Skip to content
GitLab
Commit 4ba5fda7 authored by Yann Garcia's avatar Yann Garcia
Browse files

ITS-CMS6 Plugtest validation

parent aee715de
Hide whitespace changes
Inline Side-by-side
etc/AtsPki/AtsPki_Atos.cfg_
View file @ 4ba5fda7
......@@ -49,7 +49,7 @@ system.utPort.params := "UT_PKI/UDP(dst_ip=172.23.0.1,dst_port=8000)"
#ItsPki_TestCases.TC_SECPKI_EA_ENR_RCV_02_BI
# The EnrolmentResponse message shall be encrypted using an ETSI TS 103 097 approved algorithm and the encryption shall be done with the same AES key as the one used by the ITS-S requestor for the encryption of the EnrolmentRequest message.
#ItsPki_TestCases.TC_SECPKI_EA_ENR_01_BV
ItsPki_TestCases.TC_SECPKI_EA_ENR_01_BV
#ItsPki_TestCases.TC_SECPKI_EA_ENR_02_BV
#ItsPki_TestCases.TC_SECPKI_EA_ENR_03_BV
#ItsPki_TestCases.TC_SECPKI_EA_ENR_04_BV
......@@ -66,7 +66,7 @@ system.utPort.params := "UT_PKI/UDP(dst_ip=172.23.0.1,dst_port=8000)"
#ItsPki_TestCases.TC_SECPKI_EA_AUTHVAL_RCV_01_BV
#
ItsPki_TestCases.TC_SECPKI_AA_AUTH_RCV_01_BV
#ItsPki_TestCases.TC_SECPKI_AA_AUTH_RCV_01_BV
[MAIN_CONTROLLER]
# The options herein control the behavior of MC.
......
etc/AtsPki/AtsPki_Commsignia.cfg_
View file @ 4ba5fda7
......@@ -26,8 +26,7 @@ LibItsHttp_Pics.PICS_HEADER_CONTENT_TYPE := "application/x-its-request"
LibItsHttp_Pics.PICS_HEADER_HOST := "10.8.0.2"
LibItsPki_Pics.PICS_HTTP_POST_URI_EC := "/ea/enrolment"
LibItsPki_Pics.PICS_HTTP_POST_URI_AT := "/ea/authval"
LibItsPki_Pics.PICS_HTTP_POST_URI_ATV := "/aa/authorization"
LibItsPki_Pics.PICS_HTTP_POST_URI_AT := "/aa/authorization"
LibItsPki_Pics.PICS_IUT_ITS_S_ROLE := true
......
etc/AtsPki/AtsPki_Escrypt.cfg_
View file @ 4ba5fda7
......@@ -77,14 +77,14 @@ system.httpPort.params := "HTTP(codecs=http_its:http_etsi_ieee1609dot2_codec)/TC
#ItsPki_TestCases.TC_SECPKI_EA_AUTHVAL_RCV_01_BV
#
#ItsPki_TestCases.TC_SECPKI_AA_AUTH_RCV_01_BV
ItsPki_TestCases.TC_SECPKI_AA_AUTH_RCV_01_BV
#ItsPki_TestCases.TC_SECPKI_AA_AUTH_RCV_03_BI
#ItsPki_TestCases.TC_SECPKI_AA_AUTH_RCV_04_BI
#ItsPki_TestCases.TC_SECPKI_AA_AUTH_RCV_05_BI
#ItsPki_TestCases.TC_SECPKI_AA_AUTH_RCV_06_BI
#ItsPki_TestCases.TC_SECPKI_AA_AUTH_RCV_07_BI
ItsPki_TestCases.TC_SECPKI_AA_AUTHVAL_01_BV
#ItsPki_TestCases.TC_SECPKI_AA_AUTHVAL_01_BV
[MAIN_CONTROLLER]
# The options herein control the behavior of MC.
......
etc/AtsPki/AtsPki_Idnomic.cfg_
View file @ 4ba5fda7
......@@ -77,14 +77,14 @@ system.httpAtPort.params := "HTTP(codecs=http_its:http_etsi_ieee1609dot2_codec)/
#ItsPki_TestCases.TC_SECPKI_EA_AUTHVAL_RCV_01_BV
#
#ItsPki_TestCases.TC_SECPKI_AA_AUTH_RCV_01_BV
ItsPki_TestCases.TC_SECPKI_AA_AUTH_RCV_01_BV
#ItsPki_TestCases.TC_SECPKI_AA_AUTH_RCV_03_BI
#ItsPki_TestCases.TC_SECPKI_AA_AUTH_RCV_04_BI
#ItsPki_TestCases.TC_SECPKI_AA_AUTH_RCV_05_BI
#ItsPki_TestCases.TC_SECPKI_AA_AUTH_RCV_06_BI
#ItsPki_TestCases.TC_SECPKI_AA_AUTH_RCV_07_BI
ItsPki_TestCases.TC_SECPKI_AA_AUTHVAL_01_BV
#ItsPki_TestCases.TC_SECPKI_AA_AUTHVAL_01_BV
[MAIN_CONTROLLER]
# The options herein control the behavior of MC.
......
etc/AtsPki/AtsPki_Siemens.cfg_ 0 → 100644
View file @ 4ba5fda7
[MODULE_PARAMETERS]
# This section shall contain the values of all parameters that are defined in your TTCN-3 modules.
# The GeoNetworking address of the IUT.
LibItsGeoNetworking_Pics.PICS_GN_LOCAL_GN_ADDR := {
typeOfAddress := e_initial,
stationType := e_roadSideUnit,
stationCountryCode := 0,
mid := 'b606ee0535f4'O
} # Siemens RSU
LibItsGeoNetworking_Pixits.PX_GN_UPPER_LAYER := e_btpB
LibItsBtp_Pixits.PX_DESTINATION_PORT := 2001
LibItsBtp_Pixits.PX_DESTINATION_PORT_INFO := 2001
# Enable Security support
LibItsGeoNetworking_Pics.PICS_GN_SECURITY := true
LibItsGeoNetworking_Pixits.PX_NEIGHBOUR_DISCOVERY_DELAY := 2.0
# Root path to access certificate stored in files, identified by certficate ID
LibItsSecurity_Pixits.PX_CERTIFICATE_POOL_PATH := "/home/vagrant/tmp"
# Configuration sub-directory to access certificate stored in files
LibItsSecurity_Pixits.PX_IUT_SEC_CONFIG_NAME := "asn1c_cert"
#LibItsSecurity_Pics.PICS_SEC_FIXED_KEYS := true # Seed
LibItsHttp_Pics.PICS_HEADER_CONTENT_TYPE := "application/x-its-request"
LibItsHttp_Pics.PICS_HEADER_HOST := "192.168.42.4"
LibItsPki_Pics.PICS_HTTP_POST_URI_EC := "/ea/enrolment"
LibItsPki_Pics.PICS_HTTP_POST_URI_AT := "/aa/authorization"
LibItsPki_Pics.PICS_IUT_ITS_S_ROLE := true
LibItsPki_Pics.PICS_SECPKI_ENROLMENT := true
LibItsPki_Pics.PICS_ITS_S_SIGN_BRAINPOOLP256r1_PUBLIC_KEY := '025C63F80E410B7C8A0530752AA6F87A0C876C87B486EC67463E8BEB405B29F536'O;
LibItsPki_Pics.PICS_ITS_S_CANONICAL_ID := '5349454D454E532D0000000C29321901'O;
LibItsPki_Pics.PICS_TS_EA_CERTIFICATE_ID := "CERT_TS_A_EA"
LibItsPki_Pics.PICS_TS_AA_CERTIFICATE_ID := "CERT_TS_A_AA"
LibItsPki_Pixits.PX_VE_ALG := e_brainpool_p256_r1
#ItsPki_Pixits.PX_TRIGGER_EC_BEFORE_AT := false;
#LibItsPki_Pixits.PX_INCLUDE_ENCRYPTION_KEYS := false # No encryption key in Authorization request
#LibItsPki_Pixits.PICS_PKI_AUTH_POP := false # Do not use Signed for PoP in Authorization requet
LibItsPki_Pics.PICS_SECPKI_REENROLMENT := false # Check in logs the pattern '==> EC ' to find the required information for re-enrolment
LibItsPki_Pixits.PX_EC_PRIVATE_KEY := '170D1EA638C300BD16F0025768C0F1FAA6BE23963E46AD10F79103914265D294'O
LibItsPki_Pixits.PX_EC_HASH := 'DFEFC2A74C8ADD0C8B74B958EE072229D25DEAAAE30D134193D091890E8F3C2C'O
LibItsPki_Pixits.PX_EC_HASHED_ID8 := '93D091890E8F3C2C'O
[LOGGING]
# In this section you can specify the name of the log file and the classes of events
# you want to log into the file or display on console (standard error).
LogFile := "../logs/%e.%h-%r.%s"
FileMask := LOG_ALL | USER | DEBUG | MATCHING
ConsoleMask := LOG_ALL | USER | DEBUG | MATCHING
#FileMask := ERROR | WARNING | USER | MATCHING | EXECUTOR_RUNTIME | VERDICTOP
#ConsoleMask := ERROR | WARNING | USER | MATCHING | EXECUTOR_RUNTIME | VERDICTOP
LogSourceInfo := Stack
LogEntityName:= Yes
LogEventTypes:= Yes
#TimeStampFormat := DateTime
[TESTPORT_PARAMETERS]
# In this section you can specify parameters that are passed to Test Ports.
# CAM Layer
# next_header : btpA|btpB (overwrite BTP.type)
# header_type : tsb|gbc
# header_sub_type : sh (single hop)
# DENM Layer
# next_header : btpA|btpB (overwrite BTP.type)
# header_type : tsb|gbc
# BTP Layer
# type : btpA|btpB
# destination port: dst_port
# source port : src_port
# device_mode : Set to 1 if the layer shall encapsulate upper layer PDU
# device_mode : Set to 1 if the layer shall encapsulate upper layer PDU
# GN Layer
# ll_address : GeoNetworking address of the Test System
# latitude : latitude of the Test System
# longitude : longitude of the Test System
# beaconing : Set to 1 if GnLayer shall start beaconing
# Beaconing timer expiry: expiry (ms)
# device_mode : Set to 1 if the layer shall encapsulate upper layer PDU
# secured_mode : Set to 1 if message exchanges shall be signed
# encrypted_mode : Set to 1 if message exchanges shall be encrypted
# NOTE: For signed & encrypted message exchanges, both secured_mode and encrypted_mode shall be set to 1
# sec_db_path : Path to the certificates and keys storage location
# hash : Hash algorithm to be used when secured mode is set
# Authorized values are SHA-256 or SHA-384
# Default: SHA-256
# signature : Signature algorithm to be used when secured mode is set
# Authorized values are NISTP-256, NISTP-384, BP-256 and BP-384
# Default: NISTP-256
# cypher : Cyphering algorithm to be used when secured mode is set
# Authorized values are NISTP-256, BP-256 and BP-384
# Default: NISTP-256
# Pki layer
# certificate : Certificate to be used by the Test System for signature and encryption. Default: CERT_TS_A_AT
# peer_certificate : Certificate to be used by the IUT for signature and encryption. Default: CERT_IUT_A_AT
# Ethernet layer
# mac_src :Source MAC address
# mac_bc :Broadcast address
# eth_type : Ethernet type
# Commsignia layer
# mac_src : Device MAC address, used to discard packets
# To indicate no filering, use the value 000000000000
# mac_bc : Broadcast address
# eth_type : Ethernet type, used to discard packets
# target_host : Device address
# target_port : Device port
# source_port : Test System port
# interface_id: Interface id, used to discard packets
# tx_power : TX power (dB)
# UDP layer (IP/UDP based on Pcap)
# dst_ip : destination IPv4 address (aa.bb.cc.dd)
# dst_port: destination port
# src_ip : source IPv4 address (aa.bb.cc.dd)
# src_port: source port
# Pcap layer
# mac_src : Source MAC address, used to exclude from capture the acket sent by the Test System
# filter : Pcap filter (compliant with tcpdump syntax)
# Online mode:
# nic: Local NIC
# If set, online mode is used
# Offline mode (nic is present but not set):
# file : File to read
# frame_offset: Frame offset, used to skip packets with frame number < frame_offset
# time_offset : Time offset, used to skip packets with time offset < time_offset
# save_mode : 1 to save sent packet, 0 otherwise
# Single GeoNetworking component port
# its_aid = 36 CAM
# its_aid = 37 DENM
system.geoNetworkingPort.params := "GN(ll_address=4C5E0C14D2EB,latitude=43551050,longitude=10298730,distanceA=1500,distanceB=1500,angle=0,device_mode=0,secured_mode=1,its_aid=36,certificate=CERT_TS_A_AT,sec_db_path=/home/vagrant/tmp/asn1c_cert)/ETH(mac_src=e2b7b30429eb)/PCAP(mac_src=e2b7b30429eb,nic=eth1,filter=and ether proto 0x8947)"
# Single HTTP component port
system.httpPort.params := "HTTP(codecs=http_its:http_etsi_ieee1609dot2_codec)/TCP(debug=1,server_mode=1,server=192.168.42.4,port=80,local_port=80,use_ssl=0)"
# GeoNetworking UpperTester port based on UDP
system.utPort.params := "UT_PKI/UDP(dst_ip=192.168.42.2,src_port=12345)"
[EXECUTE]
# Check that IUT sends an enrolment request when triggered.
#ItsPki_TestCases.TC_SECPKI_ITSS_ENR_01_BV
# If the enrolment request of the IUT is an initial enrolment request, the itsId (contained in the InnerECRequest) shall be set to the canonical identifier, the signer (contained in the outer EtsiTs1030971Data-Signed) shall be set to self and the outer signature shall be computed using the canonical private key.
#ItsPki_TestCases.TC_SECPKI_ITSS_ENR_02_BV
# In presence of a valid EC, the enrolment request of the IUT is a rekeying enrolment request with the itsId (contained in the InnerECRequest) and the SignerIdentifier (contained in the outer EtsiTs1030971Data-Signed) both declared as digest containing the HashedId8 of the EC and the outer signature computed using the current valid EC private key corresponding to the verification public key.
#ItsPki_TestCases.TC_SECPKI_ITSS_ENR_03_BV
#ItsPki_TestCases.TC_SECPKI_ITSS_ENR_06_BV
#ItsPki_TestCases.TC_SECPKI_ITSS_ENR_07_BV
ItsPki_TestCases.TC_SECPKI_ITSS_AUTH_01_BV
[MAIN_CONTROLLER]
# The options herein control the behavior of MC.
KillTimer := 10.0
LocalAddress := 127.0.0.1
TCPPort := 12000
NumHCs := 1
etc/AtsSecurity/AtsSecurity.cfg
View file @ 4ba5fda7
......@@ -21,12 +21,36 @@
# stationCountryCode := 0, #33,
# mid := '000000000011'O
#} # Commsignia
#LibItsGeoNetworking_Pics.PICS_GN_LOCAL_GN_ADDR := {
# typeOfAddress := e_initial,
# stationType := e_passengerCar, #e_roadSideUnit,
# stationCountryCode := 0, #33,
# mid := '000000030201'O
#} # Marben
#LibItsGeoNetworking_Pics.PICS_GN_LOCAL_GN_ADDR := {
# typeOfAddress := e_initial,
# stationType := e_roadSideUnit,
# stationCountryCode := 0, #33,
# mid := '08002729c3e8'O
#} # Siemens
#LibItsGeoNetworking_Pics.PICS_GN_LOCAL_GN_ADDR := {
# typeOfAddress := e_initial,
# stationType := e_roadSideUnit,
# stationCountryCode := 250, #33,
# mid := 'b680025e2a44'O
#} # LaCroix
LibItsGeoNetworking_Pics.PICS_GN_LOCAL_GN_ADDR := {
typeOfAddress := e_initial,
stationType := e_unknown, #e_roadSideUnit,
stationCountryCode := 0, #33,
mid := '4c5e0c14d2ea'O
} # Simu
stationType := e_unknown,
stationCountryCode := 140, #33,
mid := '00e06a016537'O
} # Codha
#LibItsGeoNetworking_Pics.PICS_GN_LOCAL_GN_ADDR := {
# typeOfAddress := e_initial,
# stationType := e_unknown, #e_roadSideUnit,
# stationCountryCode := 0, #33,
# mid := '4c5e0c14d2ea'O
#} # Simu
LibItsGeoNetworking_Pixits.PX_GN_UPPER_LAYER := e_btpB
LibItsBtp_Pixits.PX_DESTINATION_PORT := 2001
......@@ -123,8 +147,8 @@ LogEventTypes:= Yes
# its_aid = 36 CAM
# its_aid = 37 DENM
# its_aid = 141 GeonNet mgnt
#system.geoNetworkingPort.params := "GN(ll_address=4C5E0C14D2EB,latitude=43551050,longitude=10298730,distanceA=1500,distanceB=1500,angle=0,device_mode=0,secu#red_mode=1,its_aid=36,certificate=CERT_TS_A_AT,sec_db_path=/home/vagrant/tmp/asn1c_cert)/ETH(mac_src=e2b7b30429eb)/PCAP(mac_src=e2b7b30429eb,nic=eth1,filter=and ether proto 0x8947)"
system.geoNetworkingPort.params := "GN(ll_address=4C5E0C14D2EB,latitude=43551050,longitude=10298730,distanceA=1500,distanceB=1500,angle=0,device_mode=0,secured_mode=1,its_aid=36,certificate=CERT_TS_A_AT,sec_db_path=/home/vagrant/tmp/asn1c_cert)/COMMSIGNIA(mac_src=000000000011,use_vpn=0,target_host=192.168.42.2)/UDP(dst_ip=192.168.42.2,src_port=7943,dst_port=6666)"
system.geoNetworkingPort.params := "GN(ll_address=4C5E0C14D2EB,latitude=43551050,longitude=10298730,distanceA=1500,distanceB=1500,angle=0,device_mode=0,secured_mode=1,its_aid=36,certificate=CERT_TS_A_AT,sec_db_path=/home/vagrant/tmp/asn1c_cert)/ETH(mac_src=e2b7b30429eb)/PCAP(mac_src=e2b7b30429eb,nic=eth1,filter=and ether proto 0x8947)"
#system.geoNetworkingPort.params := "GN(ll_address=4C5E0C14D2EB,latitude=43551050,longitude=10298730,distanceA=1500,distanceB=1500,angle=0,device_mode=0,secured_mode=1,its_aid=36,certificate=CERT_TS_A_AT,sec_db_path=/home/vagrant/tmp/asn1c_cert)/COMMSIGNIA(mac_src=000000000011,use_vpn=0,target_host=192.168.42.2)/UDP(dst_ip=192.168.42.2,src_port=7943,dst_port=6666)"
#system.geoNetworkingPort.params := "GN(ll_address=4C5E0C14D2EB,latitude=43551050,longitude=10298730,distanceA=1500,distanceB=1500,angle=0,device_mode=0,secured_mode=1,its_aid=36,certificate=CERT_TS_A_AT,sec_db_path=/home/vagrant/tmp/asn1c_cert)/COMMSIGNIA(mac_src=000000000011,use_vpn=1,target_host=10.8.0.1)/UDP(dst_ip=10.8.0.1,src_port=7943,dst_port=7946)"
#system.geoNetworkingPort.params := "GN(ll_address=4C5E0C14D2EB,latitude=43551050,longitude=10298730,distanceA=1500,distanceB=1500,angle=0,device_mode=0,secured_mode=1,its_aid=36,certificate=CERT_TS_A_AT,sec_db_path=/home/vagrant/tmp/asn1c_cert)/COMMSIGNIA(mac_src=000000000011,target_host=10.8.0.1)/UDP_PCAP(dst_ip=10.8.0.1,dst_port=7943,src_ip=192.168.0.154,src_port=39474)/ETH(mac_src=0800275c4959,eth_type=0800)/PCAP(mac_src=0800275c4959,nic=tap0,filter=and (udp port 39474 or udp port 7943))"
......@@ -137,19 +161,21 @@ system.geoNetworkingPort.params := "GN(ll_address=4C5E0C14D2EB,latitude=43551050
#system.utPort.params := "UT_GN(loopback=1)"
# CAM UpperTester port based on UDP
#system.camUtPort.params := "UT_CAM(loopback=1)"
#system.utPort.params := "UT_CAM(loopback=1)"
system.denmUtPort.params := "UT_DENM/UDP(dst_ip=192.168.1.250)" # Simulator
system.camUtPort.params := "UT_CAM/UDP(dst_ip=192.168.1.250)"
system.utPort.params := "UT_GN/UDP(dst_ip=192.168.1.250)"
#system.utPort.params := "UT_DENM/UDP(dst_ip=192.168.42.2)" # Simulator
#system.denmUtPort.params := "UT_DENM/UDP(dst_ip=172.23.0.1,dst_port=8000)" # Nordsys
#system.utPort.params := "UT_CAM/UDP(dst_ip=172.28.128.4)" # Simulator Siemens
#system.camUtPort.params := "UT_CAM/UDP(dst_ip=172.28.128.4)" # Simulator Siemens
#system.utPort.params := "UT_DENM/UDP(dst_ip=172.23.0.1,dst_port=8000)" # Nordsys
#system.utPort.params := "UT_CAM/UDP(dst_ip=10.8.0.1,dst_port=56000)" # Commsignia
#system.camUtPort.params := "UT_CAM/UDP(dst_ip=10.8.0.1,dst_port=56000)"
#system.denmUtPort.params := "UT_DENM/UDP(dst_ip=10.8.0.1,dst_port=56000)"
#system.utPort.params := "UT_CAM/UDP(dst_ip=10.100.62.1,dst_port=10005)" # Marben
#system.utPort.params := "UT_CAM/UDP(dst_ip=192.168.42.10)" # Siemens
#system.utPort.params := "UT_CAM/UDP(dst_ip=192.168.42.10,dst_port=4200)" # Lacroix
system.utPort.params := "UT_CAM/UDP(dst_ip=192.168.3.2,dst_port=5001)" # Codha
[EXECUTE]
......
ttcn/AtsPki/ItsPki_TestCases.ttcn
View file @ 4ba5fda7
......@@ -98,7 +98,7 @@ module ItsPki_TestCases {
p_result := 0;
if (f_verify_pki_request_message(vc_eaPrivateEncKey, vc_eaWholeHash/*salt*/, vc_eaWholeHash, p_request.body.binary_body.ieee1609dot2_data, true, v_request_hash, v_etsi_ts_102941_data, v_aes_enc_key) == false) { // Cannot decrypt the message
if (f_verify_pki_request_message(vc_eaPrivateEncKey, vc_eaWholeHash/*salt*/, ''O, p_request.body.binary_body.ieee1609dot2_data, true, v_request_hash, v_etsi_ts_102941_data, v_aes_enc_key) == false) { // Cannot decrypt the message
// Send error message
v_response := m_http_response(m_http_response_ko(m_http_message_body_binary(m_binary_body_ieee1609dot2_data(v_ieee1609dot2_signed_and_encrypted_data)), p_headers, 400, "Bad request")); // Initialize v_reponse with an error message
// Set verdict
......@@ -119,14 +119,15 @@ module ItsPki_TestCases {
// Set verdict
p_result := -3;
} else {
log("f_verify_http_ec_request_from_iut_itss: match ", match(p_inner_ec_request, mw_innerEcRequest(p_its_id, -, mw_certificate_subject_attributes({mw_appPermissions(c_its_aid_SCR, ?)})))); // TODO In TITAN, this is the only way to get the unmatching in log
if (match(p_inner_ec_request, mw_innerEcRequest(p_its_id, -, mw_certificate_subject_attributes({mw_appPermissions(c_its_aid_SCR, ?)}))) == false) {
log("f_verify_http_ec_request_from_iut_itss: matching: ", match(p_inner_ec_request, mw_innerEcRequest(p_its_id, -, mw_certificate_subject_attributes({mw_appPermissions(c_its_aid_SCR, ?)})))); // TODO In TITAN, this is the only way to get the unmatching in log
if (match(p_inner_ec_request, mw_innerEcRequest(p_its_id, -, mw_certificate_subject_attributes_optional_assuranceLevel({mw_appPermissions(c_its_aid_SCR, ?)}, -, -, omit))) == false) {
// Send error message: Not enrolmentrequest
f_http_build_inner_ec_response(p_inner_ec_request, badcontenttype, v_request_hash, -, -, v_aes_enc_key, v_inner_ec_response, v_ieee1609dot2_signed_and_encrypted_data);
v_response := m_http_response(m_http_response_ok(m_http_message_body_binary(m_binary_body_ieee1609dot2_data(v_ieee1609dot2_signed_and_encrypted_data)), p_headers));
// Set verdict
p_result := -4;
} else {
// TODO Check ValidityPeriod
// Send OK message
log("f_verify_http_ec_request_from_iut_itss: Receive ", p_inner_ec_request);
if (p_force_response_code == ok) {
......@@ -169,13 +170,13 @@ module ItsPki_TestCases {
p_result := 0;
if (f_verify_pki_request_message(vc_eaPrivateEncKey, vc_eaWholeHash/*salt*/, vc_eaWholeHash, p_request.body.binary_body.ieee1609dot2_data, true, v_request_hash, v_etsi_ts_102941_data, v_aes_enc_key) == false) { // Cannot decrypt the message
if (f_verify_pki_request_message(vc_eaPrivateEncKey, vc_eaWholeHash/*salt*/, ''O, p_request.body.binary_body.ieee1609dot2_data, true, v_request_hash, v_etsi_ts_102941_data, v_aes_enc_key) == false) { // Cannot decrypt the message
// Send error message
v_response := m_http_response(m_http_response_ko(m_http_message_body_binary(m_binary_body_ieee1609dot2_data(v_ieee1609dot2_signed_and_encrypted_data)), p_headers, 400, "Bad request")); // Initialize v_reponse with an error message
// Set verdict
p_result := -1;
} else {
log("f_verify_http_at_request_from_iut_itss: match ", match(v_etsi_ts_102941_data.content, mw_authorizationRequest(mw_innerAtRequest))); // TODO In TITAN, this is the only way to get the unmatching in log
log("f_verify_http_at_request_from_iut_itss: matching: ", match(v_etsi_ts_102941_data.content, mw_authorizationRequest(mw_innerAtRequest))); // TODO In TITAN, this is the only way to get the unmatching in log
if (match(v_etsi_ts_102941_data.content, mw_authorizationRequest(mw_innerAtRequest)) == false) {
// Send error message
f_http_build_authorization_response(p_inner_at_request, its_aa_cantparse, v_request_hash, -, -, v_aes_enc_key, v_inner_at_response, v_ieee1609dot2_signed_and_encrypted_data);
......@@ -192,12 +193,25 @@ module ItsPki_TestCases {
} else {
log("f_verify_http_at_request_from_iut_itss: match ", match(p_inner_at_request, mw_innerAtRequest(mw_publicKeys, -, mw_shared_at_request, mw_ec_signature))); // TODO In TITAN, this is the only way to get the unmatching in log
if (match(p_inner_at_request, mw_innerAtRequest(mw_publicKeys, -, mw_shared_at_request, mw_ec_signature)) == false) { // TODO To be refined
// Send error message: Not enrolmentrequest
// Send error message: No enrolment request
f_http_build_authorization_response(p_inner_at_request, its_aa_badcontenttype, v_request_hash, -, -, v_aes_enc_key, v_inner_at_response, v_ieee1609dot2_signed_and_encrypted_data);
v_response := m_http_response(m_http_response_ok(m_http_message_body_binary(m_binary_body_ieee1609dot2_data(v_ieee1609dot2_signed_and_encrypted_data)), p_headers));
// Set verdict
p_result := -4;
} else {
var PublicVerificationKey v_verification_tag;
var octetstring v_encoded_tag;
var octetstring v_key_tag;
// Build the tag
v_encoded_tag := bit2oct(encvalue(p_inner_at_request.publicKeys.verificationKey));
if (ispresent(p_inner_at_request.publicKeys.encryptionKey)) {
v_encoded_tag := v_encoded_tag & bit2oct(encvalue(p_inner_at_request.publicKeys.encryptionKey));
}
// TODO Verify HMAC-SHA256
log("f_verify_http_at_request_from_iut_itss: v_encoded_tag= ", v_encoded_tag);
log("f_verify_http_at_request_from_iut_itss: keyTag= ", p_inner_at_request.sharedAtRequest.keyTag);
// Send OK message
log("f_verify_http_at_request_from_iut_itss: Receive ", p_inner_at_request);
if (p_force_response_code == ok) {
......@@ -347,29 +361,34 @@ module ItsPki_TestCases {
// Test adapter configuration
// Preamble
f_readCertificate(vc_hashedId8ToBeUsed, v_certificate);
f_getCertificateDigest(vc_hashedId8ToBeUsed, v_certificate_digest);
// Wait for IUT certificate
geoNetworkingPort.clear;
tc_ac.start;
alt {
[] a_await_cam_with_current_cert(v_certificate_digest, v_certificate) {
tc_ac.stop;
f_selfOrClientSyncAndVerdict(c_prDone, e_success);
}
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mw_etsiTs103097Data_signed
))) {
repeat;
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected CA message not received ***");
f_selfOrClientSyncAndVerdict(c_prDone, e_timeout);
}
} // End of 'alt' statement
if (true) {
// Initial state: No CAM shall be emitted
f_selfOrClientSyncAndVerdict(c_prDone, e_success);
} else {
f_readCertificate(vc_hashedId8ToBeUsed, v_certificate);
f_getCertificateDigest(vc_hashedId8ToBeUsed, v_certificate_digest);
// Wait for IUT certificate
geoNetworkingPort.clear;
tc_ac.start;
alt {
[] a_await_cam_with_current_cert(v_certificate_digest, v_certificate) {
tc_ac.stop;
f_selfOrClientSyncAndVerdict(c_prDone, e_success);
}
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mw_etsiTs103097Data_signed
))) {
repeat;
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected CA message not received ***");
f_selfOrClientSyncAndVerdict(c_prDone, e_timeout);
}
} // End of 'alt' statement
}
// Test Body
f_sendUtTriggerEnrolmentRequestPrimitive();
......@@ -406,7 +425,7 @@ module ItsPki_TestCases {
mw_binary_body_ieee1609dot2_data(
mw_enrolmentRequestMessage(
mw_encryptedData(
{ *, mw_recipientInfo_pskRecipInfo/*(vc_eaHashedId8)*/, * },
{ *, mw_recipientInfo_certRecipInfo(mw_pKRecipientInfo(vc_eaHashedId8)), * },
mw_SymmetricCiphertext_aes128ccm
)))))),
v_request
......@@ -422,7 +441,7 @@ module ItsPki_TestCases {
// Send response
if (isvalue(v_response)) {
httpPort.send(v_response);
}
} // TODO Send HTTP error 500
// Set verdict
if (v_result == 0) {
log("*** " & testcasename() & ": PASS: InnerEcRequest received ***");
......@@ -575,29 +594,34 @@ module ItsPki_TestCases {
// Test adapter configuration
// Preamble
f_readCertificate(vc_hashedId8ToBeUsed, v_certificate);
f_getCertificateDigest(vc_hashedId8ToBeUsed, v_certificate_digest);
// Wait for IUT certificate
geoNetworkingPort.clear;
tc_ac.start;
alt {
[] a_await_cam_with_current_cert(v_certificate_digest, v_certificate) {
tc_ac.stop;
f_selfOrClientSyncAndVerdict(c_prDone, e_success);
}
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mw_etsiTs103097Data_signed
))) {
repeat;
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected CA message not received ***");
f_selfOrClientSyncAndVerdict(c_prDone, e_timeout);
}
} // End of 'alt' statement
if (true) {
// Initial state: No CAM shall be emitted
f_selfOrClientSyncAndVerdict(c_prDone, e_success);
} else {
f_readCertificate(vc_hashedId8ToBeUsed, v_certificate);
f_getCertificateDigest(vc_hashedId8ToBeUsed, v_certificate_digest);
// Wait for IUT certificate
geoNetworkingPort.clear;
tc_ac.start;
alt {
[] a_await_cam_with_current_cert(v_certificate_digest, v_certificate) {
tc_ac.stop;
f_selfOrClientSyncAndVerdict(c_prDone, e_success);
}
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mw_etsiTs103097Data_signed
))) {
repeat;
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected CA message not received ***");
f_selfOrClientSyncAndVerdict(c_prDone, e_timeout);
}
} // End of 'alt' statement
}
// Test Body
f_sendUtTriggerEnrolmentRequestPrimitive();
......@@ -635,7 +659,7 @@ module ItsPki_TestCases {
mw_binary_body_ieee1609dot2_data(
mw_enrolmentRequestMessage(
mw_encryptedData(
{ *, mw_recipientInfo_pskRecipInfo/*(vc_eaHashedId8)*/, * },
{ *, mw_recipientInfo_certRecipInfo(mw_pKRecipientInfo(vc_eaHashedId8)), * },
mw_SymmetricCiphertext_aes128ccm
)))))),
v_request
......@@ -649,9 +673,10 @@ module ItsPki_TestCases {
// Verify IUT response
f_verify_http_ec_request_from_iut_itss(
v_request.request, v_headers, v_inner_ec_request, v_response, v_result,
PICS_ITS_S_CANONICAL_ID, // containing itsId declared as digest containing the HashedId8 of the EC identifier
m_signerIdentifier_digest(PICS_ITS_S_CANONICAL_ID)); // containing signer declared as digest containing the HashedId8 of the EC identifier
PX_EC_HASHED_ID8, // containing itsId declared as digest containing the HashedId8 of the EC identifier
m_signerIdentifier_digest(PX_EC_HASHED_ID8 // containing signer declared as digest containing the HashedId8 of the EC identifier
)
);
// Send response
if (isvalue(v_response)) {
......@@ -888,7 +913,7 @@ module ItsPki_TestCases {
mw_binary_body_ieee1609dot2_data(
mw_enrolmentRequestMessage(
mw_encryptedData(
{ *, mw_recipientInfo_pskRecipInfo/*(vc_eaHashedId8)*/, * },
{ *, mw_recipientInfo_certRecipInfo(mw_pKRecipientInfo(vc_eaHashedId8)), * },
mw_SymmetricCiphertext_aes128ccm
)))))),
v_request
......@@ -929,7 +954,7 @@ module ItsPki_TestCases {
mw_binary_body_ieee1609dot2_data(
mw_enrolmentRequestMessage(
mw_encryptedData(
{ *, mw_recipientInfo_pskRecipInfo/*(vc_eaHashedId8)*/, * },
{ *, mw_recipientInfo_certRecipInfo(mw_pKRecipientInfo(vc_eaHashedId8)), * },
mw_SymmetricCiphertext_aes128ccm
)))))),
v_request
......@@ -1444,7 +1469,7 @@ module ItsPki_TestCases {
mw_binary_body_ieee1609dot2_data(
mw_enrolmentRequestMessage(
mw_encryptedData(
{ *, mw_recipientInfo_pskRecipInfo/*(vc_eaHashedId8)*/, * },
{ *, mw_recipientInfo_pskRecipInfo(vc_eaHashedId8), * },
mw_SymmetricCiphertext_aes128ccm
)))))),
v_request
......@@ -1629,7 +1654,7 @@ module ItsPki_TestCases {
mw_binary_body_ieee1609dot2_data(
mw_enrolmentRequestMessage(
mw_encryptedData(
{ *, mw_recipientInfo_pskRecipInfo/*(vc_eaHashedId8)*/, * },
{ *, mw_recipientInfo_pskRecipInfo(vc_eaHashedId8), * },
mw_SymmetricCiphertext_aes128ccm
)))))),
v_request
......@@ -1734,32 +1759,40 @@ module ItsPki_TestCases {
// Test adapter configuration
// Preamble
f_readCertificate(vc_hashedId8ToBeUsed, v_certificate);
f_getCertificateDigest(vc_hashedId8ToBeUsed, v_certificate_digest);
// Wait for IUT certificate
geoNetworkingPort.clear;
tc_ac.start;
alt {
[] a_await_cam_with_current_cert(v_certificate_digest, v_certificate) {
tc_ac.stop;
if (PX_TRIGGER_EC_BEFORE_AT) {
f_sendUtTriggerEnrolmentRequestPrimitive();
}
f_selfOrClientSyncAndVerdict(c_prDone, e_success);
}
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mw_etsiTs103097Data_signed
))) {
repeat;
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected CA message not received ***");
f_selfOrClientSyncAndVerdict(c_prDone, e_timeout);
if (true) {
// Enroll state: No CAM shall be emitted
if (PX_TRIGGER_EC_BEFORE_AT) {
f_sendUtTriggerEnrolmentRequestPrimitive();
}
} // End of 'alt' statement
f_selfOrClientSyncAndVerdict(c_prDone, e_success);
} else {
f_readCertificate(vc_hashedId8ToBeUsed, v_certificate);
f_getCertificateDigest(vc_hashedId8ToBeUsed, v_certificate_digest);
// Wait for IUT certificate
geoNetworkingPort.clear;
tc_ac.start;
alt {
[] a_await_cam_with_current_cert(v_certificate_digest, v_certificate) {
tc_ac.stop;