/** * @author ETSI / STF545 * @version $URL$ * $Id$ * @desc Testcases file for Security Protocol * @reference ETSI TS ITS-00546v006 * @copyright ETSI Copyright Notification * No part may be reproduced except as authorized by written permission. * The copyright and the foregoing restriction extend to reproduction in all media. * All rights reserved. */ module ItsPki_TestCases { // Libcommon import from LibCommon_Time all; import from LibCommon_VerdictControl all; import from LibCommon_Sync all; import from LibCommon_BasicTypesAndValues all; import from LibCommon_DataStrings all; // LibIts import from IEEE1609dot2BaseTypes language "ASN.1:1997" all; import from IEEE1609dot2 language "ASN.1:1997" all; import from EtsiTs102941BaseTypes language "ASN.1:1997" all; import from EtsiTs102941TypesEnrolment language "ASN.1:1997" all; import from EtsiTs102941MessagesItss language "ASN.1:1997" all; import from EtsiTs103097Module language "ASN.1:1997" all; import from ITS_Container language "ASN.1:1997" all; import from CAM_PDU_Descriptions language "ASN.1:1997" all; // LibItsCommon import from LibItsCommon_TypesAndValues all; import from LibItsCommon_Functions all; import from LibItsCommon_TypesAndValues all; import from LibItsCommon_ASN1_NamedNumbers all; // LibItsGeoNetworking import from LibItsGeoNetworking_TestSystem all; import from LibItsGeoNetworking_Functions all; import from LibItsGeoNetworking_Templates all; import from LibItsGeoNetworking_TypesAndValues all; import from LibItsGeoNetworking_Pics all; // LibItsSecurity import from LibItsSecurity_TypesAndValues all; import from LibItsSecurity_TestSystem all; import from LibItsSecurity_Templates all; import from LibItsSecurity_Functions all; import from LibItsSecurity_Pixits all; import from LibItsSecurity_Pics all; // LibItsHttp import from LibItsHttp_TypesAndValues all; import from LibItsHttp_Templates all; import from LibItsHttp_BinaryTemplates all; import from LibItsHttp_Functions all; import from LibItsHttp_TestSystem all; // LibItsPki import from LibItsPki_Templates all; import from LibItsPki_TestSystem all; // AtsPki import from ItsPki_Functions all; /** * @desc 5.2 ITS-S behaviour */ group itss_behavior { group itss_manufacturing { /** * @desc Check that IUT sends an enrolment request when triggered. *
       * Pics Selection: 
       * Initial conditions: 
       *     with {
       *         the IUT being in the "initial state"
       *     }
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT is triggered to requested a new Enrolment Certificate (EC)
       *         }
       *         then {
       *             the IUT sends to EA an EnrolmentRequestMessage
       *         }
       *     }
       * 
* * @see ETSI TS ITS-00546v006 TP 2 * @reference ETSI TS 102 941 [2], clause 6.1.3 */ testcase TC_SEC_PKI_ITSS_ENR_BV_01() runs on ItsMtc /*system ItsPkiItssSystem*/ { // Local variables var ItsPkiItss v_itss; var ItsPki v_ea; // Test component configuration //f_cfUp_itss(); v_itss.start(f_TC_SEC_PKI_ITSS_ENR_BV_01_itss(cc_taCert_A)); v_ea.start(f_TC_SEC_PKI_ITSS_ENR_BV_01_pki(cc_taCert_A)); // Synchronization f_serverSync2ClientsAndStop({c_prDone, c_tbDone, c_poDone}); // Cleanup //f_cfDown_itss(); } // End of testcase TC_SEC_PKI_ITSS_ENR_BV_01 group f_TC_SEC_PKI_ITSS_ENR_BV_01 { function f_TC_SEC_PKI_ITSS_ENR_BV_01_itss(in charstring p_certificate_id) runs on ItsPkiItss /*system ItsPkiItssSystem*/ { // Local variables var LongPosVector v_longPosVectorIut; // Test control if (not(PICS_GN_SECURITY)) { log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***"); stop; } // Test component configuration f_cf01Up(); // Initialise IUT with CERT_IUT_A_AT signed with CERT_IUT_A_AA v_longPosVectorIut := f_getPosition(c_compIut); // Test adapter configuration // Preamble f_prNeighbour(); f_acTriggerEvent(m_startPassBeaconing(m_beaconHeader(v_longPosVectorIut).beaconHeader)); // Authorize the TA to forward the received beacons f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body tc_ac.start; alt { [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mw_etsiTs103097Data_signed ))) { tc_ac.stop; log("*** " & testcasename() & ": PASS: Security protocol version set to 3 ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected message not received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); } } // End of 'alt' statement // Postamble f_acTriggerEvent(m_stopPassBeaconing); f_poNeighbour(); f_cf01Down(); } // End of testcase f_TC_SEC_PKI_ITSS_ENR_BV_01_itss function f_TC_SEC_PKI_ITSS_ENR_BV_01_pki(in charstring p_certificate_id) runs on ItsPki /*system ItsPkiItssSystem*/ { } // End of testcase f_TC_SEC_PKI_ITSS_ENR_BV_01_pki } // End of f_TC_SEC_PKI_ITSS_ENR_BV_01 } // End of group itss_manufacturing } // End of group itss_behavior group ea_behavior { /** * @desc The EnrolmentResponse message shall be sent by the EA to the * ITS-S across the interface at reference point S3 in response * to a received EnrolmentRequest message. *
     * Pics Selection: 
     * Initial conditions: 
     *     with {
     *         the IUT being in the "operational state"
     *     }
     * Expected behaviour:
     *     ensure that {
     *         when {
     *             the IUT receives an EnrolmentRequestMessage across the interface at the reference point S3
     *         }
     *         then {
     *             the IUT answers with an EnrolmentResponseMessage across the interface at reference point S3
     *         }
     *     }
     * 
* * @see ETSI TS ITS-00546v006 TP 20 * @reference ETSI TS 102 941, clause 6.2.3.2.2 */ testcase TC_SEC_PKI_SND_EA_BV_01() runs on ItsPki system ItsPkiSystem { // Local variables var EtsiTs103097Certificate v_certificate; // Test control // Test component configuration vc_hashedId8ToBeUsed := "CERT_TS_B_AT"; ItsPki_Functions.f_cfUp(); // Test adapter configuration // Preamble f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body pkiPort.send( m_innerEcRequest( "TODO", m_publicKeys( v_certificate.toBeSigned.verifyKeyIndicator.verificationKey, v_certificate.toBeSigned.encryptionKey ), m_certificateSubjectAttributes( v_certificate.toBeSigned.appPermissions, v_certificate.toBeSigned.validityPeriod, v_certificate.toBeSigned.region, v_certificate.toBeSigned.assuranceLevel ))); tc_ac.start; alt { [] pkiPort.receive( mw_innerEcResponse_ok ) { tc_ac.stop; log("*** " & testcasename() & ": PASS: InnerEcReponse received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } [] pkiPort.receive { // FIXME Use altstep tc_ac.stop; log("*** " & testcasename() & ": FAIL: HTTP error ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected message not received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); } } // End of 'alt' statement // Postamble ItsPki_Functions.f_cfDown(); } // End of testcase TC_SEC_PKI_SND_EA_BV_01 /** * @desc If the enrolment request of the IUT is an initial enrolment request, the itsId * (contained in the InnerECRequest) shall be set to the canonical identifier, the * signer (contained in the outer EtsiTs1030971Data-Signed) shall be set to self and * the outer signature shall be computed using the canonical private key. *
     * Pics Selection: 
     * Initial conditions: 
     *     with {
     *         the IUT being in the "operational state"
     *     }
     * Expected behaviour:
     *     ensure that {
     *         when {
     *             the IUT is requested to send an EnrolmentRequestMessage
     *         }
     *         then {
     *             the IUT sends an EtsiTs103097Data-Encrypted
     *                 containing an encrypted EtsiTs103097Data-Signed
     *                     containing EtsiTs103097Data
     *                          containing InnerECRequestSignedForPOP
     *                             containing InnerEcRequest
     *                                 containing itsId
     *                                     indicating the canonical identifier of the ITS-S 
     *                 and containing signer
     *                     declared as self
     *                 and containing signature 
     *                     computed using the canonical private key
     *         }
     *     }
     * 
* * @see ETSI TS ITS-00546v006 TP 20 * @reference ETSI TS 102 941, clause 6.2.3.2.2 */ testcase TC_SEC_PKI_SND_EA_BV_02() runs on ItsPkiHttp system ItsPkiHttpSystem { // Local variables var Oct32 v_private_key; var Oct32 v_publicKeyX; var Oct32 v_publicKeyY; var Oct32 v_publicKeyCompressed; var integer v_compressedMode; var template (value) EccP256CurvePoint v_eccP256_curve_point; var template (value) InnerEcRequest v_inner_ec_request; var octetstring v_encoded_inner_ec_request; var template (value) ToBeSignedData v_tbs; var Oct32 v_tbs_signed; var template (value) Ieee1609Dot2Data v_ieee1609dot2_signed_data; var Oct16 v_authentication_vector; var Oct16 v_encrypted_sym_key; var Oct12 v_nonce; var HashedId8 v_recipientId; var template (value) Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data; var HeaderLines v_headers; // Test control // Test component configuration f_cfHttpUp("CERT_IUT_A_EA"); // Test adapter configuration // Preamble // f_generate_innerEcRequestSignedForPop(v_inner_ec_request) // Generate jkeys for the certificate to be requested if (f_generate_key_pair_nistp256(v_private_key, v_publicKeyX, v_publicKeyY, v_publicKeyCompressed, v_compressedMode) == false) { f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_error); stop; } log("v_private_key = ", v_private_key); log("v_public_key X= ", v_publicKeyX); log("v_public_key Y= ", v_publicKeyY); log("v_public_key compressed= ", v_publicKeyCompressed, v_compressedMode); if (v_compressedMode == 0) { v_eccP256_curve_point := m_eccP256CurvePoint_compressed_y_0(v_publicKeyCompressed); } else { v_eccP256_curve_point := m_eccP256CurvePoint_compressed_y_1(v_publicKeyCompressed); } // Build the Proof of possession InnerEcRequestSignedForPop v_inner_ec_request := m_innerEcRequest( "CanonicalItsId", m_publicKeys( m_publicVerificationKey_ecdsaNistP256(v_eccP256_curve_point), m_encryptionKey( -, m_publicEncryptionKey_ecdsaNistP256(v_eccP256_curve_point) ) ), m_certificateSubjectAttributes( { // ETSI TS 102 965 Table A.1: ETSI ITS standardized ITS-AIDs valueof(m_appPermissions(36, { bitmapSsp := '830001'O })), valueof(m_appPermissions(37, { bitmapSsp := '830001'O })) }, m_validityPeriod( 17469212, m_duration_years(10) ), m_geographicRegion_identifiedRegion( { m_identifiedRegion_country_only(12), m_identifiedRegion_country_only(34) } ), 'C0'O ) ); // Encode it v_encoded_inner_ec_request := bit2oct(encvalue(v_inner_ec_request)); // f_buildPkiSecuredCam(v_encoded_inner_ec_request, ) // Signed the encoded InnerEcRequestSignedForPop v_tbs := m_toBeSignedData( m_signedDataPayload( m_etsiTs103097Data_unsecured(v_encoded_inner_ec_request) ), m_headerInfo_inner_ec_request(12345, f_getCurrentTime()) // TODO Use PIXIT ); // Signed the encoded InnerEcRequestSignedForPop v_tbs_signed := fx_signWithEcdsaNistp256WithSha256_1(bit2oct(encvalue(v_tbs)), valueof(v_eccP256_curve_point), v_private_key); // TODO Use wrapping function // Finalyse signed InnerEcRequestSignedForPop v_ieee1609dot2_signed_data := m_etsiTs103097Data_signed( m_signedData( sha256, v_tbs, m_signerIdentifier_self, m_signature_ecdsaNistP256( m_ecdsaP256Signature( m_eccP256CurvePoint_x_only( substr(v_tbs_signed, 0, 32) ), substr(v_tbs_signed, 32, 32) ) ) ) ); // Encode InnerEcRequestSignedForPop v_encoded_inner_ec_request := bit2oct(encvalue(v_ieee1609dot2_signed_data)); // Encrypt the encoded signed InnerEcRequestSignedForPop v_encrypted_inner_ec_request := f_encryptWithEciesNistp256WithSha256(bit2oct(v_encoded_inner_ec_request), v_tsPublicKeyCompressed, v_tsCompressedMode, v_publicEphemeralKeyCompressed, v_ephemeralKeyModeCompressed, v_encrypted_sym_key, v_authentication_vector, v_nonce); v_recipientId := f_HashedId8FromSha256(f_hashWithSha256(bit2oct(v_encrypted_inner_ec_request))); // IEEE Std 1609.2a-2017 Clause 6.3.34 PKRecipientInfo // Fill Certificate template with the public compressed keys (canonical form) if (v_ephemeralKeyModeCompressed == 0) { v_eccP256_curve_point := valueof(m_eccP256CurvePoint_compressed_y_0(v_publicEphemeralKeyCompressed)); } else { v_eccP256_curve_point := valueof(m_eccP256CurvePoint_compressed_y_1(v_publicEphemeralKeyCompressed)); } v_ieee1609dot2_signed_and_encrypted_data := m_etsiTs103097Data_encrypted( m_encryptedData( { m_recipientInfo_signedDataRecipInfo( m_pKRecipientInfo( v_recipientId, m_encryptedDataEncryptionKey_eciesNistP256( m_evciesP256EncryptedKey( v_eccP256_curve_point, v_encrypted_sym_key, v_authentication_vector )))) }, m_SymmetricCiphertext_aes128ccm( m_aesCcmCiphertext( v_nonce, v_encrypted_inner_ec_request ) ) ) ); log("v_ieee1609dot2_signed_and_encrypted_data = ", v_ieee1609dot2_signed_and_encrypted_data); v_encrypted_inner_ec_request := encvalue(v_ieee1609dot2_signed_and_encrypted_data); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body f_init_default_headers_list(v_headers); //f_prepare_pki_message(v_pki_message); httpPort.send( m_http_request( m_http_request_post( "/", v_headers, m_http_message_body_binary( m_binary_body_ieee1609dot2_data( v_ieee1609dot2_signed_and_encrypted_data ))))); tc_ac.start; alt { [] httpPort.receive( mw_http_response( mw_http_response_ok( mw_http_message_body_binary( mw_binary_body_ieee1609dot2_data( mw_etsiTs103097Data_encrypted( mw_encryptedData( -, mw_SymmetricCiphertext_aes128ccm ))))))) { tc_ac.stop; log("*** " & testcasename() & ": PASS: InnerEcReponse received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } [] httpPort.receive( // FIXME Use altstep mw_http_response( mw_http_response_ko )) { tc_ac.stop; log("*** " & testcasename() & ": FAIL: HTTP error ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } [] httpPort.receive(mw_http_response) { // FIXME Use altstep tc_ac.stop; log("*** " & testcasename() & ": FAIL: Unexpected response received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected message not received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); } } // End of 'alt' statement // Postamble f_cfHttpDown(); } // End of testcase TC_SEC_PKI_SND_EA_BV_02 } // End of group ea_behavior group aa_behavior { } // End of group aa_beavior } // End of module ItsPki_TestCases