/** * @author ETSI / STF545 * @version $URL$ * $Id$ * @desc Testcases file for Security Protocol * @reference ETSI TS ITS-00546v006 * @copyright ETSI Copyright Notification * No part may be reproduced except as authorized by written permission. * The copyright and the foregoing restriction extend to reproduction in all media. * All rights reserved. */ module ItsPki_TestCases { // Libcommon import from LibCommon_Time all; import from LibCommon_VerdictControl all; import from LibCommon_Sync all; import from LibCommon_BasicTypesAndValues all; import from LibCommon_DataStrings all; // LibIts import from IEEE1609dot2BaseTypes language "ASN.1:1997" all; import from IEEE1609dot2 language "ASN.1:1997" all; import from EtsiTs102941BaseTypes language "ASN.1:1997" all; import from EtsiTs102941TypesEnrolment language "ASN.1:1997" all; import from EtsiTs102941MessagesItss language "ASN.1:1997" all; import from EtsiTs103097Module language "ASN.1:1997" all; import from ITS_Container language "ASN.1:1997" all; import from CAM_PDU_Descriptions language "ASN.1:1997" all; // LibItsCommon import from LibItsCommon_TypesAndValues all; import from LibItsCommon_Functions all; import from LibItsCommon_TypesAndValues all; import from LibItsCommon_ASN1_NamedNumbers all; // LibItsGeoNetworking import from LibItsGeoNetworking_TestSystem all; import from LibItsGeoNetworking_Functions all; import from LibItsGeoNetworking_Templates all; import from LibItsGeoNetworking_TypesAndValues all; import from LibItsGeoNetworking_Pics all; // LibItsSecurity import from LibItsSecurity_TypesAndValues all; import from LibItsSecurity_TestSystem all; import from LibItsSecurity_Templates all; import from LibItsSecurity_Functions all; import from LibItsSecurity_Pixits all; import from LibItsSecurity_Pics all; // LibItsHttp import from LibItsHttp_TypesAndValues all; import from LibItsHttp_Templates all; import from LibItsHttp_BinaryTemplates all; import from LibItsHttp_Functions all; import from LibItsHttp_TestSystem all; // LibItsPki import from LibItsPki_Templates all; import from LibItsPki_Functions all; import from LibItsPki_TestSystem all; import from LibItsPki_Pics all; // AtsPki import from ItsPki_Functions all; /** * @desc 5.2 ITS-S behaviour */ group itss_behavior { group itss_manufacturing { /** * @desc Check that IUT sends an enrolment request when triggered. *
* Pics Selection: * Initial conditions: * with { * the IUT being in the "initial state" * } * Expected behaviour: * ensure that { * when { * the IUT is triggered to requested a new Enrolment Certificate (EC) * } * then { * the IUT sends to EA an EnrolmentRequestMessage * } * } ** * @see ETSI TS ITS-00546v006 TP 2 * @reference ETSI TS 102 941 [2], clause 6.1.3 */ testcase TC_SEC_PKI_ITSS_ENR_BV_01() runs on ItsMtc /*system ItsPkiItssSystem*/ { // Local variables var ItsPkiItss v_itss; var ItsPki v_ea; // Test control if (not PICS_IUT_ITS_S_ROLE) { log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE required for executing the TC ***"); setverdict(inconc); stop; } // Test component configuration v_itss.start(f_TC_SEC_PKI_ITSS_ENR_BV_01_itss(cc_taCert_A)); v_ea.start(f_TC_SEC_PKI_ITSS_ENR_BV_01_pki(cc_taCert_A)); // Synchronization f_serverSync2ClientsAndStop({c_prDone, c_tbDone, c_poDone}); // Cleanup } // End of testcase TC_SEC_PKI_ITSS_ENR_BV_01 group f_TC_SEC_PKI_ITSS_ENR_BV_01 { function f_TC_SEC_PKI_ITSS_ENR_BV_01_itss(in charstring p_certificate_id) runs on ItsPkiItss /*system ItsPkiItssSystem*/ { // Local variables var GeoNetworkingInd v_response; var EtsiTs103097Certificate v_initial_certificate; // Test component configuration f_cfUp_itss(); // Test adapter configuration // Preamble // Wait for current certificate tc_ac.start; alt { [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mw_etsiTs103097Data_signed( mw_signedData( -, mw_toBeSignedData( mw_signedDataPayload, mw_headerInfo_cam ), mw_signerIdentifier_certificate( mw_etsiTs103097Certificate( -, mw_toBeSignedCertificate_at( { mw_appPermissions(c_its_aid_CAM) } ) ) ) ) ), mw_geoNwShbPacket ))) -> value v_response { tc_ac.stop; log("*** " & testcasename() & ": INFO: Receieve initial certificate"); // Extract the initial certificate // TODO v_initial_certificate := f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); } [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mw_etsiTs103097Data_signed ))) { log("*** " & testcasename() & ": DEBUG: Still waiting for certificate"); repeat; } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected CA message not received ***"); f_selfOrClientSyncAndVerdictTestBody(c_prDone, e_timeout); } } // End of 'alt' statement // Test Body tc_ac.start; alt { [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mw_etsiTs103097Data_signed( mw_signedData( -, mw_toBeSignedData( mw_signedDataPayload, mw_headerInfo_cam ), mw_signerIdentifier_certificate( v_initial_certificate ) ) ), mw_geoNwShbPacket ))) { log("*** " & testcasename() & ": INFO: IUT still using initial certificate ***"); repeat; } [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mw_etsiTs103097Data_signed( mw_signedData( -, mw_toBeSignedData( mw_signedDataPayload, mw_headerInfo_gn ), mw_signerIdentifier_certificate ) ) ))) { tc_ac.stop; log("*** " & testcasename() & ": PASS: IUT uses new certificate ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mw_etsiTs103097Data_signed ))) { log("*** " & testcasename() & ": INFO: Unexpected message received, continue ***"); repeat; } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected message not received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); } } // End of 'alt' statement // Postamble f_cfDown_itss(); } // End of testcase f_TC_SEC_PKI_ITSS_ENR_BV_01_itss function f_TC_SEC_PKI_ITSS_ENR_BV_01_pki(in charstring p_certificate_id) runs on ItsPki /*system ItsPkiItssSystem*/ { LibItsPki_Functions.f_cfUp(); // Preamble tc_ac.start; alt { [] pkiPort.receive( mw_innerEcRequest ) { log("*** " & testcasename() & ": INFO: InnerEcRequest received ***"); repeat; } [] pkiPort.receive( mw_innerEcResponse_ok ) { tc_ac.stop; log("*** " & testcasename() & ": INFO: InnerEcResponse received ***"); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected message not received ***"); f_selfOrClientSyncAndVerdictTestBody(c_prDone, e_timeout); } } // End of 'alt' statement // Test Body log("*** " & testcasename() & ": PASS: Message triggered ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); // Postamble LibItsPki_Functions.f_cfDown(); } // End of testcase f_TC_SEC_PKI_ITSS_ENR_BV_01_pki } // End of f_TC_SEC_PKI_ITSS_ENR_BV_01 /** * @desc If the enrolment request of the IUT is an initial enrolment request, the itsId * (contained in the InnerECRequest) shall be set to the canonical identifier, the * signer (contained in the outer EtsiTs1030971Data-Signed) shall be set to self and * the outer signature shall be computed using the canonical private key. *
* Pics Selection: * Expected behaviour: * ensure that { * when { * the IUT is requested to send an EnrolmentRequestMessage * } * then { * the IUT sends an EtsiTs103097Data-Encrypted * containing an encrypted EtsiTs103097Data-Signed * containing EtsiTs103097Data * containing InnerECRequestSignedForPOP * containing InnerEcRequest * containing itsId * indicating the canonical identifier of the ITS-S * and containing signer * declared as self * and containing signature * computed using the canonical private key * } * } ** * @see ETSI TS ITS-00546v006 TP 3 * @reference ETSI TS 102 941, clause 6.1.3 */ testcase TC_SEC_PKI_ITSS_ENR_BV_02() runs on ItsMtc /*system ItsPkiItssSystem*/ { } // End of TC_SEC_PKI_ITSS_ENR_BV_01 } // End of group itss_manufacturing } // End of group itss_behavior group ea_behavior { group enrolment_request_handling { /** * @desc The EnrolmentResponse message shall be sent by the EA to the * ITS-S across the interface at reference point S3 in response * to a received EnrolmentRequest message. *
* Pics Selection: * Initial conditions: * with { * the IUT being in the "operational state" * } * Expected behaviour: * ensure that { * when { * the IUT receives an EnrolmentRequestMessage across the interface at the reference point S3 * } * then { * the IUT answers with an EnrolmentResponseMessage across the interface at reference point S3 * } * } ** * @see ETSI TS ITS-00546v006 TP 20 * @reference ETSI TS 102 941, clause 6.2.3.2.2 */ testcase TC_SEC_PKI_SND_EA_BV_01() runs on ItsPki system ItsPkiSystem { // Local variables var Oct32 v_private_key; var Oct32 v_publicKeyX; var Oct32 v_publicKeyY; var Oct32 v_publicKeyCompressed; var integer v_compressedMode; var InnerEcRequest v_inner_ec_request; // Test control if (not PICS_IUT_EA_ROLE) { log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***"); setverdict(inconc); stop; } // Test component configuration LibItsPki_Functions.f_cfUp(); // Test adapter configuration // Preamble if (f_generate_inner_ec_request(v_private_key, v_publicKeyX, v_publicKeyY, v_publicKeyCompressed, v_compressedMode, v_inner_ec_request) == false) { log("*** " & testcasename() & ": FAIL: Failed to setup InnerEcRequest message ***") f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_error); stop; } f_sendAcPkiPrimitive(v_private_key, v_publicKeyCompressed, v_compressedMode); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body pkiPort.send(v_inner_ec_request); tc_ac.start; alt { [] pkiPort.receive( mw_innerEcResponse_ok ) { tc_ac.stop; log("*** " & testcasename() & ": PASS: InnerEcResponse received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected message not received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); } } // End of 'alt' statement // Postamble LibItsPki_Functions.f_cfDown(); } // End of testcase TC_SEC_PKI_SND_EA_BV_01 } // End of group enrolment_request_handling group enrolment_response { /** * @desc The EnrolmentResponse message shall be encrypted using an ETSI TS 103 097 approved * algorithm and the encryption shall be done with the same AES key as the one used * by the ITS-S requestor for the encryption of the EnrolmentRequest message *
* Pics Selection: * Expected behaviour: * ensure that { * when { * the IUT receives an EnrolmentRequestMessage * containing encKey * containing an encrypted AES key (SYMKEY) * } * then { * the IUT answers with an EnrolmentResponseMessage * containing cipherTex * being encrypted * using SYMKEY * and using an ETSI TS 103 097 approved algorithm * } * } ** * @see ETSI TS ITS-00546v006 TP 22 * @reference ETSI TS 102 941, clause 6.2.3.2.2 */ testcase TC_SEC_PKI_SND_EA_BV_02() runs on ItsPkiHttp system ItsPkiHttpSystem { // Local variables var Oct32 v_private_key; var Oct32 v_publicKeyX; var Oct32 v_publicKeyY; var Oct32 v_publicKeyCompressed; var integer v_compressedMode; var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data; var HeaderLines v_headers; var HttpMessage v_response; var EtsiTs102941Data v_etsi_ts_102941_data; // Test control if (not PICS_IUT_EA_ROLE) { log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***"); setverdict(inconc); stop; } // Test component configuration f_cfHttpUp(); // Default value: CERT_TS_A_EA // Test adapter configuration // Preamble f_http_build_enrolment_request(v_private_key, v_publicKeyX, v_publicKeyY, v_publicKeyCompressed, v_compressedMode, v_ieee1609dot2_signed_and_encrypted_data); f_init_default_headers_list(v_headers); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body httpPort.send( m_http_request( m_http_request_get( "/its/inner_ec_request", v_headers, m_http_message_body_binary( m_binary_body_ieee1609dot2_data( v_ieee1609dot2_signed_and_encrypted_data ))))); tc_ac.start; alt { [] httpPort.receive( mw_http_response( mw_http_response_ok( mw_http_message_body_binary( mw_binary_body_ieee1609dot2_data( mw_enrolmentResponseMessage( mw_encryptedData( -, mw_SymmetricCiphertext_aes128ccm ))))))) -> value v_response { tc_ac.stop; if (f_verify_pki_message(vc_eaPrivateEncKey, vc_eaPeerWholeHash, vc_eaCertificate, v_response.response.body.binary_body.ieee1609dot2_data, false, v_etsi_ts_102941_data) == false) { log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***"); if (not(match(v_etsi_ts_102941_data.content, mw_enrolmentResponse))) { log("*** " & testcasename() & ": FAIL: Unexpected message received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: InnerEcResponse received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } } } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected message not received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); } } // End of 'alt' statement // Postamble f_cfHttpDown(); } // End of testcase TC_SEC_PKI_SND_EA_BV_02 /** * @desc The outermost structure is an EtsiTs103097Data-Encrypted structure containing * the component recipients containing one instance of RecipientInfo of choice * pskRecipInfo, which contains the HashedId8 of the symmetric key used by the * ITS-S to encrypt the EnrolmentRequest message to which the response is built * and containing the component ciphertext, once decrypted, contains an * EtsiTs103097Data-Signed structure *
* Pics Selection: * Expected behaviour: * ensure that { * when { * the IUT receives an EnrolmentRequestMessage * } * then { * the IUT sends an EtsiTs103097Data-Encrypted structure * containing recipients * containing one instance of RecipientInfo of choice pskRecipInfo * containing the HashedId8 of the symmetric key used to encrypt the EnrolmentRequestMessage * and containing cipherText * being an encrypted EtsiTs103097Data-Signed structure * } * } ** * @see ETSI TS ITS-00546v006 TP 24 * @reference ETSI TS 102 941, clause 6.2.3.2.2 */ testcase TC_SEC_PKI_SND_EA_BV_03() runs on ItsPkiHttp system ItsPkiHttpSystem { // Local variables var Oct32 v_private_key; var Oct32 v_publicKeyX; var Oct32 v_publicKeyY; var Oct32 v_publicKeyCompressed; var integer v_compressedMode; var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data; var HeaderLines v_headers; var HttpMessage v_response; var EtsiTs102941Data v_etsi_ts_102941_data; // Test control if (not PICS_IUT_EA_ROLE) { log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***"); setverdict(inconc); stop; } // Test component configuration f_cfHttpUp(); // Default value: CERT_TS_A_EA // Test adapter configuration // Preamble f_http_build_enrolment_request(v_private_key, v_publicKeyX, v_publicKeyY, v_publicKeyCompressed, v_compressedMode, v_ieee1609dot2_signed_and_encrypted_data); f_init_default_headers_list(v_headers); httpPort.send( m_http_request( m_http_request_get( "/its/inner_ec_request", v_headers, m_http_message_body_binary( m_binary_body_ieee1609dot2_data( v_ieee1609dot2_signed_and_encrypted_data ))))); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body tc_ac.start; alt { [] httpPort.receive( mw_http_response( mw_http_response_ok( mw_http_message_body_binary( mw_binary_body_ieee1609dot2_data( mw_enrolmentResponseMessage( mw_encryptedData( -, mw_SymmetricCiphertext_aes128ccm ))))))) -> value v_response { tc_ac.stop; if (f_verify_pki_message(vc_eaPrivateEncKey, vc_eaPeerWholeHash, vc_eaCertificate, v_response.response.body.binary_body.ieee1609dot2_data, false, v_etsi_ts_102941_data) == false) { log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***"); if (not(match(v_etsi_ts_102941_data.content, mw_enrolmentResponse))) { log("*** " & testcasename() & ": FAIL: Unexpected message received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: InnerEcResponse received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } } } [] httpPort.receive( // FIXME Use altstep mw_http_response( mw_http_response_ko )) { tc_ac.stop; log("*** " & testcasename() & ": FAIL: HTTP error ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } [] httpPort.receive(mw_http_response) { // FIXME Use altstep tc_ac.stop; log("*** " & testcasename() & ": FAIL: Unexpected response received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected message not received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); } } // End of 'alt' statement // Postamble f_cfHttpDown(); } // End of testcase TC_SEC_PKI_SND_EA_BV_03 } // End of group enrolment_response } // End of group ea_behavior group aa_behavior { } // End of group aa_beavior } // End of module ItsPki_TestCases