AtsPki validation: major bugs fixed (e0cc554f) · Commits · ITS - Intelligent Transport Systems / ITS

etc/AtsPki/AtsPki.cfg

+7 −3

Original line number	Diff line number	Diff line
		@@ -118,7 +118,8 @@ LogEventTypes:= Yes
		system.geoNetworkingPort.params := "GN(ll_address=4C5E0C14D2EA,latitude=43551050,longitude=10298730)/ETH(mac_src=080027500f9b)/PCAP(mac_src=080027500f9b,nic=eth2)"
		#system.httpPort.params := "HTTP(codecs=http_its:http_etsi_ieee1609dot2_codec)/TCP(debug=1,server=ptsv2.com,use_ssl=0)"
		#system.httpPort.params := "HTTP(codecs=http_its:http_etsi_ieee1609dot2_codec)/TCP(server=127.0.0.1,port=8000,use_ssl=0)"
		system.httpPort.params := "HTTP(codecs=http_its:http_etsi_ieee1609dot2_codec)/TCP(server=etsi.ea.msi-dev.acloud.gemalto.com,port=80,use_ssl=0)"
		system.httpPort.params := "HTTP(codecs=http_its:http_etsi_ieee1609dot2_codec)/TCP(server=52.85.200.75,port=80,use_ssl=0)"
		#system.httpPort.params := "HTTP(codecs=http_its:http_etsi_ieee1609dot2_codec)/TCP(server=etsi.ea.msi-dev.acloud.gemalto.com,port=80,use_ssl=0)"
		system.pkiPort.params := "PKI(certificate=CERT_EA)/HTTP(device_mode=1,uri=/its/inner_ec_request,host=httpbin.org,content_type=application/x-its-request)/TCP(server=127.0.0.1,port=8000,use_ssl=0)"

		# GeoNetworking UpperTester port based on UDP
		@@ -127,9 +128,12 @@ system.utPort.params := "UT_PKI/UDP(dst_ip=172.23.0.1,dst_port=8000)"
		[EXECUTE]
		#ItsPki_TestCases.TC_SEC_PKI_ITSS_ENR_BV_01
		#ItsPki_TestCases.TC_SEC_PKI_ITSS_ENR_BV_02
		ItsPki_TestCases.TC_SEC_PKI_SND_EA_BV_01
		#ItsPki_TestCases.TC_SEC_PKI_SND_EA_BV_01

		#ItsPki_TestCases.TC_SEC_PKI_SND_AA_BV_00

		#ItsPki_TestCases.TC_SEC_PKI_SND_EA_BV_02
		#ItsPki_TestCases.TC_SEC_PKI_SND_EA_BV_03
		ItsPki_TestCases.TC_SEC_PKI_SND_EA_BV_03
		#ItsPki_TestCases.TC_SEC_PKI_SND_EA_BV_04
		#ItsPki_TestCases.TC_SEC_PKI_SND_EA_BV_05
		#ItsPki_TestCases.TC_SEC_PKI_SND_EA_BV_06

ttcn/AtsPki/ItsPki_TestCases.ttcn

+142 −4

Original line number	Diff line number	Diff line
		@@ -1530,8 +1530,8 @@ module ItsPki_TestCases {
		var HttpMessage v_response;

		// Test control
		if (not PICS_IUT_EA_ROLE) {
		log("* " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC *");
		if (not PICS_IUT_EA_ROLE or PICS_IUT_COMBINED_EA_AA_ROLE) {
		log("* " & testcasename() & ": PICS_IUT_EA_ROLE and not PICS_IUT_COMBINED_EA_AA_ROLE required for executing the TC *");
		setverdict(inconc);
		stop;
		}
		@@ -1617,8 +1617,8 @@ module ItsPki_TestCases {
		var HttpMessage v_response;

		// Test control
		if (not PICS_IUT_EA_ROLE) {
		log("* " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC *");
		if (not PICS_IUT_EA_ROLE or PICS_IUT_COMBINED_EA_AA_ROLE) {
		log("* " & testcasename() & ": PICS_IUT_EA_ROLE and not PICS_IUT_COMBINED_EA_AA_ROLE required for executing the TC *");
		setverdict(inconc);
		stop;
		}
		@@ -1678,6 +1678,144 @@ module ItsPki_TestCases {

		group authorization_request {


		testcase TC_SEC_PKI_SND_AA_BV_00() runs on ItsPkiHttp system ItsPkiHttpSystem {
		var Oct32 v_private_key_ec;
		var Oct32 v_publicKeyCompressed_ec;
		var integer v_compressedMode_ec;
		var Oct32 v_private_key_at;
		var Oct32 v_publicKeyCompressed_at;
		var integer v_compressedMode_at;
		var Oct32 v_request_hash;
		var Oct16 v_encrypted_sym_key;
		var Oct16 v_aes_sym_key;
		var Oct16 v_authentication_vector;
		var Oct12 v_nonce;
		var octetstring v_salt;
		var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
		var HeaderLines v_headers;
		var InnerEcResponse v_inner_ec_response;
		var HttpMessage v_response;
		var EtsiTs102941Data v_etsi_ts_102941_data;

		// Test control
		if (not PICS_IUT_COMBINED_EA_AA_ROLE) {
		log("* " & testcasename() & ": PICS_IUT_COMBINED_EA_AA_ROLE required for executing the TC *");
		setverdict(inconc);
		stop;
		}

		// Test component configuration
		f_cfHttpUp(
		PICS_TS_CERTIFICATE_ID, // TS role is ITS-S
		PICS_IUT_AA_CERTIFICATE_ID // Peer certificate, IUT
		);

		// Test adapter configuration

		// Preamble
		f_init_default_headers_list(v_headers);
		// TODO Create a f_await_http_inner_ec_request_response(v_private_key_ec, v_publicKeyCompressed_ec, v_compressedMode_ec, v_inner_ec_response);
		f_http_build_inner_ec_request(v_private_key_ec, v_publicKeyCompressed_ec, v_compressedMode_ec, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
		httpPort.send(
		m_http_request(
		m_http_request_post(
		PICS_HTTP_GET_URI,
		v_headers,
		m_http_message_body_binary(
		m_binary_body_ieee1609dot2_data(
		v_ieee1609dot2_signed_and_encrypted_data
		)))));
		tc_ac.start;
		alt {
		[] httpPort.receive(
		mw_http_response(
		mw_http_response_ok(
		mw_http_message_body_binary(
		mw_binary_body_ieee1609dot2_data(
		mw_enrolmentResponseMessage(
		mw_encryptedData(
		-,
		mw_SymmetricCiphertext_aes128ccm
		))))))) -> value v_response {
		tc_ac.stop;

		if (f_verify_pki_message(v_private_key_ec, v_aes_sym_key, v_authentication_vector, vc_eaWholeHash, vc_eaCertificate, v_response.response.body.binary_body.ieee1609dot2_data, false, v_etsi_ts_102941_data) == false) {
		log("* " & testcasename() & ": FAIL: Failed to verify PKI message *");
		f_selfOrClientSyncAndVerdictTestBody(c_prDone, e_timeout);
		} else {
		log("* " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " *");
		log("* " & testcasename() & ": DEBUG: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16)))), " *"); // TODO In TITAN, this is the only way to get the unmatching in log
		if (match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16))))) {
		v_inner_ec_response := v_etsi_ts_102941_data.content.enrolmentResponse;
		log("* " & testcasename() & ": INFO: InnerEcResponse received *");
		log("v_inner_ec_response= ", v_inner_ec_response);
		f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
		} else {
		log("* " & testcasename() & ": FAIL: Unexpected message received *");
		f_selfOrClientSyncAndVerdictTestBody(c_prDone, e_timeout);
		}
		}
		}
		[] httpPort.receive(
		mw_http_response(
		mw_http_response_ko
		)) {
		tc_ac.stop;

		log("* " & testcasename() & ": FAIL: Unexpected message received *");
		f_selfOrClientSyncAndVerdictTestBody(c_prDone, e_timeout);
		}
		[] tc_ac.timeout {
		log("* " & testcasename() & ": INCONC: Expected message not received *");
		f_selfOrClientSyncAndVerdictTestBody(c_prDone, e_timeout);
		}
		} // End of 'alt' statement

		// Test Body
		f_http_build_inner_at_request(v_private_key_at, v_publicKeyCompressed_at, v_compressedMode_at, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
		tc_ac.start;
		alt {
		[] httpPort.receive(
		mw_http_response(
		mw_http_response_ok(
		mw_http_message_body_binary(
		mw_binary_body_ieee1609dot2_data(
		mw_authorizationResponseMessage(
		mw_encryptedData(
		-,
		mw_SymmetricCiphertext_aes128ccm
		))))))) -> value v_response {
		tc_ac.stop;

		if (f_verify_pki_message(v_private_key_at, v_aes_sym_key, v_authentication_vector, vc_eaWholeHash, vc_eaCertificate, v_response.response.body.binary_body.ieee1609dot2_data, false, v_etsi_ts_102941_data) == false) {
		log("* " & testcasename() & ": FAIL: Failed to verify PKI message *");
		f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
		} else {
		log("* " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " *");
		f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
		/*if (match(v_etsi_ts_102941_data.content, mw_authorizationValidationResponse(mw_authorizationValidationResponse_ok))) {
		// TODO Refined expected mw_authorizationValidationResponse_ok
		log("* " & testcasename() & ": PASS: Well-secured EA certificate received *");
		f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
		} else {
		log("* " & testcasename() & ": FAIL: Unexpected message received *");
		f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
		}*/
		}
		}
		[] tc_ac.timeout {
		log("* " & testcasename() & ": INCONC: Expected message not received *");
		f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
		}
		} // End of 'alt' statement

		// Postamble
		f_cfHttpDown();

		}


		/**
		* @desc Check that the AA is able to decrypt the AuthorizationRequest message using the encryption private key corresponding to the recipient certificate
		* Check that the AA is able to verify the inner signature

LibIts @ 97625181

Original line number	Diff line number	Diff line
		Subproject commit f10fbd8c89c6daac283cb28a548150f604af0a62
		Subproject commit 9762518193609ba46d9b89895ddee2cc9a31cc2c

ttcn/TestCodec/TestCodec_Pki.ttcn

+14 −1

Original line number	Diff line number	Diff line
		@@ -299,11 +299,24 @@ module TestCodec_Pki {
		};
		var bitstring v_enc_message;
		var Oct32 v_full_request_hash;
		var Oct32 v_expected_full_request_hash;
		var Oct32 v_expected_full_request_hash := 'C36CDB7D587E5DCE2706E874DB8DCC441445E3AAE84C25CA0CEBCFC518542BFD'O;
		var Oct16 v_expected_request_hash := 'C36CDB7D587E5DCE2706E874DB8DCC44'O;

		v_enc_message := encvalue(v_inner_ec_request_signed_for_pop);
		v_full_request_hash := f_hashWithSha256(bit2oct(v_enc_message));
		log("v_full_request_hash= ", v_full_request_hash);
		if (not(match(v_full_request_hash, v_expected_full_request_hash))) {
		setverdict(fail, "Unexpected SHA256 value");
		stop;
		} else {
		setverdict(pass, "Expected SHA256 value");
		}
		log("request_hash= ", substr(v_full_request_hash, 0 ,16));
		if (not(match(substr(v_full_request_hash, 0 ,16), v_expected_request_hash))) {
		setverdict(fail, "Unexpected hash request value");
		} else {
		setverdict(pass, "Expected hash request value");
		}
		} // End of testcase tc_inner_ec_request_3

		testcase tc_inner_ec_response_1() runs on TCType system TCType {

validation/TC_SEC_PKI_SND_EA_BV_01.log

+18510 −9150

File changed.

File size exceeds preview limit.

View original file

View changed file

Admin message