/**
* @author ETSI / STF545
* @version $URL$
* $Id$
* @desc Testcases file for Security Protocol
* @reference ETSI TS ITS-00546v006
* @copyright ETSI Copyright Notification
* No part may be reproduced except as authorized by written permission.
* The copyright and the foregoing restriction extend to reproduction in all media.
* All rights reserved.
*/
module ItsPki_TestCases {
// Libcommon
import from LibCommon_Time all;
import from LibCommon_VerdictControl all;
import from LibCommon_Sync all;
import from LibCommon_BasicTypesAndValues all;
import from LibCommon_DataStrings all;
// LibIts
import from IEEE1609dot2BaseTypes language "ASN.1:1997" all;
import from IEEE1609dot2 language "ASN.1:1997" all;
import from EtsiTs102941BaseTypes language "ASN.1:1997" all;
import from EtsiTs102941TypesEnrolment language "ASN.1:1997" all;
import from EtsiTs102941MessagesItss language "ASN.1:1997" all;
import from EtsiTs103097Module language "ASN.1:1997" all;
import from ITS_Container language "ASN.1:1997" all;
import from CAM_PDU_Descriptions language "ASN.1:1997" all;
// LibItsCommon
import from LibItsCommon_TypesAndValues all;
import from LibItsCommon_Functions all;
import from LibItsCommon_TypesAndValues all;
import from LibItsCommon_ASN1_NamedNumbers all;
// LibItsGeoNetworking
import from LibItsGeoNetworking_TestSystem all;
import from LibItsGeoNetworking_Functions all;
import from LibItsGeoNetworking_Templates all;
import from LibItsGeoNetworking_TypesAndValues all;
import from LibItsGeoNetworking_Pics all;
// LibItsSecurity
import from LibItsSecurity_TypesAndValues all;
import from LibItsSecurity_TestSystem all;
import from LibItsSecurity_Templates all;
import from LibItsSecurity_Functions all;
import from LibItsSecurity_Pixits all;
import from LibItsSecurity_Pics all;
// LibItsHttp
import from LibItsHttp_TypesAndValues all;
import from LibItsHttp_Templates all;
import from LibItsHttp_BinaryTemplates all;
import from LibItsHttp_Functions all;
import from LibItsHttp_TestSystem all;
// LibItsPki
import from LibItsPki_Templates all;
import from LibItsPki_TestSystem all;
// AtsPki
import from ItsPki_Functions all;
/**
* @desc 5.2 ITS-S behaviour
*/
group itss_behavior {
group itss_manufacturing {
/**
* @desc Check that IUT sends an enrolment request when triggered.
*
* Pics Selection:
* Initial conditions:
* with {
* the IUT being in the "initial state"
* }
* Expected behaviour:
* ensure that {
* when {
* the IUT is triggered to requested a new Enrolment Certificate (EC)
* }
* then {
* the IUT sends to EA an EnrolmentRequestMessage
* }
* }
*
*
* @see ETSI TS ITS-00546v006 TP 2
* @reference ETSI TS 102 941 [2], clause 6.1.3
*/
testcase TC_SEC_PKI_ITSS_ENR_BV_01() runs on ItsMtc /*system ItsPkiItssSystem*/ {
// Local variables
var ItsPkiItss v_itss;
var ItsPki v_ea;
// Test component configuration
//f_cfUp_itss();
v_itss.start(f_TC_SEC_PKI_ITSS_ENR_BV_01_itss(cc_taCert_A));
v_ea.start(f_TC_SEC_PKI_ITSS_ENR_BV_01_pki(cc_taCert_A));
// Synchronization
f_serverSync2ClientsAndStop({c_prDone, c_tbDone, c_poDone});
// Cleanup
//f_cfDown_itss();
} // End of testcase TC_SEC_PKI_ITSS_ENR_BV_01
group f_TC_SEC_PKI_ITSS_ENR_BV_01 {
function f_TC_SEC_PKI_ITSS_ENR_BV_01_itss(in charstring p_certificate_id) runs on ItsPkiItss /*system ItsPkiItssSystem*/ {
// Local variables
var LongPosVector v_longPosVectorIut;
// Test control
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up(); // Initialise IUT with CERT_IUT_A_AT signed with CERT_IUT_A_AA
v_longPosVectorIut := f_getPosition(c_compIut);
// Test adapter configuration
// Preamble
f_prNeighbour();
f_acTriggerEvent(m_startPassBeaconing(m_beaconHeader(v_longPosVectorIut).beaconHeader)); // Authorize the TA to forward the received beacons
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mw_etsiTs103097Data_signed
))) {
tc_ac.stop;
log("*** " & testcasename() & ": PASS: Security protocol version set to 3 ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_acTriggerEvent(m_stopPassBeaconing);
f_poNeighbour();
f_cf01Down();
} // End of testcase f_TC_SEC_PKI_ITSS_ENR_BV_01_itss
function f_TC_SEC_PKI_ITSS_ENR_BV_01_pki(in charstring p_certificate_id) runs on ItsPki /*system ItsPkiItssSystem*/ {
} // End of testcase f_TC_SEC_PKI_ITSS_ENR_BV_01_pki
} // End of f_TC_SEC_PKI_ITSS_ENR_BV_01
} // End of group itss_manufacturing
} // End of group itss_behavior
group ea_behavior {
/**
* @desc The EnrolmentResponse message shall be sent by the EA to the
* ITS-S across the interface at reference point S3 in response
* to a received EnrolmentRequest message.
*
* Pics Selection:
* Initial conditions:
* with {
* the IUT being in the "operational state"
* }
* Expected behaviour:
* ensure that {
* when {
* the IUT receives an EnrolmentRequestMessage across the interface at the reference point S3
* }
* then {
* the IUT answers with an EnrolmentResponseMessage across the interface at reference point S3
* }
* }
*
*
* @see ETSI TS ITS-00546v006 TP 20
* @reference ETSI TS 102 941, clause 6.2.3.2.2
*/
testcase TC_SEC_PKI_SND_EA_BV_01() runs on ItsPki system ItsPkiSystem {
// Local variables
var Oct32 v_private_key;
var Oct32 v_publicKeyX;
var Oct32 v_publicKeyY;
var Oct32 v_publicKeyCompressed;
var integer v_compressedMode;
var template (value) EccP256CurvePoint v_eccP256_curve_point;
var template (value) InnerEcRequest v_inner_ec_request;
// Test control
// Test component configuration
ItsPki_Functions.f_cfUp();
// Test adapter configuration
// Preamble
// Preamble
// f_generate_innerEcRequestSignedForPop(v_inner_ec_request)
// Generate keys for the certificate to be requested
if (f_generate_key_pair_nistp256(v_private_key, v_publicKeyX, v_publicKeyY, v_publicKeyCompressed, v_compressedMode) == false) {
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_error);
stop;
}
log("v_private_key = ", v_private_key);
log("v_public_key X= ", v_publicKeyX);
log("v_public_key Y= ", v_publicKeyY);
log("v_public_key compressed= ", v_publicKeyCompressed, v_compressedMode);
if (v_compressedMode == 0) {
v_eccP256_curve_point := m_eccP256CurvePoint_compressed_y_0(v_publicKeyCompressed);
} else {
v_eccP256_curve_point := m_eccP256CurvePoint_compressed_y_1(v_publicKeyCompressed);
}
// Build the Proof of Possession InnerEcRequestSignedForPop
v_inner_ec_request := m_innerEcRequest(
"CanonicalItsId",
m_publicKeys(
m_publicVerificationKey_ecdsaNistP256(v_eccP256_curve_point),
m_encryptionKey(
-,
m_publicEncryptionKey_ecdsaNistP256(v_eccP256_curve_point)
)
),
m_certificateSubjectAttributes(
{ // ETSI TS 102 965 Table A.1: ETSI ITS standardized ITS-AIDs
valueof(m_appPermissions(36, { bitmapSsp := '830001'O })),
valueof(m_appPermissions(37, { bitmapSsp := '830001'O }))
},
m_validityPeriod(
17469212,
m_duration_years(10)
),
m_geographicRegion_identifiedRegion(
{
m_identifiedRegion_country_only(12),
m_identifiedRegion_country_only(34)
}
),
'C0'O
)
);
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
pkiPort.send(v_inner_ec_request);
tc_ac.start;
alt {
[] pkiPort.receive(
mw_innerEcResponse_ok
) {
tc_ac.stop;
log("*** " & testcasename() & ": PASS: InnerEcReponse received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
[] pkiPort.receive { // FIXME Use altstep
tc_ac.stop;
log("*** " & testcasename() & ": FAIL: HTTP error ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
ItsPki_Functions.f_cfDown();
} // End of testcase TC_SEC_PKI_SND_EA_BV_01
/**
* @desc If the enrolment request of the IUT is an initial enrolment request, the itsId
* (contained in the InnerECRequest) shall be set to the canonical identifier, the
* signer (contained in the outer EtsiTs1030971Data-Signed) shall be set to self and
* the outer signature shall be computed using the canonical private key.
*
* Pics Selection:
* Initial conditions:
* with {
* the IUT being in the "operational state"
* }
* Expected behaviour:
* ensure that {
* when {
* the IUT is requested to send an EnrolmentRequestMessage
* }
* then {
* the IUT sends an EtsiTs103097Data-Encrypted
* containing an encrypted EtsiTs103097Data-Signed
* containing EtsiTs103097Data
* containing InnerECRequestSignedForPOP
* containing InnerEcRequest
* containing itsId
* indicating the canonical identifier of the ITS-S
* and containing signer
* declared as self
* and containing signature
* computed using the canonical private key
* }
* }
*
*
* @see ETSI TS ITS-00546v006 TP 20
* @reference ETSI TS 102 941, clause 6.2.3.2.2
*/
testcase TC_SEC_PKI_SND_EA_BV_02() runs on ItsPkiHttp system ItsPkiHttpSystem {
// Local variables
var Oct32 v_private_key;
var Oct32 v_publicKeyX;
var Oct32 v_publicKeyY;
var Oct32 v_publicKeyCompressed;
var integer v_compressedMode;
var template (value) EccP256CurvePoint v_eccP256_curve_point;
var template (value) InnerEcRequest v_inner_ec_request;
var octetstring v_encoded_inner_ec_request;
var template (value) ToBeSignedData v_tbs;
var Oct32 v_tbs_signed;
var template (value) Ieee1609Dot2Data v_ieee1609dot2_signed_data;
var Oct12 v_nonce;
var Oct16 v_authentication_vector;
var Oct16 v_encrypted_sym_key;
var Oct32 v_publicEphemeralKeyCompressed;
var integer v_ephemeralKeyModeCompressed;
var HashedId8 v_recipientId;
var octetstring v_encrypted_inner_ec_request;
var template (value) Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
var HeaderLines v_headers;
// Test control
// Test component configuration
f_cfHttpUp();
// Test adapter configuration
// Preamble
// f_generate_innerEcRequestSignedForPop(v_inner_ec_request)
// Generate keys for the certificate to be requested
if (f_generate_key_pair_nistp256(v_private_key, v_publicKeyX, v_publicKeyY, v_publicKeyCompressed, v_compressedMode) == false) {
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_error);
stop;
}
log("v_private_key = ", v_private_key);
log("v_public_key X= ", v_publicKeyX);
log("v_public_key Y= ", v_publicKeyY);
log("v_public_key compressed= ", v_publicKeyCompressed, v_compressedMode);
if (v_compressedMode == 0) {
v_eccP256_curve_point := m_eccP256CurvePoint_compressed_y_0(v_publicKeyCompressed);
} else {
v_eccP256_curve_point := m_eccP256CurvePoint_compressed_y_1(v_publicKeyCompressed);
}
// Build the Proof of Possession InnerEcRequestSignedForPop
v_inner_ec_request := m_innerEcRequest(
"CanonicalItsId",
m_publicKeys(
m_publicVerificationKey_ecdsaNistP256(v_eccP256_curve_point),
m_encryptionKey(
-,
m_publicEncryptionKey_ecdsaNistP256(v_eccP256_curve_point)
)
),
m_certificateSubjectAttributes(
{ // ETSI TS 102 965 Table A.1: ETSI ITS standardized ITS-AIDs
valueof(m_appPermissions(36, { bitmapSsp := '830001'O })),
valueof(m_appPermissions(37, { bitmapSsp := '830001'O }))
},
m_validityPeriod(
17469212,
m_duration_years(10)
),
m_geographicRegion_identifiedRegion(
{
m_identifiedRegion_country_only(12),
m_identifiedRegion_country_only(34)
}
),
'C0'O
)
);
// Encode it
v_encoded_inner_ec_request := bit2oct(encvalue(v_inner_ec_request));
// f_buildPkiSecuredCam(v_encoded_inner_ec_request, )
// Signed the encoded InnerEcRequestSignedForPop
v_tbs := m_toBeSignedData(
m_signedDataPayload(
m_etsiTs103097Data_unsecured(v_encoded_inner_ec_request)
),
m_headerInfo_inner_ec_request(12345, f_getCurrentTime()) // TODO Use PIXIT
);
// Signed the encoded InnerEcRequestSignedForPop
v_tbs_signed := fx_signWithEcdsaNistp256WithSha256(bit2oct(encvalue(v_tbs)), int2oct(0, 32), v_private_key); // TODO Use wrapping function
// Finalyse signed InnerEcRequestSignedForPop
v_ieee1609dot2_signed_data := m_etsiTs103097Data_signed(
m_signedData(
sha256,
v_tbs,
m_signerIdentifier_self,
m_signature_ecdsaNistP256(
m_ecdsaP256Signature(
m_eccP256CurvePoint_x_only(
substr(v_tbs_signed, 0, 32)
),
substr(v_tbs_signed, 32, 32)
)
)
)
);
// Encode InnerEcRequestSignedForPop
v_encoded_inner_ec_request := bit2oct(encvalue(v_ieee1609dot2_signed_data));
// Encrypt the encoded signed InnerEcRequestSignedForPop
v_encrypted_inner_ec_request := f_encryptWithEciesNistp256WithSha256(v_encoded_inner_ec_request, v_publicKeyCompressed, v_compressedMode, v_publicEphemeralKeyCompressed, v_ephemeralKeyModeCompressed, v_encrypted_sym_key, v_authentication_vector, v_nonce);
v_recipientId := f_HashedId8FromSha256(f_hashWithSha256(v_encrypted_inner_ec_request)); // IEEE Std 1609.2a-2017 Clause 6.3.34 PKRecipientInfo
// Fill Certificate template with the public compressed keys (canonical form)
if (v_ephemeralKeyModeCompressed == 0) {
v_eccP256_curve_point := valueof(m_eccP256CurvePoint_compressed_y_0(v_publicEphemeralKeyCompressed));
} else {
v_eccP256_curve_point := valueof(m_eccP256CurvePoint_compressed_y_1(v_publicEphemeralKeyCompressed));
}
v_ieee1609dot2_signed_and_encrypted_data := m_etsiTs103097Data_encrypted(
m_encryptedData(
{
m_recipientInfo_signedDataRecipInfo(
m_pKRecipientInfo(
v_recipientId,
m_encryptedDataEncryptionKey_eciesNistP256(
m_evciesP256EncryptedKey(
v_eccP256_curve_point,
v_encrypted_sym_key,
v_authentication_vector
))))
},
m_SymmetricCiphertext_aes128ccm(
m_aesCcmCiphertext(
v_nonce,
v_encrypted_inner_ec_request
)
)
)
);
log("v_ieee1609dot2_signed_and_encrypted_data = ", v_ieee1609dot2_signed_and_encrypted_data);
f_init_default_headers_list(v_headers);
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
httpPort.send(
m_http_request(
m_http_request_post(
"/",
v_headers,
m_http_message_body_binary(
m_binary_body_ieee1609dot2_data(
v_ieee1609dot2_signed_and_encrypted_data
)))));
tc_ac.start;
alt {
[] httpPort.receive(
mw_http_response(
mw_http_response_ok(
mw_http_message_body_binary(
mw_binary_body_ieee1609dot2_data(
mw_etsiTs103097Data_encrypted(
mw_encryptedData(
-,
mw_SymmetricCiphertext_aes128ccm
))))))) {
tc_ac.stop;
log("*** " & testcasename() & ": PASS: InnerEcReponse received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
[] httpPort.receive( // FIXME Use altstep
mw_http_response(
mw_http_response_ko
)) {
tc_ac.stop;
log("*** " & testcasename() & ": FAIL: HTTP error ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
[] httpPort.receive(mw_http_response) { // FIXME Use altstep
tc_ac.stop;
log("*** " & testcasename() & ": FAIL: Unexpected response received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_cfHttpDown();
} // End of testcase TC_SEC_PKI_SND_EA_BV_02
} // End of group ea_behavior
group aa_behavior {
} // End of group aa_beavior
} // End of module ItsPki_TestCases