Commit e0cc554f authored by vagrant's avatar vagrant
Browse files

AtsPki validation: major bugs fixed

parent cabcd97c
......@@ -118,7 +118,8 @@ LogEventTypes:= Yes
system.geoNetworkingPort.params := "GN(ll_address=4C5E0C14D2EA,latitude=43551050,longitude=10298730)/ETH(mac_src=080027500f9b)/PCAP(mac_src=080027500f9b,nic=eth2)"
#system.httpPort.params := "HTTP(codecs=http_its:http_etsi_ieee1609dot2_codec)/TCP(debug=1,server=ptsv2.com,use_ssl=0)"
#system.httpPort.params := "HTTP(codecs=http_its:http_etsi_ieee1609dot2_codec)/TCP(server=127.0.0.1,port=8000,use_ssl=0)"
system.httpPort.params := "HTTP(codecs=http_its:http_etsi_ieee1609dot2_codec)/TCP(server=etsi.ea.msi-dev.acloud.gemalto.com,port=80,use_ssl=0)"
system.httpPort.params := "HTTP(codecs=http_its:http_etsi_ieee1609dot2_codec)/TCP(server=52.85.200.75,port=80,use_ssl=0)"
#system.httpPort.params := "HTTP(codecs=http_its:http_etsi_ieee1609dot2_codec)/TCP(server=etsi.ea.msi-dev.acloud.gemalto.com,port=80,use_ssl=0)"
system.pkiPort.params := "PKI(certificate=CERT_EA)/HTTP(device_mode=1,uri=/its/inner_ec_request,host=httpbin.org,content_type=application/x-its-request)/TCP(server=127.0.0.1,port=8000,use_ssl=0)"
# GeoNetworking UpperTester port based on UDP
......@@ -127,9 +128,12 @@ system.utPort.params := "UT_PKI/UDP(dst_ip=172.23.0.1,dst_port=8000)"
[EXECUTE]
#ItsPki_TestCases.TC_SEC_PKI_ITSS_ENR_BV_01
#ItsPki_TestCases.TC_SEC_PKI_ITSS_ENR_BV_02
ItsPki_TestCases.TC_SEC_PKI_SND_EA_BV_01
#ItsPki_TestCases.TC_SEC_PKI_SND_EA_BV_01
#ItsPki_TestCases.TC_SEC_PKI_SND_AA_BV_00
#ItsPki_TestCases.TC_SEC_PKI_SND_EA_BV_02
#ItsPki_TestCases.TC_SEC_PKI_SND_EA_BV_03
ItsPki_TestCases.TC_SEC_PKI_SND_EA_BV_03
#ItsPki_TestCases.TC_SEC_PKI_SND_EA_BV_04
#ItsPki_TestCases.TC_SEC_PKI_SND_EA_BV_05
#ItsPki_TestCases.TC_SEC_PKI_SND_EA_BV_06
......
......@@ -1530,8 +1530,8 @@ module ItsPki_TestCases {
var HttpMessage v_response;
// Test control
if (not PICS_IUT_EA_ROLE) {
log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
if (not PICS_IUT_EA_ROLE or PICS_IUT_COMBINED_EA_AA_ROLE) {
log("*** " & testcasename() & ": PICS_IUT_EA_ROLE and not PICS_IUT_COMBINED_EA_AA_ROLE required for executing the TC ***");
setverdict(inconc);
stop;
}
......@@ -1617,8 +1617,8 @@ module ItsPki_TestCases {
var HttpMessage v_response;
// Test control
if (not PICS_IUT_EA_ROLE) {
log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
if (not PICS_IUT_EA_ROLE or PICS_IUT_COMBINED_EA_AA_ROLE) {
log("*** " & testcasename() & ": PICS_IUT_EA_ROLE and not PICS_IUT_COMBINED_EA_AA_ROLE required for executing the TC ***");
setverdict(inconc);
stop;
}
......@@ -1677,6 +1677,144 @@ module ItsPki_TestCases {
group aa_behavior {
group authorization_request {
testcase TC_SEC_PKI_SND_AA_BV_00() runs on ItsPkiHttp system ItsPkiHttpSystem {
var Oct32 v_private_key_ec;
var Oct32 v_publicKeyCompressed_ec;
var integer v_compressedMode_ec;
var Oct32 v_private_key_at;
var Oct32 v_publicKeyCompressed_at;
var integer v_compressedMode_at;
var Oct32 v_request_hash;
var Oct16 v_encrypted_sym_key;
var Oct16 v_aes_sym_key;
var Oct16 v_authentication_vector;
var Oct12 v_nonce;
var octetstring v_salt;
var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
var HeaderLines v_headers;
var InnerEcResponse v_inner_ec_response;
var HttpMessage v_response;
var EtsiTs102941Data v_etsi_ts_102941_data;
// Test control
if (not PICS_IUT_COMBINED_EA_AA_ROLE) {
log("*** " & testcasename() & ": PICS_IUT_COMBINED_EA_AA_ROLE required for executing the TC ***");
setverdict(inconc);
stop;
}
// Test component configuration
f_cfHttpUp(
PICS_TS_CERTIFICATE_ID, // TS role is ITS-S
PICS_IUT_AA_CERTIFICATE_ID // Peer certificate, IUT
);
// Test adapter configuration
// Preamble
f_init_default_headers_list(v_headers);
// TODO Create a f_await_http_inner_ec_request_response(v_private_key_ec, v_publicKeyCompressed_ec, v_compressedMode_ec, v_inner_ec_response);
f_http_build_inner_ec_request(v_private_key_ec, v_publicKeyCompressed_ec, v_compressedMode_ec, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
httpPort.send(
m_http_request(
m_http_request_post(
PICS_HTTP_GET_URI,
v_headers,
m_http_message_body_binary(
m_binary_body_ieee1609dot2_data(
v_ieee1609dot2_signed_and_encrypted_data
)))));
tc_ac.start;
alt {
[] httpPort.receive(
mw_http_response(
mw_http_response_ok(
mw_http_message_body_binary(
mw_binary_body_ieee1609dot2_data(
mw_enrolmentResponseMessage(
mw_encryptedData(
-,
mw_SymmetricCiphertext_aes128ccm
))))))) -> value v_response {
tc_ac.stop;
if (f_verify_pki_message(v_private_key_ec, v_aes_sym_key, v_authentication_vector, vc_eaWholeHash, vc_eaCertificate, v_response.response.body.binary_body.ieee1609dot2_data, false, v_etsi_ts_102941_data) == false) {
log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***");
f_selfOrClientSyncAndVerdictTestBody(c_prDone, e_timeout);
} else {
log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***");
log("*** " & testcasename() & ": DEBUG: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16)))), " ***"); // TODO In TITAN, this is the only way to get the unmatching in log
if (match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16))))) {
v_inner_ec_response := v_etsi_ts_102941_data.content.enrolmentResponse;
log("*** " & testcasename() & ": INFO: InnerEcResponse received ***");
log("v_inner_ec_response= ", v_inner_ec_response);
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
} else {
log("*** " & testcasename() & ": FAIL: Unexpected message received ***");
f_selfOrClientSyncAndVerdictTestBody(c_prDone, e_timeout);
}
}
}
[] httpPort.receive(
mw_http_response(
mw_http_response_ko
)) {
tc_ac.stop;
log("*** " & testcasename() & ": FAIL: Unexpected message received ***");
f_selfOrClientSyncAndVerdictTestBody(c_prDone, e_timeout);
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_prDone, e_timeout);
}
} // End of 'alt' statement
// Test Body
f_http_build_inner_at_request(v_private_key_at, v_publicKeyCompressed_at, v_compressedMode_at, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
tc_ac.start;
alt {
[] httpPort.receive(
mw_http_response(
mw_http_response_ok(
mw_http_message_body_binary(
mw_binary_body_ieee1609dot2_data(
mw_authorizationResponseMessage(
mw_encryptedData(
-,
mw_SymmetricCiphertext_aes128ccm
))))))) -> value v_response {
tc_ac.stop;
if (f_verify_pki_message(v_private_key_at, v_aes_sym_key, v_authentication_vector, vc_eaWholeHash, vc_eaCertificate, v_response.response.body.binary_body.ieee1609dot2_data, false, v_etsi_ts_102941_data) == false) {
log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else {
log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
/*if (match(v_etsi_ts_102941_data.content, mw_authorizationValidationResponse(mw_authorizationValidationResponse_ok))) {
// TODO Refined expected mw_authorizationValidationResponse_ok
log("*** " & testcasename() & ": PASS: Well-secured EA certificate received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
} else {
log("*** " & testcasename() & ": FAIL: Unexpected message received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}*/
}
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_cfHttpDown();
}
/**
* @desc Check that the AA is able to decrypt the AuthorizationRequest message using the encryption private key corresponding to the recipient certificate
......
Subproject commit f10fbd8c89c6daac283cb28a548150f604af0a62
Subproject commit 9762518193609ba46d9b89895ddee2cc9a31cc2c
......@@ -299,11 +299,24 @@ module TestCodec_Pki {
};
var bitstring v_enc_message;
var Oct32 v_full_request_hash;
var Oct32 v_expected_full_request_hash;
var Oct32 v_expected_full_request_hash := 'C36CDB7D587E5DCE2706E874DB8DCC441445E3AAE84C25CA0CEBCFC518542BFD'O;
var Oct16 v_expected_request_hash := 'C36CDB7D587E5DCE2706E874DB8DCC44'O;
v_enc_message := encvalue(v_inner_ec_request_signed_for_pop);
v_full_request_hash := f_hashWithSha256(bit2oct(v_enc_message));
log("v_full_request_hash= ", v_full_request_hash);
if (not(match(v_full_request_hash, v_expected_full_request_hash))) {
setverdict(fail, "Unexpected SHA256 value");
stop;
} else {
setverdict(pass, "Expected SHA256 value");
}
log("request_hash= ", substr(v_full_request_hash, 0 ,16));
if (not(match(substr(v_full_request_hash, 0 ,16), v_expected_request_hash))) {
setverdict(fail, "Unexpected hash request value");
} else {
setverdict(pass, "Expected hash request value");
}
} // End of testcase tc_inner_ec_request_3
testcase tc_inner_ec_response_1() runs on TCType system TCType {
......
This diff is collapsed.
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment