ITS-CMS6 Plugtest validation

4ba5fda7 · Yann Garcia · aee715de · 4ba5fda7 · 4ba5fda7 · 4ba5fda7
Commit 4ba5fda7 authored Feb 27, 2019 by Yann Garcia
--- a/etc/AtsPki/AtsPki_Atos.cfg_
+++ b/etc/AtsPki/AtsPki_Atos.cfg_
@@ -49,7 +49,7 @@ system.utPort.params := "UT_PKI/UDP(dst_ip=172.23.0.1,dst_port=8000)"
 #ItsPki_TestCases.TC_SECPKI_EA_ENR_RCV_02_BI

 # The EnrolmentResponse message shall be encrypted using an ETSI TS 103 097 approved algorithm and the encryption shall be done with the same AES key as the one used by the ITS-S requestor for the encryption of the EnrolmentRequest message.
-#ItsPki_TestCases.TC_SECPKI_EA_ENR_01_BV
+ItsPki_TestCases.TC_SECPKI_EA_ENR_01_BV
 #ItsPki_TestCases.TC_SECPKI_EA_ENR_02_BV
 #ItsPki_TestCases.TC_SECPKI_EA_ENR_03_BV
 #ItsPki_TestCases.TC_SECPKI_EA_ENR_04_BV
@@ -66,7 +66,7 @@ system.utPort.params := "UT_PKI/UDP(dst_ip=172.23.0.1,dst_port=8000)"
 #ItsPki_TestCases.TC_SECPKI_EA_AUTHVAL_RCV_01_BV

 # 
-ItsPki_TestCases.TC_SECPKI_AA_AUTH_RCV_01_BV
+#ItsPki_TestCases.TC_SECPKI_AA_AUTH_RCV_01_BV

 [MAIN_CONTROLLER]
 # The options herein control the behavior of MC.

--- a/etc/AtsPki/AtsPki_Commsignia.cfg_
+++ b/etc/AtsPki/AtsPki_Commsignia.cfg_
@@ -26,8 +26,7 @@ LibItsHttp_Pics.PICS_HEADER_CONTENT_TYPE := "application/x-its-request"
 LibItsHttp_Pics.PICS_HEADER_HOST := "10.8.0.2"

 LibItsPki_Pics.PICS_HTTP_POST_URI_EC := "/ea/enrolment"
-LibItsPki_Pics.PICS_HTTP_POST_URI_AT := "/ea/authval"
-LibItsPki_Pics.PICS_HTTP_POST_URI_ATV := "/aa/authorization"
+LibItsPki_Pics.PICS_HTTP_POST_URI_AT := "/aa/authorization"


 LibItsPki_Pics.PICS_IUT_ITS_S_ROLE     := true

--- a/etc/AtsPki/AtsPki_Escrypt.cfg_
+++ b/etc/AtsPki/AtsPki_Escrypt.cfg_
@@ -77,14 +77,14 @@ system.httpPort.params := "HTTP(codecs=http_its:http_etsi_ieee1609dot2_codec)/TC
 #ItsPki_TestCases.TC_SECPKI_EA_AUTHVAL_RCV_01_BV

 #
-#ItsPki_TestCases.TC_SECPKI_AA_AUTH_RCV_01_BV
+ItsPki_TestCases.TC_SECPKI_AA_AUTH_RCV_01_BV
 #ItsPki_TestCases.TC_SECPKI_AA_AUTH_RCV_03_BI
 #ItsPki_TestCases.TC_SECPKI_AA_AUTH_RCV_04_BI
 #ItsPki_TestCases.TC_SECPKI_AA_AUTH_RCV_05_BI
 #ItsPki_TestCases.TC_SECPKI_AA_AUTH_RCV_06_BI
 #ItsPki_TestCases.TC_SECPKI_AA_AUTH_RCV_07_BI

-ItsPki_TestCases.TC_SECPKI_AA_AUTHVAL_01_BV
+#ItsPki_TestCases.TC_SECPKI_AA_AUTHVAL_01_BV

 [MAIN_CONTROLLER]
 # The options herein control the behavior of MC.

--- a/etc/AtsPki/AtsPki_Idnomic.cfg_
+++ b/etc/AtsPki/AtsPki_Idnomic.cfg_
@@ -77,14 +77,14 @@ system.httpAtPort.params := "HTTP(codecs=http_its:http_etsi_ieee1609dot2_codec)/
 #ItsPki_TestCases.TC_SECPKI_EA_AUTHVAL_RCV_01_BV

 #
-#ItsPki_TestCases.TC_SECPKI_AA_AUTH_RCV_01_BV
+ItsPki_TestCases.TC_SECPKI_AA_AUTH_RCV_01_BV
 #ItsPki_TestCases.TC_SECPKI_AA_AUTH_RCV_03_BI
 #ItsPki_TestCases.TC_SECPKI_AA_AUTH_RCV_04_BI
 #ItsPki_TestCases.TC_SECPKI_AA_AUTH_RCV_05_BI
 #ItsPki_TestCases.TC_SECPKI_AA_AUTH_RCV_06_BI
 #ItsPki_TestCases.TC_SECPKI_AA_AUTH_RCV_07_BI

-ItsPki_TestCases.TC_SECPKI_AA_AUTHVAL_01_BV
+#ItsPki_TestCases.TC_SECPKI_AA_AUTHVAL_01_BV

 [MAIN_CONTROLLER]
 # The options herein control the behavior of MC.

--- a/etc/AtsPki/AtsPki_Siemens.cfg_
+++ b/etc/AtsPki/AtsPki_Siemens.cfg_
+[MODULE_PARAMETERS]
+# This section shall contain the values of all parameters that are defined in your TTCN-3 modules.
+
+# The GeoNetworking address of the IUT.
+LibItsGeoNetworking_Pics.PICS_GN_LOCAL_GN_ADDR := {
+  typeOfAddress := e_initial,
+  stationType := e_roadSideUnit,
+  stationCountryCode := 0,
+  mid := 'b606ee0535f4'O
+} # Siemens RSU
+
+LibItsGeoNetworking_Pixits.PX_GN_UPPER_LAYER := e_btpB
+LibItsBtp_Pixits.PX_DESTINATION_PORT := 2001
+LibItsBtp_Pixits.PX_DESTINATION_PORT_INFO := 2001
+
+# Enable Security support
+LibItsGeoNetworking_Pics.PICS_GN_SECURITY := true
+LibItsGeoNetworking_Pixits.PX_NEIGHBOUR_DISCOVERY_DELAY := 2.0
+# Root path to access certificate stored in files, identified by certficate ID
+LibItsSecurity_Pixits.PX_CERTIFICATE_POOL_PATH := "/home/vagrant/tmp"
+# Configuration sub-directory to access certificate stored in files
+LibItsSecurity_Pixits.PX_IUT_SEC_CONFIG_NAME := "asn1c_cert"
+#LibItsSecurity_Pics.PICS_SEC_FIXED_KEYS := true # Seed
+
+LibItsHttp_Pics.PICS_HEADER_CONTENT_TYPE := "application/x-its-request"
+LibItsHttp_Pics.PICS_HEADER_HOST := "192.168.42.4"
+
+LibItsPki_Pics.PICS_HTTP_POST_URI_EC := "/ea/enrolment"
+LibItsPki_Pics.PICS_HTTP_POST_URI_AT := "/aa/authorization"
+
+
+LibItsPki_Pics.PICS_IUT_ITS_S_ROLE     := true
+LibItsPki_Pics.PICS_SECPKI_ENROLMENT   := true
+
+LibItsPki_Pics.PICS_ITS_S_SIGN_BRAINPOOLP256r1_PUBLIC_KEY  := '025C63F80E410B7C8A0530752AA6F87A0C876C87B486EC67463E8BEB405B29F536'O;
+
+LibItsPki_Pics.PICS_ITS_S_CANONICAL_ID                     := '5349454D454E532D0000000C29321901'O;
+LibItsPki_Pics.PICS_TS_EA_CERTIFICATE_ID                   := "CERT_TS_A_EA"
+LibItsPki_Pics.PICS_TS_AA_CERTIFICATE_ID                   := "CERT_TS_A_AA"
+
+LibItsPki_Pixits.PX_VE_ALG                                 := e_brainpool_p256_r1
+
+#ItsPki_Pixits.PX_TRIGGER_EC_BEFORE_AT                      := false;
+
+#LibItsPki_Pixits.PX_INCLUDE_ENCRYPTION_KEYS := false # No encryption key in Authorization request
+#LibItsPki_Pixits.PICS_PKI_AUTH_POP          := false # Do not use Signed for PoP in Authorization requet
+
+LibItsPki_Pics.PICS_SECPKI_REENROLMENT := false # Check in logs the pattern '==> EC ' to find the required information for re-enrolment
+LibItsPki_Pixits.PX_EC_PRIVATE_KEY     := '170D1EA638C300BD16F0025768C0F1FAA6BE23963E46AD10F79103914265D294'O
+LibItsPki_Pixits.PX_EC_HASH            := 'DFEFC2A74C8ADD0C8B74B958EE072229D25DEAAAE30D134193D091890E8F3C2C'O
+LibItsPki_Pixits.PX_EC_HASHED_ID8      := '93D091890E8F3C2C'O
+
+[LOGGING]
+# In this section you can specify the name of the log file and the classes of events
+# you want to log into the file or display on console (standard error).
+
+LogFile := "../logs/%e.%h-%r.%s"
+FileMask := LOG_ALL | USER | DEBUG | MATCHING
+ConsoleMask := LOG_ALL | USER | DEBUG | MATCHING
+#FileMask := ERROR | WARNING | USER | MATCHING | EXECUTOR_RUNTIME | VERDICTOP
+#ConsoleMask := ERROR | WARNING | USER | MATCHING | EXECUTOR_RUNTIME | VERDICTOP
+LogSourceInfo := Stack
+LogEntityName:= Yes
+LogEventTypes:= Yes
+#TimeStampFormat := DateTime
+
+[TESTPORT_PARAMETERS]
+# In this section you can specify parameters that are passed to Test Ports.
+# CAM Layer
+#   next_header     : btpA|btpB (overwrite BTP.type)
+#   header_type     : tsb|gbc
+#   header_sub_type : sh (single hop)
+# DENM Layer
+#   next_header     : btpA|btpB (overwrite BTP.type)
+#   header_type     : tsb|gbc
+# BTP Layer
+#   type            : btpA|btpB
+#   destination port: dst_port
+#   source port     : src_port
+#   device_mode     : Set to 1 if the layer shall encapsulate upper layer PDU
+#   device_mode     : Set to 1 if the layer shall encapsulate upper layer PDU
+# GN Layer
+#   ll_address             : GeoNetworking address of the Test System
+#   latitude               : latitude of the Test System
+#   longitude              : longitude of the Test System
+#   beaconing              : Set to 1 if GnLayer shall start beaconing
+#   Beaconing timer expiry: expiry (ms)
+#   device_mode            : Set to 1 if the layer shall encapsulate upper layer PDU
+#   secured_mode           : Set to 1 if message exchanges shall be signed
+#   encrypted_mode         : Set to 1 if message exchanges shall be encrypted
+#                            NOTE: For signed & encrypted message exchanges, both secured_mode and encrypted_mode shall be set to 1
+#   sec_db_path            : Path to the certificates and keys storage location
+#   hash                   : Hash algorithm to be used when secured mode is set
+#                            Authorized values are SHA-256 or SHA-384
+#                            Default: SHA-256
+#   signature              : Signature algorithm to be used when secured mode is set
+#                            Authorized values are NISTP-256, NISTP-384, BP-256 and BP-384
+#                            Default: NISTP-256
+#   cypher                 : Cyphering algorithm to be used when secured mode is set
+#                            Authorized values are NISTP-256, BP-256 and BP-384
+#                            Default: NISTP-256
+# Pki layer
+#   certificate            : Certificate to be used by the Test System for signature and encryption. Default: CERT_TS_A_AT
+#   peer_certificate       : Certificate to be used by the IUT for signature and encryption. Default: CERT_IUT_A_AT
+# Ethernet layer
+#   mac_src  :Source MAC address
+#   mac_bc   :Broadcast address
+#   eth_type : Ethernet type
+# Commsignia layer
+#   mac_src     : Device MAC address, used to discard packets
+#                 To indicate no filering, use the value 000000000000
+#   mac_bc      : Broadcast address
+#   eth_type    : Ethernet type, used to discard packets
+#   target_host : Device address
+#   target_port : Device port
+#   source_port : Test System port
+#   interface_id: Interface id, used to discard packets
+#   tx_power    : TX power (dB)
+# UDP layer (IP/UDP based on Pcap)
+#   dst_ip  : destination IPv4 address (aa.bb.cc.dd)
+#   dst_port: destination port
+#   src_ip  : source IPv4 address (aa.bb.cc.dd)
+#   src_port: source port
+# Pcap layer
+#   mac_src    : Source MAC address, used to exclude from capture the acket sent by the Test System
+#   filter     : Pcap filter (compliant with tcpdump syntax) 
+#   Online mode:
+#     nic: Local NIC
+#          If set, online mode is used
+#   Offline mode (nic is present but not set):
+#     file        : File to read
+#     frame_offset: Frame offset, used to skip packets with frame number < frame_offset
+#     time_offset : Time offset, used to skip packets with time offset < time_offset
+#     save_mode   : 1 to save sent packet, 0 otherwise
+
+# Single GeoNetworking component port
+# its_aid = 36 CAM
+# its_aid = 37 DENM
+system.geoNetworkingPort.params := "GN(ll_address=4C5E0C14D2EB,latitude=43551050,longitude=10298730,distanceA=1500,distanceB=1500,angle=0,device_mode=0,secured_mode=1,its_aid=36,certificate=CERT_TS_A_AT,sec_db_path=/home/vagrant/tmp/asn1c_cert)/ETH(mac_src=e2b7b30429eb)/PCAP(mac_src=e2b7b30429eb,nic=eth1,filter=and ether proto 0x8947)"
+
+# Single HTTP component port
+system.httpPort.params := "HTTP(codecs=http_its:http_etsi_ieee1609dot2_codec)/TCP(debug=1,server_mode=1,server=192.168.42.4,port=80,local_port=80,use_ssl=0)"
+
+# GeoNetworking UpperTester port based on UDP
+system.utPort.params := "UT_PKI/UDP(dst_ip=192.168.42.2,src_port=12345)"
+
+[EXECUTE]
+
+# Check that IUT sends an enrolment request when triggered.
+#ItsPki_TestCases.TC_SECPKI_ITSS_ENR_01_BV
+# If the enrolment request of the IUT is an initial enrolment request, the itsId (contained in the InnerECRequest) shall be set to the canonical identifier, the signer (contained in the outer EtsiTs1030971Data-Signed) shall be set to self and the outer signature shall be computed using the canonical private key.
+#ItsPki_TestCases.TC_SECPKI_ITSS_ENR_02_BV
+# In presence of a valid EC, the enrolment request of the IUT is a rekeying enrolment request with the itsId (contained in the InnerECRequest) and the SignerIdentifier (contained in the outer EtsiTs1030971Data-Signed) both declared as digest containing the HashedId8 of the EC and the outer signature computed using the current valid EC private key corresponding to the verification public key.
+#ItsPki_TestCases.TC_SECPKI_ITSS_ENR_03_BV
+#ItsPki_TestCases.TC_SECPKI_ITSS_ENR_06_BV
+#ItsPki_TestCases.TC_SECPKI_ITSS_ENR_07_BV
+
+ItsPki_TestCases.TC_SECPKI_ITSS_AUTH_01_BV
+
+[MAIN_CONTROLLER]
+# The options herein control the behavior of MC.
+KillTimer := 10.0
+LocalAddress := 127.0.0.1
+TCPPort := 12000
+NumHCs := 1
+
--- a/etc/AtsSecurity/AtsSecurity.cfg
+++ b/etc/AtsSecurity/AtsSecurity.cfg
@@ -21,12 +21,36 @@
 #  stationCountryCode := 0, #33,
 #  mid := '000000000011'O
 #} # Commsignia
+#LibItsGeoNetworking_Pics.PICS_GN_LOCAL_GN_ADDR := {
+#  typeOfAddress := e_initial,
+#  stationType := e_passengerCar, #e_roadSideUnit,
+#  stationCountryCode := 0, #33,
+#  mid := '000000030201'O
+#} # Marben
+#LibItsGeoNetworking_Pics.PICS_GN_LOCAL_GN_ADDR := {
+#  typeOfAddress := e_initial,
+#  stationType := e_roadSideUnit,
+#  stationCountryCode := 0, #33,
+#  mid := '08002729c3e8'O
+#} # Siemens
+#LibItsGeoNetworking_Pics.PICS_GN_LOCAL_GN_ADDR := {
+#  typeOfAddress := e_initial,
+#  stationType := e_roadSideUnit,
+#  stationCountryCode := 250, #33,
+#  mid := 'b680025e2a44'O
+#} # LaCroix
 LibItsGeoNetworking_Pics.PICS_GN_LOCAL_GN_ADDR := {
  typeOfAddress := e_initial,
-  stationType := e_unknown, #e_roadSideUnit,
-  stationCountryCode := 0, #33,
-  mid := '4c5e0c14d2ea'O
-} # Simu
+  stationType := e_unknown,
+  stationCountryCode := 140, #33,
+  mid := '00e06a016537'O
+} # Codha
+#LibItsGeoNetworking_Pics.PICS_GN_LOCAL_GN_ADDR := {
+#  typeOfAddress := e_initial,
+#  stationType := e_unknown, #e_roadSideUnit,
+#  stationCountryCode := 0, #33,
+#  mid := '4c5e0c14d2ea'O
+#} # Simu

 LibItsGeoNetworking_Pixits.PX_GN_UPPER_LAYER := e_btpB
 LibItsBtp_Pixits.PX_DESTINATION_PORT := 2001
@@ -123,8 +147,8 @@ LogEventTypes:= Yes
 # its_aid = 36 CAM
 # its_aid = 37 DENM
 # its_aid = 141 GeonNet mgnt
-#system.geoNetworkingPort.params := "GN(ll_address=4C5E0C14D2EB,latitude=43551050,longitude=10298730,distanceA=1500,distanceB=1500,angle=0,device_mode=0,secu#red_mode=1,its_aid=36,certificate=CERT_TS_A_AT,sec_db_path=/home/vagrant/tmp/asn1c_cert)/ETH(mac_src=e2b7b30429eb)/PCAP(mac_src=e2b7b30429eb,nic=eth1,filter=and ether proto 0x8947)"
-system.geoNetworkingPort.params := "GN(ll_address=4C5E0C14D2EB,latitude=43551050,longitude=10298730,distanceA=1500,distanceB=1500,angle=0,device_mode=0,secured_mode=1,its_aid=36,certificate=CERT_TS_A_AT,sec_db_path=/home/vagrant/tmp/asn1c_cert)/COMMSIGNIA(mac_src=000000000011,use_vpn=0,target_host=192.168.42.2)/UDP(dst_ip=192.168.42.2,src_port=7943,dst_port=6666)"
+system.geoNetworkingPort.params := "GN(ll_address=4C5E0C14D2EB,latitude=43551050,longitude=10298730,distanceA=1500,distanceB=1500,angle=0,device_mode=0,secured_mode=1,its_aid=36,certificate=CERT_TS_A_AT,sec_db_path=/home/vagrant/tmp/asn1c_cert)/ETH(mac_src=e2b7b30429eb)/PCAP(mac_src=e2b7b30429eb,nic=eth1,filter=and ether proto 0x8947)"
+#system.geoNetworkingPort.params := "GN(ll_address=4C5E0C14D2EB,latitude=43551050,longitude=10298730,distanceA=1500,distanceB=1500,angle=0,device_mode=0,secured_mode=1,its_aid=36,certificate=CERT_TS_A_AT,sec_db_path=/home/vagrant/tmp/asn1c_cert)/COMMSIGNIA(mac_src=000000000011,use_vpn=0,target_host=192.168.42.2)/UDP(dst_ip=192.168.42.2,src_port=7943,dst_port=6666)"
 #system.geoNetworkingPort.params := "GN(ll_address=4C5E0C14D2EB,latitude=43551050,longitude=10298730,distanceA=1500,distanceB=1500,angle=0,device_mode=0,secured_mode=1,its_aid=36,certificate=CERT_TS_A_AT,sec_db_path=/home/vagrant/tmp/asn1c_cert)/COMMSIGNIA(mac_src=000000000011,use_vpn=1,target_host=10.8.0.1)/UDP(dst_ip=10.8.0.1,src_port=7943,dst_port=7946)"
 #system.geoNetworkingPort.params := "GN(ll_address=4C5E0C14D2EB,latitude=43551050,longitude=10298730,distanceA=1500,distanceB=1500,angle=0,device_mode=0,secured_mode=1,its_aid=36,certificate=CERT_TS_A_AT,sec_db_path=/home/vagrant/tmp/asn1c_cert)/COMMSIGNIA(mac_src=000000000011,target_host=10.8.0.1)/UDP_PCAP(dst_ip=10.8.0.1,dst_port=7943,src_ip=192.168.0.154,src_port=39474)/ETH(mac_src=0800275c4959,eth_type=0800)/PCAP(mac_src=0800275c4959,nic=tap0,filter=and (udp port 39474 or udp port 7943))"

@@ -137,19 +161,21 @@ system.geoNetworkingPort.params := "GN(ll_address=4C5E0C14D2EB,latitude=43551050
 #system.utPort.params := "UT_GN(loopback=1)"

 # CAM UpperTester port based on UDP
-#system.camUtPort.params := "UT_CAM(loopback=1)"
+#system.utPort.params := "UT_CAM(loopback=1)"

-system.denmUtPort.params := "UT_DENM/UDP(dst_ip=192.168.1.250)" # Simulator
-system.camUtPort.params  := "UT_CAM/UDP(dst_ip=192.168.1.250)"
-system.utPort.params  := "UT_GN/UDP(dst_ip=192.168.1.250)"
+#system.utPort.params := "UT_DENM/UDP(dst_ip=192.168.42.2)" # Simulator

-#system.denmUtPort.params := "UT_DENM/UDP(dst_ip=172.23.0.1,dst_port=8000)" # Nordsys
-#system.utPort.params     := "UT_CAM/UDP(dst_ip=172.28.128.4)"  # Simulator Siemens
-#system.camUtPort.params  := "UT_CAM/UDP(dst_ip=172.28.128.4)"  # Simulator Siemens
+#system.utPort.params := "UT_DENM/UDP(dst_ip=172.23.0.1,dst_port=8000)" # Nordsys

 #system.utPort.params     := "UT_CAM/UDP(dst_ip=10.8.0.1,dst_port=56000)" # Commsignia
-#system.camUtPort.params  := "UT_CAM/UDP(dst_ip=10.8.0.1,dst_port=56000)"
-#system.denmUtPort.params := "UT_DENM/UDP(dst_ip=10.8.0.1,dst_port=56000)"
+
+#system.utPort.params     := "UT_CAM/UDP(dst_ip=10.100.62.1,dst_port=10005)" # Marben
+
+#system.utPort.params := "UT_CAM/UDP(dst_ip=192.168.42.10)" # Siemens
+
+#system.utPort.params := "UT_CAM/UDP(dst_ip=192.168.42.10,dst_port=4200)" # Lacroix
+
+system.utPort.params  := "UT_CAM/UDP(dst_ip=192.168.3.2,dst_port=5001)" # Codha

 [EXECUTE]


--- a/ttcn/AtsPki/ItsPki_TestCases.ttcn
+++ b/ttcn/AtsPki/ItsPki_TestCases.ttcn
--- a/ttcn/AtsSecurity/ItsSecurity_Functions.ttcn
+++ b/ttcn/AtsSecurity/ItsSecurity_Functions.ttcn
@@ -749,6 +749,8 @@ module ItsSecurity_Functions {
        * @see     fb_secCancelDenmEvent()
        */
        function f_cancelDenmEvent(ItsDenm p_denmComponent) runs on ItsBaseComponent {
+            var ItsDenm v_denmComponent;
+            
            p_denmComponent.start(fb_secCancelDenmEvent());
            p_denmComponent.done;
            p_denmComponent.kill;

--- a/ttcn/AtsSecurity/ItsSecurity_TestCases.ttcn
+++ b/ttcn/AtsSecurity/ItsSecurity_TestCases.ttcn
@@ -2848,7 +2848,7 @@ module ItsSecurity_TestCases {
             */
            testcase TC_SEC_ITSS_SND_CAM_18_BV() runs on ItsGeoNetworking system ItsSecSystem {
                // Local variables
-                const integer        c_timeLimit := 5 * 60 * 1000000; // us
+                const integer        c_timeLimit := 2 * 60 * 1000000; // us
                var GeoNetworkingInd v_geoNwInd;
                var HeaderInfo       v_headerInfo;
                var Time64           v_generationTime;
@@ -2921,15 +2921,27 @@ module ItsSecurity_TestCases {
                        v_generationTime := v_headerInfo.generationTime;
                        v_curTime := f_getCurrentTime();
                        v_curTime := v_curTime * 1000; // Time64 is in microseconds 
+                        log("v_generationTime (us)=", v_generationTime);
+                        log("c_timeLimit (us)=", c_timeLimit);
                        log("v_curTime (us)=", v_curTime);
+                        log("valid interval=", Time64:(v_curTime - c_timeLimit, v_curTime + c_timeLimit));
                        // Check generation time
-                        if (not match(v_generationTime, Time64:(v_curTime - c_timeLimit, v_curTime + c_timeLimit))) {
+                        if ((v_generationTime < (v_curTime - c_timeLimit)) or (v_generationTime > (v_curTime + c_timeLimit))) {
+                          //if (not match(v_generationTime, Time64:(v_curTime - c_timeLimit, v_curTime + c_timeLimit))) {
                            log("*** " & testcasename() & ": FAIL: CA message generation time is not in 5 min range");
                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                        } else {
                            // Check certificate validity period
                            f_getMsgSignerIdentifier (f_getSecuredMessage(v_geoNwInd.msgIn), v_signerIdentifier);
-                            if (not match(v_signerIdentifier.certificate[0].toBeSigned.validityPeriod.start_, Time32:(v_curTime - c_timeLimit, v_curTime + c_timeLimit))) {
+                            log("v_signerIdentifier.certificate[0].toBeSigned.validityPeriod.start_ (s)=", v_signerIdentifier.certificate[0].toBeSigned.validityPeriod.start_);
+                            log("c_timeLimit (s)=", c_timeLimit / 1000000);
+                            log("v_curTime (u)=", v_curTime / 1000000);
+                            log("valid interval=", Time32:((v_curTime - c_timeLimit) / 1000000, (v_curTime + c_timeLimit) / 1000000));
+                            if (
+                                (v_signerIdentifier.certificate[0].toBeSigned.validityPeriod.start_ < (v_curTime - c_timeLimit) / 1000000) or
+                                (v_signerIdentifier.certificate[0].toBeSigned.validityPeriod.start_ > (v_curTime + c_timeLimit) / 1000000)
+                                ){
+                                //if (not match(v_signerIdentifier.certificate[0].toBeSigned.validityPeriod.start_, Time32:((v_curTime - c_timeLimit) / 1000000, (v_curTime + c_timeLimit) / 1000000))) {
                                log("*** " & testcasename() & ": FAIL: CA message certificate validity period is not in 5 min range");
                                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                            } else {
@@ -3017,6 +3029,21 @@ module ItsSecurity_TestCases {
                
                // Test Body
                tc_ac.start;
+                log("###############", mw_geoNwInd(
+                            mw_geoNwSecPdu(
+                                mw_etsiTs103097Data_signed(
+                                    mw_signedData(
+                                        -, 
+                                        mw_toBeSignedData(
+                                            mw_signedDataPayload(
+                                                mw_ieee1609Dot2Data(
+                                                    mw_ieee1609Dot2Data_unsecured
+                                            )),
+                                            mw_headerInfo_cam
+                                        )
+                                    )
+                                )
+                                           )));
                alt {
                    [] geoNetworkingPort.receive(
                        mw_geoNwInd(
--- a/LibIts @ 7f9ffa8e
+++ b/LibIts @ 7f9ffa8e
-Subproject commit aa689ac9f86aa49a1306dda851681e8d93c8e631
+Subproject commit 7f9ffa8eaf73998f6b565a5e595ed2e54dcba9e8