Loading etc/AtsPki/AtsPki_Commsignia.cfg_ +7 −5 Original line number Diff line number Diff line Loading @@ -23,20 +23,22 @@ LibItsSecurity_Pixits.PX_IUT_SEC_CONFIG_NAME := "asn1c_cert" #LibItsSecurity_Pics.PICS_SEC_FIXED_KEYS := true # Seed LibItsHttp_Pics.PICS_HEADER_CONTENT_TYPE := "application/x-its-request" LibItsHttp_Pics.PICS_HEADER_HOST := "192.168.0.252" LibItsHttp_Pics.PICS_HEADER_HOST := "10.8.0.2" LibItsPki_Pics.PICS_HTTP_POST_URI_EC := "/ea/enrolment" LibItsPki_Pics.PICS_HTTP_POST_URI_AT := "/ea/authval" LibItsPki_Pics.PICS_HTTP_POST_URI_ATV := "/aa/authorization" LibItsPki_Pics.PICS_IUT_ITS_S_ROLE := true LibItsPki_Pics.PICS_SECPKI_ENROLMENT := true LibItsPki_Pixits.PX_EC_PRIVATE_KEY := '73AD688448117EFF50BCB044AA9CFD7932023B7A2C62887A1D3B99FED2B5237C'O LibItsPki_Pixits.PX_EC_HASH := 'C4FD3EF2B51CFD605D7D40FA9C1C279B8B8C4D7CB9D40D6044C55F615D750502'O LibItsPki_Pixits.PX_EC_HASHED_ID8 := '44C55F615D750502'O LibItsPki_Pics.PICS_ITS_S_SIGN_NITSP256_PRIVATE_KEY := '5C25F97607DFC62972A147FAD8B7A7C939569F0F95ECD4C641724A68B51836E5'O; LibItsPki_Pics.PICS_ITS_S_SIGN_NISTP256_PUBLIC_KEY := '020144E5174B0AFDA86BDB8B643B68D40030F5BDB9A9F090C64852CC3C20C9D5AD'O; LibItsPki_Pics.PICS_ITS_S_SIGN_NISTP256_PUBLIC_KEY := '02834642E2E9B2EA1E6417D9D9ED1BA0BB84450781809AED15CB4BCB55DDCFD77B'O; LibItsPki_Pics.PICS_ITS_S_ENC_NITSP256_PRIVATE_KEY := 'EDEBEADCAA9514CD4B30256126FB7DF958B911C6EB58CCF702983C3DCD3DECBD'O; LibItsPki_Pics.PICS_ITS_S_ENC_NISTP256_PUBLIC_KEY := '023A4ADDCDD5EE66DAB2116B0C3AB47CCEDAE92CD9ACE98A84B10EB63A9DCA798C'O; LibItsPki_Pics.PICS_ITS_S_ENC_BRAINPOOLP256r1_PRIVATE_KEY := '9F155D40B6C920BA45D8027093C8ADADAF3AA6F9F71F0CC0F8279FF0146A8A48'O; Loading @@ -46,7 +48,7 @@ LibItsPki_Pics.PICS_ITS_S_SIGN_BRAINPOOLP256r1_PUBLIC_KEY := '02A92BA3B770B040B LibItsPki_Pics.PICS_ITS_S_ENC_BRAINPOOLP384r1_PRIVATE_KEY := '6B4B4392511B252C904801466F5DA0A7F28E038E6656800CBB0CDCB3D32F862CA4D59CBDC1A19E98E9191582AF1DB3D7'O; LibItsPki_Pics.PICS_ITS_S_SIGN_BRAINPOOLP384r1_PRIVATE_KEY := '3CD977195A579787C84D5900F4CB6341E0C3D2750B140C5380E6F03CE3FBA0022F7541DEABDCED4790D313ED8F56ACA8'O; LibItsPki_Pics.PICS_ITS_S_SIGN_BRAINPOOLP384r1_PUBLIC_KEY := '0243FF5C96984C2C3F5FD5C5F6551C90F5FAEE1E5E8301763E4AF1E9D627F3474E554B82EE98EC4B49808DFF61B35F8313'O; LibItsPki_Pics.PICS_ITS_S_CANONICAL_ID := '1B4CA1210123AE900BBE6C3EBAE7E87DA20DBDAB1E7B2EC0691C51C1021900AA'O; LibItsPki_Pics.PICS_ITS_S_CANONICAL_ID := '434F4D4D5349470A0000000000000047'O; LibItsPki_Pics.PICS_TS_EA_CERTIFICATE_ID := "CERT_TS_A_EA" LibItsPki_Pics.PICS_TS_AA_CERTIFICATE_ID := "CERT_TS_A_AA" Loading etc/AtsPki/AtsPki_Idnomic.cfg_ +1 −1 Original line number Diff line number Diff line Loading @@ -21,7 +21,7 @@ LibItsPki_Pics.PICS_HTTP_POST_URI_AT := "/" LibItsPki_Pics.PICS_HTTP_POST_URI_ATV := "/" LibItsPki_Pics.PICS_ITS_S_SIGN_NITSP256_PRIVATE_KEY := '5C25F97607DFC62972A147FAD8B7A7C939569F0F95ECD4C641724A68B51836E5'O LibItsPki_Pics.PICS_ITS_S_SIGN_NISTP256_PUBLIC_KEY := '020144E5174B0AFDA86BDB8B643B68D40030F5BDB9A9F090C64852CC3C20C9D5AD'O LibItsPki_Pics.PICS_ITS_S_CANONICAL_ID := '1B4CA1210123AE900BBE6C3EBAE7E87DA20DBDAB1E7B2EC0691C51C1021900AA'O; LibItsPki_Pics.PICS_ITS_S_CANONICAL_ID := '455453492d4954532d303031'O LibItsPki_Pics.PICS_TS_EA_CERTIFICATE_ID := "CERT_IDNOMIC_EA" LibItsPki_Pics.PICS_TS_AA_CERTIFICATE_ID := "CERT_IDNOMIC_AA" Loading etc/TestCodec/TestCodec.cfg +4 −3 Original line number Diff line number Diff line Loading @@ -19,9 +19,9 @@ LibItsGeoNetworking_Pixits.PX_GN_UPPER_LAYER := e_any LibCommon_Time.PX_TAC := 35.0 # Root path to access certificate stored in files, identified by certficate ID LibItsSecurity_Pixits.PX_CERTIFICATE_POOL_PATH := "/home/vagrant/tmp/gentcert/v3" LibItsSecurity_Pixits.PX_CERTIFICATE_POOL_PATH := "/home/vagrant/tmp/" # Configuration sub-directory to access certificate stored in files LibItsSecurity_Pixits.PX_IUT_SEC_CONFIG_NAME := "certificates" LibItsSecurity_Pixits.PX_IUT_SEC_CONFIG_NAME := "asn1c_cert" # Seed LibItsSecurity_Pics.PICS_SEC_FIXED_KEYS := true Loading Loading @@ -318,7 +318,8 @@ system.pkiPort.params := "PKI/HTTP(device_mode=1,uri=/its/inner_ec_request,host= #TestCodec_Certificates.tc_certificate_asn1c_1 #TestCodec_Certificates.tc_certificate_asn1c_2 #TestCodec_Certificates.tc_certificate_gemalto_1 TestCodec_Certificates.tc_certificate_atos_1 #TestCodec_Certificates.tc_certificate_atos_1 TestCodec_Certificates.tc_certificate_atos_2 # Secured messages #TestCodec_SecuredMessages.tc_ssp_cam_1 #TestCodec_SecuredMessages.tc_ssp_cam_2 Loading ttcn/AtsPki/ItsPki_Pixits.ttcn +4 −0 Original line number Diff line number Diff line Loading @@ -2,8 +2,12 @@ module ItsPki_Pixits { modulepar integer PX_RE_ENROLMENT_COUNTER := 2; modulepar integer PX_RE_AUTHORIZATION_COUNTER := 2; modulepar float PX_RE_ENROLMENT_DELAY := 2.0; modulepar float PX_RE_AUTHORIZATION_DELAY := 2.0; modulepar boolean PX_TRIGGER_EC_BEFORE_AT := true; } // End of module ItsPki_Pixits ttcn/AtsPki/ItsPki_TestCases.ttcn +392 −28 Original line number Diff line number Diff line Loading @@ -347,30 +347,8 @@ module ItsPki_TestCases { // Test adapter configuration // Preamble f_readCertificate(vc_hashedId8ToBeUsed, v_certificate); f_getCertificateDigest(vc_hashedId8ToBeUsed, v_certificate_digest); // Wait for IUT certificate geoNetworkingPort.clear; tc_ac.start; alt { [] a_await_cam_with_current_cert(v_certificate_digest, v_certificate) { tc_ac.stop; f_sendUtTriggerEnrolmentRequestPrimitive(); f_selfOrClientSyncAndVerdict(c_prDone, e_success); } [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mw_etsiTs103097Data_signed ))) { repeat; } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected CA message not received ***"); f_selfOrClientSyncAndVerdict(c_prDone, e_timeout); } } // End of 'alt' statement // Test Body log("*** " & testcasename() & ": PASS: Enrolment trigger sent succesfully ***"); Loading Loading @@ -1818,7 +1796,7 @@ module ItsPki_TestCases { * </pre> * * @see ETSI TS 103 525-2 v0.0.10 SECPKI_ITSS_AUTH_01_BV * @reference ETSI TS 102 941 [2], clause 6.1.3 * @reference ETSI TS 102 941 [2], clause 6.2.3.3.0 */ testcase TC_SECPKI_ITSS_AUTH_01_BV() runs on ItsMtc /*system ItsPkiItssSystem*/ { // Local variables Loading Loading @@ -1971,6 +1949,392 @@ module ItsPki_TestCases { } // End of group f_TC_SECPKI_ITSS_AUTH_01_BV /** * @desc Check that the AuthorizationRequest message is encrypted and sent to only one Authorization Authority. * <pre> * Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION * Initial conditions: * with { * the IUT being in the "operational state" * authorized with CERT_AA certificate * } * Expected behaviour: * ensure that { * when { * the IUT is triggered to requested a new Authorization Ticket (AT) * } * then { * the IUT sends EtsiTs103097Data to the AA * containing content.encryptedData.recipients * indicating size 1 * and containing the instance of RecipientInfo * containing certRecipInfo * containing recipientId * indicating HashedId8 of the CERT_AA * } * } * </pre> * * @see ETSI TS 103 525-2 v0.0.10 SECPKI_ITSS_AUTH_02_BV * @reference ETSI TS 102 941 [2], clause 6.2.3.3.1 */ testcase TC_SECPKI_ITSS_AUTH_02_BV() runs on ItsMtc /*system ItsPkiItssSystem*/ { // Local variables var ItsPkiItss v_itss; var ItsPkiHttp v_ea; // Test control if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_AUTHORIZATION) { log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION required for executing the TC ***"); setverdict(inconc); stop; } // Test component configuration f_cfMtcUp(v_itss, v_ea); // Start component v_itss.start(f_TC_SECPKI_ITSS_AUTH_01_BV_itss()); v_ea.start(f_TC_SECPKI_ITSS_AUTH_01_BV_pki()); // Synchronization f_serverSync2ClientsAndStop({c_prDone, c_tbDone}); // Cleanup f_cfMtcDown(v_itss, v_ea); } // End of testcase TC_SECPKI_ITSS_AUTH_02_BV /** * @desc Check that the AuthorizationRequest message is encrypted using the encryptionKey found in the AA certificate referenced in recipientId. * <pre> * Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION * Initial conditions: * with { * the IUT being in the "operational state" * authorized with CERT_AA certificate * containing encryptionKey (AA_ENC_PUB_KEY) * } * Expected behaviour: * ensure that { * when { * the IUT is triggered to requested a new Authorization Ticket (AT) * } * then { * the IUT sends EtsiTs103097Data to the AA * containing content.encryptedData * containing ciphertext * containing data * encrypted using AA_ENC_PUB_KEY * } * } * </pre> * * @see ETSI TS 103 525-2 v0.0.10 SECPKI_ITSS_AUTH_03_BV * @reference ETSI TS 102 941 [2], clause 6.2.3.3.1 */ testcase TC_SECPKI_ITSS_AUTH_03_BV() runs on ItsMtc /*system ItsPkiItssSystem*/ { // Local variables var ItsPkiItss v_itss; var ItsPkiHttp v_ea; // Test control if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_AUTHORIZATION) { log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION required for executing the TC ***"); setverdict(inconc); stop; } // Test component configuration f_cfMtcUp(v_itss, v_ea); // Start component v_itss.start(f_TC_SECPKI_ITSS_AUTH_01_BV_itss()); v_ea.start(f_TC_SECPKI_ITSS_AUTH_01_BV_pki()); // Synchronization f_serverSync2ClientsAndStop({c_prDone, c_tbDone}); // Cleanup f_cfMtcDown(v_itss, v_ea); } // End of testcase TC_SECPKI_ITSS_AUTH_03_BV /** * @desc Check that the AuthorizationRequest message is never reused the same encryption key and nonce. * <pre> * Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION * Initial conditions: * with { * the IUT being in the "operational state" * } * Expected behaviour: * ensure that { * when { * the IUT is triggered to requested a new Authorization Ticket (AT) * } * then { * the IUT sends EtsiTs103097Data to the AA * containing content.encryptedData * containing ciphertext.aes128ccm.nonce * indicating value not equal to the nonce in N previous messages * and containing recipients[0].certRecipInfo.encKey * containing encrypted symmetric key (S_KEY) * indicating symmetric key not equal to the key was used in N previous messages * } * } * </pre> * * @see ETSI TS 103 525-2 v0.0.10 SECPKI_ITSS_AUTH_04_BV * @reference ETSI TS 102 941 [2], clause 6.2.3.3.1 */ testcase TC_SECPKI_ITSS_AUTH_04_BV() runs on ItsMtc /*system ItsPkiItssSystem*/ { // Local variables var ItsPkiItss v_itss; var ItsPkiHttp v_ea; // Test control if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_AUTHORIZATION) { log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION required for executing the TC ***"); setverdict(inconc); stop; } // Test component configuration f_cfMtcUp(v_itss, v_ea); // Start component v_itss.start(f_TC_SECPKI_ITSS_AUTH_04_BV_itss()); v_ea.start(f_TC_SECPKI_ITSS_AUTH_04_BV_pki()); // Synchronization f_serverSync2ClientsAndStop({c_prDone, c_tbDone}); // Cleanup f_cfMtcDown(v_itss, v_ea); } // End of testcase TC_SECPKI_ITSS_AUTH_04_BV group f_TC_SECPKI_ITSS_AUTH_04_BV { function f_TC_SECPKI_ITSS_AUTH_04_BV_itss() runs on ItsPkiItss /*system ItsPkiItssSystem*/ { // Local variables var HashedId8 v_certificate_digest; var EtsiTs103097Certificate v_certificate; // Test component configuration f_cfUp_itss(); // Test adapter configuration // Preamble // First enrolment geoNetworkingPort.clear; tc_ac.start; alt { [] a_await_cam_with_current_cert(v_certificate_digest, v_certificate) { tc_ac.stop; if (PX_TRIGGER_EC_BEFORE_AT) { f_sendUtTriggerEnrolmentRequestPrimitive(); f_selfOrClientSyncAndVerdict(c_prDone, e_success); } } [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mw_etsiTs103097Data_signed ))) { repeat; } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected CA message not received ***"); f_selfOrClientSyncAndVerdict(c_prDone, e_timeout); } } // End of 'alt' statement // Test Body // N authorization for (var integer v_i := 0; v_i < PX_RE_AUTHORIZATION_COUNTER; v_i := v_i + 1) { f_sendUtTriggerAuthorizationRequestPrimitive(); f_sleep(PX_RE_AUTHORIZATION_DELAY); } // End of 'for' statement log("*** " & testcasename() & ": PASS: Enrolment trigger sent succesfully ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); // Postamble f_cfDown_itss(); } // End of function f_TC_SECPKI_ITSS_AUTH_04_BV_itss function f_TC_SECPKI_ITSS_AUTH_04_BV_pki() runs on ItsPkiHttp /*system ItsPkiHttpSystem*/ { // Local variable var integer v_counter := 0; var HeaderLines v_headers; var HttpMessage v_request; var HttpMessage v_response; var InnerAtRequest v_inner_at_request; var ListOfPublicVerificationKey v_generated_keys; var integer v_result; // Test component configuration f_cfHttpUp(); // Test adapter configuration // Preamble f_init_default_headers_list(-, "inner_at_response", v_headers); // Wait for the first enrolment response tc_ac.start; alt { [] a_await_at_http_response_from_iut( mw_http_request( mw_http_request_post( PICS_HTTP_POST_URI_EC, -, mw_http_message_body_binary( mw_binary_body_ieee1609dot2_data( mw_enrolmentRequestMessage( mw_encryptedData( -, mw_SymmetricCiphertext_aes128ccm )))))), v_request ) { tc_ac.stop; // Verify IUT response f_verify_http_at_request_from_iut(v_request.request, v_headers, v_inner_at_request, v_response, v_result); // Send response if (isvalue(v_response)) { httpPort.send(v_response); } // Set verdict if (v_result == 0) { v_generated_keys[v_counter] := v_inner_at_request.publicKeys.verificationKey; v_counter := v_counter + 1; f_selfOrClientSyncAndVerdictTestBody(c_prDone, e_success); } else { log("*** " & testcasename() & ": FAIL: Failed to verify EA an EnrolmentRequestMessage ***"); f_selfOrClientSyncAndVerdict(c_prDone, e_error); } } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected message not received ***"); f_selfOrClientSyncAndVerdict(c_prDone, e_timeout); } } // End of 'alt' statement // Test Body tc_ac.start; alt { [] a_await_at_http_response_from_iut( mw_http_request( mw_http_request_post( PICS_HTTP_POST_URI_AT, -, mw_http_message_body_binary( mw_binary_body_ieee1609dot2_data( mw_enrolmentRequestMessage( mw_encryptedData( -, mw_SymmetricCiphertext_aes128ccm )))))), v_request ) { tc_ac.stop; // Verify IUT response f_verify_http_at_request_from_iut(v_request.request, v_headers, v_inner_at_request, v_response, v_result); // Send response if (isvalue(v_response)) { httpPort.send(v_response); } // Set verdict if (v_result == 0) { log("*** " & testcasename() & ": LOG: ", match(v_generated_keys, superset(v_inner_at_request.publicKeys.verificationKey)), "***"); if (match(v_generated_keys, superset(v_inner_at_request.publicKeys.verificationKey))) { v_generated_keys[v_counter] := v_inner_at_request.publicKeys.verificationKey; v_counter := v_counter + 1; f_selfOrClientSyncAndVerdictTestBody(c_prDone, e_success); } else { log("*** " & testcasename() & ": FAIL: Duplication of generated public keys ***"); f_selfOrClientSyncAndVerdict(c_prDone, e_error); } } else { log("*** " & testcasename() & ": FAIL: Failed to verify EA an EnrolmentRequestMessage ***"); f_selfOrClientSyncAndVerdict(c_prDone, e_error); } } [] tc_ac.timeout { if (v_counter == PX_RE_AUTHORIZATION_COUNTER) { log("*** " & testcasename() & ": PASS: InnerAtRequest received with different key pairs ***"); f_selfOrClientSyncAndVerdict(c_tbDone, e_success); } else { log("*** " & testcasename() & ": INCONC: Expected message not received ***"); f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout); } } } // End of 'alt' statement // Postamble f_cfHttpDown(); } // End of function f_TC_SECPKI_ITSS_AUTH_04_BV_pki } // End of group f_TC_SECPKI_ITSS_AUTH_04_BV /** * @desc Check that the Authozation request protocol version is set to 1. * <pre> * Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION * Initial conditions: * with { * the IUT being in the "operational state" * } * Expected behaviour: * ensure that { * when { * the IUT is triggered to requested a new Authorization Ticket (AT) * } * then { * the IUT sends EtsiTs103097Data to the AA * containing version * indicating value 1 * and containing content * containing autihorizationRequest * } * } * </pre> * * @see ETSI TS 103 525-2 v0.0.10 SECPKI_ITSS_AUTH_05_BV * @reference ETSI TS 102 941 [2], clause 6.2.3.3.1 */ testcase TC_SECPKI_ITSS_AUTH_05_BV() runs on ItsMtc /*system ItsPkiItssSystem*/ { // Local variables var ItsPkiItss v_itss; var ItsPkiHttp v_ea; // Test control if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_AUTHORIZATION) { log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION required for executing the TC ***"); setverdict(inconc); stop; } // Test component configuration f_cfMtcUp(v_itss, v_ea); // Start component v_itss.start(f_TC_SECPKI_ITSS_AUTH_01_BV_itss()); v_ea.start(f_TC_SECPKI_ITSS_AUTH_01_BV_pki()); // Synchronization f_serverSync2ClientsAndStop({c_prDone, c_tbDone}); // Cleanup f_cfMtcDown(v_itss, v_ea); } // End of testcase TC_SECPKI_ITSS_AUTH_05_BV } // End of group itss_authorization_request group itss_authorization_response { Loading Loading @@ -3705,7 +4069,7 @@ module ItsPki_TestCases { log("*** " & testcasename() & ": DEBUG: v_inner_ec_response= ", v_inner_ec_response); log("*** " & testcasename() & ": DEBUG: v_private_key_ec= ", v_private_key_ec); // Generate an InnerAtRequest if (f_generate_inner_at_request(vc_eaCertificate, vc_eaHashedId8, v_inner_ec_response.certificate, v_private_key_ec, v_private_key_at, v_public_compressed_key_at, v_compressed_key_mode_at, v_private_enc_key_at, v_public_compressed_enc_key_at, v_compressed_enc_mode_at, v_inner_at_request) == false) { if (f_generate_inner_at_request(vc_aaCertificate, vc_aaHashedId8, vc_eaHashedId8, v_inner_ec_response.certificate, v_private_key_ec, v_private_key_at, v_public_compressed_key_at, v_compressed_key_mode_at, v_private_enc_key_at, v_public_compressed_enc_key_at, v_compressed_enc_mode_at, v_inner_at_request) == false) { log("*** " & testcasename() & ": ERROR: Failed to generate AuthorizationValidationRequest ***"); f_selfOrClientSyncAndVerdict("error", e_error); } Loading Loading
etc/AtsPki/AtsPki_Commsignia.cfg_ +7 −5 Original line number Diff line number Diff line Loading @@ -23,20 +23,22 @@ LibItsSecurity_Pixits.PX_IUT_SEC_CONFIG_NAME := "asn1c_cert" #LibItsSecurity_Pics.PICS_SEC_FIXED_KEYS := true # Seed LibItsHttp_Pics.PICS_HEADER_CONTENT_TYPE := "application/x-its-request" LibItsHttp_Pics.PICS_HEADER_HOST := "192.168.0.252" LibItsHttp_Pics.PICS_HEADER_HOST := "10.8.0.2" LibItsPki_Pics.PICS_HTTP_POST_URI_EC := "/ea/enrolment" LibItsPki_Pics.PICS_HTTP_POST_URI_AT := "/ea/authval" LibItsPki_Pics.PICS_HTTP_POST_URI_ATV := "/aa/authorization" LibItsPki_Pics.PICS_IUT_ITS_S_ROLE := true LibItsPki_Pics.PICS_SECPKI_ENROLMENT := true LibItsPki_Pixits.PX_EC_PRIVATE_KEY := '73AD688448117EFF50BCB044AA9CFD7932023B7A2C62887A1D3B99FED2B5237C'O LibItsPki_Pixits.PX_EC_HASH := 'C4FD3EF2B51CFD605D7D40FA9C1C279B8B8C4D7CB9D40D6044C55F615D750502'O LibItsPki_Pixits.PX_EC_HASHED_ID8 := '44C55F615D750502'O LibItsPki_Pics.PICS_ITS_S_SIGN_NITSP256_PRIVATE_KEY := '5C25F97607DFC62972A147FAD8B7A7C939569F0F95ECD4C641724A68B51836E5'O; LibItsPki_Pics.PICS_ITS_S_SIGN_NISTP256_PUBLIC_KEY := '020144E5174B0AFDA86BDB8B643B68D40030F5BDB9A9F090C64852CC3C20C9D5AD'O; LibItsPki_Pics.PICS_ITS_S_SIGN_NISTP256_PUBLIC_KEY := '02834642E2E9B2EA1E6417D9D9ED1BA0BB84450781809AED15CB4BCB55DDCFD77B'O; LibItsPki_Pics.PICS_ITS_S_ENC_NITSP256_PRIVATE_KEY := 'EDEBEADCAA9514CD4B30256126FB7DF958B911C6EB58CCF702983C3DCD3DECBD'O; LibItsPki_Pics.PICS_ITS_S_ENC_NISTP256_PUBLIC_KEY := '023A4ADDCDD5EE66DAB2116B0C3AB47CCEDAE92CD9ACE98A84B10EB63A9DCA798C'O; LibItsPki_Pics.PICS_ITS_S_ENC_BRAINPOOLP256r1_PRIVATE_KEY := '9F155D40B6C920BA45D8027093C8ADADAF3AA6F9F71F0CC0F8279FF0146A8A48'O; Loading @@ -46,7 +48,7 @@ LibItsPki_Pics.PICS_ITS_S_SIGN_BRAINPOOLP256r1_PUBLIC_KEY := '02A92BA3B770B040B LibItsPki_Pics.PICS_ITS_S_ENC_BRAINPOOLP384r1_PRIVATE_KEY := '6B4B4392511B252C904801466F5DA0A7F28E038E6656800CBB0CDCB3D32F862CA4D59CBDC1A19E98E9191582AF1DB3D7'O; LibItsPki_Pics.PICS_ITS_S_SIGN_BRAINPOOLP384r1_PRIVATE_KEY := '3CD977195A579787C84D5900F4CB6341E0C3D2750B140C5380E6F03CE3FBA0022F7541DEABDCED4790D313ED8F56ACA8'O; LibItsPki_Pics.PICS_ITS_S_SIGN_BRAINPOOLP384r1_PUBLIC_KEY := '0243FF5C96984C2C3F5FD5C5F6551C90F5FAEE1E5E8301763E4AF1E9D627F3474E554B82EE98EC4B49808DFF61B35F8313'O; LibItsPki_Pics.PICS_ITS_S_CANONICAL_ID := '1B4CA1210123AE900BBE6C3EBAE7E87DA20DBDAB1E7B2EC0691C51C1021900AA'O; LibItsPki_Pics.PICS_ITS_S_CANONICAL_ID := '434F4D4D5349470A0000000000000047'O; LibItsPki_Pics.PICS_TS_EA_CERTIFICATE_ID := "CERT_TS_A_EA" LibItsPki_Pics.PICS_TS_AA_CERTIFICATE_ID := "CERT_TS_A_AA" Loading
etc/AtsPki/AtsPki_Idnomic.cfg_ +1 −1 Original line number Diff line number Diff line Loading @@ -21,7 +21,7 @@ LibItsPki_Pics.PICS_HTTP_POST_URI_AT := "/" LibItsPki_Pics.PICS_HTTP_POST_URI_ATV := "/" LibItsPki_Pics.PICS_ITS_S_SIGN_NITSP256_PRIVATE_KEY := '5C25F97607DFC62972A147FAD8B7A7C939569F0F95ECD4C641724A68B51836E5'O LibItsPki_Pics.PICS_ITS_S_SIGN_NISTP256_PUBLIC_KEY := '020144E5174B0AFDA86BDB8B643B68D40030F5BDB9A9F090C64852CC3C20C9D5AD'O LibItsPki_Pics.PICS_ITS_S_CANONICAL_ID := '1B4CA1210123AE900BBE6C3EBAE7E87DA20DBDAB1E7B2EC0691C51C1021900AA'O; LibItsPki_Pics.PICS_ITS_S_CANONICAL_ID := '455453492d4954532d303031'O LibItsPki_Pics.PICS_TS_EA_CERTIFICATE_ID := "CERT_IDNOMIC_EA" LibItsPki_Pics.PICS_TS_AA_CERTIFICATE_ID := "CERT_IDNOMIC_AA" Loading
etc/TestCodec/TestCodec.cfg +4 −3 Original line number Diff line number Diff line Loading @@ -19,9 +19,9 @@ LibItsGeoNetworking_Pixits.PX_GN_UPPER_LAYER := e_any LibCommon_Time.PX_TAC := 35.0 # Root path to access certificate stored in files, identified by certficate ID LibItsSecurity_Pixits.PX_CERTIFICATE_POOL_PATH := "/home/vagrant/tmp/gentcert/v3" LibItsSecurity_Pixits.PX_CERTIFICATE_POOL_PATH := "/home/vagrant/tmp/" # Configuration sub-directory to access certificate stored in files LibItsSecurity_Pixits.PX_IUT_SEC_CONFIG_NAME := "certificates" LibItsSecurity_Pixits.PX_IUT_SEC_CONFIG_NAME := "asn1c_cert" # Seed LibItsSecurity_Pics.PICS_SEC_FIXED_KEYS := true Loading Loading @@ -318,7 +318,8 @@ system.pkiPort.params := "PKI/HTTP(device_mode=1,uri=/its/inner_ec_request,host= #TestCodec_Certificates.tc_certificate_asn1c_1 #TestCodec_Certificates.tc_certificate_asn1c_2 #TestCodec_Certificates.tc_certificate_gemalto_1 TestCodec_Certificates.tc_certificate_atos_1 #TestCodec_Certificates.tc_certificate_atos_1 TestCodec_Certificates.tc_certificate_atos_2 # Secured messages #TestCodec_SecuredMessages.tc_ssp_cam_1 #TestCodec_SecuredMessages.tc_ssp_cam_2 Loading
ttcn/AtsPki/ItsPki_Pixits.ttcn +4 −0 Original line number Diff line number Diff line Loading @@ -2,8 +2,12 @@ module ItsPki_Pixits { modulepar integer PX_RE_ENROLMENT_COUNTER := 2; modulepar integer PX_RE_AUTHORIZATION_COUNTER := 2; modulepar float PX_RE_ENROLMENT_DELAY := 2.0; modulepar float PX_RE_AUTHORIZATION_DELAY := 2.0; modulepar boolean PX_TRIGGER_EC_BEFORE_AT := true; } // End of module ItsPki_Pixits
ttcn/AtsPki/ItsPki_TestCases.ttcn +392 −28 Original line number Diff line number Diff line Loading @@ -347,30 +347,8 @@ module ItsPki_TestCases { // Test adapter configuration // Preamble f_readCertificate(vc_hashedId8ToBeUsed, v_certificate); f_getCertificateDigest(vc_hashedId8ToBeUsed, v_certificate_digest); // Wait for IUT certificate geoNetworkingPort.clear; tc_ac.start; alt { [] a_await_cam_with_current_cert(v_certificate_digest, v_certificate) { tc_ac.stop; f_sendUtTriggerEnrolmentRequestPrimitive(); f_selfOrClientSyncAndVerdict(c_prDone, e_success); } [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mw_etsiTs103097Data_signed ))) { repeat; } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected CA message not received ***"); f_selfOrClientSyncAndVerdict(c_prDone, e_timeout); } } // End of 'alt' statement // Test Body log("*** " & testcasename() & ": PASS: Enrolment trigger sent succesfully ***"); Loading Loading @@ -1818,7 +1796,7 @@ module ItsPki_TestCases { * </pre> * * @see ETSI TS 103 525-2 v0.0.10 SECPKI_ITSS_AUTH_01_BV * @reference ETSI TS 102 941 [2], clause 6.1.3 * @reference ETSI TS 102 941 [2], clause 6.2.3.3.0 */ testcase TC_SECPKI_ITSS_AUTH_01_BV() runs on ItsMtc /*system ItsPkiItssSystem*/ { // Local variables Loading Loading @@ -1971,6 +1949,392 @@ module ItsPki_TestCases { } // End of group f_TC_SECPKI_ITSS_AUTH_01_BV /** * @desc Check that the AuthorizationRequest message is encrypted and sent to only one Authorization Authority. * <pre> * Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION * Initial conditions: * with { * the IUT being in the "operational state" * authorized with CERT_AA certificate * } * Expected behaviour: * ensure that { * when { * the IUT is triggered to requested a new Authorization Ticket (AT) * } * then { * the IUT sends EtsiTs103097Data to the AA * containing content.encryptedData.recipients * indicating size 1 * and containing the instance of RecipientInfo * containing certRecipInfo * containing recipientId * indicating HashedId8 of the CERT_AA * } * } * </pre> * * @see ETSI TS 103 525-2 v0.0.10 SECPKI_ITSS_AUTH_02_BV * @reference ETSI TS 102 941 [2], clause 6.2.3.3.1 */ testcase TC_SECPKI_ITSS_AUTH_02_BV() runs on ItsMtc /*system ItsPkiItssSystem*/ { // Local variables var ItsPkiItss v_itss; var ItsPkiHttp v_ea; // Test control if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_AUTHORIZATION) { log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION required for executing the TC ***"); setverdict(inconc); stop; } // Test component configuration f_cfMtcUp(v_itss, v_ea); // Start component v_itss.start(f_TC_SECPKI_ITSS_AUTH_01_BV_itss()); v_ea.start(f_TC_SECPKI_ITSS_AUTH_01_BV_pki()); // Synchronization f_serverSync2ClientsAndStop({c_prDone, c_tbDone}); // Cleanup f_cfMtcDown(v_itss, v_ea); } // End of testcase TC_SECPKI_ITSS_AUTH_02_BV /** * @desc Check that the AuthorizationRequest message is encrypted using the encryptionKey found in the AA certificate referenced in recipientId. * <pre> * Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION * Initial conditions: * with { * the IUT being in the "operational state" * authorized with CERT_AA certificate * containing encryptionKey (AA_ENC_PUB_KEY) * } * Expected behaviour: * ensure that { * when { * the IUT is triggered to requested a new Authorization Ticket (AT) * } * then { * the IUT sends EtsiTs103097Data to the AA * containing content.encryptedData * containing ciphertext * containing data * encrypted using AA_ENC_PUB_KEY * } * } * </pre> * * @see ETSI TS 103 525-2 v0.0.10 SECPKI_ITSS_AUTH_03_BV * @reference ETSI TS 102 941 [2], clause 6.2.3.3.1 */ testcase TC_SECPKI_ITSS_AUTH_03_BV() runs on ItsMtc /*system ItsPkiItssSystem*/ { // Local variables var ItsPkiItss v_itss; var ItsPkiHttp v_ea; // Test control if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_AUTHORIZATION) { log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION required for executing the TC ***"); setverdict(inconc); stop; } // Test component configuration f_cfMtcUp(v_itss, v_ea); // Start component v_itss.start(f_TC_SECPKI_ITSS_AUTH_01_BV_itss()); v_ea.start(f_TC_SECPKI_ITSS_AUTH_01_BV_pki()); // Synchronization f_serverSync2ClientsAndStop({c_prDone, c_tbDone}); // Cleanup f_cfMtcDown(v_itss, v_ea); } // End of testcase TC_SECPKI_ITSS_AUTH_03_BV /** * @desc Check that the AuthorizationRequest message is never reused the same encryption key and nonce. * <pre> * Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION * Initial conditions: * with { * the IUT being in the "operational state" * } * Expected behaviour: * ensure that { * when { * the IUT is triggered to requested a new Authorization Ticket (AT) * } * then { * the IUT sends EtsiTs103097Data to the AA * containing content.encryptedData * containing ciphertext.aes128ccm.nonce * indicating value not equal to the nonce in N previous messages * and containing recipients[0].certRecipInfo.encKey * containing encrypted symmetric key (S_KEY) * indicating symmetric key not equal to the key was used in N previous messages * } * } * </pre> * * @see ETSI TS 103 525-2 v0.0.10 SECPKI_ITSS_AUTH_04_BV * @reference ETSI TS 102 941 [2], clause 6.2.3.3.1 */ testcase TC_SECPKI_ITSS_AUTH_04_BV() runs on ItsMtc /*system ItsPkiItssSystem*/ { // Local variables var ItsPkiItss v_itss; var ItsPkiHttp v_ea; // Test control if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_AUTHORIZATION) { log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION required for executing the TC ***"); setverdict(inconc); stop; } // Test component configuration f_cfMtcUp(v_itss, v_ea); // Start component v_itss.start(f_TC_SECPKI_ITSS_AUTH_04_BV_itss()); v_ea.start(f_TC_SECPKI_ITSS_AUTH_04_BV_pki()); // Synchronization f_serverSync2ClientsAndStop({c_prDone, c_tbDone}); // Cleanup f_cfMtcDown(v_itss, v_ea); } // End of testcase TC_SECPKI_ITSS_AUTH_04_BV group f_TC_SECPKI_ITSS_AUTH_04_BV { function f_TC_SECPKI_ITSS_AUTH_04_BV_itss() runs on ItsPkiItss /*system ItsPkiItssSystem*/ { // Local variables var HashedId8 v_certificate_digest; var EtsiTs103097Certificate v_certificate; // Test component configuration f_cfUp_itss(); // Test adapter configuration // Preamble // First enrolment geoNetworkingPort.clear; tc_ac.start; alt { [] a_await_cam_with_current_cert(v_certificate_digest, v_certificate) { tc_ac.stop; if (PX_TRIGGER_EC_BEFORE_AT) { f_sendUtTriggerEnrolmentRequestPrimitive(); f_selfOrClientSyncAndVerdict(c_prDone, e_success); } } [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mw_etsiTs103097Data_signed ))) { repeat; } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected CA message not received ***"); f_selfOrClientSyncAndVerdict(c_prDone, e_timeout); } } // End of 'alt' statement // Test Body // N authorization for (var integer v_i := 0; v_i < PX_RE_AUTHORIZATION_COUNTER; v_i := v_i + 1) { f_sendUtTriggerAuthorizationRequestPrimitive(); f_sleep(PX_RE_AUTHORIZATION_DELAY); } // End of 'for' statement log("*** " & testcasename() & ": PASS: Enrolment trigger sent succesfully ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); // Postamble f_cfDown_itss(); } // End of function f_TC_SECPKI_ITSS_AUTH_04_BV_itss function f_TC_SECPKI_ITSS_AUTH_04_BV_pki() runs on ItsPkiHttp /*system ItsPkiHttpSystem*/ { // Local variable var integer v_counter := 0; var HeaderLines v_headers; var HttpMessage v_request; var HttpMessage v_response; var InnerAtRequest v_inner_at_request; var ListOfPublicVerificationKey v_generated_keys; var integer v_result; // Test component configuration f_cfHttpUp(); // Test adapter configuration // Preamble f_init_default_headers_list(-, "inner_at_response", v_headers); // Wait for the first enrolment response tc_ac.start; alt { [] a_await_at_http_response_from_iut( mw_http_request( mw_http_request_post( PICS_HTTP_POST_URI_EC, -, mw_http_message_body_binary( mw_binary_body_ieee1609dot2_data( mw_enrolmentRequestMessage( mw_encryptedData( -, mw_SymmetricCiphertext_aes128ccm )))))), v_request ) { tc_ac.stop; // Verify IUT response f_verify_http_at_request_from_iut(v_request.request, v_headers, v_inner_at_request, v_response, v_result); // Send response if (isvalue(v_response)) { httpPort.send(v_response); } // Set verdict if (v_result == 0) { v_generated_keys[v_counter] := v_inner_at_request.publicKeys.verificationKey; v_counter := v_counter + 1; f_selfOrClientSyncAndVerdictTestBody(c_prDone, e_success); } else { log("*** " & testcasename() & ": FAIL: Failed to verify EA an EnrolmentRequestMessage ***"); f_selfOrClientSyncAndVerdict(c_prDone, e_error); } } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected message not received ***"); f_selfOrClientSyncAndVerdict(c_prDone, e_timeout); } } // End of 'alt' statement // Test Body tc_ac.start; alt { [] a_await_at_http_response_from_iut( mw_http_request( mw_http_request_post( PICS_HTTP_POST_URI_AT, -, mw_http_message_body_binary( mw_binary_body_ieee1609dot2_data( mw_enrolmentRequestMessage( mw_encryptedData( -, mw_SymmetricCiphertext_aes128ccm )))))), v_request ) { tc_ac.stop; // Verify IUT response f_verify_http_at_request_from_iut(v_request.request, v_headers, v_inner_at_request, v_response, v_result); // Send response if (isvalue(v_response)) { httpPort.send(v_response); } // Set verdict if (v_result == 0) { log("*** " & testcasename() & ": LOG: ", match(v_generated_keys, superset(v_inner_at_request.publicKeys.verificationKey)), "***"); if (match(v_generated_keys, superset(v_inner_at_request.publicKeys.verificationKey))) { v_generated_keys[v_counter] := v_inner_at_request.publicKeys.verificationKey; v_counter := v_counter + 1; f_selfOrClientSyncAndVerdictTestBody(c_prDone, e_success); } else { log("*** " & testcasename() & ": FAIL: Duplication of generated public keys ***"); f_selfOrClientSyncAndVerdict(c_prDone, e_error); } } else { log("*** " & testcasename() & ": FAIL: Failed to verify EA an EnrolmentRequestMessage ***"); f_selfOrClientSyncAndVerdict(c_prDone, e_error); } } [] tc_ac.timeout { if (v_counter == PX_RE_AUTHORIZATION_COUNTER) { log("*** " & testcasename() & ": PASS: InnerAtRequest received with different key pairs ***"); f_selfOrClientSyncAndVerdict(c_tbDone, e_success); } else { log("*** " & testcasename() & ": INCONC: Expected message not received ***"); f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout); } } } // End of 'alt' statement // Postamble f_cfHttpDown(); } // End of function f_TC_SECPKI_ITSS_AUTH_04_BV_pki } // End of group f_TC_SECPKI_ITSS_AUTH_04_BV /** * @desc Check that the Authozation request protocol version is set to 1. * <pre> * Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION * Initial conditions: * with { * the IUT being in the "operational state" * } * Expected behaviour: * ensure that { * when { * the IUT is triggered to requested a new Authorization Ticket (AT) * } * then { * the IUT sends EtsiTs103097Data to the AA * containing version * indicating value 1 * and containing content * containing autihorizationRequest * } * } * </pre> * * @see ETSI TS 103 525-2 v0.0.10 SECPKI_ITSS_AUTH_05_BV * @reference ETSI TS 102 941 [2], clause 6.2.3.3.1 */ testcase TC_SECPKI_ITSS_AUTH_05_BV() runs on ItsMtc /*system ItsPkiItssSystem*/ { // Local variables var ItsPkiItss v_itss; var ItsPkiHttp v_ea; // Test control if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_AUTHORIZATION) { log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION required for executing the TC ***"); setverdict(inconc); stop; } // Test component configuration f_cfMtcUp(v_itss, v_ea); // Start component v_itss.start(f_TC_SECPKI_ITSS_AUTH_01_BV_itss()); v_ea.start(f_TC_SECPKI_ITSS_AUTH_01_BV_pki()); // Synchronization f_serverSync2ClientsAndStop({c_prDone, c_tbDone}); // Cleanup f_cfMtcDown(v_itss, v_ea); } // End of testcase TC_SECPKI_ITSS_AUTH_05_BV } // End of group itss_authorization_request group itss_authorization_response { Loading Loading @@ -3705,7 +4069,7 @@ module ItsPki_TestCases { log("*** " & testcasename() & ": DEBUG: v_inner_ec_response= ", v_inner_ec_response); log("*** " & testcasename() & ": DEBUG: v_private_key_ec= ", v_private_key_ec); // Generate an InnerAtRequest if (f_generate_inner_at_request(vc_eaCertificate, vc_eaHashedId8, v_inner_ec_response.certificate, v_private_key_ec, v_private_key_at, v_public_compressed_key_at, v_compressed_key_mode_at, v_private_enc_key_at, v_public_compressed_enc_key_at, v_compressed_enc_mode_at, v_inner_at_request) == false) { if (f_generate_inner_at_request(vc_aaCertificate, vc_aaHashedId8, vc_eaHashedId8, v_inner_ec_response.certificate, v_private_key_ec, v_private_key_at, v_public_compressed_key_at, v_compressed_key_mode_at, v_private_enc_key_at, v_public_compressed_enc_key_at, v_compressed_enc_mode_at, v_inner_at_request) == false) { log("*** " & testcasename() & ": ERROR: Failed to generate AuthorizationValidationRequest ***"); f_selfOrClientSyncAndVerdict("error", e_error); } Loading
