/**
* @author ETSI / STF481
* @version $URL$
* $Id$
* @desc Testcases file for Security Protocol
* @see Draft ETSI TS 103 097 V1.1.15
*/
module ItsSecurity_TestCases {
// Libcommon
import from LibCommon_Time all;
import from LibCommon_VerdictControl all;
import from LibCommon_Sync all;
// LibItsCommon
import from LibItsCommon_Functions all;
// LibItsSecurity
import from LibItsSecurity_TypesAndValues all;
import from LibItsSecurity_Templates all;
import from LibItsSecurity_Functions all;
import from LibItsSecurity_Pixits all;
import from LibItsSecurity_Pics all;
// LibItsGeoNetworking
import from LibItsGeoNetworking_TestSystem all;
import from LibItsGeoNetworking_Functions all;
import from LibItsGeoNetworking_Templates all;
import from LibItsGeoNetworking_TypesAndValues all;
import from LibItsGeoNetworking_Pics all;
import from LibItsGeoNetworking_Pixits all;
// LibItsBtp
import from LibItsBtp_TypesAndValues all;
import from LibItsBtp_Templates all;
// LibItsCam
import from LibItsCam_Templates all;
import from LibItsCam_Functions { group camGenerators } ;
import from LibItsCam_Templates all;
import from LibItsCam_Functions all;
import from LibItsCam_TestSystem all;
// LibItsDenm
import from LibItsDenm_TypesAndValues all;
import from LibItsDenm_Templates {
template m_situation, m_denmLocation_zeroDelta, m_denm, m_denmMgmtCon, m_tsActionId
};
import from LibItsDenm_TestSystem all;
// AtsSecurity
import from AtsSecurity_TestSystem all;
import from AtsSecurity_Functions all;
import from AtsSecurity_Templates all;
group g_SecuredMessages {
/**
* @desc Check that ITS-S sends a SecuredMessage containing protocol version set to 2
*
* Pics Selection: PICS_GN_SECURITY and PICS_ITS_AID_OTHER_PROFILE
* Config Id: CF01
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* }
* Expected behaviour:
* ensure that {
* when {
* the IUT is requested to send a SecuredMessage
* } then {
* the IUT sends a SecuredMessage
* containing protocol_version
* indicating value '2'
* }
* }
*
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_SND_MSG_01_01_BV
* @reference ETSI TS 103 097 [1], clause 5.2
*/
testcase TC_SEC_ITSS_SND_MSG_01_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var LongPosVector v_longPosVectorIut;
// Test control
if (not(PICS_GN_SECURITY) or not(PICS_ITS_AID_OTHER_PROFILE)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_ITS_AID_OTHER_PROFILE' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
v_longPosVectorIut := f_getPosition(c_compIut);
// Test adapter configuration
// Preamble
f_prNeighbour();
f_acTriggerEvent(m_startPassBeaconing(m_beaconHeader(v_longPosVectorIut).beaconHeader)); // Authorize the TA to forward the received beacons
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
tc_ac.start;
alt {
[] geoNetworkingPort.receive(mw_geoNwInd(mw_geoNwSecPdu(mdw_securedMessage_dummy))) {
tc_ac.stop;
log("*** " & testcasename() & ": PASS: Security protocol version set to 2 ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_acTriggerEvent(m_stopPassBeaconing);
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_MSG_01_01_BV
/**
* @desc Check that IUT sends the message signed with the digest pointing to the AT certificate
*
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* and the IUT is configured to send more than one CAM per second
* and the IUT having sent last CAM
* containing header_fields['signer_info'].signer.type
* indicating 'certificate'
* }
* Expected behaviour:
* ensure that {
* when {
* the IUT is requested to send next CAM
* } then {
* the IUT sends a SecuredMessage
* containing header_fields ['signer_info'] {
* containing signer {
* containing type
* indicating 'certificate_digest_with_sha256'
* containing digest
* referencing the certificate
* containing subject_info.subject_type
* indicating 'authorization_ticket'
* }
* }
* }
* }
*
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_SND_MSG_04_01_BV
* @reference ETSI TS 103 097 [1], clause 6.3
*/
testcase TC_SEC_ITSS_SND_MSG_04_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var SecuredMessage v_recv;
var Certificate v_cert;
var LongPosVector v_longPosVectorIut;
var ItsCam v_component;
// Test control
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
v_longPosVectorIut := f_getPosition(c_compIut);
// Test adapter configuration
// Preamble
f_prNeighbour();
v_component := f_setCamFrequencyGreatherThan1Hz();
// execution will be stopped if cert is not received during tc_ac
log("*** " & testcasename() & ": INFO: Waiting for the message containing certificate ***");
tc_ac.start;
f_waitForCertificate(v_cert);
tc_ac.stop;
if (v_cert.subject_info.subject_type != e_authorization_ticket) {
log("*** " & testcasename() & ": FAIL: received certificate is not an AT certificate ***");
f_selfOrClientSyncAndVerdictTestBody(c_prDone, e_error);
}
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
tc_ac.start;
alt {
[] a_securedMessageWithDigest (v_recv) {
var SignerInfo v_si;
tc_ac.stop;
if (f_getMsgSignerInfo(v_recv, v_si) == true) {
if (v_si.signerInfo.digest == f_calculateDigestFromCertificate(v_cert)) {
log("*** " & testcasename() & ": PASS: Digest corresponds to the AT certificate ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
} else {
log("*** " & testcasename() & ": FAIL: Digest corresponds to unknown certificate ***");
log("f_calculateDigestFromCertificate(v_cert)=", f_calculateDigestFromCertificate(v_cert));
log("v_si.signerInfo.digest=", v_si.signerInfo.digest);
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
} else {
log("*** " & testcasename() & ": FAIL: Received message is not signed well ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected CAM not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_terminateCam(v_component);
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_MSG_04_01_BV
/**
* @desc Check that IUT uses the AT certificate to sign messages
*
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* the IUT being requested to include certificate in the next CAM
* }
* ensure that {
* when {
* the IUT is requested to send a next CAM
* } then {
* the IUT sends a SecuredMessage
* containing header_fields ['signer_info'] {
* containing signer {
* containing type
* indicating 'certificate'
* containing certificate
* containing subject_info.subject_type
* indicating 'authorization_ticket'
* }
* }
* }
* }
*
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_SND_MSG_04_02_BV
* @reference ETSI TS 103 097 [1], clause 6.3
*/
testcase TC_SEC_ITSS_SND_MSG_04_02_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var SecuredMessage v_recv;
var Certificate v_cert;
var LongPosVector v_longPosVectorIut;
// Test control
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
v_longPosVectorIut := f_getPosition(c_compIut);
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
tc_ac.start;
alt {
[] a_securedMessageWithCertificate(v_recv) {
var SignerInfo v_si;
if (f_getMsgSignerInfo(v_recv, v_si)) {
v_cert := v_si.signerInfo.certificate;
if (v_cert.subject_info.subject_type != e_authorization_ticket ) {
log("*** " & testcasename() & ": FAIL: received certificate is not an AT certificate ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
log("*** " & testcasename() & ": PASS: message signed with AT certificate");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
} else {
log("*** " & testcasename() & ": FAIL: received message is not signed well ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected CAM not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_MSG_04_02_BV
/**
* @desc Check that the SecuredMessage signature containes the ECC point of type set to either compressed_lsb_y_0, compressed_lsb_y_1 or x_coordinate_only
*
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* }
* ensure that {
* when {
* the IUT is requested to send a next CAM
* } then {
* the IUT sends a SecuredMessage
* containing header_fields ['its_aid']
* containing its_aid
* indicating 'AID_CAM'
* and containing trailer_fields['signature']
* containing signature.ecdsa_signature
* containing R.type
* indicating compressed_lsb_y_0
* or indicating compressed_lsb_y_1
* or indicating x_coordinate_only
* }
* }
*
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_SND_MSG_05_01_BV
* @reference ETSI TS 103 097 [1], clause 4.2.9
*/
testcase TC_SEC_ITSS_SND_MSG_05_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var LongPosVector v_longPosVectorIut;
// Test control
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
v_longPosVectorIut := f_getPosition(c_compIut);
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage_CAMs(
?,
?,
{
mw_trailer_field_signature(
mw_signature(
mw_ecdsaSignature(
mw_eccPointecdsa_nistp256_with_sha256_y0_coordinate_only,
?
)
)
)
}
),
?
))) {
tc_ac.stop;
log("*** " & testcasename() & ": PASS: Expected CAM message containing signature with the ECC point of type set to compressed_lsb_y_0 received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage_CAMs(
?,
?,
{
mw_trailer_field_signature(
mw_signature(
mw_ecdsaSignature(
mw_eccPointecdsa_nistp256_with_sha256_y1_coordinate_only,
?
)
)
)
}
),
?
))) {
tc_ac.stop;
log("*** " & testcasename() & ": PASS: Expected CAM message containing signature with the ECC point of type set to compressed_lsb_y_1 received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage_CAMs(
?,
?,
{
mw_trailer_field_signature(
mw_signature(
mw_ecdsaSignature(
mw_eccPointecdsa_nistp256_with_sha256_x_coordinate_only
)
)
)
}
),
?
))) {
tc_ac.stop;
log("*** " & testcasename() & ": PASS: Expected CAM message containing signature with the ECC point of type set to x_coordinate_only received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage_CAMs
))) {
tc_ac.stop;
log("*** " & testcasename() & ": Failed: Expected CAM message received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected CAM not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_MSG_05_01_BV
group secCAMProfile {
/**
* @desc Check that the secured CAM contains exactly one element of these header fields: signer_info, generation_time, its_aid.
Check that the header fields are in the ascending order according to the numbering of the enumeration except of the signer_info, which is encoded first.
Check that generation_time_standard_deviation, expiration, encryption_parameters, recipient_info are not used
*
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* }
* ensure that {
* when {
* the IUT is requested to send a CAM
* } then {
* the IUT sends a SecuredMessage {
* containing header_fields[0]
* containing type
* indicating 'signer_info'
* and containing header_fields [n].type
* indicating value < header_fields [n+1].type
* and containing header_fields ['generation_time']
* and containing header_fields['its_aid']
* indicating 'AID_CAM'
* and not containing header_fields['generation_time_standard_deviation']
* and not containing header_fields['expiration']
* and not containing header_fields['encryption_parameters']
* and not containing header_fields['recipient_info']
* }
* }
* }
*
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_SND_CAM_02_01_BV
* @reference ETSI TS 103 097 [1], clause 7.1
*/
testcase TC_SEC_ITSS_SND_CAM_02_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var GeoNetworkingInd v_geoNwInd;
var HeaderFields v_headersFields;
var integer v_previousHeaderType;
// Test control
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage(
superset(
mw_header_field(
e_signer_info
),
mw_header_field(e_generation_time),
mw_header_field_its_aid_CAM
)
),
mw_geoNwPduWithPayload(
?,
?,
mw_secCamPayload).packet
))) -> value v_geoNwInd {
tc_ac.stop;
// Process header fields manually
v_headersFields := valueof(v_geoNwInd.msgIn.gnPacket.securedMsg.header_fields);
// Check that signerInfo is first header
if ((lengthof(v_headersFields) < 1) or not match(v_headersFields[0].type_, e_signer_info)) {
log("*** " & testcasename() & ": FAIL: SignerInfo is not first header");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
for (var integer v_counter := 1; v_counter < lengthof(v_headersFields); v_counter := v_counter + 1) {
// Check forbidden header
// FIXME: 'generation_time_with_confidence' does not exist. is it e_generation_time_standard_deviation ?
if (match(v_headersFields[v_counter].type_, e_generation_time_standard_deviation)) {
log("*** " & testcasename() & ": FAIL: Forbidden header present");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
if (match(v_headersFields[v_counter].type_, e_signer_info)) {
log("*** " & testcasename() & ": FAIL: multiple instances of signer_info header");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
if (v_counter > 1 ) {
// Check that headers are ordered
if (match(v_headersFields[v_counter].type_, integer:(0..v_previousHeaderType))) {
// Check that header is duplicated
if (match(v_headersFields[v_counter].type_, v_previousHeaderType)) {
log("*** " & testcasename() & ": FAIL: multiple instances of same header");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}else{
log("*** " & testcasename() & ": FAIL: headers not in correct order");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}
}
v_previousHeaderType := enum2int(v_headersFields[v_counter].type_);
} // End of 'for' statement
log("*** " & testcasename() & ": PASS: correct secured packet received");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected CAM not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_CAM_02_01_BV
/**
* @desc Check that the secured CAM contains in the normal case the signer_info field of type certificate_digest_with_sha256
*
* Pics Selection: none
* Config Id: CF01
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* and the IUT is configured to send more than one CAM per second
* and the IUT having sent last CAM
* containing header_fields['signer_info'].signer.type
* indicating 'certificate'
* }
* ensure that {
* when {
* the IUT is requested to send next CAM
* } then {
* the IUT sends a SecuredMessage
* containing header_fields['signer_info'] {
* containing signer
* containing type
* indicating 'certificate_digest_with_sha256'
* containing digest
* containing header_fields['its_aid']
* indicating 'AID_CAM'
* }
* }
* }
*
*
* @see FIXME - test case is not part of ETSI TS 103 096-2 v1.2.1
* @reference ETSI TS 103 097 V1.1.15, clause 7.1
*/
testcase TC_SEC_ITSS_SND_CAM_04_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var integer v_cntCert := 0;
var integer v_cntDigest := 0;
var integer v_cntTimeLimit := float2int(PX_TAC);
var ItsCam v_component;
// Test control
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
geoNetworkingPort.clear;
v_component := f_setCamFrequencyGreatherThan1Hz();
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage_CAMs(
mw_header_field_signer_info_certificate
)))) {
tc_ac.stop;
log("*** " & testcasename() & ": INFO: Initial conditions: First CAM message with certificate received ***");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Initial conditions: CAM message with certificate not received ***");
f_selfOrClientSyncAndVerdictPreamble("error", e_timeout);
}
}
// Test Body
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage_CAMs(
mw_header_field_signer_info_certificate
)))) {
v_cntCert := v_cntCert + 1;
repeat;
}
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage_CAMs(
mw_header_field_signer_info_digest
)))) {
v_cntDigest := v_cntDigest + 1;
repeat;
}
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage_CAMs
))) {
log("*** " & testcasename() & ": FAIL: Neither Certificate not Digest in received CAM ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
[] tc_ac.timeout {
if (v_cntCert + v_cntDigest == 0 ){
log("*** " & testcasename() & ": INCONC: Expected CAM not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}else{
log("*** " & testcasename() & ": INFO: Data accumulation time finished ***");
if (v_cntCert + v_cntDigest <= v_cntTimeLimit * 2 ){
log("*** " & testcasename() & ": INCONC: The CAM frequency is too small ("
& int2str((v_cntCert + v_cntDigest)/v_cntTimeLimit)
& " per sec) ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
} else if (f_abs(v_cntCert - v_cntTimeLimit) > 2){
log("*** " & testcasename() & ": FAIL: Digests are not as frequant as expected ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else {
log("*** " & testcasename() & ": OK: Digests have been sent in normal case in high CAM frequency ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
}
}
} // End of 'alt' statement
// Postamble
f_terminateCam(v_component);
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_CAM_04_01_BV
/**
* @desc Check that the secured CAM contains the signer_info field of certificate when over the time of one second no other SecuredMessage contained a signer_info of type certificate..
*
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* and the IUT is configured to send more then one CAM per second
* and the IUT having sent a CAM
* containing header_fields['signer_info'].signer.type
* indicating 'certificate'
* contains header_fields['generation_time']
* indicating TIME_LAST
* }
* ensure that {
* when {
* the IUT sends one of the next SecuredMessage
* containing header_fields['signer_info'] {
* containing signer {
* containing type
* indicating 'certificate'
* containing certificate
* }
* containing header_fields['its_aid']
* indicating 'AID_CAM'
* }
* } then {
* this message
* contains header_fields['generation_time']
* indicating TIME (TIME >= TIME_LAST + 1sec)
* }
* }
*
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_SND_CAM_05_01_BV
* @reference ETSI TS 103 097 [1], clause 7.1
*/
testcase TC_SEC_ITSS_SND_CAM_05_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
const integer c_cntTimeLimit := 10;
const float c_certificateGenerationTime := 1.0;
timer t_minTransInterval := c_certificateGenerationTime * 0.8;
var integer v_cntTime := 0;
var GeoNetworkingInd v_geoNwInd;
var ItsCam v_component;
// Test control
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
geoNetworkingPort.clear;
v_component := f_setCamFrequencyGreatherThan1Hz();
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage_CAMs(
mw_header_field_signer_info_certificate
)))) {
tc_ac.stop;
t_minTransInterval.start;
log("*** " & testcasename() & ": INFO: Initial conditions: First CAM message with certificate received ***");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Initial conditions: CAM message with certificate not received ***");
f_selfOrClientSyncAndVerdictPreamble("error", e_timeout);
}
} // End of 'alt' statement
// Test Body
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage_CAMs(
mw_header_field_signer_info_certificate
)))) {
if(t_minTransInterval.running){
t_minTransInterval.stop;
log("*** " & testcasename() & ": FAIL: CAM with certificate has been received inside 1 sec after previous one ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
v_cntTime := v_cntTime + 1;
if (v_cntTime == c_cntTimeLimit) { // Exit message loop
log("*** " & testcasename() & ": PASS: Generation of CAM messages including certificate was successful ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
// end of alt
}
else {
log("*** " & testcasename() & ": INFO: CAM retransmission with certificate ***");
t_minTransInterval.start;
repeat;
}
}
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage_CAMs(
mw_header_field_signer_info_digest
)))) {
log("*** " & testcasename() & ": INFO: CAM retransmission with digest ***");
repeat;
}
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage_CAMs
))) {
log("*** " & testcasename() & ": FAIL: Neither Certificate not Digest in received CAM ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
[] t_minTransInterval.timeout {
log("*** " & testcasename() & ": INFO: One of next CAMS must have a certificate ***");
repeat;
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected CAM not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_terminateCam(v_component);
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_CAM_05_01_BV
/**
* @desc Check that the secured CAM contains the signer_info field of certificate when the timeout of 1 second has been
* expired after the previous CAM containing the certificate.
*
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* and the IUT is configured to send more than one CAM per second
* and the IUT having sent a CAM
* containing header_fields['signer_info'].signer.type
* indicating 'certificate'
* at TIME_1
* }
* ensure that {
* when {
* the IUT is requested to send next CAM right after 1 second after the TIME_1
* } then {
* the IUT sends a SecuredMessage {
* containing header_fields ['signer_info'] {
* containing signer {
* containing type
* indicating 'certificate'
* containing certificate
* }
* }
* containing header_fields['its_aid']
* indicating 'AID_CAM'
* }
* }
* }
*
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_SND_CAM_05_02_BV
* @reference ETSI TS 103 097 [1], clause 7.1
*/
testcase TC_SEC_ITSS_SND_CAM_05_02_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
const integer c_cntTimeLimit := 10;
const float c_certificateGenerationTime := 1.0;
timer t_maxTransInterval := c_certificateGenerationTime * 1.15;
var integer v_cntTime := 0;
var GeoNetworkingInd v_geoNwInd;
var ItsCam v_component;
// Test control
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
geoNetworkingPort.clear;
v_component := f_setCamFrequencyGreatherThan1Hz();
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage_CAMs(
mw_header_field_signer_info_certificate
)))) {
t_maxTransInterval.start;
tc_ac.stop;
log("*** " & testcasename() & ": INFO: Initial conditions: First CAM message with certificate received ***");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Initial conditions: CAM message with certificate not received ***");
f_selfOrClientSyncAndVerdictPreamble("error", e_timeout);
}
} // End of 'alt' statement
// Test Body
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage_CAMs(
mw_header_field_signer_info_certificate
)))) {
t_maxTransInterval.stop;
v_cntTime := v_cntTime + 1;
if (v_cntTime == c_cntTimeLimit) { // Exit message loop
log("*** " & testcasename() & ": PASS: Generation of CAM messages including certificate was successful ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
// end of alt
}
else {
t_maxTransInterval.start;
log("*** " & testcasename() & ": INFO: CAM retransmission with certificate ***");
repeat;
}
}
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage_CAMs(
mw_header_field_signer_info_digest
)))) {
log("*** " & testcasename() & ": INFO: CAM retransmission with digest ***");
repeat;
}
[] t_maxTransInterval.timeout {
log("*** " & testcasename() & ": FAIL: CAM with certificate was not received in 1 sec after previous one ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected CAM not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_terminateCam(v_component);
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_CAM_05_02_BV
/**
* @desc Check that SUT send certificate to unknown ITS-S
*
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* and the IUT is configured to send more than one CAM per second
* and the IUT having already sent CAM at TIME_1
* containing header_fields['signer_info'].signer.type
* indicating 'certificate'
* and the IUT having received a SecuredMessage
* at TIME_2 (TIME_1 < TIME_2 < TIME_1+ 1sec)
* containing header_fields['signer_info'] {
* containing signer
* containing type
* indicating 'certificate_digest_with_sha256'
* containing digest
* indicating HashedId3 value
* referenced to unknown certificate
* }
* containing header_fields['its_aid']
* indicating 'AID_CAM'
* }
* ensure that {
* when {
* the IUT is requested to send CAM
* at TIME_3 (TIME_1 < TIME_2 < TIME_3 < TIME_1 + 1sec)
* } then {
* the IUT sends a SecuredMessage {
* containing header_fields[0] {
* containing type
* indicating 'signer_info'
* containing signer {
* containing type
* indicating 'certificate'
* containing certificate
* }
* }
* containing header_fields['its_aid']
* indicating 'AID_CAM'
* }
* }
* }
*
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_SND_CAM_06_01_BV
* @reference ETSI TS 103 097 [1], clause 7.1
*/
testcase TC_SEC_ITSS_SND_CAM_06_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var GeoNetworkingInd v_geoNwInd;
var ItsCam v_component;
timer t_maxTransInterval := 0.3;
// Test control
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
v_component := f_setCamFrequencyGreatherThan1Hz();
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage_CAMs(
mw_header_field_signer_info_certificate
)))) {
tc_ac.stop;
log("*** " & testcasename() & ": INFO: Initial conditions: First CAM message with certificate received ***");
// Send secured message from unknown ITS-S
geoNetworkingPort.clear;
f_sendSecuredCam(cc_taCert_F, omit, e_certificate_digest_with_sha256);
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Initial conditions: CAM message with certificate not received ***");
f_selfOrClientSyncAndVerdictPreamble("error", e_timeout);
}
}
// Test Body
t_maxTransInterval.start;
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage_CAMs(
mw_header_field_signer_info_certificate
)))) {
tc_ac.stop;
t_maxTransInterval.stop;
log("*** " & testcasename() & ": PASS: Generation of CAM messages including certificate was successful ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage_CAMs
))) {
repeat;
}
[] t_maxTransInterval.timeout {
log("*** " & testcasename() & ": FAIL: CAM was transmited w/o unrecognized request header ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected CAM not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_terminateCam(v_component);
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_CAM_06_01_BV
/**
* @desc Check that IUT restart the certificate sending timer when the certificate has been sent
*
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* and the IUT is configured to send more then one CAM per second
* and the IUT having already sent CAM at TIME_1
* containing header_fields['signer_info'].signer.type
* indicating 'certificate'
* and the IUT having received a CAM at TIME_2 (TIME_1 +0.3sec) {
* containing header_fields['request_unrecognized_certificate'] {
* containing digests {
* containing HashedId3 value
* referencing to the the IUT certificate
* }
* }
* }
* and the IUT having sent CAM at TIME_3 (TIME_3 > TIME_2)
* containing header_fields['signer_info'].signer.type
* indicating 'certificate'
* }
* ensure that {
* when {
* the IUT is sending the next CAM at TIME_4
* containing header_fields['signer_info'].signer.type
* indicating 'certificate'
* } then {
* the difference between TIME_4 and TIME_3 is about of 1sec
* }
* }
*
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_SND_CAM_07a_01_TI
* @reference ETSI TS 103 097 [1], clause 7.1
*/
testcase TC_SEC_ITSS_SND_CAM_07_01_TI() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
const float c_certificateGenerationTime := 1.0;
timer t_maxTransInterval := c_certificateGenerationTime * 0.9;
var GeoNetworkingInd v_geoNwInd;
var SignerInfo v_signerInfo;
var ItsCam v_component;
var boolean v_firstCertReceived := false;
// Test control
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ": ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
v_component := f_setCamFrequencyGreatherThan1Hz();
tc_ac.start;
alt {
[v_firstCertReceived == false] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage_CAMs(
mw_header_field_signer_info_certificate
)))) -> value v_geoNwInd {
log("*** " & testcasename() & ": INFO: Initial conditions: The first CAM with certificate is received ***");
v_firstCertReceived := true;
f_sleep(0.3);
// Send secured message with request for unrecognized certificate
f_getMsgSignerInfo(f_getSecuredMessage(v_geoNwInd.msgIn), v_signerInfo);
f_sendSecuredCam(
cc_taCert_F,
{
m_header_field_unrecognised_certificate(
f_HashedId3FromHashedId8(
f_calculateDigestFromCertificate(
v_signerInfo.signerInfo.certificate
)
)
)
},
e_certificate_digest_with_sha256
);
repeat;
}
[v_firstCertReceived == true] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage_CAMs(
mw_header_field_signer_info_certificate
)))) {
tc_ac.stop;
// start a timeout of one second to check
// that the next cert will be received after this timeout
t_maxTransInterval.start;
log("*** " & testcasename() & ": INFO: Initial conditions: The requested CAM with certificate is received ***");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Initial conditions: CAM message with certificate not received ***");
f_selfOrClientSyncAndVerdictPreamble("error", e_timeout);
}
} // End of 'alt' statement
// Test Body
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage_CAMs(
mw_header_field_signer_info_certificate
)))) {
tc_ac.stop;
t_maxTransInterval.stop;
log("*** " & testcasename() & ": FAIL: CAM certificate inclusion time wasn't restarted ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage_CAMs
))) {
// log("*** " & testcasename() & ": INFO: CAM retransmission w/o certificate ***");
repeat;
}
[] t_maxTransInterval.timeout {
tc_ac.stop;
log("*** " & testcasename() & ": PASS: The CAM certificate inclusion timer has been restarted ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected CAM not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_terminateCam(v_component);
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_CAM_07_01_TI
/**
* @desc Check that the IUT send the Secured CAM containing the signer_info of type certificate when it received a CAM that contains a request of unrecognized certificate that matches with the currently used AT certificate ID
*
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* and the IUT is configured to send more than one CAM per second
* and the IUT having already sent CAM at TIME_1
* containing header_fields['signer_info'].signer.type
* indicating 'certificate'
* and the IUT having received a SecuredMessage
* at TIME_2 (TIME_1 < TIME_2 < TIME_1 + 1sec)
* containing header_fields['request_unrecognized_certificate']
* containing digests {
* containing HashedId3 value
* referencing to the AT certificate
* and not containing HashedId3 value
* referencing to the AA certificate
* }
* }
* ensure that {
* when {
* the IUT is requested to send a CAM
* at TIME_3 (TIME_1 < TIME_2 < TIME_3 < TIME_1 + 1sec)
* } then {
* the IUT sends a SecuredMessage {
* containing header_fields['signer_info'] {
* containing signer {
* containing type
* indicating 'certificate'
* containing certificate
* referenced by the requested digest
* }
* }
* containing header_fields['its_aid']
* indicating 'AID_CAM'
* }
* }
* }
*
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_SND_CAM_08_01_BV
* @reference ETSI TS 103 097 [1], clause 7.1
*/
testcase TC_SEC_ITSS_SND_CAM_08_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
const float c_certificateGenerationTime := 1.0;
timer t_maxTransInterval := c_certificateGenerationTime * 0.9;
var GeoNetworkingInd v_geoNwInd;
var ItsCam v_component;
var SignerInfo v_si;
// Test control
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ": ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
geoNetworkingPort.clear;
v_component := f_setCamFrequencyGreatherThan1Hz();
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage_CAMs(
mw_header_field_signer_info_certificate
)))) -> value v_geoNwInd {
tc_ac.stop;
t_maxTransInterval.start;
f_getMsgSignerInfo(f_getSecuredMessage(v_geoNwInd.msgIn),v_si);
log("*** " & testcasename() & ": INFO: Initial conditions: First CAM message with certificate received ***");
// Send secured message with request for unrecognized certificate
f_sendSecuredCam(
cc_taCert_A,
{
m_header_field_unrecognised_certificate( // containing digests
f_HashedId3FromHashedId8( // containing HashedId3 value
f_calculateDigestFromCertificate(
v_si.signerInfo.certificate // referencing to the AT certificate
)
)
// and not containing HashedId3 value referencing to the AA certificate
)
},
e_certificate
);
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Initial conditions: CAM message with certificate not received ***");
f_selfOrClientSyncAndVerdictPreamble("error", e_timeout);
}
} // End of 'alt' statement
// Test Body
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage_CAMs(
mw_header_field_signer_info_certificate(
v_si.signerInfo.certificate
)
)))) {
tc_ac.stop;
t_maxTransInterval.stop;
log("*** " & testcasename() & ": PASS: Generation of CAM messages including certificate was successful ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage_CAMs
))) {
log("*** " & testcasename() & ": INFO: CAM retransmission w/o certificate ***");
repeat;
}
[] t_maxTransInterval.timeout {
tc_ac.stop;
log("*** " & testcasename() & ": FAIL: Requested certificate was not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected CAM not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_terminateCam(v_component);
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_CAM_08_01_BV
/**
* @desc Check that the sent secured CAM contains the signer_info of type certificate_chain when the ITS-S received a CAM that contains a request of unrecognized certificate that matches with the AA certificate ID that issued its currently used AT certificate ID
*
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* and the IUT is configured to send more than one CAM per second
* and the IUT having already sent a CAM
* containing header_fields['signer_info'].signer.type
* indicating 'certificate'
* at TIME_1
* and the IUT having received a SecuredMessage
* containing header_fields['request_unrecognized_certificate'] {
* containing digests {
* containing HashedId3 value
* referencing to the AA certificate
* }
* }
* at TIME_2 (TIME_1 < TIME_2 < TIME_1+ 1sec)
* }
* ensure that {
* when {
* the IUT is requested to send a CAM
* at TIME_3 (TIME_1 < TIME_2 < TIME_3 < TIME_1+ 1sec)
* } then {
* the IUT sends a SecuredMessage {
* containing header_fields['signer_info'] {
* containing signer {
* containing type
* indicating 'certificate_chain'
* containing certificates[last]
* indicating the AT certificate
* containing certificates[last-1]
* indicating the AA certificate
* }
* }
* containing header_fields['its_aid']
* indicating 'AID_CAM'
* }
* }
* }
*
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_SND_CAM_09_01_BV
* @reference ETSI TS 103 097 [1], clause 7.1
*/
testcase TC_SEC_ITSS_SND_CAM_09_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
const float c_certificateGenerationTime := 1.0;
timer t_maxTransInterval := c_certificateGenerationTime * 0.9;
var GeoNetworkingInd v_geoNwInd;
var ItsCam v_component;
var SignerInfo v_si;
// Test control
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ": ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
geoNetworkingPort.clear;
v_component := f_setCamFrequencyGreatherThan1Hz();
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage_CAMs(
mw_header_field_signer_info_certificate
)))) -> value v_geoNwInd {
tc_ac.stop;
t_maxTransInterval.start;
f_getMsgSignerInfo(f_getSecuredMessage(v_geoNwInd.msgIn),v_si);
f_getCertificateSignerInfo(v_si.signerInfo.certificate, v_si);
log("*** " & testcasename() & ": INFO: Initial conditions: First CAM message with certificate received ***");
// Send secured message with request for unrecognized certificate
f_sendSecuredCam(
cc_taCert_A,
{
m_header_field_unrecognised_certificate( // containing digests
f_HashedId3FromHashedId8( // containing HashedId3 value
v_si.signerInfo.digest // referencing to the AA certificate
)
)
});
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Initial conditions: CAM message with certificate not received ***");
f_selfOrClientSyncAndVerdictPreamble("error", e_timeout);
}
} // End of 'alt' statement
// Test Body
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage_CAMs(
mw_header_field_signer_info_certificate_chain
)))) -> value v_geoNwInd {
var SignerInfo v_signerInfo;
var CertificateChain v_certificates;
var integer v_certificateChainLength;
tc_ac.stop;
t_maxTransInterval.stop;
// Extract certificate chain
f_getMsgSignerInfo(v_geoNwInd.msgIn.gnPacket.securedMsg, v_signerInfo);
v_certificates := v_signerInfo.signerInfo.certificates;
v_certificateChainLength := lengthof(v_certificates);
if (v_certificateChainLength >= 2) { // Check length
if ( // Check Content
not(
(v_certificates[0].subject_info.subject_type == e_authorization_authority) and
// Check the certificate chain contains certificates[last] indicating the AT certificate
(v_certificates[1].subject_info.subject_type == e_authorization_ticket)
// Check the certificate chain contains certificates[last-1] indicating the AA certificate
)) {
log("*** " & testcasename() & ": FAIL: Unexpected certificate chain content ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else {
log("*** " & testcasename() & ": PASS: Generation of CAM messages including certificate chain was successful ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
} else {
log("*** " & testcasename() & ": FAIL: Unexpected certificate chain content length ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage_CAMs
))) {
log("*** " & testcasename() & ": INFO: CAM retransmission w/o certificate chain ***");
repeat;
}
[] t_maxTransInterval.timeout {
tc_ac.stop;
log("*** " & testcasename() & ": FAIL: The certificate chain has not been received during 1 sec ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected CAM not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_terminateCam(v_component);
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_CAM_09_01_BV
/**
* @desc Check that message generation time is inside the validity period of the signing certificate
* Check that message generation time value is realistic (according to values proposed in C2C SEC12)
*
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* the IUT being requested to include certificate in the next CAM
* }
* ensure that {
* when {
* the IUT is requested to send CAM
* } then {
* the IUT sends a SecuredMessage {
* containing security_profile
* indicating '1'
* containing header_fields ['generation_time'] {
* containing generation_time
* indicating TIME_1 (CUR_TIME - 5min <= TIME_1 <= CUR_TIME + 5min)
* }
* containing header_fields ['signer_info'] {
* containing signer {
* containing type
* indicating 'certificate'
* containing certificate {
* not containing validity_restrictions['time_start_and_end']
* or containing validity_restrictions['time_start_and_end'] {
* containing start_validity
* indicating value <= TIME_1
* containing end_validity
* indicating value > TIME_1
* }
* }
* }
* }
* containing its_aid
* indicating 'AID_CAM'
* }
* }
* }
*
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_SND_CAM_10_01_BV
* @reference ETSI TS 103 097 [1], clauses 5.4 and 7.1
*/
testcase TC_SEC_ITSS_SND_CAM_10_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
const integer c_timeThreshold := 1000 * 60; /** Time threshold in milliseconds */
var GeoNetworkingInd v_geoNwInd;
var SignerInfo v_signerInfo;
var Certificate v_certificate;
var HeaderField v_headerField;
var Time64 v_generationTime;
var ValidityRestriction v_validity;
var integer v_currentTime, v_lowerBound, v_upperBound;
// Test control
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ": ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
// Test Body
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage(
superset(
mw_header_field_generation_time,
mw_header_field_signer_info_certificate,
mw_header_field_its_aid_CAM
))))) -> value v_geoNwInd {
tc_ac.stop;
log("*** " & testcasename() & ": INFO: CAM transmission with certificate ***");
v_currentTime := f_getCurrentTime();
log("v_currentTime (us)=", v_currentTime * 1000);
v_lowerBound := (v_currentTime - c_timeThreshold) * 1000;
v_upperBound := (v_currentTime + c_timeThreshold) * 1000;
// Extract generation_time
f_getMsgHeaderField(v_geoNwInd.msgIn.gnPacket.securedMsg, e_generation_time, v_headerField);
v_generationTime := v_headerField.headerField.generation_time;
// Extract certificate
f_getMsgSignerInfo(v_geoNwInd.msgIn.gnPacket.securedMsg, v_signerInfo);
v_certificate := v_signerInfo.signerInfo.certificate;
// Check current time
if (match(v_generationTime, (v_lowerBound .. v_upperBound))) {
log("*** " & testcasename() & ": PASS: Generation time matches current time ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
} else {
log("*** " & testcasename() & ": FAIL: Generation time does not match current time " & int2str(v_currentTime) & " . ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
// Check generation_time validity
if (
not(f_getCertificateValidityRestriction(v_certificate, e_time_start_and_end, v_validity)) or
(v_generationTime >= (v_validity.validity.time_start_and_end.start_validity * 1000000) and
(v_generationTime < (v_validity.validity.time_start_and_end.end_validity * 1000000)))
) {
log("*** " & testcasename() & ": PASS: Generation time within certificate validity ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
} else {
log ("start_validity (in us)=", v_validity.validity.time_start_and_end.start_validity * 1000000);
log ("end_validity (in us) =", v_validity.validity.time_start_and_end.end_validity * 1000000);
log("*** " & testcasename() & ": FAIL: Generation time not within certificate validity ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage_CAMs
))) {
log("*** " & testcasename() & ": INFO: CAM retransmission w/o certificate ***");
repeat;
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected CAM not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_CAM_10_01_BV
/**
* @desc Check that the sent Secured CAM contains exactly one HeaderField its_aid that is set to 'AID_CAM'
*
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* }
* ensure that {
* when {
* the IUT is requested to send CAM
* } then {
* the IUT sends a SecuredMessage {
* containing header_fields ['its_aid'] {
* containing its_aid
* indicating 'AID_CAM' (36)
* }
* }
* }
* }
*
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_SND_CAM_11_01_BV
* @reference ETSI TS 103 097 [1], clauses 5.4 and 7.1
*/
testcase TC_SEC_ITSS_SND_CAM_11_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
// Test control
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage_CAMs,
mw_geoNwPduWithPayload(
?,
?,
mw_secCamPayload).packet
))) {
tc_ac.stop;
log("*** " & testcasename() & ": PASS: CAM received as message_type 2");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage_dummy,
mw_geoNwPduWithPayload(
?,
?,
mw_secCamPayload).packet
))) {
tc_ac.stop;
log("*** " & testcasename() & ": FAIL: CAM received with different message_type");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected CAM not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_CAM_11_01_BV
/**
* @desc Check that the IUT sends certificate request when it receives a message from unknown station
*
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* and the IUT has receiving a SecuredMessage {
* containing header_fields['signer_info'].signer {
* containing type
* indicating 'certificate_digest_with_sha256'
* containing digest
* indicating HashedId3 value DIGEST_A
* referenced to unknown certificate
* }
* }
* }
* ensure that {
* when {
* the IUT is requested to send CAM
* } then {
* the IUT sends a SecuredMessage {
* containing header_fields['request_unrecognized_certificate'] {
* containing digests
* containing HashedId3 value
* indicating DIGEST_A
* }
* containing header_fields ['its_aid'] {
* containing its_aid
* indicating 'AID_CAM'
* }
* }
* }
*
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_SND_CAM_12_01_BV
* @reference ETSI TS 103 097 [1], clause 7.1
*/
testcase TC_SEC_ITSS_SND_CAM_12_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var HashedId8 v_expectedHashedId8;
var HashedId3 v_expectedHashedId3;
var GeoNetworkingPdu v_securedGnPduToBeSent;
// Test control
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Send secured message from unknown ITS-S
// Test component configuration
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
f_getCertificateDigest(
cc_taCert_F,
v_expectedHashedId8
);
v_expectedHashedId3 := f_HashedId3FromHashedId8(v_expectedHashedId8);
// preamble: waiting for CAM with certificate and send a CAM with unknown digest right after that
v_securedGnPduToBeSent := f_prepareSecuredCam(cc_taCert_F);
geoNetworkingPort.clear;
tc_ac.start;
alt {
[] geoNetworkingPort.receive
{
f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPduToBeSent));
tc_ac.stop;
log("*** " & testcasename() & ": INFO: Initial conditions: First CAM message with certificate received ***");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Initial conditions: CAM message with certificate not received ***");
f_selfOrClientSyncAndVerdictPreamble("error", e_timeout);
}
} // End of preamble 'alt' statement
// Test Body
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage_CAMs(
mw_header_field_request_unrecognized_certificate(
{ v_expectedHashedId3 }
))))) {
tc_ac.stop;
log("*** " & testcasename() & ": PASS: CAM received with request for unrecognized certificate");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage_CAMs
))) {
log("*** " & testcasename() & ": FAIL: CAM received without request for unrecognized certificate ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected CAM not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_CAM_12_01_BV
/**
* @desc Check that the Secured CAM contains exactly one non-empty payload of type signed.
*
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* }
* ensure that {
* when {
* the IUT is requested to send a CAM
* } then {
* the IUT sends a SecuredMessage {
* containing header_fields ['its_aid'] {
* containing its_aid
* indicating 'AID_CAM' (36)
* }
* containing payload_field
* containing exactly one element of type Payload {
* containing type
* indicating 'signed'
* containing not-empty data
* }
* }
* }
* }
*
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_SND_CAM_14_01_BV
* @reference ETSI TS 103 097 [1], clause 7.1
*/
testcase TC_SEC_ITSS_SND_CAM_14_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
// Test control
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage_CAMs(
?,
mw_payload(
e_signed
))))) {
tc_ac.stop;
log("*** " & testcasename() & ": PASS: CAM received with exactly 1 signed payload");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected CAM not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_CAM_14_01_BV
/**
* @desc Check that the secured CAM contains only one TrailerField of type signature.
* Check that the signature contained in the SecuredMessage is calculated over the right fields by cryptographically verifying the signature.
*
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* }
* ensure that {
* when {
* the IUT is requested to send a CAM
* } then {
* the IUT sends a SecuredMessage {
* containing header_fields ['signer_info'] {
* containing signer {
* containing type
* indicating 'certificate_digest_with_sha256'
* containing digest
* referenced to the certificate
* containing subject_info.subject_type
* indicating 'authorization_ticket' (2)
* and containing subject_attributes['verification key'] (KEY)
* }
* or containing signer {
* containing type
* indicating 'certificate'
* containing certificate
* containing subject_info.subject_type
* indicating 'authorization_ticket' (2)
* and containing subject_attributes['verification key'] (KEY)
* }
* }
* containing header_fields ['its_aid'] {
* containing its_aid
* indicating 'AID_CAM'
* }
* containing trailer_fields {
* containing single instance of type TrailerField {
* containing type
* indicating 'signature'
* containing signature
* verifiable using KEY
* }
* }
* }
* }
* }
*
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_SND_CAM_16_01_BV
* @reference ETSI TS 103 097 [1], clause 7.1
*/
testcase TC_SEC_ITSS_SND_CAM_16_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
const integer c_nbVerification := 3;
var integer v_nbVerification := 0;
var GeoNetworkingInd v_geoNwInd;
var SignerInfo v_signerInfo;
var Certificate v_certificate;
var boolean v_certificateReceived := false;
// Test control
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage_CAMs(
mw_header_field_signer_info_certificate
)))) -> value v_geoNwInd {
tc_ac.stop;
log("*** " & testcasename() & ": INFO: CAM message with certificate received ***");
f_getMsgSignerInfo(v_geoNwInd.msgIn.gnPacket.securedMsg, v_signerInfo);
v_certificate := v_signerInfo.signerInfo.certificate;
v_certificateReceived := true;
if (f_verifyGnSecuredMessageSignatureWithCertificate(v_geoNwInd.msgIn.gnPacket.securedMsg, v_certificate) == false) {
log("*** " & testcasename() & ": FAIL: CAM received with invalide signature");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
v_nbVerification := v_nbVerification + 1;
if (v_nbVerification < c_nbVerification) {
tc_ac.start;
repeat;
}
}
[v_certificateReceived == true] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage_CAMs(
mw_header_field_signer_info_digest
)))) -> value v_geoNwInd {
tc_ac.stop;
if (f_verifyGnSecuredMessageSignatureWithCertificate(v_geoNwInd.msgIn.gnPacket.securedMsg, v_certificate) == false) {
log("*** " & testcasename() & ": FAIL: CAM received with invalide signature");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
v_nbVerification := v_nbVerification + 1;
if (v_nbVerification < c_nbVerification) {
tc_ac.start;
repeat;
}
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected CAM not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
log("*** " & testcasename() & ": PASS: All CAMs received with correct signature");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_CAM_16_01_BV
} // End of group secCAMProfile
group secDENMProfile {
/**
* @desc Check that the secured DENM contains exactly one element of these header fields: signer_info, generation_time, generation_location, message_type.
* Check that the header fields are in the ascending order according to the numbering of the enumeration except of the signer_info, which is encoded first.
* Check that generation_time_with_confidence (generation_time_standard_deviation) is not used
*
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* }
* ensure that {
* when {
* the IUT is requested to send DENM
* } then {
* the IUT sends a SecuredMessage {
* containing header_fields[0]
* containing type
* indicating 'signer_info'
* containing header_fields [n].type
* indicating value less then header_fields [n+ 1].type
* containing header_fields ['generation_time']
* containing header_fields ['generation_location']
* containing header_fields ['its_aid'] {
* containing its_aid
* indicating 'AID_DENM'
* }
* not containing header_fields ['generation_time_with_confidence']
* }
* }
* }
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_SND_DENM_02_01_BV
* @reference ETSI TS 103 097 [1], clause 7.2
*/
testcase TC_SEC_ITSS_SND_DENM_02_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var GeoNetworkingInd v_geoNwInd;
var HeaderFields v_headersFields;
var ItsDenm v_denmComponent;
var integer v_previousHeaderType;
// Test control
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
v_denmComponent := f_triggerDenmEvent();
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage(
superset(
mw_header_field( e_signer_info ),
mw_header_field( e_generation_time ),
mw_header_field( e_generation_location ),
mw_header_field_its_aid_DENM
)
),
mw_geoNwAnyPacket_withPayload(
?
)))) -> value v_geoNwInd {
tc_ac.stop;
// Process header fields manually
v_headersFields := valueof(v_geoNwInd.msgIn.gnPacket.securedMsg.header_fields);
// Check that signerInfo is first header
if (lengthof(v_headersFields) < 1 or not match(v_headersFields[0].type_, e_signer_info)) {
log("*** " & testcasename() & ": FAIL: SignerInfo is not first header");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
v_previousHeaderType := enum2int(v_headersFields[0].type_);
for (var integer v_counter := 1; v_counter < lengthof(v_headersFields); v_counter := v_counter + 1) {
// Check forbidden header
// FIXME: 'generation_time_with_confidence' does not exist. is it e_generation_time_standard_deviation ?
if (match(v_headersFields[v_counter].type_, e_generation_time_standard_deviation)) {
log("*** " & testcasename() & ": FAIL: Forbidden header present");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
if (match(v_headersFields[v_counter].type_, e_signer_info)) {
log("*** " & testcasename() & ": FAIL: multiple instances of signer_info header");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
if (v_counter > 1 ) {
// Check that no header is duplicated
if (match(v_headersFields[v_counter].type_, v_previousHeaderType)) {
log("*** " & testcasename() & ": FAIL: multiple instances of the same header");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
// Check that headers are ordered
if (match(v_headersFields[v_counter].type_, integer:(0..v_previousHeaderType))) {
log("*** " & testcasename() & ": FAIL: headers are not in the correct order");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}
v_previousHeaderType := enum2int(v_headersFields[v_counter].type_);
} // End of 'for' statement
log("*** " & testcasename() & ": PASS: correct secured packet received");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
// DENM without mandatory fields
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage(
superset(
mw_header_field_its_aid_DENM
)
)))) {
log("*** " & testcasename() & ": FAIL: Secured DENM doesnt contain required headers");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected DENM not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_cancelDenmEvent(v_denmComponent);
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_DENM_02_01_BV
/**
* @desc Check that secured DENM contains the certificate as a signer_info
*
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* }
* ensure that {
* when {
* the IUT is requested to send a DENM
* } then {
* the IUT sends a SecuredMessage {
* containing header_fields['signer_info']{
* containing signer {
* containing type
* indicating 'certificate'
* containing certificate
* }
* }
* }
* }
* }
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_SND_DENM_03_01_BV
* @reference ETSI TS 103 097 [1], clause 7.2
*/
testcase TC_SEC_ITSS_SND_DENM_03_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var GeoNetworkingInd v_geoNwInd;
var HeaderFields v_headersFields;
var HeaderFieldType v_previousHeaderType;
var integer v_counter;
var ItsDenm v_denmComponent;
// Test control
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
v_denmComponent := f_triggerDenmEvent();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
v_counter := 0;
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage_DENMs(
mw_header_field_signer_info_certificate
),
mw_geoNwAnyPacket_withPayload(
?
)))) {
if (v_counter < 3) {
f_cancelDenmEvent(v_denmComponent);
v_counter := v_counter + 1;
v_denmComponent := f_triggerDenmEvent();
repeat;
} else {
tc_ac.stop;
log("*** " & testcasename() & ": PASS: DENM signed with certificate");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
}
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage_DENMs(
)))) {
tc_ac.stop;
log("*** " & testcasename() & ": FAIL: DENM signed with not a certificate");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected DENM not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_cancelDenmEvent(v_denmComponent);
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_DENM_03_01_BV
/**
* @desc Check that message generation time is inside the validity period of the signing certificate
* Check that message generation time value is realistic (according to values proposed in C2C SEC12)
*
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* }
* ensure that {
* when {
* the IUT is requested to send a DENM
* } then {
* the IUT sends a SecuredMessage {
* containing exactly one header_fields['generation_time'] {
* containing generation_time
* indicating TIME_1 (CUR_TIME - 10min <= TIME_1 <= CUR_TIME + 10min)
* }
* containing header_fields['signer_info'] {
* containing signer {
* containing type
* indicating 'certificate'
* containing certificate {
* containing validity_restrictions['time_start_and_end'] {
* containing start_validity
* indicating value <= TIME_1
* containing end_validity
* indicating value > TIME_1
* }
* or not containing validity_restrictions['time_start_and_end']
* }
* }
* }
* }
* }
* }
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_SND_DENM_04_01_BV
* @reference ETSI TS 103 097 [1], clauses 5.4 and 7.2
*/
testcase TC_SEC_ITSS_SND_DENM_04_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
const integer c_timeLimit := 10 * 60 * 1000000; // us
var GeoNetworkingInd v_geoNwInd;
var HeaderField v_headerField;
var Time64 v_generationTime;
var Time64 v_curTime;
var Time64 v_startTime, v_endTime;
var Certificate v_cert;
var ItsDenm v_denmComponent;
// Test control
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
v_denmComponent := f_triggerDenmEvent();
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage(
superset(
mw_header_field(
e_generation_time
),
mw_header_field_signer_info_certificate,
mw_header_field_its_aid_DENM
)
),
mw_geoNwAnyPacket_withPayload(
?
)))) -> value v_geoNwInd {
tc_ac.stop;
v_curTime := f_getCurrentTime();
v_curTime := v_curTime * 1000; // Time64 is in microseconds
// log("v_curTime (us)=", v_curTime);
if (f_getMsgHeaderField(v_geoNwInd.msgIn.gnPacket.securedMsg, e_generation_time, v_headerField)) {
v_generationTime := v_headerField.headerField.generation_time;
// log("v_generationTime (us) = ", v_generationTime);
if (not match(v_generationTime, Time64:(v_curTime-c_timeLimit, v_curTime+c_timeLimit))){
log("*** " & testcasename() & ": FAIL: DENM generation time is not in 10 min range");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
// Check that generation time is inside the certificate validation period
if (f_getMsgHeaderField(v_geoNwInd.msgIn.gnPacket.securedMsg,
e_signer_info, v_headerField)) {
v_cert := v_headerField.headerField.signer.signerInfo.certificate;
for (var integer v_counter := 0; v_counter < lengthof(v_cert.validity_restrictions); v_counter := v_counter + 1) {
if (v_cert.validity_restrictions[v_counter].type_ == e_time_end) {
v_endTime := v_cert.validity_restrictions[v_counter].validity.end_validity * 1000000;
if (not match(v_generationTime, Time64:(0 .. v_endTime))){
log("*** " & testcasename() & ": FAIL: DENM generation time is not inside the validity of the certificate");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}
if (v_cert.validity_restrictions[v_counter].type_ == e_time_start_and_end) {
v_endTime := v_cert.validity_restrictions[v_counter].validity.time_start_and_end.end_validity * 1000000;
v_startTime := v_cert.validity_restrictions[v_counter].validity.time_start_and_end.start_validity * 1000000;
if (not match(v_generationTime, Time64:(v_startTime .. v_endTime))){
log("*** " & testcasename() & ": FAIL: DENM generation time is not inside the validity of the certificate");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}
} // End of 'for' statement
log("*** " & testcasename() & ": PASS: DENM generation time is inside the validity of the certificate");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
}
}
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage_DENMs(
)))) {
tc_ac.stop;
log("*** " & testcasename() & ": FAIL: Invalid DENM received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected DENM not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_cancelDenmEvent(v_denmComponent);
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_DENM_04_01_BV
/**
* @desc Check that the secured DENM contains exactly one HeaderField generation_location when AT certificate does not contain any region restrictions
*
* Pics Selection: PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION
* Config Id: CF01
* with {
* the IUT has been authorized with the AT certificate (CERT_IUT_A)
* not containing validity_restrictions['region']
* }
* ensure that {
* when {
* the IUT is requested to send DENM
* } then {
* the IUT sends a SecuredMessage {
* containing exactly one header_fields ['generation_location']
* containing generation_location
* containing header_fields ['its_aid'] {
* containing its_aid
* indicating 'AID_DENM'
* }
* }
* }
* }
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_SND_DENM_05_01_BV
* @reference ETSI TS 103 097 [1], clause 7.2
*/
testcase TC_SEC_ITSS_SND_DENM_05_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var ItsDenm v_denmComponent;
// Test control
if (not(PICS_GN_SECURITY) or not(PICS_CERTIFICATE_SELECTION)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
// CERT_IUT_A is the default one
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
v_denmComponent := f_triggerDenmEvent();
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage_DENMs(
mw_header_field_signer_info_certificate(
mw_certificate(
?,
?,
?,
superset(
mw_validity_restriction_any_valid_region
))))))) {
log("*** " & testcasename() & ": INFO: Skip DENM containing region restrictions ***");
repeat;
}
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage(
superset(
mw_header_field(
e_generation_location
),
mw_header_field_signer_info_certificate,
mw_header_field_its_aid_DENM
))))) {
// The certificate doesn't contain region restrictions because such messages was catched before
tc_ac.stop;
log("*** " & testcasename() & ": PASS: DENM contains generation location ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage_DENMs(
mw_header_field_signer_info_certificate
)))) {
// the message does not contain generation location
tc_ac.stop;
log("*** " & testcasename() & ": PASS: DENM contains generation location ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage_DENMs(
)))) {
tc_ac.stop;
log("*** " & testcasename() & ": FAIL: DENM doesn't contain generation location ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected DENM not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
// Cancel DENM events
f_cancelDenmEvent(v_denmComponent);
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_DENM_05_01_BV
function f_TC_SEC_ITSS_SND_DENM_05_BV(
in template GeographicRegion p_region := ?
) runs on ItsGeoNetworking {
// Local variables
var GeoNetworkingInd v_geoNwInd;
var ItsDenm v_denmComponent;
// Trigger DENM
v_denmComponent := f_triggerDenmEvent();
tc_ac.start;
alt {
// DENM contains generation location and certificate with region restrictions
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage(
superset(
mw_header_field(
e_generation_location
),
mw_header_field_signer_info_certificate(
mw_certificate(
?,
?,
?,
superset(
mw_validity_restriction_region(
p_region
)
)
)
),
mw_header_field_its_aid_DENM
))))) -> value v_geoNwInd {
var ValidityRestriction v_vr;
var HeaderField v_hf;
tc_ac.stop;
// check that generation location is inside the circular region of the certificate
if (f_getMsgHeaderField(v_geoNwInd.msgIn.gnPacket.securedMsg, e_generation_location, v_hf)
and f_getCertificateValidityRestriction(v_geoNwInd.msgIn.gnPacket.securedMsg.header_fields[0].headerField.signer.signerInfo.certificate, e_region, v_vr)
) {
if (f_isLocationInsideRegion(v_vr.validity.region, v_hf.headerField.generation_location)) {
log("*** " & testcasename() & ": PASS: DENM contains generation location inside the certificate validity region ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}else{
log("*** " & testcasename() & ": FAIL: DENM contains generation location outside the certificate validity region ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
} else {
log("*** " & testcasename() & ": FAIL: IMPOSSIBLE!!! DENM generation location or certificate region restriction header field does not exist");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}
// DENM signing certificate doesn't contains region restriction
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage(
superset(
mw_header_field_its_aid_DENM,
mw_header_field(e_generation_location),
mw_header_field_signer_info_certificate(
mw_certificate(
?,
?,
?,
{ } // DENM signing certificate doesn't 'contains region restriction
)
)
))))) {
tc_ac.stop;
log("*** " & testcasename() & ": INCONC: DENM certificate doesn't contain region restriction");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage_DENMs(
)))) {
tc_ac.stop;
log("*** " & testcasename() & ": FAIL: DENM doesn't contain generation location ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected DENM not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
f_cancelDenmEvent(v_denmComponent);
} // End of function f_TC_SEC_ITSS_SND_DENM_05_BV
/**
* @desc Check that the secured DENM contains exactly one HeaderField generation_location
* which is inside the circular region containing in the validity restriction of the
* certificate pointed by the signer_info field
*
* Pics Selection: PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_CIRCULAR_REGION
* Config Id: CF01
* with {
* the IUT has been authorized with the AT certificate (CERT_IUT_B) {
* containing validity_restrictions ['region'] {
* containing region{
* containing region_type
* indicating 'circle'
* containing circular_region
* indicating REGION
* }
* }
* }
* }
* ensure that {
* when {
* the IUT is requested to send a DENM
* } then {
* the IUT sends a SecuredMessage {
* containing exactly one header_fields ['generation_location']
* containing generation_location
* indicating value inside the REGION
* containing header_fields ['its_aid'] {
* containing its_aid
* indicating 'AID_DENM'
* }
* }
* }
* }
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_SND_DENM_05_02_BV
* @reference ETSI TS 103 097 [1], clause 7.2
*/
testcase TC_SEC_ITSS_SND_DENM_05_02_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
// Test control
if (not(PICS_GN_SECURITY) or not(PICS_CERTIFICATE_SELECTION) or not(PICS_USE_CIRCULAR_REGION)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
vc_hashedId8ToBeUsed := cc_iutCert_B;
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
f_TC_SEC_ITSS_SND_DENM_05_BV(mw_geographicRegion_circle);
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_DENM_05_02_BV
/**
* @desc Check that the secured DENM contains exactly one HeaderField generation_location
* which is inside the rectangular region containing in the validity restriction
* of the certificate pointed by the signer_info field
*
* Pics Selection: PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_RECTANGULAR_REGION
* Config Id: CF01
* with {
* the IUT has been authorized with the AT certificate (CERT_IUT_C) {
* containing validity_restrictions ['region'] {
* containing region{
* containing region_type
* indicating 'rectangle'
* containing rectangular_region
* indicating REGION
* }
* }
* }
* }
* ensure that {
* when {
* the IUT is requested to send a DENM
* } then {
* the IUT sends a SecuredMessage {
* containing exactly one header_field ['generation_location']
* containing generation_location
* indicating value inside the REGION
* containing header_field ['its_aid'] {
* containing its_aid
* indicating 'AID_DENM'
* }
* }
* }
* }
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_SND_DENM_05_03_BV
* @reference ETSI TS 103 097 [1], clause 7.2
*/
testcase TC_SEC_ITSS_SND_DENM_05_03_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
// Test control
if (not(PICS_GN_SECURITY) or not(PICS_CERTIFICATE_SELECTION) or not(PICS_USE_RECTANGULAR_REGION)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
vc_hashedId8ToBeUsed := cc_iutCert_C;
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
f_TC_SEC_ITSS_SND_DENM_05_BV(mw_geographicRegion_rectangular);
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_DENM_05_03_BV
/**
* @desc Check that the secured DENM contains exactly one HeaderField generation_location
* which is inside the polygonal region containing in the validity restriction
* of the certificate pointed by the signer_info field
*
* Pics Selection: PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_POLYGONAL_REGION
* Config Id: CF01
* with {
* the IUT has been authorized with the AT certificate (CERT_IUT_D) {
* containing validity_restrictions ['region'] {
* containing region{
* containing region_type
* indicating 'polygon'
* containing polygonal_region
* indicating REGION
* }
* }
* }
* }
* ensure that {
* when {
* the IUT is requested to send a DENM
* } then {
* the IUT sends a SecuredMessage {
* containing exactly one header_field ['generation_location']
* containing generation_location
* indicating value inside the REGION
* containing header_field ['its_aid'] {
* containing its_aid
* indicating 'AID_DENM'
* }
* }
* }
* }
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_SND_DENM_05_04_BV
* @reference ETSI TS 103 097 [1], clause 7.2
*/
testcase TC_SEC_ITSS_SND_DENM_05_04_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variablesl
// Test control
if (not(PICS_GN_SECURITY) or not(PICS_CERTIFICATE_SELECTION) or not(PICS_USE_POLYGONAL_REGION)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
vc_hashedId8ToBeUsed := cc_iutCert_D;
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
f_TC_SEC_ITSS_SND_DENM_05_BV(mw_geographicRegion_polygonal);
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_DENM_05_04_BV
/**
* @desc Check that the secured DENM contains exactly one HeaderField generation_location
* which is inside the identified region containing in the validity restriction
* of the certificate pointed by the signer_info field
*
* Pics Selection: PICS_GN_SECURITY and PICS_USE_IDENTIFIED_REGION and PICS_CERTIFICATE_SELECTION
* Config Id: CF01
* with {
* the IUT has been authorized with the AT certificate (CERT_IUT_E) {
* containing validity_restrictions ['region'] {
* containing region{
* containing region_type
* indicating 'id_region'
* containing identified_region
* indicating REGION
* }
* }
* }
* }
* ensure that {
* when {
* the IUT is requested to send a DENM
* } then {
* the IUT sends a SecuredMessage {
* containing exactly one header_fields ['generation_location'] {
* containing generation_location
* indicating value inside the REGION
* containing header_fields ['its_aid'] {
* containing its_aid
* indicating 'AID_DENM'
* }
* }
* }
* }
* }
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_SND_DENM_05_05_BV
* @reference ETSI TS 103 097 [1], clause 7.2
*/
testcase TC_SEC_ITSS_SND_DENM_05_05_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
// Test control
if (not(PICS_GN_SECURITY) or not(PICS_USE_IDENTIFIED_REGION) or not(PICS_CERTIFICATE_SELECTION)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
vc_hashedId8ToBeUsed := cc_iutCert_E;
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
f_TC_SEC_ITSS_SND_DENM_05_BV(mw_geographicRegion_identified);
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_DENM_05_05_BV
/**
* @desc Check that the secured DENM contains exactly one HeaderField generation_location
* which is inside the region containing in the validity restriction
* of the certificate pointed by the signer_info field
*
* Pics Selection: PICS_GN_SECURITY and PICS_USE_IDENTIFIED_REGION and PICS_CERTIFICATE_SELECTION
* Config Id: CF01
* with {
* the IUT being in the 'authorized' state
* }
* ensure that {
* when {
* the IUT is requested to send a DENM
* } then {
* the IUT sends a SecuredMessage {
* containing header_fields['signed_info'].certificate {
* containing validity_restrictions ['region']
* {
* containing region.region_type
* indicating 'circle'
* containing region.circular_region
* indicating REGION
* } or {
* containing region.region_type
* indicating 'rectangle'
* containing region.rectangular_region
* containing array of rectangles
* indicating REGION
* } or {
* containing region.region_type
* indicating 'polygonal'
* containing region.polygonal_region
* indicating REGION
* } or {
* containing region.region_type
* indicating 'id_region'
* containing region.circular_region
* indicating REGION
* }
* }
* containing exactly one header_fields['generation_location']
* containing generation_location
* indicating location inside the REGION
* containing header_fields ['its_aid'] {
* containing its_aid
* indicating 'AID_DENM'
* }
* }
* }
* }
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_SND_DENM_05_06_BV
* @reference ETSI TS 103 097 [1], clause 7.2
*/
testcase TC_SEC_ITSS_SND_DENM_05_06_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
// Test control
if (not(PICS_GN_SECURITY) or not(PICS_USE_IDENTIFIED_REGION) or not(PICS_CERTIFICATE_SELECTION)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
vc_hashedId8ToBeUsed := cc_iutCert_B;
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
f_TC_SEC_ITSS_SND_DENM_05_BV(); // any type of regions
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_DENM_05_06_BV
/**
* @desc Check that the sent Secured DENM contains exactly one HeaderField its_aid that is set to 'AID_DENM'
*
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* }
* Expected results:
* ensure that {
* when {
* the IUT is requested to send a DENM
* } then {
* the IUT sends a SecuredMessage {
* containing header_fields ['its_aid'] {
* containing its_aid
* indicating 'AID_DENM' (37)
* }
* }
* }
* }
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_SND_DENM_06_01_BV
* @reference ETSI TS 103 097 [1], clauses 5.4 and 7.2
*/
testcase TC_SEC_ITSS_SND_DENM_06_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var ItsDenm v_denmComponent;
// Test control
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
v_denmComponent := f_triggerDenmEvent();
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage_DENMs
))) {
log("*** " & testcasename() & ": PASS: DENM ITS AID is right");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage_CAMs
))) {
log("*** " & testcasename() & ": INFO: Skip CAM");
repeat;
}
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage
))) {
log("*** " & testcasename() & ": FAIL: DENM ITS AID is wrong");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected DENM not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_cancelDenmEvent(v_denmComponent);
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_DENM_06_01_BV
/**
* @desc Check that the Secured DENM contains exactly one non-empty payload of type signed
*
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* }
* Expected results:
* ensure that {
* when {
* the IUT is requested to send a DENM
* } then {
* the IUT sends a SecuredMessage {
* containing header_fields ['its_aid'] {
* containing its_aid
* indicating 'AID_DENM'
* }
* containing payload_field
* containing exactly one element of type Payload {
* containing type
* indicating 'signed'
* containing not-empty data
* }
* }
* }
* }
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_SND_DENM_08_01_BV
* @reference ETSI TS 103 097 [1], clause 7.2
*/
testcase TC_SEC_ITSS_SND_DENM_08_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var ItsDenm v_denmComponent;
// Test control
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
v_denmComponent := f_triggerDenmEvent();
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage_DENMs(
?,
mw_payload(e_signed)
)))) {
log("*** " & testcasename() & ": PASS: DENM payload is 'signed'");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage_DENMs(
?,
mw_payload()
)))) {
log("*** " & testcasename() & ": FAIL: DENM payload is not 'signed'");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage_DENMs
))) {
log("*** " & testcasename() & ": FAIL: DENM payload is not exist");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected DENM not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_cancelDenmEvent(v_denmComponent);
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_DENM_08_01_BV
/**
* @desc Check that the secured DENM contains only one TrailerField of type signature.
* Check that the signature contained in the SecuredMessage is calculated
* over the right fields by cryptographically verifying the signature.
*
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* }
* ensure that {
* when {
* the IUT is requested to send DENM
* } then {
* the IUT sends a SecuredMessage {
* containing header_field ['signer_info'] {
* containing signer {
* containing type
* indicating 'certificate'
* containing certificate
* containing subject_info.subject_type
* indicating 'authorization_ticket' (2)
* and containing subject_attributes['verification key'] (KEY)
* }
* }
* containing header_field ['its_aid'] {
* containing its_aid
* indicating 'AID_DENM'
* }
* containing trailer_fields {
* containing single instance of type TrailerField {
* containing type
* indicating 'signature'
* containing signature
* verifiable using KEY
* }
* }
* }
* }
* }
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_SND_DENM_10_01_BV
* @reference ETSI TS 103 097 [1], clause 7.2
*/
testcase TC_SEC_ITSS_SND_DENM_10_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var GeoNetworkingInd v_geoNwInd;
var SignerInfo v_signerInfo;
var Certificate v_certificate;
var ItsDenm v_denmComponent;
// Test control
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
// Preamble
f_prNeighbour();
v_denmComponent := f_triggerDenmEvent();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage_DENMs(
mw_header_field_signer_info_certificate
)))) -> value v_geoNwInd {
tc_ac.stop;
log("*** " & testcasename() & ": INFO: DENM message with certificate received ***");
f_getMsgSignerInfo(v_geoNwInd.msgIn.gnPacket.securedMsg, v_signerInfo);
if (f_verifyGnSecuredMessageSignatureWithCertificate(v_geoNwInd.msgIn.gnPacket.securedMsg, v_signerInfo.signerInfo.certificate) == false) {
log("*** " & testcasename() & ": FAIL: DENM received with invalide signature");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage_DENMs
))) {
log("*** " & testcasename() & ": FAIL: DENM doesn't contain signature");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected DENM not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
log("*** " & testcasename() & ": PASS: DENM received with correct signature");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
// Postamble
f_cancelDenmEvent(v_denmComponent);
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_DENM_10_01_BV
} // End of group secDENMProfile
group secOtherProfile {
/**
* @desc Check that the generic secured message contains exactly one element of these header fields:
* signer_info, generation_time, generation_location.
* Check that the header fields are in the ascending order according to the numbering of the enumeration
* except of the signer_info, which is encoded first.
*
* Pics Selection: PICS_GN_SECURITY and PICS_ITS_AID_OTHER_PROFILE
* Config Id: CF01
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* }
* Expected Results:
* ensure that {
* when {
* the IUT is requested to send a Beacon
* } then {
* the IUT sends a SecuredMessage {
* containing header_fields [0].type
* indicating 'signer_info'
* containing header_fields [1..n]
* where header_fields [v_counter].type < header_fields [v_counter + 1].type
* containing header_fields ['generation_time']
* containing header_fields ['generation_location']
* not containing header_field ['its_aid']
* indicating 'AID_CAM'
* not containing header_field ['its_aid']
* indicating 'AID_DENM'
* }
* }
* }
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_SND_GENMSG_02_01_BV
* @reference ETSI TS 103 097 [1], clause 7.3
*/
testcase TC_SEC_ITSS_SND_GENMSG_02_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var LongPosVector v_longPosVectorIut;
var GeoNetworkingInd v_geoNwInd;
var HeaderFields v_headersFields;
var HeaderFieldType v_previousHeaderType;
var integer v_counter;
// Test control
if (not(PICS_GN_SECURITY) or not(PICS_ITS_AID_OTHER_PROFILE)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_ITS_AID_OTHER_PROFILE' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
v_longPosVectorIut := f_getPosition(c_compIut);
// Test adapter configuration
// Preamble
f_prNeighbour();
f_acTriggerEvent(m_startPassBeaconing(m_beaconHeader(v_longPosVectorIut).beaconHeader)); // Authorize the TA to forward the received beacons
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage(
superset(
mw_header_field(e_generation_time),
mw_header_field(e_generation_location),
mw_header_field_its_aid_Other
)
),
mw_geoNwBeaconPacket(
?
)))) -> value v_geoNwInd {
tc_ac.stop;
// Process header fields manually
v_headersFields := valueof(v_geoNwInd.msgIn.gnPacket.securedMsg.header_fields);
// Check that signerInfo is first header
if (lengthof(v_headersFields) < 1 or not match(v_headersFields[0].type_, e_signer_info)) {
log("*** " & testcasename() & ": FAIL: SignerInfo is not first header");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
for (v_counter := 1; v_counter < lengthof(v_headersFields); v_counter := v_counter + 1) {
// Check that no header is duplicated
if (match(v_headersFields[v_counter].type_, e_signer_info)) {
log("*** " & testcasename() & ": FAIL: multiple instances of signer_info");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
if (v_counter > 1) {
// Check that headers are ordered
if (v_headersFields[v_counter].type_ == v_previousHeaderType) {
log("*** " & testcasename() & ": FAIL: multiple instances of same Header");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
if (v_headersFields[v_counter].type_ < v_previousHeaderType) {
log("*** " & testcasename() & ": FAIL: headers not in correct order");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}
v_previousHeaderType := v_headersFields[v_counter].type_;
} // End of 'for' statement
log("*** " & testcasename() & ": PASS: correct secured packet received");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected DENM not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_acTriggerEvent(m_stopPassBeaconing);
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_GENMSG_02_01_BV
/**
* @desc Check that generic secured message contains the certificate as a signer_info
*
* Pics Selection: PICS_GN_SECURITY and PICS_ITS_AID_OTHER_PROFILE
* Config Id: CF01
* Initial Conditions:
* with {
* the IUT being in the 'authorized' state
* }
* Expected Behaviour
* ensure that {
* when {
* the IUT is requested to send a Beacon
* } then {
* the IUT sends a SecuredMessage {
* containing exactly one header_fields ['signer_info'] {
* containing signer {
* containing type
* indicating 'certificate'
* containing certificate
* }
* }
* not containing header_field ['its_aid']
* indicating 'AID_CAM'
* not containing header_field ['its_aid']
* indicating 'AID_DENM'
* }
* }
* }
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_SND_GENMSG_03_01_BV
* @reference ETSI TS 103 097 [1], clause 7.3
*/
testcase TC_SEC_ITSS_SND_GENMSG_03_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var LongPosVector v_longPosVectorIut;
// Test control
if (not(PICS_GN_SECURITY) or not(PICS_ITS_AID_OTHER_PROFILE)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_ITS_AID_OTHER_PROFILE' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
v_longPosVectorIut := f_getPosition(c_compIut);
// Test adapter configuration
// Preamble
f_prNeighbour();
f_acTriggerEvent(m_startPassBeaconing(m_beaconHeader(v_longPosVectorIut).beaconHeader)); // Authorize the TA to forward the received beacons
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage_Others(
mw_header_field_signer_info_certificate
),
mw_geoNwBeaconPacket(
?
)))) {
tc_ac.stop;
log("*** " & testcasename() & ": PASS: Beacon signed with certificate ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage_Others(
mw_header_field(
e_signer_info
)
),
mw_geoNwBeaconPacket(
?
)))) {
log("*** " & testcasename() & ": INFO: Beacon signed with digest ***");
repeat;
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected Beacon not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_acTriggerEvent(m_stopPassBeaconing);
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_GENMSG_03_01_BV
/**
* @desc Check that message generation time is inside the validity period of the signing certificate
* Check that message generation time value is realistic (according to values proposed in C2C SEC12)
*
* Pics Selection: PICS_GN_SECURITY and PICS_ITS_AID_OTHER_PROFILE
* Config Id: CF01
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* }
* Expected behaviour:
* ensure that {
* when {
* the IUT is requested to send a Beacon
* } then {
* the IUT sends a SecuredMessage {
* containing exactly one header_fields['generation_time'] {
* containing generation_time
* indicating TIME_1 (CUR_TIME - 10min <= TIME_1 <= CUR_TIME + 10min)
* }
* containing header_fields['signer_info'] {
* containing signer {
* containing type
* indicating 'certificate'
* containing certificate {
* containing validity_restrictions['time_start_and_end'] {
* containing start_validity
* indicating value <= TIME_1
* containing end_validity
* indicating value > TIME_1
* }
* or not containing validity_restrictions['time_start_and_end']
* }
* }
* }
* }
* }
* }
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_SND_GENMSG_04_01_BV
* @reference ETSI TS 103 097 [1], clauses 5.4 and 7.3
*/
testcase TC_SEC_ITSS_SND_GENMSG_04_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var LongPosVector v_longPosVectorIut;
var GeoNetworkingInd v_geoNwInd;
var HeaderField v_headerField;
var Time64 v_generationTime;
var Time64 v_curTime;
var Time64 v_startTime, v_endTime;
var Certificate v_cert;
var integer v_counter;
// Test control
if (not(PICS_GN_SECURITY) or not(PICS_ITS_AID_OTHER_PROFILE)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_ITS_AID_OTHER_PROFILE' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
v_longPosVectorIut := f_getPosition(c_compIut);
// Test adapter configuration
// Preamble
f_prNeighbour();
f_acTriggerEvent(m_startPassBeaconing(m_beaconHeader(v_longPosVectorIut).beaconHeader)); // Authorize the TA to forward the received beacons
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage(
superset(
mw_header_field(
e_generation_time
),
mw_header_field_signer_info_certificate,
mw_header_field_its_aid_Other
)
),
mw_geoNwBeaconPacket(
?
)
)
)) -> value v_geoNwInd {
const integer c_deltaTime := 2 * 3600 * 1000000; // Two hours, in microsecoonds
tc_ac.stop;
v_curTime := f_getCurrentTime();
v_curTime := v_curTime * 1000; // Clause 4.2.16 Time64: is in microseconds
if (
f_getMsgHeaderField(
v_geoNwInd.msgIn.gnPacket.securedMsg,
e_generation_time,
v_headerField
)) {
v_generationTime := v_headerField.headerField.generation_time;
log("v_generationTime=", v_generationTime);
log("v_curTime=", v_curTime);
log("v_curTime - c_deltaTime=", v_curTime - c_deltaTime);
if (v_generationTime < (v_curTime - c_deltaTime)) {
log("*** " & testcasename() & ": FAIL: Beacon generation time is too far in the past");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
if (v_generationTime > (v_curTime + c_deltaTime)) {
log("*** " & testcasename() & ": FAIL: Beacon generation time is too far in the future");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
// Check that generation time is inside the certificate validation period
if (
f_getMsgHeaderField(
v_geoNwInd.msgIn.gnPacket.securedMsg,
e_signer_info,
v_headerField
)) {
v_cert := v_headerField.headerField.signer.signerInfo.certificate;
for (v_counter := 0; v_counter < lengthof(v_cert.validity_restrictions); v_counter := v_counter + 1) {
if (v_cert.validity_restrictions[v_counter].type_ == e_time_end) {
v_endTime := v_cert.validity_restrictions[v_counter].validity.end_validity * 1000000;
if (v_generationTime > v_endTime ) {
log("*** " & testcasename() & ": FAIL: Beacon generation time is not inside the validity of the certificate");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}
if (v_cert.validity_restrictions[v_counter].type_ == e_time_start_and_end) {
v_endTime := v_cert.validity_restrictions[v_counter].validity.time_start_and_end.end_validity * 1000000;
v_startTime := v_cert.validity_restrictions[v_counter].validity.time_start_and_end.start_validity * 1000000;
if (v_generationTime < v_startTime or v_generationTime > v_endTime ) {
log("*** " & testcasename() & ": FAIL: Beacon generation time is not inside the validity of the certificate");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}
} // End of 'for' statement
log("*** " & testcasename() & ": PASS: Beacon generation time is inside the validity of the certificate");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
} else {
log("*** " & testcasename() & ": INCONC: DENM signer info is not available");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected Beacon not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_acTriggerEvent(m_stopPassBeaconing);
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_GENMSG_04_01_BV
/**
* @desc Check that the secured GN Beacon contains exactly one HeaderField generation_location
* when AT certificate does not contain any region restrictions
*
* Pics Selection: PICS_GN_SECURITY and PICS_ITS_AID_OTHER_PROFILE and PICS_CERTIFICATE_SELECTION
* Config Id: CF01
* with {
* the IUT has been authorized with the AT certificate (CERT_IUT_A)
* not containing validity_restrictions['region']
* }
* ensure that {
* when {
* the IUT is requested to send a Beacon
* } then {
* the IUT sends a SecuredMessage {
* containing exactly one header_fields ['generation_location']
* containing generation_location
* not containing header_field ['its_aid']
* indicating 'AID_CAM'
* not containing header_field ['its_aid']
* indicating 'AID_DENM'
* }
* }
* }
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_SND_GENMSG_05_01_BV
* @reference ETSI TS 103 097 [1], clause 7.3
*/
testcase TC_SEC_ITSS_SND_GENMSG_05_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var LongPosVector v_longPosVectorIut;
// Test control
if (not(PICS_GN_SECURITY) or not(PICS_ITS_AID_OTHER_PROFILE) or not(PICS_CERTIFICATE_SELECTION)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY', 'PICS_ITS_AID_OTHER_PROFILE' and 'PICS_CERTIFICATE_SELECTION' required for executing the TC ***");
stop;
}
// Test component configuration
// CERT_IUT_A is the default one
f_cf01Up();
v_longPosVectorIut := f_getPosition(c_compIut);
// Test adapter configuration
// Preamble
f_prNeighbour();
f_acTriggerEvent(m_startPassBeaconing(m_beaconHeader(v_longPosVectorIut).beaconHeader)); // Authorize the TA to forward the received beacons
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(mw_geoNwSecPdu(
mdw_securedMessage_Others(
mw_header_field_signer_info_certificate(
mw_certificate(
?,
?,
?,
superset(
mw_validity_restriction_any_valid_region
))))))) {
log("*** " & testcasename() & ": INFO: Skip DENM containing region restrictions ***");
repeat;
}
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage(
superset(
mw_header_field(
e_generation_location
),
mw_header_field_signer_info_certificate,
complement(
mw_header_field_its_aid_CAM,
mw_header_field_its_aid_DENM
)
))))) {
// The certificate doesn't contain region restrictions because such messages was catched before
tc_ac.stop;
log("*** " & testcasename() & ": PASS: DENM contains generation location ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage_Others(
mw_header_field_signer_info_certificate
)))) {
// The message does not contain generation location
tc_ac.stop;
log("*** " & testcasename() & ": PASS: DENM contains generation location ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected DENM not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_acTriggerEvent(m_stopPassBeaconing);
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_GENMSG_05_01_BV
/**
* @desc Check that the secured GN Beacon contains exactly one HeaderField generation_location
* which is inside the circular region containing in the validity restriction of the
* certificate pointed by the signer_info field
*
* Pics Selection: PICS_GN_SECURITY and PICS_ITS_AID_OTHER_PROFILE and PICS_CERTIFICATE_SELECTION and PICS_USE_CIRCULAR_REGION
* Config Id: CF01
* with {
* the IUT has been authorized with the AT certificate (CERT_IUT_B) {
* containing validity_restrictions ['region'] {
* containing region{
* containing region_type
* indicating 'circle'
* containing circular_region
* indicating REGION
* }
* }
* }
* }
* ensure that {
* when {
* the IUT is requested to send a GN Beacon
* } then {
* the IUT sends a SecuredMessage {
* containing exactly one header_fields ['generation_location']
* containing generation_location
* indicating value inside the REGION
* not containing header_field ['its_aid']
* indicating 'AID_CAM'
* not containing header_field ['its_aid']
* indicating 'AID_DENM'
* }
* }
* }
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_SND_GENMSG_05_02_BV
* @reference ETSI TS 103 097 [1], clause 7.3
*/
testcase TC_SEC_ITSS_SND_GENMSG_05_02_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var LongPosVector v_longPosVectorIut;
// Test control
if (not(PICS_GN_SECURITY) or not(PICS_ITS_AID_OTHER_PROFILE) or not(PICS_CERTIFICATE_SELECTION) or not(PICS_USE_CIRCULAR_REGION)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_ITS_AID_OTHER_PROFILE' required for executing the TC ***");
stop;
}
// Test component configuration
vc_hashedId8ToBeUsed := cc_iutCert_B;
f_cf01Up();
v_longPosVectorIut := f_getPosition(c_compIut);
// Test adapter configuration
// Preamble
f_prNeighbour();
f_acTriggerEvent(m_startPassBeaconing(m_beaconHeader(v_longPosVectorIut).beaconHeader)); // Authorize the TA to forward the received beacons
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
f_TC_SEC_ITSS_SND_GENMSG_05_BV(mw_geographicRegion_circle);
// Postamble
f_acTriggerEvent(m_stopPassBeaconing);
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_GENMSG_05_02_BV
/**
* @desc Check that the secured GN Beacon contains exactly one HeaderField generation_location
* which is inside the rectangular region containing in the validity restriction
* of the certificate pointed by the signer_info field
*
* Pics Selection: PICS_GN_SECURITY and PICS_ITS_AID_OTHER_PROFILE and PICS_CERTIFICATE_SELECTION and PICS_USE_RECTANGULAR_REGION
* Config Id: CF01
* with {
* the IUT has been authorized with the AT certificate (CERT_IUT_C) {
* containing validity_restrictions ['region'] {
* containing region{
* containing region_type
* indicating 'rectangle'
* containing rectangular_region
* indicating REGION
* }
* }
* }
* }
* ensure that {
* when {
* the IUT is requested to send a DENM
* } then {
* the IUT sends a SecuredMessage {
* containing exactly one header_fields ['generation_location']
* containing generation_location
* indicating value inside the REGION
* not containing header_field ['its_aid']
* indicating 'AID_CAM'
* not containing header_field ['its_aid']
* indicating 'AID_DENM'
* }
* }
* }
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_SND_GENMSG_05_03_BV
* @reference ETSI TS 103 097 [1], clause 7.3
*/
testcase TC_SEC_ITSS_SND_GENMSG_05_03_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var LongPosVector v_longPosVectorIut;
// Test adapter configuration
if (not(PICS_GN_SECURITY) or not(PICS_ITS_AID_OTHER_PROFILE) or not(PICS_CERTIFICATE_SELECTION) or not(PICS_USE_RECTANGULAR_REGION)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_ITS_AID_OTHER_PROFILE' required for executing the TC ***");
stop;
}
// Test component configuration
vc_hashedId8ToBeUsed := cc_iutCert_C; // Load IUT certificate CERT_IUT_C
f_cf01Up();
v_longPosVectorIut := f_getPosition(c_compIut);
// Test adapter configuration
// Preamble
f_prNeighbour();
f_acTriggerEvent(m_startPassBeaconing(m_beaconHeader(v_longPosVectorIut).beaconHeader)); // Authorize the TA to forward the received beacons
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
f_TC_SEC_ITSS_SND_GENMSG_05_BV(mw_geographicRegion_rectangular);
// Postamble
f_acTriggerEvent(m_stopPassBeaconing);
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_GENMSG_05_03_BV
/**
* @desc Check that the secured GN Message contains exactly one HeaderField generation_location
* which is inside the polygonal region containing in the validity restriction
* of the certificate pointed by the signer_info field
*
* Pics Selection: PICS_GN_SECURITY and PICS_ITS_AID_OTHER_PROFILE and PICS_CERTIFICATE_SELECTION and PICS_USE_POLYGONAL_REGION
* Config Id: CF01
* with {
* the IUT has been authorized with the AT certificate (CERT_AT_D) {
* containing validity_restrictions ['region'] {
* containing region{
* containing region_type
* indicating 'polygon'
* containing polygonal_region
* indicating REGION
* }
* }
* }
* }
* ensure that {
* when {
* the IUT is requested to send a Beacon
* } then {
* the IUT sends a SecuredMessage {
* containing exactly one header_fields ['generation_location']
* containing generation_location
* indicating value inside the REGION
* not containing header_field ['its_aid']
* indicating 'AID_CAM'
* not containing header_field ['its_aid']
* indicating 'AID_DENM'
* }
* }
* }
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_SND_GENMSG_05_04_BV
* @reference ETSI TS 103 097 [1], clause 7.3
*/
testcase TC_SEC_ITSS_SND_GENMSG_05_04_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var LongPosVector v_longPosVectorIut;
// Test adapter configuration
if (not(PICS_GN_SECURITY) or not(PICS_ITS_AID_OTHER_PROFILE) or not(PICS_CERTIFICATE_SELECTION) or not(PICS_USE_POLYGONAL_REGION)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_ITS_AID_OTHER_PROFILE' required for executing the TC ***");
stop;
}
// Test component configuration
vc_hashedId8ToBeUsed := cc_iutCert_D; // Load IUT certificate CERT_IUT_D
f_cf01Up();
v_longPosVectorIut := f_getPosition(c_compIut);
// Test adapter configuration
// Preamble
f_prNeighbour();
f_acTriggerEvent(m_startPassBeaconing(m_beaconHeader(v_longPosVectorIut).beaconHeader)); // Authorize the TA to forward the received beacons
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
f_TC_SEC_ITSS_SND_GENMSG_05_BV(mw_geographicRegion_polygonal);
// Postamble
f_acTriggerEvent(m_stopPassBeaconing);
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_GENMSG_05_04_BV
/**
* @desc Check that the secured GN Message contains exactly one HeaderField generation_location
* which is inside the identified region containing in the validity restriction
* of the certificate pointed by the signer_info field
*
* Pics Selection: PICS_GN_SECURITY and PICS_ITS_AID_OTHER_PROFILE and PICS_USE_IDENTIFIED_REGION and PICS_CERTIFICATE_SELECTION
* Config Id: CF01
* with {
* the IUT has been authorized with the AT certificate (CERT_IUT_E) {
* containing validity_restrictions ['region'] {
* containing region{
* containing region_type
* indicating 'id_region'
* containing identified_region
* indicating REGION
* }
* }
* }
* }
* ensure that {
* when {
* the IUT is requested to send a Beacon
* } then {
* the IUT sends a SecuredMessage {
* containing exactly one header_fields ['generation_location']
* containing generation_location
* indicating value inside the REGION
* not containing header_field ['its_aid']
* indicating 'AID_CAM'
* not containing header_field ['its_aid']
* indicating 'AID_DENM'
* }
* }
* }
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_SND_GENMSG_05_05_BV
* @reference ETSI TS 103 097 [1], clause 7.3
*/
testcase TC_SEC_ITSS_SND_GENMSG_05_05_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var LongPosVector v_longPosVectorIut;
// Test adapter configuration
if (not(PICS_GN_SECURITY) or not(PICS_ITS_AID_OTHER_PROFILE) or not(PICS_CERTIFICATE_SELECTION) or not(PICS_USE_IDENTIFIED_REGION)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_ITS_AID_OTHER_PROFILE' required for executing the TC ***");
stop;
}
// Test component configuration
vc_hashedId8ToBeUsed := cc_iutCert_E; // Load IUT certificate CERT_IUT_E
f_cf01Up();
v_longPosVectorIut := f_getPosition(c_compIut);
// Test adapter configuration
// Preamble
f_prNeighbour();
f_acTriggerEvent(m_startPassBeaconing(m_beaconHeader(v_longPosVectorIut).beaconHeader)); // Authorize the TA to forward the received beacons
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
f_TC_SEC_ITSS_SND_GENMSG_05_BV(mw_geographicRegion_identified);
// Postamble
f_acTriggerEvent(m_stopPassBeaconing);
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_GENMSG_05_05_BV
/**
* @desc Check that the secured GN Message contains exactly one HeaderField generation_location
* which is inside the region containing in the validity restriction
* of the certificate pointed by the signer_info field
*
* Pics Selection: PICS_GN_SECURITY and PICS_ITS_AID_OTHER_PROFILE and PICS_USE_CIRCULAR_REGION and PICS_CERTIFICATE_SELECTION
* Config Id: CF01
* with {
* the IUT being in the 'authorized' state
* }
* ensure that {
* when {
* the IUT is requested to send a Beacon
* } then {
* the IUT sends a SecuredMessage {
* containing header_fields['signed_info'].certificate {
* containing validity_restrictions ['region']
* {
* containing region.region_type
* indicating 'circle'
* containing region.circular_region
* indicating REGION
* } or {
* containing region.region_type
* indicating 'rectangle'
* containing region.rectangular_region
* containing array of rectangles
* indicating REGION
* } or {
* containing region.region_type
* indicating 'polygonal'
* containing region.polygonal_region
* indicating REGION
* } or {
* containing region.region_type
* indicating 'id_region'
* containing region.circular_region
* indicating REGION
* }
* }
* containing exactly one header_fields['generation_location']
* containing generation_location
* indicating location inside the REGION
* not containing header_field ['its_aid']
* indicating 'AID_CAM'
* not containing header_field ['its_aid']
* indicating 'AID_DENM'
* }
* }
* }
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_SND_GENMSG_05_06_BV
* @reference ETSI TS 103 097 [1], clause 7.3
*/
testcase TC_SEC_ITSS_SND_GENMSG_05_06_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var LongPosVector v_longPosVectorIut;
// Test adapter configuration
if (not(PICS_GN_SECURITY) or not(PICS_ITS_AID_OTHER_PROFILE) or not(PICS_CERTIFICATE_SELECTION) or not(PICS_USE_CIRCULAR_REGION)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_ITS_AID_OTHER_PROFILE' required for executing the TC ***");
stop;
}
// Test component configuration
vc_hashedId8ToBeUsed := cc_iutCert_B; // Load IUT certificate CERT_IUT_B
f_cf01Up();
v_longPosVectorIut := f_getPosition(c_compIut);
// Test adapter configuration
// Preamble
f_prNeighbour();
f_acTriggerEvent(m_startPassBeaconing(m_beaconHeader(v_longPosVectorIut).beaconHeader)); // Authorize the TA to forward the received beacons
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
f_TC_SEC_ITSS_SND_GENMSG_05_BV(); // any type of regions
// Postamble
f_acTriggerEvent(m_stopPassBeaconing);
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_GENMSG_05_06_BV
group f_TC_SEC_ITSS_SND_GENMSG_05_xx {
function f_TC_SEC_ITSS_SND_GENMSG_05_BV(
in template (present) GeographicRegion p_region := ?
) runs on ItsGeoNetworking {
// Local variables
var GeoNetworkingInd v_geoNwInd;
tc_ac.start;
alt {
// GN message must contain generation location and the certificate with region restrictions
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage(
superset(
mw_header_field(e_generation_location),
mw_header_field_signer_info_certificate(
mw_certificate(
?,
?,
?,
superset(
mw_validity_restriction_region(
p_region
))))))))) -> value v_geoNwInd {
var ValidityRestriction v_vr;
var HeaderField v_hf;
tc_ac.stop;
// Check that generation location
if (
f_getMsgHeaderField(v_geoNwInd.msgIn.gnPacket.securedMsg, e_generation_location, v_hf) and
f_getCertificateValidityRestriction(v_geoNwInd.msgIn.gnPacket.securedMsg.header_fields[0].headerField.signer.signerInfo.certificate, e_region, v_vr)
) {
if (f_isLocationInsideRegion(v_vr.validity.region, v_hf.headerField.generation_location)) {
log("*** " & testcasename() & ": PASS: DENM contains generation location inside the certificate validity region ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
} else {
log("v_vr.validity.region=", v_vr.validity.region);
log("v_hf.headerField.generation_location=", v_hf.headerField.generation_location);
log("*** " & testcasename() & ": FAIL: Invalid location");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
} else {
log("*** " & testcasename() & ": FAIL: IMPOSSIBLE!!! DENM generation location or certificate region restriction header field does not exist");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}
// GN message doesn't contain generation location
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage_Others
))) -> value v_geoNwInd {
var HeaderField v_hf;
tc_ac.stop;
// Check that generation location is not present
f_getMsgHeaderField(v_geoNwInd.msgIn.gnPacket.securedMsg, e_generation_location, v_hf);
if (not isbound(v_hf)) {
log("*** " & testcasename() & ": FAIL: DENM doesn't contain generation location header");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}
// GN signing certificate doesn't contains region restriction
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage_Others(
mw_header_field_signer_info_certificate(
mw_certificate(
?,
?,
?,
{ } // GN signing certificate doesn't contains region restriction
)))))) {
tc_ac.stop;
log("*** " & testcasename() & ": INCONC: DENM certificate doesn't contain region restriction");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected DENM not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
} // End of function f_TC_SEC_ITSS_SND_GENMSG_05_BV
} // End of group f_TC_SEC_ITSS_SND_GENMSG_05_xx
/**
* @desc Check that the secured message contains of type signed
*
* Pics Selection: PICS_GN_SECURITY and PICS_ITS_AID_OTHER_PROFILE
* Config Id: CF01
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* }
* Expected results:
* ensure that {
* when {
* the IUT is requested to send a Beacon
* } then {
* the IUT sends a SecuredMessage {
* not containing header_field ['its_aid']
* indicating 'AID_CAM'
* not containing header_field ['its_aid']
* indicating 'AID_DENM'
* containing payload_fields
* containing exactly one element of type Payload {
* containing type
* indicating 'signed'
* }
* }
* }
* }
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_SND_GENMSG_06_01_BV
* @reference ETSI TS 103 097 [1], clause 7.3
*/
testcase TC_SEC_ITSS_SND_GENMSG_06_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var LongPosVector v_longPosVectorIut;
// Test adapter configuration
if (not(PICS_GN_SECURITY) or not(PICS_ITS_AID_OTHER_PROFILE)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_ITS_AID_OTHER_PROFILE' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
v_longPosVectorIut := f_getPosition(c_compIut);
// Test adapter configuration
// Preamble
f_prNeighbour();
f_acTriggerEvent(m_startPassBeaconing(m_beaconHeader(v_longPosVectorIut).beaconHeader)); // Authorize the TA to forward the received beacons
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage_Others(
?,
mw_payload(
e_signed
)
),
mw_geoNwBeaconPacket(
?
)))) {
log("*** " & testcasename() & ": PASS: Beacon payload is 'signed'");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage_Others(
?,
mw_payload
),
mw_geoNwBeaconPacket(
?
)))) {
log("*** " & testcasename() & ": FAIL: Beacon payload is not 'signed'");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage_Others(
?,
mw_payload(
e_signed,
? length(0) // TODO ''O ?????
)
),
mw_geoNwBeaconPacket(
?
)))) {
log("*** " & testcasename() & ": FAIL: Beacon payload data is empty");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected Message not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_acTriggerEvent(m_stopPassBeaconing);
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_GENMSG_06_01_BV
/**
* @desc Check that the secured GN Message contains only one TrailerField of type signature.
* Check that the signature contained in the SecuredMessage is calculated over the right fields by cryptographically verifying the signature
*
* Pics Selection: PICS_GN_SECURITY and PICS_ITS_AID_OTHER_PROFILE
* Config Id: CF01
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* }
* ensure that {
* when {
* the IUT is requested to send Beacon
* } then {
* the IUT sends a SecuredMessage {
* containing header_fields ['signer_info'] {
* containing signer {
* containing type
* indicating 'certificate'
* containing certificate
* containing subject_info.subject_type
* indicating 'authorization_ticket' (2)
* and containing subject_attributes['verification key'] (KEY)
* }
* }
* not containing header_field ['its_aid']
* indicating 'AID_CAM'
* not containing header_field ['its_aid']
* indicating 'AID_DENM'
* containing trailer_fields {
* containing single instance of type TrailerField {
* containing type
* indicating 'signature'
* containing signature
* verifiable using KEY }
* }
* }
* }
* }
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_SND_GENMSG_07_01_BV
* @reference ETSI TS 103 097 [1], clause 7.3
*/
testcase TC_SEC_ITSS_SND_GENMSG_07_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var LongPosVector v_longPosVectorIut;
var GeoNetworkingInd v_geoNwInd;
var SignerInfo v_signerInfo;
// Test adapter configuration
if (not(PICS_GN_SECURITY) or not(PICS_ITS_AID_OTHER_PROFILE)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_ITS_AID_OTHER_PROFILE' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
v_longPosVectorIut := f_getPosition(c_compIut);
// Test adapter configuration
// Preamble
f_prNeighbour();
f_acTriggerEvent(m_startPassBeaconing(m_beaconHeader(v_longPosVectorIut).beaconHeader)); // Authorize the TA to forward the received beacons
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage_Others(
mw_header_field_signer_info_certificate
)))) -> value v_geoNwInd {
tc_ac.stop;
log("*** " & testcasename() & ": INFO: Beacon message with certificate received ***");
f_getMsgSignerInfo(v_geoNwInd.msgIn.gnPacket.securedMsg, v_signerInfo);
if (f_verifyGnSecuredMessageSignatureWithCertificate(v_geoNwInd.msgIn.gnPacket.securedMsg, v_signerInfo.signerInfo.certificate) == false) {
log("*** " & testcasename() & ": FAIL: Beacon received with invalide signature");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage_Others
))) {
tc_ac.stop;
log("*** " & testcasename() & ": FAIL: Beacon message without certificate received");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected GN Message not received");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
log("*** " & testcasename() & ": PASS: GN Message received with correct signature");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
// Postamble
f_acTriggerEvent(m_stopPassBeaconing);
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_DENM_07_01_BV
} // End of group secOtherProfile
} // End of group g_SecuredMessages
group g_receiverBehavior {
group g_recvCamProfile {
/**
* @desc Check that IUT accepts a well-formed Secured CAM containing certificate in signer_info
*
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* }
* ensure that {
* when {
* the IUT is receiving a SecuredMessage
* containing protocol_version
* indicating value '2'
* and containing header_fields[0]
* containing type
* indicating 'signer_info'
* and containing signer {
* containing type
* indicating 'certificate'
* and containing certificate (CERT_AT_A) {
* containing subject_info.subject_type
* indicating 'authorization_ticket' (2)
* and containing subject_attributes['verification key'] (KEY)
* }
* }
* and containing header_fields [1] {
* containing type
* indicating 'generation_time'
* containing generation_time
* indicating CURRENT_TIME
* }
* and containing header_fields[2] {
* containing type
* indicating 'its_aid'
* containing its_aid
* indicating 'AID_CAM'
* }
* and not containing any other header fields
* and containing payload_field {
* containing type
* indicating 'signed'
* containing data
* indicating length > 0
* containing CAM payload
* }
* and containing trailer_fields {
* containing single instance of type TrailerField {
* containing type
* indicating 'signature'
* containing signature
* verifiable using KEY
* }
* }
* } then {
* the IUT accepts the message
* }
* }
*
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_RCV_CAM_01_01_BV
* @reference ETSI TS 103 097 [1], clause 7.1
*/
testcase TC_SEC_ITSS_RCV_CAM_01_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var integer i;
var GeoNetworkingPdu v_securedGnPdu;
var GnRawPayload v_sentRawPayload;
// Test adapter configuration
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
v_securedGnPdu := f_sendSecuredCam(cc_taCert_A, omit, e_certificate);
f_sleep(PX_TNOAC);
v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload);
for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) {
// empty on purpose
}
if (i < lengthof(vc_utInds)) {
log("*** " & testcasename() & ": PASS: GN was transmitted to upper layer ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
else {
log("*** " & testcasename() & ": FAIL: GN was not transmitted to upper layer ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_RCV_CAM_01_01_BV
/**
* @desc Check that IUT accepts a well-formed Secured CAM containing certificate digest of the known certificate in signer_info
*
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* the IUT already sent a Secured message containing certificate (CERT_AT_A)
* containing subject_info.subject_type
* indicating 'authorization_ticket' (2)
* and containing subject_attributes['verification key'] (KEY)
* }
* ensure that {
* when {
* the IUT is receiving a SecuredMessage
* containing protocol_version
* indicating value '2'
* and containing header_fields[0]
* containing type
* indicating 'signer_info'
* and containing signer {
* containing type
* indicating 'certificate_digest_with_sha256'
* and containing digest
* referencing to certificate (CERT_AT_A)
* }
* and containing header_fields [1] {
* containing type
* indicating 'generation_time'
* containing generation_time
* indicating CURRENT_TIME
* }
* and containing header_fields[2] {
* containing type
* indicating 'its_aid'
* containing its_aid
* indicating 'AID_CAM'
* }
* and not containing any other header fields
* and containing payload_field {
* containing type
* indicating 'signed'
* containing data
* indicating length > 0
* containing CAM payload
* }
* and containing trailer_fields {
* containing single instance of type TrailerField {
* containing type
* indicating 'signature'
* containing signature
* verifiable using KEY
* }
* }
* } then {
* the IUT accepts the message
* }
* }
*
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_RCV_CAM_01_02_BV
* @reference ETSI TS 103 097 [1], clause 7.1
*/
testcase TC_SEC_ITSS_RCV_CAM_01_02_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var integer i;
var GeoNetworkingPdu v_securedGnPdu;
var GnRawPayload v_sentRawPayload;
// Test adapter configuration
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
v_securedGnPdu := f_sendSecuredCam(cc_taCert_A, omit, e_certificate_digest_with_sha256);
f_sleep(PX_TNOAC);
v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload);
for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) {
// empty on purpose
}
if (i < lengthof(vc_utInds)) {
log("*** " & testcasename() & ": PASS: GN was transmitted to upper layer ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
else {
log("*** " & testcasename() & ": FAIL: GN was not transmitted to upper layer ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_RCV_CAM_01_02_BV
/**
* @desc Check that IUT accepts a well-formed Secured CAM containing certificate chain in signer_info
*
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* }
* ensure that {
* when {
* the IUT is receiving a SecuredMessage
* containing protocol_version
* indicating value '2'
* and containing header_fields[0]
* containing type
* indicating 'signer_info'
* and containing signer {
* containing type
* indicating 'certificate_chain'
* and containing certificates
* containing certificate (CERT_AA_A) at index 0 {
* containing subject_info.subject_type
* indicating 'authorization_authority'
* and containing subject_attributes['verification key'] (KEY_AA)
* }
* and containing certificate (CERT_AT_A) at index 1 {
* containing subject_info.subject_type
* indicating 'authorization_ticket'
* and containing signer_info {
* containing type
* indicating 'certificate_digest_with_sha256'
* containing digest
* referencing to the CERT_AA_A
* }
* and containing signature
* verifiable using KEY_AA
* and containing subject_attributes['verification key'] (KEY)
* }
* }
* and containing header_fields [1] {
* containing type
* indicating 'generation_time'
* containing generation_time
* indicating CURRENT_TIME
* }
* and containing header_fields[2] {
* containing type
* indicating 'its_aid'
* containing its_aid
* indicating 'AID_CAM'
* }
* and not containing any other header fields
* and containing payload_field {
* containing type
* indicating 'signed'
* containing data
* indicating length > 0
* containing CAM payload
* }
* and containing trailer_fields {
* containing single instance of type TrailerField {
* containing type
* indicating 'signature'
* containing signature
* verifiable using KEY
* }
* }
* } then {
* the IUT accepts the message
* }
* }
*
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_RCV_CAM_01_03_BV
* @reference ETSI TS 103 097 [1], clause 7.1
*/
testcase TC_SEC_ITSS_RCV_CAM_01_03_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var integer i;
var GeoNetworkingPdu v_securedGnPdu;
var GnRawPayload v_sentRawPayload;
// Test adapter configuration
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
v_securedGnPdu := f_sendSecuredCam(cc_taCert_A);
f_sleep(PX_TNOAC);
v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload);
for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) {
// empty on purpose
}
if (i < lengthof(vc_utInds)) {
log("*** " & testcasename() & ": PASS: GN was transmitted to upper layer ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
else {
log("*** " & testcasename() & ": FAIL: GN was not transmitted to upper layer ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_RCV_CAM_01_03_BV
/**
* @desc Check that IUT discards a Secured CAM containing protocol version set to a value less then 2
*
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* }
* ensure that {
* when {
* the IUT is receiving a SecuredMessage (CAM)
* containing protocol_version
* indicating 1
* containing header_fields['its_aid']
* indicating 'AID_CAM'
* } then {
* the IUT discards a SecuredMessage
* }
* }
*
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_RCV_CAM_02_01_BO
* @reference ETSI TS 103 097 [1], clause 5.2
*/
testcase TC_SEC_ITSS_RCV_CAM_02_01_BO() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var integer i;
var GeoNetworkingPdu v_securedGnPdu;
var GnRawPayload v_sentRawPayload;
// Test adapter configuration
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
v_securedGnPdu := f_sendSecuredCam_Bo(cc_taCert_A, PX_WRONG_PROTOCOL_VERSION);
f_sleep(PX_TNOAC);
v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload);
for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) {
// empty on purpose
}
if (i < lengthof(vc_utInds)) {
log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
else {
log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_RCV_CAM_02_01_BO
/**
* @desc Check that IUT discards a Secured CAM containing protocol version set to a value greater then 2
*
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* }
* ensure that {
* when {
* the IUT is receiving a SecuredMessage (CAM)
* containing protocol_version
* indicating 3
* containing header_fields['its_aid']
* indicating 'AID_CAM'
* } then {
* the IUT discards a SecuredMessage
* }
* }
*
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_RCV_CAM_02_02_BO
* @reference ETSI TS 103 097 [1], clause 5.2
*/
testcase TC_SEC_ITSS_RCV_CAM_02_02_BO() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var integer i;
var GeoNetworkingPdu v_securedGnPdu;
var GnRawPayload v_sentRawPayload;
// Test adapter configuration
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
v_securedGnPdu := f_sendSecuredCam_Bo(cc_taCert_A, PX_WRONG_PROTOCOL_VERSION); // Change PX_WRONG_PROTOCOL_VERSION to 3
f_sleep(PX_TNOAC);
v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload);
for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) {
// empty on purpose
}
if (i < lengthof(vc_utInds)) {
log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
else {
log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_RCV_CAM_02_02_BO
/**
* @desc Check that IUT discards a secured CAM if the header_fields contains more than one element of header field type: signer_info
*
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* }
* ensure that {
* when {
* the IUT is receiving a SecuredMessage (CAM)
* containing header_fields[0].type
* indicating 'signer_info'
* and containing header_fields[1].type
* indicating 'signer_info'
* and containing header_fields[2].type
* indicating 'generation_time'
* and containing header_fields[3] {
* containing type
* indicating 'its_aid'
* containing its_aid
* indicating 'AID_CAM'
* and not containing other header fields
* } then {
* the IUT discards the message
* }
* }
*
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_RCV_CAM_04_01_BO
* @reference ETSI TS 103 097 [1], clause 7.1
*/
testcase TC_SEC_ITSS_RCV_CAM_04_01_BO() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var integer i;
var GeoNetworkingPdu v_securedGnPdu;
var GnRawPayload v_sentRawPayload;
// Test adapter configuration
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
v_securedGnPdu := f_prepareSecuredCam(
cc_taCert_A,
{
m_header_field_signer_info(
m_signerInfo_digest(
vc_atCertificate.signer_info.signerInfo.digest
)),
m_header_field_signer_info(
m_signerInfo_certificate(
vc_aaCertificate
)),
m_header_field_generation_time(1000 * f_getCurrentTime()), // In us
m_header_field_its_aid_CAM
},
e_certificate_digest_with_sha256,
false
);
f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu));
f_sleep(PX_TNOAC);
v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload);
for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) {
// empty on purpose
} // End of 'for' statement
if (i < lengthof(vc_utInds)) {
log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
else {
log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_RCV_CAM_04_01_BO
/**
* @desc Check that IUT discards a secured CAM if the header_fields does not contain the header field type: signer_info
*
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* }
* ensure that {
* when {
* the IUT is receiving a SecuredMessage (CAM)
* containing header_fields[0].type
* indicating 'generation_time'
* and containing header_fields[1] {
* containing type
* indicating 'its_aid'
* containing its_aid
* indicating 'AID_CAM'
* and not containing other header fields
* } then {
* the IUT discards the message
* }
* }
*
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_RCV_CAM_04_02_BO
* @reference ETSI TS 103 097 [1], clause 7.1
*/
testcase TC_SEC_ITSS_RCV_CAM_04_02_BO() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var integer i;
var GeoNetworkingPdu v_securedGnPdu;
var GnRawPayload v_sentRawPayload;
// Test adapter configuration
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
v_securedGnPdu := f_prepareSecuredCam(
cc_taCert_A,
{
m_header_field_generation_time(1000 * f_getCurrentTime()), // In us
m_header_field_its_aid_CAM
},
e_certificate_digest_with_sha256,
false
);
f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu));
f_sleep(PX_TNOAC);
v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload);
for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) {
// empty on purpose
} // End of 'for' statement
if (i < lengthof(vc_utInds)) {
log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
else {
log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_RCV_CAM_04_02_BO
/**
* @desc Check that IUT is able to receive a secured CAM if the signer_info header field is not encoded first
*
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* }
* ensure that {
* when {
* the IUT is receiving a SecuredMessage (CAM) {
* containing header_fields[0].type
* indicating 'signer_info'
* and containing header_fields[1].type
* indicating 'generation_time'
* and containing header_fields[2].type
* indicating 'signer_info'
* and containing header_fields[3] {
* containing type
* indicating 'its_aid'
* containing its_aid
* indicating 'AID_CAM'
* }
* and not containing other header fields
* }
* } then {
* the IUT discards the message
* }
* }
*
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_RCV_CAM_04_03_BO
* @reference ETSI TS 103 097 [1], clause 7.1
*/
testcase TC_SEC_ITSS_RCV_CAM_04_03_BO() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var integer i;
var GeoNetworkingPdu v_securedGnPdu;
var GnRawPayload v_sentRawPayload;
// Test adapter configuration
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
v_securedGnPdu := f_prepareSecuredCam(
cc_taCert_A,
{
m_header_field_generation_time(1000 * f_getCurrentTime()), // In us
m_header_field_its_aid_CAM,
m_header_field_signer_info(
m_signerInfo_digest(
vc_atCertificate.signer_info.signerInfo.digest
))
},
e_certificate_digest_with_sha256,
false
);
f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu));
f_sleep(PX_TNOAC);
v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload);
for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) {
// empty on purpose
} // End of 'for' statement
if (i < lengthof(vc_utInds)) {
log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
else {
log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_RCV_CAM_04_03_EB
/**
* @desc Check that IUT discards a secured CAM if the header_fields doesn't contain the element of header field of type: generation_time
*
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* }
* ensure that {
* when {
* the IUT is receiving a SecuredMessage (CAM)
* containing header_fields[0].type
* indicating 'signer_info'
* and containing header_fields[1] {
* containing type
* indicating 'its_aid'
* containing its_aid
* indicating 'AID_CAM'
* }
* and not containing other header fields
* } then {
* the IUT discards the message
* }
* }
*
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_RCV_CAM_04_04_BO
* @reference ETSI TS 103 097 [1], clause 7.1
*/
testcase TC_SEC_ITSS_RCV_CAM_04_04_BO() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var integer i;
var GeoNetworkingPdu v_securedGnPdu;
var GnRawPayload v_sentRawPayload;
// Test adapter configuration
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
v_securedGnPdu := f_prepareSecuredCam(
cc_taCert_A,
{
m_header_field_signer_info(
m_signerInfo_digest(
vc_atCertificate.signer_info.signerInfo.digest
)),
m_header_field_its_aid_CAM
},
e_certificate_digest_with_sha256,
false
);
f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu));
f_sleep(PX_TNOAC);
v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload);
for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) {
// empty on purpose
} // End of 'for' statement
if (i < lengthof(vc_utInds)) {
log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
else {
log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_RCV_CAM_04_04_BO
/**
* @desc Check that IUT discards a secured CAM if the header_fields contain more than one element of header field of type: its_aid
*
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* }
* ensure that {
* when {
* the IUT is receiving a SecuredMessage (CAM)
* containing header_fields[0].type
* indicating 'signer_info'
* and containing header_fields[1].type
* indicating 'generation_time'
* and and containing header_fields[2] {
* containing type
* indicating 'its_aid'
* containing its_aid
* indicating 'AID_CAM'
* and and containing header_fields[3] {
* containing type
* indicating 'its_aid'
* containing its_aid
* indicating 'AID_DENM'
* }
* and not containing other header fields
* } then {
* the IUT discards the message
* }
* }
*
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_RCV_CAM_04_06_BO
* @reference ETSI TS 103 097 [1], clause 7.1
*/
testcase TC_SEC_ITSS_RCV_CAM_04_06_BO() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var integer i;
var GeoNetworkingPdu v_securedGnPdu;
var GnRawPayload v_sentRawPayload;
// Test adapter configuration
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
v_securedGnPdu := f_prepareSecuredCam(
cc_taCert_A,
{
m_header_field_signer_info(
m_signerInfo_digest(
vc_atCertificate.signer_info.signerInfo.digest
)),
m_header_field_generation_time(1000 * f_getCurrentTime()), // In us
m_header_field_its_aid_CAM,
m_header_field_its_aid_DENM
},
e_certificate_digest_with_sha256,
false
);
f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu));
f_sleep(PX_TNOAC);
v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload);
for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) {
// empty on purpose
} // End of 'for' statement
if (i < lengthof(vc_utInds)) {
log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
else {
log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_RCV_CAM_04_06_BO
/**
* @desc Check that IUT ignores the HeaderFields generation_time_standard_deviation of received Secured CAM
*
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* }
* ensure that {
* when {
* the IUT is receiving a SecuredMessage (CAM)
* containing header_fields[0].type
* indicating 'signer_info'
* and containing header_fields[1].type
* indicating 'generation_time'
* indicating TIME_1 inside the validity period of the signer certificate
* and containing header_fields[2].type
* indicating 'generation_time_with_standard_deviation'
* indicating TIME_2 inside the validity period of the signer certificate
* and and containing header_fields[3] {
* containing type
* indicating 'its_aid'
* containing its_aid
* indicating 'AID_CAM'
* }
* and not containing other header fields
* } then {
* the IUT discards the message
* }
* }
*
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_RCV_CAM_04_08_BO
* @reference ETSI TS 103 097 [1], clause 7.1
*/
testcase TC_SEC_ITSS_RCV_CAM_04_08_BO() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var integer i;
var GeoNetworkingPdu v_securedGnPdu;
var GnRawPayload v_sentRawPayload;
// Test adapter configuration
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
v_securedGnPdu := f_prepareSecuredCam(
cc_taCert_A,
{
m_header_field_signer_info(
m_signerInfo_digest(
vc_atCertificate.signer_info.signerInfo.digest
)),
m_header_field_generation_time(1000 * f_getCurrentTime()), // In us
m_header_field_generation_time_with_standard_deviation(
m_time64WithStandardDeviation(
1000, // In us
0
)),
m_header_field_its_aid_CAM
},
e_certificate_digest_with_sha256,
false
);
f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu));
f_sleep(PX_TNOAC);
v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload);
for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) {
// empty on purpose
} // End of 'for' statement
if (i < lengthof(vc_utInds)) {
log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
else {
log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_RCV_CAM_04_08_BO
/**
* @desc Check that IUT ignores the HeaderFields generation_time_standard_deviation of received Secured CAM
*
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* }
* ensure that {
* when {
* the IUT is receiving a SecuredMessage (CAM)
* containing header_fields[0].type
* indicating 'signer_info'
* and containing header_fields[1].type
* indicating 'generation_time'
* indicating TIME_1 outside the validity period of the signer certificate
* and containing header_fields[2].type
* indicating 'generation_time_with_standard_deviation'
* indicating TIME_2 inside the validity period of the signer certificate
* and and containing header_fields[3] {
* containing type
* indicating 'its_aid'
* containing its_aid
* indicating 'AID_CAM'
* }
* and not containing other header fields
* } then {
* the IUT discards the message
* }
* }
*
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_RCV_CAM_04_09_BO
* @reference ETSI TS 103 097 [1], clause 7.1
*/
testcase TC_SEC_ITSS_RCV_CAM_04_09_BO() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var integer i;
var GeoNetworkingPdu v_securedGnPdu;
var GnRawPayload v_sentRawPayload;
// Test adapter configuration
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
v_securedGnPdu := f_prepareSecuredCam(
cc_taCert_A,
{
m_header_field_signer_info(
m_signerInfo_digest(
vc_atCertificate.signer_info.signerInfo.digest
)),
m_header_field_generation_time(1000 * f_getCurrentTime()), // In us
m_header_field_generation_time_with_standard_deviation(
m_time64WithStandardDeviation(
1000 * f_getCurrentTime(), // In us
0
)),
m_header_field_its_aid_CAM
},
e_certificate_digest_with_sha256,
false
);
f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu));
f_sleep(PX_TNOAC);
v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload);
for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) {
// empty on purpose
} // End of 'for' statement
if (i < lengthof(vc_utInds)) {
log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
else {
log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_RCV_CAM_04_09_BO
/**
* @desc Check that IUT discards secured CAM when its_aid value is not equal to 36
*
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* }
* ensure that {
* when {
* the IUT is receiving a SecuredMessage (CAM)
* containing header_fields['its_aid']
* indicating AID_DENM
* and containing payload_field {
* containing type
* indicating 'signed'
* containing data
* containing CAM payload
* }
* } then {
* the IUT discards the message
* }
* }
*
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_RCV_CAM_07_01_BO
* @reference ETSI TS 103 097 [1], clause 7.1
*/
testcase TC_SEC_ITSS_RCV_CAM_07_01_BO() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var integer i;
var GeoNetworkingPdu v_securedGnPdu;
var GnRawPayload v_sentRawPayload;
// Test adapter configuration
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
v_securedGnPdu := f_prepareSecuredCam(
cc_taCert_A,
{
m_header_field_its_aid_DENM
},
e_certificate
);
f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu));
f_sleep(PX_TNOAC);
v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload);
for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) {
// empty on purpose
} // End of 'for' statement
if (i < lengthof(vc_utInds)) {
log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
else {
log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_RCV_CAM_07_01a_EB
/**
* @desc Check that IUT discards the Secured CAM containing empty payload of type 'signed'.
*
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* }
* ensure that {
* when {
* the IUT is receiving a SecuredMessage {
* and containing header_fields['its_aid']
* indicating 'AID_CAM'
* and containing payload_field {
* containing type
* indicating 'signed'
* containing data
* indicating length 0
* }
* }
* } then {
* the IUT discards the message
* }
* }
*
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_RCV_CAM_09_02_BO
* @reference ETSI TS 103 097 [1], clause 7.1
*/
testcase TC_SEC_ITSS_RCV_CAM_09_02_BO() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var integer i;
var GeoNetworkingPdu v_securedGnPdu;
var GnNonSecuredPacket v_gnNonSecuredPacket;
var octetstring v_gnPayload;
var template (value) SecuredMessage v_securedMessage;
var GnRawPayload v_sentRawPayload;
// Test adapter configuration
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
v_gnNonSecuredPacket := valueof(m_geoNwShbPacket(f_getPosition(c_compNodeC)));
v_gnNonSecuredPacket.payload := valueof(
f_adaptPayload_m(
bit2oct(
encvalue(
m_camReq(
m_camMsg_vehicle_HF_BV(
f_getTsStationId(),
f_getCurrentTime() mod 65536, // See ETSI EN 302 637-2 V1.3.0 - Clause B.3 generationDelatTime
LibItsCam_Templates.m_tsPosition
))))));
v_gnPayload := bit2oct(encvalue(v_gnNonSecuredPacket));
f_buildGnSecuredCam(
v_securedMessage,
m_payload_signed(
''O
)
);
v_securedGnPdu := valueof(m_geoNwSecPdu(v_gnNonSecuredPacket, v_securedMessage));
f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu));
f_sleep(PX_TNOAC);
v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload);
for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) {
// empty on purpose
}
if (i < lengthof(vc_utInds)) {
log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
else {
log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_RCV_CAM_09_02_EB
/**
* @desc Check that IUT discards the Secured CAM containing non-empty payload of type 'unsecured'
*
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* }
* ensure that {
* when {
* the IUT is receiving a SecuredMessage {
* and containing header_fields['its_aid']
* indicating 'AID_CAM'
* and containing payload_field {
* containing type
* indicating 'unsecured'
* }
* }
* } then {
* the IUT discards the message
* }
* }
*
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_RCV_CAM_09_03_BO
* @reference ETSI TS 103 097 [1], clause 7.1
*/
testcase TC_SEC_ITSS_RCV_CAM_09_03_BO() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var integer i;
var GeoNetworkingPdu v_securedGnPdu;
var GnNonSecuredPacket v_gnNonSecuredPacket;
var octetstring v_gnPayload;
var template (value) SecuredMessage v_securedMessage;
var GnRawPayload v_sentRawPayload;
// Test adapter configuration
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
v_gnNonSecuredPacket := valueof(m_geoNwShbPacket(f_getPosition(c_compNodeC)));
v_gnNonSecuredPacket.payload := valueof(
f_adaptPayload_m(
bit2oct(
encvalue(
m_camReq(
m_camMsg_vehicle_HF_BV(
f_getTsStationId(),
f_getCurrentTime() mod 65536, // See ETSI EN 302 637-2 V1.3.0 - Clause B.3 generationDelatTime
LibItsCam_Templates.m_tsPosition
))))));
v_gnPayload := bit2oct(encvalue(v_gnNonSecuredPacket));
f_buildGnSecuredCam(
v_securedMessage,
m_payload_unsecured(
v_gnPayload
)
);
v_securedGnPdu := valueof(m_geoNwSecPdu(v_gnNonSecuredPacket, v_securedMessage));
f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu));
f_sleep(PX_TNOAC);
v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload);
for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) {
// empty on purpose
}
if (i < lengthof(vc_utInds)) {
log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
else {
log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_RCV_CAM_09_03_EB
/**
* @desc Check that IUT discards the Secured CAM containing non-empty payload of type 'encrypted'
*
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* }
* ensure that {
* when {
* the IUT is receiving a SecuredMessage {
* and containing header_fields['its_aid']
* indicating 'AID_CAM'
* and containing payload_field {
* containing type
* indicating 'encrypted'
* }
* }
* } then {
* the IUT discards the message
* }
* }
*
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_RCV_CAM_09_04_BO
* @reference ETSI TS 103 097 [1], clause 7.1
*/
testcase TC_SEC_ITSS_RCV_CAM_09_04_BO() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var integer i;
var GeoNetworkingPdu v_securedGnPdu;
var GnNonSecuredPacket v_gnNonSecuredPacket;
var octetstring v_gnPayload;
var template (value) SecuredMessage v_securedMessage;
var GnRawPayload v_sentRawPayload;
// Test adapter configuration
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
v_gnNonSecuredPacket := valueof(m_geoNwShbPacket(f_getPosition(c_compNodeC)));
v_gnNonSecuredPacket.payload := valueof(
f_adaptPayload_m(
bit2oct(
encvalue(
m_camReq(
m_camMsg_vehicle_HF_BV(
f_getTsStationId(),
f_getCurrentTime() mod 65536, // See ETSI EN 302 637-2 V1.3.0 - Clause B.3 generationDelatTime
LibItsCam_Templates.m_tsPosition
))))));
v_gnPayload := bit2oct(encvalue(v_gnNonSecuredPacket));
f_buildGnSecuredCam(
v_securedMessage,
m_payload_encrypted(
v_gnPayload
)
);
v_securedGnPdu := valueof(m_geoNwSecPdu(v_gnNonSecuredPacket, v_securedMessage));
f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu));
f_sleep(PX_TNOAC);
v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload);
for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) {
// empty on purpose
}
if (i < lengthof(vc_utInds)) {
log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
else {
log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_RCV_CAM_09_04_EB
/**
* @desc Check that IUT discards the Secured CAM containing exactly one non-empty payload of type 'signed_external'
*
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* }
* ensure that {
* when {
* the IUT is receiving a SecuredMessage {
* and containing header_fields['its_aid']
* indicating 'AID_CAM'
* and containing payload_field {
* containing type
* indicating 'signed_external'
* }
* }
* } then {
* the IUT discards the message
* }
* }
*
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_RCV_CAM_09_05_BO
* @reference ETSI TS 103 097 [1], clause 7.1
*/
testcase TC_SEC_ITSS_RCV_CAM_09_05_BO() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var integer i;
var GeoNetworkingPdu v_securedGnPdu;
var GnNonSecuredPacket v_gnNonSecuredPacket;
var octetstring v_gnPayload;
var template (value) SecuredMessage v_securedMessage;
var GnRawPayload v_sentRawPayload;
// Test adapter configuration
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
v_gnNonSecuredPacket := valueof(m_geoNwShbPacket(f_getPosition(c_compNodeC)));
v_gnNonSecuredPacket.payload := valueof(
f_adaptPayload_m(
bit2oct(
encvalue(
m_camReq(
m_camMsg_vehicle_HF_BV(
f_getTsStationId(),
f_getCurrentTime() mod 65536, // See ETSI EN 302 637-2 V1.3.0 - Clause B.3 generationDelatTime
LibItsCam_Templates.m_tsPosition
))))));
v_gnPayload := bit2oct(encvalue(v_gnNonSecuredPacket));
f_buildGnSecuredCam(
v_securedMessage,
m_payload_signed_external(
v_gnPayload
)
);
v_securedGnPdu := valueof(m_geoNwSecPdu(v_gnNonSecuredPacket, v_securedMessage));
f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu));
f_sleep(PX_TNOAC);
v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload);
for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) {
// empty on purpose
}
if (i < lengthof(vc_utInds)) {
log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
else {
log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_RCV_CAM_09_05_EB
/**
* @desc Check that IUT discards the Secured CAM containing non-empty payload of type 'signed_and_encrypted'
*
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* }
* ensure that {
* when {
* the IUT is receiving a SecuredMessage {
* and containing header_fields['its_aid']
* indicating 'AID_CAM'
* and containing payload_field {
* containing type
* indicating 'signed_and_encrypted'
* }
* }
* } then {
* the IUT discards the message
* }
* }
*
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_RCV_CAM_09_06_BO
* @reference ETSI TS 103 097 [1], clause 7.1
*/
testcase TC_SEC_ITSS_RCV_CAM_09_06_BO() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var integer i;
var GeoNetworkingPdu v_securedGnPdu;
var GnNonSecuredPacket v_gnNonSecuredPacket;
var octetstring v_gnPayload;
var template (value) SecuredMessage v_securedMessage;
var GnRawPayload v_sentRawPayload;
// Test adapter configuration
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
v_gnNonSecuredPacket := valueof(m_geoNwShbPacket(f_getPosition(c_compNodeC)));
v_gnNonSecuredPacket.payload := valueof(
f_adaptPayload_m(
bit2oct(
encvalue(
m_camReq(
m_camMsg_vehicle_HF_BV(
f_getTsStationId(),
f_getCurrentTime() mod 65536, // See ETSI EN 302 637-2 V1.3.0 - Clause B.3 generationDelatTime
LibItsCam_Templates.m_tsPosition
))))));
v_gnPayload := bit2oct(encvalue(v_gnNonSecuredPacket));
f_buildGnSecuredCam(
v_securedMessage,
m_payload_signed_and_encrypted(
v_gnPayload
)
);
v_securedGnPdu := valueof(m_geoNwSecPdu(v_gnNonSecuredPacket, v_securedMessage));
f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu));
f_sleep(PX_TNOAC);
v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload);
for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) {
// empty on purpose
}
if (i < lengthof(vc_utInds)) {
log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
else {
log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_RCV_CAM_09_06_EB
/**
* @desc Check that IUT discards the Secured CAM doesn't containing the TrailerField of type 'signature'
*
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* }
* ensure that {
* when {
* the IUT is receiving a SecuredMessage {
* and containing header_fields['its_aid']
* indicating 'AID_CAM'
* and containing trailer_fields
* not containing any instance of type TrailerField {
* containing type
* indicating 'signature'
* }
* }
* } then {
* the IUT discards the message
* }
* }
*
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_RCV_CAM_10_01_BO
* @reference ETSI TS 103 097 [1], clause 7.1
*/
testcase TC_SEC_ITSS_RCV_CAM_10_01_BO() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var integer i;
var GeoNetworkingPdu v_securedGnPdu;
var GnRawPayload v_sentRawPayload;
// Test adapter configuration
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
v_securedGnPdu := f_sendSecuredCam_Bo(cc_taCert_A, -, 0);
f_sleep(PX_TNOAC);
v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload);
for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) {
// empty on purpose
}
if(i < lengthof(vc_utInds)) {
log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
else {
log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_RCV_CAM_10_01_EB
/**
* @desc Check that IUT discards the Secured CAM containing more then one instance of TrailerField of type 'signature'
*
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* }
* ensure that {
* when {
* the IUT is receiving a SecuredMessage {
* and containing header_fields['its_aid']
* indicating 'AID_CAM'
* and containing trailer_fields[0].type
* indicating 'signature'
* and containing trailer_fields[1].type
* indicating 'signature'
* }
* } then {
* the IUT discards the message
* }
* }
*
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_RCV_CAM_10_02_BO
* @reference ETSI TS 103 097 [1], clause 7.1
*/
testcase TC_SEC_ITSS_RCV_CAM_10_02_BO() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var integer i;
var GeoNetworkingPdu v_securedGnPdu;
var GnRawPayload v_sentRawPayload;
// Test adapter configuration
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
v_securedGnPdu := f_sendSecuredCam_Bo(cc_taCert_A, -, 2);
f_sleep(PX_TNOAC);
v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload);
for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) {
// empty on purpose
}
if(i < lengthof(vc_utInds)) {
log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
else {
log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_RCV_CAM_10_02_EB
/**
* @desc Check that the IUT discards Secured message containing signature that is not verified using the
* verification key from the certificate contained in the message's signer info
*
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* }
* ensure that {
* when {
* the IUT is receiving a SecuredMessage {
* containing header_fields ['signer_info'] {
* containing signer {
* containing type
* indicating 'certificate'
* containing certificate
* containing subject_info.subject_type
* indicating 'authorization_ticket' (2)
* and containing subject_attributes['verification key'] (KEY)
* }
* }
* containing header_fields['its_aid']
* indicating 'AID_CAM'
* containing trailer_fields {
* containing single instance of type TrailerField {
* containing type
* indicating 'signature'
* containing signature
* NOT verifiable using KEY
* }
* }
* }
* } then {
* the IUT discards the message
* }
* }
*
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_RCV_CAM_11_01_BO
* @reference ETSI TS 103 097 [1], clause 7.1
*/
testcase TC_SEC_ITSS_RCV_CAM_11_01_BO() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var integer i;
var GeoNetworkingPdu v_securedGnPdu;
var GnRawPayload v_sentRawPayload;
// Test adapter configuration
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
v_securedGnPdu := f_prepareSecuredCam_Bo(
cc_taCert_A,
-,
1,
-,
e_certificate
);
f_sleep(PX_TNOAC);
v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload);
for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) {
// empty on purpose
}
if(i < lengthof(vc_utInds)) {
log("*** " & testcasename() & ": PASS: GN was transmitted to upper layer ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
else {
log("*** " & testcasename() & ": FAIL: GN was not transmitted to upper layer ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_RCV_CAM_11_01_EB
/**
* @desc Check that the IUT discards Secured message containing signature that is not verified using the
* verification key from the certificate, referenced by the digest contained in the message's signer info
*
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* }
* ensure that {
* when {
* the IUT is receiving a SecuredMessage {
* containing header_fields ['signer_info'] {
* containing signer {
* containing type
* indicating 'certificate_digest_with_sha256'
* containing digest
* referencing to the certificate
* containing subject_info.subject_type
* indicating 'authorization_ticket' (2)
* and containing subject_attributes['verification key'] (KEY)
* }
* }
* containing header_fields['its_aid']
* indicating 'AID_CAM'
* containing trailer_fields {
* containing single instance of type TrailerField {
* containing type
* indicating 'signature'
* containing signature
* NOT verifiable using KEY
* }
* }
* }
* } then {
* the IUT discards the message
* }
* }
*
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_RCV_CAM_11_02_BO
* @reference ETSI TS 103 097 [1], clause 7.1
*/
testcase TC_SEC_ITSS_RCV_CAM_11_02_BO() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var integer i;
var GeoNetworkingPdu v_securedGnPdu;
var GnRawPayload v_sentRawPayload;
// Test adapter configuration
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
v_securedGnPdu := f_prepareSecuredCam(
cc_taCert_A,
omit,
e_certificate_digest_with_sha256
);
v_securedGnPdu.gnPacket.securedMsg.trailer_fields[0].trailerField.signature_.signature_.ecdsa_signature.s
:= not4b(v_securedGnPdu.gnPacket.securedMsg.trailer_fields[0].trailerField.signature_.signature_.ecdsa_signature.s);
f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu));
f_sleep(PX_TNOAC);
v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload);
for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) {
// empty on purpose
}
if(i < lengthof(vc_utInds)) {
log("*** " & testcasename() & ": PASS: GN was transmitted to upper layer ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
else {
log("*** " & testcasename() & ": FAIL: GN was not transmitted to upper layer ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_RCV_CAM_11_02_EB
/**
* @desc Check that IUT discards a Secured CAM if the signer certificate of the message contains the subject type "enrolment_credential"
*
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* Expected behaviour:
* ensure that {
* when {
* the IUT is receiving a SecuredMessage (CAM)
* containing header_field 'signer_info'
* containing signer_info.type
* indicating 'certificate'
* containing signer.certificate.subject_info.subject_type
* indicating 'enrolment_credentials'
* and containing header_field 'its_aid'
* indicating 'AID_CAM'
* }
* and not containing other header fields
* } then {
* the IUT discards the message
* }
* }
*
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_RCV_CAM_12_01_BO
* @reference ETSI TS 103 097 [1], clauses 7.1 and 7.4
*/
testcase TC_SEC_ITSS_RCV_CAM_12_01_BO() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var integer i;
var GeoNetworkingPdu v_securedGnPdu;
var GnRawPayload v_sentRawPayload;
// Test adapter configuration
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
v_securedGnPdu := f_prepareSecuredCam(
cc_taCert_EC,
{
m_header_field_generation_time(1000 * f_getCurrentTime()), // In us
m_header_field_its_aid_CAM
},
e_certificate,
true
);
f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu));
f_sleep(PX_TNOAC);
v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload);
for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) {
// empty on purpose
} // End of 'for' statement
if (i < lengthof(vc_utInds)) {
log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
else {
log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_RCV_CAM_12_01_EB
/**
* @desc Check that IUT discards a Secured CAM if the signer certificate of the message contains the subject type "authorization_authority"
*
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* Expected behaviour:
* ensure that {
* when {
* the IUT is receiving a SecuredMessage (CAM)
* containing header_field 'signer_info'
* containing signer_info.type
* indicating 'certificate'
* containing signer.certificate.subject_info.subject_type
* indicating 'authorization_authority'
* and containing header_field 'its_aid'
* indicating 'AID_CAM'
* }
* and not containing other header fields
* } then {
* the IUT discards the message
* }
* }
*
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_RCV_CAM_12_02_BO
* @reference ETSI TS 103 097 [1], clauses 7.1 and 7.4
*/
testcase TC_SEC_ITSS_RCV_CAM_12_02_BO() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var integer i;
var GeoNetworkingPdu v_securedGnPdu;
var GnRawPayload v_sentRawPayload;
// Test adapter configuration
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
v_securedGnPdu := f_prepareSecuredCam(
cc_taCert_AA,
{
m_header_field_generation_time(1000 * f_getCurrentTime()), // In us
m_header_field_its_aid_CAM
},
e_certificate,
true
);
f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu));
f_sleep(PX_TNOAC);
v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload);
for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) {
// empty on purpose
} // End of 'for' statement
if (i < lengthof(vc_utInds)) {
log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
else {
log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_RCV_CAM_12_02_EB
} // End of group g_recvCamProfile
group g_recvDenmProfile {
/**
* @desc Check that IUT accepts a well-formed Secured DENM signed with the certificate without region validity restriction
*
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Expected behavior:
* with {
* the IUT being in the 'authorized' state
* }
* ensure that {
* when {
* the IUT is receiving a SecuredMessage
* containing header_fields[0]
* containing type
* indicating 'signer_info'
* and containing signer {
* containing type
* indicating 'certificate'
* and containing certificate (CERT_AT_A) {
* containing subject_info.subject_type
* indicating 'authorization_ticket' (2)
* and containing subject_attributes['verification key'] (KEY)
* and not containing validity_restrictions['region']
* }
* }
* and containing header_fields [1]
* containing type
* indicating 'generation_time'
* containing generation_time
* indicating CURRENT_TIME
* and containing header_fields [2]
* containing type
* indicating 'generation_location'
* containing generation_location
* and containing header_fields[3]
* containing type
* indicating 'its_aid'
* containing its_aid
* indicating 'AID_DENM'
* and containing payload_field {
* containing type
* indicating 'signed'
* containing data
* indicating length > 0
* containing DENM payload
* }
* and containing trailer_fields {
* containing single instance of type TrailerField {
* containing type
* indicating 'signature'
* containing signature
* verifiable using KEY
* }
* }
* } then {
* the IUT accepts the message
* }
* }
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_RCV_DENM_01_01_BV
* @reference ETSI TS 103 097 [1], clause 7.2
*/
testcase TC_SEC_ITSS_RCV_DENM_01_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var integer i;
var GeoNetworkingPdu v_securedGnPdu;
var GnRawPayload v_sentRawPayload;
// Test control
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
v_securedGnPdu := f_sendSecuredDenm(cc_taCert_A, omit, e_certificate);
f_sleep(PX_TNOAC);
v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload);
for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) {
// empty on purpose
}
if (i < lengthof(vc_utInds)) {
log("*** " & testcasename() & ": PASS: DENM was transmitted to upper layer ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
else {
log("*** " & testcasename() & ": FAIL: DENM was not transmitted to upper layer ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_RCV_DENM_01_01_BV
/**
* @desc Check that IUT accepts a well-formed Secured DENM signe with the certificate with a circular region validity restriction
*
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Expected behavior:
* with {
* the IUT being in the 'authorized' state
* }
* ensure that {
* when {
* the IUT is receiving a SecuredMessage
* and containing header_fields[0]
* containing type
* indicating 'signer_info'
* and containing signer {
* containing type
* indicating 'certificate'
* and containing certificate (CERT_AT_B) {
* containing subject_info.subject_type
* indicating 'authorization_ticket' (2)
* and containing subject_attributes['verification key'] (KEY)
* and containing validity_restrictions['region'] {
* containing region{
* containing region_type
* indicating 'circle'
* and containing circular_region
* indicating REGION
* }
* }
* }
* and containing header_fields [1]
* containing type
* indicating 'generation_time'
* containing generation_time
* indicating CURRENT_TIME
* and containing header_fields [2]
* containing type
* indicating 'generation_location'
* containing generation_location
* indicating position inside the REGION
* and containing header_fields[3]
* containing type
* indicating 'its_aid'
* containing its_aid
* indicating 'AID_DENM'
* and not containing any other header_fields
* and containing payload_fields {
* containing type
* indicating 'signed'
* containing data
* indicating length > 0
* containing DENM payload
* }
* and containing trailer_fields {
* containing single instance of type TrailerField {
* containing type
* indicating 'signature'
* containing signature
* verifiable using KEY
* }
* }
* } then {
* the IUT accepts the message
* }
* }
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_RCV_DENM_01_02_BV
* @reference ETSI TS 103 097 [1], clause 7.2
*/
testcase TC_SEC_ITSS_RCV_DENM_01_02_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var integer i;
var GeoNetworkingPdu v_securedGnPdu;
var GnRawPayload v_sentRawPayload;
// Test control
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
v_securedGnPdu := f_sendSecuredDenm(cc_taCert_B, omit, e_certificate);
f_sleep(PX_TNOAC);
v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload);
for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) {
// empty on purpose
}
if (i < lengthof(vc_utInds)) {
log("*** " & testcasename() & ": PASS: DENM was transmitted to upper layer ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
else {
log("*** " & testcasename() & ": FAIL: DENM was not transmitted to upper layer ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_RCV_DENM_01_02_BV
/**
* @desc Check that IUT accepts a well-formed Secured DENM signe with the certificate with a rectangular region validity restriction
*
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Expected Behavior:
* with {
* the IUT being in the 'authorized' state
* }
* ensure that {
* when {
* the IUT is receiving a SecuredMessage
* containing protocol_version
* indicating value '2'
* and containing header_fields[0]
* containing type
* indicating 'signer_info'
* and containing signer {
* containing type
* indicating 'certificate'
* and containing certificate (CERT_AT_C) {
* containing subject_info.subject_type
* indicating 'authorization_ticket' (2)
* and containing subject_attributes['verification key'] (KEY)
* and containing validity_restrictions['region'] {
* containing region{
* containing region_type
* indicating 'rectangle'
* and containing rectangular_regions
* indicating REGIONS
* }
* }
* }
* and containing header_fields [1]
* containing type
* indicating 'generation_time'
* containing generation_time
* indicating CURRENT_TIME
* and containing header_fields [2]
* containing type
* indicating 'generation_location'
* containing generation_location
* indicating position inside the REGION
* and containing header_fields[3]
* containing type
* indicating 'its_aid'
* containing its_aid
* indicating 'AID_DENM'
* and not containing any other header_fields
* and containing payload_field {
* containing type
* indicating 'signed'
* containing data
* indicating length > 0
* containing DENM payload
* }
* and containing trailer_fields {
* containing single instance of type TrailerField {
* containing type
* indicating 'signature'
* containing signature
* verifiable using KEY
* }
* }
* } then {
* the IUT accepts the message
* }
* }
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_RCV_DENM_01_03_BV
* @reference ETSI TS 103 097 [1], clause 7.2
*/
testcase TC_SEC_ITSS_RCV_DENM_01_03_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var integer i;
var GeoNetworkingPdu v_securedGnPdu;
var GnRawPayload v_sentRawPayload;
// Test control
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
v_securedGnPdu := f_sendSecuredDenm(cc_taCert_C, omit, e_certificate);
f_sleep(PX_TNOAC);
v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload);
for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) {
// empty on purpose
}
if (i < lengthof(vc_utInds)) {
log("*** " & testcasename() & ": PASS: DENM was transmitted to upper layer ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
else {
log("*** " & testcasename() & ": FAIL: DENM was not transmitted to upper layer ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_RCV_DENM_01_03_BV
/**
* @desc Check that IUT accepts a well-formed Secured DENM signe with the certificate with a polygonal region validity restriction
*
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Expected Behavior:
* with {
* the IUT being in the 'authorized' state
* }
* ensure that {
* when {
* the IUT is receiving a SecuredMessage
* containing protocol_version
* indicating value '2'
* and containing header_fields[0]
* containing type
* indicating 'signer_info'
* and containing signer {
* containing type
* indicating 'certificate'
* and containing certificate (CERT_AT_D) {
* containing subject_info.subject_type
* indicating 'authorization_ticket' (2)
* and containing subject_attributes['verification key'] (KEY)
* and containing validity_restrictions['region'] {
* containing region{
* containing region_type
* indicating 'polygon'
* and containing polygonal_region
* indicating REGION
* }
* }
* }
* and containing header_fields [1]
* containing type
* indicating 'generation_time'
* containing generation_time
* indicating CURRENT_TIME
* and containing header_fields [2]
* containing type
* indicating 'generation_location'
* containing generation_location
* indicating position inside the REGION
* and containing header_fields[3]
* containing type
* indicating 'its_aid'
* containing its_aid
* indicating 'AID_DENM'
* and not containing any other header_fields
* and containing payload_field {
* containing type
* indicating 'signed'
* containing data
* indicating length > 0
* containing DENM payload
* }
* and containing trailer_fields {
* containing single instance of type TrailerField {
* containing type
* indicating 'signature'
* containing signature
* verifiable using KEY
* }
* }
* } then {
* the IUT accepts the message
* }
* }
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_RCV_DENM_01_04_BV
* @reference ETSI TS 103 097 [1], clause 7.2
*/
testcase TC_SEC_ITSS_RCV_DENM_01_04_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var integer i;
var GeoNetworkingPdu v_securedGnPdu;
var GnRawPayload v_sentRawPayload;
// Test control
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
v_securedGnPdu := f_sendSecuredDenm(cc_taCert_D, omit, e_certificate);
f_sleep(PX_TNOAC);
v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload);
for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) {
// empty on purpose
}
if (i < lengthof(vc_utInds)) {
log("*** " & testcasename() & ": PASS: DENM was transmitted to upper layer ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
else {
log("*** " & testcasename() & ": FAIL: DENM was not transmitted to upper layer ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_RCV_DENM_01_04_BV
/**
* @desc Check that IUT accepts a well-formed Secured DENM signe with the certificate with a identified region validity restriction
*
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Expected Behavior:
* with {
* the IUT being in the 'authorized' state
* }
* ensure that {
* when {
* the IUT is receiving a SecuredMessage
* containing protocol_version
* indicating value '2'
* and containing header_fields[0]
* containing type
* indicating 'signer_info'
* and containing signer {
* containing type
* indicating 'certificate'
* and containing certificate (CERT_AT_E) {
* containing subject_info.subject_type
* indicating 'authorization_ticket' (2)
* and containing subject_attributes['verification key'] (KEY)
* and containing validity_restrictions['region'] {
* containing region{
* containing region_type
* indicating 'id_region'
* and containing identified_region
* indicating REGION
* }
* }
* }
* and containing header_fields [1]
* containing type
* indicating 'generation_time'
* containing generation_time
* indicating CURRENT_TIME
* and containing header_fields [2]
* containing type
* indicating 'generation_location'
* containing generation_location
* indicating position inside the REGION
* and containing header_fields[3]
* containing type
* indicating 'its_aid'
* containing its_aid
* indicating 'AID_DENM'
* and not containing any other header_fields
* and containing payload_field {
* containing type
* indicating 'signed'
* containing data
* indicating length > 0
* containing DENM payload
* }
* and containing trailer_fields {
* containing single instance of type TrailerField {
* containing type
* indicating 'signature'
* containing signature
* verifiable using KEY
* }
* }
* } then {
* the IUT accepts the message
* }
* }
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_RCV_DENM_01_05_BV
* @reference ETSI TS 103 097 [1], clause 7.2
*/
testcase TC_SEC_ITSS_RCV_DENM_01_05_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var integer i;
var GeoNetworkingPdu v_securedGnPdu;
var GnRawPayload v_sentRawPayload;
// Test control
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
v_securedGnPdu := f_sendSecuredDenm(cc_taCert_D, omit, e_certificate);
f_sleep(PX_TNOAC);
v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload);
for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) {
// empty on purpose
}
if (i < lengthof(vc_utInds)) {
log("*** " & testcasename() & ": PASS: DENM was transmitted to upper layer ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
else {
log("*** " & testcasename() & ": FAIL: DENM was not transmitted to upper layer ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_RCV_DENM_01_05_BV
/**
* @desc Check that IUT discards a Secured DENM containing protocol version set to a value less then 2
*
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* }
* ensure that {
* when {
* the IUT is receiving a SecuredMessage (DENM)
* containing protocol_version
* indicating 1
* containing header_fields['its_aid']
* indicating 'AID_DENM'
* } then {
* the IUT discards a SecuredMessage
* }
* }
*
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_RCV_DENM_02_01_BO
* @reference ETSI TS 103 097 [1], clause 5.2
*/
testcase TC_SEC_ITSS_RCV_DENM_02_01_BO() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var integer i;
var GeoNetworkingPdu v_securedGnPdu;
var GnRawPayload v_sentRawPayload;
// Test control
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
v_securedGnPdu := f_sendSecuredDenm_Bo(cc_taCert_A, PX_WRONG_PROTOCOL_VERSION);
f_sleep(PX_TNOAC);
v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload);
for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) {
// empty on purpose
}
if (i < lengthof(vc_utInds)) {
log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
else {
log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_RCV_DENM_02_01_BO
/**
* @desc Check that IUT discards a Secured DENM containing protocol version set to a value greater then 2
*
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* }
* ensure that {
* when {
* the IUT is receiving a SecuredMessage (DENM)
* containing protocol_version
* indicating 3
* containing header_fields['its_aid']
* indicating 'AID_DENM'
* } then {
* the IUT discards a SecuredMessage
* }
* }
*
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_RCV_DENM_02_02_BO
* @reference ETSI TS 103 097 [1], clause 5.2
*/
testcase TC_SEC_ITSS_RCV_DENM_02_02_BO() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var integer i;
var GeoNetworkingPdu v_securedGnPdu;
var GnRawPayload v_sentRawPayload;
// Test control
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
v_securedGnPdu := f_sendSecuredDenm_Bo(cc_taCert_A, PX_WRONG_PROTOCOL_VERSION);
f_sleep(PX_TNOAC);
v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload);
for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) {
// empty on purpose
}
if (i < lengthof(vc_utInds)) {
log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
else {
log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_RCV_DENM_02_02_BO
/**
* @desc Check that IUT discards secured DENM when its_aid value is not equal to AID_DENM
*
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* }
* ensure that {
* when {
* the IUT is receiving a SecuredMessage
* containing header_fields['its_aid']
* indicating 'AID_CAM'
* and containing payload_field {
* containing type
* indicating 'signed'
* containing data
* containing DENM payload
* }
* } then {
* the IUT discards the DENM
* }
* }
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_RCV_DENM_07_01_BO
* @reference ETSI TS 103 097 [1], clause 7.2
*/
testcase TC_SEC_ITSS_RCV_DENM_07_01_BO() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var integer i;
var GeoNetworkingPdu v_securedGnPdu;
var GnRawPayload v_sentRawPayload;
// Test control
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
v_securedGnPdu := f_prepareSecuredDenm(
cc_taCert_A,
{
m_header_field_its_aid_CAM
}
);
f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu));
f_sleep(PX_TNOAC);
v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload);
for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) {
// empty on purpose
} // End of 'for' statement
if (i < lengthof(vc_utInds)) {
log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
else {
log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_RCV_DENM_07_01a_EB
/**
* @desc Check that IUT discards Secured DENM if the HeaderField generation_location is outside of the circular validity region of the signing certificate
*
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* }
* ensure that {
* when {
* the IUT is requested to send DENM
* } then {
* the IUT is receiving a SecuredMessage {
* containing header_fields['signer_info'].type
* indicating 'certificate'
* and containing header_fields ['signer_info'].certificate (CERT_AT_B)
* containing validity_restrictions['region'] {
* containing region{
* containing region_type
* indicating 'circle'
* and containing circular_region
* indicating REGION
* }
* }
* and containing header_fields ['generation_location']
* containing generation_location
* indicating position outside the REGION
* and containing header_fields['its_aid']
* indicating 'AID_DENM'
* }
* }
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_RCV_DENM_08_01_BO
* @reference ETSI TS 103 097 [1], clause 7.2
*/
testcase TC_SEC_ITSS_RCV_DENM_08_01_BO() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var integer i;
var GeoNetworkingPdu v_securedGnPdu;
var GnRawPayload v_sentRawPayload;
// Test control
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
v_securedGnPdu := f_sendSecuredDenm(cc_taCert_B_BO, omit, e_certificate);
f_sleep(PX_TNOAC);
v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload);
for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) {
// empty on purpose
} // End of 'for' statement
if (i == lengthof(vc_utInds)) {
log("*** " & testcasename() & ": PASS: DENM was dropped by the IUT ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
else {
log("*** " & testcasename() & ": FAIL: DENM was transmitted to upper layer ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_RCV_DENM_08_01_BO
/**
* @desc Check that IUT discards Secured DENM if the HeaderField generation_location is outside of the rectangilar validity region of the signing certificate
*
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* }
* ensure that {
* when {
* the IUT is requested to send DENM
* } then {
* the IUT is receiving a SecuredMessage {
* containing header_fields['signer_info'].type
* indicating 'certificate'
* and containing header_fields ['signer_info'].certificate (CERT_AT_C)
* containing validity_restrictions['region'] {
* containing region{
* containing region_type
* indicating 'rectangle'
* and containing rectangular_regions
* indicating REGION
* }
* }
* and containing header_fields ['generation_location']
* containing generation_location
* indicating position outside the REGION
* and containing header_fields['its_aid']
* indicating 'AID_DENM'
* }
* }
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_RCV_DENM_08_02_BO
* @reference ETSI TS 103 097 [1], clause 7.2
*/
testcase TC_SEC_ITSS_RCV_DENM_08_02_BO() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var integer i;
var GeoNetworkingPdu v_securedGnPdu;
var GnRawPayload v_sentRawPayload;
// Test control
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
v_securedGnPdu := f_sendSecuredDenm(cc_taCert_C_BO, omit, e_certificate);
f_sleep(PX_TNOAC);
v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload);
for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) {
// empty on purpose
} // End of 'for' statement
if (i == lengthof(vc_utInds)) {
log("*** " & testcasename() & ": PASS: DENM was dropped by the IUT ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
else {
log("*** " & testcasename() & ": FAIL: DENM was transmitted to upper layer ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_RCV_DENM_08_02_BO
/**
* @desc Check that IUT discards Secured DENM if the HeaderField generation_location is outside of the polygonal validity region of the signing certificate
*
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* }
* ensure that {
* when {
* the IUT is requested to send DENM
* } then {
* the IUT is receiving a SecuredMessage {
* containing header_fields['signer_info'].type
* indicating 'certificate'
* and containing header_fields ['signer_info'].certificate (CERT_AT_D)
* containing validity_restrictions['region'] {
* containing region{
* containing region_type
* indicating 'polygon'
* and containing polygonal_region
* indicating REGION
* }
* }
* and containing header_fields ['generation_location']
* containing generation_location
* indicating position outside the REGION
* and containing header_fields['its_aid']
* indicating 'AID_DENM'
* }
* }
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_RCV_DENM_08_03_BO
* @reference ETSI TS 103 097 [1], clause 7.2
*/
testcase TC_SEC_ITSS_RCV_DENM_08_03_BO() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var integer i;
var GeoNetworkingPdu v_securedGnPdu;
var GnRawPayload v_sentRawPayload;
// Test control
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
v_securedGnPdu := f_sendSecuredDenm(cc_taCert_D_BO, omit, e_certificate);
f_sleep(PX_TNOAC);
v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload);
for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) {
// empty on purpose
} // End of 'for' statement
if (i == lengthof(vc_utInds)) {
log("*** " & testcasename() & ": PASS: DENM was dropped by the IUT ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
else {
log("*** " & testcasename() & ": FAIL: DENM was transmitted to upper layer ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_RCV_DENM_08_03_BO
/**
* @desc Check that IUT discards Secured DENM if the HeaderField generation_location is outside of the identified validity region of the signing certificate
*
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* }
* ensure that {
* when {
* the IUT is requested to send DENM
* } then {
* the IUT is receiving a SecuredMessage {
* containing header_fields['signer_info'].type
* indicating 'certificate'
* and containing header_fields ['signer_info'].certificate (CERT_AT_E)
* containing validity_restrictions['region'] {
* containing region{
* containing region_type
* indicating 'id_region'
* and containing identified_region
* indicating REGION
* }
* }
* and containing header_fields ['generation_location']
* containing generation_location
* indicating position outside the REGION
* and containing header_fields['its_aid']
* indicating 'AID_DENM'
* }
* }
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_RCV_DENM_08_04_BO
* @reference ETSI TS 103 097 [1], clause 7.2
*/
testcase TC_SEC_ITSS_RCV_DENM_08_04_BO() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var integer i;
var GeoNetworkingPdu v_securedGnPdu;
var GnRawPayload v_sentRawPayload;
// Test control
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
v_securedGnPdu := f_sendSecuredDenm(cc_taCert_E_BO, omit, e_certificate);
f_sleep(PX_TNOAC);
v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload);
for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) {
// empty on purpose
} // End of 'for' statement
if (i == lengthof(vc_utInds)) {
log("*** " & testcasename() & ": PASS: DENM was dropped by the IUT ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
else {
log("*** " & testcasename() & ": FAIL: DENM was transmitted to upper layer ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_RCV_DENM_08_04_BO
} // End of group g_recvDenmProfile
} // End of group g_receiverbehavior
group g_Certificates {
/**
* @desc Check that AT certificate has version 2
*
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* the IUT being requested to include certificate in the next CAM
* }
* Expected Behaviour:
* ensure that {
* when {
* the IUT is requested to send a CAM
* } then {
* the IUT sends a SecuredMessage
* containing header_fields['signer_info'].signer {
* containing type
* indicating certificate
* containing certificate {
* containing version
* indicating '2'
* }
* }
* }
* }
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_SND_CERT_01_01_BV
* @reference ETSI TS 103 097 [1], clauses 6.1 and 7.4
*/
testcase TC_SEC_SND_CERT_01_01() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
// Test control
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage(
superset(
mw_header_field_signer_info_certificate(
mw_certificate(
))))))) {
tc_ac.stop;
log("*** " & testcasename() & ": PASS: AT Certificate version set to " & int2char(c_certificate_version) & " ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage(
superset(
mw_header_field_signer_info_certificate(
?
)))))) {
tc_ac.stop;
log("*** " & testcasename() & ": FAIL: AT Certificate version mismatch ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_SND_CERT_01_01
/**
* @desc Check that AA certificate has version 2
*
* Pics Selection: PICS_GN_SECURITY and not PICS_CERTIFICATE_SELECTION
* Config Id: CF01
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* the IUT being requested to include certificate chain in the next CAM
* }
* Expected Behaviour:
* ensure that {
* when {
* the IUT is requested to send a CAM
* } then {
* the IUT sends a SecuredMessage
* containing header_fields['signer_info'].signer {
* containing type
* indicating certificate_chain
* containing certificates.length >1
* containing certificates[last-1] {
* containing version
* indicating '2'
* }
* }
* }
* }
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_SND_CERT_01_02_BV
* @reference ETSI TS 103 097 [1], clauses 6.1 and 7.4
*/
testcase TC_SEC_SND_CERT_01_02() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var SecuredMessage v_recv;
var Certificate v_cert;
var SignerInfo v_si;
var HashedId8 v_digest;
// Test control
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Wait for the message with the certificate to retrieve the AA digest.
// Ask for the chain, containing AT and AA certificate
// Check AA Certificate
log("*** " & testcasename() & ": INFO: Wait for certificate and ask for certificate chain ***");
tc_ac.start;
f_askForCertificateChain(f_generateDefaultCam());
tc_ac.stop;
// Test Body
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage(
superset(
mw_header_field_signer_info_certificate_chain(
superset(
mw_aa_certificate
))))))) {
tc_ac.stop;
log("*** " & testcasename() & ": PASS: AA certificate version set to " & int2char(c_certificate_version) & " ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage(
superset(
mw_header_field_signer_info_certificate_chain
))))) {
tc_ac.stop;
log("*** " & testcasename() & ": FAIL: AA certificate version mismatch or no AA cert received***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_SND_CERT_01_02
/**
* @desc Check that the certificate chain is valid: Check signer_info
*
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* the IUT being requested to include certificate chain in the next CAM
* } ensure that {
* when {
* the IUT is requested to send a CAM
* } then {
* the IUT sends a SecuredMessage
* containing header_fields['signer_info'].signer {
* containing type
* indicating certificate_chain
* containing certificates[N] {
* containing signer_info {
* containing type
* indicating 'certificate_digest_with_sha256'
* containing digest
* referenced to the certificates[N-1]
* }
* }
* }
* }
* }
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_SND_CERT_02_01_BV
* @reference ETSI TS 103 097 [1], clause 4.2.10
*/
testcase TC_SEC_SND_CERT_02_01() runs on ItsGeoNetworking system ItsSecSystem {
// Local declarations
var CertificateChain v_chain;
var SignerInfo v_si;
var HashedId8 v_digest;
// Test control
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain ***");
tc_ac.start;
if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
}
tc_ac.stop;
// Test Body
for (var integer v_counter := lengthof(v_chain) - 1; v_counter > 0; v_counter := v_counter - 1) {
if (not f_getCertificateSignerInfo(v_chain[v_counter], v_si)) {
log("*** " & testcasename() & ": FAIL: Certificate " & int2str(v_counter) & " doesn't contain signer info ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
if (not match (v_si.type_, e_certificate_digest_with_sha256)) {
log("*** " & testcasename() & ": FAIL: Certificate is not signed with digest ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
v_digest := f_calculateDigestFromCertificate(v_chain[v_counter - 1]);
if (not match (v_si.signerInfo.digest, v_digest)) {
log("*** " & testcasename() & ": FAIL: Certificate chain is not valid ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
} // End of 'for' statement
log("*** " & testcasename() & ": PASS: Certificate chain is well signed ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_SND_CERT_02_01
/**
* @desc Check that the length of the vector of rectangles is less then 6.
* Check that region is continuous and does not contain any holes.
* Check that the rectangles are valid
*
* Pics Selection: PICS_GN_SECURITY and PICS_USE_RECTANGULAR_REGION and PICS_CERTIFICATE_SELECTION
* Config Id: CF01
* with {
* the IUT being in the 'authorized' state
* the IUT being requested to include certificate in the next CAM
* } ensure that {
* when {
* the IUT is requested to send a CAM
* } then {
* the IUT sends a SecuredMessage
* containing header_fields['signer_info'].signer {
* containing type
* indicating 'certificate'
* containing certificate {
* containing no validity restriction or validity_restrictions['region']{
* containing region_type
* indicating 'rectangle'
* containing rectangular_region {
* indicating length <= 6
* containing elements of type RectangularRegion
* indicating continuous region without holes
* containing northwest and southeast
* indicating northwest is on the north from southeast
* }
* }
* }
* }
* }
* }
* @remark Certificate: cc_taCert_C
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_SND_CERT_04_01_BV
* @reference ETSI TS 103 097 [1], clauses 4.2.20 and 4.2.23
*/
testcase TC_SEC_SND_CERT_04_01() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var Certificate v_cert;
var ValidityRestriction v_vr;
var integer v_counter;
// Test control
if (not(PICS_GN_SECURITY) or not(PICS_USE_RECTANGULAR_REGION) or not(PICS_CERTIFICATE_SELECTION)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_USE_RECTANGULAR_REGION and PICS_CERTIFICATE_SELECTION' required for executing the TC ***");
stop;
}
// Test component configuration
vc_hashedId8ToBeUsed := cc_iutCert_C;
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test body
tc_ac.start;
f_waitForCertificate(v_cert);
tc_ac.stop;
if (f_getCertificateValidityRestriction(v_cert, e_region, v_vr)) {
if (v_vr.validity.region.region_type == e_rectangle) {
var RectangularRegions v_rects := v_vr.validity.region.region.rectangular_region;
if (lengthof(v_rects) > 6) {
log("*** " & testcasename() & ": FAIL: Rectangular regions count is more then 6 ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
for (v_counter := 0; v_counter 1) {
if (true != f_isContinuousRectangularRegions(v_rects)) {
log("*** " & testcasename() & ": FAIL: Rectangular regions are not connected all together ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}
} else {
log("*** " & testcasename() & ": INCONC: Certificate has other region type ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); // to be inconc
}
log("*** " & testcasename() & ": PASS: Certificate has a valid rectangular region restrictions ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
} else {
log("*** " & testcasename() & ": PASS: Certificate doesn't have any location restrictions ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_SND_CERT_04_01
/**
* @desc Check that the rectangular region of the subordinate certificate is well formed
* and inside the validity restrictions of the issuing certificate.
*
* Pics Selection: PICS_GN_SECURITY and PICS_USE_RECTANGULAR_REGION and PICS_CERTIFICATE_SELECTION
* Config Id: CF01
* with {
* the IUT being in the 'authorized' state
* the IUT being requested to include certificate chain in the next CAM
* } ensure that {
* when {
* the IUT is requested to send a CAM
* } then {
* the IUT sends a SecuredMessage
* containing header_fields['signer_info'].signer {
* containing type
* indicating 'certificate_chain'
* containing certificates
* indicating CERTIFICATES {
* containing CERTIFICATES[N] {
* containing validity_restrictions['region'] {
* containing region_type
* indicating 'rectangle'
* containing rectangular_region {
* indicating length <= 6
* and containing elements of type RectangularRegion
* containing northwest and southeast
* indicating northwest on the north from southeast
* and indicating continuous region without holes
* which is inside the CERTIFICATES[N-1].validity_restrictions['region'] if region validity restriction is containted in certificate CERTIFICATES[N-1]
* }
* }
* }
* }
* }
* }
* }
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_SND_CERT_04_02_BV
* @reference ETSI TS 103 097 [1], clauses 4.2.20 and 4.2.23
*/
testcase TC_SEC_SND_CERT_04_02() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var CertificateChain v_chain;
var ValidityRestriction v_vr := valueof(m_validity_restriction_unknown), v_vri := valueof(m_validity_restriction_unknown); // current and issuing cert validity restrictions
var boolean f_vr := false, f_vri := false;
// Test control
if (not(PICS_GN_SECURITY) or not(PICS_USE_RECTANGULAR_REGION) or not(PICS_CERTIFICATE_SELECTION)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_USE_RECTANGULAR_REGION and PICS_CERTIFICATE_SELECTION' required for executing the TC ***");
stop;
}
// Test component configuration
vc_hashedId8ToBeUsed := cc_iutCert_C;
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain ***");
tc_ac.start;
if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
} else {
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
}
// Test Body
tc_ac.stop;
for (var integer v_counter := 0; v_counter < lengthof(v_chain); v_counter := v_counter + 1) {
v_vri := v_vr;
f_vri := f_vr;
f_vr := f_getCertificateValidityRestriction(v_chain[v_counter], e_region, v_vr);
log("v_chain[v_counter]=", v_chain[v_counter]);
if (f_vr) {
var RectangularRegions v_rects;
if (v_vr.validity.region.region_type != e_rectangle) {
log("*** " & testcasename() & ": INCONC: Certificate validity restriction region is not rectangular ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
v_rects := v_vr.validity.region.region.rectangular_region;
log("v_rects=", v_rects);
if (lengthof(v_rects) > 6) {
log("*** " & testcasename() & ": FAIL: Rectangular regions count is more then 6 ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
for (var integer j:=0; j
* Pics Selection: PICS_GN_SECURITY and PICS_USE_POLYGONAL_REGION and PICS_CERTIFICATE_SELECTION
* Config Id: CF01
* with {
* the IUT being in the 'authorized' state
* the IUT being requested to include certificate in the next CAM
* } ensure that {
* when {
* the IUT is requested to send a CAM
* } then {
* the IUT sends a SecuredMessage
* containing header_fields['signer_info'].signer {
* containing type
* indicating 'certificate'
* containing certificate {
* containing validity_restrictions['region']{
* containing region_type
* indicating 'polygon'
* containing polygonal_region {
* indicating length >=3 and <=12
* indicating continuous region without holes and intersections
* }
* }
* }
* }
* }
* }
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_SND_CERT_05_01_BV
* @reference ETSI TS 103 097 [1], clause 4.2.24
*/
testcase TC_SEC_SND_CERT_05_01() runs on ItsGeoNetworking system ItsSecSystem {
var Certificate v_cert;
var ValidityRestriction v_vr;
var integer v_counter;
// Test control
if (not(PICS_GN_SECURITY) or not(PICS_USE_POLYGONAL_REGION) or not(PICS_CERTIFICATE_SELECTION)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_USE_POLYGONAL_REGION and PICS_CERTIFICATE_SELECTION' required for executing the TC ***");
stop;
}
// Test component configuration
vc_hashedId8ToBeUsed := cc_iutCert_D;
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test body
tc_ac.start;
f_waitForCertificate(v_cert);
tc_ac.stop;
if (f_getCertificateValidityRestriction(v_cert, e_region, v_vr)) {
if (v_vr.validity.region.region_type == e_polygon) {
var PolygonalRegion v_pr := v_vr.validity.region.region.polygonal_region;
var integer v_length := lengthof(v_pr);
if (v_length < 3) {
log("*** " & testcasename() & ": FAIL: Count of points in polygonal region is too small ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
if (v_length > 12) {
log("*** " & testcasename() & ": FAIL: Count of points in polygonal region is too big ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
if (true != f_isValidPolygonalRegion(v_pr)) {
log("*** " & testcasename() & ": FAIL: Polygonal region is not valid (self-intersected) ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
log("*** " & testcasename() & ": PASS: Certificate has a valid rectangular region restrictions ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
} else {
log("*** " & testcasename() & ": INCONC: Certificate has other region type ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); // to be inconc
}
} else {
log("*** " & testcasename() & ": PASS: Certificate doesn't have any location restrictions ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_SND_CERT_05_01
/**
* @desc Check Polygonal Region:
* Must contain at least 3 and no more then 12 points.
* Intersections and holes are not permited.
* The region must be inside the issuing certificate restrictions.
*
* Pics Selection: PICS_GN_SECURITY and PICS_USE_POLYGONAL_REGION and not PICS_CERTIFICATE_SELECTION
* Config Id: CF01
* with {
* the IUT being in the 'authorized' state
* the IUT being requested to include certificate chain in the next CAM
* } ensure that {
* when {
* the IUT is requested to send a CAM
* } then {
* the IUT sends a SecuredMessage
* containing header_fields['signer_info'].signer {
* containing type
* indicating 'certificate_chain'
* containing certificates
* indicating CERTIFICATES {
* containing CERTIFICATES[N] {
* containing validity_restrictions['region'] {
* containing region_type
* indicating 'polygon'
* containing polygonal_region {
* indicating length >=3 and <=12
* indicating continuous region without holes and intersections
* which is inside the CERTIFICATES[N-1].validity_restrictions['region'].polygonal_region
* if region validity restriction is containted in certificate CERTIFICATES[N-1]
* }
* }
* }
* }
* }
* }
* }
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_SND_CERT_05_02_BV
* @reference ETSI TS 103 097 [1], clause 4.2.24
*/
testcase TC_SEC_SND_CERT_05_02() runs on ItsGeoNetworking system ItsSecSystem {
// Local declarations
var CertificateChain v_chain;
var ValidityRestriction v_vr := valueof(m_validity_restriction_unknown), v_vri := valueof(m_validity_restriction_unknown); // current and issuing cert validity restrictions
var boolean f_vr := false, f_vri := false;
// Test control
if (not(PICS_GN_SECURITY) or not(PICS_USE_POLYGONAL_REGION) or not(PICS_CERTIFICATE_SELECTION)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_USE_POLYGONAL_REGION and PICS_CERTIFICATE_SELECTION' required for executing the TC ***");
stop;
}
// Test component configuration
vc_hashedId8ToBeUsed := cc_iutCert_D;
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain ***");
tc_ac.start;
if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
} else {
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
}
// Test Body
f_vr := false;
tc_ac.stop;
for (var integer v_counter := 0; v_counter < lengthof(v_chain); v_counter := v_counter + 1) {
v_vri := v_vr;
f_vri := f_vr;
f_vr := f_getCertificateValidityRestriction(v_chain[v_counter], e_region, v_vr);
if (f_vr) {
var PolygonalRegion v_pr;
var integer v_length;
if (v_vr.validity.region.region_type != e_polygon) {
log("*** " & testcasename() & ": INCONC: Certificate validity restriction region is not polygonal ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
v_pr := v_vr.validity.region.region.polygonal_region;
v_length := lengthof(v_pr);
if (v_length < 3) {
log("*** " & testcasename() & ": FAIL: Count of points in polygonal region is too small in cert " & int2str(v_counter) & " ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
if (v_length > 12) {
log("*** " & testcasename() & ": FAIL: Count of points in polygonal region is too big in cert " & int2str(v_counter) & "***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
if (true != f_isValidPolygonalRegion(v_pr)) {
log("*** " & testcasename() & ": FAIL: Polygonal region is not valid (self-intersected) in cert " & int2str(v_counter) & " ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
if (f_vri) {
// current restrictions must be inside of the parent one
if (true != f_isPolygonalRegionInside(v_vri.validity.region.region.polygonal_region, v_pr)) {
log("*** " & testcasename() & ": FAIL: Certificate validity restriction region in cert " & int2str(v_counter) & " is not inside the issuing one ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}
} else {
// Region validity restriction is not exist
if (f_vri) {
log("*** " & testcasename() & ": FAIL: Certificate validity restriction region must be set in the certificate " & int2str(v_counter) &
"because this restriction exists in the issuing certificate ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}
} // End of 'for' statement
log("*** " & testcasename() & ": PASS: All certificates has a valid polygonal region restrictions ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_SND_CERT_05_02
/**
* @desc Check Identified Region:
* Must contain value that correspond to numeric country codes as defined in ISO 3166-1
*
* Pics Selection: PICS_GN_SECURITY and PICS_USE_IDENTIFIED_REGION and PICS_CERTIFICATE_SELECTION
* Config Id: CF01
* with {
* the IUT being in the 'authorized' state
* the IUT being requested to include certificate in the next CAM
* } ensure that {
* when {
* the IUT is requested to send a CAM
* } then {
* the IUT sends a SecuredMessage
* containing header_fields['signer_info'].signer {
* containing type
* indicating 'certificate'
* containing certificate {
* containing validity_restrictions['region']{
* containing region_type
* indicating 'id'
* containing id_region {
* containing region_dictionary
* indicating 'iso_3166_1' (0)
* containing region_identifier
* indicating valid value according to 'iso_3166_1'
* containing local_region
* }
* }
* }
* }
* }
* }
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_SND_CERT_06_01_BV
* @reference ETSI TS 103 097 [1], clause 4.2.26
*/
testcase TC_SEC_SND_CERT_06_01() runs on ItsGeoNetworking system ItsSecSystem {
var Certificate v_cert;
var ValidityRestriction v_vr;
var integer v_counter;
// Test control
if (not(PICS_GN_SECURITY) or not(PICS_USE_IDENTIFIED_REGION) or not(PICS_CERTIFICATE_SELECTION)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_USE_IDENTIFIED_REGION and PICS_CERTIFICATE_SELECTION' required for executing the TC ***");
stop;
}
// Test component configuration
vc_hashedId8ToBeUsed := cc_iutCert_E;
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test body
tc_ac.start;
f_waitForCertificate(v_cert);
tc_ac.stop;
if (f_getCertificateValidityRestriction(v_cert, e_region, v_vr)) {
if (v_vr.validity.region.region_type == e_id) {
if (not match (v_vr.validity.region, mw_geographicRegion_identified(mw_identifiedRegion_iso3166_any))) {
log("*** " & testcasename() & ": FAIL: Identified region is not conformed to ISO 3166-1 ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}
log("*** " & testcasename() & ": PASS: Certificate has a valid region ID restrictions ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
} else {
log("*** " & testcasename() & ": PASS: Certificate doesn't have any location restrictions ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_SND_CERT_06_01
/**
* @desc Check Identified Region:
* Must contain value that correspond to numeric country codes as defined in ISO 3166-1
* Subordinate certificate restrictions must be a subset of the issuing certificate restrictions
*
* Pics Selection: PICS_GN_SECURITY and PICS_USE_IDENTIFIED_REGION and PICS_CERTIFICATE_SELECTION
* Config Id: CF01
* with {
* the IUT being in the 'authorized' state
* the IUT being requested to include certificate chain in the next CAM
* } ensure that {
* when {
* the IUT is requested to send a CAM
* } then {
* the IUT sends a SecuredMessage
* containing header_fields['signer_info'].signer {
* containing type
* indicating 'certificate_chain'
* containing certificates
* indicating CERTIFICATES {
* containing CERTIFICATES[0] {
* containing validity_restrictions['region'] {
* containing region_type
* indicating 'id'
* containing id_region {
* containing region_dictionary
* indicating 'iso_3166_1' (0)
* containing region_identifier
* indicating valid value according to 'iso_3166_1'
* containing local_region
*
* }
* }
* containing CERTIFICATES[n] (1..N) {
* containing no validity restriction of type region or validity_restrictions['region'] {
* containing region_type
* indicating 'id'
* containing id_region
* containing region_dictionary
* indicating 'iso_3166_1' (0)
* containing region_identifier
* indicating CERTIFICATES[n-1].validity_restrictions['region'].id_region.region_identifier
* containing local_region
* indicating CERTIFICATES[n-1].validity_restrictions['region'].id_region.local_region
* or any value if CERTIFICATES[n-1].validity_restrictions['region'].id_region.local_region == 0
* }
* }
* }
* }
* }
* }
* }
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_SND_CERT_06_02_BV
* @reference ETSI TS 103 097 [1], clause 4.2.26
*/
testcase TC_SEC_SND_CERT_06_02() runs on ItsGeoNetworking system ItsSecSystem {
var CertificateChain v_chain;
var ValidityRestriction v_vr := valueof(m_validity_restriction_unknown), v_vri := valueof(m_validity_restriction_unknown); // current and issuing cert validity restrictions
var boolean f_vr := false, f_vri := false;
// Test control
if (not(PICS_GN_SECURITY) or not(PICS_USE_IDENTIFIED_REGION) or not(PICS_CERTIFICATE_SELECTION)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_USE_IDENTIFIED_REGION and PICS_CERTIFICATE_SELECTION' required for executing the TC ***");
stop;
}
// Test component configuration
vc_hashedId8ToBeUsed := cc_iutCert_E;
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain ***");
tc_ac.start;
if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
} else {
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
}
// Test Body
f_vr := false;
tc_ac.stop;
for (var integer v_counter := 0; v_counter < lengthof(v_chain); v_counter := v_counter + 1) {
v_vri := v_vr;
f_vri := f_vr;
f_vr := f_getCertificateValidityRestriction(v_chain[v_counter], e_region, v_vr);
if (f_vr) {
if (v_vr.validity.region.region_type == e_id) {
if (not match (v_vr.validity.region, mw_geographicRegion_identified(mw_identifiedRegion_iso3166_any))) {
log("*** " & testcasename() & ": FAIL: Identified region is not conformed to ISO 3166-1 ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}
if (f_vri) {
// the region code must be the same
if (v_vr.validity.region.region.id_region.region_identifier !=
v_vri.validity.region.region.id_region.region_identifier) {
log("*** " & testcasename() & ": FAIL: Certificate validity restriction identified region in cert " & int2str(v_counter) & " is not the same as in the issuing one ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
if ( v_vri.validity.region.region.id_region.local_region != 0
and v_vri.validity.region.region.id_region.local_region != v_vr.validity.region.region.id_region.local_region ) {
log("*** " & testcasename() & ": FAIL: Certificate validity restriction local identified region in cert " & int2str(v_counter) & " is not the same as in the issuing one ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}
} else {
// Region validity restriction is not exist
if (f_vri) {
log("*** " & testcasename() & ": FAIL: Certificate validity restriction identified region must be set in the certificate " & int2str(v_counter) &
"because this restriction exists in the issuing certificate ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}
}
log("*** " & testcasename() & ": PASS: All certificates has a valid identified regionrestrictions ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_SND_CERT_06_02
/**
* @desc Check Identified Region:
* Must contain value that correspond to numeric country codes as defined by United Nations Statistics Division
*
* Pics Selection: PICS_GN_SECURITY and PICS_USE_IDENTIFIED_REGION and PICS_USE_UN_STATS_REGION_DICTIONARY and PICS_CERTIFICATE_SELECTION
* Config Id: CF01
* with {
* the IUT being in the 'authorized' state
* the IUT being requested to include certificate in the next CAM
* } ensure that {
* when {
* the IUT is requested to send a CAM
* } then {
* the IUT sends a SecuredMessage
* containing header_fields['signer_info'].signer {
* containing type
* indicating 'certificate'
* containing certificate {
* containing validity_restrictions['region']{
* containing region_type
* indicating 'id'
* containing id_region {
* containing region_dictionary
* indicating 'un_stats' (0)
* containing region_dictionary
* indicating 'un_stats' (0)
* indicating length >=3 and <=12
* indicating continuous region without holes and intersections
* }
* }
* }
* }
* }
* }
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_SND_CERT_06_03_BV
* @reference ETSI TS 103 097 [1], clause 4.2.26
*/
testcase TC_SEC_SND_CERT_06_03() runs on ItsGeoNetworking system ItsSecSystem {
var Certificate v_cert;
var ValidityRestriction v_vr;
var integer v_counter;
// Test control
if (not(PICS_GN_SECURITY) or not(PICS_USE_IDENTIFIED_REGION) or not(PICS_USE_UN_STATS_REGION_DICTIONARY) or not(PICS_CERTIFICATE_SELECTION)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_USE_UN_STATS_REGION_DICTIONARY and PICS_USE_ISO31661_REGION_DICTIONARY and PICS_CERTIFICATE_SELECTION' required for executing the TC ***");
stop;
}
// Test component configuration
vc_hashedId8ToBeUsed := cc_iutCert_E;
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test body
tc_ac.start;
f_waitForCertificate(v_cert);
tc_ac.stop;
if (f_getCertificateValidityRestriction(v_cert, e_region, v_vr)) {
if (v_vr.validity.region.region_type == e_id) {
if (not match (v_vr.validity.region, mw_geographicRegion_identified(mw_identifiedRegion_un_stats_any))) {
log("*** " & testcasename() & ": FAIL: Identified region is not the UN Stats Region Code ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}
log("*** " & testcasename() & ": PASS: Certificate has a valid identified region restrictions ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
} else {
log("*** " & testcasename() & ": PASS: Certificate doesn't have any location restrictions ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_SND_CERT_06_03
/**
* @desc Check Identified Region:
* Must contain value that correspond to numeric country codes as defined by United Nations Statistics Division
* Subordinate certificate restrictions must be a subset of the issuing certificate restrictions
*
* Pics Selection: PICS_GN_SECURITY and PICS_USE_IDENTIFIED_REGION and PICS_USE_UN_STATS_REGION_DICTIONARY and PICS_CERTIFICATE_SELECTION
* Config Id: CF01
* with {
* the IUT being in the 'authorized' state
* the IUT being requested to include certificate chain in the next CAM
* } ensure that {
* when {
* the IUT is requested to send a CAM
* } then {
* the IUT sends a SecuredMessage
* containing header_fields['signer_info'].signer {
* containing type
* indicating 'certificate_chain'
* containing certificates
* indicating CERTIFICATES {
* containing CERTIFICATES[0] {
* containing validity_restrictions['region'] {
* containing region_type
* indicating 'id'
* containing id_region {
* containing region_dictionary
* indicating 'un_stats' (1)
* containing region_identifier
* indicating valid value according to UnStats document
* containing local_region
*
* }
* }
* containing CERTIFICATES[n] (1..N) {
* containing no validity restriction of type region or validity_restrictions['region'] {
* containing region_type
* indicating 'id'
* containing id_region
* containing region_dictionary
* indicating 'un_stats' (1)
* containing region_identifier
* indicating CERTIFICATES[n-1].validity_restrictions['region'].id_region.region_identifier
* containing local_region
* indicating CERTIFICATES[n-1].validity_restrictions['region'].id_region.local_region
* or any value if CERTIFICATES[n-1].validity_restrictions['region'].id_region.local_region == 0
* }
* }
* }
* }
* }
* }
* }
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_SND_CERT_06_04_BV
* @reference ETSI TS 103 097 [1], clause 4.2.26
*/
testcase TC_SEC_SND_CERT_06_04() runs on ItsGeoNetworking system ItsSecSystem {
var CertificateChain v_chain;
var ValidityRestriction v_vr := valueof(m_validity_restriction_unknown), v_vri := valueof(m_validity_restriction_unknown); // current and issuing cert validity restrictions
var boolean f_vr := false, f_vri := false;
// Test control
if (not(PICS_GN_SECURITY) or not(PICS_USE_IDENTIFIED_REGION) or not(PICS_USE_UN_STATS_REGION_DICTIONARY) or not(PICS_CERTIFICATE_SELECTION)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_USE_UN_STATS_REGION_DICTIONARY and PICS_USE_ISO31661_REGION_DICTIONARY and PICS_CERTIFICATE_SELECTION' required for executing the TC ***");
stop;
}
// Test component configuration
vc_hashedId8ToBeUsed := cc_iutCert_E;
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain ***");
tc_ac.start;
if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
} else {
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
}
// Test Body
f_vr := false;
tc_ac.stop;
for (var integer v_counter := 0; v_counter < lengthof(v_chain); v_counter := v_counter + 1) {
v_vri := v_vr;
f_vri := f_vr;
f_vr := f_getCertificateValidityRestriction(v_chain[v_counter], e_region, v_vr);
if (f_vr) {
if (v_vr.validity.region.region_type == e_id) {
if (not match (v_vr.validity.region, mw_geographicRegion_identified(mw_identifiedRegion_un_stats_any))) {
log("*** " & testcasename() & ": FAIL: Identified region is not the UN Stats Region Code ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}
if (f_vri) {
// the region code must be the same
if (v_vr.validity.region.region.id_region.region_identifier !=
v_vri.validity.region.region.id_region.region_identifier) {
log("*** " & testcasename() & ": FAIL: Certificate validity restriction identified region in cert " & int2str(v_counter) & " is not the same as in the issuing one ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
if ( v_vri.validity.region.region.id_region.local_region != 0
and v_vri.validity.region.region.id_region.local_region != v_vr.validity.region.region.id_region.local_region
and not f_isIdentifiedRegionInside(v_vri.validity.region.region.id_region.local_region, v_vr.validity.region.region.id_region.local_region)
) {
log("*** " & testcasename() & ": FAIL: Certificate validity restriction local identified region in cert " & int2str(v_counter) & " is not the subregion of the issuing one ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}
} else {
// Region validity restriction is not exist
if (f_vri) {
log("*** " & testcasename() & ": FAIL: Certificate validity restriction identified region must be set in the certificate " & int2str(v_counter) &
"because this restriction exists in the issuing certificate ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}
}
log("*** " & testcasename() & ": PASS: All certificates has a valid identified region restrictions ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_SND_CERT_06_04
/**
* @desc Check that the certificate signature contains ECC point of type set to either compressed_lsb_y_0, compressed_lsb_y_1 or x_coordinate_only
*
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* the IUT being requested to include certificate in the next CAM
* }
* Expected Behaviour:
* ensure that {
* when {
* the IUT is requested to send a CAM
* } then {
* the IUT sends a SecuredMessage
* containing header_fields['signer_info'].signer {
* containing type
* indicating certificate
* containing certificate {
* containing signature.ecdsa_signature
* containing R.type
* indicating compressed_lsb_y_0
* or indicating compressed_lsb_y_1
* or indicating x_coordinate_only
* }
* }
* }
* }
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_SND_CERT_07_01_BV
* @reference ETSI TS 103 097 [1], clause 4.2.9
*/
testcase TC_SEC_SND_CERT_07_01() runs on ItsGeoNetworking system ItsSecSystem {
// Test control
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage(
superset(
mw_header_field_signer_info_certificate(
mw_at_certificate(
?,
?,
?,
mw_signature(
mw_ecdsaSignature(
mw_eccPointecdsa_nistp256_with_sha256_y0_coordinate_only
))))))))) {
tc_ac.stop;
log("*** " & testcasename() & ": PASS: AT certificate contains signature with the ECC point of type set to compressed_lsb_y_0 received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage(
superset(
mw_header_field_signer_info_certificate(
mw_at_certificate(
?,
?,
?,
mw_signature(
mw_ecdsaSignature(
mw_eccPointecdsa_nistp256_with_sha256_y1_coordinate_only
))))))))) {
tc_ac.stop;
log("*** " & testcasename() & ": PASS: AT certificate contains signature with the ECC point of type set to compressed_lsb_y_1 received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage(
superset(
mw_header_field_signer_info_certificate(
mw_at_certificate(
?,
?,
?,
mw_signature(
mw_ecdsaSignature(
mw_eccPointecdsa_nistp256_with_sha256_x_coordinate_only
))))))))) {
tc_ac.stop;
log("*** " & testcasename() & ": PASS: AT certificate contains signature with the ECC point of type set to x_coordinate_only received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage(
superset(
mw_header_field_signer_info_certificate(
mw_at_certificate
)))))) {
tc_ac.stop;
log("*** " & testcasename() & ": FAIL: AT certificate signature mismatch ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_SND_CERT_07_01
/**
* @desc Check that the certificate signature contains ECC point of type set to either compressed_lsb_y_0, compressed_lsb_y_1 or x_coordinate_only
*
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* the IUT being requested to include certificate in the next CAM
* }
* Expected Behaviour:
* ensure that {
* when {
* the IUT is requested to send a CAM
* } then {
* the IUT sends a SecuredMessage
* containing header_fields['signer_info'].signer {
* containing type
* indicating certificate
* containing certificate {
* containing subject_attributes['verification_key']
* containing key.public_key.type
* indicating compressed_lsb_y_0
* or indicating compressed_lsb_y_1
* }
* }
* }
* }
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_SND_CERT_08_01_BV
* @reference ETSI TS 103 097 [1], clause 4.2.4
*/
testcase TC_SEC_SND_CERT_08_01() runs on ItsGeoNetworking system ItsSecSystem {
// Test control
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage(
superset(
mw_header_field_signer_info_certificate(
mw_at_certificate(
?,
superset(
mw_subject_attribute_verification_key(
mw_publicKey_eccPoint_compressed_lsb_y_0
)
),
?,
?
))))))) {
tc_ac.stop;
log("*** " & testcasename() & ": PASS: AT certificate contains signature with the ECC point of type set to compressed_lsb_y_0 received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage(
superset(
mw_header_field_signer_info_certificate(
mw_at_certificate(
?,
superset(
mw_subject_attribute_verification_key(
mw_publicKey_eccPoint_compressed_lsb_y_1
)
),
?,
?
))))))) {
tc_ac.stop;
log("*** " & testcasename() & ": PASS: AT certificate contains signature with the ECC point of type set to compressed_lsb_y_1 received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage(
superset(
mw_header_field_signer_info_certificate(
mw_at_certificate(
?,
superset(
mw_subject_attribute_verification_key(
mw_publicKey_eccPoint_uncompressed
)
),
?,
?
))))))) {
tc_ac.stop;
log("*** " & testcasename() & ": PASS: AT certificate contains signature with the ECC point of type set to uncompressed received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage(
superset(
mw_header_field_signer_info_certificate(
mw_at_certificate
)))))) {
tc_ac.stop;
log("*** " & testcasename() & ": FAIL: AT certificate signature mismatch ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_SND_CERT_08_01
/**
* @desc Check the certificate signature
*
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* the IUT being requested to include certificate in the next CAM
* } ensure that {
* when {
* the IUT is requested to send a CAM
* } then {
* the IUT sends a SecuredMessage
* containing header_fields['signer_info'].signer {
* containing type
* indicating 'certificate'
* containing certificate {
* containing signer_info[0] {
* containing type
* indicating 'certificate_digest_with_sha256'
* containing digest
* referenced to the certificate CERT
* }
* containing signature
* verifiable using CERT.subject_attributes['verification_key'].key
* }
* }
* }
* }
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_SND_CERT_09_01_BV
* @reference ETSI TS 103 097 [1], clauses 6.1 and 7.4
*/
testcase TC_SEC_SND_CERT_09_01() runs on ItsGeoNetworking system ItsSecSystem {
// Local declarations
var GeoNetworkingInd v_geoNwInd;
var Certificate v_at_cert;
var Certificate v_aa_cert;
var HashedId8 v_aa_digest;
var SignerInfo v_si;
var integer v_counter;
// Test control
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Wait for the message with the certificate to get the AA cert digest.
// Ask for the chain, containing AT and AA certificate
// Check that the AT cert in the first message is signed with the AA cert
log("*** " & testcasename() & ": INFO: Waiting for the message containing certificate ***");
tc_ac.start;
f_waitForCertificate(v_at_cert);
tc_ac.stop;
if (true != f_getCertificateSignerInfo(v_at_cert, v_si)) {
log("*** " & testcasename() & ": FAIL: AT Certificate signer info is unknown ***");
f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_error);
}
if (not match (v_si.type_, e_certificate_digest_with_sha256)) {
log("*** " & testcasename() & ": FAIL: AT Certificate is not signed well ***");
f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_error);
}
v_aa_digest := v_si.signerInfo.digest;
// Send a certificate request to the IUT
f_sendCertificateRequest(v_aa_digest, f_generateDefaultCam());
// Test Body
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage(
superset(
mw_header_field_signer_info_certificate_chain
))))) -> value v_geoNwInd {
var SecuredMessage v_secMsg;
var integer v_chainLength;
tc_ac.stop;
// Check certificate chain
if (f_getMsgSignerInfo(f_getSecuredMessage(v_geoNwInd.msgIn), v_si)) {
v_chainLength := lengthof(v_si.signerInfo.certificates);
if (v_chainLength < 2 ) {
log("*** " & testcasename() & ": FAIL: Certificate chain doesn't contain the AA cert ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
// get aa cert
v_aa_cert := v_si.signerInfo.certificates[v_chainLength-2];
if (not match (v_aa_digest, f_calculateDigestFromCertificate(v_aa_cert))) {
log("*** " & testcasename() & ": FAIL: AT certificate was not signed with the given AA cert ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
// Check that at cert is signed with aa cert
if (false == f_verifyCertificateSignatureWithIssuingCertificate(v_at_cert, v_aa_cert)) {
log("*** " & testcasename() & ": FAIL: AT certificate signature error ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
log("*** " & testcasename() & ": PASS: AT certificate was well signed with AA certificate ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
} else {
log("*** " & testcasename() & ": FAIL: The message signer info is unknown ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_SND_CERT_09_01
/**
* @desc Check the signatures of the certificates in the chain
*
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* the IUT being requested to include certificate chain in the next CAM
* } ensure that {
* when {
* the IUT is requested to send a CAM
* } then {
* the IUT sends a SecuredMessage
* containing header_fields['signer_info'].signer {
* containing type
* indicating 'certificate_chain'
* containing certificates
* indicating CERTIFICATES {
* containing CERTIFICATES[N] {
* containing signer_info[0] {
* containing type
* indicating 'certificate_digest_with_sha256'
* containing digest
* referenced to the certificate CERTIFICATES[N-1]
* }
* containing signature
* verifiable using CERTIFICATES[N-1].subject_attributes['verification_key'].key
* }
* }
* }
* }
* }
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_SND_CERT_09_02_BV
* @reference ETSI TS 103 097 [1], clauses 6.1 and 7.4
*/
testcase TC_SEC_SND_CERT_09_02() runs on ItsGeoNetworking system ItsSecSystem {
// Local declarations
var GeoNetworkingInd v_geoNwInd;
var Certificate v_cert;
var CertificateChain v_chain;
var SignerInfo v_si;
var HashedId8 v_digest;
var integer v_counter;
// Test control
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Wait for the message with the certificate to get the AA cert digest.
// Ask for the chain, containing AT and AA certificate
// Check that the AT cert in the first message is signed with the AA cert
log("*** " & testcasename() & ": INFO: Waiting for the message containing certificate and ask for a certificate chain ***");
tc_ac.start;
f_askForCertificateChain(f_generateDefaultCam());
tc_ac.stop;
// Test Body
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage(
superset(
mw_header_field_signer_info_certificate_chain
))))) -> value v_geoNwInd {
var SecuredMessage v_secMsg;
var integer v_chainLength;
tc_ac.stop;
// Check certificate chain
if (f_getMsgSignerInfo(f_getSecuredMessage(v_geoNwInd.msgIn), v_si)) {
v_chain := v_si.signerInfo.certificates;
for (v_counter := lengthof(v_chain) - 1; v_counter > 0; v_counter := v_counter - 1 ) {
if (not f_getCertificateSignerInfo(v_chain[v_counter], v_si)) {
log("*** " & testcasename() & ": FAIL: Certificate "&int2str(v_counter) & " doesn't have a signer info ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
if (not match (v_si.type_, e_certificate_digest_with_sha256)) {
log("*** " & testcasename() & ": FAIL: Certificate is not signed with digest ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
// Check that cert is signed by issuing cert
v_digest := f_calculateDigestFromCertificate(v_chain[v_counter - 1]);
if (not match (v_si.signerInfo.digest, v_digest)) {
log("*** " & testcasename() & ": FAIL: Certificate chain is not valid ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
// Check that the signature is valid
if (false == f_verifyCertificateSignatureWithIssuingCertificate(v_chain[v_counter], v_chain[v_counter - 1])) {
log("*** " & testcasename() & ": FAIL: AT certificate signature error ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
} // End of 'for' statement
log("*** " & testcasename() & ": PASS: All certificates in the chain signed by it's issuing certs ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
} else {
log("*** " & testcasename() & ": FAIL: The message signer info is unknown ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
}
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_SND_CERT_09_02
group g_AA_Certificates {
/**
* @desc Check that the subject_type of the AA certificate is set to authorization_authority
*
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* with {
* the IUT being in the 'authorized' state
* the IUT being requested to include certificate chain in the next CAM
* } ensure that {
* when {
* the IUT is requested to send a CAM
* } then {
* the IUT sends a SecuredMessage
* containing header_fields['signer_info'].signer {
* containing type
* indicating certificate_chain
* containing certificates[last-1] {
* containing subject_info.subject_type
* indicating 'authorization_authority' (2)
* }
* }
* }
* }
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_SND_CERT_AA_01_01_BV
* @reference ETSI TS 103 097 [1], clause 7.4.3
*/
testcase TC_SEC_SND_CERT_AA_01_01() runs on ItsGeoNetworking system ItsSecSystem {
var CertificateChain v_chain;
// Test control
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain ***");
tc_ac.start;
if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
}
tc_ac.stop;
if (lengthof(v_chain) < 2) {
log("*** " & testcasename() & ": FAIL: Certificate chain is too short ***");
f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_error);
}
if (not match(v_chain[lengthof(v_chain) - 2], mw_aa_certificate)) {
log("*** " & testcasename() & ": FAIL: AA certificate not found in the chain[last-1] ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
log("*** " & testcasename() & ": PASS: AA certificate was found in the chain ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_SND_CERT_AA_01_01
/**
* @desc Check that the subject_name variable-length vector shall have a maximum length of 32 bytes.
*
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* with {
* the IUT being in the 'authorized' state
* the IUT being requested to include certificate chain in the next CAM
* } ensure that {
* when {
* the IUT is requested to send a CAM
* } then {
* the IUT sends a SecuredMessage
* containing header_fields['signer_info'].signer {
* containing type
* indicating certificate_chain
* containing certificates[last-1] {
* containing subject_info.subject_name
* indicating length <= 32 bytes
* }
* }
* }
* }
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_SND_CERT_AA_02_01_BV
* @reference ETSI TS 103 097 [1], clause 6.2
*/
testcase TC_SEC_SND_CERT_AA_02_01() runs on ItsGeoNetworking system ItsSecSystem {
var CertificateChain v_chain;
// Test control
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain ***");
tc_ac.start;
if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
}
tc_ac.stop;
if (lengthof(v_chain) < 2) {
log("*** " & testcasename() & ": FAIL: Certificate chain is too short ***");
f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_error);
}
// Verified automatically on decoding
if (lengthof(v_chain[lengthof(v_chain) - 2].subject_info.subject_name) > 32 ) {
log("*** " & testcasename() & ": FAIL: Subject name of the AA certificate is too long ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
log("*** " & testcasename() & ": PASS: Subject name of the AA certificate is good ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_SND_CERT_AA_02_01
/**
* @desc Check that signer info of the AA certificate is a digest
*
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* with {
* the IUT being in the 'authorized' state
* the IUT being requested to include certificate chain in the next CAM
* } ensure that {
* when {
* the IUT is requested to send a CAM
* } then {
* the IUT sends a SecuredMessage
* containing header_fields['signer_info'].signer {
* containing type
* indicating certificate_chain
* containing certificates[last-1] {
* containing signer_info {
* containing type
* indicating 'certificate_digest_with_sha256'
* containing digest
* }
* }
* }
* }
* }
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_SND_CERT_AA_04_01_BV
* @reference ETSI TS 103 097 [1], clause 7.4.3
*/
testcase TC_SEC_SND_CERT_AA_04_01() runs on ItsGeoNetworking system ItsSecSystem {
var CertificateChain v_chain;
var Certificate v_aa_cert;
// Test control
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain ***");
tc_ac.start;
if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
}
tc_ac.stop;
if (lengthof(v_chain) < 2) {
log("*** " & testcasename() & ": FAIL: Certificate chain is too short ***");
f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_error);
}
v_aa_cert := v_chain[lengthof(v_chain) - 2];
if (not match(v_aa_cert, mw_aa_certificate(mw_signerInfo_digest))) {
log("*** " & testcasename() & ": FAIL: AA certificate not signed by digest ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
log("*** " & testcasename() & ": PASS: AA certificate is signed by digest ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_SND_CERT_AA_04_01
/**
* @desc Check that all neccesary subject attributes are present and arranged in accesing order
*
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* with {
* the IUT being in the 'authorized' state
* the IUT being requested to include certificate chain in the next CAM
* } ensure that {
* when {
* the IUT is requested to send a CAM
* } then {
* the IUT sends a SecuredMessage
* containing header_fields['signer_info'].signer {
* containing type
* indicating certificate_chain
* containing certificates[last-1] {
* containing subject_attributes [0..N] {
* indicating subject_attributes[n].type < subject_attributes[n+ 1].type
* containing subject_attributes['verification_key']
* containing subject_attributes['assurance_level']
* containing subject_attributes['its_aid_list']
* }
* }
* }
* }
* }
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_SND_CERT_AA_05_01_BV
* @reference ETSI TS 103 097 [1], clauses 6.1, 7.4 and 7.4.3
*/
testcase TC_SEC_SND_CERT_AA_05_01() runs on ItsGeoNetworking system ItsSecSystem {
var CertificateChain v_chain;
var SubjectAttributes v_attrs;
// Test control
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain ***");
tc_ac.start;
if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
}
tc_ac.stop;
if (lengthof(v_chain) < 2) {
log("*** " & testcasename() & ": FAIL: Certificate chain is too short ***");
f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_error);
}
if (not match(v_chain[lengthof(v_chain) - 2],
mw_aa_certificate(?,
superset(mw_subject_attribute_verification_key,
mw_subject_attribute_assurance_level,
mw_subject_attribute_its_aid_list)))
) {
log("*** " & testcasename() & ": FAIL: Required subject attribute of AA certificate is not found ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
v_attrs := v_chain[lengthof(v_chain) - 2].subject_attributes;
for (var integer v_counter := 1; v_counter < lengthof(v_attrs); v_counter := v_counter + 1 ) {
if (v_attrs[v_counter].type_ <= v_attrs[v_counter-1].type_) {
log("*** " & testcasename() & ": FAIL: AA certificate subject attributes are not arranged in accening order ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}
log("*** " & testcasename() & ": PASS: All required AA certificate subject attributes are presents ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_SND_CERT_AA_05_01
/**
* @desc Check that time_start_and_end is included in the AA certificate validation restrictions
* Check that end_validity is later then start_validity
*
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* with {
* the IUT being in the 'authorized' state
* the IUT being requested to include certificate chain in the next CAM
* } ensure that {
* when {
* the IUT is requested to send a CAM
* } then {
* the IUT sends a SecuredMessage
* containing header_fields['signer_info'].signer {
* containing type
* indicating certificate_chain
* containing certificates[last-1] {
* containing validity_restrictions [0..N] {
* not containing validity_restrictions['time_end']
* and not containing validity_restrictions['time_start_and_duration']
* and containing validity_restrictions['time_start_and_end']
* containing start_validity
* indicating START_AA_VALIDITY
* containing end_validity
* indicating END_AA_VALIDITY >=START_AA_VALIDITY
* }
* }
* }
* }
* }
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_SND_CERT_AA_06_01_BV
* @reference ETSI TS 103 097 [1], clauses 6.7, 7.4 and 7.4.3
*/
testcase TC_SEC_SND_CERT_AA_06_01() runs on ItsGeoNetworking system ItsSecSystem {
var CertificateChain v_chain;
var Certificate v_aa_cert;
var ValidityRestriction v_vr;
// Test control
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain ***");
tc_ac.start;
if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
}
tc_ac.stop;
if (lengthof(v_chain) < 2) {
log("*** " & testcasename() & ": FAIL: Certificate chain is too short ***");
f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_error);
}
v_aa_cert := v_chain[lengthof(v_chain) - 2];
if (match (v_aa_cert.validity_restrictions, (superset(mw_validity_restriction_time_end,
mw_validity_restriction_time_start_and_duration)))
) {
log("*** " & testcasename() & ": FAIL: AA certificate must not contain time_end and time_start_and_duration restrictions ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
if ( true != f_getCertificateValidityRestriction(v_aa_cert, e_time_start_and_end, v_vr)) {
log("*** " & testcasename() & ": FAIL: AA certificate must contain time_start_and_end restrictions ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
if (v_vr.validity.time_start_and_end.start_validity > v_vr.validity.time_start_and_end.end_validity ) {
log("*** " & testcasename() & ": FAIL: start validity mus not be greater then end validity in the validity restrictions of AA certificate ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
log("*** " & testcasename() & ": PASS: Time validity restriction of the AA certificate is good ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_SND_CERT_AA_06_01
/**
* @desc Check that all AIDs containing in the in the its_aid_list in AA certificate are unique
* Check that AID list contains not more then 31 items
*
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* with {
* the IUT being in the 'authorized' state
* the IUT being requested to include certificate chain in the next CAM
* } ensure that {
* when {
* the IUT is requested to send a CAM
* } then {
* the IUT sends a SecuredMessage
* containing header_fields['signer_info'].signer {
* containing type
* indicating certificate_chain
* containing certificates[last-1] {
* containing subject_attributes['its_aid_list']
* containing its_aid_list[0..N]
* containing no more then 31 unique item
* }
* }
* }
* }
* }
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_SND_CERT_AA_08_01_BV
* @reference ETSI TS 103 097 [1], clauses 6.9 and 7.4.3
*/
testcase TC_SEC_SND_CERT_AA_08_01() runs on ItsGeoNetworking system ItsSecSystem {
var CertificateChain v_chain;
var Certificate v_aa_cert;
var SubjectAttribute v_sa;
// Test control
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain ***");
tc_ac.start;
if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
}
tc_ac.stop;
if (lengthof(v_chain) < 2) {
log("*** " & testcasename() & ": FAIL: Certificate chain is too short ***");
f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_error);
}
v_aa_cert := v_chain[lengthof(v_chain) - 2];
if (f_getCertificateSubjectAttribute(v_aa_cert, e_its_aid_list, v_sa)) {
if (lengthof(v_sa.attribute.its_aid_list) > 31) {
log("*** " & testcasename() & ": FAIL: ITS-AID list contains " & int2str(lengthof(v_sa.attribute.its_aid_list)) & " items (>31) ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
for (var integer v_counter :=0; v_counter < lengthof(v_sa.attribute.its_aid_list); v_counter := v_counter + 1) {
for (var integer j :=0; j < lengthof(v_sa.attribute.its_aid_list); j := j + 1) {
if (v_counter != j and v_sa.attribute.its_aid_list[v_counter] == v_sa.attribute.its_aid_list[j]) {
log("*** " & testcasename() & ": FAIL: ITS-AID " & int2str(v_sa.attribute.its_aid_list[j]) & " is duplicated in AA certificate ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}
} // End of 'for' statement
} else {
log("*** " & testcasename() & ": FAIL: AA certificate does not contain its_aid_list subject attribute ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
log("*** " & testcasename() & ": PASS: Time validity restriction of the AA certificate is good ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_SND_CERT_AA_08_01
} // End of group g_AA_Certificates
group g_AT_Certificates {
/**
* @desc Check that the subject_type of the AT certificate is set to 'authorization_ticket'
*
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* with {
* the IUT being in the 'authorized' state
* the IUT being requested to include certificate in the next CAM
* } ensure that {
* when {
* the IUT is requested to send a CAM
* } then {
* the IUT sends a SecuredMessage
* containing header_fields['signer_info'].signer {
* containing type
* indicating 'certificate'
* containing certificate {
* containing subject_info.subject_type
* indicating 'authorization_ticket' (1)
* }
* }
* }
* }
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_SND_CERT_AT_01_01_BV
* @reference ETSI TS 103 097 [1], clause 7.4.1
*/
testcase TC_SEC_SND_CERT_AT_01_01() runs on ItsGeoNetworking system ItsSecSystem {
var Certificate v_at_cert;
// Test control
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
log("*** " & testcasename() & ": INFO: Waiting for the message containing certificate ***");
tc_ac.start;
if (not f_waitForCertificate(v_at_cert)) {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
}
tc_ac.stop;
if (not match(v_at_cert, mw_at_certificate)) {
log("*** " & testcasename() & ": FAIL: Message wasn't signed by AT certificate ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
log("*** " & testcasename() & ": PASS: AT certificate has the 'authorization_ticket' subject_type ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_SND_CERT_AT_01_01
/**
* @desc Check that signer info of the AA certificate is a digest
*
* Pics Selection: PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION
* Config Id: CF01
* with {
* the IUT being in the 'authorized' state
* the IUT being requested to include certificate in the next CAM
* } ensure that {
* when {
* the IUT is requested to send a CAM
* } then {
* the IUT sends a SecuredMessage
* containing header_fields['signer_info'].signer {
* containing type
* indicating 'certificate'
* containing certificate
* containing signer_info {
* containing type
* indicating 'certificate_digest_with_sha256'
* containing digest
* }
* }
* }
* }
* }
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_SND_CERT_AT_02_01_BV
* @reference ETSI TS 103 097 [1], clauses 6.1, 7.4 and 7.4.1
*/
testcase TC_SEC_SND_CERT_AT_02_01() runs on ItsGeoNetworking system ItsSecSystem {
var Certificate v_at_cert;
// Test control
if (not(PICS_GN_SECURITY) or not(PICS_CERTIFICATE_SELECTION)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
log("*** " & testcasename() & ": INFO: Waiting for the message containing certificate ***");
tc_ac.start;
if (not f_waitForCertificate(v_at_cert)) {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
}
tc_ac.stop;
if (
not match(v_at_cert, mw_certificate(mw_signerInfo_digest))
) {
log("*** " & testcasename() & ": FAIL: AT certificate doesn't contain a digest of issuing cert ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
log("*** " & testcasename() & ": PASS: The signer info of AT certificate is a digest ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_SND_CERT_AT_02_01
/**
* @desc Check that the subject_name variable-length vector is empty for AT certificates
*
* Pics Selection: PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION
* Config Id: CF01
* with {
* the IUT being in the 'authorized' state
* the IUT being requested to include certificate in the next CAM
* } ensure that {
* when {
* the IUT is requested to send a CAM
* } then {
* the IUT sends a SecuredMessage
* containing header_fields['signer_info'].signer {
* containing type
* indicating 'certificate'
* containing certificates {
* containing subject_info.subject_name
* indicating length = 0
* }
* }
* }
* }
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_SND_CERT_AT_03_01_BV
* @reference ETSI TS 103 097 [1], clause 7.4.1
*/
testcase TC_SEC_SND_CERT_AT_03_01() runs on ItsGeoNetworking system ItsSecSystem {
var Certificate v_at_cert;
// Test control
if (not(PICS_GN_SECURITY) or not(PICS_CERTIFICATE_SELECTION)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
log("*** " & testcasename() & ": INFO: Waiting for the message containing certificate ***");
tc_ac.start;
if (not f_waitForCertificate(v_at_cert)) {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
}
tc_ac.stop;
if (0 != lengthof(v_at_cert.subject_info.subject_name)) {
log("*** " & testcasename() & ": FAIL: Subject name of the AT certificate is not empty ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
log("*** " & testcasename() & ": PASS: Subject name of the AT certificate is empty ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_SND_CERT_AT_03_01
/**
* @desc Check that all neccesary subject attributes of AT certificate are present and arranged in accesing order
*
* Pics Selection: PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION
* Config Id: CF01
* with {
* the IUT being in the 'authorized' state
* the IUT being requested to include certificate in the next CAM
* } ensure that {
* when {
* the IUT is requested to send a CAM
* } then {
* the IUT sends a SecuredMessage
* containing header_fields['signer_info'].signer {
* containing type
* indicating 'certificate'
* containing certificate {
* containing subject_attributes [0..N] {
* indicating subject_attributes[n].type < subject_attributes[n+ 1].type
* containing subject_attributes['verification_key']
* containing subject_attributes['assurance_level']
* containing subject_attributes['its_aid_ssp_list']
* }
* }
* }
* }
* }
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_SND_CERT_AT_04_01_BV
* @reference ETSI TS 103 097 [1], clauses 7.4 and 7.4.1
*/
testcase TC_SEC_SND_CERT_AT_04_01() runs on ItsGeoNetworking system ItsSecSystem {
var Certificate v_at_cert;
var SubjectAttributes v_attrs;
// Test control
if (not(PICS_GN_SECURITY) or not(PICS_CERTIFICATE_SELECTION)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
log("*** " & testcasename() & ": INFO: Waiting for the message containing certificate ***");
tc_ac.start;
if (not f_waitForCertificate(v_at_cert)) {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
}
tc_ac.stop;
if (not match(
v_at_cert,
mw_at_certificate(
?,
superset(
mw_subject_attribute_verification_key,
mw_subject_attribute_assurance_level,
mw_subject_attribute_its_aid_ssp_list
)))) {
log("*** " & testcasename() & ": FAIL: Required subject attribute of AT certificate is not found ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
v_attrs := v_at_cert.subject_attributes;
for (var integer v_counter := 1; v_counter < lengthof(v_attrs); v_counter := v_counter + 1 ) {
if (v_attrs[v_counter].type_ <= v_attrs[v_counter-1].type_) {
log("*** " & testcasename() & ": FAIL: AT certificate subject attributes are not arranged in ascending order ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
} // End of 'for' statement
log("*** " & testcasename() & ": PASS: All required AT certificate subject attributes are presents and arranged in ascending order ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_SND_CERT_AT_04_01
/**
* @desc Check that time_start_and_end is included in the AT certificate validation restrictions
* Check that time_start_and_end is inside the AA certificate time restrictions
*
* Pics Selection: PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION
* Config Id: CF01
* with {
* the IUT being in the 'authorized' state
* the IUT being requested to include certificate chain in the next CAM
* } ensure that {
* when {
* the IUT is requested to send a CAM
* } then {
* the IUT sends a SecuredMessage
* containing header_fields['signer_info'].signer {
* containing type
* indicating certificate_chain
* containing certificates[last-1] {
* containing subject_info.subject_type
* indicating 'authorization_authority' (2)
* containing validity_restrictions['time_start_and_end']
* containing start_validity
* indicating START_AA_VALIDITY
* containing end_validity
* indicating END_AA_VALIDITY
* }
* }
* containing certificates[last] {
* containing subject_info.subject_type
* indicating 'authorization_ticket' (1)
* not containing validity_restrictions['time_end']
* and not containing validity_restrictions['time_start_and_duration']
* and containing validity_restrictions['time_start_and_end'] {
* containing start_validity
* indicating START_AT_VALIDITY (START_AT_VALIDITY >= START_AA_VALIDITY )
* and containing end_validity
* indicating END_AT_VALIDITY (END_AT_VALIDITY >= START_AT_VALIDITY <= END_AA_VALIDITY)
* }
* }
* }
* }
* }
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_SND_CERT_AT_05_01_BV
* @reference ETSI TS 103 097 [1], clause 7.4.1
*/
testcase TC_SEC_SND_CERT_AT_05_01() runs on ItsGeoNetworking system ItsSecSystem {
var CertificateChain v_chain;
var Certificate v_aa_cert, v_at_cert;
var ValidityRestriction v_vr, v_aa_vr;
// Test control
if (not(PICS_GN_SECURITY) or not(PICS_CERTIFICATE_SELECTION)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain ***");
tc_ac.start;
if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
}
tc_ac.stop;
if (lengthof(v_chain) < 2) {
log("*** " & testcasename() & ": FAIL: Certificate chain is too short ***");
f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_error);
}
v_aa_cert := v_chain[lengthof(v_chain) - 2];
v_at_cert := v_chain[lengthof(v_chain) - 1];
if (match (
v_at_cert.validity_restrictions,
(
superset(
mw_validity_restriction_time_end,
mw_validity_restriction_time_start_and_duration
)
)
)) {
log("*** " & testcasename() & ": FAIL: AT certificate must not contain time_end and time_start_and_duration restrictions ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
if ( true != f_getCertificateValidityRestriction(v_at_cert, e_time_start_and_end, v_vr)) {
log("*** " & testcasename() & ": FAIL: AT certificate must contain time_start_and_end restrictions ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
if (v_vr.validity.time_start_and_end.start_validity > v_vr.validity.time_start_and_end.end_validity ) {
log("*** " & testcasename() & ": FAIL: start validity must not be greater then end validity in the validity restrictions of AT certificate ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
if ( true != f_getCertificateValidityRestriction(v_aa_cert, e_time_start_and_end, v_aa_vr)) {
log("*** " & testcasename() & ": FAIL: AA certificate must contain time_start_and_end restrictions ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
if ( v_vr.validity.time_start_and_end.start_validity < v_aa_vr.validity.time_start_and_end.start_validity
or v_vr.validity.time_start_and_end.end_validity > v_aa_vr.validity.time_start_and_end.end_validity
) {
log("*** " & testcasename() & ": FAIL: AT certificate time validity restriction must be inside the AA certificate time validity restriction ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
log("*** " & testcasename() & ": PASS: Time validity restriction of the AT certificate is good ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_SND_CERT_AT_05_01
/**
* @desc Check that all AIDs containing in the in the its_aid_ssp_list in AT certificate are unique and exists in the its_aid_list in the AA certificate
* Check that the length of SSP of each AID is 31 octet maximum
*
* Pics Selection: PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION
* Config Id: CF01
* with {
* the IUT being in the 'authorized' state
* the IUT being requested to include certificate chain in the next CAM
* } ensure that {
* when {
* the IUT is requested to send a CAM
* } then {
* the IUT sends a SecuredMessage
* containing header_fields['signer_info'].signer {
* containing type
* indicating certificate_chain
* containing certificates[last-1] {
* containing subject_info.subject_type
* indicating 'authorization_authority' (2)
* containing subject_attributes['its_aid_list']
* containing its_aid_list[0..N]
* indicating ITS_AID_LIST_AA
* }
* }
* containing certificates[last] {
* containing subject_info.subject_type
* indicating 'authorization_ticket' (1)
* containing subject_attributes['its_aid_ssp_list']
* containing its_aid_ssp_list[0..N] {
* containing its_aid_ssp_list[n]{
* containing its_aid
* indicating unique value containing in the ITS_AID_LIST_AA
* containing service_specific_permissions
* indicating length <= 31 octet
* }
* }
* }
* }
* }
* }
* }
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_SND_CERT_AT_07_01_BV
* @reference ETSI TS 103 097 [1], clauses 6.9 and 7.4.1
*/
testcase TC_SEC_SND_CERT_AT_07_01() runs on ItsGeoNetworking system ItsSecSystem {
var CertificateChain v_chain;
var Certificate v_aa_cert, v_at_cert;
var SubjectAttribute v_sa;
var IntXs v_aid_list;
var ItsAidSsps v_aid_ssp_list;
// Test control
if (not(PICS_GN_SECURITY) or not(PICS_CERTIFICATE_SELECTION)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain ***");
tc_ac.start;
if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
}
tc_ac.stop;
if (lengthof(v_chain) < 2) {
log("*** " & testcasename() & ": FAIL: Certificate chain is too short ***");
f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_error);
}
v_aa_cert := v_chain[lengthof(v_chain) - 2];
v_at_cert := v_chain[lengthof(v_chain) - 1];
if (not f_getCertificateSubjectAttribute(v_aa_cert, e_its_aid_list, v_sa)) {
log("*** " & testcasename() & ": FAIL: AA certificate does not contain its_aid_list subject attribute ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
v_aid_list := v_sa.attribute.its_aid_list;
if (not f_getCertificateSubjectAttribute(v_at_cert, e_its_aid_ssp_list, v_sa)) {
log("*** " & testcasename() & ": FAIL: AA certificate does not contain its_aid_list subject attribute ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
v_aid_ssp_list := v_sa.attribute.its_aid_ssp_list;
for (var integer v_counter :=0; v_counter < lengthof(v_aid_ssp_list); v_counter := v_counter + 1) {
// Check unique
for (var integer j :=0; j < lengthof(v_aid_ssp_list); j := j + 1) {
if (v_counter != j and v_aid_ssp_list[v_counter].its_aid == v_aid_ssp_list[j].its_aid) {
log("*** " & testcasename() & ": FAIL: ITS-AID " & int2str(v_aid_ssp_list[v_counter].its_aid) & " is duplicated in AT certificate ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
} // End of 'for' statement
// if (not match(v_aid_ssp_list[v_counter], (all from v_aid_list))) {
// log("*** " & testcasename() & ": FAIL: ITS-AID " & int2str(v_aid_ssp_list[v_counter].its_aid) & " is not exist in AA certificate ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
// }
// TODO Not possible due to typing To be removed
// if (lengthof(v_aid_ssp_list[v_counter].service_specific_permissions.sspContainer) > 31) {
// log("*** " & testcasename() & ": FAIL: ITS-AID " & int2str(v_aid_ssp_list[v_counter].its_aid) & " has too long service_specific_permissions ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
// }
} // End of 'for' statement
log("*** " & testcasename() & ": PASS: The ITS_AID_SSP list of the AT certificate is good ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_SND_CERT_AT_07_01
/**
* @desc Check that AT certificate is signed by AA cert
*
* Pics Selection: PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION
* Config Id: CF01
* with {
* the IUT being in the 'authorized' state
* the IUT being requested to include certificate chain in the next CAM
* } ensure that {
* when {
* the IUT is requested to send a first CAM
* } then {
* the IUT sends a SecuredMessage
* containing header_fields['signer_info'].signer {
* containing type
* indicating certificate_chain
* containing certificates[last-1] (CERT_AA) {
* containing subject_info.subject_type
* indicating 'authorization_authority' (2)
* and containing subject_attributes['verification key'] (KEY)
* }
* containing certificates[last] {
* containing subject_info.subject_type
* indicating 'authorization_ticket' (1)
* }
* and containing signer_info[0]{
* containing type
* indicating 'certificate_digest_with_sha256'
* containing digest
* referencing to CERT_AA
* }
* and containing signature
* verifiable using KEY
* }
* }
* }
* }
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_SND_CERT_AT_08_01_BV
* @reference ETSI TS 103 097 [1], clause 6.3
*/
testcase TC_SEC_SND_CERT_AT_08_01() runs on ItsGeoNetworking system ItsSecSystem {
var CertificateChain v_chain;
var Certificate v_aa_cert, v_at_cert;
var HashedId8 v_aa_digest;
// Test control
if (not(PICS_GN_SECURITY) or not(PICS_CERTIFICATE_SELECTION)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain ***");
tc_ac.start;
if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
}
tc_ac.stop;
if (lengthof(v_chain) < 2) {
log("*** " & testcasename() & ": FAIL: Certificate chain is too short ***");
f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_error);
}
v_at_cert := v_chain[lengthof(v_chain) - 1];
v_aa_cert := v_chain[lengthof(v_chain) - 2];
v_aa_digest := f_calculateDigestFromCertificate(v_aa_cert);
if (not match(v_at_cert, mw_at_certificate(mw_signerInfo_digest(v_aa_digest)))) {
log("*** " & testcasename() & ": FAIL: AT certificate signer info doesn't reference the AA certificate from the chain ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
if (not f_verifyCertificateSignatureWithIssuingCertificate(v_at_cert, v_aa_cert)) {
log("*** " & testcasename() & ": FAIL: AT certificate signature verification failed ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
log("*** " & testcasename() & ": PASS: AT certificate was signed by the AA certificate from the given chain ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_SND_CERT_AT_08_01
/**
* @desc Check that the assurance level of the subordinate certificate is equal to or lower than the assurance level of the issuing certificate
*
* Pics Selection: PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION
* Config Id: CF01
* with {
* the IUT being in the 'authorized' state
* the IUT being requested to include certificate chain in the next CAM
* } ensure that {
* when {
* the IUT is requested to send a CAM
* } then {
* the IUT sends a SecuredMessage
* containing header_fields['signer_info'].signer {
* containing type
* indicating certificate_chain
* containing certificates[last-1] (CERT_AA) {
* containing subject_attributes ['assurance_level']
* containig assurance_level
* indicating indicating assurance level AL_AA
* }
* containing certificates[last] (CERT_AT) {
* containing subject_attributes ['assurance_level']
* containig assurance_level
* indicating indicating assurance level AL_AT (AL_AT <= AL_AA)
* }
* }
* }
* }
* }
* }
*
* @see ETSI TS 103 096-2 v1.2.1 TP_SEC_ITSS_SND_CERT_AT_09_01_BV
* @reference ETSI TS 103 097 [1], clause 7.4
*/
testcase TC_SEC_SND_CERT_AT_09_01() runs on ItsGeoNetworking system ItsSecSystem {
var CertificateChain v_chain;
var Certificate v_aa_cert, v_at_cert;
var SubjectAttribute v_sa;
var SubjectAssurance v_aa_assurance_level, v_at_assurance_level;
// Test control
if (not(PICS_GN_SECURITY) or not(PICS_CERTIFICATE_SELECTION)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain ***");
tc_ac.start;
if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
}
tc_ac.stop;
if (lengthof(v_chain) < 2) {
log("*** " & testcasename() & ": FAIL: Certificate chain is too short ***");
f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_error);
}
v_aa_cert := v_chain[lengthof(v_chain) - 2];
v_at_cert := v_chain[lengthof(v_chain) - 1];
if (not f_getCertificateSubjectAttribute(v_aa_cert, e_assurance_level, v_sa)) {
log("*** " & testcasename() & ": FAIL: AA certificate does not contain its_aid_list subject attribute ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
v_aa_assurance_level := v_sa.attribute.assurance_level;
if (not f_getCertificateSubjectAttribute(v_at_cert, e_assurance_level, v_sa)) {
log("*** " & testcasename() & ": FAIL: AA certificate does not contain its_aid_list subject attribute ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
v_at_assurance_level := v_sa.attribute.assurance_level;
if (bit2int(v_aa_assurance_level.levels) < bit2int(v_at_assurance_level.levels)) {
log("*** " & testcasename() & ": FAIL: The assurence levels mismatch ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else {
log("*** " & testcasename() & ": PASS: The assurence levels match ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_SND_CERT_AT_09_01
} // End of group g_AT_Certificates
} // End of group g_Certificates
} // End of module ItsSecurity_TestCase