STF538: Start Encryption TPs implementation

Start Certificate generation script

STF538: Start Encryption TPs implementation
Start Certificate generation script
7f07a55c · garciay · 33e34487 · 7f07a55c · 7f07a55c · 7f07a55c
Commit 7f07a55c authored Mar 16, 2018 by garciay
--- a/etc/AtsAutoInterop/AtsAutoInterop.cfg
+++ b/etc/AtsAutoInterop/AtsAutoInterop.cfg
@@ -56,7 +56,9 @@ MatchingHints:=Detailed
 #   beaconing              : Set to 1 if GnLayer shall start beaconing
 #   Beaconning timer expiry: expiry (ms)
 #   device_mode            : Set to 1 if the layer shall encapsulate upper layer PDU
-#   secured_mode           : Set to 1 if message exchanges shall be secured
+#   secured_mode           : Set to 1 if message exchanges shall be signed
+#   encrypted_mode         : Set to 1 if message exchanges shall be encrypted
+#                            NOTE: For signed & encrypted message exchanges, both secured_mode and encrypted_mode shall be set to 1
 #   secure_db_path         : Path to the certificates and keys storage location
 #   hash                   : Hash algorithm to be used when secured mode is set
 #                            Authorized values are SHA-256 or SHA-384

--- a/etc/AtsCAM/AtsCAM.cfg
+++ b/etc/AtsCAM/AtsCAM.cfg
@@ -46,7 +46,9 @@ LogEventTypes:= Yes
 #   beaconing              : Set to 1 if GnLayer shall start beaconing
 #   Beaconning timer expiry: expiry (ms)
 #   device_mode            : Set to 1 if the layer shall encapsulate upper layer PDU
-#   secured_mode           : Set to 1 if message exchanges shall be secured
+#   secured_mode           : Set to 1 if message exchanges shall be signed
+#   encrypted_mode         : Set to 1 if message exchanges shall be encrypted
+#                            NOTE: For signed & encrypted message exchanges, both secured_mode and encrypted_mode shall be set to 1
 #   secure_db_path         : Path to the certificates and keys storage location
 #   hash                   : Hash algorithm to be used when secured mode is set
 #                            Authorized values are SHA-256 or SHA-384

--- a/etc/AtsDENM/AtsDENM.cfg
+++ b/etc/AtsDENM/AtsDENM.cfg
@@ -46,7 +46,9 @@ LogEventTypes:= Yes
 #   beaconing              : Set to 1 if GnLayer shall start beaconing
 #   Beaconning timer expiry: expiry (ms)
 #   device_mode            : Set to 1 if the layer shall encapsulate upper layer PDU
-#   secured_mode           : Set to 1 if message exchanges shall be secured
+#   secured_mode           : Set to 1 if message exchanges shall be signed
+#   encrypted_mode         : Set to 1 if message exchanges shall be encrypted
+#                            NOTE: For signed & encrypted message exchanges, both secured_mode and encrypted_mode shall be set to 1
 #   secure_db_path         : Path to the certificates and keys storage location
 #   hash                   : Hash algorithm to be used when secured mode is set
 #                            Authorized values are SHA-256 or SHA-384

--- a/etc/AtsGeoNetworking/AtsGeoNetworking.cfg
+++ b/etc/AtsGeoNetworking/AtsGeoNetworking.cfg
@@ -46,7 +46,9 @@ LogEventTypes:= Yes
 #   beaconing              : Set to 1 if GnLayer shall start beaconing
 #   Beaconning timer expiry: expiry (ms)
 #   device_mode            : Set to 1 if the layer shall encapsulate upper layer PDU
-#   secured_mode           : Set to 1 if message exchanges shall be secured
+#   secured_mode           : Set to 1 if message exchanges shall be signed
+#   encrypted_mode         : Set to 1 if message exchanges shall be encrypted
+#                            NOTE: For signed & encrypted message exchanges, both secured_mode and encrypted_mode shall be set to 1
 #   secure_db_path         : Path to the certificates and keys storage location
 #   hash                   : Hash algorithm to be used when secured mode is set
 #                            Authorized values are SHA-256 or SHA-384

--- a/etc/AtsRSUsSimulator/AtsRSUSimulator.cfg
+++ b/etc/AtsRSUsSimulator/AtsRSUSimulator.cfg
@@ -39,10 +39,10 @@ ItsRSUsSimulator_Pixits.PICS_GENERATE_SSEM     := false
 # In this section you can specify the name of the log file and the classes of events
 # you want to log into the file or display on console (standard error).
 LogFile := "../logs/%e.%h-%r.%s"
-#FileMask := LOG_ALL | USER | DEBUG | MATCHING
-#ConsoleMask := LOG_ALL | USER | DEBUG | MATCHING
-FileMask := ERROR | USER | MATCHING | EXECUTOR_RUNTIME | VERDICTOP
-ConsoleMask := ERROR | USER | MATCHING | EXECUTOR_RUNTIME | VERDICTOP
+FileMask := LOG_ALL | USER | DEBUG | MATCHING
+ConsoleMask := LOG_ALL | USER | DEBUG | MATCHING
+#FileMask := ERROR | USER | MATCHING | EXECUTOR_RUNTIME | VERDICTOP
+#ConsoleMask := ERROR | USER | MATCHING | EXECUTOR_RUNTIME | VERDICTOP
 LogSourceInfo := Stack
 LogEntityName:= Yes
 LogEventTypes:= Yes
@@ -71,7 +71,9 @@ LogEventTypes:= Yes
 #   beaconing              : Set to 1 if the Test System shall start beaconing
 #   Beaconning timer expiry: Expiry (ms)
 #   device_mode            : Set to 1 if the layer shall encapsulate upper layer PDU
-#   secured_mode           : Set to 1 if message exchanges shall be secured
+#   secured_mode           : Set to 1 if message exchanges shall be signed
+#   encrypted_mode         : Set to 1 if message exchanges shall be encrypted
+#                            NOTE: For signed & encrypted message exchanges, both secured_mode and encrypted_mode shall be set to 1
 #   certificate            : Certificate identifier the Test Adapter shall use
 #   secure_db_path         : Path to the certificates and keys storage location
 #   hash                   : Hash algorithm to be used when secured mode is set
@@ -113,13 +115,13 @@ LogEventTypes:= Yes
 #     save_mode   : 1 to save sent packet, 0 otherwise

 # Single GeoNetworking component port
-system.geoNetworkingPort.params := "GN(ll_address=F8CAB8083918,latitude=43551050,longitude=10298730,beaconing=0,device_mode=0,expiry=1000,secured_mode=1,certificate=CERT_TS_A,sec_db_path=/home/ubuntu/tmp/Yann)/ETH(mac_src=0800275c4959,mac_bc=FFFFFFFFFFFF,eth_type=8947)/PCAP(mac_src=0800275c4959,nic=enp0s8,filter=and ether proto 0x8947)"
+system.geoNetworkingPort.params := "GN(ll_address=F8CAB8083918,latitude=43551050,longitude=10298730,beaconing=0,device_mode=0,expiry=500,secured_mode=1,certificate=CERT_TS_A,sec_db_path=/home/vagrant/tmp/test_01)/ETH(mac_src=0800275c4959,mac_bc=FFFFFFFFFFFF,eth_type=8947)/PCAP(mac_src=0800275c4959,nic=eth1,filter=and ether proto 0x8947)"

 # UpperTester port based on UDP
 #system.utPort.params := "UT/UDP(dst_ip=192.168.56.1,dst_port=12346,src_ip=192.168.156.4,src_port=12345)/ETH(mac_src=026f8338c1e5,mac_dst=0A0027000011,eth_type=0800)/PCAP(mac_src=0800275c4959,nic=enp0s8,filter=udp port 12346)"

 # Config port based on UDP
-system.cfPort.params := "CF/UDP(dst_ip=192.168.56.1,dst_port=12348,src_ip=192.168.156.4,src_port=12347)/ETH(mac_src=026f8338c1e5,mac_dst=0A0027000011,eth_type=0800)/PCAP(mac_src=0800275e8e00,nic=enp0s8,filter=and udp port 12348)"
+system.cfPort.params := "CF/UDP(dst_ip=192.168.0.253,dst_port=12348,src_ip=192.168.0.252,src_port=12347)/ETH(mac_src=080027d2b658,mac_dst=0A0027000011,eth_type=0800)/PCAP(mac_src=080027d2b658,nic=eth1,filter=and udp port 12348)"

 [EXECUTE]
 ItsRSUsSimulator_TestCases.TC_RSUSIMU_BV_01

--- a/etc/TestCodec/TestCodec.cfg
+++ b/etc/TestCodec/TestCodec.cfg
@@ -12,11 +12,11 @@ LibItsGeoNetworking_Pics.PICS_GN_LOCAL_GN_ADDR := {
 LibItsCommon_Pixits.PX_IUT_STATION_ID := 10143;

 # GeoNetwoking only, no facility layer
-#LibItsGeoNetworking_Pixits.PX_GN_UPPER_LAYER := e_any
+LibItsGeoNetworking_Pixits.PX_GN_UPPER_LAYER := e_any
 # With facility layer
-LibItsGeoNetworking_Pixits.PX_GN_UPPER_LAYER := e_btpB
+#LibItsGeoNetworking_Pixits.PX_GN_UPPER_LAYER := e_btpB

-#LibCommon_Time.PX_TAC := 5.0
+LibCommon_Time.PX_TAC := 35.0

 # Root path to access certificate stored in files, identified by certficate ID
 LibItsSecurity_Pixits.PX_CERTIFICATE_POOL_PATH := "/home/vagrant/tmp";
@@ -57,9 +57,11 @@ LogEventTypes:= Yes
 #   latitude               : Latitude of the Test System
 #   longitude              : Kongitude of the Test System
 #   beaconing              : Set to 1 if the Test System shall start beaconing
-#   Beaconning timer expiry: Expiry (ms)
+#   Beaconing timer expiry : Expiry (ms)
 #   device_mode            : Set to 1 if the layer shall encapsulate upper layer PDU
-#   secured_mode           : Set to 1 if message exchanges shall be secured
+#   secured_mode           : Set to 1 if message exchanges shall be signed
+#   encrypted_mode         : Set to 1 if message exchanges shall be encrypted
+#                            NOTE: For signed & encrypted message exchanges, both secured_mode and encrypted_mode shall be set to 1
 #   certificate            : Certificate identifier the Test Adapter shall use
 #   secure_db_path         : Path to the certificates and keys storage location
 #   hash                   : Hash algorithm to be used when secured mode is set
@@ -91,6 +93,7 @@ LogEventTypes:= Yes
 # Pcap layer
 #   mac_src    : Source MAC address, used to exclude from capture the acket sent by the Test System
 #   filter     : Pcap filter (compliant with tcpdump syntax) 
+#                E.g. filter=and ether src 04e548000001
 #   Online mode:
 #     nic: Local NIC
 #          If set, online mode is used
@@ -104,7 +107,7 @@ LogEventTypes:= Yes
 # GN port using PCAP file
 #system.geoNetworkingPort.params := "GN(ll_address=F8CAB8083918,latitude=43551050,longitude=10298730,beaconing=1,expiry=1000,its_aid=141,secured_mode=1,certificate=CERT_TS_A_AT,sec_db_path=/home/vagrant/tmp/Yann)/ETH(mac_src=F8CAB8083918,mac_bc=FFFFFFFFFFFF,eth_type=8947)/PCAP(mac_src=BABEBABE0002,nic=,file=../../../testdata/test_61_beacon_sec.pcap,filter=and ether proto 0x8947,frame_offset=0,save_mode=0)"
 # GN port using NIC
-system.geoNetworkingPort.params := "GN(ll_address=4C5E0C14D2EB,latitude=43551050,longitude=10298730,beaconing=1,expiry=1000,device_mode=0,its_aid=141,secured_mode=1,certificate=CERT_TS_A_AT,sec_db_path=/home/vagrant/tmp/test_01)/ETH(mac_src=4C5E0C14D2EB,mac_bc=FFFFFFFFFFFF,eth_type=8947)/PCAP(mac_src=4C5E0C14D2EB,nic=eth1,file=,filter=and not ether src DC536045AF7E and ether proto 0x8947,frame_offset=0,save_mode=0)"
+system.geoNetworkingPort.params := "GN(ll_address=4C5E0C14D2EB,latitude=43551050,longitude=10298730,beaconing=1,expiry=500,device_mode=0,its_aid=141,secured_mode=1,certificate=CERT_TS_A,sec_db_path=/home/vagrant/tmp/test_01,encrypted_mode=1,cypher=NISTP-256)/ETH(mac_src=4C5E0C14D2EB,mac_bc=FFFFFFFFFFFF,eth_type=8947)/PCAP(mac_src=4C5E0C14D2EB,nic=eth1,file=,filter=and not ether src DC536045AF7E and ether proto 0x8947,frame_offset=0,save_mode=0)"
 # Commsignia GN port
 #system.geoNetworkingPort.params := "GN(ll_address=F8CAB8083918,latitude=43551050,longitude=10298730,beaconing=0,expiry=1000,its_aid=141,secured_mode=0,certificate=ta_cert_nistp256_sha256)/COMMSIGNIA(mac_src=4C5E0C14D2EA,bc=FFFFFFFFFFFF,eth_type=8947,target_host=10.200.1.101,target_port=7942,sourcePort=7943,its_aid=141,interface_id=2,tx_power=-32)/UDP(dst_ip=192.168.56.1,dst_port=12346,src_ip=192.168.156.4,src_port=12345)/ETH(mac_src=026f8338c1e5,mac_dst=0A0027000011,eth_type=0800)/PCAP(mac_src=0800275c4959,file=../../../testdata/commsignia_61_beacon.pcap,filter=and (udp port 30000 or udp port 7943))"
 # Multiple GeoNetworking component port
@@ -155,7 +158,7 @@ system.utPort.params := "UT_GN/UDP(dst_ip=192.168.56.1,dst_port=12346,src_ip=192
 #TestCodec_GeoNetworking.tc_GeoNet_Port_acPort_beaconing_2
 #TestCodec_GeoNetworking.tc_GeoNet_Port_acPort_pass_beaconing_1
 #TestCodec_GeoNetworking.tc_GeoNet_Port_acPort_pass_beaconing_2
-TestCodec_GeoNetworking.tc_GeoNet_Port_acPort_secured_1 # To be executed with secured_mode = 0 and 1
+#TestCodec_GeoNetworking.tc_GeoNet_Port_acPort_secured_1 # To be executed with secured_mode = 0 and 1
 # GeoNetworking port tests
 # To run the GeoNetworking port tests, use the offline mode and the test data provided. Use PcapLayer.save_mode to save sent packet into a file
 #TestCodec_GeoNetworking.tc_GeoNet_Port_1          # Use simulator of file to run this test
@@ -164,7 +167,7 @@ TestCodec_GeoNetworking.tc_GeoNet_Port_acPort_secured_1 # To be executed with se
 #TestCodec_GeoNetworking.tc_GeoNet_Port_2          # Use simulator of file to run this test
                                                   # Used to test device_mode=0,beaconing=1,beacon codec
                                                   # With startPassBeaconing
-#TestCodec_GeoNetworking.tc_GeoNet_Port_3          # Use to test beaconing with secured mode set in config file
+TestCodec_GeoNetworking.tc_GeoNet_Port_3          # Use to test beaconing with secured mode set in config file
                                                   # Used to test device_mode=1,beaconing=1,nic
                                                   # Also used to generate secured/unsecured beacons
 #TestCodec_GeoNetworking.tc_GeoNet_Port_4          # Use simulator of file to run this test with secured mode set in config file
@@ -289,6 +292,7 @@ TestCodec_GeoNetworking.tc_GeoNet_Port_acPort_secured_1 # To be executed with se
 # Certificates
 #TestCodec_Certificates.tc_root_certificate_sha256_1
 #TestCodec_Certificates.tc_root_certificate_sha256_2
+#TestCodec_Certificates.tc_root_certificate_sha256_3
 #TestCodec_Certificates.tc_root_certificate_sha384_1
 #TestCodec_Certificates.tc_at_certificate_sha256_1
 #TestCodec_Certificates.tc_at_certificate_sha256_2
@@ -301,6 +305,8 @@ TestCodec_GeoNetworking.tc_GeoNet_Port_acPort_secured_1 # To be executed with se
 #TestCodec_SecuredMessages.tc_secured_message_unsecured
 #TestCodec_SecuredMessages.tc_secured_message_signed_1
 #TestCodec_SecuredMessages.tc_secured_message_signed_2
+#TestCodec_SecuredMessages.tc_secured_message_signed_and_encrypted_1
+#TestCodec_SecuredMessages.tc_secured_message_signed_and_encrypted_2
 # Chain of certificates
 #TestCodec_ChainOfCertificates.tc_full_check_certificate_1
 #TestCodec_ChainOfCertificates.tc_full_check_certificate_2