End of 'control' statement

ttcn/AtsSecurity/ItsSecurity_TestCases.ttcn

+107 −40

Original line number	Diff line number	Diff line
		@@ -964,7 +964,7 @@ module ItsSecurity_TestCases {

		/**
		* @desc Check that IUT sends the secured CAM containing the signing certificate when the IUT received
		* a CAM from an unknown ITS-S
		* a CAM from an unknown ITS-S.
		* <pre>
		* Pics Selection: PICS_GN_SECURITY
		* Config Id: CF01
		@@ -1111,7 +1111,7 @@ module ItsSecurity_TestCases {
		} // End of testcase TC_SEC_ITSS_SND_CAM_08_BV

		/**
		* @desc Check that IUT restarts the certificate sending timer when the certificate has been sent
		* @desc Check that IUT restarts the certificate sending timer when the certificate has been sent.
		* <pre>
		* Pics Selection: PICS_GN_SECURITY
		* Config Id: CF01
		@@ -1301,7 +1301,7 @@ module ItsSecurity_TestCases {
		* Initial conditions:
		* with {
		* the IUT is authorized with AT certificate (CERT_IUT_A_AT)
		* and the IUT has receiving a CAM
		* and the IUT has receiving a EtsiTs103097Data
		* containing signer
		* containing digest
		* indicating HashedId8 value DIGEST_A
		@@ -1322,7 +1322,7 @@ module ItsSecurity_TestCases {
		*
		* @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CAM_10_BV
		* @reference ETSI TS 103 097 [1] Clause 7.1.1
		* IEEE 1609.2 [2], Clauses 6.3.9, 8.2.4.1.2
		* IEEE 1609.2 [2], Clauses 6.3.9 & 8.2.4.1.2
		*/
		testcase TC_SEC_ITSS_SND_CAM_10_BV() runs on ItsGeoNetworking system ItsSecSystem {

		@@ -1330,6 +1330,8 @@ module ItsSecurity_TestCases {
		var GeoNetworkingInd v_geoNwInd;
		var HashedId8 v_hashedId8;
		var HashedId3 v_expectedHashedId3;
		var ItsCam v_component;
		timer t_maxTransInterval := 0.5;

		// Test control
		if (not(PICS_GN_SECURITY) or not(PICS_SEC_P2P_AT_DISTRIBUTION)) {
		@@ -1349,6 +1351,30 @@ module ItsSecurity_TestCases {
		v_hashedId8
		);
		v_expectedHashedId3 := f_HashedId3FromHashedId8(v_hashedId8);
		geoNetworkingPort.clear;
		v_component := f_setCamFrequencyGreatherThan1Hz();
		tc_ac.start;
		alt {
		[] geoNetworkingPort.receive(
		mw_geoNwInd(
		mw_geoNwSecPdu(
		mw_etsiTs103097Data_signed(
		mw_signedData(
		-,
		mw_toBeSignedData(
		mw_signedDataPayload,
		mw_headerInfo_cam
		),
		mw_signerIdentifier_certificate // containing certificate
		)
		),
		mw_geoNwShbPacket
		))) {
		tc_ac.stop;
		log("* " & testcasename() & ": INFO: Initial conditions: First CA message with certificate received *");

		// Send secured message from unknown ITS-S
		geoNetworkingPort.clear;
		f_sendSecuredCam(
		cc_taCert_B, // SHA-256/NIST P-256
		valueof(m_headerInfo_cam(-, f_computeGnTimestamp())),
		@@ -1359,8 +1385,15 @@ module ItsSecurity_TestCases {
		)
		);
		f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
		}
		[] tc_ac.timeout {
		log("* " & testcasename() & ": INCONC: Initial conditions: CA message with certificate not received *");
		f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
		}
		} // End of 'alt' statement

		// Test Body
		t_maxTransInterval.start;
		tc_ac.start;
		alt {
		[] geoNetworkingPort.receive(
		@@ -1372,8 +1405,7 @@ module ItsSecurity_TestCases {
		mw_toBeSignedData(
		mw_signedDataPayload,
		mw_headerInfo_cam(
		-,
		-,
		-, -,
		{ v_expectedHashedId3 }
		)
		)
		@@ -1394,15 +1426,17 @@ module ItsSecurity_TestCases {
		mw_toBeSignedData(
		mw_signedDataPayload,
		mw_headerInfo_cam
		),
		mw_signerIdentifier_digest // containing digest
		)
		)
		),
		mw_geoNwShbPacket
		))) {
		log("* " & testcasename() & ": INFO: CA message retransmission w/o certificate request *");
		repeat;
		}
		[] t_maxTransInterval.timeout {
		log("* " & testcasename() & ": FAIL: CAM was transmited w/o unrecognized request header *");
		f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
		}
		[] tc_ac.timeout {
		log("* " & testcasename() & ": INCONC: Expected CA message not received *");
		f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
		@@ -1410,6 +1444,7 @@ module ItsSecurity_TestCases {
		} // End of 'alt' statement

		// Postamble
		f_terminateCam(v_component);
		f_poNeighbour();
		f_cf01Down();
		} // End of testcase TC_SEC_ITSS_SND_CAM_10_BV
		@@ -1418,7 +1453,7 @@ module ItsSecurity_TestCases {
		* @desc Check that the IUT sends certificate request when it receives secured CAM
		* containing certificate signed by unknown AA certificate.
		* <pre>
		* Pics Selection: PICS_GN_SECURITY, PICS_SEC_P2P_AT_DISTRIBUTION
		* Pics Selection: PICS_GN_SECURITY and PICS_SEC_P2P_AT_DISTRIBUTION and (PICS_SEC_SHA256 or PICS_SEC_SHA384)
		* Config Id: CF01
		* Initial conditions:
		* with {
		@@ -1444,7 +1479,7 @@ module ItsSecurity_TestCases {
		*
		* @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CAM_11_BV
		* @reference ETSI TS 103 097 [1] Clause 7.1.1
		* IEEE 1609.2 [2], Clauses 6.3.9, 8.2.4.1.2
		* IEEE 1609.2 [2], Clauses 6.3.9 & 8.2.4.1.2
		*/
		testcase TC_SEC_ITSS_SND_CAM_11_BV() runs on ItsGeoNetworking system ItsSecSystem {

		@@ -1452,10 +1487,11 @@ module ItsSecurity_TestCases {
		var GeoNetworkingInd v_geoNwInd;
		var HashedId8 v_hashedId8;
		var HashedId3 v_expectedHashedId3;
		var ItsCam v_component;

		// Test control
		if (not(PICS_GN_SECURITY) or not(PICS_SEC_P2P_AT_DISTRIBUTION)) {
		log("* " & testcasename() & ": ERROR: 'PICS_GN_SECURITY and PICS_SEC_P2P_AT_DISTRIBUTION' required for executing the TC *");
		if (not(PICS_GN_SECURITY and PICS_SEC_P2P_AT_DISTRIBUTION and (PICS_SEC_SHA256 or PICS_SEC_SHA384))) {
		log("* " & testcasename() & ": ERROR: 'PICS_GN_SECURITY and PICS_SEC_P2P_AT_DISTRIBUTION and (PICS_SEC_SHA256 or PICS_SEC_SHA384)' required for executing the TC *");
		stop;
		}

		@@ -1478,6 +1514,30 @@ module ItsSecurity_TestCases {
		);
		}
		v_expectedHashedId3 := f_HashedId3FromHashedId8(v_hashedId8);
		geoNetworkingPort.clear;
		v_component := f_setCamFrequencyGreatherThan1Hz();
		tc_ac.start;
		alt {
		[] geoNetworkingPort.receive(
		mw_geoNwInd(
		mw_geoNwSecPdu(
		mw_etsiTs103097Data_signed(
		mw_signedData(
		-,
		mw_toBeSignedData(
		mw_signedDataPayload,
		mw_headerInfo_cam
		),
		mw_signerIdentifier_certificate // containing certificate
		)
		),
		mw_geoNwShbPacket
		))) {
		tc_ac.stop;
		log("* " & testcasename() & ": INFO: Initial conditions: First CA message with certificate received *");

		// Send secured message from unknown ITS-S
		geoNetworkingPort.clear;
		f_sendSecuredCam(
		cc_taCert_B,
		valueof(m_headerInfo_cam(-, f_computeGnTimestamp())),
		@@ -1488,6 +1548,12 @@ module ItsSecurity_TestCases {
		)
		);
		f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
		}
		[] tc_ac.timeout {
		log("* " & testcasename() & ": INCONC: Initial conditions: CA message with certificate not received *");
		f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
		}
		} // End of 'alt' statement;

		// Test Body
		tc_ac.start;
		@@ -1539,6 +1605,7 @@ module ItsSecurity_TestCases {
		} // End of 'alt' statement

		// Postamble
		f_terminateCam(v_component);
		f_poNeighbour();
		f_cf01Down();
		} // End of testcase TC_SEC_ITSS_SND_CAM_11_BV
		@@ -1579,7 +1646,7 @@ module ItsSecurity_TestCases {
		*
		* @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CAM_12_BV
		* @reference ETSI TS 103 097 [1] Clause 7.1.1
		* IEEE 1609.2 [2], Clauses 6.3.9, 8.2.4.2.3
		* IEEE 1609.2 [2], Clauses 6.3.9 & 8.2.4.2.3
		*/
		testcase TC_SEC_ITSS_SND_CAM_12_BV() runs on ItsGeoNetworking system ItsSecSystem {

		@@ -1771,7 +1838,7 @@ module ItsSecurity_TestCases {
		*
		* @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CAM_13_BV
		* @reference ETSI TS 103 097 [1] Clause 7.1.1
		* IEEE 1609.2 [2], Clauses 6.3.9, 8.2.4.2.3
		* IEEE 1609.2 [2], Clauses 6.3.9 & 8.2.4.2.3
		*/
		testcase TC_SEC_ITSS_SND_CAM_13_BV() runs on ItsGeoNetworking system ItsSecSystem {

		@@ -1949,7 +2016,7 @@ module ItsSecurity_TestCases {
		*
		* @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CAM_14_BV
		* @reference ETSI TS 103 097 [1] Clause 7.1.1
		* IEEE 1609.2 [2], Clauses 6.3.9, 8.2.4.2.3
		* IEEE 1609.2 [2], Clauses 6.3.9 & 8.2.4.2.3
		*/
		testcase TC_SEC_ITSS_SND_CAM_14_BV() runs on ItsGeoNetworking system ItsSecSystem {

		@@ -2106,7 +2173,7 @@ module ItsSecurity_TestCases {
		*
		* @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CAM_15_BV
		* @reference ETSI TS 103 097 [1] Clause 7.1.1
		* IEEE 1609.2 [2], Clauses 6.3.9, 8.2.4.2.3
		* IEEE 1609.2 [2], Clauses 6.3.9 & 8.2.4.2.3
		*/
		testcase TC_SEC_ITSS_SND_CAM_15_BV() runs on ItsGeoNetworking system ItsSecSystem {

		@@ -2262,7 +2329,7 @@ module ItsSecurity_TestCases {
		*
		* @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CAM_16_BV
		* @reference ETSI TS 103 097 [1] Clause 7.1.1
		* IEEE 1609.2 [2], Clauses 6.3.9, 8.2.4.2.3
		* IEEE 1609.2 [2], Clauses 6.3.9 & 8.2.4.2.3
		*/
		testcase TC_SEC_ITSS_SND_CAM_16_BV() runs on ItsGeoNetworking system ItsSecSystem {

		@@ -2438,7 +2505,7 @@ module ItsSecurity_TestCases {
		*
		* @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CAM_17_BV
		* @reference ETSI TS 103 097 [1] Clause 7.1.1
		* IEEE 1609.2 [2], Clauses 6.3.9, 8.2.4.2.3
		* IEEE 1609.2 [2], Clauses 6.3.9 & 8.2.4.2.3
		*/
		testcase TC_SEC_ITSS_SND_CAM_17_BV() runs on ItsGeoNetworking system ItsSecSystem {

ttcn/TestCodec/TestCodec_Certificates.ttcn

+12 −0

Original line number	Diff line number	Diff line
		@@ -522,6 +522,18 @@ module TestCodec_Certificates {

		} // End of testcase tc_at_certificate_sha256_2

		testcase tc_at_certificate_sha256_3() runs on TCType system TCType {
		var octetstring v_enc_msg := '80030080EAF64113B8B74C6610810D434552545F4955545F415F415400000000005A497A008410E001038001248104038300018001258104038300018002008D8104038300018080849574CBDD2E471BA599CD99E4C350C415761B368D82BB9D9D7BE202A16E69CE41276EEC554EEBC2EFFC12B15132BD8398CB58BB7CE47B1AEB1238FA6F741C469280809BD2B881DBD1ABD7B997A1C55E7F2E55E305F7351CA7514765C900371B4D3DD1C52B8C4613FA8B54754B56B73B1B61E452A99F3B3EB7A37F7BE3FDC0F804BF96'O;
		var EtsiTs103097Certificate v_decMsg;
		var bitstring v_encMsg;
		var integer v_res;

		v_encMsg := oct2bit(v_enc_msg);
		v_res := decvalue(v_encMsg, v_decMsg);
		log("Decoded message: ", v_decMsg);
		setverdict(pass);
		} // End of testcase tc_at_certificate_sha256_3

		testcase tc_certificate_asn1c_1() runs on TCType system TCType {
		var template (value) EtsiTs103097Certificate v_cert;
		var charstring v_certId := "vehicle-test.example.com";

Admin message