/** * @author ETSI / STF481 * @version $URL$ * $Id$ * @desc Testcases file for Security Protocol * @see Draft ETSI TS 103 097 V1.1.15 */ module ItsSecurity_TestCases { // Libcommon import from LibCommon_Time all; import from LibCommon_VerdictControl all; import from LibCommon_Sync all; import from LibCommon_BasicTypesAndValues all; // LibIts import from DENM_PDU_Descriptions language "ASN.1:1997" all; import from ITS_Container language "ASN.1:1997" all; // LibItsCommon import from LibItsCommon_Functions all; // LibItsGeoNetworking import from LibItsGeoNetworking_TestSystem all; import from LibItsGeoNetworking_Functions all; import from LibItsGeoNetworking_Templates all; import from LibItsGeoNetworking_TypesAndValues all; import from LibItsGeoNetworking_Pics all; import from LibItsGeoNetworking_Pixits all; // LibItsBtp import from LibItsBtp_TypesAndValues all; import from LibItsBtp_Templates all; // LibItsCam import from LibItsCam_Templates all; import from LibItsCam_Functions all; import from LibItsCam_Templates all; import from LibItsCam_Functions all; import from LibItsCam_TestSystem all; // LibItsDenm import from LibItsDenm_TypesAndValues all; import from LibItsDenm_Templates all; import from LibItsDenm_TestSystem all; // LibItsSecurity import from LibItsSecurity_TypesAndValues all; import from LibItsSecurity_Templates all; import from LibItsSecurity_Functions all; import from LibItsSecurity_Pixits all; import from LibItsSecurity_Pics all; // AtsSecurity import from AtsSecurity_TestSystem all; import from AtsSecurity_Functions all; import from AtsSecurity_Templates all; import from ItsSecurity_Pics all; /** * @desc Sending behaviour test cases * @see ETSI TS 103 096-2 V1.2.2 (2016-01) Clause 5.2 Sending behaviour */ group sendingBehavior { /** * @desc Check that ITS-S sends a SecuredMessage containing protocol version set to 2 *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * } * Expected behaviour: * ensure that { * when { * the IUT is requested to send a SecuredMessage * } then { * the IUT sends a SecuredMessage * containing protocol_version * indicating value '2' * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_MSG_01_01_BV * @reference ETSI TS 103 097 [1], clause 5.1 */ testcase TC_SEC_ITSS_SND_MSG_01_01_BV() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var LongPosVector v_longPosVectorIut; // Test control if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); v_longPosVectorIut := f_getPosition(c_compIut); // Test adapter configuration // Preamble f_prNeighbour(); f_acTriggerEvent(m_startPassBeaconing(m_beaconHeader(v_longPosVectorIut).beaconHeader)); // Authorize the TA to forward the received beacons f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body tc_ac.start; alt { [] geoNetworkingPort.receive(mw_geoNwInd(mw_geoNwSecPdu(mdw_securedMessage_dummy))) { tc_ac.stop; log("*** " & testcasename() & ": PASS: Security protocol version set to 2 ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected message not received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); } } // End of 'alt' statement // Postamble f_acTriggerEvent(m_stopPassBeaconing); f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_SND_MSG_01_01_BV /** * @desc Check that when IUT sends the message signed with the digest, then this digest points to the AT certificate *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT is configured to send more than one CAM per second * and the IUT having sent last CAM * containing header_fields['signer_info'].signer.type * indicating 'certificate' * } * Expected behaviour: * ensure that { * when { * the IUT is requested to send next CAM * } then { * the IUT sends a SecuredMessage * containing header_fields ['signer_info'] * containing signer * containing type * indicating 'certificate_digest_with_sha256' * and containing digest * referencing the certificate * containing subject_info.subject_type * indicating 'authorization_ticket' * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_MSG_04_01_BV * @reference ETSI TS 103 097 [1], clause 6.3 */ testcase TC_SEC_ITSS_SND_MSG_04_01_BV() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var SecuredMessage v_recv; var Certificate v_cert; var LongPosVector v_longPosVectorIut; var ItsCam v_component; // Test control if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); v_longPosVectorIut := f_getPosition(c_compIut); // Test adapter configuration // Preamble f_prNeighbour(); v_component := f_setCamFrequencyGreatherThan1Hz(); // execution will be stopped if cert is not received during tc_ac log("*** " & testcasename() & ": INFO: Waiting for the message containing certificate ***"); tc_ac.start; if (not f_waitForCertificate(v_cert)) { log("*** " & testcasename() & ": INCONC: Expected message not received ***"); f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout); } tc_ac.stop; if (v_cert.subject_info.subject_type != e_authorization_ticket) { log("*** " & testcasename() & ": FAIL: received certificate is not an AT certificate ***"); f_selfOrClientSyncAndVerdictTestBody(c_prDone, e_error); } f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body tc_ac.start; alt { [] a_securedMessageWithDigest (v_recv) { var SignerInfo v_si; tc_ac.stop; if (f_getMsgSignerInfo(v_recv, v_si) == true) { if (v_si.signerInfo.digest == f_calculateDigestFromCertificate(v_cert)) { log("*** " & testcasename() & ": PASS: Digest corresponds to the AT certificate ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } else { log("*** " & testcasename() & ": FAIL: Digest corresponds to unknown certificate ***"); log("f_calculateDigestFromCertificate(v_cert)=", f_calculateDigestFromCertificate(v_cert)); log("v_si.signerInfo.digest=", v_si.signerInfo.digest); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } } else { log("*** " & testcasename() & ": FAIL: Received message is not signed well ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected CAM not received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); } } // End of 'alt' statement // Postamble f_terminateCam(v_component); f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_SND_MSG_04_01_BV /** * @desc Check that IUT uses the AT certificate to sign messages *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * the IUT being requested to include certificate in the next CAM * } * ensure that { * when { * the IUT is requested to send a next CAM * } then { * the IUT sends a SecuredMessage * containing header_fields ['signer_info'] * containing signer * containing type * indicating 'certificate' * containing certificate * containing subject_info.subject_type * indicating 'authorization_ticket' * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_MSG_04_02_BV * @reference ETSI TS 103 097 [1], clause 6.3 */ testcase TC_SEC_ITSS_SND_MSG_04_02_BV() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var SecuredMessage v_recv; var Certificate v_cert; var LongPosVector v_longPosVectorIut; // Test control if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); v_longPosVectorIut := f_getPosition(c_compIut); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body tc_ac.start; alt { [] a_securedMessageWithCertificate(v_recv) { var SignerInfo v_si; if (f_getMsgSignerInfo(v_recv, v_si)) { v_cert := v_si.signerInfo.certificate; if (v_cert.subject_info.subject_type != e_authorization_ticket ) { log("*** " & testcasename() & ": FAIL: received certificate is not an AT certificate ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } log("*** " & testcasename() & ": PASS: message signed with AT certificate"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } else { log("*** " & testcasename() & ": FAIL: received message is not signed well ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected CAM not received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); } } // End of 'alt' statement // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_SND_MSG_04_02_BV /** * @desc Check that the SecuredMessage signature containes the ECC point of type set to either compressed_lsb_y_0, compressed_lsb_y_1 or x_coordinate_only *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * } * ensure that { * when { * the IUT is requested to send a next CAM * } then { * the IUT sends a SecuredMessage * containing header_fields ['its_aid'] * containing its_aid * indicating 'AID_CAM' * and containing trailer_fields['signature'] * containing signature.ecdsa_signature * containing R.type * indicating compressed_lsb_y_0 * or indicating compressed_lsb_y_1 * or indicating x_coordinate_only * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_MSG_05_01_BV * @reference ETSI TS 103 097 [1], clause 4.2.9 */ testcase TC_SEC_ITSS_SND_MSG_05_01_BV() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var LongPosVector v_longPosVectorIut; // Test control if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); v_longPosVectorIut := f_getPosition(c_compIut); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body tc_ac.start; alt { [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mdw_securedMessage_CAMs( ?, ?, { mw_trailer_field_signature( mw_signature( mw_ecdsaSignature( mw_eccPointecdsa_nistp256_with_sha256_y0_coordinate_only, ? ) ) ) } ), ? ))) { tc_ac.stop; log("*** " & testcasename() & ": PASS: Expected CAM message containing signature with the ECC point of type set to compressed_lsb_y_0 received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mdw_securedMessage_CAMs( ?, ?, { mw_trailer_field_signature( mw_signature( mw_ecdsaSignature( mw_eccPointecdsa_nistp256_with_sha256_y1_coordinate_only, ? ) ) ) } ), ? ))) { tc_ac.stop; log("*** " & testcasename() & ": PASS: Expected CAM message containing signature with the ECC point of type set to compressed_lsb_y_1 received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mdw_securedMessage_CAMs( ?, ?, { mw_trailer_field_signature( mw_signature( mw_ecdsaSignature( mw_eccPointecdsa_nistp256_with_sha256_x_coordinate_only ) ) ) } ), ? ))) { tc_ac.stop; log("*** " & testcasename() & ": PASS: Expected CAM message containing signature with the ECC point of type set to x_coordinate_only received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mdw_securedMessage_CAMs ))) { tc_ac.stop; log("*** " & testcasename() & ": Failed: Expected CAM message received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected CAM not received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); } } // End of 'alt' statement // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_SND_MSG_05_01_BV /** * @desc Sending behaviour test cases for CAM profile * @see ETSI TS 103 096-2 V1.2.2 (2016-01) Clause 5.2.4 CAM profile */ group sendCAMProfile { /** * @desc Check that the sent Secured CAM contains a HeaderField its_aid that is set to 'AID_CAM' *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * } * ensure that { * when { * the IUT is requested to send a CAM * } then { * the IUT sends a SecuredMessage * and containing header_fields['its_aid'] * indicating 'AID_CAM' * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TC_SEC_ITSS_SND_CAM_01_01_BV * @reference ETSI TS 103 097 [1], clause 5.4 and 7.1 */ testcase TC_SEC_ITSS_SND_CAM_01_01_BV() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var GeoNetworkingInd v_geoNwInd; var HeaderFields v_headersFields; var integer v_previousHeaderType; // Test control if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body tc_ac.start; alt { [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mdw_securedMessage( superset( ?, ?, mw_header_field_its_aid_CAM ) ), ? ))) -> value v_geoNwInd { tc_ac.stop; log("*** " & testcasename() & ": PASS: 'its_aid' is set to 'AID_CAM'"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected CAM not received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); } } // End of 'alt' statement // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_SND_CAM_01_01_BV /** * @desc Check that the secured CAM contains exactly one element of these header fields: signer_info, generation_time, its_aid. Check that the header fields are in the ascending order according to the numbering of the enumeration except of the signer_info, which is encoded first. Check that generation_time_standard_deviation, expiration, encryption_parameters, recipient_info are not used *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * } * ensure that { * when { * the IUT is requested to send a CAM * } then { * the IUT sends a SecuredMessage { * containing header_fields[0] * containing type * indicating 'signer_info' * and containing header_fields [n].type * indicating value < header_fields [n+1].type * and containing header_fields ['generation_time'] * and containing header_fields['its_aid'] * indicating 'AID_CAM' * and not containing header_fields['generation_time_standard_deviation'] * and not containing header_fields['expiration'] * and not containing header_fields['encryption_parameters'] * and not containing header_fields['recipient_info'] * } * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CAM_02_01_BV * @reference ETSI TS 103 097 [1], clause 7.1 */ testcase TC_SEC_ITSS_SND_CAM_02_01_BV() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var GeoNetworkingInd v_geoNwInd; var HeaderFields v_headersFields; var integer v_previousHeaderType; // Test control if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body tc_ac.start; alt { [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mdw_securedMessage( superset( mw_header_field( e_signer_info ), mw_header_field(e_generation_time), mw_header_field_its_aid_CAM ) ), mw_geoNwPduWithPayload( ?, ?, mw_secCamPayload).packet ))) -> value v_geoNwInd { tc_ac.stop; // Process header fields manually v_headersFields := valueof(v_geoNwInd.msgIn.gnPacket.securedMsg.header_fields); // Check that signerInfo is first header if ((lengthof(v_headersFields) < 1) or not match(v_headersFields[0].type_, e_signer_info)) { log("*** " & testcasename() & ": FAIL: SignerInfo is not first header"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } for (var integer v_counter := 1; v_counter < lengthof(v_headersFields); v_counter := v_counter + 1) { // Check forbidden header if (match(v_headersFields[v_counter].type_, e_generation_time_standard_deviation)) { log("*** " & testcasename() & ": FAIL: Forbidden header present"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } if (match(v_headersFields[v_counter].type_, e_signer_info)) { log("*** " & testcasename() & ": FAIL: multiple instances of signer_info header"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } if (v_counter > 1 ) { // Check that headers are ordered if (match(v_headersFields[v_counter].type_, integer:(0..v_previousHeaderType))) { // Check that header is duplicated if (match(v_headersFields[v_counter].type_, v_previousHeaderType)) { log("*** " & testcasename() & ": FAIL: multiple instances of same header"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); }else{ log("*** " & testcasename() & ": FAIL: headers not in correct order"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } } } v_previousHeaderType := enum2int(v_headersFields[v_counter].type_); } // End of 'for' statement log("*** " & testcasename() & ": PASS: correct secured packet received"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected CAM not received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); } } // End of 'alt' statement // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_SND_CAM_02_01_BV /** * @desc Check that the secured CAM contains the signer_info field of certificate when over the time of one * second no other SecuredMessage contained a signer_info of type certificate. *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT is configured to send more then one CAM per second * and the IUT having sent a CAM * containing header_fields['signer_info'].signer.type * indicating 'certificate' * contains header_fields['generation_time'] * indicating TIME_LAST * } * ensure that { * when { * the IUT is sending CAM * containing header_fields['signer_info'] * containing signer * containing type * indicating 'certificate' * } then { * this message * contains header_fields['generation_time'] * indicating TIME (TIME >= TIME_LAST + 1sec) * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CAM_05_01_BV * @reference ETSI TS 103 097 [1], clause 7.1 */ testcase TC_SEC_ITSS_SND_CAM_05_01_BV() runs on ItsGeoNetworking system ItsSecSystem { // Local variables const integer c_cntTimeLimit := 10; const float c_certificateGenerationTime := 1.0; timer t_minTransInterval := c_certificateGenerationTime * 0.8; var integer v_cntTime := 0; var GeoNetworkingInd v_geoNwInd; var ItsCam v_component; // Test control if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); geoNetworkingPort.clear; v_component := f_setCamFrequencyGreatherThan1Hz(); tc_ac.start; alt { [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mdw_securedMessage_CAMs( mw_header_field_signer_info_certificate )))) { tc_ac.stop; t_minTransInterval.start; log("*** " & testcasename() & ": INFO: Initial conditions: First CAM message with certificate received ***"); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Initial conditions: CAM message with certificate not received ***"); f_selfOrClientSyncAndVerdictPreamble("error", e_timeout); } } // End of 'alt' statement // Test Body tc_ac.start; alt { [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mdw_securedMessage_CAMs( mw_header_field_signer_info_certificate )))) { if(t_minTransInterval.running){ t_minTransInterval.stop; log("*** " & testcasename() & ": FAIL: CAM with certificate has been received inside 1 sec after previous one ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } v_cntTime := v_cntTime + 1; if (v_cntTime == c_cntTimeLimit) { // Exit message loop log("*** " & testcasename() & ": PASS: Generation of CAM messages including certificate was successful ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); // end of alt } else { log("*** " & testcasename() & ": INFO: CAM retransmission with certificate ***"); t_minTransInterval.start; repeat; } } [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mdw_securedMessage_CAMs( mw_header_field_signer_info_digest )))) { log("*** " & testcasename() & ": INFO: CAM retransmission with digest ***"); repeat; } [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mdw_securedMessage_CAMs ))) { log("*** " & testcasename() & ": FAIL: Neither Certificate not Digest in received CAM ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } [] t_minTransInterval.timeout { log("*** " & testcasename() & ": INFO: One of next CAMS must have a certificate ***"); repeat; } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected CAM not received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); } } // End of 'alt' statement // Postamble f_terminateCam(v_component); f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_SND_CAM_05_01_BV /** * @desc Check that the secured CAM contains the signer_info field of certificate when the timeout of 1 second * has been expired after the previous CAM containing the certificate. *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT is configured to send more than one CAM per second * and the IUT having sent a CAM * containing header_fields['signer_info'].signer.type * indicating 'certificate' * at TIME_LAST * } * ensure that { * when { * the IUT is sending a CAM * containing header_fields['generation_time'] * indicating TIME >= TIME_LAST + 1sec * } then { * this message is * containing header_fields ['signer_info'] * containing signer * containing type * indicating 'certificate' * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CAM_05_02_BV * @reference ETSI TS 103 097 [1], clause 4.2.9 */ testcase TC_SEC_ITSS_SND_CAM_05_02_BV() runs on ItsGeoNetworking system ItsSecSystem { // Local variables const integer c_cntTimeLimit := 10; const float c_certificateGenerationTime := 1.0; timer t_maxTransInterval := c_certificateGenerationTime * 1.15; var integer v_cntTime := 0; var GeoNetworkingInd v_geoNwInd; var ItsCam v_component; // Test control if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); geoNetworkingPort.clear; v_component := f_setCamFrequencyGreatherThan1Hz(); tc_ac.start; alt { [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mdw_securedMessage_CAMs( mw_header_field_signer_info_certificate )))) { t_maxTransInterval.start; tc_ac.stop; log("*** " & testcasename() & ": INFO: Initial conditions: First CAM message with certificate received ***"); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Initial conditions: CAM message with certificate not received ***"); f_selfOrClientSyncAndVerdictPreamble("error", e_timeout); } } // End of 'alt' statement // Test Body tc_ac.start; alt { [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mdw_securedMessage_CAMs( mw_header_field_signer_info_certificate )))) { t_maxTransInterval.stop; v_cntTime := v_cntTime + 1; if (v_cntTime == c_cntTimeLimit) { // Exit message loop log("*** " & testcasename() & ": PASS: Generation of CAM messages including certificate was successful ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); // end of alt } else { t_maxTransInterval.start; log("*** " & testcasename() & ": INFO: CAM retransmission with certificate ***"); repeat; } } [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mdw_securedMessage_CAMs( mw_header_field_signer_info_digest )))) { log("*** " & testcasename() & ": INFO: CAM retransmission with digest ***"); repeat; } [] t_maxTransInterval.timeout { log("*** " & testcasename() & ": FAIL: CAM with certificate was not received in 1 sec after previous one ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected CAM not received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); } } // End of 'alt' statement // Postamble f_terminateCam(v_component); f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_SND_CAM_05_02_BV /** * @desc Check that ITS-S sends a Secured CAM containing the signer_info of type certificate * when the ITS-S received a CAM from an unknown ITS-S *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT is configured to send more than one CAM per second * and the IUT having already sent CAM at TIME_1 * containing header_fields['signer_info'].signer.type * indicating 'certificate' * and the IUT having received a SecuredMessage at TIME_2 (TIME_1 < TIME_2 < TIME_1+ 1sec) * containing header_fields['signer_info'] * containing signer * containing type * indicating 'certificate_digest_with_sha256' * containing digest * indicating HashedId3 value * referenced to unknown certificate * } * ensure that { * when { * the IUT is requested to send CAM at TIME_3 (TIME_1 < TIME_2 < TIME_3 < TIME_1 + 1sec) * } then { * the IUT sends a SecuredMessage * containing header_fields[0] * containing type * indicating 'signer_info' * and containing signer * containing type * indicating 'certificate' * and containing certificate * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CAM_06_01_BV * @reference ETSI TS 103 097 [1], clauses 5.4 and 7.1 */ testcase TC_SEC_ITSS_SND_CAM_06_01_BV() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var GeoNetworkingInd v_geoNwInd; var ItsCam v_component; timer t_maxTransInterval := 0.3; // Test control if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); v_component := f_setCamFrequencyGreatherThan1Hz(); tc_ac.start; alt { [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mdw_securedMessage_CAMs( mw_header_field_signer_info_certificate )))) { tc_ac.stop; log("*** " & testcasename() & ": INFO: Initial conditions: First CAM message with certificate received ***"); // Send secured message from unknown ITS-S geoNetworkingPort.clear; f_sendSecuredCam(cc_taCert_F, omit, e_certificate_digest_with_sha256); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Initial conditions: CAM message with certificate not received ***"); f_selfOrClientSyncAndVerdictPreamble("error", e_timeout); } } // Test Body t_maxTransInterval.start; tc_ac.start; alt { [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mdw_securedMessage_CAMs( mw_header_field_signer_info_certificate )))) { tc_ac.stop; t_maxTransInterval.stop; log("*** " & testcasename() & ": PASS: Generation of CAM messages including certificate was successful ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mdw_securedMessage_CAMs ))) { repeat; } [] t_maxTransInterval.timeout { log("*** " & testcasename() & ": FAIL: CAM was transmited w/o unrecognized request header ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected CAM not received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); } } // End of 'alt' statement // Postamble f_terminateCam(v_component); f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_SND_CAM_06_01_BV /** * @desc Check that IUT restart the certificate sending timer when the certificate has been sent *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT is configured to send more then one CAM per second * and the IUT having already sent CAM at TIME_1 * containing header_fields['signer_info'].signer.type * indicating 'certificate' * and the IUT having received a CAM at TIME_2 (TIME_1 +0.3sec) * containing header_fields['request_unrecognized_certificate'] * containing digests * containing HashedId3 value * referencing to the the IUT certificate * and the IUT having sent CAM at TIME_3 (TIME_3 > TIME_2) * containing header_fields['signer_info'].signer.type * indicating 'certificate' * } * ensure that { * when { * the IUT is sending the next CAM at TIME_4 * containing header_fields['signer_info'].signer.type * indicating 'certificate' * } then { * the difference between TIME_4 and TIME_3 is about of 1sec * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CAM_07_01_TI * @reference ETSI TS 103 097 [1], clause 7.1 */ testcase TC_SEC_ITSS_SND_CAM_07_01_TI() runs on ItsGeoNetworking system ItsSecSystem { // Local variables const float c_certificateGenerationTime := 1.0; timer t_maxTransInterval := c_certificateGenerationTime * 0.9; var GeoNetworkingInd v_geoNwInd; var SignerInfo v_signerInfo; var ItsCam v_component; var boolean v_firstCertReceived := false; // Test control if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ": ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); v_component := f_setCamFrequencyGreatherThan1Hz(); tc_ac.start; alt { [v_firstCertReceived == false] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mdw_securedMessage_CAMs( mw_header_field_signer_info_certificate )))) -> value v_geoNwInd { log("*** " & testcasename() & ": INFO: Initial conditions: The first CAM with certificate is received ***"); v_firstCertReceived := true; f_sleep(0.3); // Send secured message with request for unrecognized certificate f_getMsgSignerInfo(f_getSecuredMessage(v_geoNwInd.msgIn), v_signerInfo); f_sendSecuredCam( cc_taCert_F, { m_header_field_unrecognised_certificate( f_HashedId3FromHashedId8( f_calculateDigestFromCertificate( v_signerInfo.signerInfo.certificate ) ) ) }, e_certificate_digest_with_sha256 ); repeat; } [v_firstCertReceived == true] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mdw_securedMessage_CAMs( mw_header_field_signer_info_certificate )))) { tc_ac.stop; // start a timeout of one second to check // that the next cert will be received after this timeout t_maxTransInterval.start; log("*** " & testcasename() & ": INFO: Initial conditions: The requested CAM with certificate is received ***"); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Initial conditions: CAM message with certificate not received ***"); f_selfOrClientSyncAndVerdictPreamble("error", e_timeout); } } // End of 'alt' statement // Test Body tc_ac.start; alt { [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mdw_securedMessage_CAMs( mw_header_field_signer_info_certificate )))) { tc_ac.stop; t_maxTransInterval.stop; log("*** " & testcasename() & ": FAIL: CAM certificate inclusion time wasn't restarted ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mdw_securedMessage_CAMs ))) { log("*** " & testcasename() & ": INFO: CAM retransmission w/o certificate ***"); repeat; } [] t_maxTransInterval.timeout { tc_ac.stop; log("*** " & testcasename() & ": PASS: The CAM certificate inclusion timer has been restarted ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected CAM not received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); } } // End of 'alt' statement // Postamble f_terminateCam(v_component); f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_SND_CAM_07_01_TI /** * @desc Check that the IUT sends the Secured CAM containing the signer_info of type certificate * when it received a CAM containing a request of unrecognized certificate that matches * with the currently used AT certificate ID of the IUT *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT is configured to send more than one CAM per second * and the IUT having already sent CAM at TIME_1 * containing header_fields['signer_info'].signer.type * indicating 'certificate' * and the IUT having received a SecuredMessage at TIME_2 (TIME_1 < TIME_2 < TIME_1 + 1sec) * containing header_fields['request_unrecognized_certificate'] * containing digests { * containing HashedId3 value * referencing to the AT certificate * and not containing HashedId3 value * referencing to the AA certificate * } * } * ensure that { * when { * the IUT is requested to send a CAM at TIME_3 (TIME_1 < TIME_2 < TIME_3 < TIME_1 + 1sec) * } then { * the IUT sends a SecuredMessage * containing header_fields['signer_info'] * containing signer * containing type * indicating 'certificate' * containing certificate * referenced by the requested digest * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CAM_08_01_BV * @reference ETSI TS 103 097 [1], clause 7.1 */ testcase TC_SEC_ITSS_SND_CAM_08_01_BV() runs on ItsGeoNetworking system ItsSecSystem { // Local variables const float c_certificateGenerationTime := 1.0; timer t_maxTransInterval := c_certificateGenerationTime * 0.9; var GeoNetworkingInd v_geoNwInd; var ItsCam v_component; var SignerInfo v_si; // Test control if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ": ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); geoNetworkingPort.clear; v_component := f_setCamFrequencyGreatherThan1Hz(); tc_ac.start; alt { [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mdw_securedMessage_CAMs( mw_header_field_signer_info_certificate )))) -> value v_geoNwInd { tc_ac.stop; t_maxTransInterval.start; f_getMsgSignerInfo(f_getSecuredMessage(v_geoNwInd.msgIn),v_si); log("*** " & testcasename() & ": INFO: Initial conditions: First CAM message with certificate received ***"); // Send secured message with request for unrecognized certificate f_sendSecuredCam( cc_taCert_A, { m_header_field_unrecognised_certificate( // containing digests f_HashedId3FromHashedId8( // containing HashedId3 value f_calculateDigestFromCertificate( v_si.signerInfo.certificate // referencing to the AT certificate ) ) // and not containing HashedId3 value referencing to the AA certificate ) }, e_certificate ); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Initial conditions: CAM message with certificate not received ***"); f_selfOrClientSyncAndVerdictPreamble("error", e_timeout); } } // End of 'alt' statement // Test Body tc_ac.start; alt { [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mdw_securedMessage_CAMs( mw_header_field_signer_info_certificate( v_si.signerInfo.certificate ) )))) { tc_ac.stop; t_maxTransInterval.stop; log("*** " & testcasename() & ": PASS: Generation of CAM messages including certificate was successful ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mdw_securedMessage_CAMs ))) { log("*** " & testcasename() & ": INFO: CAM retransmission w/o certificate ***"); repeat; } [] t_maxTransInterval.timeout { tc_ac.stop; log("*** " & testcasename() & ": FAIL: Requested certificate was not received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected CAM not received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); } } // End of 'alt' statement // Postamble f_terminateCam(v_component); f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_SND_CAM_08_01_BV /** * @desc Check that the sent secured CAM contains the signer_info of type certificate_chain * when the ITS-S has received a CAM containing a request of unrecognized certificate that matches * with the AA certificate ID that issued its currently used AT certificate ID of the IUT *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT is configured to send more than one CAM per second * and the IUT having already sent a CAM * containing header_fields['signer_info'].signer.type * indicating 'certificate' * at TIME_1 * and the IUT having received a SecuredMessage * containing header_fields['request_unrecognized_certificate'] { * containing digests { * containing HashedId3 value * referencing to the AA certificate * } * } * at TIME_2 (TIME_1 < TIME_2 < TIME_1+ 1sec) * } * ensure that { * when { * the IUT is requested to send a CAM * at TIME_3 (TIME_1 < TIME_2 < TIME_3 < TIME_1+ 1sec) * } then { * the IUT sends a SecuredMessage * containing header_fields['signer_info'] * containing signer * containing type * indicating 'certificate_chain' * containing certificates[last] * indicating the AT certificate * containing certificates[last-1] * indicating the AA certificate * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CAM_09_01_BV * @reference ETSI TS 103 097 [1], clause 7.1 */ testcase TC_SEC_ITSS_SND_CAM_09_01_BV() runs on ItsGeoNetworking system ItsSecSystem { // Local variables const float c_certificateGenerationTime := 1.0; timer t_maxTransInterval := c_certificateGenerationTime * 0.9; var GeoNetworkingInd v_geoNwInd; var ItsCam v_component; var SignerInfo v_si; // Test control if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ": ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); geoNetworkingPort.clear; v_component := f_setCamFrequencyGreatherThan1Hz(); tc_ac.start; alt { [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mdw_securedMessage_CAMs( mw_header_field_signer_info_certificate )))) -> value v_geoNwInd { tc_ac.stop; t_maxTransInterval.start; f_getMsgSignerInfo(f_getSecuredMessage(v_geoNwInd.msgIn),v_si); f_getCertificateSignerInfo(v_si.signerInfo.certificate, v_si); log("*** " & testcasename() & ": INFO: Initial conditions: First CAM message with certificate received ***"); // Send secured message with request for unrecognized certificate f_sendSecuredCam( cc_taCert_A, { m_header_field_unrecognised_certificate( // containing digests f_HashedId3FromHashedId8( // containing HashedId3 value v_si.signerInfo.digest // referencing to the AA certificate ) ) }); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Initial conditions: CAM message with certificate not received ***"); f_selfOrClientSyncAndVerdictPreamble("error", e_timeout); } } // End of 'alt' statement // Test Body tc_ac.start; alt { [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mdw_securedMessage_CAMs( mw_header_field_signer_info_certificate_chain )))) -> value v_geoNwInd { var SignerInfo v_signerInfo; var CertificateChain v_certificates; var integer v_certificateChainLength; tc_ac.stop; t_maxTransInterval.stop; // Extract certificate chain f_getMsgSignerInfo(v_geoNwInd.msgIn.gnPacket.securedMsg, v_signerInfo); v_certificates := v_signerInfo.signerInfo.certificates; v_certificateChainLength := lengthof(v_certificates); if (v_certificateChainLength >= 2) { // Check length if ( // Check Content not( (v_certificates[0].subject_info.subject_type == e_authorization_authority) and // Check the certificate chain contains certificates[last] indicating the AT certificate (v_certificates[1].subject_info.subject_type == e_authorization_ticket) // Check the certificate chain contains certificates[last-1] indicating the AA certificate )) { log("*** " & testcasename() & ": FAIL: Unexpected certificate chain content ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: Generation of CAM messages including certificate chain was successful ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } } else { log("*** " & testcasename() & ": FAIL: Unexpected certificate chain content length ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } } [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mdw_securedMessage_CAMs ))) { log("*** " & testcasename() & ": INFO: CAM retransmission w/o certificate chain ***"); repeat; } [] t_maxTransInterval.timeout { tc_ac.stop; log("*** " & testcasename() & ": FAIL: The certificate chain has not been received during 1 sec ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected CAM not received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); } } // End of 'alt' statement // Postamble f_terminateCam(v_component); f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_SND_CAM_09_01_BV /** * @desc Check that the sent secured CAM contains exactly one HeaderField generation_time which is inside * the validity time of the certificate referenced by the signer_info *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * the IUT being requested to include certificate in the next CAM * } * ensure that { * when { * the IUT is requested to send CAM * } then { * the IUT sends a SecuredMessage * containing security_profile * indicating '1' * containing header_fields ['generation_time'] * containing generation_time * indicating TIME_1 (CUR_TIME - 5min <= TIME_1 <= CUR_TIME + 5min) * containing header_fields ['signer_info'] * containing signer * containing type * indicating 'certificate' * and containing certificate * containing validity_restrictions['time_end'] * containing end_validity * indicating value > GEN_TIME * or containing validity_restrictions['time_start_and_end'] * containing start_validity * indicating value <= GEN_TIME * and containing end_validity * indicating value > GEN_TIME * or containing validity_restrictions['time_start_and_duration'] * containing start_validity (X_START_VALIDITY) * indicating value <= GEN_TIME * and containing duration * indicating value > GEN_TIME - X_START_VALIDITY * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CAM_10_01_BV * @reference ETSI TS 103 097 [1], clauses 5.4 and 7.1 */ testcase TC_SEC_ITSS_SND_CAM_10_01_BV() runs on ItsGeoNetworking system ItsSecSystem { // Local variables const integer c_timeThreshold := 1000 * 60; /** Time threshold in milliseconds */ var GeoNetworkingInd v_geoNwInd; var SignerInfo v_signerInfo; var Certificate v_certificate; var HeaderField v_headerField; var Time64 v_generationTime; var ValidityRestriction v_validity; var integer v_currentTime, v_lowerBound, v_upperBound; // Test control if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ": ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); // Test Body tc_ac.start; alt { [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mdw_securedMessage( superset( mw_header_field_generation_time, mw_header_field_signer_info_certificate, mw_header_field_its_aid_CAM ))))) -> value v_geoNwInd { tc_ac.stop; log("*** " & testcasename() & ": INFO: CAM transmission with certificate ***"); v_currentTime := f_getCurrentTime(); log("v_currentTime (us)=", v_currentTime * 1000); v_lowerBound := (v_currentTime - c_timeThreshold) * 1000; v_upperBound := (v_currentTime + c_timeThreshold) * 1000; // Extract generation_time f_getMsgHeaderField(v_geoNwInd.msgIn.gnPacket.securedMsg, e_generation_time, v_headerField); v_generationTime := v_headerField.headerField.generation_time; // Extract certificate f_getMsgSignerInfo(v_geoNwInd.msgIn.gnPacket.securedMsg, v_signerInfo); v_certificate := v_signerInfo.signerInfo.certificate; // Check current time if (match(v_generationTime, (v_lowerBound .. v_upperBound))) { log("*** " & testcasename() & ": PASS: Generation time matches current time ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } else { log("*** " & testcasename() & ": FAIL: Generation time does not match current time " & int2str(v_currentTime-v_lowerBound) & " / " & int2str(v_upperBound - v_currentTime) & " . ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } // Check generation_time validity if ( (f_getCertificateValidityRestriction(v_certificate, e_time_start_and_end, v_validity) == true) and (v_generationTime >= (v_validity.validity.time_start_and_end.start_validity * 1000000) and (v_generationTime < (v_validity.validity.time_start_and_end.end_validity * 1000000))) ) { log("*** " & testcasename() & ": PASS: Generation time within certificate validity/time_start_and_end ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } else if ( (f_getCertificateValidityRestriction(v_certificate, e_time_end, v_validity) == true) and (v_generationTime < (v_validity.validity.end_validity * 1000000)) ) { log("*** " & testcasename() & ": PASS: Generation time within certificate validity ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } else if ( (f_getCertificateValidityRestriction(v_certificate, e_time_start_and_duration, v_validity) == true) and (v_generationTime >= (v_validity.validity.time_start_and_duration.start_validity * 1000000)) and (v_generationTime < (f_duration2time(v_validity.validity.time_start_and_duration.duration_) * 1000000)) ) { log("*** " & testcasename() & ": PASS: Generation time within certificate validity ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } else { log("*** " & testcasename() & ": FAIL: Generation time not within certificate validity ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } } [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mdw_securedMessage_CAMs ))) { log("*** " & testcasename() & ": INFO: CAM retransmission w/o certificate ***"); repeat; } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected CAM not received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); } } // End of 'alt' statement // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_SND_CAM_10_01_BV /** * @desc Check that the IUT sends certificate request when it receives a message from unknown station *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT has receiving a SecuredMessage * containing header_fields['signer_info'].signer * containing type * indicating 'certificate_digest_with_sha256' * containing digest * indicating HashedId3 value DIGEST_A * referenced to unknown certificate * } * ensure that { * when { * the IUT is requested to send CAM * } then { * the IUT sends a SecuredMessage * containing header_fields['request_unrecognized_certificate'] * containing digests * containing HashedId3 value * indicating DIGEST_A * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CAM_12_01_BV * @reference ETSI TS 103 097 [1], clause 7.1 */ testcase TC_SEC_ITSS_SND_CAM_12_01_BV() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var HashedId8 v_expectedHashedId8; var HashedId3 v_expectedHashedId3; var GeoNetworkingPdu v_securedGnPduToBeSent; // Test control if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Send secured message from unknown ITS-S // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_getCertificateDigest( cc_taCert_F, v_expectedHashedId8 ); v_expectedHashedId3 := f_HashedId3FromHashedId8(v_expectedHashedId8); // preamble: waiting for CAM with certificate and send a CAM with unknown digest right after that v_securedGnPduToBeSent := f_prepareSecuredCam(cc_taCert_F); geoNetworkingPort.clear; tc_ac.start; alt { [] geoNetworkingPort.receive { f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPduToBeSent)); tc_ac.stop; log("*** " & testcasename() & ": INFO: Initial conditions: First CAM message with certificate received ***"); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Initial conditions: CAM message with certificate not received ***"); f_selfOrClientSyncAndVerdictPreamble("error", e_timeout); } } // End of preamble 'alt' statement // Test Body tc_ac.start; alt { [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mdw_securedMessage_CAMs( mw_header_field_request_unrecognized_certificate( { v_expectedHashedId3 } ))))) { tc_ac.stop; log("*** " & testcasename() & ": PASS: CAM received with request for unrecognized certificate"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mdw_securedMessage_CAMs ))) { log("*** " & testcasename() & ": FAIL: CAM received without request for unrecognized certificate ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected CAM not received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); } } // End of 'alt' statement // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_SND_CAM_12_01_BV /** * @desc Check that the Secured CAM contains non-empty payload of type signed *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * } * ensure that { * when { * the IUT is requested to send a CAM * } then { * the IUT sends a SecuredMessage * containing payload_field * containing exactly one element of type Payload * containing type * indicating 'signed' * containing not-empty data * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CAM_14_01_BV * @reference ETSI TS 103 097 [1], clause 7.1 */ testcase TC_SEC_ITSS_SND_CAM_14_01_BV() runs on ItsGeoNetworking system ItsSecSystem { // Local variables // Test control if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body tc_ac.start; alt { [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mdw_securedMessage_CAMs( ?, mw_payload( e_signed ))))) { tc_ac.stop; log("*** " & testcasename() & ": PASS: CAM received with exactly 1 signed payload"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected CAM not received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); } } // End of 'alt' statement // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_SND_CAM_14_01_BV /** * @desc Check that the secured CAM contains only one TrailerField of type signature. * Check that the signature contained in the SecuredMessage is calculated over the right fields by * cryptographically verifying the signature. *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * } * ensure that { * when { * the IUT is requested to send a CAM * } then { * the IUT sends a SecuredMessage * containing header_fields ['signer_info'] * containing signer * containing type * indicating 'certificate_digest_with_sha256' * containing digest * referenced to the certificate * containing subject_info.subject_type * indicating 'authorization_ticket' (2) * and containing subject_attributes['verification key'] (KEY) * or containing signer * containing type * indicating 'certificate' * containing certificate * containing subject_info.subject_type * indicating 'authorization_ticket' (2) * and containing subject_attributes['verification key'] (KEY) * containing trailer_fields * containing single instance of type TrailerField * containing type * indicating 'signature' * containing signature * verifiable using KEY * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CAM_16_01_BV * @reference ETSI TS 103 097 [1], clause 7.1 */ testcase TC_SEC_ITSS_SND_CAM_16_01_BV() runs on ItsGeoNetworking system ItsSecSystem { // Local variables const integer c_nbVerification := 3; var integer v_nbVerification := 0; var GeoNetworkingInd v_geoNwInd; var SignerInfo v_signerInfo; var Certificate v_certificate; var boolean v_certificateReceived := false; // Test control if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body tc_ac.start; alt { [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mdw_securedMessage_CAMs( mw_header_field_signer_info_certificate )))) -> value v_geoNwInd { tc_ac.stop; log("*** " & testcasename() & ": INFO: CAM message with certificate received ***"); f_getMsgSignerInfo(v_geoNwInd.msgIn.gnPacket.securedMsg, v_signerInfo); v_certificate := v_signerInfo.signerInfo.certificate; v_certificateReceived := true; if (f_verifyGnSecuredMessageSignatureWithCertificate(v_geoNwInd.msgIn.gnPacket.securedMsg, v_certificate) == false) { log("*** " & testcasename() & ": FAIL: CAM received with invalide signature"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } v_nbVerification := v_nbVerification + 1; if (v_nbVerification < c_nbVerification) { tc_ac.start; repeat; } } [v_certificateReceived == true] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mdw_securedMessage_CAMs( mw_header_field_signer_info_digest )))) -> value v_geoNwInd { tc_ac.stop; if (f_verifyGnSecuredMessageSignatureWithCertificate(v_geoNwInd.msgIn.gnPacket.securedMsg, v_certificate) == false) { log("*** " & testcasename() & ": FAIL: CAM received with invalide signature"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } v_nbVerification := v_nbVerification + 1; if (v_nbVerification < c_nbVerification) { tc_ac.start; repeat; } } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected CAM not received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); } } // End of 'alt' statement log("*** " & testcasename() & ": PASS: All CAMs received with correct signature"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_SND_CAM_16_01_BV } // End of group sendCAMProfile /** * @desc Sending behaviour test cases for DENM profile * @see ETSI TS 103 096-2 V1.2.2 (2016-01) Clause 5.2.5 DENM profile */ group sendDENMProfile { /** * @desc Check that the sent Secured DENM contains a HeaderField its_aid that is set to 'AID_DENM' *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * } * ensure that { * when { * the IUT is requested to send DENM * } then { * the IUT sends a SecuredMessage * containing header_fields ['its_aid'] * containing its_aid * indicating 'AID_DENM' * } * } ** @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_DENM_01_01_BV * @reference ETSI TS 103 097 [1], clauses 5.4 and 7.2 */ testcase TC_SEC_ITSS_SND_DENM_01_01_BV() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var GeoNetworkingInd v_geoNwInd; var HeaderFields v_headersFields; var ItsDenm v_denmComponent; var integer v_previousHeaderType; // Test control if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_denmComponent := f_triggerDenmEvent(); tc_ac.start; alt { [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mdw_securedMessage( superset( ?, ?, ?, mw_header_field_its_aid_DENM ) ), ? ))) -> value v_geoNwInd { tc_ac.stop; log("*** " & testcasename() & ": PASS: 'its_aid' is set to 'AID_DENM'"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // DENM without mandatory fields [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mdw_securedMessage( superset( mw_header_field_its_aid_DENM ) )))) { log("*** " & testcasename() & ": FAIL: Secured DENM doesnt contain required headers"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected DENM not received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); } } // End of 'alt' statement // Postamble f_cancelDenmEvent(v_denmComponent); f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_SND_DENM_01_01_BV /** * @desc Check that the secured DENM contains exactly one element of these header fields: signer_info, generation_time, * generation_location, message_type. * Check that the header fields are in the ascending order according to the numbering of the enumeration except * of the signer_info, which is encoded first. * Check that generation_time_with_confidence (generation_time_standard_deviation) is not used *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * } * ensure that { * when { * the IUT is requested to send DENM * } then { * the IUT sends a SecuredMessage * containing header_fields[0] * containing type * indicating 'signer_info' * containing header_fields [n].type * indicating value less then header_fields [n+ 1].type * containing header_fields ['generation_time'] * containing header_fields ['generation_location'] * not containing header_fields ['generation_time_with_confidence'] * } * } ** @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_DENM_02_01_BV * @reference ETSI TS 103 097 [1], clause 7.2 */ testcase TC_SEC_ITSS_SND_DENM_02_01_BV() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var GeoNetworkingInd v_geoNwInd; var HeaderFields v_headersFields; var ItsDenm v_denmComponent; var integer v_previousHeaderType; // Test control if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_denmComponent := f_triggerDenmEvent(); tc_ac.start; alt { [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mdw_securedMessage( superset( mw_header_field( e_signer_info ), mw_header_field( e_generation_time ), mw_header_field( e_generation_location ), mw_header_field_its_aid_DENM ) ), mw_geoNwAnyPacket_withPayload( ? )))) -> value v_geoNwInd { tc_ac.stop; // Process header fields manually v_headersFields := valueof(v_geoNwInd.msgIn.gnPacket.securedMsg.header_fields); // Check that signerInfo is first header if (lengthof(v_headersFields) < 1 or not match(v_headersFields[0].type_, e_signer_info)) { log("*** " & testcasename() & ": FAIL: SignerInfo is not first header"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } v_previousHeaderType := enum2int(v_headersFields[0].type_); for (var integer v_counter := 1; v_counter < lengthof(v_headersFields); v_counter := v_counter + 1) { // Check forbidden header if (match(v_headersFields[v_counter].type_, e_generation_time_standard_deviation)) { log("*** " & testcasename() & ": FAIL: Forbidden header present"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } if (match(v_headersFields[v_counter].type_, e_signer_info)) { log("*** " & testcasename() & ": FAIL: multiple instances of signer_info header"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } if (v_counter > 1 ) { // Check that no header is duplicated if (match(v_headersFields[v_counter].type_, v_previousHeaderType)) { log("*** " & testcasename() & ": FAIL: multiple instances of the same header"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } // Check that headers are ordered if (match(v_headersFields[v_counter].type_, integer:(0..v_previousHeaderType))) { log("*** " & testcasename() & ": FAIL: headers are not in the correct order"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } } v_previousHeaderType := enum2int(v_headersFields[v_counter].type_); } // End of 'for' statement log("*** " & testcasename() & ": PASS: correct secured packet received"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // DENM without mandatory fields [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mdw_securedMessage( superset( mw_header_field_its_aid_DENM ) )))) { log("*** " & testcasename() & ": FAIL: Secured DENM doesnt contain required headers"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected DENM not received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); } } // End of 'alt' statement // Postamble f_cancelDenmEvent(v_denmComponent); f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_SND_DENM_02_01_BV /** * @desc Check that secured DENM contains the certificate as a signer_info *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * } * ensure that { * when { * the IUT is requested to send a DENM * } then { * the IUT sends a SecuredMessage * containing header_fields['signer_info'] * containing signer * containing type * indicating 'certificate' * and containing certificate * } * } ** @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_DENM_03_01_BV * @reference ETSI TS 103 097 [1], clause 7.2 */ testcase TC_SEC_ITSS_SND_DENM_03_01_BV() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var GeoNetworkingInd v_geoNwInd; var HeaderFields v_headersFields; var HeaderFieldType v_previousHeaderType; var integer v_counter; var ItsDenm v_denmComponent; // Test control if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); v_denmComponent := f_triggerDenmEvent(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_counter := 0; tc_ac.start; alt { [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mdw_securedMessage_DENMs( mw_header_field_signer_info_certificate ), mw_geoNwAnyPacket_withPayload( ? )))) { if (v_counter < 3) { f_cancelDenmEvent(v_denmComponent); v_counter := v_counter + 1; v_denmComponent := f_triggerDenmEvent(); repeat; } else { tc_ac.stop; log("*** " & testcasename() & ": PASS: DENM signed with certificate"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } } [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mdw_securedMessage_DENMs( )))) { tc_ac.stop; log("*** " & testcasename() & ": FAIL: DENM signed with not a certificate"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected DENM not received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); } } // End of 'alt' statement // Postamble f_cancelDenmEvent(v_denmComponent); f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_SND_DENM_03_01_BV /** * @desc Check that Secured DENM generation time is inside the validity period of the signing certificate * Check that generation time value is realistic *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * } * ensure that { * when { * the IUT is requested to send a DENM * } then { * the IUT sends a SecuredMessage * containing exactly one header_fields['generation_time'] * containing generation_time * indicating TIME_1 (CUR_TIME - 10min <= TIME_1 <= CUR_TIME + 10min) * containing header_fields['signer_info'] * containing signer { * containing type * indicating 'certificate' * containing certificate * containing validity_restrictions['time_end'] * containing end_validity * indicating value > TIME_1 * or containing validity_restrictions['time_start_and_end'] * containing start_validity * indicating value <= GEN_TIME * and containing end_validity * indicating value > GEN_TIME * or containing validity_restrictions['time_start_and_duration'] * containing start_validity (CERT_START_VALIDITY) * indicating value <= GEN_TIME * and containing duration * indicating value > GEN_TIME - CERT_START_VALIDITY * } * } ** @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_DENM_04_01_BV * @reference ETSI TS 103 097 [1], clauses 5.4 and 7.2 */ testcase TC_SEC_ITSS_SND_DENM_04_01_BV() runs on ItsGeoNetworking system ItsSecSystem { // Local variables const integer c_timeLimit := 10 * 60 * 1000000; // us var GeoNetworkingInd v_geoNwInd; var HeaderField v_headerField; var Time64 v_generationTime; var Time64 v_curTime; var Time64 v_startTime, v_endTime, v_duration; var Certificate v_cert; var ItsDenm v_denmComponent; // Test control if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_denmComponent := f_triggerDenmEvent(); tc_ac.start; alt { [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mdw_securedMessage( superset( mw_header_field( e_generation_time ), mw_header_field_signer_info_certificate, mw_header_field_its_aid_DENM ) ), mw_geoNwAnyPacket_withPayload( ? )))) -> value v_geoNwInd { tc_ac.stop; v_curTime := f_getCurrentTime(); v_curTime := v_curTime * 1000; // Time64 is in microseconds log("v_curTime (us)=", v_curTime); if (f_getMsgHeaderField(v_geoNwInd.msgIn.gnPacket.securedMsg, e_generation_time, v_headerField)) { v_generationTime := v_headerField.headerField.generation_time; log("v_generationTime (us) = ", v_generationTime); if (not match(v_generationTime, Time64:(v_curTime-c_timeLimit, v_curTime+c_timeLimit))) { log("*** " & testcasename() & ": FAIL: DENM generation time is not in 10 min range"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } // Check that generation time is inside the certificate validation period if (f_getMsgHeaderField(v_geoNwInd.msgIn.gnPacket.securedMsg, e_signer_info, v_headerField)) { v_cert := v_headerField.headerField.signer.signerInfo.certificate; for (var integer v_counter := 0; v_counter < lengthof(v_cert.validity_restrictions); v_counter := v_counter + 1) { if (v_cert.validity_restrictions[v_counter].type_ == e_time_end) { v_endTime := v_cert.validity_restrictions[v_counter].validity.end_validity * 1000000; if (not match(v_generationTime, Time64:(0 .. v_endTime))){ log("*** " & testcasename() & ": FAIL: DENM generation time is not inside the validity of the certificate"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } } else if (v_cert.validity_restrictions[v_counter].type_ == e_time_start_and_end) { v_endTime := v_cert.validity_restrictions[v_counter].validity.time_start_and_end.end_validity * 1000000; v_startTime := v_cert.validity_restrictions[v_counter].validity.time_start_and_end.start_validity * 1000000; if (not match(v_generationTime, Time64:(v_startTime .. v_endTime))){ log("*** " & testcasename() & ": FAIL: DENM generation time is not inside the validity of the certificate"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } } else if (v_cert.validity_restrictions[v_counter].type_ == e_time_start_and_duration) { v_startTime := v_cert.validity_restrictions[v_counter].validity.time_start_and_duration.start_validity * 1000000; v_duration := f_duration2time(v_cert.validity_restrictions[v_counter].validity.time_start_and_duration.duration_) * 1000000; if (not match(v_generationTime, Time64:(v_startTime .. v_duration))){ log("*** " & testcasename() & ": FAIL: DENM generation time is not inside the validity of the certificate"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } } else { log("*** " & testcasename() & ": FAIL: Mal-formed the certificate"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } } // End of 'for' statement log("*** " & testcasename() & ": PASS: DENM generation time is inside the validity of the certificate"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } } } [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mdw_securedMessage_DENMs( )))) { tc_ac.stop; log("*** " & testcasename() & ": FAIL: Invalid DENM received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected DENM not received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); } } // End of 'alt' statement // Postamble f_cancelDenmEvent(v_denmComponent); f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_SND_DENM_04_01_BV /** * @desc Check that the secured DENM contains exactly one HeaderField generation_location * when AT certificate does not contain any region restrictions *
* Pics Selection: PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION * Config Id: CF01 * with { * the IUT has been authorized with the AT certificate (CERT_IUT_A) * not containing validity_restrictions['region'] * } * ensure that { * when { * the IUT is requested to send DENM * } then { * the IUT sends a SecuredMessage * containing exactly one header_fields ['generation_location'] * containing generation_location * } * } ** @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_DENM_05_01_BV * @reference ETSI TS 103 097 [1], clause 7.2 */ testcase TC_SEC_ITSS_SND_DENM_05_01_BV() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var ItsDenm v_denmComponent; // Test control if (not(PICS_GN_SECURITY) or not(PICS_CERTIFICATE_SELECTION)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION' required for executing the TC ***"); stop; } // Test component configuration // CERT_IUT_A is the default one f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_denmComponent := f_triggerDenmEvent(); tc_ac.start; alt { [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mdw_securedMessage_DENMs( mw_header_field_signer_info_certificate( mw_certificate( ?, ?, ?, superset( mw_validity_restriction_any_valid_region ))))))) { log("*** " & testcasename() & ": INFO: Skip DENM containing region restrictions ***"); repeat; } [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mdw_securedMessage( superset( mw_header_field( e_generation_location ), mw_header_field_signer_info_certificate, mw_header_field_its_aid_DENM ))))) { // The certificate doesn't contain region restrictions because such messages was catched before tc_ac.stop; log("*** " & testcasename() & ": PASS: DENM contains generation location ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mdw_securedMessage_DENMs( mw_header_field_signer_info_certificate )))) { // the message does not contain generation location tc_ac.stop; log("*** " & testcasename() & ": PASS: DENM contains generation location ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mdw_securedMessage_DENMs( )))) { tc_ac.stop; log("*** " & testcasename() & ": FAIL: DENM doesn't contain generation location ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected DENM not received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); } } // End of 'alt' statement // Postamble // Cancel DENM events f_cancelDenmEvent(v_denmComponent); f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_SND_DENM_05_01_BV function f_TC_SEC_ITSS_SND_DENM_05_BV( in template GeographicRegion p_region := ? ) runs on ItsGeoNetworking { // Local variables var GeoNetworkingInd v_geoNwInd; var ItsDenm v_denmComponent; // Trigger DENM v_denmComponent := f_triggerDenmEvent(); tc_ac.start; alt { // DENM contains generation location and certificate with region restrictions [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mdw_securedMessage( superset( mw_header_field( e_generation_location ), mw_header_field_signer_info_certificate( mw_certificate( ?, ?, ?, superset( mw_validity_restriction_region( p_region ) ) ) ), mw_header_field_its_aid_DENM ))))) -> value v_geoNwInd { var ValidityRestriction v_vr; var HeaderField v_hf; tc_ac.stop; // check that generation location is inside the circular region of the certificate if (f_getMsgHeaderField(v_geoNwInd.msgIn.gnPacket.securedMsg, e_generation_location, v_hf) and f_getCertificateValidityRestriction(v_geoNwInd.msgIn.gnPacket.securedMsg.header_fields[0].headerField.signer.signerInfo.certificate, e_region, v_vr) ) { if (f_isLocationInsideRegion(v_vr.validity.region, v_hf.headerField.generation_location)) { log("*** " & testcasename() & ": PASS: DENM contains generation location inside the certificate validity region ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); }else{ log("*** " & testcasename() & ": FAIL: DENM contains generation location outside the certificate validity region ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } } else { log("*** " & testcasename() & ": FAIL: IMPOSSIBLE!!! DENM generation location or certificate region restriction header field does not exist"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } } // DENM signing certificate doesn't contains region restriction [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mdw_securedMessage( superset( mw_header_field_its_aid_DENM, mw_header_field(e_generation_location), mw_header_field_signer_info_certificate( mw_certificate( ?, ?, ?, { } // DENM signing certificate doesn't 'contains region restriction ) ) ))))) { tc_ac.stop; log("*** " & testcasename() & ": INCONC: DENM certificate doesn't contain region restriction"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); } [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mdw_securedMessage_DENMs( )))) { tc_ac.stop; log("*** " & testcasename() & ": FAIL: DENM doesn't contain generation location ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected DENM not received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); } } // End of 'alt' statement f_cancelDenmEvent(v_denmComponent); } // End of function f_TC_SEC_ITSS_SND_DENM_05_BV /** * @desc Check that the secured DENM contains exactly one HeaderField generation_location * which is inside the circular region containing in the validity restriction of the * certificate pointed by the signer_info field *
* Pics Selection: PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_CIRCULAR_REGION * Config Id: CF01 * with { * the IUT has been authorized with the AT certificate (CERT_IUT_B) { * containing validity_restrictions ['region'] { * containing region{ * containing region_type * indicating 'circle' * containing circular_region * indicating REGION * } * } * } * } * ensure that { * when { * the IUT is requested to send a DENM * } then { * the IUT sends a SecuredMessage * containing exactly one header_fields ['generation_location'] * containing generation_location * indicating value inside the REGION * } * } * } ** @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_DENM_05_02_BV * @reference ETSI TS 103 097 [1], clause 7.2 */ testcase TC_SEC_ITSS_SND_DENM_05_02_BV() runs on ItsGeoNetworking system ItsSecSystem { // Local variables // Test control if (not(PICS_GN_SECURITY) or not(PICS_CERTIFICATE_SELECTION) or not(PICS_USE_CIRCULAR_REGION)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_CIRCULAR_REGION' required for executing the TC ***"); stop; } // Test component configuration vc_hashedId8ToBeUsed := cc_iutCert_B; f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body f_TC_SEC_ITSS_SND_DENM_05_BV(mw_geographicRegion_circle); // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_SND_DENM_05_02_BV /** * @desc Check that the secured DENM contains exactly one HeaderField generation_location * which is inside the rectangular region containing in the validity restriction * of the certificate pointed by the signer_info field *
* Pics Selection: PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_RECTANGULAR_REGION * Config Id: CF01 * with { * the IUT has been authorized with the AT certificate (CERT_IUT_C) * containing validity_restrictions ['region'] * containing region * containing region_type * indicating 'rectangle' * containing rectangular_region * indicating REGION * } * ensure that { * when { * the IUT is requested to send a DENM * } then { * the IUT sends a SecuredMessage * containing exactly one header_field ['generation_location'] * containing generation_location * indicating value inside the REGION * } * } ** @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_DENM_05_03_BV * @reference ETSI TS 103 097 [1], clause 7.2 */ testcase TC_SEC_ITSS_SND_DENM_05_03_BV() runs on ItsGeoNetworking system ItsSecSystem { // Local variables // Test control if (not(PICS_GN_SECURITY) or not(PICS_CERTIFICATE_SELECTION) or not(PICS_USE_RECTANGULAR_REGION)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_RECTANGULAR_REGION' required for executing the TC ***"); stop; } // Test component configuration vc_hashedId8ToBeUsed := cc_iutCert_C; f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body f_TC_SEC_ITSS_SND_DENM_05_BV(mw_geographicRegion_rectangular); // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_SND_DENM_05_03_BV /** * @desc Check that the secured DENM contains exactly one HeaderField generation_location * which is inside the polygonal region containing in the validity restriction * of the certificate pointed by the signer_info field *
* Pics Selection: PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_POLYGONAL_REGION * Config Id: CF01 * with { * the IUT has been authorized with the AT certificate (CERT_IUT_D) * containing validity_restrictions ['region'] * containing region * containing region_type * indicating 'polygon' * containing polygonal_region * containing instance of RectangularRegion * indicating REGION * } * ensure that { * when { * the IUT is requested to send a DENM * } then { * the IUT sends a SecuredMessage * containing exactly one header_field ['generation_location'] * containing generation_location * indicating value inside the REGION * } * } ** @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_DENM_05_04_BV * @reference ETSI TS 103 097 [1], clause 7.2 */ testcase TC_SEC_ITSS_SND_DENM_05_04_BV() runs on ItsGeoNetworking system ItsSecSystem { // Local variablesl // Test control if (not(PICS_GN_SECURITY) or not(PICS_CERTIFICATE_SELECTION) or not(PICS_USE_POLYGONAL_REGION)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_POLYGONAL_REGION' required for executing the TC ***"); stop; } // Test component configuration vc_hashedId8ToBeUsed := cc_iutCert_D; f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body f_TC_SEC_ITSS_SND_DENM_05_BV(mw_geographicRegion_polygonal); // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_SND_DENM_05_04_BV /** * @desc Check that the secured DENM contains exactly one HeaderField generation_location * which is inside the identified region containing in the validity restriction * of the certificate pointed by the signer_info field *
* Pics Selection: PICS_GN_SECURITY and PICS_USE_IDENTIFIED_REGION and PICS_CERTIFICATE_SELECTION * Config Id: CF01 * with { * the IUT has been authorized with the AT certificate (CERT_IUT_E) * containing validity_restrictions ['region'] * containing region * containing region_type * indicating 'id_region' * containing identified_region * indicating REGION * } * ensure that { * when { * the IUT is requested to send a DENM * } then { * the IUT sends a SecuredMessage * containing exactly one header_fields ['generation_location'] * containing generation_location * indicating value inside the REGION * } * } ** @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_DENM_05_05_BV * @reference ETSI TS 103 097 [1], clause 7.2 */ testcase TC_SEC_ITSS_SND_DENM_05_05_BV() runs on ItsGeoNetworking system ItsSecSystem { // Local variables // Test control if (not(PICS_GN_SECURITY) or not(PICS_CERTIFICATE_SELECTION) or not(PICS_USE_IDENTIFIED_REGION)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_IDENTIFIED_REGION' required for executing the TC ***"); stop; } // Test component configuration vc_hashedId8ToBeUsed := cc_iutCert_E; f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body f_TC_SEC_ITSS_SND_DENM_05_BV(mw_geographicRegion_identified); // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_SND_DENM_05_05_BV /** * @desc Check that the Secured DENM contains exactly one non-empty payload of type signed *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * } * Expected results: * ensure that { * when { * the IUT is requested to send a DENM * } then { * the IUT sends a SecuredMessage * containing payload_field * containing exactly one element of type Payload * containing type * indicating 'signed' * and containing not-empty data * } * } ** @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_DENM_08_01_BV * @reference ETSI TS 103 097 [1], clause 7.2 */ testcase TC_SEC_ITSS_SND_DENM_08_01_BV() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var ItsDenm v_denmComponent; // Test control if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_denmComponent := f_triggerDenmEvent(); tc_ac.start; alt { [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mdw_securedMessage_DENMs( ?, mw_payload(e_signed) )))) { log("*** " & testcasename() & ": PASS: DENM payload is 'signed'"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mdw_securedMessage_DENMs( ?, mw_payload() )))) { log("*** " & testcasename() & ": FAIL: DENM payload is not 'signed'"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mdw_securedMessage_DENMs ))) { log("*** " & testcasename() & ": FAIL: DENM payload is not exist"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected DENM not received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); } } // End of 'alt' statement // Postamble f_cancelDenmEvent(v_denmComponent); f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_SND_DENM_08_01_BV /** * @desc Check that the secured DENM contains only one TrailerField of type signature. * Check that the signature contained in the SecuredMessage is calculated * over the right fields by cryptographically verifying the signature. *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * } * ensure that { * when { * the IUT is requested to send DENM * } then { * the IUT sends a SecuredMessage * containing header_field ['signer_info'] * containing signer * containing type * indicating 'certificate' * containing certificate * containing subject_info.subject_type * indicating 'authorization_ticket' (2) * and containing subject_attributes['verification key'] (KEY) * containing trailer_fields * containing single instance of type TrailerField * containing type * indicating 'signature' * and containing signature * verifiable using KEY * } * } ** @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_DENM_10_01_BV * @reference ETSI TS 103 097 [1], clause 7.2 */ testcase TC_SEC_ITSS_SND_DENM_10_01_BV() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var GeoNetworkingInd v_geoNwInd; var SignerInfo v_signerInfo; var Certificate v_certificate; var ItsDenm v_denmComponent; // Test control if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Preamble f_prNeighbour(); v_denmComponent := f_triggerDenmEvent(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body tc_ac.start; alt { [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mdw_securedMessage_DENMs( mw_header_field_signer_info_certificate )))) -> value v_geoNwInd { tc_ac.stop; log("*** " & testcasename() & ": INFO: DENM message with certificate received ***"); f_getMsgSignerInfo(v_geoNwInd.msgIn.gnPacket.securedMsg, v_signerInfo); if (f_verifyGnSecuredMessageSignatureWithCertificate(v_geoNwInd.msgIn.gnPacket.securedMsg, v_signerInfo.signerInfo.certificate) == false) { log("*** " & testcasename() & ": FAIL: DENM received with invalide signature"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } } [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mdw_securedMessage_DENMs ))) { log("*** " & testcasename() & ": FAIL: DENM doesn't contain signature"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected DENM not received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); } } // End of 'alt' statement log("*** " & testcasename() & ": PASS: DENM received with correct signature"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); // Postamble f_cancelDenmEvent(v_denmComponent); f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_SND_DENM_10_01_BV } // End of group sendDENMProfile /** * @desc Sending behaviour test cases for DENM profile * @see ETSI TS 103 096-2 V1.2.2 (2016-01) Clause 5.2.6 Generic signed message profile */ group sendOtherProfile { /** * @desc Check that the secured message contains of type signed *
* Pics Selection: PICS_GN_SECURITY and PICS_ITS_AID_OTHER_PROFILE * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * } * Expected results: * ensure that { * when { * the IUT is requested to send a Beacon * } then { * the IUT sends a SecuredMessage { * containing header_field ['its_aid'] * containing its_aid * indicating 'AID_BEACON' * } * } * } ** @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_GENMSG_06_01_BV * @reference ETSI TS 103 097 [1], clause 5.4 */ testcase TC_SEC_ITSS_SND_GENMSG_01_01_BV() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var LongPosVector v_longPosVectorIut; // Test adapter configuration if (not(PICS_GN_SECURITY) or not(PICS_ITS_AID_OTHER_PROFILE)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_ITS_AID_OTHER_PROFILE' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); v_longPosVectorIut := f_getPosition(c_compIut); // Test adapter configuration // Preamble f_prNeighbour(); f_acTriggerEvent(m_startPassBeaconing(m_beaconHeader(v_longPosVectorIut).beaconHeader)); // Authorize the TA to forward the received beacons f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body tc_ac.start; alt { [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mdw_securedMessage( superset( ?, ?, mw_header_field_its_aid_Other ) ), ? ))) { tc_ac.stop; log("*** " & testcasename() & ": PASS: 'its_aid' is neither set to 'AID_CAM' nor 'AID_DENM'"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected Message not received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); } } // End of 'alt' statement // Postamble f_acTriggerEvent(m_stopPassBeaconing); f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_SND_GENMSG_01_01_BV /** * @desc Check that the generic secured message contains exactly one element of these header fields: * signer_info, generation_time, generation_location. * Check that the header fields are in the ascending order according to the numbering of the enumeration * except of the signer_info, which is encoded first. *
* Pics Selection: PICS_GN_SECURITY and PICS_ITS_AID_OTHER_PROFILE * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * } * Expected Results: * ensure that { * when { * the IUT is requested to send a Beacon * } then { * the IUT sends a SecuredMessage * containing header_fields [0].type * indicating 'signer_info' * and containing header_fields [1..n] * where header_fields [v_counter].type < header_fields [v_counter + 1].type * and containing header_fields ['generation_time'] * and containing header_fields ['generation_location'] * and containing header_field ['its_aid'] * } * } * } ** @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_GENMSG_02_01_BV * @reference ETSI TS 103 097 [1], clause 7.3 */ testcase TC_SEC_ITSS_SND_GENMSG_02_01_BV() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var LongPosVector v_longPosVectorIut; var GeoNetworkingInd v_geoNwInd; var HeaderFields v_headersFields; var HeaderFieldType v_previousHeaderType; var integer v_counter; // Test control if (not(PICS_GN_SECURITY) or not(PICS_ITS_AID_OTHER_PROFILE)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_ITS_AID_OTHER_PROFILE' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); v_longPosVectorIut := f_getPosition(c_compIut); // Test adapter configuration // Preamble f_prNeighbour(); f_acTriggerEvent(m_startPassBeaconing(m_beaconHeader(v_longPosVectorIut).beaconHeader)); // Authorize the TA to forward the received beacons f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body tc_ac.start; alt { [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mdw_securedMessage( superset( mw_header_field(e_generation_time), mw_header_field(e_generation_location), mw_header_field_its_aid_Other ) ), mw_geoNwBeaconPacket( ? )))) -> value v_geoNwInd { tc_ac.stop; // Process header fields manually v_headersFields := valueof(v_geoNwInd.msgIn.gnPacket.securedMsg.header_fields); // Check that signerInfo is first header if (lengthof(v_headersFields) < 1 or not match(v_headersFields[0].type_, e_signer_info)) { log("*** " & testcasename() & ": FAIL: SignerInfo is not first header"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } for (v_counter := 1; v_counter < lengthof(v_headersFields); v_counter := v_counter + 1) { // Check that no header is duplicated if (match(v_headersFields[v_counter].type_, e_signer_info)) { log("*** " & testcasename() & ": FAIL: multiple instances of signer_info"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } if (v_counter > 1) { // Check that headers are ordered if (v_headersFields[v_counter].type_ == v_previousHeaderType) { log("*** " & testcasename() & ": FAIL: multiple instances of same Header"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } if (v_headersFields[v_counter].type_ < v_previousHeaderType) { log("*** " & testcasename() & ": FAIL: headers not in correct order"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } } v_previousHeaderType := v_headersFields[v_counter].type_; } // End of 'for' statement log("*** " & testcasename() & ": PASS: correct secured packet received"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected DENM not received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); } } // End of 'alt' statement // Postamble f_acTriggerEvent(m_stopPassBeaconing); f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_SND_GENMSG_02_01_BV /** * @desc Check that generic secured message contains the certificate as a signer_info *
* Pics Selection: PICS_GN_SECURITY and PICS_ITS_AID_OTHER_PROFILE * Config Id: CF01 * Initial Conditions: * with { * the IUT being in the 'authorized' state * } * Expected Behaviour * ensure that { * when { * the IUT is requested to send a Beacon * } then { * the IUT sends a SecuredMessage * containing exactly one header_fields ['signer_info'] * containing signer * containing type * indicating 'certificate' * and containing certificate * } * } * ** @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_GENMSG_03_01_BV * @reference ETSI TS 103 097 [1], clause 7.3 */ testcase TC_SEC_ITSS_SND_GENMSG_03_01_BV() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var LongPosVector v_longPosVectorIut; // Test control if (not(PICS_GN_SECURITY) or not(PICS_ITS_AID_OTHER_PROFILE)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_ITS_AID_OTHER_PROFILE' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); v_longPosVectorIut := f_getPosition(c_compIut); // Test adapter configuration // Preamble f_prNeighbour(); f_acTriggerEvent(m_startPassBeaconing(m_beaconHeader(v_longPosVectorIut).beaconHeader)); // Authorize the TA to forward the received beacons f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body tc_ac.start; alt { [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mdw_securedMessage_Others( mw_header_field_signer_info_certificate ), mw_geoNwBeaconPacket( ? )))) { tc_ac.stop; log("*** " & testcasename() & ": PASS: Beacon signed with certificate ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mdw_securedMessage_Others( mw_header_field( e_signer_info ) ), mw_geoNwBeaconPacket( ? )))) { log("*** " & testcasename() & ": INFO: Beacon signed with digest ***"); repeat; } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected Beacon not received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); } } // End of 'alt' statement // Postamble f_acTriggerEvent(m_stopPassBeaconing); f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_SND_GENMSG_03_01_BV /** * @desc Check that message generation time is inside the validity period of the signing certificate * Check that message generation time value is realistic *
* Pics Selection: PICS_GN_SECURITY and PICS_ITS_AID_OTHER_PROFILE * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * } * Expected behaviour: * ensure that { * when { * the IUT is requested to send a Beacon * } then { * the IUT sends a SecuredMessage * containing exactly one header_fields['generation_time'] * containing generation_time * indicating TIME_1 (CUR_TIME - 10min <= TIME_1 <= CUR_TIME + 10min) * containing header_fields['signer_info'] * containing signer * containing type * indicating 'certificate' * containing certificate * containing validity_restrictions['time_end'] containing end_validity indicating value > GEN_TIME * and containing validity_restrictions['time_start_and_end'] * containing start_validity * indicating value <= TIME_1 * and containing end_validity * indicating value > TIME_1 * or containing validity_restrictions['time_start_and_duration'] * containing start_validity (CERT_START_VALIDITY) * indicating value <= GEN_TIME * and containing duration * indicating value > GEN_TIME - CERT_START_VALIDITY * } * } ** @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_GENMSG_04_01_BV * @reference ETSI TS 103 097 [1], clauses 5.4 and 7.3 */ testcase TC_SEC_ITSS_SND_GENMSG_04_01_BV() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var LongPosVector v_longPosVectorIut; var GeoNetworkingInd v_geoNwInd; var HeaderField v_headerField; var Time64 v_generationTime; var Time64 v_curTime; var Time64 v_startTime, v_endTime, v_duration; var Certificate v_cert; var integer v_counter; // Test control if (not(PICS_GN_SECURITY) or not(PICS_ITS_AID_OTHER_PROFILE)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_ITS_AID_OTHER_PROFILE' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); v_longPosVectorIut := f_getPosition(c_compIut); // Test adapter configuration // Preamble f_prNeighbour(); f_acTriggerEvent(m_startPassBeaconing(m_beaconHeader(v_longPosVectorIut).beaconHeader)); // Authorize the TA to forward the received beacons f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body tc_ac.start; alt { [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mdw_securedMessage( superset( mw_header_field( e_generation_time ), mw_header_field_signer_info_certificate, mw_header_field_its_aid_Other ) ), mw_geoNwBeaconPacket( ? ) ) )) -> value v_geoNwInd { const integer c_deltaTime := 2 * 3600 * 1000000; // Two hours, in microsecoonds tc_ac.stop; v_curTime := f_getCurrentTime(); v_curTime := v_curTime * 1000; // Clause 4.2.16 Time64: is in microseconds if ( f_getMsgHeaderField( v_geoNwInd.msgIn.gnPacket.securedMsg, e_generation_time, v_headerField )) { v_generationTime := v_headerField.headerField.generation_time; log("v_generationTime=", v_generationTime); log("v_curTime=", v_curTime); log("v_curTime - c_deltaTime=", v_curTime - c_deltaTime); if (v_generationTime < (v_curTime - c_deltaTime)) { log("*** " & testcasename() & ": FAIL: Beacon generation time is too far in the past"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } if (v_generationTime > (v_curTime + c_deltaTime)) { log("*** " & testcasename() & ": FAIL: Beacon generation time is too far in the future"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } // Check that generation time is inside the certificate validation period if ( f_getMsgHeaderField( v_geoNwInd.msgIn.gnPacket.securedMsg, e_signer_info, v_headerField )) { v_cert := v_headerField.headerField.signer.signerInfo.certificate; for (v_counter := 0; v_counter < lengthof(v_cert.validity_restrictions); v_counter := v_counter + 1) { if (v_cert.validity_restrictions[v_counter].type_ == e_time_end) { v_endTime := v_cert.validity_restrictions[v_counter].validity.end_validity * 1000000; if (v_generationTime > v_endTime ) { log("*** " & testcasename() & ": FAIL: Beacon generation time is not inside the validity of the certificate"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } } if (v_cert.validity_restrictions[v_counter].type_ == e_time_end) { v_endTime := v_cert.validity_restrictions[v_counter].validity.end_validity * 1000000; if (v_generationTime > v_endTime ) { log("*** " & testcasename() & ": FAIL: Beacon generation time is not inside the validity of the certificate"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } } else if (v_cert.validity_restrictions[v_counter].type_ == e_time_start_and_end) { v_endTime := v_cert.validity_restrictions[v_counter].validity.time_start_and_end.end_validity * 1000000; v_startTime := v_cert.validity_restrictions[v_counter].validity.time_start_and_end.start_validity * 1000000; if (v_generationTime < v_startTime or v_generationTime > v_endTime ) { log("*** " & testcasename() & ": FAIL: Beacon generation time is not inside the validity of the certificate"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } } else if (v_cert.validity_restrictions[v_counter].type_ == e_time_start_and_duration) { v_startTime := v_cert.validity_restrictions[v_counter].validity.time_start_and_duration.start_validity * 1000000; v_duration := f_duration2time(v_cert.validity_restrictions[v_counter].validity.time_start_and_duration.duration_) * 1000000; if (v_generationTime < v_startTime or (v_startTime + v_duration) > v_endTime ) { log("*** " & testcasename() & ": FAIL: Beacon generation time is not inside the validity of the certificate"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } } else { log("*** " & testcasename() & ": FAIL: Mal-formed the certificate"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } } // End of 'for' statement log("*** " & testcasename() & ": PASS: Beacon generation time is inside the validity of the certificate"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } else { log("*** " & testcasename() & ": INCONC: DENM signer info is not available"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } } } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected Beacon not received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); } } // End of 'alt' statement // Postamble f_acTriggerEvent(m_stopPassBeaconing); f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_SND_GENMSG_04_01_BV /** * @desc Check that the secured GN Beacon contains exactly one HeaderField generation_location * when AT certificate does not contain any region restrictions *
* Pics Selection: PICS_GN_SECURITY and PICS_ITS_AID_OTHER_PROFILE and PICS_CERTIFICATE_SELECTION * Config Id: CF01 * with { * the IUT has been authorized with the AT certificate (CERT_IUT_A) * not containing validity_restrictions['region'] * } * ensure that { * when { * the IUT is requested to send a Beacon * } then { * the IUT sends a SecuredMessage * containing exactly one header_fields ['generation_location'] * containing generation_location * } * } ** @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_GENMSG_05_01_BV * @reference ETSI TS 103 097 [1], clause 7.3 */ testcase TC_SEC_ITSS_SND_GENMSG_05_01_BV() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var LongPosVector v_longPosVectorIut; // Test control if (not(PICS_GN_SECURITY) or not(PICS_ITS_AID_OTHER_PROFILE) or not(PICS_CERTIFICATE_SELECTION)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_ITS_AID_OTHER_PROFILE and PICS_CERTIFICATE_SELECTION' required for executing the TC ***"); stop; } // Test component configuration // CERT_IUT_A is the default one f_cf01Up(); v_longPosVectorIut := f_getPosition(c_compIut); // Test adapter configuration // Preamble f_prNeighbour(); f_acTriggerEvent(m_startPassBeaconing(m_beaconHeader(v_longPosVectorIut).beaconHeader)); // Authorize the TA to forward the received beacons f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body tc_ac.start; alt { [] geoNetworkingPort.receive( mw_geoNwInd(mw_geoNwSecPdu( mdw_securedMessage_Others( mw_header_field_signer_info_certificate( mw_certificate( ?, ?, ?, superset( mw_validity_restriction_any_valid_region ))))))) { log("*** " & testcasename() & ": INFO: Skip DENM containing region restrictions ***"); repeat; } [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mdw_securedMessage( superset( mw_header_field( e_generation_location ), mw_header_field_signer_info_certificate, complement( mw_header_field_its_aid_CAM, mw_header_field_its_aid_DENM ) ))))) { // The certificate doesn't contain region restrictions because such messages was catched before tc_ac.stop; log("*** " & testcasename() & ": PASS: DENM contains generation location ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mdw_securedMessage_Others( mw_header_field_signer_info_certificate )))) { // The message does not contain generation location tc_ac.stop; log("*** " & testcasename() & ": PASS: DENM contains generation location ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected DENM not received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); } } // End of 'alt' statement // Postamble f_acTriggerEvent(m_stopPassBeaconing); f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_SND_GENMSG_05_01_BV /** * @desc Check that the secured GN Beacon contains exactly one HeaderField generation_location * which is inside the circular region containing in the validity restriction of the * certificate pointed by the signer_info field *
* Pics Selection: PICS_GN_SECURITY and PICS_ITS_AID_OTHER_PROFILE and PICS_CERTIFICATE_SELECTION and PICS_USE_CIRCULAR_REGION * Config Id: CF01 * with { * the IUT has been authorized with the AT certificate (CERT_IUT_B) * containing validity_restrictions['region'] * containing region * containing region_type * indicating 'circle' * and containing circular_region * indicating REGION * } * ensure that { * when { * the IUT is requested to send a GN Beacon * } then { * the IUT sends a SecuredMessage * containing exactly one header_fields['generation_location'] * containing generation_location * indicating value inside the REGION * } * } ** @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_GENMSG_05_02_BV * @reference ETSI TS 103 097 [1], clause 7.3 */ testcase TC_SEC_ITSS_SND_GENMSG_05_02_BV() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var LongPosVector v_longPosVectorIut; // Test control if (not(PICS_GN_SECURITY) or not(PICS_ITS_AID_OTHER_PROFILE) or not(PICS_CERTIFICATE_SELECTION) or not(PICS_USE_CIRCULAR_REGION)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_ITS_AID_OTHER_PROFILE and PICS_USE_CIRCULAR_REGION' required for executing the TC ***"); stop; } // Test component configuration vc_hashedId8ToBeUsed := cc_iutCert_B; f_cf01Up(); v_longPosVectorIut := f_getPosition(c_compIut); // Test adapter configuration // Preamble f_prNeighbour(); f_acTriggerEvent(m_startPassBeaconing(m_beaconHeader(v_longPosVectorIut).beaconHeader)); // Authorize the TA to forward the received beacons f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body f_TC_SEC_ITSS_SND_GENMSG_05_BV(mw_geographicRegion_circle); // Postamble f_acTriggerEvent(m_stopPassBeaconing); f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_SND_GENMSG_05_02_BV /** * @desc Check that the secured GN Beacon contains exactly one HeaderField generation_location * which is inside the rectangular region containing in the validity restriction * of the certificate pointed by the signer_info field *
* Pics Selection: PICS_GN_SECURITY and PICS_ITS_AID_OTHER_PROFILE and PICS_CERTIFICATE_SELECTION and PICS_USE_RECTANGULAR_REGION * Config Id: CF01 * with { * the IUT has been authorized with the AT certificate (CERT_IUT_C) * containing validity_restrictions ['region'] * containing region * containing region_type * indicating 'rectangle' * containing rectangular_region * indicating REGION * } * ensure that { * when { * the IUT is requested to send a DENM * } then { * the IUT sends a SecuredMessage * containing exactly one header_fields ['generation_location'] * containing generation_location * containing instance of RectangularRegion * indicating value inside the REGION * } * } ** @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_GENMSG_05_03_BV * @reference ETSI TS 103 097 [1], clause 7.3 */ testcase TC_SEC_ITSS_SND_GENMSG_05_03_BV() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var LongPosVector v_longPosVectorIut; // Test adapter configuration if (not(PICS_GN_SECURITY) or not(PICS_ITS_AID_OTHER_PROFILE) or not(PICS_CERTIFICATE_SELECTION) or not(PICS_USE_RECTANGULAR_REGION)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_ITS_AID_OTHER_PROFILE and PICS_USE_RECTANGULAR_REGION' required for executing the TC ***"); stop; } // Test component configuration vc_hashedId8ToBeUsed := cc_iutCert_C; // Load IUT certificate CERT_IUT_C f_cf01Up(); v_longPosVectorIut := f_getPosition(c_compIut); // Test adapter configuration // Preamble f_prNeighbour(); f_acTriggerEvent(m_startPassBeaconing(m_beaconHeader(v_longPosVectorIut).beaconHeader)); // Authorize the TA to forward the received beacons f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body f_TC_SEC_ITSS_SND_GENMSG_05_BV(mw_geographicRegion_rectangular); // Postamble f_acTriggerEvent(m_stopPassBeaconing); f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_SND_GENMSG_05_03_BV /** * @desc Check that the secured GN Message contains exactly one HeaderField generation_location * which is inside the polygonal region containing in the validity restriction * of the certificate pointed by the signer_info field *
* Pics Selection: PICS_GN_SECURITY and PICS_ITS_AID_OTHER_PROFILE and PICS_CERTIFICATE_SELECTION and PICS_USE_POLYGONAL_REGION * Config Id: CF01 * with { * the IUT has been authorized with the AT certificate (CERT_AT_D) * containing validity_restrictions ['region'] * containing region * containing region_type * indicating 'polygon' * containing polygonal_region * indicating REGION * } * ensure that { * when { * the IUT is requested to send a Beacon * } then { * the IUT sends a SecuredMessage * containing exactly one header_fields ['generation_location'] * containing generation_location * indicating value inside the REGION * } * } ** @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_GENMSG_05_04_BV * @reference ETSI TS 103 097 [1], clause 7.3 */ testcase TC_SEC_ITSS_SND_GENMSG_05_04_BV() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var LongPosVector v_longPosVectorIut; // Test adapter configuration if (not(PICS_GN_SECURITY) or not(PICS_ITS_AID_OTHER_PROFILE) or not(PICS_CERTIFICATE_SELECTION) or not(PICS_USE_POLYGONAL_REGION)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_ITS_AID_OTHER_PROFILE and PICS_USE_POLYGONAL_REGION' required for executing the TC ***"); stop; } // Test component configuration vc_hashedId8ToBeUsed := cc_iutCert_D; // Load IUT certificate CERT_IUT_D f_cf01Up(); v_longPosVectorIut := f_getPosition(c_compIut); // Test adapter configuration // Preamble f_prNeighbour(); f_acTriggerEvent(m_startPassBeaconing(m_beaconHeader(v_longPosVectorIut).beaconHeader)); // Authorize the TA to forward the received beacons f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body f_TC_SEC_ITSS_SND_GENMSG_05_BV(mw_geographicRegion_polygonal); // Postamble f_acTriggerEvent(m_stopPassBeaconing); f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_SND_GENMSG_05_04_BV /** * @desc Check that the secured GN Message contains exactly one HeaderField generation_location * which is inside the identified region containing in the validity restriction * of the certificate pointed by the signer_info field *
* Pics Selection: PICS_GN_SECURITY and PICS_ITS_AID_OTHER_PROFILE and PICS_USE_IDENTIFIED_REGION and PICS_CERTIFICATE_SELECTION * Config Id: CF01 * with { * the IUT has been authorized with the AT certificate (CERT_IUT_E) * containing validity_restrictions ['region'] * containing region * containing region_type * indicating 'id_region' * containing identified_region * indicating REGION * } * ensure that { * when { * the IUT is requested to send a Beacon * } then { * the IUT sends a SecuredMessage * containing exactly one header_fields ['generation_location'] * containing generation_location * indicating value inside the REGION * } * } ** @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_GENMSG_05_05_BV * @reference ETSI TS 103 097 [1], clause 7.3 */ testcase TC_SEC_ITSS_SND_GENMSG_05_05_BV() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var LongPosVector v_longPosVectorIut; // Test adapter configuration if (not(PICS_GN_SECURITY) or not(PICS_ITS_AID_OTHER_PROFILE) or not(PICS_CERTIFICATE_SELECTION) or not(PICS_USE_IDENTIFIED_REGION)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_ITS_AID_OTHER_PROFILE and PICS_USE_IDENTIFIED_REGION' required for executing the TC ***"); stop; } // Test component configuration vc_hashedId8ToBeUsed := cc_iutCert_E; // Load IUT certificate CERT_IUT_E f_cf01Up(); v_longPosVectorIut := f_getPosition(c_compIut); // Test adapter configuration // Preamble f_prNeighbour(); f_acTriggerEvent(m_startPassBeaconing(m_beaconHeader(v_longPosVectorIut).beaconHeader)); // Authorize the TA to forward the received beacons f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body f_TC_SEC_ITSS_SND_GENMSG_05_BV(mw_geographicRegion_identified); // Postamble f_acTriggerEvent(m_stopPassBeaconing); f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_SND_GENMSG_05_05_BV /** * @desc Check that the secured GN Message contains exactly one HeaderField generation_location * which is inside the certificate pointed by the signer_info field *
* Pics Selection: PICS_GN_SECURITY and PICS_ITS_AID_OTHER_PROFILE and not PICS_CERTIFICATE_SELECTION * Config Id: CF01 * with { * the IUT being in the 'authorized' state * } * ensure that { * when { * the IUT is requested to send a Beacon * } then { * the IUT sends a SecuredMessage * containing header_fields['signed_info'].certificate * containing validity_restrictions ['region'] * containing region.region_type * indicating 'circle' * containing region.circular_region * indicating REGION * or containing region.region_type * indicating 'rectangle' * containing region.rectangular_region * containing array of rectangles * indicating REGION * or containing region.region_type * indicating 'polygonal' * containing region.polygonal_region * indicating REGION * or containing region.region_type * indicating 'id_region' * containing region.circular_region * indicating REGION * and containing exactly one header_fields['generation_location'] * containing generation_location * indicating location inside the REGION * } * } ** @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_GENMSG_05_06_BV * @reference ETSI TS 103 097 [1], clause 7.3 */ testcase TC_SEC_ITSS_SND_GENMSG_05_06_BV() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var LongPosVector v_longPosVectorIut; // Test adapter configuration if (not(PICS_GN_SECURITY) or not(PICS_ITS_AID_OTHER_PROFILE) or PICS_CERTIFICATE_SELECTION) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_ITS_AID_OTHER_PROFILE and not PICS_CERTIFICATE_SELECTION' required for executing the TC ***"); stop; } // Test component configuration vc_hashedId8ToBeUsed := cc_iutCert_B; // Load IUT certificate CERT_IUT_B f_cf01Up(); v_longPosVectorIut := f_getPosition(c_compIut); // Test adapter configuration // Preamble f_prNeighbour(); f_acTriggerEvent(m_startPassBeaconing(m_beaconHeader(v_longPosVectorIut).beaconHeader)); // Authorize the TA to forward the received beacons f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body f_TC_SEC_ITSS_SND_GENMSG_05_BV(); // any type of regions // Postamble f_acTriggerEvent(m_stopPassBeaconing); f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_SND_GENMSG_05_06_BV group f_TC_SEC_ITSS_SND_GENMSG_05_xx { function f_TC_SEC_ITSS_SND_GENMSG_05_BV( in template (present) GeographicRegion p_region := ? ) runs on ItsGeoNetworking { // Local variables var GeoNetworkingInd v_geoNwInd; tc_ac.start; alt { // GN message must contain generation location and the certificate with region restrictions [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mdw_securedMessage( superset( mw_header_field(e_generation_location), mw_header_field_signer_info_certificate( mw_certificate( ?, ?, ?, superset( mw_validity_restriction_region( p_region ))))))))) -> value v_geoNwInd { var ValidityRestriction v_vr; var HeaderField v_hf; tc_ac.stop; // Check that generation location if ( f_getMsgHeaderField(v_geoNwInd.msgIn.gnPacket.securedMsg, e_generation_location, v_hf) and f_getCertificateValidityRestriction(v_geoNwInd.msgIn.gnPacket.securedMsg.header_fields[0].headerField.signer.signerInfo.certificate, e_region, v_vr) ) { if (f_isLocationInsideRegion(v_vr.validity.region, v_hf.headerField.generation_location)) { log("*** " & testcasename() & ": PASS: DENM contains generation location inside the certificate validity region ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } else { log("v_vr.validity.region=", v_vr.validity.region); log("v_hf.headerField.generation_location=", v_hf.headerField.generation_location); log("*** " & testcasename() & ": FAIL: Invalid location"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } } else { log("*** " & testcasename() & ": FAIL: IMPOSSIBLE!!! DENM generation location or certificate region restriction header field does not exist"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } } // GN message doesn't contain generation location [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mdw_securedMessage_Others ))) -> value v_geoNwInd { var HeaderField v_hf; tc_ac.stop; // Check that generation location is not present f_getMsgHeaderField(v_geoNwInd.msgIn.gnPacket.securedMsg, e_generation_location, v_hf); if (not isbound(v_hf)) { log("*** " & testcasename() & ": FAIL: DENM doesn't contain generation location header"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } } // GN signing certificate doesn't contains region restriction [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mdw_securedMessage_Others( mw_header_field_signer_info_certificate( mw_certificate( ?, ?, ?, { } // GN signing certificate doesn't contains region restriction )))))) { tc_ac.stop; log("*** " & testcasename() & ": INCONC: DENM certificate doesn't contain region restriction"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected DENM not received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); } } // End of 'alt' statement } // End of function f_TC_SEC_ITSS_SND_GENMSG_05_BV } // End of group f_TC_SEC_ITSS_SND_GENMSG_05_xx /** * @desc Check that the secured message contains of type signed, signed_external or signed_and_encrypted *
* Pics Selection: PICS_GN_SECURITY and PICS_ITS_AID_OTHER_PROFILE * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * } * Expected results: * ensure that { * when { * the IUT is requested to send a Beacon * } then { * the IUT sends a SecuredMessage { * containing payload_fields * containing exactly one element of type Payload * containing type * indicating 'signed' or 'signed_external' or 'signed_and_encrypted' * } ** @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_GENMSG_06_01_BV * @reference ETSI TS 103 097 [1], clause 7.3 */ testcase TC_SEC_ITSS_SND_GENMSG_06_01_BV() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var LongPosVector v_longPosVectorIut; // Test adapter configuration if (not(PICS_GN_SECURITY) or not(PICS_ITS_AID_OTHER_PROFILE)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_ITS_AID_OTHER_PROFILE' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); v_longPosVectorIut := f_getPosition(c_compIut); // Test adapter configuration // Preamble f_prNeighbour(); f_acTriggerEvent(m_startPassBeaconing(m_beaconHeader(v_longPosVectorIut).beaconHeader)); // Authorize the TA to forward the received beacons f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body tc_ac.start; alt { [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mdw_securedMessage_Others( ?, mw_payload( e_signed ) ), mw_geoNwBeaconPacket( ? )))) { log("*** " & testcasename() & ": PASS: Beacon payload is 'signed'"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mdw_securedMessage_Others( ?, mw_payload( e_signed_external ) ), mw_geoNwBeaconPacket( ? )))) { log("*** " & testcasename() & ": PASS: Beacon payload is 'e_signed_external'"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mdw_securedMessage_Others( ?, mw_payload( e_signed_and_encrypted ) ), mw_geoNwBeaconPacket( ? )))) { log("*** " & testcasename() & ": PASS: Beacon payload is 'e_signed_and_encrypted'"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mdw_securedMessage_Others( ?, mw_payload ), mw_geoNwBeaconPacket( ? )))) { log("*** " & testcasename() & ": FAIL: Beacon payload is not signed, signed_external or signed_and_encrypted"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected Message not received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); } } // End of 'alt' statement // Postamble f_acTriggerEvent(m_stopPassBeaconing); f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_SND_GENMSG_06_01_BV /** * @desc Check that the secured GN Message contains only one TrailerField of type signature ; * Check that the signature contained in the SecuredMessage is calculated over the right fields by * cryptographically verifying the signature *
* Pics Selection: PICS_GN_SECURITY and PICS_ITS_AID_OTHER_PROFILE * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * } * ensure that { * when { * the IUT is requested to send Beacon * } then { * the IUT sends a SecuredMessage * containing header_fields ['signer_info'] * containing signer * containing type * indicating 'certificate' * and containing certificate * indicating CERT * and containing trailer_fields['signature'] * containing signature * verifiable using CERT.subject_attributes['verification_key'] * } * } ** @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_GENMSG_07_01_BV * @reference ETSI TS 103 097 [1], clause 7.3 */ testcase TC_SEC_ITSS_SND_GENMSG_07_01_BV() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var LongPosVector v_longPosVectorIut; var GeoNetworkingInd v_geoNwInd; var SignerInfo v_signerInfo; // Test adapter configuration if (not(PICS_GN_SECURITY) or not(PICS_ITS_AID_OTHER_PROFILE)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_ITS_AID_OTHER_PROFILE' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); v_longPosVectorIut := f_getPosition(c_compIut); // Test adapter configuration // Preamble f_prNeighbour(); f_acTriggerEvent(m_startPassBeaconing(m_beaconHeader(v_longPosVectorIut).beaconHeader)); // Authorize the TA to forward the received beacons f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body tc_ac.start; alt { [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mdw_securedMessage_Others( mw_header_field_signer_info_certificate )))) -> value v_geoNwInd { tc_ac.stop; log("*** " & testcasename() & ": INFO: Beacon message with certificate received ***"); f_getMsgSignerInfo(v_geoNwInd.msgIn.gnPacket.securedMsg, v_signerInfo); if (f_verifyGnSecuredMessageSignatureWithCertificate(v_geoNwInd.msgIn.gnPacket.securedMsg, v_signerInfo.signerInfo.certificate) == false) { log("*** " & testcasename() & ": FAIL: Beacon received with invalide signature"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } } [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mdw_securedMessage_Others ))) { tc_ac.stop; log("*** " & testcasename() & ": FAIL: Beacon message without certificate received"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected GN Message not received"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); } } // End of 'alt' statement log("*** " & testcasename() & ": PASS: GN Message received with correct signature"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); // Postamble f_acTriggerEvent(m_stopPassBeaconing); f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_SND_DENM_07_01_BV } // End of group sendOtherProfile /** * @desc Sending behaviour test cases for certificates profile * @see ETSI TS 103 096-2 V1.2.2 (2016-01) Clause 5.2.7 Profiles for certificates */ group sendCertificatesProfile { /** * @desc Check that AT certificate has version 2 *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * the IUT being requested to include certificate in the next CAM * } * Expected Behaviour: * ensure that { * when { * the IUT is requested to send a CAM * } then { * the IUT sends a SecuredMessage * containing header_fields['signer_info'].signer * containing type * indicating certificate * containing certificate * containing version * indicating '2' * } * } ** @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_01_01_BV * @reference ETSI TS 103 097 [1], clauses 6.1 and 7.4.1 */ testcase TC_SEC_ITSS_SND_CERT_01_01_BV() runs on ItsGeoNetworking system ItsSecSystem { // Local variables // Test control if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body tc_ac.start; alt { [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mdw_securedMessage( superset( mw_header_field_signer_info_certificate( mw_certificate( ))))))) { tc_ac.stop; log("*** " & testcasename() & ": PASS: AT Certificate version set to " & int2char(c_certificate_version) & " ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mdw_securedMessage( superset( mw_header_field_signer_info_certificate( ? )))))) { tc_ac.stop; log("*** " & testcasename() & ": FAIL: AT Certificate version mismatch ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected message not received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); } } // End of 'alt' statement // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_SND_CERT_01_01_BV /** * @desc Check that AA certificate has version 2 *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * the IUT being requested to include certificate chain in the next CAM * } * Expected Behaviour: * ensure that { * when { * the IUT is requested to send a CAM * } then { * the IUT sends a SecuredMessage * containing header_fields['signer_info'].signer * containing type * indicating 'certificate_chain' * and containing certificates * indicating length > 0 * and containing certificates[n] (0..N) * containing version * indicating '2' * } * } ** @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_01_02_BV * @reference ETSI TS 103 097 [1], clauses 6.1 and 7.4.1 */ testcase TC_SEC_ITSS_SND_CERT_01_02_BV() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var SecuredMessage v_recv; var Certificate v_cert; var SignerInfo v_si; var HashedId8 v_digest; // Test control if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); // Wait for the message with the certificate to retrieve the AA digest. // Ask for the chain, containing AT and AA certificate // Check AA Certificate log("*** " & testcasename() & ": INFO: Wait for certificate and ask for certificate chain ***"); tc_ac.start; f_askForCertificateChain(f_generateDefaultCam()); tc_ac.stop; f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body tc_ac.start; alt { [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mdw_securedMessage( superset( mw_header_field_signer_info_certificate_chain( superset( mw_aa_certificate ))))))) { tc_ac.stop; log("*** " & testcasename() & ": PASS: AA certificate version set to " & int2char(c_certificate_version) & " ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mdw_securedMessage( superset( mw_header_field_signer_info_certificate_chain ))))) { tc_ac.stop; log("*** " & testcasename() & ": FAIL: AA certificate version mismatch or no AA cert received***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected message not received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); } } // End of 'alt' statement // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_SND_CERT_01_02_BV /** * @desc Check that the references in the certificate chain are valid * Check that signer_info type of all certificates in the chain are 'certificate_digest_with_sha256', * 'certificate_digest_with_other_algorithm' or 'self' *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * the IUT being requested to include certificate chain in the next CAM * } ensure that { * when { * the IUT is requested to send a CAM * } then { * the IUT sends a SecuredMessage * containing header_fields['signer_info'].signer * containing type * indicating 'certificate_chain' * and containing certificates * indicating length > 0 * and containing certificates[0] * containing signer_info * containing type * indicating 'certificate_digest_with_sha256' * or indicating 'certificate_digest_with_other_algorythm' * and containing digest * referenced to the trusted certificate * or containing signer_info * containing type * indicating 'self' * and containing certificates[n] (1..N) * containing signer_info * containing type * indicating 'certificate_digest_with_sha256' * or indicating 'certificate_digest_with_other_algorythm' * and containing digest * referenced to the certificates[n-1] * } ** @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_02_01_BV * @reference ETSI TS 103 097 [1], clause 4.2.10, 6.1 and 7.4.1 */ testcase TC_SEC_ITSS_SND_CERT_02_01_BV() runs on ItsGeoNetworking system ItsSecSystem { // Local declarations var CertificateChain v_chain; var SignerInfo v_si; var HashedId8 v_digest; // Test control if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain ***"); tc_ac.start; if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) { log("*** " & testcasename() & ": INCONC: Expected message not received ***"); f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout); } tc_ac.stop; // Test Body for (var integer v_counter := lengthof(v_chain) - 1; v_counter > 1; v_counter := v_counter - 1) { // Loop on []N-1..1] if (not f_getCertificateSignerInfo(v_chain[v_counter], v_si)) { log("*** " & testcasename() & ": FAIL: Certificate[ " & int2str(v_counter) & "] doesn't contain signer info ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } if (not match(v_si.type_, e_certificate_digest_with_sha256) and not match(v_si.type_, e_certificate_digest_with_other_algorithm)) { log("*** " & testcasename() & ": FAIL: Certificate is not signed with digest ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } // signer_info.type indicates 'certificate_digest_with_sha256' or 'certificate_digest_with_other_algorythm' v_digest := f_calculateDigestFromCertificate(v_chain[v_counter - 1]); if (not match (v_si.signerInfo.digest, v_digest)) { log("*** " & testcasename() & ": FAIL: Certificate chain is not valid ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } } // End of 'for' statement // Process certificate[0] if (not f_getCertificateSignerInfo(v_chain[0], v_si)) { log("*** " & testcasename() & ": FAIL: Certificate[0] doesn't contain signer info ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } // Process certificate[0] if (not match (v_si.type_, e_certificate_digest_with_sha256)) { log("*** " & testcasename() & ": FAIL: Certificate[0] is not signed with digest ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } // signer_info.type indicates 'certificate_digest_with_sha256' only log("*** " & testcasename() & ": PASS: Certificate chain is well signed ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_SND_CERT_02_01_BV /** * @desc Check that the rectangular region validity restriction of the message signing certificate * contains not more than six valid rectangles; * Check that the rectangular region validity restriction of the message signing certificate is * continuous and does not contain any holes *
* Pics Selection: PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_RECTANGULAR_REGION * Config Id: CF01 * with { * the IUT being in the 'authorized' state * the IUT being requested to include certificate in the next CAM * } ensure that { * when { * the IUT is requested to send a CAM * } then { * the IUT sends a SecuredMessage * containing header_fields['signer_info'].signer * containing type * indicating 'certificate' * containing certificate * containing validity_restrictions['region'] * containing region_type * indicating 'rectangle' * and containing rectangular_region * indicating length <= 6 * and containing elements of type RectangularRegion * indicating continuous region without holes * and containing northwest and southeast * indicating northwest is on the north from southeast * } * } * @remark Certificate: cc_taCert_C ** @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_04_01_BV * @reference ETSI TS 103 097 [1], clauses 4.2.20 and 4.2.23 */ testcase TC_SEC_ITSS_SND_CERT_04_01_BV() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var Certificate v_cert; var ValidityRestriction v_vr; var integer v_counter; // Test control if (not(PICS_GN_SECURITY) or not(PICS_CERTIFICATE_SELECTION) or not(PICS_USE_RECTANGULAR_REGION)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_RECTANGULAR_REGION' required for executing the TC ***"); stop; } // Test component configuration vc_hashedId8ToBeUsed := cc_iutCert_C; f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test body tc_ac.start; if (not f_waitForCertificate(v_cert)) { log("*** " & testcasename() & ": INCONC: Expected message not received ***"); f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout); } tc_ac.stop; if (f_getCertificateValidityRestriction(v_cert, e_region, v_vr)) { if (v_vr.validity.region.region_type == e_rectangle) { var RectangularRegions v_rects := v_vr.validity.region.region.rectangular_region; if (lengthof(v_rects) > 6) { log("*** " & testcasename() & ": FAIL: Rectangular regions count is greather than 6 ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } for (v_counter := 0; v_counter
* Pics Selection: PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_RECTANGULAR_REGION * Config Id: CF01 * with { * the IUT being in the 'authorized' state * the IUT being requested to include certificate chain in the next CAM * } ensure that { * when { * the IUT is requested to send a CAM * } then { * the IUT sends a SecuredMessage * containing header_fields['signer_info'].signer * containing type * indicating 'certificate_chain' * containing certificates * indicating length N > 0 * and containing certificates [n] 0..n * containing validity_restrictions['region'] * containing region_type * indicating 'rectangle' * and containing rectangular_region * indicating length <= 6 * and containing elements of type RectangularRegion * containing northwest and southeast * indicating northwest on the north from southeast * and indicating continuous region without holes * } * } ** @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_04_02_BV * @reference ETSI TS 103 097 [1], clauses 4.2.20 and 4.2.23 */ testcase TC_SEC_ITSS_SND_CERT_04_02_BV() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var CertificateChain v_chain; var ValidityRestriction v_vr := valueof(m_validity_restriction_unknown), v_vri := valueof(m_validity_restriction_unknown); // current and issuing cert validity restrictions var boolean f_vr := false, f_vri := false; // Test control if (not(PICS_GN_SECURITY) or not(PICS_CERTIFICATE_SELECTION) or not(PICS_USE_RECTANGULAR_REGION)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_RECTANGULAR_REGION' required for executing the TC ***"); stop; } // Test component configuration vc_hashedId8ToBeUsed := cc_iutCert_C; f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain ***"); tc_ac.start; if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) { log("*** " & testcasename() & ": INCONC: Expected message not received ***"); f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout); } else { f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); } // Test Body tc_ac.stop; for (var integer v_counter := 0; v_counter < lengthof(v_chain); v_counter := v_counter + 1) { v_vri := v_vr; f_vri := f_vr; f_vr := f_getCertificateValidityRestriction(v_chain[v_counter], e_region, v_vr); log("v_chain[v_counter]=", v_chain[v_counter]); if (f_vr) { var RectangularRegions v_rects; if (v_vr.validity.region.region_type != e_rectangle) { log("*** " & testcasename() & ": INCONC: Certificate validity restriction region is not rectangular ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } v_rects := v_vr.validity.region.region.rectangular_region; log("v_rects=", v_rects); if (lengthof(v_rects) > 6) { log("*** " & testcasename() & ": FAIL: Rectangular regions count is greather than 6 ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } for (var integer j:=0; j
* Pics Selection: PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_POLYGONAL_REGION * Config Id: CF01 * with { * the IUT being in the 'authorized' state * the IUT being requested to include certificate chain in the next CAM * } ensure that { * when { * the IUT is requested to send a CAM * } then { * the IUT sends a SecuredMessage * containing header_fields['signer_info'].signer * containing type * indicating 'certificate_chain' * and containing certificates * indicating length > 0 * and containing certificates [n] (0..n) * containing validity_restrictions['region'] * containing region_type * indicating 'polygon' * and containing polygonal_region * indicating length >=3 and <=12 * and indicating continuous region without holes and intersections * } * } ** @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_05_02_BV * @reference ETSI TS 103 097 [1], clause 4.2.24 */ testcase TC_SEC_ITSS_SND_CERT_05_02_BV() runs on ItsGeoNetworking system ItsSecSystem { // Local declarations var CertificateChain v_chain; var ValidityRestriction v_vr := valueof(m_validity_restriction_unknown), v_vri := valueof(m_validity_restriction_unknown); // current and issuing cert validity restrictions var boolean f_vr := false, f_vri := false; // Test control if (not(PICS_GN_SECURITY) or not(PICS_CERTIFICATE_SELECTION) or not(PICS_USE_POLYGONAL_REGION)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_POLYGONAL_REGION' required for executing the TC ***"); stop; } // Test component configuration vc_hashedId8ToBeUsed := cc_iutCert_D; f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain ***"); tc_ac.start; if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) { log("*** " & testcasename() & ": INCONC: Expected message not received ***"); f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout); } else { f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); } // Test Body f_vr := false; tc_ac.stop; for (var integer v_counter := 0; v_counter < lengthof(v_chain); v_counter := v_counter + 1) { v_vri := v_vr; f_vri := f_vr; f_vr := f_getCertificateValidityRestriction(v_chain[v_counter], e_region, v_vr); if (f_vr) { var PolygonalRegion v_pr; var integer v_length; if (v_vr.validity.region.region_type != e_polygon) { log("*** " & testcasename() & ": INCONC: Certificate validity restriction region is not polygonal ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } v_pr := v_vr.validity.region.region.polygonal_region; v_length := lengthof(v_pr); if (v_length < 3) { log("*** " & testcasename() & ": FAIL: Count of points in polygonal region is too small in cert " & int2str(v_counter) & " ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } if (v_length > 12) { log("*** " & testcasename() & ": FAIL: Count of points in polygonal region is too big in cert " & int2str(v_counter) & "***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } if (true != f_isValidPolygonalRegion(v_pr)) { log("*** " & testcasename() & ": FAIL: Polygonal region is not valid (self-intersected) in cert " & int2str(v_counter) & " ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } if (f_vri) { // current restrictions must be inside of the parent one if (true != f_isPolygonalRegionInside(v_vri.validity.region.region.polygonal_region, v_pr)) { log("*** " & testcasename() & ": FAIL: Certificate validity restriction region in cert " & int2str(v_counter) & " is not inside the issuing one ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } // FIXME Check holes } } else { // Region validity restriction is not exist if (f_vri) { log("*** " & testcasename() & ": FAIL: Certificate validity restriction region must be set in the certificate " & int2str(v_counter) & "because this restriction exists in the issuing certificate ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } } } // End of 'for' statement log("*** " & testcasename() & ": PASS: All certificates has a valid polygonal region restrictions ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_SND_CERT_05_02_BV /** * @desc Check that the identified certificate validity region contains values that correspond to numeric country codes * as defined in ISO 3166-1 or defined by United Nations Statistics Division *
* Pics Selection: PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_IDENTIFIED_REGION * Config Id: CF01 * with { * the IUT being in the 'authorized' state * the IUT being requested to include certificate in the next CAM * } ensure that { * when { * the IUT is requested to send a CAM * } then { * the IUT sends a SecuredMessage * containing header_fields['signer_info'].signer * containing type * indicating 'certificate' * and containing certificate * containing validity_restrictions['region'] * containing region * containing region_type * indicating 'id' * and containing id_region * containing region_dictionary * indicating 'iso_3166_1' (0) * and containing region_identifier * indicating valid value according to 'iso_3166_1' * and containing local_region * or containing region * containing id_region * containing region_dictionary * indicating 'un_stats' * and containing region_identifier * indicating valid value according to UN STATS * and containing local_region * } * } ** @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_06_01_BV * @reference ETSI TS 103 097 [1], clause 4.2.26 and 7.4.1 */ testcase TC_SEC_ITSS_SND_CERT_06_01_BV() runs on ItsGeoNetworking system ItsSecSystem { var Certificate v_cert; var ValidityRestriction v_vr; var integer v_counter; // Test control if (not(PICS_GN_SECURITY) or not(PICS_CERTIFICATE_SELECTION) or not(PICS_USE_IDENTIFIED_REGION)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_IDENTIFIED_REGION' required for executing the TC ***"); stop; } // Test component configuration vc_hashedId8ToBeUsed := cc_iutCert_E; f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test body tc_ac.start; if (not f_waitForCertificate(v_cert)) { log("*** " & testcasename() & ": INCONC: Expected message not received ***"); f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout); } tc_ac.stop; if (f_getCertificateValidityRestriction(v_cert, e_region, v_vr)) { if (v_vr.validity.region.region_type == e_id) { if (not match (v_vr.validity.region, mw_geographicRegion_identified(mw_identifiedRegion_iso3166_any))) { log("*** " & testcasename() & ": FAIL: Identified region is not conformed to ISO 3166-1 ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else if (not match (v_vr.validity.region, mw_geographicRegion_identified(mw_identifiedRegion_un_stats_any))) { log("*** " & testcasename() & ": FAIL: Identified region is not conformed to United Nations Statistics Division ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } } log("*** " & testcasename() & ": PASS: Certificate has a valid region ID restrictions ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": FAIL: Certificate doesn't have any location restrictions ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_SND_CERT_06_01_BV /** * @desc Check that the identified certificate validity region contains values that correspond to numeric country codes * as defined in ISO 3166-1 or defined by United Nations Statistics Division * Check that the identified certificate validity region contains values defining the region which is inside * the validity region of the issuing certificate * @remark The case when signing certificate and issuing certificate contain different type of region validity restriction is not supported by this test *
* Pics Selection: PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_IDENTIFIED_REGION * Config Id: CF01 * with { * the IUT being in the 'authorized' state * the IUT being requested to include certificate chain in the next CAM * } ensure that { * when { * the IUT is requested to send a CAM * } then { * the IUT sends a SecuredMessage * containing header_fields['signer_info'].signer * containing type * indicating 'certificate_chain' * and containing certificate * indicating length N > 1 * and containing certificates[n] (0..N) * containing validity_restrictions['region'] * containing region * containing region_type * indicating 'id' * and containing id_region * containing region_dictionary * indicating 'iso_3166_1' (0) * and containing region_identifier * indicating valid value according to 'iso_3166_1' * and containing local_region * or containing region * containing id_region * containing region_dictionary * indicating 'un_stats' * and containing region_identifier * indicating valid value according to UN STATS * and containing local_region * } * } ** @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_06_02_BV * @reference ETSI TS 103 097 [1], clause 4.2.26 and 7.4.1 */ testcase TC_SEC_ITSS_SND_CERT_06_02_BV() runs on ItsGeoNetworking system ItsSecSystem { var CertificateChain v_chain; var ValidityRestriction v_vr := valueof(m_validity_restriction_unknown), v_vri := valueof(m_validity_restriction_unknown); // current and issuing cert validity restrictions var boolean f_vr := false, f_vri := false; // Test control if (not(PICS_GN_SECURITY) or not(PICS_CERTIFICATE_SELECTION) or not(PICS_USE_IDENTIFIED_REGION)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_IDENTIFIED_REGION' required for executing the TC ***"); stop; } // Test component configuration vc_hashedId8ToBeUsed := cc_iutCert_E; f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain ***"); tc_ac.start; if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) { log("*** " & testcasename() & ": INCONC: Expected message not received ***"); f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout); } else { f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); } // Test Body f_vr := false; tc_ac.stop; for (var integer v_counter := 0; v_counter < lengthof(v_chain); v_counter := v_counter + 1) { v_vri := v_vr; f_vri := f_vr; f_vr := f_getCertificateValidityRestriction(v_chain[v_counter], e_region, v_vr); if (f_vr) { if (v_vr.validity.region.region_type == e_id) { if (not match (v_vr.validity.region, mw_geographicRegion_identified(mw_identifiedRegion_iso3166_any))) { log("*** " & testcasename() & ": FAIL: Identified region is not conformed to ISO 3166-1 ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } if (not match (v_vr.validity.region, mw_geographicRegion_identified(mw_identifiedRegion_un_stats_any))) { log("*** " & testcasename() & ": FAIL: Identified region is not conformed to United Nations Statistics Division ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } } if (f_vri) { // the region code must be the same if (v_vr.validity.region.region.id_region.region_identifier != v_vri.validity.region.region.id_region.region_identifier) { log("*** " & testcasename() & ": FAIL: Certificate validity restriction identified region in cert " & int2str(v_counter) & " is not the same as in the issuing one ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } if ( v_vri.validity.region.region.id_region.local_region != 0 and v_vri.validity.region.region.id_region.local_region != v_vr.validity.region.region.id_region.local_region ) { log("*** " & testcasename() & ": FAIL: Certificate validity restriction local identified region in cert " & int2str(v_counter) & " is not the same as in the issuing one ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } } } else { // Region validity restriction is not exist if (f_vri) { log("*** " & testcasename() & ": FAIL: Certificate validity restriction identified region must be set in the certificate " & int2str(v_counter) & "because this restriction exists in the issuing certificate ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } } } log("*** " & testcasename() & ": PASS: All certificates has a valid identified regionrestrictions ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_SND_CERT_06_02_BV /** * @desc Check that the region of the subordinate certificate validity restriction is inside the region of the issuing certificate validity restriction *
* Pics Selection: PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION * Config Id: CF01 * with { * the IUT being in the 'authorized' state * the IUT being requested to include certificate chain in the next CAM * } ensure that { * when { * the IUT is requested to send a CAM * } then { * the IUT sends a SecuredMessage * containing header_fields['signer_info'].signer * containing type * indicating 'certificate_chain' * and containing certificates * indicating length N > 1 * and containing certificates[n] (0..N) * indicating certificate * not containing validity_restrictions['region'] * and containing signer_info * containing digest * referenced to the certificate * not containing validity_restrictions['region'] * or indicating certificate * containing validity_restrictions['region'] * containing region.region_type * indicating 'none' * and containing signer_info * containing digest * referenced to the certificate * not containing validity_restrictions['region'] * or containing validity_restrictions['region'] * containing region.region_type * indicating 'none' * or indicating certificate * containing validity_restrictions['region'] * containing region.region_type * indicated 'circle' * or indicated 'rectangle' * or indicated 'polygon' * or indicated 'id' * and containing region (X_CERT__REGION) * and containing signer_info * containing digest * referenced to the certificate * not containing validity_restrictions['region'] * or containing validity_restrictions['region'] * containing region.region_type * indicating 'none' * or containing validity_restrictions['region'] * containing region * indicating region fully covering the X_CERT_REGION * } * } ** @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_07_01_BV * @reference ETSI TS 103 097 [1], clause 4.2.26 and 7.4.1 */ testcase TC_SEC_ITSS_SND_CERT_07_01_BV() runs on ItsGeoNetworking system ItsSecSystem { var CertificateChain v_chain; var Certificate v_cert, v_cert_issuer; var SignerInfo v_si; var UInt8 v_counter; var HashedId8 v_digest; var CertificatesCaching v_certificatesCaching; var FncRetCode v_result_status := e_success; // Test control if (not(PICS_GN_SECURITY) or not(PICS_CERTIFICATE_SELECTION)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION' required for executing the TC ***"); stop; } // Test component configuration // vc_hashedId8ToBeUsed := cc_iutCert_E; f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain ***"); tc_ac.start; if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) { log("*** " & testcasename() & ": INCONC: Expected message not received ***"); f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout); } else { f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); } // Test Body // 1. Create a cache of certificates f_createCertificatesCaching(v_chain, v_certificatesCaching); // 2. Process the certificates v_counter := f_getCertificatesCachingItemSize(v_certificatesCaching) - 1; while (v_counter != 0) { // Get the first certificate if (f_getCertificatesCachingItem(v_certificatesCaching, v_counter, v_cert) == false) { v_result_status := e_error; break; } // Retrive SigneInfo field if (not f_getCertificateSignerInfo(v_cert, v_si)) { log("*** " & testcasename() & ": FAIL: Certificate " & int2str(v_counter) & " doesn't have a signer info ***"); v_result_status := e_error; break; } if (not match (v_si.type_, e_certificate_digest_with_sha256)) { log("*** " & testcasename() & ": FAIL: Certificate is not signed with digest ***"); v_result_status := e_error; break; } // Get issuer if (f_getCertificateFromCaching(v_certificatesCaching, v_si.signerInfo.digest, v_cert_issuer) == false) { log("*** " & testcasename() & ": FAIL: Certificate is not signed with digest ***"); v_result_status := e_error; break; } // Check that cert is signed by issuing cert v_digest := f_calculateDigestFromCertificate(v_cert_issuer); if (not match (v_si.signerInfo.digest, v_si.signerInfo.digest)) { log("*** " & testcasename() & ": FAIL: Certificate chain is not valid ***"); v_result_status := e_error; break; } // Check that the region of the subordinate certificate validity restriction is inside the region of the issuing certificate validity restriction if (f_checkRegionValidityRestiction(v_cert, v_cert_issuer) == false) { v_result_status := e_error; break; } // Prepare next loop v_counter := v_counter - 1; } // End of 'while' statement if (v_result_status == e_success) { log("*** " & testcasename() & ": PASS: All certificates has a valid identified region restrictions ***"); } f_selfOrClientSyncAndVerdictTestBody(c_tbDone, v_result_status); // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_SND_CERT_07_01_BV /** * @desc Check that the region of the subordinate certificate validity restriction is inside the region of the issuing certificate validity restriction *
* Pics Selection: PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_IDENTIFIED_REGION * Config Id: CF01 * with { * the IUT being in the 'authorized' state * the IUT being requested to include certificate chain in the next CAM * the IUT being requested to include certificate chain in the next CAM * } ensure that { * when { * the IUT is requested to send a CAM * } then { * the IUT sends a SecuredMessage * containing header_fields['signer_info'].signer * containing type * indicating 'certificate_chain' * and containing certificates * indicating length N > 1 * and containing certificates[n] (0..N) * indicating certificate * containing validity_restrictions['region'] * containing region.region_type * indicated 'id' * and containing id_region * containing region_dictionary * indicating 'iso_3166_1' * or indicating 'un_stat' * and containing region_identifier (X_CERT_REGION_ID) * indicating valid value according to 'iso_3166_1' or 'un_stat' * and containing local_region (X_CERT_LOCAL_REGION) * and containing signer_info * containing digest * referenced to the certificate * containing validity_restrictions['region'] * containing region * indicated 'id' * and containing id_region * containing region_dictionary * indicating 'iso_3166_1' * or indicating 'un_stat' * and containing region_identifier * indicating value == X_CERT_REGION_ID * and containing local_region * indicating value == X_CERT_LOCAL_REGION * or indicating 0 * or containing id_region * containing region_dictionary * indicating 'un_stats' * and containing region_identifier * indicating region fully covering the X_CERT_REGION * } * } ** @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_07_02_BV * @reference ETSI TS 103 097 [1], clause 4.2.26 and 7.4.1 */ testcase TC_SEC_ITSS_SND_CERT_07_02_BV() runs on ItsGeoNetworking system ItsSecSystem { var CertificateChain v_chain; var Certificate v_cert, v_cert_issuer; var SignerInfo v_si; var UInt8 v_counter; var HashedId8 v_digest; var CertificatesCaching v_certificatesCaching; var FncRetCode v_result_status := e_success; // Test control if (not(PICS_GN_SECURITY) or not(PICS_CERTIFICATE_SELECTION) or not(PICS_USE_IDENTIFIED_REGION)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_IDENTIFIED_REGION' required for executing the TC ***"); stop; } // Test component configuration // vc_hashedId8ToBeUsed := cc_iutCert_E; f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain ***"); tc_ac.start; if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) { log("*** " & testcasename() & ": INCONC: Expected message not received ***"); f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout); } else { f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); } // Test Body // 1. Create a cache of certificates f_createCertificatesCaching(v_chain, v_certificatesCaching); // 2. Process the certificates v_counter := f_getCertificatesCachingItemSize(v_certificatesCaching) - 1; while (v_counter != 0) { // Get the first certificate if (f_getCertificatesCachingItem(v_certificatesCaching, v_counter, v_cert) == false) { v_result_status := e_error; break; } // Retrive SigneInfo field if (not f_getCertificateSignerInfo(v_cert, v_si)) { log("*** " & testcasename() & ": FAIL: Certificate " & int2str(v_counter) & " doesn't have a signer info ***"); v_result_status := e_error; break; } if (not match (v_si.type_, e_certificate_digest_with_sha256)) { log("*** " & testcasename() & ": FAIL: Certificate is not signed with digest ***"); v_result_status := e_error; break; } // Get issuer if (f_getCertificateFromCaching(v_certificatesCaching, v_si.signerInfo.digest, v_cert_issuer) == false) { log("*** " & testcasename() & ": FAIL: Certificate is not signed with digest ***"); v_result_status := e_error; break; } // Check that cert is signed by issuing cert v_digest := f_calculateDigestFromCertificate(v_cert_issuer); if (not match (v_si.signerInfo.digest, v_si.signerInfo.digest)) { log("*** " & testcasename() & ": FAIL: Certificate chain is not valid ***"); v_result_status := e_error; break; } // Check that the region of the subordinate certificate validity restriction is inside the region of the issuing certificate validity restriction if (f_checkRegionValidityRestiction(v_cert, v_cert_issuer) == false) { v_result_status := e_error; break; } // Prepare next loop v_counter := v_counter - 1; } // End of 'while' statement if (v_result_status == e_success) { log("*** " & testcasename() & ": PASS: All certificates has a valid identified region restrictions ***"); } f_selfOrClientSyncAndVerdictTestBody(c_tbDone, v_result_status); // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_SND_CERT_02_01_BV /** * @desc Check the certificate chain to ensure that the time validity restriction of the subordinate certificate is inside the time validity restriction of the issuing certificate *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * with { * the IUT being in the 'authorized' state * the IUT being requested to include certificate chain in the next CAM * } ensure that { * when { * the IUT is requested to send a CAM * } then { * the IUT sends a SecuredMessage * containing header_fields['signer_info'].signer * containing type * indicating 'certificate_chain' * containing certificates * containing certificates[last-1] * containing validity_restrictions * containing validity_restrictions['time_start_and_end'] * containing start_validity * indicating START_AA_VALIDITY * containing end_validity * indicating END_AA_VALIDITY >= START_AA_VALIDITY * and containing signer_info * containing digest * referenced to the trusted certificate * containing validity_restrictions['time_end'] * containing end_validity * indicating value > AA_END_VALIDITY * or containing validity_restrictions['time_start_and_end'] * containing start_validity * indicating value <= AA_START_VALIDITY * and containing end_validity * indicating value > AA_END_VALIDITY * or containing validity_restrictions['time_start_and_duration'] * containing start_validity * indicating X_START_VALIDITY <= AA_START_VALIDITY * and containing duration * indicating value > AA_END_VALIDITY - X_START_VALIDITY * } * } ** @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_08_01_BV * @reference ETSI TS 103 097 [1], clauses 7.4.4 */ testcase TC_SEC_ITSS_SND_CERT_08_01_BV() runs on ItsGeoNetworking system ItsSecSystem { var CertificateChain v_chain; var Certificate v_aa_cert; var ValidityRestriction v_vr; var SignerInfo v_si; var Time64 v_generationTime; var Time64 v_curTime; var Time64 v_startTime, v_endTime, v_duration; // Test control if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain ***"); tc_ac.start; if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) { log("*** " & testcasename() & ": INCONC: Expected message not received ***"); f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout); } tc_ac.stop; if (lengthof(v_chain) < 2) { log("*** " & testcasename() & ": FAIL: Certificate chain is too short ***"); f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_error); } v_aa_cert := v_chain[lengthof(v_chain) - 1]; if (match (v_aa_cert.validity_restrictions, (superset(mw_validity_restriction_time_end, mw_validity_restriction_time_start_and_duration))) ) { log("*** " & testcasename() & ": FAIL: AA certificate must not contain time_end and time_start_and_duration restrictions ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } if ( true != f_getCertificateValidityRestriction(v_aa_cert, e_time_start_and_end, v_vr)) { log("*** " & testcasename() & ": FAIL: AA certificate must contain time_start_and_end restrictions ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } if (v_vr.validity.time_start_and_end.start_validity > v_vr.validity.time_start_and_end.end_validity ) { log("*** " & testcasename() & ": FAIL: start validity mus not be greater then end validity in the validity restrictions of AA certificate ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } // Process signerInfo field if ( true != f_getCertificateSignerInfo(v_aa_cert, v_si)) { log("*** " & testcasename() & ": FAIL: AA certificate must contain SignerInfo fields ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } if (v_si.type_ == e_certificate) { log("*** " & testcasename() & ": FAIL: AA certificate must contain SignerInfo field containing a certificate ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } for (var integer v_counter := 0; v_counter < lengthof(v_si.signerInfo.certificate.validity_restrictions); v_counter := v_counter + 1) { if (v_si.signerInfo.certificate.validity_restrictions[v_counter].type_ == e_time_end) { v_endTime := v_si.signerInfo.certificate.validity_restrictions[v_counter].validity.end_validity * 1000000; if (not match(v_generationTime, Time64:(0 .. v_endTime))){ log("*** " & testcasename() & ": FAIL: DENM generation time is not inside the validity of the certificate"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } } else if (v_si.signerInfo.certificate.validity_restrictions[v_counter].type_ == e_time_start_and_end) { v_endTime := v_si.signerInfo.certificate.validity_restrictions[v_counter].validity.time_start_and_end.end_validity * 1000000; v_startTime := v_si.signerInfo.certificate.validity_restrictions[v_counter].validity.time_start_and_end.start_validity * 1000000; if (not match(v_generationTime, Time64:(v_startTime .. v_endTime))){ log("*** " & testcasename() & ": FAIL: DENM generation time is not inside the validity of the certificate"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } } else if (v_si.signerInfo.certificate.validity_restrictions[v_counter].type_ == e_time_start_and_duration) { v_startTime := v_si.signerInfo.certificate.validity_restrictions[v_counter].validity.time_start_and_duration.start_validity * 1000000; v_duration := f_duration2time(v_si.signerInfo.certificate.validity_restrictions[v_counter].validity.time_start_and_duration.duration_) * 1000000; if (not match(v_generationTime, Time64:(v_startTime .. v_duration))){ log("*** " & testcasename() & ": FAIL: DENM generation time is not inside the validity of the certificate"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } } else { log("*** " & testcasename() & ": FAIL: Mal-formed the certificate"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } } // End of 'for' statement log("*** " & testcasename() & ": PASS: Time validity restriction of the AA certificate is good ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_SND_CERT_08_01_BV /** * @desc Check that the certificate signature contains ECC point of type set to either compressed_lsb_y_0, compressed_lsb_y_1 * or x_coordinate_only *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * the IUT being requested to include certificate in the next CAM * } * Expected Behaviour: * ensure that { * when { * the IUT is requested to send a CAM * } then { * the IUT sends a SecuredMessage * containing header_fields['signer_info'].signer * containing type * indicating certificate * containing certificate * containing signature.ecdsa_signature * containing R.type * indicating compressed_lsb_y_0 * or indicating compressed_lsb_y_1 * or indicating x_coordinate_only * } * } ** @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_09_01_BV * @reference ETSI TS 103 097 [1], clause 4.2.9 */ testcase TC_SEC_ITSS_SND_CERT_09_01_BV() runs on ItsGeoNetworking system ItsSecSystem { // Test control if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body tc_ac.start; alt { [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mdw_securedMessage( superset( mw_header_field_signer_info_certificate( mw_at_certificate( ?, ?, ?, mw_signature( mw_ecdsaSignature( mw_eccPointecdsa_nistp256_with_sha256_y0_coordinate_only ))))))))) { tc_ac.stop; log("*** " & testcasename() & ": PASS: AT certificate contains signature with the ECC point of type set to compressed_lsb_y_0 received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mdw_securedMessage( superset( mw_header_field_signer_info_certificate( mw_at_certificate( ?, ?, ?, mw_signature( mw_ecdsaSignature( mw_eccPointecdsa_nistp256_with_sha256_y1_coordinate_only ))))))))) { tc_ac.stop; log("*** " & testcasename() & ": PASS: AT certificate contains signature with the ECC point of type set to compressed_lsb_y_1 received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mdw_securedMessage( superset( mw_header_field_signer_info_certificate( mw_at_certificate( ?, ?, ?, mw_signature( mw_ecdsaSignature( mw_eccPointecdsa_nistp256_with_sha256_x_coordinate_only ))))))))) { tc_ac.stop; log("*** " & testcasename() & ": PASS: AT certificate contains signature with the ECC point of type set to x_coordinate_only received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mdw_securedMessage( superset( mw_header_field_signer_info_certificate( mw_at_certificate )))))) { tc_ac.stop; log("*** " & testcasename() & ": FAIL: AT certificate signature mismatch ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected message not received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); } } // End of 'alt' statement // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_SND_CERT_09_01_BV /** * @desc Check that the all certificates in a chain have signatures contains ECC point of type set to either compressed_lsb_y_0, compressed_lsb_y_1 * or x_coordinate_only *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * the IUT being requested to include certificate in the next CAM * } * Expected Behaviour: * ensure that { * when { * the IUT is requested to send a CAM * } then { * the IUT sends a SecuredMessage * containing header_fields['signer_info'].signer * containing type * indicating 'certificate_chain' * containing certificates * indicating length N > 1 * and indicating certificates[n] (0..N) * containing signature.ecdsa_signature * containing R.type * indicating compressed_lsb_y_0 * or indicating compressed_lsb_y_1 * or indicating x_coordinate_only * } * } ** @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_09_02_BV * @reference ETSI TS 103 097 [1], clause 4.2.9 */ testcase TC_SEC_ITSS_SND_CERT_09_02_BV() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var GeoNetworkingInd v_geoNwInd; var SignerInfo v_si; var CertificateChain v_chain; var integer v_counter; // Test control if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body tc_ac.start; alt { [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mdw_securedMessage( superset( mw_header_field_signer_info_certificate_chain ))))) -> value v_geoNwInd { tc_ac.stop; // Check certificate chain if (f_getMsgSignerInfo(f_getSecuredMessage(v_geoNwInd.msgIn), v_si)) { v_chain := v_si.signerInfo.certificates; for (v_counter := lengthof(v_chain) - 1; v_counter > 0; v_counter := v_counter - 1 ) { if (v_chain[v_counter].signature_.algorithm != e_ecdsa_nistp256_with_sha256) { log("*** " & testcasename() & ": FAIL: Wrong signature algorithm ***"); f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_error); } else if ( (v_chain[v_counter].signature_.signature_.ecdsa_signature.r.type_ != e_x_coordinate_only) and (v_chain[v_counter].signature_.signature_.ecdsa_signature.r.type_ != e_compressed_lsb_y_0) and (v_chain[v_counter].signature_.signature_.ecdsa_signature.r.type_ != e_compressed_lsb_y_1) ) { log("*** " & testcasename() & ": FAIL: Wrong ECDSA R type ***"); f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_error); } } // End of 'for' statement } log("*** " & testcasename() & ": PASS: All certificates in a chain have the correct signature type ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected message not received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); } } // End of 'alt' statement // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_SND_CERT_09_02_BV /** * @desc Check that the certificate verification key contains ECC point of type set to either compressed_lsb_y_0, compressed_lsb_y_1 * or uncompressed *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * the IUT being requested to include certificate in the next CAM * } * Expected Behaviour: * ensure that { * when { * the IUT is requested to send a CAM * } then { * the IUT sends a SecuredMessage * containing header_fields['signer_info'].signer * containing type * indicating certificate * containing certificate * containing subject_attributes['verification_key'] * containing key.public_key.type * indicating compressed_lsb_y_0 * or indicating compressed_lsb_y_1 * or indicating x_coordinate_only * } * } ** @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_10_01_BV * @reference ETSI TS 103 097 [1], clause 4.2.4 */ testcase TC_SEC_ITSS_SND_CERT_10_01_BV() runs on ItsGeoNetworking system ItsSecSystem { // Test control if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body tc_ac.start; alt { [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mdw_securedMessage( superset( mw_header_field_signer_info_certificate( mw_at_certificate( ?, superset( mw_subject_attribute_verification_key( mw_publicKey_eccPoint_compressed_lsb_y_0 ) ), ?, mw_signature ))))))) { tc_ac.stop; log("*** " & testcasename() & ": PASS: AT certificate contains verification key with the ECC point of type set to compressed_lsb_y_0 received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mdw_securedMessage( superset( mw_header_field_signer_info_certificate( mw_at_certificate( ?, superset( mw_subject_attribute_verification_key( mw_publicKey_eccPoint_compressed_lsb_y_1 ) ), ?, mw_signature ))))))) { tc_ac.stop; log("*** " & testcasename() & ": PASS: AT certificate contains verification key with the ECC point of type set to compressed_lsb_y_1 received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mdw_securedMessage( superset( mw_header_field_signer_info_certificate( mw_at_certificate( ?, superset( mw_subject_attribute_verification_key( mw_publicKey_eccPoint_uncompressed ) ), ?, mw_signature ))))))) { tc_ac.stop; log("*** " & testcasename() & ": PASS: AT certificate contains verification key with the ECC point of type set to uncompressed received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mdw_securedMessage( superset( mw_header_field_signer_info_certificate( mw_at_certificate )))))) { tc_ac.stop; log("*** " & testcasename() & ": FAIL: AT certificate signature mismatch ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected message not received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); } } // End of 'alt' statement // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_SND_CERT_10_01_BV /** * @desc Check that all certificate in a chain have verification keys contains ECC point of type set to either compressed_lsb_y_0, compressed_lsb_y_1 * or uncompressed *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * the IUT being requested to include certificate in the next CAM * } * Expected Behaviour: * ensure that { * when { * the IUT is requested to send a CAM * } then { * the IUT sends a SecuredMessage * containing header_fields['signer_info'].signer * containing type * indicating 'certificate_chain' * containing certificates * indicating length N > 1 * and indicating certificates[n] (0..N) * containing signature.ecdsa_signature * containing subject_attributes['verification_key'] * indicating compressed_lsb_y_0 * or indicating compressed_lsb_y_1 * or indicating uncompressed * } * } ** @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_10_02_BV * @reference ETSI TS 103 097 [1], clause 4.2.4 */ testcase TC_SEC_ITSS_SND_CERT_10_02_BV() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var GeoNetworkingInd v_geoNwInd; var SignerInfo v_si; var CertificateChain v_chain; var integer v_counter; // Test control if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body tc_ac.start; alt { [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mdw_securedMessage( superset( mw_header_field_signer_info_certificate_chain ))))) { tc_ac.stop; // Check certificate chain if (f_getMsgSignerInfo(f_getSecuredMessage(v_geoNwInd.msgIn), v_si)) { v_chain := v_si.signerInfo.certificates; for (v_counter := lengthof(v_chain) - 1; v_counter > 0; v_counter := v_counter - 1 ) { if ( (not match(v_chain[v_counter], mw_certificate(?, ?, superset(mw_subject_attribute_verification_key(mw_publicKey_eccPoint_compressed_lsb_y_0))))) and (not match(v_chain[v_counter], mw_certificate(?, ?, superset(mw_subject_attribute_verification_key(mw_publicKey_eccPoint_compressed_lsb_y_1))))) and (not match(v_chain[v_counter], mw_certificate(?, ?, superset(mw_subject_attribute_verification_key(mw_publicKey_eccPoint_uncompressed))))) ) { log("*** " & testcasename() & ": FAIL: Wrong verification key algorithm ***"); f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_error); } } // End of 'for' statement } log("*** " & testcasename() & ": PASS: All certificates in a chain have the correct verification key ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected message not received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); } } // End of 'alt' statement // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_SND_CERT_10_02_BV /** * @desc Check the certificate signature *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * the IUT being requested to include certificate in the next CAM * } ensure that { * when { * the IUT is requested to send a CAM * } then { * the IUT sends a SecuredMessage * containing header_fields['signer_info'].signer * containing type * indicating 'certificate' * ND containing certificate * containing signer_info * containing type * indicating 'certificate_digest_with_sha256' * containing digest * referenced to the certificate CERT * and containing signature * verifiable using CERT.subject_attributes['verification_key'].key * } * } ** @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_09_01_BV * @reference ETSI TS 103 097 [1], clauses 6.1 and 7.4.1 */ testcase TC_SEC_ITSS_SND_CERT_11_01_BV() runs on ItsGeoNetworking system ItsSecSystem { // Local declarations var GeoNetworkingInd v_geoNwInd; var Certificate v_at_cert; var Certificate v_aa_cert; var HashedId8 v_aa_digest; var SignerInfo v_si; var integer v_counter; // Test control if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Wait for the message with the certificate to get the AA cert digest. // Ask for the chain, containing AT and AA certificate // Check that the AT cert in the first message is signed with the AA cert log("*** " & testcasename() & ": INFO: Waiting for the message containing certificate ***"); tc_ac.start; if (not f_waitForCertificate(v_at_cert)) { log("*** " & testcasename() & ": INCONC: Expected message not received ***"); f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout); } tc_ac.stop; if (true != f_getCertificateSignerInfo(v_at_cert, v_si)) { log("*** " & testcasename() & ": FAIL: AT Certificate signer info is unknown ***"); f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_error); } if (not match (v_si.type_, e_certificate_digest_with_sha256)) { log("*** " & testcasename() & ": FAIL: AT Certificate is not signed well ***"); f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_error); } v_aa_digest := v_si.signerInfo.digest; // Send a certificate request to the IUT f_sendCertificateRequest(v_aa_digest, f_generateDefaultCam()); // Test Body tc_ac.start; alt { [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mdw_securedMessage( superset( mw_header_field_signer_info_certificate_chain ))))) -> value v_geoNwInd { var SecuredMessage v_secMsg; var integer v_chainLength; tc_ac.stop; // Check certificate chain if (f_getMsgSignerInfo(f_getSecuredMessage(v_geoNwInd.msgIn), v_si)) { v_chainLength := lengthof(v_si.signerInfo.certificates); if (v_chainLength < 2 ) { log("*** " & testcasename() & ": FAIL: Certificate chain doesn't contain the AA cert ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } // get aa cert v_aa_cert := v_si.signerInfo.certificates[v_chainLength-2]; if (not match (v_aa_digest, f_calculateDigestFromCertificate(v_aa_cert))) { log("*** " & testcasename() & ": FAIL: AT certificate was not signed with the given AA cert ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } // Check that at cert is signed with aa cert if (false == f_verifyCertificateSignatureWithIssuingCertificate(v_at_cert, v_aa_cert)) { log("*** " & testcasename() & ": FAIL: AT certificate signature error ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } log("*** " & testcasename() & ": PASS: AT certificate was well signed with AA certificate ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } else { log("*** " & testcasename() & ": FAIL: The message signer info is unknown ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected message not received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); } } // End of 'alt' statement // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_SND_CERT_11_01_BV /** * @desc Check the signatures of the certificates in the chain *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * the IUT being requested to include certificate chain in the next CAM * } ensure that { * when { * the IUT is requested to send a CAM * } then { * the IUT sends a SecuredMessage * containing header_fields['signer_info'].signer * containing type * indicating 'certificate_chain' * and containing certificates * indicating length N > 1 * and containing certificate[0] * containing signer_info * containing type * indicating 'certificate_digest_with_sha256' * and containing digest * referenced to the trusted certificate (CERT_ROOT) * and containing signature * verifiable using CERTIFICATES[N-1].subject_attributes['verification_key'].key * and containing certificates[n] (1..N) * containing signer_info { * containing type * indicating 'certificate_digest_with_sha256' * and containing digest * referenced to the certificates[n-1] * and containing signature * verifiable using certificates[n-1].subject_attributes['verification_key'].key * } * } ** @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_09_02_BV * @reference ETSI TS 103 097 [1], clauses 6.1 and 7.4.1 */ testcase TC_SEC_ITSS_SND_CERT_11_02_BV() runs on ItsGeoNetworking system ItsSecSystem { // Local declarations var GeoNetworkingInd v_geoNwInd; var Certificate v_cert; var CertificateChain v_chain; var SignerInfo v_si; var HashedId8 v_digest; var integer v_counter; // Test control if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Wait for the message with the certificate to get the AA cert digest. // Ask for the chain, containing AT and AA certificate // Check that the AT cert in the first message is signed with the AA cert log("*** " & testcasename() & ": INFO: Waiting for the message containing certificate and ask for a certificate chain ***"); tc_ac.start; f_askForCertificateChain(f_generateDefaultCam()); tc_ac.stop; // Test Body tc_ac.start; alt { [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mdw_securedMessage( superset( mw_header_field_signer_info_certificate_chain ))))) -> value v_geoNwInd { var SecuredMessage v_secMsg; var integer v_chainLength; tc_ac.stop; // Check certificate chain if (f_getMsgSignerInfo(f_getSecuredMessage(v_geoNwInd.msgIn), v_si)) { v_chain := v_si.signerInfo.certificates; for (v_counter := lengthof(v_chain) - 1; v_counter > 0; v_counter := v_counter - 1 ) { if (not f_getCertificateSignerInfo(v_chain[v_counter], v_si)) { log("*** " & testcasename() & ": FAIL: Certificate "&int2str(v_counter) & " doesn't have a signer info ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } if (not match (v_si.type_, e_certificate_digest_with_sha256)) { log("*** " & testcasename() & ": FAIL: Certificate is not signed with digest ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } // Check that cert is signed by issuing cert v_digest := f_calculateDigestFromCertificate(v_chain[v_counter - 1]); if (not match (v_si.signerInfo.digest, v_digest)) { log("*** " & testcasename() & ": FAIL: Certificate chain is not valid ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } // Check that the signature is valid if (false == f_verifyCertificateSignatureWithIssuingCertificate(v_chain[v_counter], v_chain[v_counter - 1])) { log("*** " & testcasename() & ": FAIL: AT certificate signature error ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } } // End of 'for' statement log("*** " & testcasename() & ": PASS: All certificates in the chain signed by it's issuing certs ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } else { log("*** " & testcasename() & ": FAIL: The message signer info is unknown ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected message not received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); } } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_SND_CERT_11_02_BV /** * @desc Check that the assurance level of the subordinate certificate is equal to or less than the assurance level of the issuing certificate *
* Pics Selection: PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION * Config Id: CF01 * with { * the IUT being in the 'authorized' state * the IUT being requested to include certificate chain in the next CAM * } ensure that { * when { * the IUT is requested to send a CAM * } then { * the IUT sends a SecuredMessage * containing header_fields['signer_info'].signer * containing type * indicating 'certificate_chain' * containing certificates * indicating length N > 1 * and containing certificates[n](0..N) * containing subject_attributes ['assurance_level'] * containig assurance_level * containing bits [5-7] * indicating assurance level CERT_AL * and containing signer_info * containing digest * referenced to the certificate * containing subject_attributes ['assurance_level'] * containing assurance_level * containing bits [5-7] * indicating value <= CERT_AL * } * } ** @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_12_01_BV * @reference ETSI TS 103 097 [1], clause 7.4.1 */ testcase TC_SEC_ITSS_SND_CERT_12_01_BV() runs on ItsGeoNetworking system ItsSecSystem { var CertificateChain v_chain; var Certificate v_aa_cert, v_at_cert; var SubjectAttribute v_sa; var SubjectAssurance v_aa_assurance_level, v_at_assurance_level; // Test control if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain ***"); tc_ac.start; if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) { log("*** " & testcasename() & ": INCONC: Expected message not received ***"); f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout); } tc_ac.stop; if (lengthof(v_chain) < 2) { log("*** " & testcasename() & ": FAIL: Certificate chain is too short ***"); f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_error); } v_aa_cert := v_chain[lengthof(v_chain) - 2]; v_at_cert := v_chain[lengthof(v_chain) - 1]; if (not f_getCertificateSubjectAttribute(v_aa_cert, e_assurance_level, v_sa)) { log("*** " & testcasename() & ": FAIL: AA certificate does not contain its_aid_list subject attribute ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } v_aa_assurance_level := v_sa.attribute.assurance_level; if (not f_getCertificateSubjectAttribute(v_at_cert, e_assurance_level, v_sa)) { log("*** " & testcasename() & ": FAIL: AA certificate does not contain its_aid_list subject attribute ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } v_at_assurance_level := v_sa.attribute.assurance_level; if (bit2int(v_aa_assurance_level.levels) < bit2int(v_at_assurance_level.levels)) { log("*** " & testcasename() & ": FAIL: The assurence levels mismatch ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: The assurence levels match ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_SND_CERT_12_01_BV /** * @desc Sending behaviour test cases for AA certificate profil * @see ETSI TS 103 096-2 V1.2.2 (2016-01) Clause 5.2.7.7 AA certificate profile */ group AA_Certificates { /** * @desc Check that the subject_type of the AA certificate is set to authorization_authority *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * with { * the IUT being in the 'authorized' state * the IUT being requested to include certificate chain in the next CAM * } ensure that { * when { * the IUT is requested to send a CAM * } then { * the IUT sends a SecuredMessage * containing header_fields['signer_info'].signer * containing type * indicating 'certificate_chain' * containing certificates[last-1] * containing subject_info.subject_type * indicating 'authorization_authority' (2) * } * } ** @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_AA_01_01_BV * @reference ETSI TS 103 097 [1], clause 7.4.4 */ testcase TC_SEC_ITSS_SND_CERT_AA_01_01_BV() runs on ItsGeoNetworking system ItsSecSystem { var CertificateChain v_chain; // Test control if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain ***"); tc_ac.start; if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) { log("*** " & testcasename() & ": INCONC: Expected message not received ***"); f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout); } tc_ac.stop; if (lengthof(v_chain) < 2) { log("*** " & testcasename() & ": FAIL: Certificate chain is too short ***"); f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_error); } if (not match(v_chain[lengthof(v_chain) - 2], mw_aa_certificate)) { log("*** " & testcasename() & ": FAIL: AA certificate not found in the chain[last-1] ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } log("*** " & testcasename() & ": PASS: AA certificate was found in the chain ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_SND_CERT_AA_01_01_BV /** * @desc Check that the AA certificsate subject_name variable-length vector contains 32 bytes maximum *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * with { * the IUT being in the 'authorized' state * the IUT being requested to include certificate chain in the next CAM * } ensure that { * when { * the IUT is requested to send a CAM * } then { * the IUT sends a SecuredMessage * containing header_fields['signer_info'].signer * containing type * indicating 'certificate_chain' * containing certificates[last-1] * containing subject_info.subject_name * indicating length <= 32 bytes * } * } ** @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_AA_02_01_BV * @reference ETSI TS 103 097 [1], clause 6.2 */ testcase TC_SEC_ITSS_SND_CERT_AA_02_01_BV() runs on ItsGeoNetworking system ItsSecSystem { var CertificateChain v_chain; // Test control if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain ***"); tc_ac.start; if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) { log("*** " & testcasename() & ": INCONC: Expected message not received ***"); f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout); } tc_ac.stop; if (lengthof(v_chain) < 2) { log("*** " & testcasename() & ": FAIL: Certificate chain is too short ***"); f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_error); } // Verified automatically on decoding if (lengthof(v_chain[lengthof(v_chain) - 2].subject_info.subject_name) > 32 ) { log("*** " & testcasename() & ": FAIL: Subject name of the AA certificate is too long ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } log("*** " & testcasename() & ": PASS: Subject name of the AA certificate is good ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_SND_CERT_AA_02_01_BV /** * @desc Check that signer_info type of AA certificates is set to 'certificate_digest_with_sha256' *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * with { * the IUT being in the 'authorized' state * the IUT being requested to include certificate chain in the next CAM * } ensure that { * when { * the IUT is requested to send a CAM * } then { * the IUT sends a SecuredMessage * containing header_fields['signer_info'].signer * containing type * indicating 'certificate_chain' * containing certificates[last-1] * containing signer_info * containing type * indicating 'certificate_digest_with_sha256' * } * } ** @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_AA_03_01_BV * @reference ETSI TS 103 097 [1], clause 7.4.4 */ testcase TC_SEC_ITSS_SND_CERT_AA_03_01_BV() runs on ItsGeoNetworking system ItsSecSystem { var CertificateChain v_chain; var Certificate v_aa_cert; // Test control if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain ***"); tc_ac.start; if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) { log("*** " & testcasename() & ": INCONC: Expected message not received ***"); f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout); } tc_ac.stop; if (lengthof(v_chain) < 2) { log("*** " & testcasename() & ": FAIL: Certificate chain is too short ***"); f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_error); } v_aa_cert := v_chain[lengthof(v_chain) - 2]; if (not match(v_aa_cert, mw_aa_certificate(mw_signerInfo_digest))) { log("*** " & testcasename() & ": FAIL: AA certificate not signed by digest ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } log("*** " & testcasename() & ": PASS: AA certificate is signed by digest ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_SND_CERT_AA_03_01_BV /** * @desc Check that AA certificate is signed by Root CA or other authority * @remark There is no clear specification that AA cert shall be signed by the Root CA only *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * with { * the IUT being in the 'authorized' state * the IUT being requested to include certificate in the next CAM * } ensure that { * when { * the IUT is requested to send a CAM * } then { * the IUT sends a SecuredMessage * containing header_fields['signer_info'].signer * containing type * indicating 'certificate_chain' * containing certificates * containing certificates[last-1] * containing signer_info * containing type * indicating 'certificate_digest_with_ecdsap256' * and containing digest * referencing to the trusted certificate * containing subject_info.subject_type * indicating 'root_ca' * or indicating 'authorisation_authority' * } * } ** @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_AA_04_01_BV * @reference ETSI TS 103 097 [1], clauses 6.3 */ testcase TC_SEC_ITSS_SND_CERT_AA_04_01_BV() runs on ItsGeoNetworking system ItsSecSystem { var CertificateChain v_chain; var Certificate v_aa_cert, v_ca_cert; var SignerInfo v_si; var HashedId8 v_ca_digest; // Test control if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain ***"); tc_ac.start; if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) { log("*** " & testcasename() & ": INCONC: Expected message not received ***"); f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout); } tc_ac.stop; v_aa_cert := v_chain[lengthof(v_chain) - 2]; // Process signerInfo field if ( true != f_getCertificateSignerInfo(v_aa_cert, v_si)) { log("*** " & testcasename() & ": FAIL: AA certificate must contain SignerInfo fields ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } if (v_si.type_ == e_certificate_digest_with_sha256) { log("*** " & testcasename() & ": FAIL: AA certificate must contain SignerInfo field containing a certificate_digest_with_ecdsap256 ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } f_readCertificate(cc_taCert_CA, v_ca_cert); v_ca_digest := f_calculateDigestFromCertificate(v_ca_cert); if (not match(v_aa_cert, mw_aa_certificate(mw_signerInfo_digest(v_ca_digest)))) { log("*** " & testcasename() & ": FAIL: AA certificate signer info doesn't reference the CA certificate from the chain ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } if (not f_verifyCertificateSignatureWithIssuingCertificate(v_aa_cert, v_ca_cert)) { log("*** " & testcasename() & ": FAIL: AT certificate signature verification failed ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } log("*** " & testcasename() & ": PASS: AA certificate was signed by the CA certificate from the given chain ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_SND_CERT_AA_04_01_BV /** * @desc Check that all neccesary subject attributes are present and arranged in accesing order *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * with { * the IUT being in the 'authorized' state * the IUT being requested to include certificate chain in the next CAM * } ensure that { * when { * the IUT is requested to send a CAM * } then { * the IUT sends a SecuredMessage * containing header_fields['signer_info'].signer * containing type * indicating 'certificate_chain' * containing certificates[last-1] * containing subject_attributes [0..N] * indicating subject_attributes[n].type < subject_attributes[n+ 1].type * containing subject_attributes['verification_key'] * containing subject_attributes['assurance_level'] * containing subject_attributes['its_aid_list'] * } * } ** @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_AA_05_01_BV * @reference ETSI TS 103 097 [1], clauses 6.1, 7.4.1 and 7.4.4 */ testcase TC_SEC_ITSS_SND_CERT_AA_05_01_BV() runs on ItsGeoNetworking system ItsSecSystem { var CertificateChain v_chain; var SubjectAttributes v_attrs; // Test control if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain ***"); tc_ac.start; if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) { log("*** " & testcasename() & ": INCONC: Expected message not received ***"); f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout); } tc_ac.stop; if (lengthof(v_chain) < 2) { log("*** " & testcasename() & ": FAIL: Certificate chain is too short ***"); f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_error); } if (not match(v_chain[lengthof(v_chain) - 2], mw_aa_certificate(?, superset(mw_subject_attribute_verification_key, mw_subject_attribute_assurance_level, mw_subject_attribute_its_aid_list))) ) { log("*** " & testcasename() & ": FAIL: Required subject attribute of AA certificate is not found ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } v_attrs := v_chain[lengthof(v_chain) - 2].subject_attributes; for (var integer v_counter := 1; v_counter < lengthof(v_attrs); v_counter := v_counter + 1 ) { if (v_attrs[v_counter].type_ <= v_attrs[v_counter-1].type_) { log("*** " & testcasename() & ": FAIL: AA certificate subject attributes are not arranged in accening order ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } } log("*** " & testcasename() & ": PASS: All required AA certificate subject attributes are presents ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_SND_CERT_AA_05_01_BV /** * @desc Check that all AIDs containing in the its_aid_list in AA certificate are unique * Check that AID list contains not more then 31 items *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * with { * the IUT being in the 'authorized' state * the IUT being requested to include certificate chain in the next CAM * } ensure that { * when { * the IUT is requested to send a CAM * } then { * the IUT sends a SecuredMessage * containing header_fields['signer_info'].signer * containing type * indicating 'certificate_chain' * containing certificates[last-1] * containing subject_attributes['its_aid_list'] * containing its_aid_list[0..N] * containing no more then 31 unique item * } * } ** @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_AA_08_01_BV * @reference ETSI TS 103 097 [1], clauses 7.4.4 */ testcase TC_SEC_ITSS_SND_CERT_AA_08_01_BV() runs on ItsGeoNetworking system ItsSecSystem { var CertificateChain v_chain; var Certificate v_aa_cert; var SubjectAttribute v_sa; // Test control if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain ***"); tc_ac.start; if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) { log("*** " & testcasename() & ": INCONC: Expected message not received ***"); f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout); } tc_ac.stop; if (lengthof(v_chain) < 2) { log("*** " & testcasename() & ": FAIL: Certificate chain is too short ***"); f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_error); } v_aa_cert := v_chain[lengthof(v_chain) - 2]; if (f_getCertificateSubjectAttribute(v_aa_cert, e_its_aid_list, v_sa)) { if (lengthof(v_sa.attribute.its_aid_list) > 31) { log("*** " & testcasename() & ": FAIL: ITS-AID list contains " & int2str(lengthof(v_sa.attribute.its_aid_list)) & " items (>31) ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } for (var integer v_counter :=0; v_counter < lengthof(v_sa.attribute.its_aid_list); v_counter := v_counter + 1) { for (var integer j :=0; j < lengthof(v_sa.attribute.its_aid_list); j := j + 1) { if (v_counter != j and v_sa.attribute.its_aid_list[v_counter] == v_sa.attribute.its_aid_list[j]) { log("*** " & testcasename() & ": FAIL: ITS-AID " & int2str(v_sa.attribute.its_aid_list[j]) & " is duplicated in AA certificate ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } } } // End of 'for' statement } else { log("*** " & testcasename() & ": FAIL: AA certificate does not contain its_aid_list subject attribute ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } log("*** " & testcasename() & ": PASS: Time validity restriction of the AA certificate is good ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_SND_CERT_AA_08_01_BV /** * @desc Check that all mandatory validity restrictions are present and arranged in ascending order *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * with { * the IUT being in the 'authorized' state * the IUT being requested to include certificate chain in the next CAM * } ensure that { * when { * the IUT is requested to send a CAM * } then { * the IUT sends a SecuredMessage * containing header_fields['signer_info'].signer * containing type * indicating 'certificate_chain' * and containing certificates * containing certificates[last-1] * containing validity_restrictions[0..N] * indicating validity_restrictions[n].type < validity_restrictions[n+1].type * and containing validity_restrictions['time_start_and_end'] * and not containing validity_restrictions['time_end'] * and not containing validity_restrictions['time_start_and_duration'] * } * } ** @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_AA_10_01_BV * @reference ETSI TS 103 097 [1], clauses 6.1, 6.7 and 7.4.1 */ testcase TC_SEC_ITSS_SND_CERT_AA_10_01_BV() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var CertificateChain v_chain; var Certificate v_cert; var integer v_previousValidityRestrictionType; // Test control if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain ***"); tc_ac.start; if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) { log("*** " & testcasename() & ": INCONC: Expected message not received ***"); f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout); } tc_ac.stop; // Test Body // Process certificate[last - 1] v_cert := v_chain[lengthof(v_chain) - 2]; if (match( v_cert.validity_restrictions, ( superset( mw_validity_restriction_time_end, mw_validity_restriction_time_start_and_duration ) ) )) { log("*** " & testcasename() & ": FAIL: certificate[last-2] must not contain time_end and time_start_and_duration restrictions ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } for (var integer v_counter := 1; v_counter < lengthof(v_cert.validity_restrictions); v_counter := v_counter + 1) { // Check forbidden header if (not match(v_cert.validity_restrictions[v_counter].type_, e_time_start_and_end)) { // FIXME To be reviewed log("*** " & testcasename() & ": FAIL: Forbidden header present"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } if (v_counter > 1 ) { // Check that headers are ordered if (match(v_cert.validity_restrictions[v_counter].type_, integer:(0..v_previousValidityRestrictionType))) { // Check that header is duplicated if (match(v_cert.validity_restrictions[v_counter].type_, v_previousValidityRestrictionType)) { log("*** " & testcasename() & ": FAIL: multiple instances of same header"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": FAIL: headers not in correct order"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } } } v_previousValidityRestrictionType := enum2int(v_cert.validity_restrictions[v_counter].type_); } // End of 'for' statement log("*** " & testcasename() & ": PASS: Time validity restriction of the certificate[last-2] is good ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_SND_CERT_AA_10_01_BV /** * @desc Check that time_start_and_end is included in the AA certificate validation restrictions; * Check that end_validity is greater than start_validity * Check that validity restriction of AA certificate is inside the validity restriction of its issuing certificate *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * with { * the IUT being in the 'authorized' state * the IUT being requested to include certificate chain in the next CAM * } ensure that { * when { * the IUT is requested to send a CAM * } then { * the IUT sends a SecuredMessage * containing header_fields['signer_info'].signer * containing type * indicating 'certificate_chain' * containing certificates[last-1] { * containing validity_restrictions * containing validity_restrictions['time_start_and_end'] * containing start_validity * indicating START_AA_VALIDITY * containing end_validity * indicating END_AA_VALIDITY >=START_AA_VALIDITY * and containing signer_info * containing digest * referenced to the trusted certificate * containing validity_restrictions['time_end'] * containing end_validity * indicating value > AA_END_VALIDITY * or containing validity_restrictions['time_start_and_end'] * containing start_validity * indicating value <= AA_START_VALIDITY * and containing end_validity * indicating value > AA_END_VALIDITY * or containing validity_restrictions['time_start_and_duration'] * containing start_validity * indicating X_START_VALIDITY <= AA_START_VALIDITY * and containing duration * indicating value > AA_END_VALIDITY - X_START_VALIDITY * } * } ** @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_AA_11_01_BV * @reference ETSI TS 103 097 [1], clauses 7.4.4 */ testcase TC_SEC_ITSS_SND_CERT_AA_11_01_BV() runs on ItsGeoNetworking system ItsSecSystem { var CertificateChain v_chain; var Certificate v_aa_cert; var ValidityRestriction v_vr; // Test control if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain ***"); tc_ac.start; if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) { log("*** " & testcasename() & ": INCONC: Expected message not received ***"); f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout); } tc_ac.stop; if (lengthof(v_chain) < 2) { log("*** " & testcasename() & ": FAIL: Certificate chain is too short ***"); f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_error); } v_aa_cert := v_chain[lengthof(v_chain) - 2]; if (match (v_aa_cert.validity_restrictions, (superset(mw_validity_restriction_time_end, mw_validity_restriction_time_start_and_duration))) ) { log("*** " & testcasename() & ": FAIL: AA certificate must not contain time_end and time_start_and_duration restrictions ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } if ( true != f_getCertificateValidityRestriction(v_aa_cert, e_time_start_and_end, v_vr)) { log("*** " & testcasename() & ": FAIL: AA certificate must contain time_start_and_end restrictions ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } if (v_vr.validity.time_start_and_end.start_validity > v_vr.validity.time_start_and_end.end_validity ) { log("*** " & testcasename() & ": FAIL: start validity mus not be greater then end validity in the validity restrictions of AA certificate ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } log("*** " & testcasename() & ": PASS: Time validity restriction of the AA certificate is good ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_SND_CERT_AA_11_01_BV } // End of group AA_Certificates /** * @desc Sending behaviour test cases for AT certificate profil * @see ETSI TS 103 096-2 V1.2.2 (2016-01) Clause 5.2.7.8 AT certificate profile */ group AT_Certificates { /** * @desc Check that the subject_type of the AT certificate is set to 'authorization_ticket' *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * with { * the IUT being in the 'authorized' state * the IUT being requested to include certificate in the next CAM * } ensure that { * when { * the IUT is requested to send a CAM * } then { * the IUT sends a SecuredMessage * containing header_fields['signer_info'].signer * containing type * indicating 'certificate' * and containing certificate * containing subject_info.subject_type * indicating 'authorization_ticket' (1) * } * } ** @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_AT_01_01_BV * @reference ETSI TS 103 097 [1], clause 7.4.2 */ testcase TC_SEC_ITSS_SND_CERT_AT_01_01_BV() runs on ItsGeoNetworking system ItsSecSystem { var Certificate v_at_cert; // Test control if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body log("*** " & testcasename() & ": INFO: Waiting for the message containing certificate ***"); tc_ac.start; if (not f_waitForCertificate(v_at_cert)) { log("*** " & testcasename() & ": INCONC: Expected message not received ***"); f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout); } tc_ac.stop; if (not match(v_at_cert, mw_at_certificate)) { log("*** " & testcasename() & ": FAIL: Message wasn't signed by AT certificate ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } log("*** " & testcasename() & ": PASS: AT certificate has the 'authorization_ticket' subject_type ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_SND_CERT_AT_01_01_BV /** * @desc Check that the subject_name variable-length vector is empty for AT certificates *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * with { * the IUT being in the 'authorized' state * the IUT being requested to include certificate in the next CAM * } ensure that { * when { * the IUT is requested to send a CAM * } then { * the IUT sends a SecuredMessage * containing header_fields['signer_info'].signer * containing type * indicating 'certificate' * and containing certificates * containing subject_info.subject_name * indicating length = 0 * } * } ** @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_AT_02_01_BV * @reference ETSI TS 103 097 [1], clause 7.4.2 */ testcase TC_SEC_ITSS_SND_CERT_AT_02_01_BV() runs on ItsGeoNetworking system ItsSecSystem { var Certificate v_at_cert; // Test control if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body log("*** " & testcasename() & ": INFO: Waiting for the message containing certificate ***"); tc_ac.start; if (not f_waitForCertificate(v_at_cert)) { log("*** " & testcasename() & ": INCONC: Expected message not received ***"); f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout); } tc_ac.stop; if (0 != lengthof(v_at_cert.subject_info.subject_name)) { log("*** " & testcasename() & ": FAIL: Subject name of the AT certificate is not empty ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } log("*** " & testcasename() & ": PASS: Subject name of the AT certificate is empty ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_SND_CERT_AT_02_01_BV /** * @desc Check that signer_info type of AT certificates is set to 'certificate_digest_with_sha256' *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * with { * the IUT being in the 'authorized' state * the IUT being requested to include certificate in the next CAM * } ensure that { * when { * the IUT is requested to send a CAM * } then { * the IUT sends a SecuredMessage * containing header_fields['signer_info'].signer * containing type * indicating 'certificate' * and containing certificate * containing signer_info * containing type * indicating 'certificate_digest_with_sha256' * } * } ** @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_AT_03_01_BV * @reference ETSI TS 103 097 [1], clauses 7.4.2 */ testcase TC_SEC_ITSS_SND_CERT_AT_03_01_BV() runs on ItsGeoNetworking system ItsSecSystem { var Certificate v_at_cert; // Test control if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body log("*** " & testcasename() & ": INFO: Waiting for the message containing certificate ***"); tc_ac.start; if (not f_waitForCertificate(v_at_cert)) { log("*** " & testcasename() & ": INCONC: Expected message not received ***"); f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout); } tc_ac.stop; if ( not match(v_at_cert, mw_certificate(mw_signerInfo_digest)) ) { log("*** " & testcasename() & ": FAIL: AT certificate doesn't contain a digest of issuing cert ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } log("*** " & testcasename() & ": PASS: The signer info of AT certificate is a digest ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_SND_CERT_AT_03_01_BV /** * @desc Check that subject attributes are present and arranged in ascending order *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * with { * the IUT being in the 'authorized' state * the IUT being requested to include certificate in the next CAM * } ensure that { * when { * the IUT is requested to send a CAM * } then { * the IUT sends a SecuredMessage * containing header_fields['signer_info'].signer * containing type * indicating 'certificate' * containing certificate * containing subject_attributes [0..N] * indicating subject_attributes[n].type < subject_attributes[n+ 1].type * containing subject_attributes['verification_key'] * containing subject_attributes['assurance_level'] * containing subject_attributes['its_aid_ssp_list'] * } * } ** @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_AT_04_01_BV * @reference ETSI TS 103 097 [1], clauses 7.4.1 and 7.4.2 */ testcase TC_SEC_ITSS_SND_CERT_AT_04_01_BV() runs on ItsGeoNetworking system ItsSecSystem { var Certificate v_at_cert; var SubjectAttributes v_attrs; // Test control if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body log("*** " & testcasename() & ": INFO: Waiting for the message containing certificate ***"); tc_ac.start; if (not f_waitForCertificate(v_at_cert)) { log("*** " & testcasename() & ": INCONC: Expected message not received ***"); f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout); } tc_ac.stop; if (not match( v_at_cert, mw_at_certificate( ?, superset( mw_subject_attribute_verification_key, mw_subject_attribute_assurance_level, mw_subject_attribute_its_aid_ssp_list )))) { log("*** " & testcasename() & ": FAIL: Required subject attribute of AT certificate is not found ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } v_attrs := v_at_cert.subject_attributes; for (var integer v_counter := 1; v_counter < lengthof(v_attrs); v_counter := v_counter + 1 ) { if (v_attrs[v_counter].type_ <= v_attrs[v_counter-1].type_) { log("*** " & testcasename() & ": FAIL: AT certificate subject attributes are not arranged in ascending order ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } } // End of 'for' statement log("*** " & testcasename() & ": PASS: All required AT certificate subject attributes are presents and arranged in ascending order ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_SND_CERT_AT_04_01_BV /** * @desc Check that time_start_and_end is included in the AT certificate validation restrictions * Check that time_start_and_end is inside the AA certificate time restrictions * Check that validity restriction of AT certificate is inside the validity restriction of its issuing certificate *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * with { * the IUT being in the 'authorized' state * the IUT being requested to include certificate chain in the next CAM * } ensure that { * when { * the IUT is requested to send a CAM * } then { * the IUT sends a SecuredMessage * containing header_fields['signer_info'].signer * containing type * indicating 'certificate_chain' * containing certificates[last] * containing subject_info.subject_type * indicating 'authorization_ticket' (1) * not containing validity_restrictions['time_end'] * and not containing validity_restrictions['time_start_and_duration'] * and containing validity_restrictions['time_start_and_end'] * containing start_validity * indicating START_AT_VALIDITY * and containing end_validity * indicating END_AT_VALIDITY * and containing certificates[last-1] * containing validity_restrictions['time_end'] * containing end_validity * indicating value > AT_END_VALIDITY * or containing validity_restrictions['time_start_and_end'] * containing start_validity * indicating value <= AT_START_VALIDITY * containing end_validity * indicating value > AT_END_VALIDITY * or containing validity_restrictions['time_start_and_duration'] * containing start_validity * indicating X_START_VALIDITY <= AT_START_VALIDITY * and containing duration * indicating value > AT_END_VALIDITY - X_START_VALIDITY * } * } ** @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_AT_05_01_BV * @reference ETSI TS 103 097 [1], clause 7.4.2 */ testcase TC_SEC_ITSS_SND_CERT_AT_05_01_BV() runs on ItsGeoNetworking system ItsSecSystem { var CertificateChain v_chain; var Certificate v_aa_cert, v_at_cert; var ValidityRestriction v_vr, v_aa_vr; // Test control if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain ***"); tc_ac.start; if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) { log("*** " & testcasename() & ": INCONC: Expected message not received ***"); f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout); } tc_ac.stop; if (lengthof(v_chain) < 2) { log("*** " & testcasename() & ": FAIL: Certificate chain is too short ***"); f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_error); } v_aa_cert := v_chain[lengthof(v_chain) - 2]; v_at_cert := v_chain[lengthof(v_chain) - 1]; if (match ( v_at_cert.validity_restrictions, ( superset( mw_validity_restriction_time_end, mw_validity_restriction_time_start_and_duration ) ) )) { log("*** " & testcasename() & ": FAIL: AT certificate must not contain time_end and time_start_and_duration restrictions ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } if ( true != f_getCertificateValidityRestriction(v_at_cert, e_time_start_and_end, v_vr)) { log("*** " & testcasename() & ": FAIL: AT certificate must contain time_start_and_end restrictions ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } if (v_vr.validity.time_start_and_end.start_validity > v_vr.validity.time_start_and_end.end_validity ) { log("*** " & testcasename() & ": FAIL: start validity must not be greater then end validity in the validity restrictions of AT certificate ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } if (true == f_getCertificateValidityRestriction(v_aa_cert, e_time_start_and_end, v_aa_vr)) { if ( (v_vr.validity.time_start_and_end.start_validity < v_aa_vr.validity.time_start_and_end.start_validity) or (v_vr.validity.time_start_and_end.end_validity > v_aa_vr.validity.time_start_and_end.end_validity) ) { log("*** " & testcasename() & ": FAIL: AT certificate time validity restriction must be inside the AA certificate time validity restriction ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } } else if (true == f_getCertificateValidityRestriction(v_aa_cert, e_time_end, v_aa_vr)) { if (v_vr.validity.time_start_and_end.end_validity > v_aa_vr.validity.end_validity) { log("*** " & testcasename() & ": FAIL: AT certificate time validity restriction must be inside the AA certificate time validity restriction ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } } else if (true == f_getCertificateValidityRestriction(v_aa_cert, e_time_start_and_duration, v_aa_vr)) { var Time64 v_end := v_aa_vr.validity.time_start_and_duration.start_validity + f_duration2time(v_aa_vr.validity.time_start_and_duration.duration_); if ( (v_vr.validity.time_start_and_end.start_validity < v_aa_vr.validity.time_start_and_duration.start_validity) or (v_vr.validity.time_start_and_end.end_validity > v_end) ) { log("*** " & testcasename() & ": FAIL: AT certificate time validity restriction must be inside the AA certificate time validity restriction ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } } else { log("*** " & testcasename() & ": FAIL: Wrong AA certificate time restrictions ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } log("*** " & testcasename() & ": PASS: Time validity restriction of the AT certificate is good ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_SND_CERT_AT_05_01_BV /** * @desc Check that all AIDs containing in the its_aid_ssp_list in AT certificate are unique * Check that all AIDs containing in the its_aid_ssp_list in AT certificate are also containing in the * its_aid_list in the correspondent AA certificate * Check that the length of SSP of each AID is 31 octet maximum *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * with { * the IUT being in the 'authorized' state * the IUT being requested to include certificate chain in the next CAM * } ensure that { * when { * the IUT is requested to send a CAM * } then { * the IUT sends a SecuredMessage * containing header_fields['signer_info'].signer * containing type * indicating 'certificate_chain' * containing certificates[last-1] * containing subject_info.subject_type * indicating 'authorization_authority' (2) * containing subject_attributes['its_aid_list'] * containing its_aid_list[0..N] * indicating ITS_AID_LIST_AA * containing certificates[last] * containing subject_info.subject_type * indicating 'authorization_ticket' (1) * containing subject_attributes['its_aid_ssp_list'] * containing its_aid_ssp_list[0..N] * containing its_aid_ssp_list[n] * containing its_aid * indicating unique value containing in the ITS_AID_LIST_AA * containing service_specific_permissions * indicating length <= 31 octet * } * } ** @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_AT_07_01_BV * @reference ETSI TS 103 097 [1], clauses 6.9 and 7.4.2 */ testcase TC_SEC_ITSS_SND_CERT_AT_07_01_BV() runs on ItsGeoNetworking system ItsSecSystem { var CertificateChain v_chain; var Certificate v_aa_cert, v_at_cert; var SubjectAttribute v_sa; var IntXs v_aid_list; var ItsAidSsps v_aid_ssp_list; // Test control if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain ***"); tc_ac.start; if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) { log("*** " & testcasename() & ": INCONC: Expected message not received ***"); f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout); } tc_ac.stop; if (lengthof(v_chain) < 2) { log("*** " & testcasename() & ": FAIL: Certificate chain is too short ***"); f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_error); } v_aa_cert := v_chain[lengthof(v_chain) - 2]; v_at_cert := v_chain[lengthof(v_chain) - 1]; if (not f_getCertificateSubjectAttribute(v_aa_cert, e_its_aid_list, v_sa)) { log("*** " & testcasename() & ": FAIL: AA certificate does not contain its_aid_list subject attribute ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } v_aid_list := v_sa.attribute.its_aid_list; if (not f_getCertificateSubjectAttribute(v_at_cert, e_its_aid_ssp_list, v_sa)) { log("*** " & testcasename() & ": FAIL: AA certificate does not contain its_aid_list subject attribute ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } v_aid_ssp_list := v_sa.attribute.its_aid_ssp_list; for (var integer v_counter :=0; v_counter < lengthof(v_aid_ssp_list); v_counter := v_counter + 1) { // Check unique for (var integer j :=0; j < lengthof(v_aid_ssp_list); j := j + 1) { if (v_counter != j and v_aid_ssp_list[v_counter].its_aid == v_aid_ssp_list[j].its_aid) { log("*** " & testcasename() & ": FAIL: ITS-AID " & int2str(v_aid_ssp_list[v_counter].its_aid) & " is duplicated in AT certificate ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } } // End of 'for' statement // if (not match(v_aid_ssp_list[v_counter], (all from v_aid_list))) { // log("*** " & testcasename() & ": FAIL: ITS-AID " & int2str(v_aid_ssp_list[v_counter].its_aid) & " is not exist in AA certificate ***"); // f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); // } // TODO Not possible due to typing To be removed // if (lengthof(v_aid_ssp_list[v_counter].service_specific_permissions.sspContainer) > 31) { // log("*** " & testcasename() & ": FAIL: ITS-AID " & int2str(v_aid_ssp_list[v_counter].its_aid) & " has too long service_specific_permissions ***"); // f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); // } } // End of 'for' statement log("*** " & testcasename() & ": PASS: The ITS_AID_SSP list of the AT certificate is good ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_SND_CERT_AT_07_01_BV /** * @desc Check that AT certificate is signed by AA cert *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * with { * the IUT being in the 'authorized' state * the IUT being requested to include certificate chain in the next CAM * } ensure that { * when { * the IUT is requested to send a CAM * } then { * the IUT sends a SecuredMessage * containing header_fields['signer_info'].signer * containing type * indicating 'certificate_chain' * containing certificates[last-1] (CERT_AA) * containing subject_info.subject_type * indicating 'authorization_authority' (2) * and containing subject_attributes['verification key'] (KEY) * containing certificates[last] * containing subject_info.subject_type * indicating 'authorization_ticket' (1) * and containing signer_info[0] * containing type * indicating 'certificate_digest_with_sha256' * containing digest * referencing to CERT_AA * and containing signature * verifiable using KEY * } * } ** @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_AT_08_01_BV * @reference ETSI TS 103 097 [1], clause 6.3 */ testcase TC_SEC_ITSS_SND_CERT_AT_08_01_BV() runs on ItsGeoNetworking system ItsSecSystem { var CertificateChain v_chain; var Certificate v_aa_cert, v_at_cert; var HashedId8 v_aa_digest; // Test control if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain ***"); tc_ac.start; if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) { log("*** " & testcasename() & ": INCONC: Expected message not received ***"); f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout); } tc_ac.stop; if (lengthof(v_chain) < 2) { log("*** " & testcasename() & ": FAIL: Certificate chain is too short ***"); f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_error); } v_at_cert := v_chain[lengthof(v_chain) - 1]; v_aa_cert := v_chain[lengthof(v_chain) - 2]; v_aa_digest := f_calculateDigestFromCertificate(v_aa_cert); if (not match(v_at_cert, mw_at_certificate(mw_signerInfo_digest(v_aa_digest)))) { log("*** " & testcasename() & ": FAIL: AT certificate signer info doesn't reference the AA certificate from the chain ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } if (not f_verifyCertificateSignatureWithIssuingCertificate(v_at_cert, v_aa_cert)) { log("*** " & testcasename() & ": FAIL: AT certificate signature verification failed ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } log("*** " & testcasename() & ": PASS: AT certificate was signed by the AA certificate from the given chain ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_SND_CERT_AT_08_01_BV /** * @desc Check that all necessary validity restrictions are present and arranged in ascending order *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * with { * the IUT being in the 'authorized' state * the IUT being requested to include certificate in the next CAM * } ensure that { * when { * the IUT is requested to send a CAM * } then { * the IUT sends a SecuredMessage * containing header_fields['signer_info'].signer * containing type * indicating 'certificate' * containing certificate * containing subject_attributes [0..N] * indicating subject_attributes[n].type < subject_attributes[n+ 1].type * containing subject_attributes['verification_key'] * containing subject_attributes['assurance_level'] * containing subject_attributes['its_aid_ssp_list'] * } * } ** @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_AT_10_01_BV * @reference ETSI TS 103 097 [1], clauses 6.1 */ testcase TC_SEC_ITSS_SND_CERT_AT_10_01_BV() runs on ItsGeoNetworking system ItsSecSystem { var Certificate v_at_cert; var ValidityRestriction v_vr; var ValidityRestrictions v_vrs; // Test control if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body log("*** " & testcasename() & ": INFO: Waiting for the message containing certificate ***"); tc_ac.start; if (not f_waitForCertificate(v_at_cert)) { log("*** " & testcasename() & ": INCONC: Expected message not received ***"); f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout); } tc_ac.stop; if (not match( v_at_cert, mw_at_certificate( mw_signerInfo_certificate ))) { } if (true != f_getCertificateValidityRestriction(v_at_cert.signer_info.signerInfo.certificate, e_time_start_and_end, v_vr)) { log("*** " & testcasename() & ": FAIL: Required 'time_start_and_end' validity_restriction attribute of AT certificate is not found ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } v_vrs := v_at_cert.signer_info.signerInfo.certificate.validity_restrictions; for (var integer v_counter := 1; v_counter < lengthof(v_vrs); v_counter := v_counter + 1 ) { if (v_vrs[v_counter].type_ <= v_vrs[v_counter-1].type_) { log("*** " & testcasename() & ": FAIL: AT certificate subject attributes are not arranged in ascending order ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } } // End of 'for' statement log("*** " & testcasename() & ": PASS: All required AT certificate subject attributes are presents and arranged in ascending order ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_SND_CERT_AT_10_01_BV } // End of group AT_Certificates } // End of group sendCertificatesProfile } // End of group sendingBehavior /** * @desc Receiver behaviour test cases * @see ETSI TS 103 096-2 V1.2.2 (2016-01) Clause 5.3 Receiver behaviour */ group receiverBehavior { /** * @desc Receiving behaviour test cases for CAM profile * @see ETSI TS 103 096-2 V1.2.2 (2016-01) Clause 5.3.2 CAM Profile */ group recvCamProfile { /** * @desc Check that IUT accepts a well-formed Secured CAM containing certificate in signer_info *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage * containing protocol_version * indicating value '2' * and containing header_fields[0] * containing type * indicating 'signer_info' * and containing signer * containing type * indicating 'certificate' * and containing certificate (CERT_TS_AT_A) * containing subject_info.subject_type * indicating 'authorization_ticket' (2) * and containing subject_attributes['verification key'] (KEY) * and containing header_fields [1] * containing type * indicating 'generation_time' * containing generation_time * indicating CURRENT_TIME * and containing header_fields[2] * containing type * indicating 'its_aid' * containing its_aid * indicating 'AID_CAM' * and not containing any other header fields * and containing payload_field * containing type * indicating 'signed' * containing data * indicating length > 0 * containing CAM payload * and containing trailer_fields * containing single instance of type TrailerField * containing type * indicating 'signature' * containing signature * verifiable using KEY * } then { * the IUT accepts the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_CAM_01_01_BV * @reference ETSI TS 103 097 [1], clause 7.1 */ testcase TC_SEC_ITSS_RCV_CAM_01_01_BV() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; // Test adapter configuration if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_sendSecuredCam(cc_taCert_A, omit, e_certificate); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": PASS: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } else { log("*** " & testcasename() & ": FAIL: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_CAM_01_01_BV /** * @desc Check that IUT accepts a well-formed Secured CAM containing certificate digest of the known certificate in signer_info *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * and the IUT already sent a Secured message containing certificate (CERT_TS_A_AT) * containing subject_info.subject_type * indicating 'authorization_ticket' (2) * and containing subject_attributes['verification key'] (KEY) * } * ensure that { * when { * the IUT is receiving a SecuredMessage * containing protocol_version * indicating value '2' * and containing header_fields[0] * containing type * indicating 'signer_info' * and containing signer * containing type * indicating 'certificate_digest_with_sha256' * and containing digest * referencing to certificate (CERT_TS_A_AT) * and containing header_fields [1] * containing type * indicating 'generation_time' * containing generation_time * indicating CURRENT_TIME * and containing header_fields[2] * containing type * indicating 'its_aid' * containing its_aid * indicating 'AID_CAM' * and not containing any other header fields * and containing payload_field * containing type * indicating 'signed' * containing data * indicating length > 0 * containing CAM payload * and containing trailer_fields * containing single instance of type TrailerField * containing type * indicating 'signature' * containing signature * verifiable using KEY * } then { * the IUT accepts the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_CAM_01_02_BV * @reference ETSI TS 103 097 [1], clause 7.1 */ testcase TC_SEC_ITSS_RCV_CAM_01_02_BV() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; // Test adapter configuration if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_sendSecuredCam(cc_taCert_A, omit, e_certificate_digest_with_sha256); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": PASS: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } else { log("*** " & testcasename() & ": FAIL: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_CAM_01_02_BV /** * @desc Check that IUT accepts a well-formed Secured CAM containing certificate chain in signer_info *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage * containing protocol_version * indicating value '2' * and containing header_fields[0] * containing type * indicating 'signer_info' * and containing signer * containing type * indicating 'certificate_chain' * and containing certificates * containing certificate (CERT_TS_A_AA) at index 0 * containing subject_info.subject_type * indicating 'authorization_authority' * and containing subject_attributes['verification key'] (KEY_TS_AA) * and containing certificate (CERT_TS_A_AT) at index 1 * containing subject_info.subject_type * indicating 'authorization_ticket' * and containing signer_info * containing type * indicating 'certificate_digest_with_sha256' * containing digest * referencing to the CERT_TS_A_AA * and containing signature * verifiable using KEY_TS_AA * and containing subject_attributes['verification key'] (KEY_TS_AT) * and containing header_fields [1] * containing type * indicating 'generation_time' * containing generation_time * indicating CURRENT_TIME * and containing header_fields[2] * containing type * indicating 'its_aid' * containing its_aid * indicating 'AID_CAM' * and not containing any other header fields * and containing payload_field * containing type * indicating 'signed' * containing data * indicating length > 0 * containing CAM payload * and containing trailer_fields * containing single instance of type TrailerField * containing type * indicating 'signature' * containing signature * verifiable using KEY_TC_AT * } then { * the IUT accepts the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_CAM_01_03_BV * @reference ETSI TS 103 097 [1], clause 7.1 */ testcase TC_SEC_ITSS_RCV_CAM_01_03_BV() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; // Test adapter configuration if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_sendSecuredCam(cc_taCert_A, -, e_certificate_chain); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": PASS: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } else { log("*** " & testcasename() & ": FAIL: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_CAM_01_03_BV /** * @desc Check that IUT discards a Secured CAM containing protocol version set to a value less then 2 *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_CAM_01) * containing protocol_version * indicating 1 * } then { * the IUT discards a SecuredMessage * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_CAM_02_01_BO * @reference ETSI TS 103 097 [1], clause 5.1 */ testcase TC_SEC_ITSS_RCV_CAM_02_01_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; // Test adapter configuration if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_sendSecuredCam_Bo(cc_taCert_A, PX_WRONG_PROTOCOL_VERSION); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_CAM_02_01_BO /** * @desc Check that IUT discards a Secured CAM containing protocol version set to a value greater then 2 *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_CAM_01) * containing protocol_version * indicating 3 * } then { * the IUT discards a SecuredMessage * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_CAM_02_02_BO * @reference ETSI TS 103 097 [1], clause 5.1 */ testcase TC_SEC_ITSS_RCV_CAM_02_02_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; // Test adapter configuration if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_sendSecuredCam_Bo(cc_taCert_A, PX_WRONG_PROTOCOL_VERSION); // Change PX_WRONG_PROTOCOL_VERSION to 3 f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_CAM_02_02_BO /** * @desc Check that IUT discards a secured CAM if the header_fields contains more than one element of header field type: signer_info *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_CAM_01) * containing header_fields[0].type * indicating 'signer_info' * and containing header_fields[1].type * indicating 'signer_info' * and containing header_fields[2].type * indicating 'generation_time' * and containing header_fields[3] * containing type * indicating 'its_aid' * containing its_aid * indicating 'AID_CAM' * and not containing other header fields * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_CAM_04_01_BO * @reference ETSI TS 103 097 [1], clause 7.1 */ testcase TC_SEC_ITSS_RCV_CAM_04_01_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; // Test adapter configuration if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_prepareSecuredCam( cc_taCert_A, { m_header_field_signer_info( m_signerInfo_digest( vc_atCertificate.signer_info.signerInfo.digest )), m_header_field_signer_info( m_signerInfo_certificate( vc_atCertificate )), m_header_field_generation_time(1000 * f_getCurrentTime()), // In us m_header_field_its_aid_CAM }, e_certificate_digest_with_sha256, false ); f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu)); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } // End of 'for' statement if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_CAM_04_01_BO /** * @desc Check that IUT discards a secured CAM if the header_fields does not contain the header field type: signer_info *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_CAM_01) * containing header_fields[0].type * indicating 'generation_time' * and containing header_fields[1] * containing type * indicating 'its_aid' * containing its_aid * indicating 'AID_CAM' * and not containing other header fields * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_CAM_04_02_BO * @reference ETSI TS 103 097 [1], clause 7.1 */ testcase TC_SEC_ITSS_RCV_CAM_04_02_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; // Test adapter configuration if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); if (PICS_DEBUG_ADDON) { f_sendCertificateAndWaitForCertificateChainRequest(cc_taCert_F, f_generateDefaultCam()); } f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_prepareSecuredCam( cc_taCert_A, { m_header_field_generation_time(1000 * f_getCurrentTime()), // In us m_header_field_its_aid_CAM }, e_certificate_digest_with_sha256, false ); f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu)); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } // End of 'for' statement if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_CAM_04_02_BO /** * @desc Check that IUT is able to receive a secured CAM if the signer_info header field is not encoded first *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_CAM_01) * containing header_fields[0].type * indicating 'signer_info' * and containing header_fields[1].type * indicating 'generation_time' * and containing header_fields[2].type * indicating 'signer_info' * and containing header_fields[3] * containing type * indicating 'its_aid' * containing its_aid * indicating 'AID_CAM' * and not containing other header fields * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_CAM_04_03_BO * @reference ETSI TS 103 097 [1], clause 7.1 */ testcase TC_SEC_ITSS_RCV_CAM_04_03_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; // Test adapter configuration if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_prepareSecuredCam( cc_taCert_A, { m_header_field_generation_time(1000 * f_getCurrentTime()), // In us m_header_field_its_aid_CAM, m_header_field_signer_info( m_signerInfo_digest( vc_atCertificate.signer_info.signerInfo.digest )) }, e_certificate_digest_with_sha256, false ); f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu)); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } // End of 'for' statement if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_CAM_04_03_BO /** * @desc Check that IUT discards a secured CAM if the header_fields doesn't contain the element of header field of type: generation_time *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_CAM_01) * containing header_fields[0].type * indicating 'signer_info' * and containing header_fields[1] * containing type * indicating 'its_aid' * containing its_aid * indicating 'AID_CAM' * and not containing other header fields * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_CAM_04_04_BO * @reference ETSI TS 103 097 [1], clause 7.1 */ testcase TC_SEC_ITSS_RCV_CAM_04_04_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; // Test adapter configuration if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_prepareSecuredCam( cc_taCert_A, { m_header_field_signer_info( m_signerInfo_digest( vc_atCertificate.signer_info.signerInfo.digest )), m_header_field_its_aid_CAM }, e_certificate_digest_with_sha256, false ); f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu)); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } // End of 'for' statement if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_CAM_04_04_BO /** * @desc Check that IUT discards a secured CAM if the header_fields does not contain the header field type: generation_time *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_CAM_01) * containing header_fields[0].type * indicating 'signer_info' * and containing header_fields[1] * containing type * indicating 'its_aid' * containing its_aid * indicating 'AID_CAM' * and not containing other header fields * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_CAM_04_05_BO * @reference ETSI TS 103 097 [1], clause 7.1 */ testcase TC_SEC_ITSS_RCV_CAM_04_05_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; // Test adapter configuration if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_prepareSecuredCam( cc_taCert_A, { m_header_field_signer_info( m_signerInfo_digest( vc_atCertificate.signer_info.signerInfo.digest )), m_header_field_its_aid_CAM }, e_certificate_digest_with_sha256, false ); f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu)); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } // End of 'for' statement if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_CAM_04_05_BO /** * @desc Check that IUT discards a secured CAM if the header_fields contain more than one element of header field of type: its_aid *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_CAM_01) * containing header_fields[0].type * indicating 'signer_info' * and containing header_fields[1].type * indicating 'generation_time' * and containing header_fields[2] * containing type * indicating 'its_aid' * containing its_aid * indicating 'AID_CAM' * and containing header_fields[3] * containing type * indicating 'its_aid' * containing its_aid * indicating 'AID_DENM' * and not containing other header fields * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_CAM_04_06_BO * @reference ETSI TS 103 097 [1], clause 7.1 */ testcase TC_SEC_ITSS_RCV_CAM_04_06_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; // Test adapter configuration if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_prepareSecuredCam( cc_taCert_A, { m_header_field_signer_info( m_signerInfo_digest( vc_atCertificate.signer_info.signerInfo.digest )), m_header_field_generation_time(1000 * f_getCurrentTime()), // In us m_header_field_its_aid_CAM, m_header_field_its_aid_DENM }, e_certificate_digest_with_sha256, false ); f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu)); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } // End of 'for' statement if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_CAM_04_06_BO /** * @desc Check that IUT discards a secured CAM if the header_fields contain more than one element of header field of type: its_aid *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_CAM_01) * containing header_fields[0].type * indicating 'signer_info' * and containing header_fields[1].type * indicating 'generation_time' * and not containing other header fields * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_CAM_04_06a_BO * @reference ETSI TS 103 097 [1], clause 7.1 */ testcase TC_SEC_ITSS_RCV_CAM_04_06a_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; // Test adapter configuration if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_prepareSecuredCam( cc_taCert_A, { m_header_field_signer_info( m_signerInfo_digest( vc_atCertificate.signer_info.signerInfo.digest )), m_header_field_generation_time(1000 * f_getCurrentTime()) // In us }, e_certificate_digest_with_sha256, false ); f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu)); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } // End of 'for' statement if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_CAM_04_06a_BO /** * @desc Check that IUT discards a secured CAM if the header fields are not in the ascending order according to the numbering of the enumeration *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_CAM_01) * containing header_fields[0].type * indicating 'signer_info' * and containing header_fields[1] * containing type * indicating 'its_aid' * containing its_aid * indicating 'AID_CAM' * and containing header_fields[2].type * indicating 'generation_time' * and not containing other header fields * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_CAM_04_07_BO * @reference ETSI TS 103 097 [1], clause 7.1 */ testcase TC_SEC_ITSS_RCV_CAM_04_07_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; // Test adapter configuration if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_prepareSecuredCam( cc_taCert_A, { m_header_field_signer_info( m_signerInfo_digest( vc_atCertificate.signer_info.signerInfo.digest )), m_header_field_its_aid_CAM, m_header_field_generation_time(1000 * f_getCurrentTime()) // In us }, e_certificate_digest_with_sha256, false ); f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu)); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } // End of 'for' statement if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_CAM_04_07_BO /** * @desc Check that IUT ignores the HeaderFields generation_time_standard_deviation of received Secured CAM *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_CAM_01) * containing header_fields[0].type * indicating 'signer_info' * and containing header_fields[1].type * indicating 'generation_time' * indicating TIME_1 inside the validity period of the signer certificate * and containing header_fields[2].type * indicating 'generation_time_with_standard_deviation' * indicating TIME_2 inside the validity period of the signer certificate * and containing header_fields[3] * containing type * indicating 'its_aid' * containing its_aid * indicating 'AID_CAM' * and not containing other header fields * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_CAM_04_08_BO * @reference ETSI TS 103 097 [1], clause 7.1 */ testcase TC_SEC_ITSS_RCV_CAM_04_08_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; // Test adapter configuration if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_prepareSecuredCam( cc_taCert_A, { m_header_field_signer_info( m_signerInfo_digest( vc_atCertificate.signer_info.signerInfo.digest )), m_header_field_generation_time(1000 * f_getCurrentTime()), // In us m_header_field_generation_time_with_standard_deviation( m_time64WithStandardDeviation( 1000, // In us 0 )), m_header_field_its_aid_CAM }, e_certificate_digest_with_sha256, false ); f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu)); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } // End of 'for' statement if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_CAM_04_08_BO /** * @desc Check that IUT ignores the HeaderFields generation_time_standard_deviation of received Secured CAM *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_CAM_01) * containing header_fields[0].type * indicating 'signer_info' * and containing header_fields[1].type * indicating 'generation_time' * indicating TIME_1 outside the validity period of the signer certificate * and containing header_fields[2].type * indicating 'generation_time_with_standard_deviation' * indicating TIME_2 inside the validity period of the signer certificate * and containing header_fields[3] * containing type * indicating 'its_aid' * containing its_aid * indicating 'AID_CAM' * and not containing other header fields * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_CAM_04_09_BO * @reference ETSI TS 103 097 [1], clause 7.1 */ testcase TC_SEC_ITSS_RCV_CAM_04_09_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; // Test adapter configuration if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_prepareSecuredCam( cc_taCert_A, { m_header_field_signer_info( m_signerInfo_digest( vc_atCertificate.signer_info.signerInfo.digest )), m_header_field_generation_time(1000 * f_getCurrentTime()), // In us m_header_field_generation_time_with_standard_deviation( m_time64WithStandardDeviation( 1000 * f_getCurrentTime(), // In us 0 )), m_header_field_its_aid_CAM }, e_certificate_digest_with_sha256, false ); f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu)); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } // End of 'for' statement if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_CAM_04_09_BO /** * @desc Check that IUT discards the Secured CAM containing the expiry_time HeaderField *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_CAM_01) * containing header_fields[0].type * indicating 'signer_info' * and containing header_fields[1].type * indicating 'generation_time' * indicating CURRENT_TIME * and containing header_fields[2] * containing type * indicating 'expiration' * and containing expiry_time * indicating CURRENT_TIME + 1h * and containing header_fields[3] * containing type * indicating 'its_aid' * containing its_aid * indicating 'AID_CAM' * and not containing other header fields * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_CAM_04_10_BO * @reference ETSI TS 103 097 [1], clause 7.1 */ testcase TC_SEC_ITSS_RCV_CAM_04_10_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; // Test adapter configuration if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_prepareSecuredCam( cc_taCert_A, { m_header_field_signer_info( m_signerInfo_digest( vc_atCertificate.signer_info.signerInfo.digest )), m_header_field_generation_time( 1000 * f_getCurrentTime() ), // In us m_header_field_expiry_time( f_getCurrentTime() - 3600/*1h*/ ), m_header_field_its_aid_CAM }, e_certificate_digest_with_sha256, false ); f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu)); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } // End of 'for' statement if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_CAM_04_10_BO /** * @desc Check that IUT ignores the HeaderFields generation_location of received Secured CAM *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_CAM_01) * containing header_fields[0].type * indicating 'signer_info' * and containing signer * containing type * indicating certificate * and containing certificate (CERT_TS_AT_B) * containing validity_restrictions['region'] * containing region (X_CERT_REGION) * and containing header_fields[1].type * indicating 'generation_time' * and containing header_fields[2] * containing type * indicating 'generation_location' * and containing generation_location * indicating position outside of the validity restriction of X_CERT_REGION * and containing header_fields[3] * containing type * indicating 'its_aid' * containing its_aid * indicating 'AID_CAM' * and not containing other header fields * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_CAM_04_11_BO * @reference ETSI TS 103 097 [1], clause 7.1 */ testcase TC_SEC_ITSS_RCV_CAM_04_11_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; // Test adapter configuration if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_prepareSecuredCam( cc_taCert_B, { m_header_field_generation_time(1000 * (f_getCurrentTime())), // In us m_header_field_generation_location( m_threeDLocation( PX_WGSLONGITUDE, PX_WGSLATITUDE, int2oct(0, 2) ) ), m_header_field_its_aid_CAM }, e_certificate, true ); f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu)); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } // End of 'for' statement if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_CAM_04_11_BO /** * @desc Check that IUT accepts the Secured CAM containing additional non-standard HeaderField *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_CAM_01) * containing header_fields[0].type * indicating 'signer_info' * and containing header_fields[1].type * indicating 'generation_time' * and containing header_fields[2].type * indicating 'its_aid' * containing its_aid * indicating 'AID_CAM' * and containing header_fields[3] * containing type * indicating non-standard header field type (200) * and containing other_header * indicating non-empty data * and not containing other header fields * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_CAM_04_12_BV * @reference ETSI TS 103 097 [1], clause 7.1 */ testcase TC_SEC_ITSS_RCV_CAM_04_12_BV() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; // Test adapter configuration if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_prepareSecuredCam( cc_taCert_B, { m_header_field_generation_time(1000 * (f_getCurrentTime())), // In us m_header_field_generation_location( m_threeDLocation( PX_WGSLONGITUDE, PX_WGSLATITUDE, int2oct(0, 2) ) ), m_header_field_its_aid_CAM, m_header_field_unspecify }, e_certificate_digest_with_sha256, true ); f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu)); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } // End of 'for' statement if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_CAM_04_12_BV /** * @desc Check that IUT discards the Secured CAM containing the header field 'encryption_parameter and recipient_info' *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_CAM_01) * containing header_fields[0].type * indicating 'signer_info' * and containing header_fields[1].type * indicating 'generation_time' * and containing header_fields[2].type * indicating 'its_aid' * containing its_aid * indicating 'AID_CAM' * and containing header_fields[3] * containing type * indicating 'encryption_parameters' * and containing enc_params * containing symm_algorithm * indicating 'aes_128_ccm' * and containing nonce * and containing header_fields[4] * containing type * indicating 'recipient_info' * and containing recipients * containing recipients[0] * containing cert_id * referencing to CERT_IUT_A_AT * and containing pk_encryption * indicating 'ecies_nistp256' * and containing enc_key * and not containing other header fields * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_CAM_04_13_BO * @reference ETSI TS 103 097 [1], clause 7.1 */ testcase TC_SEC_ITSS_RCV_CAM_04_13_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; var Certificate v_iutATCertificate; var SubjectAttribute v_encryption_key; // Test adapter configuration if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body if ( (f_readCertificate(cc_iutCert_A, v_iutATCertificate) == false) or (f_getCertificateSubjectAttribute(v_iutATCertificate, e_encryption_key, v_encryption_key) == false) ) { f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout); // Set verdict to inconc } else { v_securedGnPdu := f_prepareSecuredCam( cc_taCert_B, { m_header_field_generation_time(1000 * (f_getCurrentTime())), // In us m_header_field_generation_location( m_threeDLocation( PX_WGSLONGITUDE, PX_WGSLATITUDE, int2oct(0, 2) ) ), m_header_field_its_aid_CAM, // containing header_fields[2].type // indicating 'its_aid' m_header_field_enc_params( // containing header_fields[3].type.enc_params m_encryptionParameters_aes_128_ccm( // indicating 'aes_128_ccm' PX_ENCRYPTIONPARAMETERS_AES_128_CCM_NONCE // and containing nonce ) ), m_header_field_multiple_recipients( // containing header_fields[4].type { // indicating 'encryption_parameters' m_recipientInfo_ecies_enc_key( v_iutATCertificate.signer_info.signerInfo.digest, e_ecies_nistp256, // containing symm_algorithm // indicating 'aes_128_ccm' m_eciesEncryptedKey_aesccm( v_encryption_key.attribute.rv, '00000000000000000000000000000000'O, // FIXME Where to find these values '00000000000000000000000000000000'O ) ) } ) }, e_certificate_digest_with_sha256, true ); f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu)); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } // End of 'for' statement if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_CAM_04_13_BO /** * @desc Check that IUT discards a secured CAM if the header_fields contains a signer of type 'self' *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_CAM_01) * containing header_fields[0].type * indicating 'signer_info' * containing signer.type * indicating 'self' * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_CAM_05_01_BO * @reference ETSI TS 103 097 [1], clause 7.1 */ testcase TC_SEC_ITSS_RCV_CAM_05_01_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; // Test adapter configuration if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); if (PICS_DEBUG_ADDON) { f_sendCertificate(cc_taCert_F, f_generateDefaultCam()); } f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_prepareSecuredCam( cc_taCert_A, { m_header_field_signer_info( m_signerInfo_self ), m_header_field_generation_time(1000 * f_getCurrentTime()), // In us m_header_field_its_aid_CAM }, e_self, false ); f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu)); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } // End of 'for' statement if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_CAM_05_01_BO /** * @desc Check that IUT discards a secured CAM if the header_fields contains a signer of type certificate_digest_with_other_algorithm *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_CAM_02) * containing header_fields[0].type * indicating 'signer_info' * containing signer.type * indicating 'certificate_digest_with_other_algorithm' * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_CAM_05_02_BO * @reference ETSI TS 103 097 [1], clause 7.1 */ testcase TC_SEC_ITSS_RCV_CAM_05_02_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; // Test adapter configuration if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); if (PICS_DEBUG_ADDON) { f_sendCertificate(cc_taCert_F, f_generateDefaultCam()); } f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_prepareSecuredCam( cc_taCert_A, { m_header_field_signer_info( m_signerInfo_other_certificates( m_certificateWithAlgo_ecdsa( PX_OTHER_CERT_DIGEST ))), m_header_field_generation_time(1000 * f_getCurrentTime()), // In us m_header_field_its_aid_CAM }, e_certificate_digest_with_other_algorithm, false ); f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu)); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } // End of 'for' statement if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_CAM_05_02_BO /** * @desc Check that IUT discards a secured CAM if the header_fields contains a signer of type certificate_chain and the chain is empty *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_CAM_02) * containing header_fields[0].type * indicating 'signer_info' * containing signer.type * indicating 'certificate_chain' * and containing certificates * indicating length = 0 * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_CAM_05_03_BO * @reference ETSI TS 103 097 [1], clause 7.1 */ testcase TC_SEC_ITSS_RCV_CAM_05_03_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; // Test adapter configuration if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); if (PICS_DEBUG_ADDON) { f_sendCertificate(cc_taCert_F, f_generateDefaultCam()); } f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_prepareSecuredCam( cc_taCert_A, { m_header_field_signer_info( m_signerInfo_certificates( { } )), m_header_field_generation_time(1000 * f_getCurrentTime()), // In us m_header_field_its_aid_CAM }, e_certificate_chain, false ); f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu)); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } // End of 'for' statement if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_CAM_05_03_BO /** * @desc Check that IUT discards a secured CAM if the header_fields contains a signer of type certificate_chain and the chain contains only one certificate *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_CAM_03) * containing header_fields[0].type * indicating 'signer_info' * containing signer.type * indicating 'certificate_chain' * and containing certificates * indicating length = 1 * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_CAM_05_04_BO * @reference ETSI TS 103 097 [1], clause 7.1 */ testcase TC_SEC_ITSS_RCV_CAM_05_04_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; // Test adapter configuration if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_prepareSecuredCam( cc_taCert_A, { m_header_field_signer_info( m_signerInfo_certificates( { vc_atCertificate } )), m_header_field_generation_time(1000 * f_getCurrentTime()), // In us m_header_field_its_aid_CAM }, e_certificate_chain, false ); f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu)); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } // End of 'for' statement if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_CAM_05_04_BO /** * @desc Check that IUT discards a secured CAM if the header_fields contains a signer info of unknown or reserved type *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_CAM_02) * containing header_fields['signer_info'] * containing signer.type * indicating X_UNKNOWN_SIGNERINFO_TYPE * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_CAM_05_05_BO * @reference ETSI TS 103 097 [1], clause 7.1 */ testcase TC_SEC_ITSS_RCV_CAM_05_05_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; // Test adapter configuration if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_prepareSecuredCam( cc_taCert_A, { m_header_field_signer_info( m_signerInfo_unknown( 'CAFFEEDECA'O )), m_header_field_generation_time(1000 * f_getCurrentTime()), // In us m_header_field_its_aid_CAM }, e_unknown, false ); f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu)); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } // End of 'for' statement if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_CAM_05_05_BO /** * @desc Check that IUT discards message containing generation_time before the certificate validity period *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_CAM_01) * and containing header_fields['signer_info'].signer * containing certificate (CERT_TS_MSG_06_01_BO_AT) * containing validity_restrictions['time_start_and_end'] * containing start_validity * indicating START_VALIDITY_AT * and containing end_validity * indicating END_VALIDITY_AT * and containing header_fields ['generation_time'] * containing generation_time * indicating GEN_TIME < START_VALIDITY_AT * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_CAM_06_01_BO * @reference ETSI TS 103 097 [1], clauses 5.4 and 7.1 */ testcase TC_SEC_ITSS_RCV_CAM_06_01_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; var ValidityRestriction v_timeValidity; // Test adapter configuration if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body f_getCertificateValidityRestriction(vc_atCertificate, e_time_start_and_end, v_timeValidity); v_securedGnPdu := f_prepareSecuredCam( cc_taCert0601_BO, { m_header_field_generation_time( (v_timeValidity.validity.time_start_and_end.start_validity - 3600) * 1000 ) // In us }, e_certificate ); f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu)); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } // End of 'for' statement if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_CAM_06_01_BO /** * @desc Check that IUT discards message containing generation_time after the certificate validity period *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_CAM_01) * and containing header_fields['signer_info'].signer * containing certificate (CERT_TS_MSG_06_02_BO_AT) * containing validity_restrictions['time_start_and_end'] * containing start_validity * indicating START_VALIDITY_AT * and containing end_validity * indicating END_VALIDITY_AT * and containing header_fields ['generation_time'] * containing generation_time * indicating GEN_TIME > END_VALIDITY_AT * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_CAM_06_02_BO * @reference ETSI TS 103 097 [1], clauses 5.4 and 7.1 */ testcase TC_SEC_ITSS_RCV_CAM_06_02_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; var ValidityRestriction v_timeValidity; // Test adapter configuration if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body f_getCertificateValidityRestriction(vc_atCertificate, e_time_start_and_end, v_timeValidity); v_securedGnPdu := f_prepareSecuredCam( cc_taCert0602_BO, { m_header_field_generation_time( (v_timeValidity.validity.time_start_and_end.end_validity + 3600) * 1000 ) // In us }, e_certificate ); f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu)); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } // End of 'for' statement if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_CAM_06_02_BO /** * @desc Check that IUT discards Secured CAM if the generation_time is more than 5 minute in the past (C2C only) *
* Pics Selection: PICS_GN_SECURITY and PICS_ITS_C2C_MODE * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage * containing header_fields ['generation_time'] * containing generation_time * indicating GEN_TIME ( CURRENT_TIME - 302sec ) * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_CAM_06_03_BO * @reference ETSI TS 103 097 [1], clause 7.1 */ testcase TC_SEC_ITSS_RCV_CAM_06_03_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; // Test adapter configuration if (not(PICS_GN_SECURITY) or not(PICS_ITS_C2C_MODE)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_ITS_C2C_MODE' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_prepareSecuredCam( cc_taCert_A, { m_header_field_generation_time( (1000 * f_getCurrentTime() - 302) * 1000 ) // In us }, e_certificate_digest_with_sha256 ); f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu)); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } // End of 'for' statement if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_CAM_06_03_BO /** * @desc Check that IUT discards Secured CAM if the generation_time is more than 5 minute in the future(C2C only) *
* Pics Selection: PICS_GN_SECURITY and PICS_ITS_C2C_MODE * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage * containing header_fields ['generation_time'] * containing generation_time * indicating GEN_TIME ( CURRENT_TIME + 302sec ) * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_CAM_06_04_BO * @reference ETSI TS 103 097 [1], clause 7.1 */ testcase TC_SEC_ITSS_RCV_CAM_06_04_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; // Test adapter configuration if (not(PICS_GN_SECURITY) or not(PICS_ITS_C2C_MODE)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_ITS_C2C_MODE' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_prepareSecuredCam( cc_taCert_A, { m_header_field_generation_time( (1000 * f_getCurrentTime() + 302) * 1000 ) // In us }, e_certificate_digest_with_sha256 ); f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu)); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } // End of 'for' statement if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_CAM_06_04_BO /** * @desc Check that IUT discards secured CAM when its_aid value is not AID_CAM *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_CAM_01) * containing header_fields['its_aid'] * indicating AID_DENM * and containing payload_field { * containing type * indicating 'signed' * containing data * containing CAM payload * } * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_CAM_07_01_BO * @reference ETSI TS 103 097 [1], clause 7.1 */ testcase TC_SEC_ITSS_RCV_CAM_07_01_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; // Test adapter configuration if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_prepareSecuredCam( cc_taCert_A, { m_header_field_its_aid_DENM }, e_certificate_digest_with_sha256 ); f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu)); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } // End of 'for' statement if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_CAM_07_01_BO /** * @desc Check that IUT discards secured CAM when its_aid value is undefined *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_CAM_01) * containing header_fields['its_aid'] * indicating 'AID_UNDEFINED' * and containing payload_field { * containing type * indicating 'signed' * containing data * containing CAM payload * } * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_CAM_07_02_BO * @reference ETSI TS 103 097 [1], clause 7.1 */ testcase TC_SEC_ITSS_RCV_CAM_07_02_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; // Test adapter configuration if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_prepareSecuredCam( cc_taCert_A, { m_header_field_its_aid_Other }, e_certificate_digest_with_sha256 ); f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu)); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } // End of 'for' statement if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_CAM_07_02_BO /** * @desc Check that IUT discards the Secured CAM containing empty payload of type 'signed'. *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_CAM_01) * containing payload_field * containing type * indicating 'signed' * and containing data * indicating length 0 * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_CAM_09_02_BO * @reference ETSI TS 103 097 [1], clause 7.1 */ testcase TC_SEC_ITSS_RCV_CAM_09_02_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnNonSecuredPacket v_gnNonSecuredPacket; var octetstring v_gnPayload; var template (value) SecuredMessage v_securedMessage; var GnRawPayload v_sentRawPayload; // Test adapter configuration if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_gnNonSecuredPacket := valueof(m_geoNwShbPacket(f_getPosition(c_compNodeC))); v_gnNonSecuredPacket.payload := valueof( f_adaptPayload_m( bit2oct( encvalue( m_camReq( m_camMsg_vehicle_HF_BV( f_getTsStationId(), f_getCurrentTime() mod 65536, // See ETSI EN 302 637-2 V1.3.0 - Clause B.3 generationDelatTime LibItsCam_Templates.m_tsPosition )))))); v_gnPayload := bit2oct(encvalue(v_gnNonSecuredPacket)); f_buildGnSecuredCam( v_securedMessage, m_payload_signed( ''O ) ); v_securedGnPdu := valueof(m_geoNwSecPdu(v_gnNonSecuredPacket, v_securedMessage)); f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu)); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_CAM_09_02_BO /** * @desc Check that IUT discards the Secured CAM containing non-empty payload of type 'unsecured' *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_CAM_01) * containing payload_field * containing type * indicating 'unsecured' * and containing data * indicating length > 0 * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_CAM_09_03_BO * @reference ETSI TS 103 097 [1], clause 7.1 */ testcase TC_SEC_ITSS_RCV_CAM_09_03_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnNonSecuredPacket v_gnNonSecuredPacket; var octetstring v_gnPayload; var template (value) SecuredMessage v_securedMessage; var GnRawPayload v_sentRawPayload; // Test adapter configuration if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_gnNonSecuredPacket := valueof(m_geoNwShbPacket(f_getPosition(c_compNodeC))); v_gnNonSecuredPacket.payload := valueof( f_adaptPayload_m( bit2oct( encvalue( m_camReq( m_camMsg_vehicle_HF_BV( f_getTsStationId(), f_getCurrentTime() mod 65536, // See ETSI EN 302 637-2 V1.3.0 - Clause B.3 generationDelatTime LibItsCam_Templates.m_tsPosition )))))); v_gnPayload := bit2oct(encvalue(v_gnNonSecuredPacket)); f_buildGnSecuredCam( v_securedMessage, m_payload_unsecured( v_gnPayload ) ); v_securedGnPdu := valueof(m_geoNwSecPdu(v_gnNonSecuredPacket, v_securedMessage)); f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu)); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_CAM_09_03_BO /** * @desc Check that IUT discards the Secured CAM containing non-empty payload of type 'encrypted' *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_CAM_01) * and containing payload_field * containing type * indicating 'encrypted' * and containing data * indicating length > 0 * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_CAM_09_04_BO * @reference ETSI TS 103 097 [1], clause 7.1 */ testcase TC_SEC_ITSS_RCV_CAM_09_04_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnNonSecuredPacket v_gnNonSecuredPacket; var octetstring v_gnPayload; var template (value) SecuredMessage v_securedMessage; var GnRawPayload v_sentRawPayload; // Test adapter configuration if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_gnNonSecuredPacket := valueof(m_geoNwShbPacket(f_getPosition(c_compNodeC))); v_gnNonSecuredPacket.payload := valueof( f_adaptPayload_m( bit2oct( encvalue( m_camReq( m_camMsg_vehicle_HF_BV( f_getTsStationId(), f_getCurrentTime() mod 65536, // See ETSI EN 302 637-2 V1.3.0 - Clause B.3 generationDelatTime LibItsCam_Templates.m_tsPosition )))))); v_gnPayload := bit2oct(encvalue(v_gnNonSecuredPacket)); f_buildGnSecuredCam( v_securedMessage, m_payload_encrypted( v_gnPayload ) ); v_securedGnPdu := valueof(m_geoNwSecPdu(v_gnNonSecuredPacket, v_securedMessage)); f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu)); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_CAM_09_04_BO /** * @desc Check that IUT discards the Secured CAM containing exactly one non-empty payload of type 'signed_external' *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_CAM_01) * containing payload_field * containing type * indicating 'signed_external' * and containing data * indicating length > 0 * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_CAM_09_05_BO * @reference ETSI TS 103 097 [1], clause 7.1 */ testcase TC_SEC_ITSS_RCV_CAM_09_05_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnNonSecuredPacket v_gnNonSecuredPacket; var octetstring v_gnPayload; var template (value) SecuredMessage v_securedMessage; var GnRawPayload v_sentRawPayload; // Test adapter configuration if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_gnNonSecuredPacket := valueof(m_geoNwShbPacket(f_getPosition(c_compNodeC))); v_gnNonSecuredPacket.payload := valueof( f_adaptPayload_m( bit2oct( encvalue( m_camReq( m_camMsg_vehicle_HF_BV( f_getTsStationId(), f_getCurrentTime() mod 65536, // See ETSI EN 302 637-2 V1.3.0 - Clause B.3 generationDelatTime LibItsCam_Templates.m_tsPosition )))))); v_gnPayload := bit2oct(encvalue(v_gnNonSecuredPacket)); f_buildGnSecuredCam( v_securedMessage, m_payload_signed_external( v_gnPayload ) ); v_securedGnPdu := valueof(m_geoNwSecPdu(v_gnNonSecuredPacket, v_securedMessage)); f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu)); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_CAM_09_05_BO /** * @desc Check that IUT discards the Secured CAM containing non-empty payload of type 'signed_and_encrypted' *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_CAM_01) * containing payload_field * containing type * indicating 'signed_and_encrypted' * and containing data * indicating length > 0 * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_CAM_09_06_BO * @reference ETSI TS 103 097 [1], clause 7.1 */ testcase TC_SEC_ITSS_RCV_CAM_09_06_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnNonSecuredPacket v_gnNonSecuredPacket; var octetstring v_gnPayload; var template (value) SecuredMessage v_securedMessage; var GnRawPayload v_sentRawPayload; // Test adapter configuration if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_gnNonSecuredPacket := valueof(m_geoNwShbPacket(f_getPosition(c_compNodeC))); v_gnNonSecuredPacket.payload := valueof( f_adaptPayload_m( bit2oct( encvalue( m_camReq( m_camMsg_vehicle_HF_BV( f_getTsStationId(), f_getCurrentTime() mod 65536, // See ETSI EN 302 637-2 V1.3.0 - Clause B.3 generationDelatTime LibItsCam_Templates.m_tsPosition )))))); v_gnPayload := bit2oct(encvalue(v_gnNonSecuredPacket)); f_buildGnSecuredCam( v_securedMessage, m_payload_signed_and_encrypted( v_gnPayload ) ); v_securedGnPdu := valueof(m_geoNwSecPdu(v_gnNonSecuredPacket, v_securedMessage)); f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu)); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_CAM_09_06_BO /** * @desc Check that IUT discards the Secured CAM containing non-empty payload of unknown type *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_CAM_01) * containing payload_field * containing type * indicating X_UNKNOWN_PAYLOAD_TYPE * and containing data * indicating length > 0 * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_CAM_09_07_BO * @reference ETSI TS 103 097 [1], clause 7.1 */ testcase TC_SEC_ITSS_RCV_CAM_09_07_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnNonSecuredPacket v_gnNonSecuredPacket; var octetstring v_gnPayload; var template (value) SecuredMessage v_securedMessage; var GnRawPayload v_sentRawPayload; // Test adapter configuration if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_gnNonSecuredPacket := valueof(m_geoNwShbPacket(f_getPosition(c_compNodeC))); v_gnNonSecuredPacket.payload := valueof( f_adaptPayload_m( bit2oct( encvalue( m_camReq( m_camMsg_vehicle_HF_BV( f_getTsStationId(), f_getCurrentTime() mod 65536, // See ETSI EN 302 637-2 V1.3.0 - Clause B.3 generationDelatTime LibItsCam_Templates.m_tsPosition )))))); v_gnPayload := bit2oct(encvalue(v_gnNonSecuredPacket)); f_buildGnSecuredCam( v_securedMessage, m_payload_unknown( v_gnPayload ) ); v_securedGnPdu := valueof(m_geoNwSecPdu(v_gnNonSecuredPacket, v_securedMessage)); f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu)); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_CAM_09_07_BO /** * @desc Check that IUT discards the Secured CAM doesn't containing the TrailerField of type 'signature' *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_CAM_01) * containing trailer_fields * not containing any instance of type TrailerField * containing type * indicating 'signature' * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_CAM_10_01_BO * @reference ETSI TS 103 097 [1], clause 7.1 */ testcase TC_SEC_ITSS_RCV_CAM_10_01_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; // Test adapter configuration if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_sendSecuredCam_Bo(cc_taCert_A, -, 0); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } if(i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_CAM_10_01_BO /** * @desc Check that IUT discards the Secured CAM containing more then one instance of TrailerField of type 'signature' *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_CAM_01) * containing trailer_fields[0].type * containing type * indicating 'signature' * and containing trailer_fields[1].type * containing type * indicating 'signature' * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_CAM_10_02_BO * @reference ETSI TS 103 097 [1], clause 7.1 */ testcase TC_SEC_ITSS_RCV_CAM_10_02_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; // Test adapter configuration if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_sendSecuredCam_Bo(cc_taCert_A, -, 2); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } if(i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_CAM_10_02_BO /** * @desc Check that the IUT discards Secured message containing signature that is not verified using the * verification key from the certificate contained in the message's signer info *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_CAM_01) * containing header_fields ['signer_info'] * containing certificate * containing subject_attributes['verification key'] (KEY) * and containing trailer_fields[0] * containing type * indicating 'signature' * and containing signature * NOT verifiable using KEY * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_CAM_11_01_BO * @reference ETSI TS 103 097 [1], clause 7.1 */ testcase TC_SEC_ITSS_RCV_CAM_11_01_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; // Test adapter configuration if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_prepareSecuredCam_Bo( cc_taCert_A, -, 1, -, e_certificate ); f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu)); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } if(i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_CAM_11_01_BO /** * @desc Check that the IUT discards Secured message containing signature that is not verified using the * verification key from the certificate, referenced by the digest contained in the message's signer info *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_CAM_02) * containing header_fields ['signer_info'].signer * containing digest * referencing to the certificate (CERT_TS_AT_A) * containing subject_attributes['verification key'] (KEY) * and containing trailer_fields[0] * containing type * indicating 'signature' * and containing signature * NOT verifiable using KEY * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_CAM_11_02_BO * @reference ETSI TS 103 097 [1], clause 7.1 */ testcase TC_SEC_ITSS_RCV_CAM_11_02_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; // Test adapter configuration if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_prepareSecuredCam( cc_taCert_A, omit, e_certificate_digest_with_sha256 ); v_securedGnPdu.gnPacket.securedMsg.trailer_fields[0].trailerField.signature_.signature_.ecdsa_signature.s := not4b(v_securedGnPdu.gnPacket.securedMsg.trailer_fields[0].trailerField.signature_.signature_.ecdsa_signature.s); f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu)); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } if(i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_CAM_11_02_BO /** * @desc Check that IUT discards the Secured CAM if the message contains trailer field of type 'signature' with reserved public key algorythms * @remark Values to be provided as X_RESERVED_PK_ALGORYTHM are: 240, 255 *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_CAM_01) * containing an instance of type trailer_field * containing type * indicating 'signature' * and containing signature.algorithm * indicating X_RESERVED_PK_ALGORYTHM * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_CAM_11_03_BO * @reference ETSI TS 103 097 [1], clause 7.1 */ testcase TC_SEC_ITSS_RCV_CAM_11_03_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; // Test adapter configuration if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_prepareSecuredCam_Bo( cc_taCert_A, -, 3 ); f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu)); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } if(i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_CAM_11_03_BO /** * @desc Check that IUT discards a Secured CAM if the signer certificate of the message contains the subject type 'enrolment_credential' *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * Expected behaviour: * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_CAM_01) * containing header_fields['signer_info'] * containing signer * containing type * indicating 'certificate' * containing certificate (CERT_TS_EC_A) * containing subject_info.subject_type * indicating 'enrolment_credentials' * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_CAM_12_01_BO * @reference ETSI TS 103 097 [1], clauses 6.3 */ testcase TC_SEC_ITSS_RCV_CAM_12_01_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; // Test adapter configuration if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_prepareSecuredCam( cc_taCert_EC, { m_header_field_generation_time(1000 * f_getCurrentTime()), // In us m_header_field_its_aid_CAM }, e_certificate, true ); f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu)); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } // End of 'for' statement if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_CAM_12_01_BO /** * @desc Check that IUT discards a Secured CAM if the signer certificate of the message contains the subject type 'authorization_authority' *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * Expected behaviour: * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_CAM_01) * containing header_fields['signer_info'] * containing signer * containing type * indicating 'certificate' * containing certificate (CERT_TS_AA_A) * containing subject_info.subject_type * indicating 'authorization_authority' * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_CAM_12_02_BO * @reference ETSI TS 103 097 [1], clauses 6.3 */ testcase TC_SEC_ITSS_RCV_CAM_12_02_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; // Test adapter configuration if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_prepareSecuredCam( cc_taCert_AA, { m_header_field_generation_time(1000 * f_getCurrentTime()), // In us m_header_field_its_aid_CAM }, e_certificate, true ); f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu)); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } // End of 'for' statement if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_CAM_12_02_BO /** * @desc Check that IUT discards a Secured CAM if the signer certificate of the message contains the subject type 'enrolment_authority' *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * Expected behaviour: * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_CAM_01) * containing header_fields['signer_info'] * containing signer * containing type * indicating 'certificate' * and certificate (CERT_TS_EA_A) * containing subject_info.subject_type * indicating 'enrolment_authority' * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_CAM_12_03_BO * @reference ETSI TS 103 097 [1], clauses 6.3 */ testcase TC_SEC_ITSS_RCV_CAM_12_03_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; // Test adapter configuration if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_prepareSecuredCam( cc_taCert_EA, { m_header_field_generation_time(1000 * f_getCurrentTime()), // In us m_header_field_its_aid_CAM }, e_certificate, true ); f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu)); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } // End of 'for' statement if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_CAM_12_03_BO /** * @desc Check that IUT discards a Secured CAM if the signer certificate of the message contains the subject type 'root_ca' *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * Expected behaviour: * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_CAM_01) * containing header_fields['signer_info'] * containing signer * containing type * indicating 'certificate' * and certificate (CERT_TS_ROOT) * containing subject_info.subject_type * indicating 'root_ca' * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_CAM_12_04_BO * @reference ETSI TS 103 097 [1], clauses 6.3 */ testcase TC_SEC_ITSS_RCV_CAM_12_04_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; // Test adapter configuration if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_prepareSecuredCam( cc_taCert_CA, { m_header_field_generation_time(1000 * f_getCurrentTime()), // In us m_header_field_its_aid_CAM }, e_certificate, true ); f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu)); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } // End of 'for' statement if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_CAM_12_04_BO /** * @desc Check that IUT discards secured CAM signed with the not yet valid certificate *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_MSG_13_01_BO_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_CAM_01) * containing header_fields['signer_info'].signer * containing certificate (CERT_TS_MSG_13_01_BO_AT) * containing validity_restrictions['time_start_and_end'] * containing start_validity * indicating START_VALIDITY_AT > CURRENT_TIME * and containing end_validity * indicating END_VALIDITY_AT > START_VALIDITY_AT * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_CAM_13_01_BO * @reference ETSI TS 103 097 [1], clause 7.1 */ testcase TC_SEC_ITSS_RCV_CAM_13_01_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; // Test adapter configuration if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_sendSecuredCam(cc_taCertMsg1301_BO, omit, e_certificate); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } // End of 'for' statement if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_CAM_13_01_BO /** * @desc Check that IUT discards secured CAM signed with the expired certificate *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_MSG_13_02_BO_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_CAM_01) * containing header_fields['signer_info'].signer * containing certificate (CERT_TS_MSG_13_02_BO_AT) * containing validity_restrictions['time_start_and_end'] * containing start_validity * indicating START_VALIDITY_AT < CURRENT_TIME * and containing end_validity * indicating END_VALIDITY_AT < START_VALIDITY_AT * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_CAM_13_02_BO * @reference ETSI TS 103 097 [1], clause 7.1 */ testcase TC_SEC_ITSS_RCV_CAM_13_02_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; // Test adapter configuration if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_sendSecuredCam(cc_taCertMsg1302_BO, omit, e_certificate); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } // End of 'for' statement if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_CAM_13_02_BO /** * @desc Check that IUT discards secured CAM when IUT location is outside the circular validity restriction of the signing certificate *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_MSG_13_03_BO_AT * and the IUT current location is set to CURRENT_IUT_LOCATION * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_CAM_01) * containing header_fields['signer_info'].signer * containing certificate (CERT_TS_MSG_13_03_BO_AT) * containing validity_restrictions['region'] * containing region * containing region_type * indicating 'circle' * and containing circular_region * indicating REGION * not containing the CURRENT_IUT_LOCATION * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_CAM_13_03_BO * @reference ETSI TS 103 097 [1], clause 7.1 */ testcase TC_SEC_ITSS_RCV_CAM_13_03_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; // Test adapter configuration if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_sendSecuredCam(cc_taCertMsg1303_BO, omit, e_certificate); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } // End of 'for' statement if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_CAM_13_03_BO /** * @desc Check that IUT discards secured CAM when IUT location is outside the rectangular validity restriction of the signing certificate *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_MSG_13_04_BO_AT * and the IUT current location is set to CURRENT_IUT_LOCATION * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_CAM_01) * containing header_fields['signer_info'].signer * containing certificate (CERT_TS_MSG_13_04_BO_AT) * containing validity_restrictions['region'] * containing region * containing region_type * indicating 'rectangle' * and containing rectanglar_region * indicating REGION * not containing the CURRENT_IUT_LOCATION * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_CAM_13_04_BO * @reference ETSI TS 103 097 [1], clause 7.1 */ testcase TC_SEC_ITSS_RCV_CAM_13_04_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; // Test adapter configuration if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_sendSecuredCam(cc_taCertMsg1304_BO, omit, e_certificate); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } // End of 'for' statement if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_CAM_13_04_BO /** * @desc Check that IUT discards secured CAM when IUT location is outside the polygonal validity restriction of the signing certificate *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_MSG_13_05_BO_AT * and the IUT current location is set to CURRENT_IUT_LOCATION * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_CAM_01) * containing header_fields['signer_info'].signer * containing certificate (CERT_TS_MSG_13_05_BO_AT) * containing validity_restrictions['region'] * containing region * containing region_type * indicating 'polygon' * and containing polygonal_region * indicating REGION * not containing the CURRENT_IUT_LOCATION * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_CAM_13_05_BO * @reference ETSI TS 103 097 [1], clause 7.1 */ testcase TC_SEC_ITSS_RCV_CAM_13_05_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; // Test adapter configuration if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_sendSecuredCam(cc_taCertMsg1305_BO, omit, e_certificate); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } // End of 'for' statement if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_CAM_13_05_BO /** * @desc Check that IUT discards secured CAM when IUT location is outside the identified validity restriction of the signing certificate *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_MSG_13_06_BO_AT * and the IUT current location is set to CURRENT_IUT_LOCATION * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_CAM_01) * containing header_fields['signer_info'].signer * containing certificate (CERT_TS_MSG_13_06_BO_AT) * containing validity_restrictions['region'] * containing region * containing region_type * indicating 'id' * and containing id_region * indicating REGION * not containing the CURRENT_IUT_LOCATION * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_CAM_13_06_BO * @reference ETSI TS 103 097 [1], clause 7.1 */ testcase TC_SEC_ITSS_RCV_CAM_13_06_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; // Test adapter configuration if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_sendSecuredCam(cc_taCertMsg1306_BO, omit, e_certificate); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } // End of 'for' statement if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_CAM_13_06_BO } // End of group recvCamProfile /** * @desc Receiving behaviour test cases for DENM profile * @see ETSI TS 103 096-2 V1.2.2 (2016-01) Clause 5.3.3 DENM Profile */ group recvDenmProfile { /** * @desc Check that IUT accepts a well-formed Secured DENM signed with the certificate without region validity restriction * @remark The message defined in this test purpose is used in the subsequent test purposes with the snippet name ‘MSG_SEC_RCV_DENM_A’. Only differences to this snippet are mentioned in subsequent test purposes. *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Expected behavior: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage * containing header_fields[0] * containing type * indicating 'signer_info' * and containing signer * containing type * indicating 'certificate' * and containing certificate (CERT_AT_A) * containing subject_info.subject_type * indicating 'authorization_ticket' (2) * and containing subject_attributes['verification key'] (KEY) * and not containing validity_restrictions['region'] * and containing header_fields [1] * containing type * indicating 'generation_time' * containing generation_time * indicating CURRENT_TIME * and containing header_fields [2] * containing type * indicating 'generation_location' * containing generation_location * and containing header_fields[3] * containing type * indicating 'its_aid' * containing its_aid * indicating 'AID_DENM' * and containing payload_field * containing type * indicating 'signed' * containing data * indicating length > 0 * containing DENM payload * and containing trailer_fields * containing single instance of type TrailerField * containing type * indicating 'signature' * containing signature * verifiable using KEY * } then { * the IUT accepts the message * } * } ** @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_DENM_01_01_BV * @reference ETSI TS 103 097 [1], clause 7.2 */ testcase TC_SEC_ITSS_RCV_DENM_01_01_BV() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; // Test control if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_sendSecuredDenm(cc_taCert_A, omit, e_certificate); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": PASS: DENM was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } else { log("*** " & testcasename() & ": FAIL: DENM was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_DENM_01_01_BV /** * @desc Check that IUT accepts a well-formed Secured DENM signe with the certificate with a circular region validity restriction * @remark The message defined in this test purpose is used in the subsequent test purposes with the snippet name ‘MSG_SEC_RCV_DENM_A’. Only differences to this snippet are mentioned in subsequent test purposes. *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Expected behavior: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_B_AT * and the IUT current location is inside the region validity period of CERT_TS_B_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage * and containing header_fields[0] * containing type * indicating 'signer_info' * and containing signer { * containing type * indicating 'certificate' * and containing certificate (CERT_AT_B) { * containing subject_info.subject_type * indicating 'authorization_ticket' (2) * and containing subject_attributes['verification key'] (KEY) * and containing validity_restrictions['region'] { * containing region{ * containing region_type * indicating 'circle' * and containing circular_region * indicating REGION * } * } * } * and containing header_fields [1] * containing type * indicating 'generation_time' * containing generation_time * indicating CURRENT_TIME * and containing header_fields [2] * containing type * indicating 'generation_location' * containing generation_location * indicating position inside the REGION * and containing header_fields[3] * containing type * indicating 'its_aid' * containing its_aid * indicating 'AID_DENM' * and not containing any other header_fields * and containing payload_fields { * containing type * indicating 'signed' * containing data * indicating length > 0 * containing DENM payload * } * and containing trailer_fields { * containing single instance of type TrailerField { * containing type * indicating 'signature' * containing signature * verifiable using KEY * } * } * } then { * the IUT accepts the message * } * } ** @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_DENM_01_02_BV * @reference ETSI TS 103 097 [1], clause 7.2 */ testcase TC_SEC_ITSS_RCV_DENM_01_02_BV() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; // Test control if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_sendSecuredDenm(cc_taCert_B, omit, e_certificate); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": PASS: DENM was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } else { log("*** " & testcasename() & ": FAIL: DENM was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_DENM_01_02_BV /** * @desc Check that IUT accepts a well-formed Secured DENM signe with the certificate with a rectangular region validity restriction * @remark The message defined in this test purpose is used in the subsequent test purposes with the snippet name ‘MSG_SEC_RCV_DENM_A’. Only differences to this snippet are mentioned in subsequent test purposes. *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Expected Behavior: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_C_AT * and the IUT current location is inside the region validity period of CERT_TS_C_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage * containing protocol_version * indicating value '2' * and containing header_fields[0] * containing type * indicating 'signer_info' * and containing signer * containing type * indicating 'certificate' * and containing certificate (CERT_AT_C) * containing subject_info.subject_type * indicating 'authorization_ticket' (2) * and containing subject_attributes['verification key'] (KEY) * and containing validity_restrictions['region'] * containing region * containing region_type * indicating 'rectangle' * and containing rectangular_regions * indicating REGIONS * and containing header_fields [1] * containing type * indicating 'generation_time' * containing generation_time * indicating CURRENT_TIME * and containing header_fields [2] * containing type * indicating 'generation_location' * containing generation_location * indicating position inside the REGION * and containing header_fields[3] * containing type * indicating 'its_aid' * containing its_aid * indicating 'AID_DENM' * and not containing any other header_fields * and containing payload_field * containing type * indicating 'signed' * containing data * indicating length > 0 * containing DENM payload * and containing trailer_fields * containing single instance of type TrailerField * containing type * indicating 'signature' * containing signature * verifiable using KEY * } then { * the IUT accepts the message * } * } ** @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_DENM_01_03_BV * @reference ETSI TS 103 097 [1], clause 7.2 */ testcase TC_SEC_ITSS_RCV_DENM_01_03_BV() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; // Test control if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_sendSecuredDenm(cc_taCert_C, omit, e_certificate); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": PASS: DENM was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } else { log("*** " & testcasename() & ": FAIL: DENM was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_DENM_01_03_BV /** * @desc Check that IUT accepts a well-formed Secured DENM signe with the certificate with a polygonal region validity restriction * @remark The message defined in this test purpose is used in the subsequent test purposes with the snippet name ‘MSG_SEC_RCV_DENM_A’. Only differences to this snippet are mentioned in subsequent test purposes. *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Expected Behavior: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_D_AT * and the IUT current location is inside the region validity period of CERT_TS_D_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage * containing protocol_version * indicating value '2' * and containing header_fields[0] * containing type * indicating 'signer_info' * and containing signer * containing type * indicating 'certificate' * and containing certificate (CERT_AT_D) * containing subject_info.subject_type * indicating 'authorization_ticket' (2) * and containing subject_attributes['verification key'] (KEY) * and containing validity_restrictions['region'] * containing region * containing region_type * indicating 'polygon' * and containing polygonal_region * indicating REGION * and containing header_fields [1] * containing type * indicating 'generation_time' * containing generation_time * indicating CURRENT_TIME * and containing header_fields [2] * containing type * indicating 'generation_location' * containing generation_location * indicating position inside the REGION * and containing header_fields[3] * containing type * indicating 'its_aid' * containing its_aid * indicating 'AID_DENM' * and not containing any other header_fields * and containing payload_field * containing type * indicating 'signed' * containing data * indicating length > 0 * containing DENM payload * and containing trailer_fields * containing single instance of type TrailerField * containing type * indicating 'signature' * containing signature * verifiable using KEY * } then { * the IUT accepts the message * } * } ** @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_DENM_01_04_BV * @reference ETSI TS 103 097 [1], clause 7.2 */ testcase TC_SEC_ITSS_RCV_DENM_01_04_BV() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; // Test control if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_sendSecuredDenm(cc_taCert_D, omit, e_certificate); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": PASS: DENM was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } else { log("*** " & testcasename() & ": FAIL: DENM was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_DENM_01_04_BV /** * @desc Check that IUT accepts a well-formed Secured DENM signe with the certificate with a identified region validity restriction * @remark The message defined in this test purpose is used in the subsequent test purposes with the snippet name ‘MSG_SEC_RCV_DENM_A’. Only differences to this snippet are mentioned in subsequent test purposes. *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Expected Behavior: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_D_AT * and the IUT current location is inside the region validity period of CERT_TS_D_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage * containing protocol_version * indicating value '2' * and containing header_fields[0] * containing type * indicating 'signer_info' * and containing signer * containing type * indicating 'certificate' * and containing certificate (CERT_AT_E) * containing subject_info.subject_type * indicating 'authorization_ticket' (2) * and containing subject_attributes['verification key'] (KEY) * and containing validity_restrictions['region'] * containing region * containing region_type * indicating 'id_region' * and containing identified_region * indicating REGION * and containing header_fields [1] * containing type * indicating 'generation_time' * containing generation_time * indicating CURRENT_TIME * and containing header_fields [2] * containing type * indicating 'generation_location' * containing generation_location * indicating position inside the REGION * and containing header_fields[3] * containing type * indicating 'its_aid' * containing its_aid * indicating 'AID_DENM' * and not containing any other header_fields * and containing payload_field * containing type * indicating 'signed' * containing data * indicating length > 0 * containing DENM payload * and containing trailer_fields * containing single instance of type TrailerField * containing type * indicating 'signature' * containing signature * verifiable using KEY * } then { * the IUT accepts the message * } * } ** @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_DENM_01_05_BV * @reference ETSI TS 103 097 [1], clause 7.2 */ testcase TC_SEC_ITSS_RCV_DENM_01_05_BV() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; // Test control if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_sendSecuredDenm(cc_taCert_D, omit, e_certificate); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": PASS: DENM was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } else { log("*** " & testcasename() & ": FAIL: DENM was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_DENM_01_05_BV /** * @desc Check that IUT discards a Secured DENM containing protocol version set to a value less then 2 *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_DENM_A) * containing protocol_version * indicating 1 * } then { * the IUT discards a SecuredMessage * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_DENM_02_01_BO * @reference ETSI TS 103 097 [1], clause 5.1 */ testcase TC_SEC_ITSS_RCV_DENM_02_01_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; // Test control if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_sendSecuredDenm_Bo(cc_taCert_A, PX_WRONG_PROTOCOL_VERSION); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_DENM_02_01_BO /** * @desc Check that IUT discards a Secured DENM containing protocol version set to a value greater then 2 *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_DENM_A) * containing protocol_version * indicating 3 * } then { * the IUT discards a SecuredMessage * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_DENM_02_02_BO * @reference ETSI TS 103 097 [1], clause 5.1 */ testcase TC_SEC_ITSS_RCV_DENM_02_02_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; // Test control if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_sendSecuredDenm_Bo(cc_taCert_A, PX_WRONG_PROTOCOL_VERSION); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_DENM_02_02_BO /** * @desc Check that IUT discards a secured DENM if the message contains more than one header field of type 'signer_info' *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_DENM_A) * containing header_fields[0].type * indicating 'signer_info' * and containing header_fields[1].type * indicating 'signer_info' * and containing header_fields[2].type * indicating 'generation_time' * and containing header_fields[3].type * indicating 'generation_location' * and containing header_fields[4].type * indicating 'its_aid' * and not containing other header fields * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_DENM_04_01_BO * @reference ETSI TS 103 097 [1], clause 7.2 */ testcase TC_SEC_ITSS_RCV_DENM_04_01_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; var LongPosVector v_longPosVectorNodeB := f_getPosition(c_compNodeB); // Use NodeB // Test adapter configuration if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_prepareSecuredDenm( cc_taCert_A, { m_header_field_signer_info( m_signerInfo_digest( vc_atCertificate.signer_info.signerInfo.digest )), m_header_field_signer_info( m_signerInfo_certificate( vc_aaCertificate )), m_header_field_generation_time(1000 * f_getCurrentTime()), // In us m_header_field_generation_location( valueof(m_threeDLocation( v_longPosVectorNodeB.latitude, v_longPosVectorNodeB.longitude, '0000'O )) ), m_header_field_its_aid_DENM }, e_certificate_digest_with_sha256, false ); f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu)); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } // End of 'for' statement if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_DENM_04_01_BO /** * @desc Check that IUT discards a secured DENM if the message does not contain the header field of type 'signer_info' *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_DENM_A) * containing header_fields[0].type * indicating 'generation_time' * and containing header_fields[1].type * indicating 'generation_location' * and containing header_fields[2].type * indicating 'its_aid' * and not containing other header fields * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_DENM_04_02_BO * @reference ETSI TS 103 097 [1], clause 7.2 */ testcase TC_SEC_ITSS_RCV_DENM_04_02_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; var LongPosVector v_longPosVectorNodeB := f_getPosition(c_compNodeB); // Use NodeB // Test adapter configuration if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_prepareSecuredDenm( cc_taCert_A, { m_header_field_generation_time(1000 * f_getCurrentTime()), // In us m_header_field_generation_location( valueof(m_threeDLocation( v_longPosVectorNodeB.latitude, v_longPosVectorNodeB.longitude, '0000'O )) ), m_header_field_its_aid_DENM }, e_certificate_digest_with_sha256, false ); f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu)); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } // End of 'for' statement if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_DENM_04_02_BO /** * @desc Check that IUT discards the Secured DENM if the signer_info header field is not encoded first *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_DENM_A) * containing header_fields[0].type * indicating 'generation_time' * and containing header_fields[1].type * indicating 'generation_location' * and containing header_fields[2].type * containing its_aid * and containing header_fields[3].type * indicating 'signer_info' * and not containing other header fields * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_DENM_04_03_BO * @reference ETSI TS 103 097 [1], clause 7.2 */ testcase TC_SEC_ITSS_RCV_DENM_04_03_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; var LongPosVector v_longPosVectorNodeB := f_getPosition(c_compNodeB); // Use NodeB // Test adapter configuration if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_prepareSecuredDenm( cc_taCert_A, { m_header_field_generation_time(1000 * f_getCurrentTime()), // In us m_header_field_generation_location( valueof(m_threeDLocation( v_longPosVectorNodeB.latitude, v_longPosVectorNodeB.longitude, '0000'O )) ), m_header_field_its_aid_DENM, m_header_field_signer_info( m_signerInfo_digest( vc_atCertificate.signer_info.signerInfo.digest )) }, e_certificate_digest_with_sha256, false ); f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu)); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } // End of 'for' statement if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_DENM_04_03_BO /** * @desc Check that IUT discards a secured DENM if the message contains more than one header field of type 'generation_time' *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_DENM_A) * containing header_fields[0].type * indicating 'signer_info' * and containing header_fields[1].type * indicating 'generation_time' * and containing header_fields[2].type * indicating 'generation_time' * and containing header_fields[3].type * indicating 'generation_location' * and containing header_fields[4].type * containing its_aid * and not containing other header fields * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_DENM_04_04_BO * @reference ETSI TS 103 097 [1], clause 7.2 */ testcase TC_SEC_ITSS_RCV_DENM_04_04_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; var LongPosVector v_longPosVectorNodeB := f_getPosition(c_compNodeB); // Use NodeB // Test adapter configuration if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_prepareSecuredDenm( cc_taCert_A, { m_header_field_signer_info( m_signerInfo_digest( vc_atCertificate.signer_info.signerInfo.digest )), m_header_field_generation_time(1000 * f_getCurrentTime()), // In us m_header_field_generation_time(1000 * f_getCurrentTime() - 1), // In us m_header_field_generation_location( valueof(m_threeDLocation( v_longPosVectorNodeB.latitude, v_longPosVectorNodeB.longitude, '0000'O )) ), m_header_field_its_aid_DENM }, e_certificate_digest_with_sha256, false ); f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu)); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } // End of 'for' statement if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_DENM_04_04_BO /** * @desc Check that IUT discards a secured DENM if the message does not contain the header field of type 'generation_time' *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_DENM_A) * containing header_fields[0].type * indicating 'signer_info' * and containing header_fields[1].type * indicating 'generation_location' * and containing header_fields[2].type * containing its_aid * and not containing other header fields * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_DENM_04_05_BO * @reference ETSI TS 103 097 [1], clause 7.2 */ testcase TC_SEC_ITSS_RCV_DENM_04_05_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; var LongPosVector v_longPosVectorNodeB := f_getPosition(c_compNodeB); // Use NodeB // Test adapter configuration if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_prepareSecuredDenm( cc_taCert_A, { m_header_field_signer_info( m_signerInfo_digest( vc_atCertificate.signer_info.signerInfo.digest )), m_header_field_generation_location( valueof(m_threeDLocation( v_longPosVectorNodeB.latitude, v_longPosVectorNodeB.longitude, '0000'O )) ), m_header_field_its_aid_DENM }, e_certificate_digest_with_sha256, false ); f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu)); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } // End of 'for' statement if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_DENM_04_05_BO /** * @desc Check that IUT discards a secured DENM if the message contains more than one header field of type 'its_aid' *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_DENM_A) * containing header_fields[0].type * indicating 'signer_info' * and containing header_fields[1].type * indicating 'generation_time' * and containing header_fields[2].type * indicating 'generation_location' * and containing header_fields[3].type * containing its_aid * and containing header_fields[4].type * containing its_aid * and not containing other header fields * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_DENM_04_06_BO * @reference ETSI TS 103 097 [1], clause 7.2 */ testcase TC_SEC_ITSS_RCV_DENM_04_06_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; var LongPosVector v_longPosVectorNodeB := f_getPosition(c_compNodeB); // Use NodeB // Test adapter configuration if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_prepareSecuredDenm( cc_taCert_A, { m_header_field_signer_info( m_signerInfo_digest( vc_atCertificate.signer_info.signerInfo.digest )), m_header_field_generation_time(1000 * f_getCurrentTime()), // In us m_header_field_generation_location( valueof(m_threeDLocation( v_longPosVectorNodeB.latitude, v_longPosVectorNodeB.longitude, '0000'O )) ), m_header_field_its_aid_DENM, m_header_field_its_aid_DENM }, e_certificate_digest_with_sha256, false ); f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu)); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } // End of 'for' statement if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_DENM_04_06_BO /** * @desc Check that IUT discards a secured DENM if the message does not contain the header field of type 'its_aid' *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_DENM_A) * containing header_fields[0].type * indicating 'signer_info' * and containing header_fields[1].type * indicating 'generation_time' * and containing header_fields[2].type * indicating 'generation_location' * and not containing other header fields * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_DENM_04_06a_BO * @reference ETSI TS 103 097 [1], clause 7.2 */ testcase TC_SEC_ITSS_RCV_DENM_04_06a_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; var LongPosVector v_longPosVectorNodeB := f_getPosition(c_compNodeB); // Use NodeB // Test adapter configuration if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_prepareSecuredDenm( cc_taCert_A, { m_header_field_signer_info( m_signerInfo_digest( vc_atCertificate.signer_info.signerInfo.digest )), m_header_field_generation_time(1000 * f_getCurrentTime()), // In us m_header_field_generation_location( valueof(m_threeDLocation( v_longPosVectorNodeB.latitude, v_longPosVectorNodeB.longitude, '0000'O )) ) }, e_certificate_digest_with_sha256, false ); f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu)); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } // End of 'for' statement if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_DENM_04_06a_BO /** * @desc Check that IUT discards a secured DENM if the message contains more than one header field of type 'generation_location' *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_DENM_A) * containing header_fields[0].type * indicating 'signer_info' * and containing header_fields[1].type * indicating 'generation_time' * and containing header_fields[2].type * indicating 'generation_location' * and containing header_fields[3].type * containing 'generation_location' * and containing header_fields[4].type * containing its_aid * and not containing other header fields * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_DENM_04_07_BO * @reference ETSI TS 103 097 [1], clause 7.2 */ testcase TC_SEC_ITSS_RCV_DENM_04_07_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; var LongPosVector v_longPosVectorNodeB := f_getPosition(c_compNodeB); // Use NodeB // Test adapter configuration if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_prepareSecuredDenm( cc_taCert_A, { m_header_field_signer_info( m_signerInfo_digest( vc_atCertificate.signer_info.signerInfo.digest )), m_header_field_generation_time(1000 * f_getCurrentTime()), // In us m_header_field_generation_location( valueof(m_threeDLocation( v_longPosVectorNodeB.latitude, v_longPosVectorNodeB.longitude, '0000'O )) ), m_header_field_generation_location( valueof(m_threeDLocation( v_longPosVectorNodeB.latitude, v_longPosVectorNodeB.longitude, '0100'O )) ), m_header_field_its_aid_DENM }, e_certificate_digest_with_sha256, false ); f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu)); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } // End of 'for' statement if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_DENM_04_07_BO /** * @desc Check that IUT discards a secured DENM if the message does not contain the header field of type 'generation_location' *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_DENM_A) * containing header_fields[0].type * indicating 'signer_info' * and containing header_fields[1].type * indicating 'generation_time' * and containing header_fields[2].type * containing its_aid * and not containing other header fields * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_DENM_04_08_BO * @reference ETSI TS 103 097 [1], clause 7.2 */ testcase TC_SEC_ITSS_RCV_DENM_04_08_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; var LongPosVector v_longPosVectorNodeB := f_getPosition(c_compNodeB); // Use NodeB // Test adapter configuration if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_prepareSecuredDenm( cc_taCert_A, { m_header_field_signer_info( m_signerInfo_digest( vc_atCertificate.signer_info.signerInfo.digest )), m_header_field_generation_time(1000 * f_getCurrentTime()), // In us m_header_field_its_aid_DENM }, e_certificate_digest_with_sha256, false ); f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu)); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } // End of 'for' statement if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_DENM_04_08_BO /** * @desc Check that IUT discards a Secured DENM if the header fields are not in the ascending order according to the numbering of the enumeration *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_DENM_A) * containing header_fields[0].type * indicating 'signer_info' * and containing header_fields[1].type * containing its_aid * and containing header_fields[2].type * indicating 'generation_time' * and containing header_fields[3].type * indicating 'generation_location' * and containing header_fields[4].type * containing 'generation_location' * and not containing other header fields * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_DENM_04_09_BO * @reference ETSI TS 103 097 [1], clause 7.2 */ testcase TC_SEC_ITSS_RCV_DENM_04_09_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; var LongPosVector v_longPosVectorNodeB := f_getPosition(c_compNodeB); // Use NodeB // Test adapter configuration if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_prepareSecuredDenm( cc_taCert_A, { m_header_field_signer_info( m_signerInfo_digest( vc_atCertificate.signer_info.signerInfo.digest )), m_header_field_its_aid_DENM, m_header_field_generation_time(1000 * f_getCurrentTime()), // In us m_header_field_generation_location( valueof(m_threeDLocation( v_longPosVectorNodeB.latitude, v_longPosVectorNodeB.longitude, '0000'O )) ) }, e_certificate_digest_with_sha256, false ); f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu)); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } // End of 'for' statement if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_DENM_04_09_BO /** * @desc Check that IUT discards a Secured DENM containing header field of type 'generation_time_standard_deviation' *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_DENM_A) * containing header_fields[0].type * indicating 'signer_info' * and containing header_fields[1].type * indicating 'generation_time' * and containing time * indicating CURRENT_TIME * and containing header_fields[2] * containing type * indicating 'generation_time_standard_deviation' * and containing log_std_dev * indicating 255 * and containing header_fields[3].type * indicating 'generation_location' * and containing header_fields[4].type * containing its_aid * and not containing other header fields * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_DENM_04_10_BO * @reference ETSI TS 103 097 [1], clause 7.2 */ testcase TC_SEC_ITSS_RCV_DENM_04_10_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; var LongPosVector v_longPosVectorNodeB := f_getPosition(c_compNodeB); // Use NodeB // Test adapter configuration if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_prepareSecuredDenm( cc_taCert_A, { m_header_field_signer_info( m_signerInfo_digest( vc_atCertificate.signer_info.signerInfo.digest )), m_header_field_generation_time(1000 * f_getCurrentTime()), // In us m_header_field_generation_time_with_standard_deviation( m_time64WithStandardDeviation( 1000 * f_getCurrentTime(), 255 ) ), m_header_field_generation_location( valueof(m_threeDLocation( v_longPosVectorNodeB.latitude, v_longPosVectorNodeB.longitude, '0000'O )) ), m_header_field_its_aid_DENM }, e_certificate_digest_with_sha256, false ); f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu)); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } // End of 'for' statement if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_DENM_04_10_BO /** * @desc Check that IUT discards the Secured DENM containing the header fields of type 'expiry_time' *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_DENM_A) * containing header_fields[0].type * indicating 'signer_info' * and containing header_fields[1].type * indicating 'generation_time' * and containing time * indicating CURRENT_TIME * and containing header_fields[2] * containing type * indicating 'expiration' * and containing expiry_time * indicating CURRENT_TIME + 1 h * and containing header_fields[3].type * indicating 'generation_location' * and containing header_fields[4].type * containing its_aid * and not containing other header fields * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_DENM_04_11_BO * @reference ETSI TS 103 097 [1], clause 7.2 */ testcase TC_SEC_ITSS_RCV_DENM_04_11_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; var LongPosVector v_longPosVectorNodeB := f_getPosition(c_compNodeB); // Use NodeB // Test adapter configuration if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_prepareSecuredDenm( cc_taCert_A, { m_header_field_signer_info( m_signerInfo_digest( vc_atCertificate.signer_info.signerInfo.digest )), m_header_field_generation_time(1000 * f_getCurrentTime()), // In us m_header_field_expiry_time( 1000 * (3600 + f_getCurrentTime()) // In us ), m_header_field_generation_location( valueof(m_threeDLocation( v_longPosVectorNodeB.latitude, v_longPosVectorNodeB.longitude, '0000'O )) ), m_header_field_its_aid_DENM }, e_certificate_digest_with_sha256, false ); f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu)); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } // End of 'for' statement if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_DENM_04_11_BO /** * @desc Check that IUT accepts the Secured DENM containing additional non-standard HeaderField *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_DENM_A) * containing header_fields[0].type * indicating 'signer_info' * and containing header_fields[1].type * indicating 'generation_time' * and containing header_fields[3].type * containing its_aid * and containing header_fields[4] * containing type * indicating non-standard header field type (200) * and containing other_header * indicating non-empty data * and not containing other header fields * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_DENM_04_12_BO * @reference ETSI TS 103 097 [1], clause 7.2 */ testcase TC_SEC_ITSS_RCV_DENM_04_12_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; var LongPosVector v_longPosVectorNodeB := f_getPosition(c_compNodeB); // Use NodeB // Test adapter configuration if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_prepareSecuredDenm( cc_taCert_A, { m_header_field_signer_info( m_signerInfo_digest( vc_atCertificate.signer_info.signerInfo.digest )), m_header_field_generation_time(1000 * f_getCurrentTime()), // In us m_header_field_generation_location( valueof(m_threeDLocation( v_longPosVectorNodeB.latitude, v_longPosVectorNodeB.longitude, '0000'O )) ), m_header_field_its_aid_DENM, m_header_field_unspecify }, e_certificate_digest_with_sha256, false ); f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu)); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } // End of 'for' statement if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_DENM_04_12_BO /** * @desc Check that IUT discards the Secured CAM containing the header field 'encryption_parameter and recipient_info' *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_DENM_A) * containing header_fields[0].type * indicating 'signer_info' * and containing header_fields[1].type * indicating 'generation_time' * and containing header_fields[3].type * containing its_aid * and containing header_fields[4] * containing type * indicating 'encryption_parameters' * and containing enc_params * containing symm_algorithm * indicating 'aes_128_ccm' * and containing nonce * and containing header_fields[4] * containing type * indicating 'recipient_info' * and containing recipients * containing recipients[0] * containing cert_id * referencing to CERT_IUT_A_AT * and containing pk_encryption * indicating 'ecies_nistp256' * and containing enc_key * and not containing other header fields * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_DENM_04_13_BO * @reference ETSI TS 103 097 [1], clause 7.2 */ testcase TC_SEC_ITSS_RCV_DENM_04_13_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; var LongPosVector v_longPosVectorNodeB := f_getPosition(c_compNodeB); // Use NodeB var Certificate v_iutATCertificate; var SubjectAttribute v_encryption_key; // Test adapter configuration if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body if ( (f_readCertificate(cc_iutCert_A, v_iutATCertificate) == false) or (f_getCertificateSubjectAttribute(v_iutATCertificate, e_encryption_key, v_encryption_key) == false) ) { f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout); // Set verdict to inconc } else { v_securedGnPdu := f_prepareSecuredDenm( cc_taCert_A, { m_header_field_signer_info( m_signerInfo_digest( vc_atCertificate.signer_info.signerInfo.digest )), m_header_field_generation_time(1000 * f_getCurrentTime()), // In us m_header_field_generation_location( valueof(m_threeDLocation( v_longPosVectorNodeB.latitude, v_longPosVectorNodeB.longitude, '0000'O )) ), m_header_field_its_aid_DENM, m_header_field_enc_params( // containing header_fields[3].type.enc_params m_encryptionParameters_aes_128_ccm( // indicating 'aes_128_ccm' PX_ENCRYPTIONPARAMETERS_AES_128_CCM_NONCE // and containing nonce ) ), m_header_field_multiple_recipients( // containing header_fields[4].type { // indicating 'encryption_parameters' m_recipientInfo_ecies_enc_key( v_iutATCertificate.signer_info.signerInfo.digest, e_ecies_nistp256, // containing symm_algorithm // indicating 'aes_128_ccm' m_eciesEncryptedKey_aesccm( v_encryption_key.attribute.rv, '00000000000000000000000000000000'O, // FIXME Where to find these values '00000000000000000000000000000000'O ) ) } ) }, e_certificate_digest_with_sha256, false ); f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu)); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } // End of 'for' statement if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_DENM_04_13_BO /** * @desc Check that IUT discards the Secured DENM containing the header fields of type 'request_unrecognized_certificate' *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_DENM_A) * containing header_fields[0].type * indicating 'signer_info' * and containing header_fields[1].type * indicating 'generation_time' * and containing generation_time * indicating CURRENT_TIME * and containing header_fields[2].type * indicating 'request_unrecognized_certificate' * and containing digests[0] * indicating the digest of X_IUT_AT_CERT * and containing header_fields[3].type * indicating 'generation_location' * and containing header_fields[4].type * indicating 'its_aid' * and not containing other header fields * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_DENM_04_14_BO * @reference ETSI TS 103 097 [1], clause 7.2 */ testcase TC_SEC_ITSS_RCV_DENM_04_14_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; var LongPosVector v_longPosVectorNodeB := f_getPosition(c_compNodeB); // Use NodeB var Certificate v_iutATCertificate; var SignerInfo v_signerInfo; // Test adapter configuration if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body if ( (f_readCertificate(cc_iutCert_A, v_iutATCertificate) == false) or (f_getCertificateSignerInfo(v_iutATCertificate, v_signerInfo) == false) ) { f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout); // Set verdict to inconc } else { v_securedGnPdu := f_prepareSecuredDenm( cc_taCert_A, { m_header_field_signer_info( m_signerInfo_digest( vc_atCertificate.signer_info.signerInfo.digest )), m_header_field_generation_time(1000 * f_getCurrentTime()), // In us m_header_field_unrecognised_certificate( f_HashedId3FromHashedId8( f_calculateDigestFromCertificate( v_signerInfo.signerInfo.certificate ) ) ), m_header_field_generation_location( valueof(m_threeDLocation( v_longPosVectorNodeB.latitude, v_longPosVectorNodeB.longitude, '0000'O )) ), m_header_field_its_aid_DENM }, e_certificate_digest_with_sha256, false ); f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu)); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } // End of 'for' statement if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_DENM_04_14_BO /** * @desc Check that IUT discards a Secured DENM if the header_fields contains a signer of type 'self' *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_DENM_A) * containing header_fields[0].type * indicating 'signer_info' * containing signer.type * indicating 'self' * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_DENM_05_01_BO * @reference ETSI TS 103 097 [1], clause 7.2 */ testcase TC_SEC_ITSS_RCV_DENM_05_01_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; var LongPosVector v_longPosVectorNodeB := f_getPosition(c_compNodeB); // Use NodeB // Test adapter configuration if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_prepareSecuredDenm( cc_taCert_A, { m_header_field_signer_info( m_signerInfo_self ), m_header_field_generation_time(1000 * f_getCurrentTime()), // In us m_header_field_generation_location( valueof(m_threeDLocation( v_longPosVectorNodeB.latitude, v_longPosVectorNodeB.longitude, '0000'O )) ), m_header_field_its_aid_DENM }, e_self, false ); f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu)); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } // End of 'for' statement if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_DENM_05_01_BO /** * @desc Check that IUT discards a Secured DENM if the header_fields contains a signer of type 'certificate_digest_with_other_algorithm' *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_DENM_A) * containing header_fields[0].type * indicating 'signer_info' * containing signer.type * indicating 'certificate_digest_with_other_algorithm' * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_DENM_05_02_BO * @reference ETSI TS 103 097 [1], clause 7.2 */ testcase TC_SEC_ITSS_RCV_DENM_05_02_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; var LongPosVector v_longPosVectorNodeB := f_getPosition(c_compNodeB); // Use NodeB // Test adapter configuration if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_prepareSecuredDenm( cc_taCert_A, { m_header_field_signer_info( m_signerInfo_other_certificates( m_certificateWithAlgo_ecdsa( PX_OTHER_CERT_DIGEST ))), m_header_field_generation_time(1000 * f_getCurrentTime()), // In us m_header_field_generation_location( valueof(m_threeDLocation( v_longPosVectorNodeB.latitude, v_longPosVectorNodeB.longitude, '0000'O )) ), m_header_field_its_aid_DENM }, e_certificate_digest_with_other_algorithm, false ); f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu)); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } // End of 'for' statement if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_DENM_05_02_BO /** * @desc Check that IUT discards a Secured DENM if the header_fields contains a signer of type certificate_chain *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_DENM_A) * containing header_fields[0].type * indicating 'signer_info' * containing signer.type * indicating 'certificate_digest_with_other_algorithm' * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_DENM_05_03_BO * @reference ETSI TS 103 097 [1], clause 7.2 */ testcase TC_SEC_ITSS_RCV_DENM_05_03_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; var LongPosVector v_longPosVectorNodeB := f_getPosition(c_compNodeB); // Use NodeB // Test adapter configuration if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_prepareSecuredDenm( cc_taCert_A, { m_header_field_signer_info( m_signerInfo_certificates( { vc_aaCertificate, vc_atCertificate } )), m_header_field_generation_time(1000 * f_getCurrentTime()), // In us m_header_field_generation_location( valueof(m_threeDLocation( v_longPosVectorNodeB.latitude, v_longPosVectorNodeB.longitude, '0000'O )) ), m_header_field_its_aid_DENM }, e_certificate_chain, false ); f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu)); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } // End of 'for' statement if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_DENM_05_03_BO /** * @desc Check that IUT discards a secured DENM if the header_fields contains a signer info of unknown or reserved type *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_DENM_A) * containing header_fields[0].type * indicating 'signer_info' * containing signer.type * indicating X_UNKNOWN_SIGNERINFO_TYPE * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_DENM_05_04_BO * @reference ETSI TS 103 097 [1], clause 7.2 */ testcase TC_SEC_ITSS_RCV_DENM_05_04_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; var LongPosVector v_longPosVectorNodeB := f_getPosition(c_compNodeB); // Use NodeB // Test adapter configuration if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_prepareSecuredDenm( cc_taCert_A, { m_header_field_signer_info( m_signerInfo_unknown( 'CAFFEEDECA'O )), m_header_field_generation_time(1000 * f_getCurrentTime()), // In us m_header_field_generation_location( valueof(m_threeDLocation( v_longPosVectorNodeB.latitude, v_longPosVectorNodeB.longitude, '0000'O )) ), m_header_field_its_aid_DENM }, e_unknown, false ); f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu)); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } // End of 'for' statement if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_DENM_05_04_BO /** * @desc Check that IUT discards a Secured DENM containing generation_time before the certificate validity period *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_DENM_A) * containing header_fields['signer_info'].signer * containing certificate (CERT_TS_MSG_06_01_BO_AT) * containing validity_restrictions['time_start_and_end'] * containing start_validity * indicating START_VALIDITY_AT * and containing end_validity * indicating END_VALIDITY_AT * and containing header_fields ['generation_time'] * containing generation_time * indicating GEN_TIME < START_VALIDITY_AT * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_DENM_06_01_BO * @reference ETSI TS 103 097 [1], clauses 5.4 and 7.2 */ testcase TC_SEC_ITSS_RCV_DENM_06_01_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; var LongPosVector v_longPosVectorNodeB := f_getPosition(c_compNodeB); // Use NodeB var ValidityRestriction v_timeValidity; // Test adapter configuration if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body f_getCertificateValidityRestriction(vc_atCertificate, e_time_start_and_end, v_timeValidity); v_securedGnPdu := f_prepareSecuredDenm( cc_taCert0601_BO, { m_header_field_generation_time( (v_timeValidity.validity.time_start_and_end.start_validity - 3600) * 1000 ) // In us }, e_certificate ); f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu)); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } // End of 'for' statement if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_DENM_06_01_BO /** * @desc Check that IUT discards a Secured DENM containing generation_time before the certificate validity period *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_DENM_A) * containing header_fields['signer_info'].signer * containing certificate (CERT_TS_MSG_06_02_BO_AT) * containing validity_restrictions['time_start_and_end'] * containing start_validity * indicating START_VALIDITY_AT * and containing end_validity * indicating END_VALIDITY_AT * and containing header_fields ['generation_time'] * containing generation_time * indicating GEN_TIME > END_VALIDITY_AT * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_DENM_06_02_BO * @reference ETSI TS 103 097 [1], clauses 5.4 and 7.2 */ testcase TC_SEC_ITSS_RCV_DENM_06_02_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; var LongPosVector v_longPosVectorNodeB := f_getPosition(c_compNodeB); // Use NodeB var ValidityRestriction v_validity; // Test adapter configuration if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body f_getCertificateValidityRestriction(vc_atCertificate, e_time_start_and_end, v_validity); v_securedGnPdu := f_prepareSecuredDenm( cc_taCert0602_BO, { m_header_field_generation_time( (v_validity.validity.time_start_and_end.end_validity + 3600) * 1000 ) // In us }, e_certificate ); f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu)); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } // End of 'for' statement if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_DENM_06_02_BO /** * @desc Check that IUT discards a Secured DENM if the generation_time is more than 10 minute in the past (C2C only) *
* Pics Selection: PICS_GN_SECURITY and PICS_ITS_C2C_MODE * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_DENM_A) * containing header_fields ['generation_time'] * containing generation_time * indicating GEN_TIME ( CURRENT_TIME - 11min ) * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_DENM_06_03_BO * @reference ETSI TS 103 097 [1], clauses 5.4 and 7.2 */ testcase TC_SEC_ITSS_RCV_DENM_06_03_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; var LongPosVector v_longPosVectorNodeB := f_getPosition(c_compNodeB); // Use NodeB // Test adapter configuration if (not(PICS_GN_SECURITY) or not(PICS_ITS_C2C_MODE)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_ITS_C2C_MODE' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_prepareSecuredDenm( cc_taCert_A, { m_header_field_generation_time( (1000 * f_getCurrentTime() - 660) * 1000 ) // In us }, e_certificate ); f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu)); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } // End of 'for' statement if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_DENM_06_03_BO /** * @desc Check that IUT discards a Secured DENM if the generation_time is more than 10 minute in the future(C2C only) *
* Pics Selection: PICS_GN_SECURITY and PICS_ITS_C2C_MODE * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_DENM_A) * containing header_fields ['generation_time'] * containing generation_time * indicating GEN_TIME ( CURRENT_TIME + 11min ) * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_DENM_06_04_BO * @reference ETSI TS 103 097 [1], clauses 5.4 and 7.2 */ testcase TC_SEC_ITSS_RCV_DENM_06_04_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; var LongPosVector v_longPosVectorNodeB := f_getPosition(c_compNodeB); // Use NodeB // Test adapter configuration if (not(PICS_GN_SECURITY) or not(PICS_ITS_C2C_MODE)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_ITS_C2C_MODE' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_prepareSecuredDenm( cc_taCert_A, { m_header_field_generation_time( (1000 * f_getCurrentTime() + 660) * 1000 ) // In us }, e_certificate ); f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu)); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } // End of 'for' statement if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_DENM_06_04_BO /** * @desc Check that IUT discards secured DENM when its_aid value is not equal to AID_DENM *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_DENM_A) * containing header_fields['its_aid'] * indicating 'AID_CAM' * and containing payload_field * containing type * indicating 'signed' * containing data * containing DENM payload * } then { * the IUT discards the DENM * } * } ** @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_DENM_07_01_BO * @reference ETSI TS 103 097 [1], clause 7.2 */ testcase TC_SEC_ITSS_RCV_DENM_07_01_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; // Test control if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_prepareSecuredDenm( cc_taCert_A, { m_header_field_its_aid_CAM } ); f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu)); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } // End of 'for' statement if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_DENM_07_01_BO /** * @desc Check that IUT discards a Secured DENM when its_aid value is undefined *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_DENM_A) * containing header_fields['its_aid'] * indicating 'AID_UNDEFINED' * and containing payload_field { * containing type * indicating 'signed' * containing data * containing DENM payload * } then { * the IUT discards the DENM * } * } ** @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_DENM_07_02_BO * @reference ETSI TS 103 097 [1], clause 7.2 */ testcase TC_SEC_ITSS_RCV_DENM_07_02_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; // Test control if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_prepareSecuredDenm( cc_taCert_A, { m_header_field_its_aid_Other } ); f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu)); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } // End of 'for' statement if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_DENM_07_02_BO /** * @desc Check that IUT discards Secured DENM if the HeaderField generation_location is outside of the circular validity region of the signing certificate *
* Pics Selection: PICS_GN_SECURITY and PICS_USE_CIRCULAR_REGION * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * } * ensure that { * when { * the IUT is requested to send DENM * } then { * the IUT is receiving a SecuredMessage * containing header_fields['signer_info'].type * indicating 'certificate' * and containing header_fields ['signer_info'].certificate (CERT_AT_B) * containing validity_restrictions['region'] * containing region * containing region_type * indicating 'circle' * and containing circular_region * indicating REGION * and containing header_fields ['generation_location'] * containing generation_location * indicating position outside the REGION * and containing header_fields['its_aid'] * indicating 'AID_DENM' * } then { * the IUT discards the DENM * } * } ** @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_DENM_08_01_BO * @reference ETSI TS 103 097 [1], clause 7.2 */ testcase TC_SEC_ITSS_RCV_DENM_08_01_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; // Test control if (not(PICS_GN_SECURITY) or not(PICS_USE_CIRCULAR_REGION)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_USE_CIRCULAR_REGION' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_sendSecuredDenm(cc_taCert_B_BO, omit, e_certificate); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } // End of 'for' statement if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_DENM_08_01_BO /** * @desc Check that IUT discards Secured DENM if the HeaderField generation_location is outside of the rectangilar validity region of the signing certificate *
* Pics Selection: PICS_GN_SECURITY and PICS_USE_RECTANGULAR_REGION * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * } * ensure that { * when { * the IUT is requested to send DENM * } then { * the IUT is receiving a SecuredMessage * containing header_fields['signer_info'].type * indicating 'certificate' * and containing header_fields ['signer_info'].certificate (CERT_AT_C) * containing validity_restrictions['region'] * containing region * containing region_type * indicating 'rectangle' * and containing rectangular_regions * indicating REGION * and containing header_fields ['generation_location'] * containing generation_location * indicating position outside the REGION * and containing header_fields['its_aid'] * indicating 'AID_DENM' * } then { * the IUT discards the DENM * } * } ** @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_DENM_08_02_BO * @reference ETSI TS 103 097 [1], clause 7.2 */ testcase TC_SEC_ITSS_RCV_DENM_08_02_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; // Test control if (not(PICS_GN_SECURITY) or not(PICS_USE_RECTANGULAR_REGION)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_USE_RECTANGULAR_REGION' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_sendSecuredDenm(cc_taCert_C_BO, omit, e_certificate); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } // End of 'for' statement if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_DENM_08_02_BO /** * @desc Check that IUT discards Secured DENM if the HeaderField generation_location is outside of the polygonal validity region of the signing certificate *
* Pics Selection: PICS_GN_SECURITY and PICS_USE_POLYGONAL_REGION * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * } * ensure that { * when { * the IUT is requested to send DENM * } then { * the IUT is receiving a SecuredMessage * containing header_fields['signer_info'].type * indicating 'certificate' * and containing header_fields ['signer_info'].certificate (CERT_AT_D) * containing validity_restrictions['region'] * containing region * containing region_type * indicating 'polygon' * and containing polygonal_region * indicating REGION * and containing header_fields ['generation_location'] * containing generation_location * indicating position outside the REGION * and containing header_fields['its_aid'] * indicating 'AID_DENM' * } then { * the IUT discards the DENM * } * } ** @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_DENM_08_03_BO * @reference ETSI TS 103 097 [1], clause 7.2 */ testcase TC_SEC_ITSS_RCV_DENM_08_03_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; // Test control if (not(PICS_GN_SECURITY) or not(PICS_USE_POLYGONAL_REGION)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_USE_POLYGONAL_REGION' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_sendSecuredDenm(cc_taCert_D_BO, omit, e_certificate); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } // End of 'for' statement if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_DENM_08_03_BO /** * @desc Check that IUT discards Secured DENM if the HeaderField generation_location is outside of the identified validity region of the signing certificate *
* Pics Selection: PICS_GN_SECURITY and PICS_USE_IDENTIFIED_REGION * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * } * ensure that { * when { * the IUT is requested to send DENM * } then { * the IUT is receiving a SecuredMessage * containing header_fields['signer_info'].type * indicating 'certificate' * and containing header_fields ['signer_info'].certificate (CERT_AT_E) * containing validity_restrictions['region'] * containing region * containing region_type * indicating 'id_region' * and containing identified_region * indicating REGION * and containing header_fields ['generation_location'] * containing generation_location * indicating position outside the REGION * and containing header_fields['its_aid'] * indicating 'AID_DENM' * } then { * the IUT discards the DENM * } * } ** @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_DENM_08_04_BO * @reference ETSI TS 103 097 [1], clause 7.2 */ testcase TC_SEC_ITSS_RCV_DENM_08_04_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; // Test control if (not(PICS_GN_SECURITY) or not(PICS_USE_IDENTIFIED_REGION)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_USE_IDENTIFIED_REGION' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_sendSecuredDenm(cc_taCert_E_BO, omit, e_certificate); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } // End of 'for' statement if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_DENM_08_04_BO /** * @desc Check that IUT accepts a Secured DENM if the distance between the current position of IUT and the value of optional HeaderField generation_location is 29.9 km (C2C only) *
* Pics Selection: PICS_GN_SECURITY and PICS_ITS_C2C_MODE * Config Id: CF01 * Expected behavior: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_DENM_A) * containing header_fields[generation_location].type * indicating 'generation_location' * and containing generation_location * indicating position in 29.9 km from the current position of IUT * } then { * the IUT accepts the message * } * } ** @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_DENM_08_05_BV * @reference ETSI TS 103 097 [1], clause 7.2 */ testcase TC_SEC_ITSS_RCV_DENM_08_05_BV() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; var LongPosVector v_longPosVectorNodeB := f_getPosition(c_compNodeB); // Use NodeB var Int32 v_latitude; var Int32 v_longitude; // Test control if (not(PICS_GN_SECURITY) or not(PICS_ITS_C2C_MODE)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_ITS_C2C_MODE' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body fx_computePositionUsingDistance( v_longPosVectorNodeB.latitude, v_longPosVectorNodeB.longitude, 29900.0, 0, v_latitude, v_longitude ); v_securedGnPdu := f_prepareSecuredDenm( cc_taCert_A, { m_header_field_generation_location( valueof(m_threeDLocation( v_latitude, v_longitude, '0000'O )) ) }, e_certificate_digest_with_sha256 ); f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu)); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": PASS: DENM was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } else { log("*** " & testcasename() & ": FAIL: DENM was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_DENM_08_05_BV /** * @desc Check that IUT discards Secured DENM if the distance between the current position of IUT and the value of optional HeaderField generation_location is more than 30 km *
* Pics Selection: PICS_GN_SECURITY and PICS_ITS_C2C_MODE * Config Id: CF01 * Expected behavior: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_DENM_A) * containing header_fields[generation_location].type * indicating 'generation_location' * and containing generation_location * indicating position in 31 km from the current position of IUT * } then { * the IUT discards the message * } * } ** @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_DENM_08_06_BO * @reference ETSI TS 103 097 [1], clause 7.2 */ testcase TC_SEC_ITSS_RCV_DENM_08_06_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; var LongPosVector v_longPosVectorNodeB := f_getPosition(c_compNodeB); // Use NodeB var Int32 v_latitude; var Int32 v_longitude; // Test control if (not(PICS_GN_SECURITY) or not (PICS_ITS_C2C_MODE)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_ITS_C2C_MODE' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body fx_computePositionUsingDistance( v_longPosVectorNodeB.latitude, v_longPosVectorNodeB.longitude, 31000.0, 0, v_latitude, v_longitude ); v_securedGnPdu := f_prepareSecuredDenm( cc_taCert_A, { m_header_field_generation_location( valueof(m_threeDLocation( v_latitude, v_longitude, '0000'O )) ) }, e_certificate_digest_with_sha256 ); f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu)); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_DENM_08_06_BO /** * @desc Check that IUT discards the Secured DENM containing empty payload of type 'signed' *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_DENM_A) * containing payload_field * containing type * indicating 'signed' * and containing data * indicating length 0 * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_DENM_09_02_BO * @reference ETSI TS 103 097 [1], clause 7.2 */ testcase TC_SEC_ITSS_RCV_DENM_09_02_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GnNonSecuredPacket v_gnNonSecuredPacket; var octetstring v_gnPayload; var template (value) SecuredMessage v_securedMessage; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; var LongPosVector v_longPosVectorNodeB := f_getPosition(c_compNodeB); // Use NodeB var template (value) SituationContainer v_situation := m_situation(CauseCodeType_vehicleBreakdown_, VehicleBreakdownSubCauseCode_unavailable_); // Test adapter configuration if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_gnNonSecuredPacket := valueof( m_geoNwBroadcastPacket( v_longPosVectorNodeB, vc_localSeqNumber, f_getGeoBroadcastArea( c_area1 // Select area1 (see ETSI TS 102 871-2 Clause 4.2 Configuration 1) ))); // Add the DENM payload v_gnNonSecuredPacket.payload := valueof( f_adaptPayload_m( bit2oct( encvalue( m_denmReq( m_denmPdu( m_denm( m_denmMgmtCon( m_tsActionId ), v_situation, m_denmLocation_zeroDelta ))))))); // Encode it v_gnPayload := bit2oct( encvalue( v_gnNonSecuredPacket ) ); f_buildGnSecuredDenm( v_securedMessage, m_payload_signed( ''O ), e_certificate_digest_with_sha256, valueof(m_threeDLocation( v_longPosVectorNodeB.latitude, v_longPosVectorNodeB.longitude, '0000'O )) ); v_securedGnPdu := valueof(m_geoNwSecPdu(v_gnNonSecuredPacket, v_securedMessage)); f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu)); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } // End of 'for' statement if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_DENM_09_02_BO /** * @desc Check that IUT discards the Secured DENM containing payload of type 'unsecured' *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_DENM_A) * containing payload_field * containing type * indicating 'unsecured' * and containing data * indicating length > 0 * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_DENM_09_03_BO * @reference ETSI TS 103 097 [1], clause 7.2 */ testcase TC_SEC_ITSS_RCV_DENM_09_03_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GnNonSecuredPacket v_gnNonSecuredPacket; var octetstring v_gnPayload; var template (value) SecuredMessage v_securedMessage; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; var LongPosVector v_longPosVectorNodeB := f_getPosition(c_compNodeB); // Use NodeB var template (value) SituationContainer v_situation := m_situation(CauseCodeType_vehicleBreakdown_, VehicleBreakdownSubCauseCode_unavailable_); // Test adapter configuration if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_gnNonSecuredPacket := valueof( m_geoNwBroadcastPacket( v_longPosVectorNodeB, vc_localSeqNumber, f_getGeoBroadcastArea( c_area1 // Select area1 (see ETSI TS 102 871-2 Clause 4.2 Configuration 1) ))); // Add the DENM payload v_gnNonSecuredPacket.payload := valueof( f_adaptPayload_m( bit2oct( encvalue( m_denmReq( m_denmPdu( m_denm( m_denmMgmtCon( m_tsActionId ), v_situation, m_denmLocation_zeroDelta ))))))); // Encode it v_gnPayload := bit2oct( encvalue( v_gnNonSecuredPacket ) ); f_buildGnSecuredDenm( v_securedMessage, m_payload_unsecured( v_gnPayload ), e_certificate_digest_with_sha256, valueof(m_threeDLocation( v_longPosVectorNodeB.latitude, v_longPosVectorNodeB.longitude, '0000'O )) ); v_securedGnPdu := valueof(m_geoNwSecPdu(v_gnNonSecuredPacket, v_securedMessage)); f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu)); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } // End of 'for' statement if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_DENM_09_03_BO /** * @desc Check that IUT discards the Secured DENM containing payload of type 'encrypted' *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_DENM_A) * containing payload_field * containing type * indicating 'encrypted' * and containing data * indicating length > 0 * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_DENM_09_04_BO * @reference ETSI TS 103 097 [1], clause 7.2 */ testcase TC_SEC_ITSS_RCV_DENM_09_04_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GnNonSecuredPacket v_gnNonSecuredPacket; var octetstring v_gnPayload; var template (value) SecuredMessage v_securedMessage; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; var LongPosVector v_longPosVectorNodeB := f_getPosition(c_compNodeB); // Use NodeB var template (value) SituationContainer v_situation := m_situation(CauseCodeType_vehicleBreakdown_, VehicleBreakdownSubCauseCode_unavailable_); // Test adapter configuration if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_gnNonSecuredPacket := valueof( m_geoNwBroadcastPacket( v_longPosVectorNodeB, vc_localSeqNumber, f_getGeoBroadcastArea( c_area1 // Select area1 (see ETSI TS 102 871-2 Clause 4.2 Configuration 1) ))); // Add the DENM payload v_gnNonSecuredPacket.payload := valueof( f_adaptPayload_m( bit2oct( encvalue( m_denmReq( m_denmPdu( m_denm( m_denmMgmtCon( m_tsActionId ), v_situation, m_denmLocation_zeroDelta ))))))); // Encode it v_gnPayload := bit2oct( encvalue( v_gnNonSecuredPacket ) ); f_buildGnSecuredDenm( v_securedMessage, m_payload_encrypted( v_gnPayload ), e_certificate_digest_with_sha256, valueof(m_threeDLocation( v_longPosVectorNodeB.latitude, v_longPosVectorNodeB.longitude, '0000'O )) ); v_securedGnPdu := valueof(m_geoNwSecPdu(v_gnNonSecuredPacket, v_securedMessage)); f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu)); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } // End of 'for' statement if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_DENM_09_04_BO /** * @desc Check that IUT discards the Secured DENM containing payload of type 'signed_external' *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_DENM_A) * containing payload_field * containing type * indicating 'signed_external' * and containing data * indicating length > 0 * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_DENM_09_05_BO * @reference ETSI TS 103 097 [1], clause 7.2 */ testcase TC_SEC_ITSS_RCV_DENM_09_05_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GnNonSecuredPacket v_gnNonSecuredPacket; var octetstring v_gnPayload; var template (value) SecuredMessage v_securedMessage; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; var LongPosVector v_longPosVectorNodeB := f_getPosition(c_compNodeB); // Use NodeB var template (value) SituationContainer v_situation := m_situation(CauseCodeType_vehicleBreakdown_, VehicleBreakdownSubCauseCode_unavailable_); // Test adapter configuration if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_gnNonSecuredPacket := valueof( m_geoNwBroadcastPacket( v_longPosVectorNodeB, vc_localSeqNumber, f_getGeoBroadcastArea( c_area1 // Select area1 (see ETSI TS 102 871-2 Clause 4.2 Configuration 1) ))); // Add the DENM payload v_gnNonSecuredPacket.payload := valueof( f_adaptPayload_m( bit2oct( encvalue( m_denmReq( m_denmPdu( m_denm( m_denmMgmtCon( m_tsActionId ), v_situation, m_denmLocation_zeroDelta ))))))); // Encode it v_gnPayload := bit2oct( encvalue( v_gnNonSecuredPacket ) ); f_buildGnSecuredDenm( v_securedMessage, m_payload_signed_external( v_gnPayload ), e_certificate_digest_with_sha256, valueof(m_threeDLocation( v_longPosVectorNodeB.latitude, v_longPosVectorNodeB.longitude, '0000'O )) ); v_securedGnPdu := valueof(m_geoNwSecPdu(v_gnNonSecuredPacket, v_securedMessage)); f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu)); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } // End of 'for' statement if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_DENM_09_05_BO /** * @desc Check that IUT discards the Secured DENM containing exactly one non-empty payload of type 'signed_and_encrypted' *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_DENM_A) * containing payload_field * containing type * indicating 'signed_and_encrypted' * and containing data * indicating length > 0 * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_DENM_09_06_BO * @reference ETSI TS 103 097 [1], clause 7.2 */ testcase TC_SEC_ITSS_RCV_DENM_09_06_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GnNonSecuredPacket v_gnNonSecuredPacket; var octetstring v_gnPayload; var template (value) SecuredMessage v_securedMessage; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; var LongPosVector v_longPosVectorNodeB := f_getPosition(c_compNodeB); // Use NodeB var template (value) SituationContainer v_situation := m_situation(CauseCodeType_vehicleBreakdown_, VehicleBreakdownSubCauseCode_unavailable_); // Test adapter configuration if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_gnNonSecuredPacket := valueof( m_geoNwBroadcastPacket( v_longPosVectorNodeB, vc_localSeqNumber, f_getGeoBroadcastArea( c_area1 // Select area1 (see ETSI TS 102 871-2 Clause 4.2 Configuration 1) ))); // Add the DENM payload v_gnNonSecuredPacket.payload := valueof( f_adaptPayload_m( bit2oct( encvalue( m_denmReq( m_denmPdu( m_denm( m_denmMgmtCon( m_tsActionId ), v_situation, m_denmLocation_zeroDelta ))))))); // Encode it v_gnPayload := bit2oct( encvalue( v_gnNonSecuredPacket ) ); f_buildGnSecuredDenm( v_securedMessage, m_payload_signed_and_encrypted( v_gnPayload ), e_certificate_digest_with_sha256, valueof(m_threeDLocation( v_longPosVectorNodeB.latitude, v_longPosVectorNodeB.longitude, '0000'O )) ); v_securedGnPdu := valueof(m_geoNwSecPdu(v_gnNonSecuredPacket, v_securedMessage)); f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu)); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } // End of 'for' statement if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_DENM_09_06_BO /** * @desc Check that IUT discards the Secured DENM if the message does not contain the trailer field of type signature *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Expected behavior: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_DENM_A) * containing trailer_fields * not containing any instance of type TrailerField * containing type * indicating 'signature' * } then { * the IUT discards the message * } * } ** @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_DENM_10_01_BO * @reference ETSI TS 103 097 [1], clause 7.2 */ testcase TC_SEC_ITSS_RCV_DENM_10_01_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; // Test control if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_sendSecuredDenm_Bo(cc_taCert_A, -, 0); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_DENM_10_01_BO /** * @desc Check that IUT discards the Secured DENM containing more than one instance of TrailerField of type 'signature' *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Expected behavior: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_DENM_A) * containing trailer_fields[0].type * containing type * indicating 'signature' * and containing trailer_fields[1].type * containing type * indicating 'signature' * } then { * the IUT discards the message * } * } ** @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_DENM_10_02_BO * @reference ETSI TS 103 097 [1], clause 7.2 */ testcase TC_SEC_ITSS_RCV_DENM_10_02_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; // Test control if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_sendSecuredDenm_Bo(cc_taCert_A, -, 2); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_DENM_10_02_BO /** * @desc Check that the IUT discards Secured DENM containing signature that is not verified using the verification key from the certificate contained in the message's signer info *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Expected behavior: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_DENM_A) * containing header_fields ['signer_info'] * containing certificate (CERT_TS_A_AT) * containing subject_attributes['verification key'] (KEY) * and containing trailer_fields[0] * containing type * indicating 'signature' * and containing signature * NOT verifiable using KEY * } then { * the IUT discards the message * } * } ** @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_DENM_11_01_BO * @reference ETSI TS 103 097 [1], clauses 4.2.2 & 7.2 */ testcase TC_SEC_ITSS_RCV_DENM_11_01_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; // Test control if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_sendSecuredDenm_Bo( cc_taCert_A, -, 1, -, e_certificate ); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_DENM_11_01_BO /** * @desc Check that IUT discards the Secured DENM if the message contains trailer field of type 'signature' with reserved public key algorythms *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Expected behavior: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_DENM_A) * containing trailer_fields * containing an instance of type TrailerField * containing type * indicating 'signature' * and containing signature.algorithm * indicating X_RESERVED_PK_ALGORYTHM * } then { * the IUT discards the message * } * } ** @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_DENM_11_02_BO * @reference ETSI TS 103 097 [1], clauses 4.2.2 & 7.2 */ testcase TC_SEC_ITSS_RCV_DENM_11_02_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; // Test control if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_sendSecuredDenm_Bo( cc_taCert_A, -, 3 ); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_DENM_11_02_BO /** * @desc Check that IUT discards a Secured DENM if the signer certificate of the message contains the subject type 'enrolment_credential' *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Expected behavior: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_DENM_A) * containing header_fields['signer_info'] * containing signer * containing type * indicating 'certificate' * containing certificate (CERT_TS_EC_A) * containing subject_info.subject_type * indicating 'enrolment_credentials' * } then { * the IUT discards the message * } * } ** @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_DENM_12_01_BO * @reference ETSI TS 103 097 [1], clause 6.3 */ testcase TC_SEC_ITSS_RCV_DENM_12_01_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; // Test control if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_sendSecuredDenm( cc_taCert_EC, { m_header_field_generation_time(1000 * f_getCurrentTime()), // In us m_header_field_its_aid_DENM }, e_certificate ); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_DENM_12_01_BO /** * @desc Check that IUT discards a Secured DENM if the signer certificate of the message contains the subject type "authorization_authority" *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Expected behavior: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_DENM_A) * containing header_fields['signer_info'] * containing signer * containing type * indicating 'certificate' * containing certificate (CERT_TS_A_AA) * containing subject_info.subject_type * indicating 'authorization_authority' * } then { * the IUT discards the message * } * } ** @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_DENM_12_02_BO * @reference ETSI TS 103 097 [1], clause 6.3 */ testcase TC_SEC_ITSS_RCV_DENM_12_02_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; // Test control if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_sendSecuredDenm( cc_taCert_AA, { m_header_field_generation_time(1000 * f_getCurrentTime()), // In us m_header_field_its_aid_DENM }, e_certificate ); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_DENM_12_02_BO /** * @desc Check that IUT discards a Secured DENM if the signer certificate of the message contains the subject type 'enrolment_authority' *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Expected behavior: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_DENM_A) * containing header_fields['signer_info'] * containing signer * containing type * indicating 'certificate' * and certificate (CERT_TS_EA_A) * containing subject_info.subject_type * indicating 'enrolment_authority' * } then { * the IUT discards the message * } * } ** @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_DENM_12_03_BO * @reference ETSI TS 103 097 [1], clause 6.3 */ testcase TC_SEC_ITSS_RCV_DENM_12_03_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; // Test control if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_sendSecuredDenm( cc_taCert_EA, { m_header_field_generation_time(1000 * f_getCurrentTime()), // In us m_header_field_its_aid_DENM }, e_certificate ); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_DENM_12_03_BO /** * @desc Check that IUT discards a Secured DENM if the signer certificate of the message contains the subject type 'root_ca' *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Expected behavior: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_DENM_A) * containing header_fields['signer_info'] * containing signer * containing type * indicating 'certificate' * and certificate (CERT_TS_ROOT) * containing subject_info.subject_type * indicating 'root_ca' * } then { * the IUT discards the message * } * } ** @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_DENM_12_04_BO * @reference ETSI TS 103 097 [1], clause 6.3 */ testcase TC_SEC_ITSS_RCV_DENM_12_04_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; // Test control if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_sendSecuredDenm( cc_taCert_CA, { m_header_field_generation_time(1000 * f_getCurrentTime()), // In us m_header_field_its_aid_DENM }, e_certificate ); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_DENM_12_04_BO /** * @desc Check that IUT discards secured DENM signed with the not yet valid certificate *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Expected behavior: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_DENM_A) * containing header_fields['signer_info'].signer * containing certificate (CERT_TS_MSG_13_01_BO_AT) * containing validity_restrictions['time_start_and_end'] * containing start_validity * indicating START_VALIDITY_AT > CURRENT_TIME * and containing end_validity * indicating END_VALIDITY_AT > START_VALIDITY_AT * } then { * the IUT discards the message * } * } ** @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_DENM_13_01_BO * @reference ETSI TS 103 097 [1], clause 7.2 */ testcase TC_SEC_ITSS_RCV_DENM_13_01_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; // Test control if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_sendSecuredDenm(cc_taCertMsg1301_BO, omit, e_certificate); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_DENM_13_01_BO /** * @desc Check that IUT discards secured DENM signed with the expired certificate *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Expected behavior: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_DENM_A) * containing header_fields['signer_info'].signer * containing certificate (CERT_TS_MSG_13_02_BO_AT) * containing validity_restrictions['time_start_and_end'] * containing start_validity * indicating START_VALIDITY_AT < CURRENT_TIME * and containing end_validity * indicating END_VALIDITY_AT < START_VALIDITY_AT * } then { * the IUT discards the message * } * } ** @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_DENM_13_02_BO * @reference ETSI TS 103 097 [1], clause 7.2 */ testcase TC_SEC_ITSS_RCV_DENM_13_02_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; // Test control if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_sendSecuredDenm(cc_taCertMsg1302_BO, omit, e_certificate); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_DENM_13_02_BO /** * @desc Check that IUT discards secured DENM when IUT location is outside the circular validity restriction of the signing certificate *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Expected behavior: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_DENM_A) * containing header_fields['signer_info'].signer * containing certificate (CERT_TS_MSG_13_03_BO_AT) * containing validity_restrictions['region'] * containing region * containing region_type * indicating 'circle' * and containing circular_region * indicating REGION * not containing the CURRENT_IUT_LOCATION * } then { * the IUT discards the message * } * } ** @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_DENM_13_03_BO * @reference ETSI TS 103 097 [1], clause 7.2 */ testcase TC_SEC_ITSS_RCV_DENM_13_03_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; // Test control if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_sendSecuredDenm(cc_taCertMsg1303_BO, omit, e_certificate); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_DENM_13_03_BO /** * @desc Check that IUT discards secured DENM when IUT location is outside the rectangular validity restriction of the signing certificate *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Expected behavior: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_DENM_A) * containing header_fields['signer_info'].signer * containing certificate (CERT_TS_MSG_13_04_BO_AT) * containing validity_restrictions['region'] * containing region * containing region_type * indicating 'polygon' * and containing polygonal_region * indicating REGION * not containing the CURRENT_IUT_LOCATION * } then { * the IUT discards the message * } * } ** @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_DENM_13_04_BO * @reference ETSI TS 103 097 [1], clause 7.2 */ testcase TC_SEC_ITSS_RCV_DENM_13_04_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; // Test control if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_sendSecuredDenm(cc_taCertMsg1304_BO, omit, e_certificate); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_DENM_13_04_BO /** * @desc Check that IUT discards secured DENM when IUT location is outside the polygonal validity restriction of the signing certificate *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Expected behavior: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_DENM_A) * containing header_fields['signer_info'].signer * containing certificate (CERT_TS_MSG_13_05_BO_AT) * containing validity_restrictions['region'] * containing region * containing region_type * indicating 'rectangle' * and containing rectanglar_region * indicating REGION * not containing the CURRENT_IUT_LOCATION * } then { * the IUT discards the message * } * } ** @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_DENM_13_05_BO * @reference ETSI TS 103 097 [1], clause 7.2 */ testcase TC_SEC_ITSS_RCV_DENM_13_05_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; // Test control if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_sendSecuredDenm(cc_taCertMsg1305_BO, omit, e_certificate); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_DENM_13_05_BO /** * @desc Check that IUT discards secured DENM when IUT location is outside the identified validity restriction of the signing certificate *
* Pics Selection: PICS_GN_SECURITY * Config Id: CF01 * Expected behavior: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_DENM_A) * containing header_fields['signer_info'].signer * containing certificate (CERT_TS_MSG_13_06_BO_AT) * containing validity_restrictions['region'] * containing region * containing region_type * indicating 'id' * and containing id_region * indicating REGION * not containing the CURRENT_IUT_LOCATION * } then { * the IUT discards the message * } * } ** @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_DENM_13_06_BO * @reference ETSI TS 103 097 [1], clause 7.2 */ testcase TC_SEC_ITSS_RCV_DENM_13_06_BO() runs on ItsGeoNetworking system ItsSecSystem { // Local variables var integer i; var GeoNetworkingPdu v_securedGnPdu; var GnRawPayload v_sentRawPayload; // Test control if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_sendSecuredDenm(cc_taCertMsg1306_BO, omit, e_certificate); f_sleep(PX_TNOAC); v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload); for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) { // Empty on purpose } if (i < lengthof(vc_utInds)) { log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_poNeighbour(); f_cf01Down(); } // End of testcase TC_SEC_ITSS_RCV_DENM_13_06_BO } // End of group recvDenmProfile /** * @desc Receiving behaviour test cases for Other profile * @see ETSI TS 103 096-2 V1.2.2 (2016-01) Clause 5.3.4 Generic Signed Message Profile */ group recvOtherProfile { /** * @desc Function used to verify the IUT has forwarded or discarded the received secured message sent by the TA */ group commonFunctions { /** * @desc Behavior function for NodeD in case of forwarding is expected * @see TC_GEONW_PON_GBC_BV_01 */ function f_TC_SEC_ITSS_RCV_GENMSG_xxx_BV_nodeD() runs on ItsGeoNetworking { // Local variables var LongPosVector v_longPosVectorNodeB := f_getPosition(c_compNodeB); // Use NodeB // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdict(c_prDone, e_success); // Test Body tc_ac.start; alt { [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mdw_securedMessage_dummy, mw_geoNwBroadcastPacketWithArea( mw_longPosVectorPosition_withDelta( v_longPosVectorNodeB ), ?, f_getGeoBroadcastArea(c_area1) )))) { tc_ac.stop; log("*** " & testcasename() & ": PASS: Beacon message was forwarded ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mdw_securedMessage_dummy ))) { // Do not restart tc_ac timer log("*** " & testcasename() & ": INFO: Unexpected GN message ignored ***"); repeat; } [] tc_ac.timeout { log("*** " & testcasename() & ": FAIL: GBC message not received ***"); f_selfOrClientSyncAndVerdict(c_tbDone, e_error); } } // Postamble f_poNeighbour(); } // End of function f_TC_SEC_ITSS_RCV_GENMSG_xxx_BV_nodeD /** * @desc Behavior function for NodeD in case of forwarding is not expected * @see TC_GEONW_PON_GBC_BV_01 */ function f_TC_SEC_ITSS_RCV_GENMSG_xxx_BO_nodeD() runs on ItsGeoNetworking { // Local variables var LongPosVector v_longPosVectorIut := f_getPosition(c_compIut); // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdict(c_prDone, e_success); // Test Body tc_noac.start; alt { [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mdw_securedMessage_dummy, mw_geoNwBroadcastPacketWithArea( mw_longPosVectorPosition_withDelta( v_longPosVectorIut ), ?, f_getGeoBroadcastArea(c_area1) )))) { tc_noac.stop; log("*** " & testcasename() & ": FAIL: Beacon message shall ot be forwarded ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mdw_securedMessage_dummy ))) { // Do not restart tc_ac timer log("*** " & testcasename() & ": INFO: Unexpected GN message ignored ***"); repeat; } [] tc_noac.timeout { log("*** " & testcasename() & ": PASS: Secured message was discarded ***"); f_selfOrClientSyncAndVerdict(c_tbDone, e_success); } } // Postamble f_poNeighbour(); } // End of function f_TC_SEC_ITSS_RCV_GENMSG_xxx_BO_nodeD } // End of goup commonFunctions /** * @desc Check that IUT accepts a well-formed Secured GN Beacon signed with the certificate without region validity restriction * @remark The message defined in this test purpose is used in the subsequent test purposes with the snippet name ‘MSG_SEC_RCV_GENMSG_C’. Only differences to this snippet are mentioned in subsequent test purposes *
* Pics Selection: PICS_GN_SECURITY and PICS_GN_GBC_SRC * Config Id: CF01 * Expected behavior: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage * containing header_fields[0] * containing type * indicating 'signer_info' * and containing signer * containing type * indicating 'certificate' * and containing certificate (CERT_AT_A) * containing subject_info.subject_type * indicating 'authorization_ticket' (2) * and containing subject_attributes['verification key'] (KEY) * and containing validity_restrictions['time_start_and_end'] * indicating CERT_TS_AT_TIME_VALIDITY * and not containing validity_restrictions['region'] * and containing header_fields [1] * containing type * indicating 'generation_time' * containing generation_time * indicating CURRENT_TIME * inside CERT_TS_AT_TIME_VALIDITY * and containing header_fields [2] * containing type * indicating 'generation_location' * containing generation_location * and containing generation_location * and containing header_fields[3] * containing type * indicating 'its_aid' * and containing its_aid * indicating 'AID_BEACON' * and containing payload_field * containing type * indicating 'signed' * containing data * indicating length > 0 * and containing trailer_fields * containing single instance of type TrailerField * containing type * indicating 'signature' * containing signature * verifiable using KEY * } then { * the IUT accepts the message * } * } ** @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_GENMSG_01_01_BV * @reference ETSI TS 103 097 [1], clause 7.3 */ testcase TC_SEC_ITSS_RCV_GENMSG_01_01_BV() runs on ItsMtc system ItsSecSystem { // Local variables var ItsGeoNetworking v_nodeB; var ItsGeoNetworking v_nodeD; // Test control if (not(PICS_GN_SECURITY) or not(PICS_GN_GBC_SRC)) { log("*** " & testcasename() & ": 'PICS_GN_SECURITY and PICS_GN_GBC_SRC' required for executing the TC ***"); setverdict(inconc); stop; } // Test component configuration f_cf02Up(); // Preamble // Start components v_nodeB := f_getComponent(c_compNodeB); v_nodeD := f_getComponent(c_compNodeD); v_nodeB.start(f_TC_SEC_ITSS_RCV_GENMSG_01_0x_BV_nodeB(cc_taCert_A)); v_nodeD.start(f_TC_SEC_ITSS_RCV_GENMSG_xxx_BV_nodeD()); // Synchronization f_serverSync2ClientsAndStop({c_prDone, c_tbDone, c_poDone}); // Cleanup f_cf02Down(); } // End of testcase TC_SEC_ITSS_RCV_GENMSG_01_01_BV /** * @desc Check that IUT accepts a well-formed Secured GN Beacon signed with the certificate with a circular region validity restriction * @remark The message defined in this test purpose is used in the subsequent test purposes with the snippet name ‘MSG_SEC_RCV_GENMSG_C’. Only differences to this snippet are mentioned in subsequent test purposes *
* Pics Selection: PICS_GN_SECURITY and PICS_GN_GBC_SRC * Config Id: CF01 * Expected behavior: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_B_AT * and the IUT current location is inside the region validity period of CERT_TS_B_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage * containing protocol_version * indicating value '2' * and containing header_fields[0] * containing type * indicating 'signer_info' * and containing signer * containing type * indicating 'certificate' * and containing certificate (CERT_TS_B_AT) * containing subject_info.subject_type * indicating 'authorization_ticket' (2) * and containing subject_attributes['verification key'] (KEY) * and containing validity_restrictions['time_start_and_end'] * indicating CERT_TS_AT_TIME_VALIDITY * and containing validity_restrictions['region'] * containing region * containing region_type * indicating 'circle' * and containing circular_region * indicating REGION * and containing header_fields [1] * containing type * indicating 'generation_time' * containing generation_time * indicating CURRENT_TIME * and containing header_fields [2] * containing type * indicating 'generation_location' * and containing generation_location * and containing header_fields[3] * containing type * indicating 'its_aid' * and containing its_aid * indicating 'AID_BEACON' * and containing payload_field * containing type * indicating 'signed' * containing data * indicating length > 0 * and containing trailer_fields * containing single instance of type TrailerField * containing type * indicating 'signature' * containing signature * verifiable using KEY * } then { * the IUT accepts the message * } * } ** @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_GENMSG_01_02_BV * @reference ETSI TS 103 097 [1], clause 7.3 */ testcase TC_SEC_ITSS_RCV_GENMSG_01_02_BV() runs on ItsMtc system ItsSecSystem { // Local variables var ItsGeoNetworking v_nodeB; var ItsGeoNetworking v_nodeD; // Test control if (not(PICS_GN_SECURITY) or not(PICS_GN_GBC_SRC)) { log("*** " & testcasename() & ": 'PICS_GN_SECURITY and PICS_GN_GBC_SRC' required for executing the TC ***"); setverdict(inconc); stop; } // Test component configuration f_cf02Up(); // Preamble // Start components v_nodeB := f_getComponent(c_compNodeB); v_nodeD := f_getComponent(c_compNodeD); v_nodeB.start(f_TC_SEC_ITSS_RCV_GENMSG_01_0x_BV_nodeB(cc_taCert_B)); v_nodeD.start(f_TC_SEC_ITSS_RCV_GENMSG_xxx_BV_nodeD()); // Synchronization f_serverSync2ClientsAndStop({c_prDone, c_tbDone, c_poDone}); // Cleanup f_cf02Down(); } // End of testcase TC_SEC_ITSS_RCV_GENMSG_01_02_BV /** * @desc Check that IUT accepts a well-formed Secured GN Beacon signed with the certificate with a rectangular region validity restriction * @remark The message defined in this test purpose is used in the subsequent test purposes with the snippet name ‘MSG_SEC_RCV_GENMSG_C’. Only differences to this snippet are mentioned in subsequent test purposes *
* Pics Selection: PICS_GN_SECURITY and PICS_GN_GBC_SRC * Config Id: CF01 * Expected behavior: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_C_AT * and the IUT current location is inside the region validity period of CERT_TS_C_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage * containing protocol_version * indicating value '2' * and containing header_fields[0] * containing type * indicating 'signer_info' * and containing signer * containing type * indicating 'certificate' * and containing certificate (CERT_TS_C_AT) * containing subject_info.subject_type * indicating 'authorization_ticket' (2) * and containing subject_attributes['verification key'] (KEY) * and containing validity_restrictions['time_start_and_end'] * indicating CERT_TS_AT_TIME_VALIDITY * and containing validity_restrictions['region'] * containing region * containing region_type * indicating 'rectangle' * and containing rectangular_region * indicating REGION * and containing header_fields [1] * containing type * indicating 'generation_time' * containing generation_time * indicating CURRENT_TIME * and containing header_fields [2] * containing type * indicating 'generation_location' * and containing generation_location * and containing header_fields[3] * containing type * indicating 'its_aid' * and containing its_aid * indicating 'AID_BEACON' * and containing payload_field * containing type * indicating 'signed' * containing data * indicating length > 0 * and containing trailer_fields * containing single instance of type TrailerField * containing type * indicating 'signature' * containing signature * verifiable using KEY * } then { * the IUT accepts the message * } * } ** @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_GENMSG_01_03_BV * @reference ETSI TS 103 097 [1], clause 7.3 */ testcase TC_SEC_ITSS_RCV_GENMSG_01_03_BV() runs on ItsMtc system ItsSecSystem { // Local variables var ItsGeoNetworking v_nodeB; var ItsGeoNetworking v_nodeD; // Test control if (not(PICS_GN_SECURITY) or not(PICS_GN_GBC_SRC)) { log("*** " & testcasename() & ": 'PICS_GN_SECURITY and PICS_GN_GBC_SRC' required for executing the TC ***"); setverdict(inconc); stop; } // Test component configuration f_cf02Up(); // Preamble // Start components v_nodeB := f_getComponent(c_compNodeB); v_nodeD := f_getComponent(c_compNodeD); v_nodeB.start(f_TC_SEC_ITSS_RCV_GENMSG_01_0x_BV_nodeB(cc_taCert_C)); v_nodeD.start(f_TC_SEC_ITSS_RCV_GENMSG_xxx_BV_nodeD()); // Synchronization f_serverSync2ClientsAndStop({c_prDone, c_tbDone, c_poDone}); // Cleanup f_cf02Down(); } // End of testcase TC_SEC_ITSS_RCV_GENMSG_01_03_BV /** * @desc Check that IUT accepts a well-formed Secured GN Beacon signed with the certificate with a rectangular region validity restriction * @remark The message defined in this test purpose is used in the subsequent test purposes with the snippet name ‘MSG_SEC_RCV_GENMSG_C’. Only differences to this snippet are mentioned in subsequent test purposes *
* Pics Selection: PICS_GN_SECURITY and PICS_GN_GBC_SRC * Config Id: CF01 * Expected behavior: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_D_AT * and the IUT current location is inside the region validity period of CERT_TS_D_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage * containing protocol_version * indicating value '2' * and containing header_fields[0] * containing type * indicating 'signer_info' * and containing signer * containing type * indicating 'certificate' * and containing certificate (CERT_TS_D_AT) * containing subject_info.subject_type * indicating 'authorization_ticket' (2) * and containing subject_attributes['verification key'] (KEY) * and containing validity_restrictions['time_start_and_end'] * indicating CERT_TS_AT_TIME_VALIDITY * and containing validity_restrictions['region'] * containing region * containing region_type * indicating 'polygon' * and containing polygonal_region * indicating REGION * and containing header_fields [1] * containing type * indicating 'generation_time' * containing generation_time * indicating CURRENT_TIME * and containing header_fields [2] * containing type * indicating 'generation_location' * and containing generation_location * and containing header_fields[3] * containing type * indicating 'its_aid' * and containing its_aid * indicating 'AID_BEACON' * and containing payload_field * containing type * indicating 'signed' * containing data * indicating length > 0 * and containing trailer_fields * containing single instance of type TrailerField * containing type * indicating 'signature' * containing signature * verifiable using KEY * } then { * the IUT accepts the message * } * } ** @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_GENMSG_01_04_BV * @reference ETSI TS 103 097 [1], clause 7.3 */ testcase TC_SEC_ITSS_RCV_GENMSG_01_04_BV() runs on ItsMtc system ItsSecSystem { // Local variables var ItsGeoNetworking v_nodeB; var ItsGeoNetworking v_nodeD; // Test control if (not(PICS_GN_SECURITY) or not(PICS_GN_GBC_SRC)) { log("*** " & testcasename() & ": 'PICS_GN_SECURITY and PICS_GN_GBC_SRC' required for executing the TC ***"); setverdict(inconc); stop; } // Test component configuration f_cf02Up(); // Preamble // Start components v_nodeB := f_getComponent(c_compNodeB); v_nodeD := f_getComponent(c_compNodeD); v_nodeB.start(f_TC_SEC_ITSS_RCV_GENMSG_01_0x_BV_nodeB(cc_taCert_D)); v_nodeD.start(f_TC_SEC_ITSS_RCV_GENMSG_xxx_BV_nodeD()); // Synchronization f_serverSync2ClientsAndStop({c_prDone, c_tbDone, c_poDone}); // Cleanup f_cf02Down(); } // End of testcase TC_SEC_ITSS_RCV_GENMSG_01_04_BV /** * @desc Check that IUT accepts a well-formed Secured GN Beacon signed with the certificate with a rectangular region validity restriction * @remark The message defined in this test purpose is used in the subsequent test purposes with the snippet name ‘MSG_SEC_RCV_GENMSG_C’. Only differences to this snippet are mentioned in subsequent test purposes *
* Pics Selection: PICS_GN_SECURITY and PICS_GN_GBC_SRC * Config Id: CF01 * Expected behavior: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_E_AT * and the IUT current location is inside the region validity period of CERT_TS_E_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage * containing protocol_version * indicating value '2' * and containing header_fields[0] * containing type * indicating 'signer_info' * and containing signer * containing type * indicating 'certificate' * and containing certificate (CERT_TS_E_AT) * containing subject_info.subject_type * indicating 'authorization_ticket' (2) * and containing subject_attributes['verification key'] (KEY) * and containing validity_restrictions['time_start_and_end'] * indicating CERT_TS_AT_TIME_VALIDITY * and containing validity_restrictions['region'] * containing region * containing region_type * indicating 'id_region' * and containing id_region * indicating REGION * and containing header_fields [1] * containing type * indicating 'generation_time' * containing generation_time * indicating CURRENT_TIME * and containing header_fields [2] * containing type * indicating 'generation_location' * and containing generation_location * and containing header_fields[3] * containing type * indicating 'its_aid' * and containing its_aid * indicating 'AID_BEACON' * and containing payload_field * containing type * indicating 'signed' * containing data * indicating length > 0 * and containing trailer_fields * containing single instance of type TrailerField * containing type * indicating 'signature' * containing signature * verifiable using KEY * } then { * the IUT accepts the message * } * } ** @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_GENMSG_01_05_BV * @reference ETSI TS 103 097 [1], clause 7.3 */ testcase TC_SEC_ITSS_RCV_GENMSG_01_05_BV() runs on ItsMtc system ItsSecSystem { // Local variables var ItsGeoNetworking v_nodeB; var ItsGeoNetworking v_nodeD; // Test control if (not(PICS_GN_SECURITY) or not(PICS_GN_GBC_SRC)) { log("*** " & testcasename() & ": 'PICS_GN_SECURITY and PICS_GN_GBC_SRC' required for executing the TC ***"); setverdict(inconc); stop; } // Test component configuration f_cf02Up(); // Preamble // Start components v_nodeB := f_getComponent(c_compNodeB); v_nodeD := f_getComponent(c_compNodeD); v_nodeB.start(f_TC_SEC_ITSS_RCV_GENMSG_01_0x_BV_nodeB(cc_taCert_E)); v_nodeD.start(f_TC_SEC_ITSS_RCV_GENMSG_xxx_BV_nodeD()); // Synchronization f_serverSync2ClientsAndStop({c_prDone, c_tbDone, c_poDone}); // Cleanup f_cf02Down(); } // End of testcase TC_SEC_ITSS_RCV_GENMSG_01_05_BV group g_TC_SEC_ITSS_RCV_GENMSG_01_0x_BV { /** * @desc Behavior function for NodeB (TC_GEONW_PON_GBC_BV_01) */ function f_TC_SEC_ITSS_RCV_GENMSG_01_0x_BV_nodeB( in charstring p_taCert ) runs on ItsGeoNetworking { // Local variables var GeoNetworkingPdu v_securedGnPdu; // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdict(c_prDone, e_success); // Test Body v_securedGnPdu := f_sendSecuredBeacon(p_taCert, omit, e_certificate); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); // Postamble f_selfOrClientSyncAndVerdict(c_poDone, e_success); } // End of function f_TC_SEC_ITSS_RCV_GENMSG_01_0x_BV_nodeB } // End of group g_TC_SEC_ITSS_RCV_GENMSG_01_0x_BV /** * @desc Check that IUT discards a Secured GN Message containing protocol version set to a value less than 2 *
* Pics Selection: PICS_GN_SECURITY and PICS_GN_GBC_SRC * Config Id: CF01 * Expected behavior: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage * containing protocol_version * indicating 1 * } then { * the IUT discards the message * } * } ** @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_GENMSG_02_01_BO * @reference ETSI TS 103 097 [1], clause 5.1 */ testcase TC_SEC_ITSS_RCV_GENMSG_02_01_BO() runs on ItsMtc system ItsSecSystem { // Local variables var ItsGeoNetworking v_nodeB; var ItsGeoNetworking v_nodeD; // Test control if (not(PICS_GN_SECURITY) or not(PICS_GN_GBC_SRC)) { log("*** " & testcasename() & ": 'PICS_GN_SECURITY and PICS_GN_GBC_SRC' required for executing the TC ***"); setverdict(inconc); stop; } // Test component configuration f_cf02Up(); // Preamble // Start components v_nodeB := f_getComponent(c_compNodeB); v_nodeD := f_getComponent(c_compNodeD); v_nodeB.start(f_TC_SEC_ITSS_RCV_GENMSG_02_0x_BO_nodeB(PX_WRONG_PROTOCOL_VERSION)); v_nodeD.start(f_TC_SEC_ITSS_RCV_GENMSG_xxx_BO_nodeD()); // Synchronization f_serverSync2ClientsAndStop({c_prDone, c_tbDone, c_poDone}); // Cleanup f_cf02Down(); } // End of testcase TC_SEC_ITSS_RCV_GENMSG_02_01_BO /** * @desc Check that IUT discards a Secured GN Message containing protocol version set to a value greater than 2 *
* Pics Selection: PICS_GN_SECURITY and PICS_GN_GBC_SRC * Config Id: CF01 * Expected behavior: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage * containing protocol_version * indicating 3 * } then { * the IUT discards the message * } * } ** @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_GENMSG_02_02_BO * @reference ETSI TS 103 097 [1], clause 5.1 */ testcase TC_SEC_ITSS_RCV_GENMSG_02_02_BO() runs on ItsMtc system ItsSecSystem { // Local variables var ItsGeoNetworking v_nodeB; var ItsGeoNetworking v_nodeD; // Test control if (not(PICS_GN_SECURITY) or not(PICS_GN_GBC_SRC)) { log("*** " & testcasename() & ": 'PICS_GN_SECURITY and PICS_GN_GBC_SRC' required for executing the TC ***"); setverdict(inconc); stop; } // Test component configuration f_cf02Up(); // Preamble // Start components v_nodeB := f_getComponent(c_compNodeB); v_nodeD := f_getComponent(c_compNodeD); v_nodeB.start(f_TC_SEC_ITSS_RCV_GENMSG_02_0x_BO_nodeB(PX_WRONG_PROTOCOL_VERSION)); v_nodeD.start(f_TC_SEC_ITSS_RCV_GENMSG_xxx_BO_nodeD()); // Synchronization f_serverSync2ClientsAndStop({c_prDone, c_tbDone, c_poDone}); // Cleanup f_cf02Down(); } // End of testcase TC_SEC_ITSS_RCV_GENMSG_02_02_BO group g_TC_SEC_ITSS_RCV_GENMSG_02_0x_BO { /** * @desc Behavior function for NodeB (TC_GEONW_PON_GBC_BV_01) */ function f_TC_SEC_ITSS_RCV_GENMSG_02_0x_BO_nodeB( in UInt8 p_protocolVersion ) runs on ItsGeoNetworking { // Local variables var GeoNetworkingPdu v_securedGnPdu; // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdict(c_prDone, e_success); // Test Body v_securedGnPdu := f_sendSecuredBeacon_Bo(cc_taCert_A, p_protocolVersion); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); // Postamble f_selfOrClientSyncAndVerdict(c_poDone, e_success); } // End of function f_TC_SEC_ITSS_RCV_GENMSG_02_0x_BO_nodeB } // End of group g_TC_SEC_ITSS_RCV_GENMSG_02_0x_BV /** * @desc Check that IUT discards a secured GN Message if the header_fields contains more than one header field of type 'signer_info' *
* Pics Selection: PICS_GN_SECURITY and PICS_GN_GBC_SRC * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_GENMSG_A) * containing header_fields[0].type * indicating 'signer_info' * and containing header_fields[1].type * indicating 'signer_info' * and containing header_fields[2].type * indicating 'generation_time' * and containing header_fields[3].type * indicating ''generation_location'' * and containing header_fields[4].type * containing its_aid * indicating 'AID_BEACON' * and not containing other header fields * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_GENMSG_04_01_BO * @reference ETSI TS 103 097 [1], clause 7.3 */ testcase TC_SEC_ITSS_RCV_GENMSG_04_01_BO() runs on ItsMtc system ItsSecSystem { // Local variables var ItsGeoNetworking v_nodeB; var ItsGeoNetworking v_nodeD; // Test control if (not(PICS_GN_SECURITY) or not(PICS_GN_GBC_SRC)) { log("*** " & testcasename() & ": 'PICS_GN_SECURITY and PICS_GN_GBC_SRC' required for executing the TC ***"); setverdict(inconc); stop; } // Test component configuration f_cf02Up(); // Preamble // Start components v_nodeB := f_getComponent(c_compNodeB); v_nodeD := f_getComponent(c_compNodeD); v_nodeB.start(f_TC_SEC_ITSS_RCV_GENMSG_04_01_BO()); v_nodeD.start(f_TC_SEC_ITSS_RCV_GENMSG_xxx_BO_nodeD()); // Synchronization f_serverSync2ClientsAndStop({c_prDone, c_tbDone, c_poDone}); // Cleanup f_cf02Down(); } // End of testcase TC_SEC_ITSS_RCV_GENMSG_04_01_BO group g_TC_SEC_ITSS_RCV_GENMSG_04_01_BO { /** * @desc Behavior function for NodeB (TC_GEONW_PON_GBC_BV_01) */ function f_TC_SEC_ITSS_RCV_GENMSG_04_01_BO() runs on ItsGeoNetworking { // Local variables var GeoNetworkingPdu v_securedGnPdu; var LongPosVector v_longPosVectorNodeB := f_getPosition(c_compNodeB); // Use NodeB // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_prepareSecuredBeacon( cc_taCert_A, { m_header_field_signer_info( m_signerInfo_digest( vc_atCertificate.signer_info.signerInfo.digest )), m_header_field_signer_info( m_signerInfo_certificate( vc_aaCertificate )), m_header_field_generation_time(1000 * f_getCurrentTime()), // In us m_header_field_generation_location( valueof(m_threeDLocation( v_longPosVectorNodeB.latitude, v_longPosVectorNodeB.longitude, '0000'O )) ), m_header_field_its_aid_Other }, e_certificate_digest_with_sha256, false ); f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu)); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); // Postamble f_selfOrClientSyncAndVerdict(c_poDone, e_success); } // End of testcase f_TC_SEC_ITSS_RCV_GENMSG_04_01_BO } // End of group g_TC_SEC_ITSS_RCV_GENMSG_04_01_BO /** * @desc Check that IUT discards a secured GN Message if the header_fields does not contain the header field of type 'signer_info' *
* Pics Selection: PICS_GN_SECURITY and PICS_GN_GBC_SRC * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_GENMSG_A) * and containing header_fields[0].type * indicating 'generation_time' * and containing header_fields[1].type * indicating 'generation_location' * and containing header_fields[2].type * indicating 'signer_info' * and containing header_fields[3].type * containing its_aid * indicating 'AID_BEACON' * and not containing other header fields * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_GENMSG_04_02_BO * @reference ETSI TS 103 097 [1], clause 7.3 */ testcase TC_SEC_ITSS_RCV_GENMSG_04_02_BO() runs on ItsMtc system ItsSecSystem { // Local variables var ItsGeoNetworking v_nodeB; var ItsGeoNetworking v_nodeD; // Test control if (not(PICS_GN_SECURITY) or not(PICS_GN_GBC_SRC)) { log("*** " & testcasename() & ": 'PICS_GN_SECURITY and PICS_GN_GBC_SRC' required for executing the TC ***"); setverdict(inconc); stop; } // Test component configuration f_cf02Up(); // Preamble // Start components v_nodeB := f_getComponent(c_compNodeB); v_nodeD := f_getComponent(c_compNodeD); v_nodeB.start(f_TC_SEC_ITSS_RCV_GENMSG_04_02_BO()); v_nodeD.start(f_TC_SEC_ITSS_RCV_GENMSG_xxx_BO_nodeD()); // Synchronization f_serverSync2ClientsAndStop({c_prDone, c_tbDone, c_poDone}); // Cleanup f_cf02Down(); } // End of testcase TC_SEC_ITSS_RCV_GENMSG_04_02_BO group g_TC_SEC_ITSS_RCV_GENMSG_04_02_BO { /** * @desc Behavior function for NodeB (TC_GEONW_PON_GBC_BV_01) */ function f_TC_SEC_ITSS_RCV_GENMSG_04_02_BO() runs on ItsGeoNetworking { // Local variables var GeoNetworkingPdu v_securedGnPdu; var LongPosVector v_longPosVectorNodeB := f_getPosition(c_compNodeB); // Use NodeB // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_prepareSecuredBeacon( cc_taCert_A, { m_header_field_generation_time(1000 * f_getCurrentTime()), // In us m_header_field_generation_location( valueof(m_threeDLocation( v_longPosVectorNodeB.latitude, v_longPosVectorNodeB.longitude, '0000'O )) ), m_header_field_its_aid_Other }, e_certificate_digest_with_sha256, false ); f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu)); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); // Postamble f_selfOrClientSyncAndVerdict(c_poDone, e_success); } // End of testcase f_TC_SEC_ITSS_RCV_GENMSG_04_02_BO } // End of group g_TC_SEC_ITSS_RCV_GENMSG_04_02_BO /** * @desc Check that IUT is able to receive a secured GN Message if the signer_info header field is not encoded first. *
* Pics Selection: PICS_GN_SECURITY and PICS_GN_GBC_SRC * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_GENMSG_A) * and containing header_fields[0].type * indicating 'generation_time' * and containing header_fields[1].type * indicating 'generation_location' * and containing header_fields[2].type * containing its_aid * indicating 'AID_BEACON' * and containing header_fields[3].type * indicating 'signer_info' * and not containing other header fields * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_GENMSG_04_03_BO * @reference ETSI TS 103 097 [1], clause 7.3 */ testcase TC_SEC_ITSS_RCV_GENMSG_04_03_BO() runs on ItsMtc system ItsSecSystem { // Local variables var ItsGeoNetworking v_nodeB; var ItsGeoNetworking v_nodeD; // Test control if (not(PICS_GN_SECURITY) or not(PICS_GN_GBC_SRC)) { log("*** " & testcasename() & ": 'PICS_GN_SECURITY and PICS_GN_GBC_SRC' required for executing the TC ***"); setverdict(inconc); stop; } // Test component configuration f_cf02Up(); // Preamble // Start components v_nodeB := f_getComponent(c_compNodeB); v_nodeD := f_getComponent(c_compNodeD); v_nodeB.start(f_TC_SEC_ITSS_RCV_GENMSG_04_03_BO()); v_nodeD.start(f_TC_SEC_ITSS_RCV_GENMSG_xxx_BO_nodeD()); // Synchronization f_serverSync2ClientsAndStop({c_prDone, c_tbDone, c_poDone}); // Cleanup f_cf02Down(); } // End of testcase TC_SEC_ITSS_RCV_GENMSG_04_03_BO group g_TC_SEC_ITSS_RCV_GENMSG_04_03_BO { /** * @desc Behavior function for NodeB (TC_GEONW_PON_GBC_BV_01) */ function f_TC_SEC_ITSS_RCV_GENMSG_04_03_BO() runs on ItsGeoNetworking { // Local variables var GeoNetworkingPdu v_securedGnPdu; var LongPosVector v_longPosVectorNodeB := f_getPosition(c_compNodeB); // Use NodeB // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_prepareSecuredBeacon( cc_taCert_A, { m_header_field_generation_time(1000 * f_getCurrentTime()), // In us m_header_field_generation_location( valueof(m_threeDLocation( v_longPosVectorNodeB.latitude, v_longPosVectorNodeB.longitude, '0000'O )) ), m_header_field_its_aid_Other, m_header_field_signer_info( m_signerInfo_digest( vc_atCertificate.signer_info.signerInfo.digest )) }, e_certificate_digest_with_sha256, false ); f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu)); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); // Postamble f_selfOrClientSyncAndVerdict(c_poDone, e_success); } // End of testcase f_TC_SEC_ITSS_RCV_GENMSG_04_03_BO } // End of group g_TC_SEC_ITSS_RCV_GENMSG_04_03_BO /** * @desc Check that IUT discards a secured GN Message if the message contains more than one header field of type 'generation_time' *
* Pics Selection: PICS_GN_SECURITY and PICS_GN_GBC_SRC * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_GENMSG_A) * containing header_fields[0].type * indicating 'signer_info' * and containing header_fields[1].type * indicating 'generation_time' * and containing header_fields[2].type * indicating 'generation_time' * and containing header_fields[3].type * indicating 'generation_time' * and containing header_fields[4].type * containing its_aid * indicating 'AID_BEACON' * and not containing other header fields * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_GENMSG_04_04_BO * @reference ETSI TS 103 097 [1], clause 7.3 */ testcase TC_SEC_ITSS_RCV_GENMSG_04_04_BO() runs on ItsMtc system ItsSecSystem { // Local variables var ItsGeoNetworking v_nodeB; var ItsGeoNetworking v_nodeD; // Test control if (not(PICS_GN_SECURITY) or not(PICS_GN_GBC_SRC)) { log("*** " & testcasename() & ": 'PICS_GN_SECURITY and PICS_GN_GBC_SRC' required for executing the TC ***"); setverdict(inconc); stop; } // Test component configuration f_cf02Up(); // Preamble // Start components v_nodeB := f_getComponent(c_compNodeB); v_nodeD := f_getComponent(c_compNodeD); v_nodeB.start(f_TC_SEC_ITSS_RCV_GENMSG_04_04_BO()); v_nodeD.start(f_TC_SEC_ITSS_RCV_GENMSG_xxx_BO_nodeD()); // Synchronization f_serverSync2ClientsAndStop({c_prDone, c_tbDone, c_poDone}); // Cleanup f_cf02Down(); } // End of testcase TC_SEC_ITSS_RCV_GENMSG_04_04_BO group g_TC_SEC_ITSS_RCV_GENMSG_04_04_BO { /** * @desc Behavior function for NodeB (TC_GEONW_PON_GBC_BV_01) */ function f_TC_SEC_ITSS_RCV_GENMSG_04_04_BO() runs on ItsGeoNetworking { // Local variables var GeoNetworkingPdu v_securedGnPdu; var LongPosVector v_longPosVectorNodeB := f_getPosition(c_compNodeB); // Use NodeB // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_prepareSecuredBeacon( cc_taCert_A, { m_header_field_signer_info( m_signerInfo_digest( vc_atCertificate.signer_info.signerInfo.digest )), m_header_field_generation_time(1000 * f_getCurrentTime()), // In us m_header_field_generation_time(1000 * f_getCurrentTime() - 1), // In us m_header_field_generation_location( valueof(m_threeDLocation( v_longPosVectorNodeB.latitude, v_longPosVectorNodeB.longitude, '0000'O )) ), m_header_field_its_aid_Other }, e_certificate_digest_with_sha256, false ); f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu)); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); // Postamble f_selfOrClientSyncAndVerdict(c_poDone, e_success); } // End of testcase f_TC_SEC_ITSS_RCV_GENMSG_04_04_BO } // End of group g_TC_SEC_ITSS_RCV_GENMSG_04_04_BO /** * @desc Check that IUT discards a secured GN Message if the message does not contain the header field of type 'generation_time' *
* Pics Selection: PICS_GN_SECURITY and PICS_GN_GBC_SRC * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_GENMSG_A) * containing header_fields[0].type * indicating 'signer_info' * and containing header_fields[1].type * indicating 'generation_time' * and containing header_fields[2].type * containing its_aid * indicating 'AID_BEACON' * and not containing other header fields * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_GENMSG_04_05_BO * @reference ETSI TS 103 097 [1], clause 7.3 */ testcase TC_SEC_ITSS_RCV_GENMSG_04_05_BO() runs on ItsMtc system ItsSecSystem { // Local variables var ItsGeoNetworking v_nodeB; var ItsGeoNetworking v_nodeD; // Test control if (not(PICS_GN_SECURITY) or not(PICS_GN_GBC_SRC)) { log("*** " & testcasename() & ": 'PICS_GN_SECURITY and PICS_GN_GBC_SRC' required for executing the TC ***"); setverdict(inconc); stop; } // Test component configuration f_cf02Up(); // Preamble // Start components v_nodeB := f_getComponent(c_compNodeB); v_nodeD := f_getComponent(c_compNodeD); v_nodeB.start(f_TC_SEC_ITSS_RCV_GENMSG_04_05_BO()); v_nodeD.start(f_TC_SEC_ITSS_RCV_GENMSG_xxx_BO_nodeD()); // Synchronization f_serverSync2ClientsAndStop({c_prDone, c_tbDone, c_poDone}); // Cleanup f_cf02Down(); } // End of testcase TC_SEC_ITSS_RCV_GENMSG_04_05_BO group g_TC_SEC_ITSS_RCV_GENMSG_04_05_BO { /** * @desc Behavior function for NodeB (TC_GEONW_PON_GBC_BV_01) */ function f_TC_SEC_ITSS_RCV_GENMSG_04_05_BO() runs on ItsGeoNetworking { // Local variables var GeoNetworkingPdu v_securedGnPdu; var LongPosVector v_longPosVectorNodeB := f_getPosition(c_compNodeB); // Use NodeB // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_prepareSecuredBeacon( cc_taCert_A, { m_header_field_signer_info( m_signerInfo_digest( vc_atCertificate.signer_info.signerInfo.digest )), m_header_field_generation_location( valueof(m_threeDLocation( v_longPosVectorNodeB.latitude, v_longPosVectorNodeB.longitude, '0000'O )) ), m_header_field_its_aid_Other }, e_certificate_digest_with_sha256, false ); f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu)); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); // Postamble f_selfOrClientSyncAndVerdict(c_poDone, e_success); } // End of testcase f_TC_SEC_ITSS_RCV_GENMSG_04_05_BO } // End of group g_TC_SEC_ITSS_RCV_GENMSG_04_05_BO /** * @desc Check that IUT discards a Secured GN Message if the message contains more than one header field of type 'its_aid' *
* Pics Selection: PICS_GN_SECURITY and PICS_GN_GBC_SRC * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_GENMSG_A) * containing header_fields[0].type * indicating 'signer_info' * and containing header_fields[1].type * indicating 'generation_time' * and containing header_fields[2].type * indicating 'generation_location' * and containing header_fields[3] * containing type * indicating 'its_aid' * containing its_aid * indicating 'AID_BEACON' * and containing header_fields[4].type * containing its_aid * indicating 'AID_BEACON' * and not containing other header fields * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_GENMSG_04_06_BO * @reference ETSI TS 103 097 [1], clause 7.3 */ testcase TC_SEC_ITSS_RCV_GENMSG_04_06_BO() runs on ItsMtc system ItsSecSystem { // Local variables var ItsGeoNetworking v_nodeB; var ItsGeoNetworking v_nodeD; // Test control if (not(PICS_GN_SECURITY) or not(PICS_GN_GBC_SRC)) { log("*** " & testcasename() & ": 'PICS_GN_SECURITY and PICS_GN_GBC_SRC' required for executing the TC ***"); setverdict(inconc); stop; } // Test component configuration f_cf02Up(); // Preamble // Start components v_nodeB := f_getComponent(c_compNodeB); v_nodeD := f_getComponent(c_compNodeD); v_nodeB.start(f_TC_SEC_ITSS_RCV_GENMSG_04_06_BO()); v_nodeD.start(f_TC_SEC_ITSS_RCV_GENMSG_xxx_BO_nodeD()); // Synchronization f_serverSync2ClientsAndStop({c_prDone, c_tbDone, c_poDone}); // Cleanup f_cf02Down(); } // End of testcase TC_SEC_ITSS_RCV_GENMSG_04_06_BO group g_TC_SEC_ITSS_RCV_GENMSG_04_06_BO { /** * @desc Behavior function for NodeB (TC_GEONW_PON_GBC_BV_01) */ function f_TC_SEC_ITSS_RCV_GENMSG_04_06_BO() runs on ItsGeoNetworking { // Local variables var GeoNetworkingPdu v_securedGnPdu; var LongPosVector v_longPosVectorNodeB := f_getPosition(c_compNodeB); // Use NodeB // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_prepareSecuredBeacon( cc_taCert_A, { m_header_field_signer_info( m_signerInfo_digest( vc_atCertificate.signer_info.signerInfo.digest )), m_header_field_generation_time(1000 * f_getCurrentTime()), // In us m_header_field_generation_location( valueof(m_threeDLocation( v_longPosVectorNodeB.latitude, v_longPosVectorNodeB.longitude, '0000'O )) ), m_header_field_its_aid_Other, m_header_field_its_aid_Other }, e_certificate_digest_with_sha256, false ); f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu)); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); // Postamble f_selfOrClientSyncAndVerdict(c_poDone, e_success); } // End of testcase f_TC_SEC_ITSS_RCV_GENMSG_04_06_BO } // End of group g_TC_SEC_ITSS_RCV_GENMSG_04_06_BO /** * @desc Check that IUT discards a secured GN Message if the message does not contain the header field of type 'its_aid' *
* Pics Selection: PICS_GN_SECURITY and PICS_GN_GBC_SRC * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_GENMSG_A) * containing header_fields[0].type * indicating 'signer_info' * and containing header_fields[1].type * indicating 'generation_time' * and containing header_fields[2].type * indicating 'generation_location' * and not containing other header fields * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_GENMSG_04_06a_BO * @reference ETSI TS 103 097 [1], clause 7.3 */ testcase TC_SEC_ITSS_RCV_GENMSG_04_06a_BO() runs on ItsMtc system ItsSecSystem { // Local variables var ItsGeoNetworking v_nodeB; var ItsGeoNetworking v_nodeD; // Test control if (not(PICS_GN_SECURITY) or not(PICS_GN_GBC_SRC)) { log("*** " & testcasename() & ": 'PICS_GN_SECURITY and PICS_GN_GBC_SRC' required for executing the TC ***"); setverdict(inconc); stop; } // Test component configuration f_cf02Up(); // Preamble // Start components v_nodeB := f_getComponent(c_compNodeB); v_nodeD := f_getComponent(c_compNodeD); v_nodeB.start(f_TC_SEC_ITSS_RCV_GENMSG_04_06a_BO()); v_nodeD.start(f_TC_SEC_ITSS_RCV_GENMSG_xxx_BO_nodeD()); // Synchronization f_serverSync2ClientsAndStop({c_prDone, c_tbDone, c_poDone}); // Cleanup f_cf02Down(); } // End of testcase TC_SEC_ITSS_RCV_GENMSG_04_06a_BO group g_TC_SEC_ITSS_RCV_GENMSG_04_06a_BO { /** * @desc Behavior function for NodeB (TC_GEONW_PON_GBC_BV_01) */ function f_TC_SEC_ITSS_RCV_GENMSG_04_06a_BO() runs on ItsGeoNetworking { // Local variables var GeoNetworkingPdu v_securedGnPdu; var LongPosVector v_longPosVectorNodeB := f_getPosition(c_compNodeB); // Use NodeB // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_prepareSecuredBeacon( cc_taCert_A, { m_header_field_signer_info( m_signerInfo_digest( vc_atCertificate.signer_info.signerInfo.digest )), m_header_field_generation_time(1000 * f_getCurrentTime()), // In us m_header_field_generation_location( valueof(m_threeDLocation( v_longPosVectorNodeB.latitude, v_longPosVectorNodeB.longitude, '0000'O )) ) }, e_certificate_digest_with_sha256, false ); f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu)); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); // Postamble f_selfOrClientSyncAndVerdict(c_poDone, e_success); } // End of testcase f_TC_SEC_ITSS_RCV_GENMSG_04_06a_BO } // End of group g_TC_SEC_ITSS_RCV_GENMSG_04_06a_BO /** * @desc Check that IUT discards a secured GN Message if the message contains more than one header field of type 'generation_location' *
* Pics Selection: PICS_GN_SECURITY and PICS_GN_GBC_SRC * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_GENMSG_A) * containing header_fields[0].type * indicating 'signer_info' * and containing header_fields[1].type * indicating 'generation_time' * and containing header_fields[2].type * indicating 'generation_location' * and containing header_fields[3].type * indicating 'generation_location' * and containing header_fields[4] * containing type * indicating 'its_aid' * containing its_aid * indicating 'AID_BEACON' * and not containing other header fields * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_GENMSG_04_07_BO * @reference ETSI TS 103 097 [1], clause 7.3 */ testcase TC_SEC_ITSS_RCV_GENMSG_04_07_BO() runs on ItsMtc system ItsSecSystem { // Local variables var ItsGeoNetworking v_nodeB; var ItsGeoNetworking v_nodeD; // Test control if (not(PICS_GN_SECURITY) or not(PICS_GN_GBC_SRC)) { log("*** " & testcasename() & ": 'PICS_GN_SECURITY and PICS_GN_GBC_SRC' required for executing the TC ***"); setverdict(inconc); stop; } // Test component configuration f_cf02Up(); // Preamble // Start components v_nodeB := f_getComponent(c_compNodeB); v_nodeD := f_getComponent(c_compNodeD); v_nodeB.start(f_TC_SEC_ITSS_RCV_GENMSG_04_07_BO()); v_nodeD.start(f_TC_SEC_ITSS_RCV_GENMSG_xxx_BO_nodeD()); // Synchronization f_serverSync2ClientsAndStop({c_prDone, c_tbDone, c_poDone}); // Cleanup f_cf02Down(); } // End of testcase TC_SEC_ITSS_RCV_GENMSG_04_07_BO group g_TC_SEC_ITSS_RCV_GENMSG_04_07_BO { /** * @desc Behavior function for NodeB (TC_GEONW_PON_GBC_BV_01) */ function f_TC_SEC_ITSS_RCV_GENMSG_04_07_BO() runs on ItsGeoNetworking { // Local variables var GeoNetworkingPdu v_securedGnPdu; var LongPosVector v_longPosVectorNodeB := f_getPosition(c_compNodeB); // Use NodeB // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_prepareSecuredBeacon( cc_taCert_A, { m_header_field_signer_info( m_signerInfo_digest( vc_atCertificate.signer_info.signerInfo.digest )), m_header_field_generation_time(1000 * f_getCurrentTime()), // In us m_header_field_generation_location( valueof(m_threeDLocation( v_longPosVectorNodeB.latitude, v_longPosVectorNodeB.longitude, '0000'O )) ), m_header_field_generation_location( valueof(m_threeDLocation( v_longPosVectorNodeB.latitude, v_longPosVectorNodeB.longitude, '0100'O )) ), m_header_field_its_aid_Other }, e_certificate_digest_with_sha256, false ); f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu)); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); // Postamble f_selfOrClientSyncAndVerdict(c_poDone, e_success); } // End of testcase f_TC_SEC_ITSS_RCV_GENMSG_04_07_BO } // End of group g_TC_SEC_ITSS_RCV_GENMSG_04_07_BO /** * @desc Check that IUT discards a secured GN Message if the message contains more than one header field of type 'generation_location' *
* Pics Selection: PICS_GN_SECURITY and PICS_GN_GBC_SRC * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_GENMSG_A) * containing header_fields[0].type * indicating 'signer_info' * and containing header_fields[1].type * indicating 'generation_time' * and containing header_fields[2].type * and containing header_fields[4].type * indicating 'its_aid' * containing its_aid * indicating 'AID_BEACON' * and not containing other header fields * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_GENMSG_04_08_BO * @reference ETSI TS 103 097 [1], clause 7.3 */ testcase TC_SEC_ITSS_RCV_GENMSG_04_08_BO() runs on ItsMtc system ItsSecSystem { // Local variables var ItsGeoNetworking v_nodeB; var ItsGeoNetworking v_nodeD; // Test control if (not(PICS_GN_SECURITY) or not(PICS_GN_GBC_SRC)) { log("*** " & testcasename() & ": 'PICS_GN_SECURITY and PICS_GN_GBC_SRC' required for executing the TC ***"); setverdict(inconc); stop; } // Test component configuration f_cf02Up(); // Preamble // Start components v_nodeB := f_getComponent(c_compNodeB); v_nodeD := f_getComponent(c_compNodeD); v_nodeB.start(f_TC_SEC_ITSS_RCV_GENMSG_04_08_BO()); v_nodeD.start(f_TC_SEC_ITSS_RCV_GENMSG_xxx_BO_nodeD()); // Synchronization f_serverSync2ClientsAndStop({c_prDone, c_tbDone, c_poDone}); // Cleanup f_cf02Down(); } // End of testcase TC_SEC_ITSS_RCV_GENMSG_04_08_BO group g_TC_SEC_ITSS_RCV_GENMSG_04_08_BO { /** * @desc Behavior function for NodeB (TC_GEONW_PON_GBC_BV_01) */ function f_TC_SEC_ITSS_RCV_GENMSG_04_08_BO() runs on ItsGeoNetworking { // Local variables var GeoNetworkingPdu v_securedGnPdu; var LongPosVector v_longPosVectorNodeB := f_getPosition(c_compNodeB); // Use NodeB // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_prepareSecuredBeacon( cc_taCert_A, { m_header_field_signer_info( m_signerInfo_digest( vc_atCertificate.signer_info.signerInfo.digest )), m_header_field_generation_time(1000 * f_getCurrentTime()), // In us m_header_field_its_aid_Other }, e_certificate_digest_with_sha256, false ); f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu)); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); // Postamble f_selfOrClientSyncAndVerdict(c_poDone, e_success); } // End of testcase f_TC_SEC_ITSS_RCV_GENMSG_04_08_BO } // End of group g_TC_SEC_ITSS_RCV_GENMSG_04_08_BO /** * @desc Check that IUT is able to receive a Secured GN Beacon if the header fields are not in the ascending order according to the numbering of the enumeration *
* Pics Selection: PICS_GN_SECURITY and PICS_GN_GBC_SRC * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_GENMSG_A) * containing header_fields[0].type * indicating 'signer_info' * and containing header_fields[1].type * indicating 'its_aid' * and containing header_fields[2].type * indicating 'generation_time' * and containing header_fields[3].type * and not containing other header fields * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_GENMSG_04_09_BO * @reference ETSI TS 103 097 [1], clause 7.3 */ testcase TC_SEC_ITSS_RCV_GENMSG_04_09_BO() runs on ItsMtc system ItsSecSystem { // Local variables var ItsGeoNetworking v_nodeB; var ItsGeoNetworking v_nodeD; // Test control if (not(PICS_GN_SECURITY) or not(PICS_GN_GBC_SRC)) { log("*** " & testcasename() & ": 'PICS_GN_SECURITY and PICS_GN_GBC_SRC' required for executing the TC ***"); setverdict(inconc); stop; } // Test component configuration f_cf02Up(); // Preamble // Start components v_nodeB := f_getComponent(c_compNodeB); v_nodeD := f_getComponent(c_compNodeD); v_nodeB.start(f_TC_SEC_ITSS_RCV_GENMSG_04_09_BO()); v_nodeD.start(f_TC_SEC_ITSS_RCV_GENMSG_xxx_BO_nodeD()); // Synchronization f_serverSync2ClientsAndStop({c_prDone, c_tbDone, c_poDone}); // Cleanup f_cf02Down(); } // End of testcase TC_SEC_ITSS_RCV_GENMSG_04_09_BO group g_TC_SEC_ITSS_RCV_GENMSG_04_09_BO { /** * @desc Behavior function for NodeB (TC_GEONW_PON_GBC_BV_01) */ function f_TC_SEC_ITSS_RCV_GENMSG_04_09_BO() runs on ItsGeoNetworking { // Local variables var GeoNetworkingPdu v_securedGnPdu; var LongPosVector v_longPosVectorNodeB := f_getPosition(c_compNodeB); // Use NodeB // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_prepareSecuredBeacon( cc_taCert_A, { m_header_field_signer_info( m_signerInfo_digest( vc_atCertificate.signer_info.signerInfo.digest )), m_header_field_its_aid_Other, m_header_field_generation_time(1000 * f_getCurrentTime()), // In us m_header_field_generation_location( valueof(m_threeDLocation( v_longPosVectorNodeB.latitude, v_longPosVectorNodeB.longitude, '0000'O )) ) }, e_certificate_digest_with_sha256, false ); f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu)); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); // Postamble f_selfOrClientSyncAndVerdict(c_poDone, e_success); } // End of testcase f_TC_SEC_ITSS_RCV_GENMSG_04_09_BO } // End of group g_TC_SEC_ITSS_RCV_GENMSG_04_09_BO /** * @desc Check that IUT accepts a GN Secured Message containing optional header field of type 'expiry_time' *
* Pics Selection: PICS_GN_SECURITY and PICS_GN_GBC_SRC * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_GENMSG_A) * containing header_fields[0].type * indicating 'signer_info' * and containing header_fields[1].type * indicating 'its_aid' * and containing header_fields[2].type * indicating 'generation_time' * and containing header_fields[3].type * and not containing other header fields * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_GENMSG_04_11_BO * @reference ETSI TS 103 097 [1], clause 7.3 */ testcase TC_SEC_ITSS_RCV_GENMSG_04_11_BO() runs on ItsMtc system ItsSecSystem { // Local variables var ItsGeoNetworking v_nodeB; var ItsGeoNetworking v_nodeD; // Test control if (not(PICS_GN_SECURITY) or not(PICS_GN_GBC_SRC)) { log("*** " & testcasename() & ": 'PICS_GN_SECURITY and PICS_GN_GBC_SRC' required for executing the TC ***"); setverdict(inconc); stop; } // Test component configuration f_cf02Up(); // Preamble // Start components v_nodeB := f_getComponent(c_compNodeB); v_nodeD := f_getComponent(c_compNodeD); v_nodeB.start(f_TC_SEC_ITSS_RCV_GENMSG_04_11_BO()); v_nodeD.start(f_TC_SEC_ITSS_RCV_GENMSG_xxx_BO_nodeD()); // Synchronization f_serverSync2ClientsAndStop({c_prDone, c_tbDone, c_poDone}); // Cleanup f_cf02Down(); } // End of testcase TC_SEC_ITSS_RCV_GENMSG_04_11_BO group g_TC_SEC_ITSS_RCV_GENMSG_04_11_BO { /** * @desc Behavior function for NodeB (TC_GEONW_PON_GBC_BV_01) */ function f_TC_SEC_ITSS_RCV_GENMSG_04_11_BO() runs on ItsGeoNetworking { // Local variables var GeoNetworkingPdu v_securedGnPdu; var LongPosVector v_longPosVectorNodeB := f_getPosition(c_compNodeB); // Use NodeB // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_prepareSecuredBeacon( cc_taCert_A, { m_header_field_signer_info( m_signerInfo_digest( vc_atCertificate.signer_info.signerInfo.digest )), m_header_field_generation_time(1000 * f_getCurrentTime()), // In us m_header_field_expiry_time( 1000 * (3600 + f_getCurrentTime()) // In us ), m_header_field_generation_location( valueof(m_threeDLocation( v_longPosVectorNodeB.latitude, v_longPosVectorNodeB.longitude, '0000'O )) ), m_header_field_its_aid_Other }, e_certificate_digest_with_sha256, false ); f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu)); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); // Postamble f_selfOrClientSyncAndVerdict(c_poDone, e_success); } // End of testcase f_TC_SEC_ITSS_RCV_GENMSG_04_11_BO } // End of group g_TC_SEC_ITSS_RCV_GENMSG_04_11_BO /** * @desc Check that IUT accepts the Secured GN Message containing additional non-standard HeaderField *
* Pics Selection: PICS_GN_SECURITY and PICS_GN_GBC_SRC * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_GENMSG_A) * containing header_fields[0].type * indicating 'signer_info' * and containing header_fields[1].type * indicating 'generation_time' * and containing header_fields[2].type * and containing header_fields[3].type * indicating 'its_aid' * and containing header_fields[4] * containing type * indicating non-standard header field type (1000) * and containing other_header * indicating non-empty data * and not containing other header fields * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_GENMSG_04_12_BO * @reference ETSI TS 103 097 [1], clause 7.3 */ testcase TC_SEC_ITSS_RCV_GENMSG_04_12_BO() runs on ItsMtc system ItsSecSystem { // Local variables var ItsGeoNetworking v_nodeB; var ItsGeoNetworking v_nodeD; // Test control if (not(PICS_GN_SECURITY) or not(PICS_GN_GBC_SRC)) { log("*** " & testcasename() & ": 'PICS_GN_SECURITY and PICS_GN_GBC_SRC' required for executing the TC ***"); setverdict(inconc); stop; } // Test component configuration f_cf02Up(); // Preamble // Start components v_nodeB := f_getComponent(c_compNodeB); v_nodeD := f_getComponent(c_compNodeD); v_nodeB.start(f_TC_SEC_ITSS_RCV_GENMSG_04_12_BO()); v_nodeD.start(f_TC_SEC_ITSS_RCV_GENMSG_xxx_BO_nodeD()); // Synchronization f_serverSync2ClientsAndStop({c_prDone, c_tbDone, c_poDone}); // Cleanup f_cf02Down(); } // End of testcase TC_SEC_ITSS_RCV_GENMSG_04_12_BO group g_TC_SEC_ITSS_RCV_GENMSG_04_12_BO { /** * @desc Behavior function for NodeB (TC_GEONW_PON_GBC_BV_01) */ function f_TC_SEC_ITSS_RCV_GENMSG_04_12_BO() runs on ItsGeoNetworking { // Local variables var GeoNetworkingPdu v_securedGnPdu; var LongPosVector v_longPosVectorNodeB := f_getPosition(c_compNodeB); // Use NodeB // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_prepareSecuredBeacon( cc_taCert_A, { m_header_field_signer_info( m_signerInfo_digest( vc_atCertificate.signer_info.signerInfo.digest )), m_header_field_generation_time(1000 * f_getCurrentTime()), // In us m_header_field_expiry_time( 1000 * (3600 + f_getCurrentTime()) // In us ), m_header_field_generation_location( valueof(m_threeDLocation( v_longPosVectorNodeB.latitude, v_longPosVectorNodeB.longitude, '0000'O )) ), m_header_field_its_aid_Other, m_header_field_unspecify }, e_certificate_digest_with_sha256, false ); f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu)); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); // Postamble f_selfOrClientSyncAndVerdict(c_poDone, e_success); } // End of testcase f_TC_SEC_ITSS_RCV_GENMSG_04_12_BO } // End of group g_TC_SEC_ITSS_RCV_GENMSG_04_12_BO /** * @desc Check that IUT accepts the Secured GN Message containing additional non-standard HeaderField *
* Pics Selection: PICS_GN_SECURITY and PICS_GN_GBC_SRC * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_GENMSG_A) * containing header_fields[0].type * indicating 'signer_info' * and containing header_fields[1].type * indicating 'generation_time' * and containing header_fields[2].type * and containing header_fields[3].type * indicating 'its_aid' * and containing header_fields[4] * containing type * indicating 'encryption_parameters' * and containing enc_params * containing symm_algorithm * indicating 'aes_128_ccm' * and containing nonce * and containing header_fields[4] * containing type * indicating 'recipient_info' * and containing recipients * containing recipients[0] * containing cert_id * referencing to CERT_IUT_A_AT * and containing pk_encryption * indicating 'ecies_nistp256' * and containing enc_key * and not containing other header fields * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_GENMSG_04_13_BO * @reference ETSI TS 103 097 [1], clause 7.3 */ testcase TC_SEC_ITSS_RCV_GENMSG_04_13_BO() runs on ItsMtc system ItsSecSystem { // Local variables var ItsGeoNetworking v_nodeB; var ItsGeoNetworking v_nodeD; // Test control if (not(PICS_GN_SECURITY) or not(PICS_GN_GBC_SRC)) { log("*** " & testcasename() & ": 'PICS_GN_SECURITY and PICS_GN_GBC_SRC' required for executing the TC ***"); setverdict(inconc); stop; } // Test component configuration f_cf02Up(); // Preamble // Start components v_nodeB := f_getComponent(c_compNodeB); v_nodeD := f_getComponent(c_compNodeD); v_nodeB.start(f_TC_SEC_ITSS_RCV_GENMSG_04_13_BO()); v_nodeD.start(f_TC_SEC_ITSS_RCV_GENMSG_xxx_BO_nodeD()); // Synchronization f_serverSync2ClientsAndStop({c_prDone, c_tbDone, c_poDone}); // Cleanup f_cf02Down(); } // End of testcase TC_SEC_ITSS_RCV_GENMSG_04_13_BO group g_TC_SEC_ITSS_RCV_GENMSG_04_13_BO { /** * @desc Behavior function for NodeB (TC_GEONW_PON_GBC_BV_01) */ function f_TC_SEC_ITSS_RCV_GENMSG_04_13_BO() runs on ItsGeoNetworking { // Local variables var GeoNetworkingPdu v_securedGnPdu; var Certificate v_iutATCertificate; var SubjectAttribute v_encryption_key; var LongPosVector v_longPosVectorNodeB := f_getPosition(c_compNodeB); // Use NodeB // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body if ( (f_readCertificate(cc_iutCert_A, v_iutATCertificate) == false) or (f_getCertificateSubjectAttribute(v_iutATCertificate, e_encryption_key, v_encryption_key) == false) ) { f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout); // Set verdict to inconc } else { v_securedGnPdu := f_prepareSecuredBeacon( cc_taCert_A, { m_header_field_signer_info( m_signerInfo_digest( vc_atCertificate.signer_info.signerInfo.digest )), m_header_field_generation_time(1000 * f_getCurrentTime()), // In us m_header_field_expiry_time( 1000 * (3600 + f_getCurrentTime()) // In us ), m_header_field_generation_location( valueof(m_threeDLocation( v_longPosVectorNodeB.latitude, v_longPosVectorNodeB.longitude, '0000'O )) ), m_header_field_its_aid_Other, m_header_field_enc_params( // containing header_fields[3].type.enc_params m_encryptionParameters_aes_128_ccm( // indicating 'aes_128_ccm' PX_ENCRYPTIONPARAMETERS_AES_128_CCM_NONCE // and containing nonce ) ), m_header_field_multiple_recipients( // containing header_fields[4].type { // indicating 'encryption_parameters' m_recipientInfo_ecies_enc_key( v_iutATCertificate.signer_info.signerInfo.digest, e_ecies_nistp256, // containing symm_algorithm // indicating 'aes_128_ccm' m_eciesEncryptedKey_aesccm( v_encryption_key.attribute.rv, '00000000000000000000000000000000'O, // FIXME Where to find these values '00000000000000000000000000000000'O ) ) } ) }, e_certificate_digest_with_sha256, false ); f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu)); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } // Postamble f_selfOrClientSyncAndVerdict(c_poDone, e_success); } // End of testcase f_TC_SEC_ITSS_RCV_GENMSG_04_13_BO } // End of group g_TC_SEC_ITSS_RCV_GENMSG_04_13_BO /** * @desc Check that IUT discards a secured GN Beacon if the header_fields contains a signer of type 'self' *
* Pics Selection: PICS_GN_SECURITY and PICS_GN_GBC_SRC * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_GENMSG_A) * containing header_fields['signer_info'] * containing signer.type * indicating 'self'' * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_GENMSG_05_01_BO * @reference ETSI TS 103 097 [1], clause 7.3 */ testcase TC_SEC_ITSS_RCV_GENMSG_05_01_BO() runs on ItsMtc system ItsSecSystem { // Local variables var ItsGeoNetworking v_nodeB; var ItsGeoNetworking v_nodeD; // Test control if (not(PICS_GN_SECURITY) or not(PICS_GN_GBC_SRC)) { log("*** " & testcasename() & ": 'PICS_GN_SECURITY and PICS_GN_GBC_SRC' required for executing the TC ***"); setverdict(inconc); stop; } // Test component configuration f_cf02Up(); // Preamble // Start components v_nodeB := f_getComponent(c_compNodeB); v_nodeD := f_getComponent(c_compNodeD); v_nodeB.start(f_TC_SEC_ITSS_RCV_GENMSG_05_01_BO()); v_nodeD.start(f_TC_SEC_ITSS_RCV_GENMSG_xxx_BO_nodeD()); // Synchronization f_serverSync2ClientsAndStop({c_prDone, c_tbDone, c_poDone}); // Cleanup f_cf02Down(); } // End of testcase TC_SEC_ITSS_RCV_GENMSG_05_01_BO group g_TC_SEC_ITSS_RCV_GENMSG_05_01_BO { /** * @desc Behavior function for NodeB (TC_GEONW_PON_GBC_BV_01) */ function f_TC_SEC_ITSS_RCV_GENMSG_05_01_BO() runs on ItsGeoNetworking { // Local variables var GeoNetworkingPdu v_securedGnPdu; var LongPosVector v_longPosVectorNodeB := f_getPosition(c_compNodeB); // Use NodeB // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_prepareSecuredBeacon( cc_taCert_A, { m_header_field_signer_info( m_signerInfo_self ), m_header_field_generation_time(1000 * f_getCurrentTime()), // In us m_header_field_generation_location( valueof(m_threeDLocation( v_longPosVectorNodeB.latitude, v_longPosVectorNodeB.longitude, '0000'O )) ), m_header_field_its_aid_Other }, e_self, false ); f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu)); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); // Postamble f_selfOrClientSyncAndVerdict(c_poDone, e_success); } // End of testcase f_TC_SEC_ITSS_RCV_GENMSG_05_01_BO } // End of group g_TC_SEC_ITSS_RCV_GENMSG_05_01_BO /** * @desc Check that IUT discards a secured GN Beacon if the header_fields contains a signer of type 'certificate_digest_with_other_algorithm' *
* Pics Selection: PICS_GN_SECURITY and PICS_GN_GBC_SRC * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_GENMSG_A) * containing header_fields['signer_info'] * containing signer.type * indicating 'certificate_digest_with_other_algorithm' * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_GENMSG_05_02_BO * @reference ETSI TS 103 097 [1], clause 7.3 */ testcase TC_SEC_ITSS_RCV_GENMSG_05_02_BO() runs on ItsMtc system ItsSecSystem { // Local variables var ItsGeoNetworking v_nodeB; var ItsGeoNetworking v_nodeD; // Test control if (not(PICS_GN_SECURITY) or not(PICS_GN_GBC_SRC)) { log("*** " & testcasename() & ": 'PICS_GN_SECURITY and PICS_GN_GBC_SRC' required for executing the TC ***"); setverdict(inconc); stop; } // Test component configuration f_cf02Up(); // Preamble // Start components v_nodeB := f_getComponent(c_compNodeB); v_nodeD := f_getComponent(c_compNodeD); v_nodeB.start(f_TC_SEC_ITSS_RCV_GENMSG_05_02_BO()); v_nodeD.start(f_TC_SEC_ITSS_RCV_GENMSG_xxx_BO_nodeD()); // Synchronization f_serverSync2ClientsAndStop({c_prDone, c_tbDone, c_poDone}); // Cleanup f_cf02Down(); } // End of testcase TC_SEC_ITSS_RCV_GENMSG_05_02_BO group g_TC_SEC_ITSS_RCV_GENMSG_05_02_BO { /** * @desc Behavior function for NodeB (TC_GEONW_PON_GBC_BV_01) */ function f_TC_SEC_ITSS_RCV_GENMSG_05_02_BO() runs on ItsGeoNetworking { // Local variables var GeoNetworkingPdu v_securedGnPdu; var LongPosVector v_longPosVectorNodeB := f_getPosition(c_compNodeB); // Use NodeB // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_prepareSecuredBeacon( cc_taCert_A, { m_header_field_signer_info( m_signerInfo_other_certificates( m_certificateWithAlgo_ecdsa( PX_OTHER_CERT_DIGEST ))), m_header_field_generation_time(1000 * f_getCurrentTime()), // In us m_header_field_generation_location( valueof(m_threeDLocation( v_longPosVectorNodeB.latitude, v_longPosVectorNodeB.longitude, '0000'O )) ), m_header_field_its_aid_Other }, e_certificate_digest_with_other_algorithm, false ); f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu)); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); // Postamble f_selfOrClientSyncAndVerdict(c_poDone, e_success); } // End of testcase f_TC_SEC_ITSS_RCV_GENMSG_05_02_BO } // End of group g_TC_SEC_ITSS_RCV_GENMSG_05_02_BO /** * @desc Check that IUT discards a secured GN Beacon if the header_fields contains a signer of type 'certificate_chain' *
* Pics Selection: PICS_GN_SECURITY and PICS_GN_GBC_SRC * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_GENMSG_A) * containing header_fields['signer_info'] * containing signer.type * indicating 'certificate_chain' * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_GENMSG_05_03_BO * @reference ETSI TS 103 097 [1], clause 7.3 */ testcase TC_SEC_ITSS_RCV_GENMSG_05_03_BO() runs on ItsMtc system ItsSecSystem { // Local variables var ItsGeoNetworking v_nodeB; var ItsGeoNetworking v_nodeD; // Test control if (not(PICS_GN_SECURITY) or not(PICS_GN_GBC_SRC)) { log("*** " & testcasename() & ": 'PICS_GN_SECURITY and PICS_GN_GBC_SRC' required for executing the TC ***"); setverdict(inconc); stop; } // Test component configuration f_cf02Up(); // Preamble // Start components v_nodeB := f_getComponent(c_compNodeB); v_nodeD := f_getComponent(c_compNodeD); v_nodeB.start(f_TC_SEC_ITSS_RCV_GENMSG_05_03_BO()); v_nodeD.start(f_TC_SEC_ITSS_RCV_GENMSG_xxx_BO_nodeD()); // Synchronization f_serverSync2ClientsAndStop({c_prDone, c_tbDone, c_poDone}); // Cleanup f_cf02Down(); } // End of testcase TC_SEC_ITSS_RCV_GENMSG_05_03_BO group g_TC_SEC_ITSS_RCV_GENMSG_05_03_BO { /** * @desc Behavior function for NodeB (TC_GEONW_PON_GBC_BV_01) */ function f_TC_SEC_ITSS_RCV_GENMSG_05_03_BO() runs on ItsGeoNetworking { // Local variables var GeoNetworkingPdu v_securedGnPdu; var LongPosVector v_longPosVectorNodeB := f_getPosition(c_compNodeB); // Use NodeB // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_prepareSecuredBeacon( cc_taCert_A, { m_header_field_signer_info( m_signerInfo_certificates( { vc_atCertificate } )), m_header_field_generation_time(1000 * f_getCurrentTime()), // In us m_header_field_generation_location( valueof(m_threeDLocation( v_longPosVectorNodeB.latitude, v_longPosVectorNodeB.longitude, '0000'O )) ), m_header_field_its_aid_Other }, e_certificate_chain, false ); f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu)); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); // Postamble f_selfOrClientSyncAndVerdict(c_poDone, e_success); } // End of testcase f_TC_SEC_ITSS_RCV_GENMSG_05_03_BO } // End of group g_TC_SEC_ITSS_RCV_GENMSG_05_03_BO /** * @desc Check that IUT discards a Secured Messageif the header_fields contains a signer info of unknown or reserved type * @remark Values to be used as X_UNKNOWN_SIGNERINFO_TYPE are 5, 239, 240 and 255 *
* Pics Selection: PICS_GN_SECURITY and PICS_GN_GBC_SRC * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_GENMSG_A) * containing header_fields['signer_info'] * containing signer.type * indicating X_UNKNOWN_SIGNERINFO_TYPE * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_GENMSG_05_04_BO * @reference ETSI TS 103 097 [1], clause 7.3 */ testcase TC_SEC_ITSS_RCV_GENMSG_05_04_BO() runs on ItsMtc system ItsSecSystem { // Local variables var ItsGeoNetworking v_nodeB; var ItsGeoNetworking v_nodeD; // Test control if (not(PICS_GN_SECURITY) or not(PICS_GN_GBC_SRC)) { log("*** " & testcasename() & ": 'PICS_GN_SECURITY and PICS_GN_GBC_SRC' required for executing the TC ***"); setverdict(inconc); stop; } // Test component configuration f_cf02Up(); // Preamble // Start components v_nodeB := f_getComponent(c_compNodeB); v_nodeD := f_getComponent(c_compNodeD); v_nodeB.start(f_TC_SEC_ITSS_RCV_GENMSG_05_04_BO()); v_nodeD.start(f_TC_SEC_ITSS_RCV_GENMSG_xxx_BO_nodeD()); // Synchronization f_serverSync2ClientsAndStop({c_prDone, c_tbDone, c_poDone}); // Cleanup f_cf02Down(); } // End of testcase TC_SEC_ITSS_RCV_GENMSG_05_04_BO group g_TC_SEC_ITSS_RCV_GENMSG_05_04_BO { /** * @desc Behavior function for NodeB (TC_GEONW_PON_GBC_BV_01) */ function f_TC_SEC_ITSS_RCV_GENMSG_05_04_BO() runs on ItsGeoNetworking { // Local variables var GeoNetworkingPdu v_securedGnPdu; var LongPosVector v_longPosVectorNodeB := f_getPosition(c_compNodeB); // Use NodeB // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_prepareSecuredBeacon( cc_taCert_A, { m_header_field_signer_info( m_signerInfo_unknown( 'CAFFEEDECA'O )), m_header_field_generation_time(1000 * f_getCurrentTime()), // In us m_header_field_generation_location( valueof(m_threeDLocation( v_longPosVectorNodeB.latitude, v_longPosVectorNodeB.longitude, '0000'O )) ), m_header_field_its_aid_Other }, e_unknown, false ); f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu)); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); // Postamble f_selfOrClientSyncAndVerdict(c_poDone, e_success); } // End of testcase f_TC_SEC_ITSS_RCV_GENMSG_05_04_BO } // End of group g_TC_SEC_ITSS_RCV_GENMSG_05_04_BO /** * @desc Check that IUT discards a secured GN Message containing generation_time before the message signing certificate validity period *
* Pics Selection: PICS_GN_SECURITY and PICS_GN_GBC_SRC * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_GENMSG_A) * containing header_fields['signer_info'].type * indicating 'signer_info' * containing certificate (CERT_TS_MSG_06_01_BO_AT) * containing validity_restrictions['time_start_and_end'] * containing start_validity * indicating START_VALIDITY_AT * and containing end_validity * indicating END_VALIDITY_AT * and containing header_fields ['generation_time'] * containing generation_time * indicating GEN_TIME < TIME_CERT_TS_AT_START * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_GENMSG_06_01_BO * @reference ETSI TS 103 097 [1], clauses 5.4 and 7.3 */ testcase TC_SEC_ITSS_RCV_GENMSG_06_01_BO() runs on ItsMtc system ItsSecSystem { // Local variables var ItsGeoNetworking v_nodeB; var ItsGeoNetworking v_nodeD; // Test control if (not(PICS_GN_SECURITY) or not(PICS_GN_GBC_SRC)) { log("*** " & testcasename() & ": 'PICS_GN_SECURITY and PICS_GN_GBC_SRC' required for executing the TC ***"); setverdict(inconc); stop; } // Test component configuration f_cf02Up(); // Preamble // Start components v_nodeB := f_getComponent(c_compNodeB); v_nodeD := f_getComponent(c_compNodeD); v_nodeB.start(f_TC_SEC_ITSS_RCV_GENMSG_06_01_BO()); v_nodeD.start(f_TC_SEC_ITSS_RCV_GENMSG_xxx_BO_nodeD()); // Synchronization f_serverSync2ClientsAndStop({c_prDone, c_tbDone, c_poDone}); // Cleanup f_cf02Down(); } // End of testcase TC_SEC_ITSS_RCV_GENMSG_06_01_BO group g_TC_SEC_ITSS_RCV_GENMSG_06_01_BO { /** * @desc Behavior function for NodeB (TC_GEONW_PON_GBC_BV_01) */ function f_TC_SEC_ITSS_RCV_GENMSG_06_01_BO() runs on ItsGeoNetworking { // Local variables var GeoNetworkingPdu v_securedGnPdu; var LongPosVector v_longPosVectorNodeB := f_getPosition(c_compNodeB); // Use NodeB var ValidityRestriction v_validity; // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body f_getCertificateValidityRestriction(vc_atCertificate, e_time_start_and_end, v_validity); v_securedGnPdu := f_prepareSecuredBeacon( cc_taCert0601_BO, { m_header_field_signer_info( m_signerInfo_digest( vc_atCertificate.signer_info.signerInfo.digest )), m_header_field_generation_time( (v_validity.validity.time_start_and_end.start_validity - 3600) * 1000 ), // In us m_header_field_generation_location( valueof(m_threeDLocation( v_longPosVectorNodeB.latitude, v_longPosVectorNodeB.longitude, '0000'O )) ), m_header_field_its_aid_Other }, e_certificate_digest_with_sha256, false ); f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu)); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); // Postamble f_selfOrClientSyncAndVerdict(c_poDone, e_success); } // End of testcase f_TC_SEC_ITSS_RCV_GENMSG_06_01_BO } // End of group g_TC_SEC_ITSS_RCV_GENMSG_06_01_BO /** * @desc Check that IUT discards the secured GN Message containing generation_time after the message signing certificate validity period *
* Pics Selection: PICS_GN_SECURITY and PICS_GN_GBC_SRC * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_GENMSG_A) * containing header_fields['signer_info'].type * indicating 'signer_info' * containing certificate (CERT_TS_MSG_06_02_BO_AT) * containing validity_restrictions['time_start_and_end'] * containing start_validity * indicating START_VALIDITY_AT * and containing end_validity * indicating END_VALIDITY_AT * and containing header_fields ['generation_time'] * containing generation_time * indicating GEN_TIME > TIME_CERT_TS_E_ATND * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_GENMSG_06_02_BO * @reference ETSI TS 103 097 [1], clauses 5.4 & 7.3 */ testcase TC_SEC_ITSS_RCV_GENMSG_06_02_BO() runs on ItsMtc system ItsSecSystem { // Local variables var ItsGeoNetworking v_nodeB; var ItsGeoNetworking v_nodeD; // Test control if (not(PICS_GN_SECURITY) or not(PICS_GN_GBC_SRC)) { log("*** " & testcasename() & ": 'PICS_GN_SECURITY and PICS_GN_GBC_SRC' required for executing the TC ***"); setverdict(inconc); stop; } // Test component configuration f_cf02Up(); // Preamble // Start components v_nodeB := f_getComponent(c_compNodeB); v_nodeD := f_getComponent(c_compNodeD); v_nodeB.start(f_TC_SEC_ITSS_RCV_GENMSG_06_02_BO()); v_nodeD.start(f_TC_SEC_ITSS_RCV_GENMSG_xxx_BO_nodeD()); // Synchronization f_serverSync2ClientsAndStop({c_prDone, c_tbDone, c_poDone}); // Cleanup f_cf02Down(); } // End of testcase TC_SEC_ITSS_RCV_GENMSG_06_02_BO group g_TC_SEC_ITSS_RCV_GENMSG_06_02_BO { /** * @desc Behavior function for NodeB (TC_GEONW_PON_GBC_BV_01) */ function f_TC_SEC_ITSS_RCV_GENMSG_06_02_BO() runs on ItsGeoNetworking { // Local variables var GeoNetworkingPdu v_securedGnPdu; var LongPosVector v_longPosVectorNodeB := f_getPosition(c_compNodeB); // Use NodeB var ValidityRestriction v_validity; // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body f_getCertificateValidityRestriction(vc_atCertificate, e_time_start_and_end, v_validity); v_securedGnPdu := f_prepareSecuredBeacon( cc_taCert0602_BO, { m_header_field_signer_info( m_signerInfo_digest( vc_atCertificate.signer_info.signerInfo.digest )), m_header_field_generation_time( (v_validity.validity.time_start_and_end.end_validity + 3600) * 1000 ), // In us m_header_field_generation_location( valueof(m_threeDLocation( v_longPosVectorNodeB.latitude, v_longPosVectorNodeB.longitude, '0000'O )) ), m_header_field_its_aid_Other }, e_certificate_digest_with_sha256, false ); f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu)); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); // Postamble f_selfOrClientSyncAndVerdict(c_poDone, e_success); } // End of testcase f_TC_SEC_ITSS_RCV_GENMSG_06_02_BO } // End of group g_TC_SEC_ITSS_RCV_GENMSG_06_02_BO /** * @desc Check that IUT discards Secured GN Message if the generation_time is more than 10 minute in the past (C2C only) *
* Pics Selection: PICS_GN_SECURITY and PICS_GN_GBC_SRC and PICS_ITS_C2C_MODE * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_GENMSG_A) * containing header_fields ['generation_time'] * containing generation_time * indicating TIME_1 (TIME_1 < CUR_TIME - 10min) * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_GENMSG_06_03_BO * @reference ETSI TS 103 097 [1], clause 7.3 */ testcase TC_SEC_ITSS_RCV_GENMSG_06_03_BO() runs on ItsMtc system ItsSecSystem { // Local variables var ItsGeoNetworking v_nodeB; var ItsGeoNetworking v_nodeD; // Test control if (not(PICS_GN_SECURITY) or not(PICS_GN_GBC_SRC) or not(PICS_ITS_C2C_MODE)) { log("*** " & testcasename() & ": 'PICS_GN_SECURITY and PICS_GN_GBC_SRC and PICS_ITS_C2C_MODE' required for executing the TC ***"); setverdict(inconc); stop; } // Test component configuration f_cf02Up(); // Preamble // Start components v_nodeB := f_getComponent(c_compNodeB); v_nodeD := f_getComponent(c_compNodeD); v_nodeB.start(f_TC_SEC_ITSS_RCV_GENMSG_06_03_BO()); v_nodeD.start(f_TC_SEC_ITSS_RCV_GENMSG_xxx_BO_nodeD()); // Synchronization f_serverSync2ClientsAndStop({c_prDone, c_tbDone, c_poDone}); // Cleanup f_cf02Down(); } // End of testcase TC_SEC_ITSS_RCV_GENMSG_06_03_BO group g_TC_SEC_ITSS_RCV_GENMSG_06_03_BO { /** * @desc Behavior function for NodeB (TC_GEONW_PON_GBC_BV_01) */ function f_TC_SEC_ITSS_RCV_GENMSG_06_03_BO() runs on ItsGeoNetworking { // Local variables var GeoNetworkingPdu v_securedGnPdu; var LongPosVector v_longPosVectorNodeB := f_getPosition(c_compNodeB); // Use NodeB // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_prepareSecuredBeacon( cc_taCert_A, { m_header_field_generation_time( (1000 * f_getCurrentTime() - 600) * 1000 ) // In us }, e_certificate ); f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu)); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); // Postamble f_selfOrClientSyncAndVerdict(c_poDone, e_success); } // End of testcase f_TC_SEC_ITSS_RCV_GENMSG_06_03_BO } // End of group g_TC_SEC_ITSS_RCV_GENMSG_06_03_BO /** * @desc Check that IUT discards Secured GN Message if the generation_time is more than 10 minute in the future(C2C only) *
* Pics Selection: PICS_GN_SECURITY and PICS_GN_GBC_SRC and PICS_ITS_C2C_MODE * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_GENMSG_A) * containing header_fields ['generation_time'] * containing generation_time * indicating TIME_1 (TIME_1 > CUR_TIME + 10min) * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_GENMSG_06_04_BO * @reference ETSI TS 103 097 [1], clause 7.3 */ testcase TC_SEC_ITSS_RCV_GENMSG_06_04_BO() runs on ItsMtc system ItsSecSystem { // Local variables var ItsGeoNetworking v_nodeB; var ItsGeoNetworking v_nodeD; // Test control if (not(PICS_GN_SECURITY) or not(PICS_GN_GBC_SRC) or not(PICS_ITS_C2C_MODE)) { log("*** " & testcasename() & ": 'PICS_GN_SECURITY and PICS_GN_GBC_SRC and PICS_ITS_C2C_MODE' required for executing the TC ***"); setverdict(inconc); stop; } // Test component configuration f_cf02Up(); // Preamble // Start components v_nodeB := f_getComponent(c_compNodeB); v_nodeD := f_getComponent(c_compNodeD); v_nodeB.start(f_TC_SEC_ITSS_RCV_GENMSG_06_04_BO()); v_nodeD.start(f_TC_SEC_ITSS_RCV_GENMSG_xxx_BO_nodeD()); // Synchronization f_serverSync2ClientsAndStop({c_prDone, c_tbDone, c_poDone}); // Cleanup f_cf02Down(); } // End of testcase TC_SEC_ITSS_RCV_GENMSG_06_04_BO group g_TC_SEC_ITSS_RCV_GENMSG_06_04_BO { /** * @desc Behavior function for NodeB (TC_GEONW_PON_GBC_BV_01) */ function f_TC_SEC_ITSS_RCV_GENMSG_06_04_BO() runs on ItsGeoNetworking { // Local variables var GeoNetworkingPdu v_securedGnPdu; var LongPosVector v_longPosVectorNodeB := f_getPosition(c_compNodeB); // Use NodeB // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_prepareSecuredBeacon( cc_taCert_A, { m_header_field_generation_time( (1000 * f_getCurrentTime() + 600) * 1000 ) // In us }, e_certificate ); f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu)); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); // Postamble f_selfOrClientSyncAndVerdict(c_poDone, e_success); } // End of testcase f_TC_SEC_ITSS_RCV_GENMSG_06_04_BO } // End of group g_TC_SEC_ITSS_RCV_GENMSG_06_04_BO /** * @desc Check that IUT discards SecuredMessage when its_aid value is undefined *
* Pics Selection: PICS_GN_SECURITY and PICS_GN_GBC_SRC * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_GENMSG_A) * containing header_fields['its_aid'] * indicating indicating 'AID_UNDEFINED' * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_GENMSG_07_01_BO * @reference ETSI TS 103 097 [1], clause 7.3 */ testcase TC_SEC_ITSS_RCV_GENMSG_07_01_BO() runs on ItsMtc system ItsSecSystem { // Local variables var ItsGeoNetworking v_nodeB; var ItsGeoNetworking v_nodeD; // Test control if (not(PICS_GN_SECURITY) or not(PICS_GN_GBC_SRC)) { log("*** " & testcasename() & ": 'PICS_GN_SECURITY and PICS_GN_GBC_SRC' required for executing the TC ***"); setverdict(inconc); stop; } // Test component configuration f_cf02Up(); // Preamble // Start components v_nodeB := f_getComponent(c_compNodeB); v_nodeD := f_getComponent(c_compNodeD); v_nodeB.start(f_TC_SEC_ITSS_RCV_GENMSG_07_01_BO()); v_nodeD.start(f_TC_SEC_ITSS_RCV_GENMSG_xxx_BO_nodeD()); // Synchronization f_serverSync2ClientsAndStop({c_prDone, c_tbDone, c_poDone}); // Cleanup f_cf02Down(); } // End of testcase TC_SEC_ITSS_RCV_GENMSG_07_01_BO group g_TC_SEC_ITSS_RCV_GENMSG_07_01_BO { /** * @desc Behavior function for NodeB (TC_GEONW_PON_GBC_BV_01) */ function f_TC_SEC_ITSS_RCV_GENMSG_07_01_BO() runs on ItsGeoNetworking { // Local variables var GeoNetworkingPdu v_securedGnPdu; var LongPosVector v_longPosVectorNodeB := f_getPosition(c_compNodeB); // Use NodeB // Test component configuration f_cf01Up(); // Test adapter configuration // Preamble f_prNeighbour(); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body v_securedGnPdu := f_prepareSecuredBeacon( cc_taCert_A, { m_header_field_its_aid_Other }, e_certificate_digest_with_sha256 ); f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu)); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); // Postamble f_selfOrClientSyncAndVerdict(c_poDone, e_success); } // End of testcase f_TC_SEC_ITSS_RCV_GENMSG_07_01_BO } // End of group g_TC_SEC_ITSS_RCV_GENMSG_07_01_BO /** * @desc Check that IUT discards Secured GN Message if the HeaderField generation_location is outside of the circular validity region of the signing certificate *
* Pics Selection: PICS_GN_SECURITY and PICS_GN_GBC_SRCand PICS_USE_CIRCULAR_REGION * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_B_AT * and the IUT current location is inside the validity region of CERT_TS_B_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage ((MSG_SEC_RCV_GENMSG_B)) * containing header_fields[0].type * indicating 'signer_info' * containing certificate (CERT_TS_B_AT) * containing validity_restrictions ['region'] * containing region * containing region_type * indicating 'circle' * and containing circular_region * indicating REGION * and containing header_fields ['generation_location'] * indicating location outside of the REGION * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_GENMSG_08_01_BO * @reference ETSI TS 103 097 [1], clause 7.3 */ testcase TC_SEC_ITSS_RCV_GENMSG_08_01_BO() runs on ItsMtc system ItsSecSystem { // Local variables var ItsGeoNetworking v_nodeB; var ItsGeoNetworking v_nodeD; // Test control if (not(PICS_GN_SECURITY) or not(PICS_GN_GBC_SRC) or not(PICS_USE_CIRCULAR_REGION)) { log("*** " & testcasename() & ": 'PICS_GN_SECURITY and PICS_GN_GBC_SRC and PICS_USE_CIRCULAR_REGION' required for executing the TC ***"); setverdict(inconc); stop; } // Test component configuration f_cf02Up(); // Preamble // Start components v_nodeB := f_getComponent(c_compNodeB); v_nodeD := f_getComponent(c_compNodeD); v_nodeB.start(f_TC_SEC_ITSS_RCV_GENMSG_08_xx_BO(cc_taCert_B)); v_nodeD.start(f_TC_SEC_ITSS_RCV_GENMSG_xxx_BO_nodeD()); // Synchronization f_serverSync2ClientsAndStop({c_prDone, c_tbDone, c_poDone}); // Cleanup f_cf02Down(); } // End of testcase TC_SEC_ITSS_RCV_GENMSG_08_01_BO /** * @desc Check that IUT discards Secured GN Message if the HeaderField generation_location is outside of the rectangular validity region of the signing certificate *
* Pics Selection: PICS_GN_SECURITY and PICS_GN_GBC_SRC and PICS_USE_RECTANGULAR_REGION * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_C_AT * and the IUT current location is inside the validity region of CERT_TS_C_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage ((MSG_SEC_RCV_GENMSG_C)) * containing header_fields[0].type * indicating 'signer_info' * containing certificate (CERT_TS_C_AT) * containing validity_restrictions ['region'] * containing region * containing region_type * indicating 'rectangle' * and containing rectanglar_region * indicating REGION * and containing header_fields ['generation_location'] * indicating location outside of the REGION * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_GENMSG_08_02_BO * @reference ETSI TS 103 097 [1], clause 7.3 */ testcase TC_SEC_ITSS_RCV_GENMSG_08_02_BO() runs on ItsMtc system ItsSecSystem { // Local variables var ItsGeoNetworking v_nodeB; var ItsGeoNetworking v_nodeD; // Test control if (not(PICS_GN_SECURITY) or not(PICS_GN_GBC_SRC) or not(PICS_USE_RECTANGULAR_REGION)) { log("*** " & testcasename() & ": 'PICS_GN_SECURITY and PICS_GN_GBC_SRC and PICS_USE_RECTANGULAR_REGION' required for executing the TC ***"); setverdict(inconc); stop; } // Test component configuration f_cf02Up(); // Preamble // Start components v_nodeB := f_getComponent(c_compNodeB); v_nodeD := f_getComponent(c_compNodeD); v_nodeB.start(f_TC_SEC_ITSS_RCV_GENMSG_08_xx_BO(cc_taCert_C)); v_nodeD.start(f_TC_SEC_ITSS_RCV_GENMSG_xxx_BO_nodeD()); // Synchronization f_serverSync2ClientsAndStop({c_prDone, c_tbDone, c_poDone}); // Cleanup f_cf02Down(); } // End of testcase TC_SEC_ITSS_RCV_GENMSG_08_02_BO /** * @desc Check that IUT discards Secured GN Message if the HeaderField generation_location is outside of the rectangular validity region of the signing certificate *
* Pics Selection: PICS_GN_SECURITY and PICS_GN_GBC_SRC and PICS_USE_POLYGONAL_REGION * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_D_AT * and the IUT current location is inside the validity region of CERT_TS_D_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage ((MSG_SEC_RCV_GENMSG_D)) * containing header_fields[0].type * indicating 'signer_info' * containing certificate (CERT_TS_D_AT) * containing validity_restrictions ['region'] * containing region * containing region_type * indicating 'polygon' * and containing polygonal_region * indicating REGION * and containing header_fields ['generation_location'] * indicating location outside of the REGION * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_GENMSG_08_03_BO * @reference ETSI TS 103 097 [1], clause 7.3 */ testcase TC_SEC_ITSS_RCV_GENMSG_08_03_BO() runs on ItsMtc system ItsSecSystem { // Local variables var ItsGeoNetworking v_nodeB; var ItsGeoNetworking v_nodeD; // Test control if (not(PICS_GN_SECURITY) or not(PICS_GN_GBC_SRC) or not(PICS_USE_POLYGONAL_REGION)) { log("*** " & testcasename() & ": 'PICS_GN_SECURITY and PICS_GN_GBC_SRC and PICS_USE_POLYGONAL_REGION' required for executing the TC ***"); setverdict(inconc); stop; } // Test component configuration f_cf02Up(); // Preamble // Start components v_nodeB := f_getComponent(c_compNodeB); v_nodeD := f_getComponent(c_compNodeD); v_nodeB.start(f_TC_SEC_ITSS_RCV_GENMSG_08_xx_BO(cc_taCert_D)); v_nodeD.start(f_TC_SEC_ITSS_RCV_GENMSG_xxx_BO_nodeD()); // Synchronization f_serverSync2ClientsAndStop({c_prDone, c_tbDone, c_poDone}); // Cleanup f_cf02Down(); } // End of testcase TC_SEC_ITSS_RCV_GENMSG_08_03_BO /** * @desc Check that IUT discards Secured GN Message if the optional HeaderField generation_location is outside of the identified validity region of the signing certificate *
* Pics Selection: PICS_GN_SECURITY and PICS_GN_GBC_SRC and PICS_USE_IDENTIFIED_REGION * Config Id: CF01 * Initial conditions: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_E_AT * and the IUT current location is inside the validity region of CERT_TS_E_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage ((MSG_SEC_RCV_GENMSG_E)) * containing header_fields[0].type * indicating 'signer_info' * containing certificate (CERT_TS_E_AT) * containing validity_restrictions ['region'] * containing region * containing region_type * indicating 'id_region' * and containing identified_region * indicating REGION * and containing header_fields ['generation_location'] * indicating location outside of the REGION * } then { * the IUT discards the message * } * } ** * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_GENMSG_08_04_BO * @reference ETSI TS 103 097 [1], clause 7.3 */ testcase TC_SEC_ITSS_RCV_GENMSG_08_04_BO() runs on ItsMtc system ItsSecSystem { // Local variables var ItsGeoNetworking v_nodeB; var ItsGeoNetworking v_nodeD; // Test control if (not(PICS_GN_SECURITY) or not(PICS_GN_GBC_SRC) or not(PICS_ITS_C2C_MODE)) { log("*** " & testcasename() & ": 'PICS_GN_SECURITY and PICS_GN_GBC_SRC and PICS_ITS_C2C_MODE' required for executing the TC ***"); setverdict(inconc); stop; } // Test component configuration f_cf02Up(); // Preamble // Start components v_nodeB := f_getComponent(c_compNodeB); v_nodeD := f_getComponent(c_compNodeD); v_nodeB.start(f_TC_SEC_ITSS_RCV_GENMSG_08_xx_BO(cc_taCert_E)); v_nodeD.start(f_TC_SEC_ITSS_RCV_GENMSG_xxx_BO_nodeD()); // Synchronization f_serverSync2ClientsAndStop({c_prDone, c_tbDone, c_poDone}); // Cleanup f_cf02Down(); } // End of testcase TC_SEC_ITSS_RCV_GENMSG_08_04_BO /** * @desc Check that IUT accepts a Secured DENM if the distance between the current position of IUT and the value of optional HeaderField generation_location is 29.9 km (C2C only) *
* Pics Selection: PICS_GN_SECURITY and PICS_ITS_C2C_MODE * Config Id: CF01 * Expected behavior: * with { * the IUT being in the 'authorized' state * and the IUT current time is inside the time validity period of CERT_TS_A_AT * } * ensure that { * when { * the IUT is receiving a SecuredMessage (MSG_SEC_RCV_GENMSG_A) * containing header_fields[generation_location].type * indicating 'generation_location' * and containing generation_location * indicating position in 29.9 km from the current position of IUT * } then { * the IUT accepts the message * } * } ** @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_GENMSG_08_05_BV * @reference ETSI TS 103 097 [1], clause 7.2 */ testcase TC_SEC_ITSS_RCV_GENMSG_08_05_BV() runs on ItsMtc system ItsSecSystem { // Local variables var ItsGeoNetworking v_nodeB; var ItsGeoNetworking v_nodeD; // Test control if (not(PICS_GN_SECURITY) or not(PICS_GN_GBC_SRC) or not(PICS_USE_IDENTIFIED_REGION)) { log("*** " & testcasename() & ": 'PICS_GN_SECURITY and PICS_GN_GBC_SRC and PICS_USE_IDENTIFIED_REGION' required for executing the TC ***"); setverdict(inconc); stop; } // Test component configuration f_cf02Up(); // Preamble // Start