/** * @author ETSI / STF545 * @version $URL$ * $Id$ * @desc Testcases file for Security Protocol * @reference ETSI TS ITS-00546v006 * @copyright ETSI Copyright Notification * No part may be reproduced except as authorized by written permission. * The copyright and the foregoing restriction extend to reproduction in all media. * All rights reserved. */ module ItsPki_TestCases { // Libcommon import from LibCommon_Time all; import from LibCommon_VerdictControl all; import from LibCommon_Sync all; import from LibCommon_BasicTypesAndValues all; import from LibCommon_DataStrings all; // LibIts import from IEEE1609dot2BaseTypes language "ASN.1:1997" all; import from IEEE1609dot2 language "ASN.1:1997" all; import from EtsiTs102941BaseTypes language "ASN.1:1997" all; import from EtsiTs102941TypesEnrolment language "ASN.1:1997" all; import from EtsiTs102941TypesAuthorization language "ASN.1:1997" all; import from EtsiTs102941TypesAuthorizationValidation language "ASN.1:1997" all; import from EtsiTs102941MessagesItss language "ASN.1:1997" all; import from EtsiTs103097Module language "ASN.1:1997" all; import from ITS_Container language "ASN.1:1997" all; import from CAM_PDU_Descriptions language "ASN.1:1997" all; // LibItsCommon import from LibItsCommon_TypesAndValues all; import from LibItsCommon_Functions all; import from LibItsCommon_TypesAndValues all; import from LibItsCommon_ASN1_NamedNumbers all; // LibItsGeoNetworking import from LibItsGeoNetworking_TypesAndValues all; import from LibItsGeoNetworking_Functions all; import from LibItsGeoNetworking_Templates all; import from LibItsGeoNetworking_Pics all; import from LibItsGeoNetworking_TestSystem all; // LibItsSecurity import from LibItsSecurity_TypesAndValues all; import from LibItsSecurity_TestSystem all; import from LibItsSecurity_Templates all; import from LibItsSecurity_Functions all; import from LibItsSecurity_Pixits all; import from LibItsSecurity_Pics all; // LibItsHttp import from LibItsHttp_TypesAndValues all; import from LibItsHttp_Templates all; import from LibItsHttp_BinaryTemplates all; import from LibItsHttp_Functions all; import from LibItsHttp_TestSystem all; // LibItsPki import from LibItsPki_Templates all; import from LibItsPki_Functions all; import from LibItsPki_TestSystem all; import from LibItsPki_Pics all; // AtsPki import from ItsPki_Functions all; /** * @desc 5.2 ITS-S behaviour */ group itss_behavior { group itss_manufacturing { /** * @desc Check that IUT sends an enrolment request when triggered. *
       * Pics Selection: 
       * Initial conditions: 
       *     with {
       *         the IUT being in the "initial state"
       *     }
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT is triggered to requested a new Enrolment Certificate (EC)
       *         }
       *         then {
       *             the IUT sends to EA an EnrolmentRequestMessage
       *         }
       *     }
       * 
* * @see ETSI TS ITS-00546v006 TP 2 * @reference ETSI TS 102 941 [2], clause 6.1.3 */ testcase TC_SEC_PKI_ITSS_ENR_BV_01() runs on ItsMtc /*system ItsPkiItssSystem*/ { // Local variables var Oct32 v_private_key; var Oct32 v_publicKeyX; var Oct32 v_publicKeyY; var Oct32 v_publicKeyCompressed; var integer v_compressedMode; var ItsPkiItss v_itss; var ItsPki v_ea; // Test control if (not PICS_IUT_ITS_S_ROLE) { log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE required for executing the TC ***"); setverdict(inconc); stop; } // Test component configuration if (f_generate_key_pair_nistp256(v_private_key, v_publicKeyX, v_publicKeyY, v_publicKeyCompressed, v_compressedMode) == false) { log("*** " & testcasename() & ": FAIL: Failed to setup InnerEcRequest message ***") setverdict(inconc); stop; } v_itss.start(f_TC_SEC_PKI_ITSS_ENR_BV_01_itss(cc_taCert_A, v_private_key, v_publicKeyCompressed, v_compressedMode)); v_ea.start(f_TC_SEC_PKI_ITSS_ENR_BV_01_pki(cc_taCert_A, v_private_key, v_publicKeyCompressed, v_compressedMode)); // Synchronization f_serverSync2ClientsAndStop({c_prDone, c_tbDone, c_poDone}); // Cleanup } // End of testcase TC_SEC_PKI_ITSS_ENR_BV_01 group f_TC_SEC_PKI_ITSS_ENR_BV_01 { function f_TC_SEC_PKI_ITSS_ENR_BV_01_itss( in charstring p_certificate_id, in octetstring p_private_key, in octetstring p_publicKeyCompressed, in integer p_compressedMode ) runs on ItsPkiItss /*system ItsPkiItssSystem*/ { // Local variables // Test component configuration f_cfUp_itss(); // Test adapter configuration // Preamble f_sendUtTriggerPrimitive(PICS_ITS_S_CANONICAL_ID, '00'O, p_private_key, p_publicKeyCompressed, p_compressedMode); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); // Postamble f_cfDown_itss(); } // End of function f_TC_SEC_PKI_ITSS_ENR_BV_01_itss function f_TC_SEC_PKI_ITSS_ENR_BV_01_pki( in charstring p_certificate_id, in octetstring p_private_key, in octetstring p_publicKeyCompressed, in integer p_compressedMode ) runs on ItsPki /*system ItsPkiSystem*/ { // Local variables // Test component configuration LibItsPki_Functions.f_cfUp(); // Test adapter configuration // Preamble f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body tc_ac.start; alt { [] pkiPort.receive( mw_innerEcRequest ) { log("*** " & testcasename() & ": INFO: InnerEcRequest received ***"); // TODO Check message content // TODO Send InnerEcResponse; log("*** " & testcasename() & ": PASS: Message triggered ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected message not received ***"); f_selfOrClientSyncAndVerdictTestBody(c_prDone, e_timeout); } } // End of 'alt' statement // Postamble LibItsPki_Functions.f_cfDown(); } // End of function f_TC_SEC_PKI_ITSS_ENR_BV_01_pki } // End of group f_TC_SEC_PKI_ITSS_ENR_BV_01 /** * @desc If the enrolment request of the IUT is an initial enrolment request, the itsId * (contained in the InnerECRequest) shall be set to the canonical identifier, the * signer (contained in the outer EtsiTs1030971Data-Signed) shall be set to self and * the outer signature shall be computed using the canonical private key. *
       * Pics Selection: 
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT is requested to send an EnrolmentRequestMessage
       *         }
       *         then {
       *             the IUT sends an EtsiTs103097Data-Encrypted
       *                 containing an encrypted EtsiTs103097Data-Signed
       *                     containing EtsiTs103097Data
       *                          containing InnerECRequestSignedForPOP
       *                             containing InnerEcRequest
       *                                 containing itsId
       *                                     indicating the canonical identifier of the ITS-S 
       *                 and containing signer
       *                     declared as self
       *                 and containing signature 
       *                     computed using the canonical private key
       *         }
       *     }
       * 
* * @see ETSI TS ITS-00546v006 TP 3 * @reference ETSI TS 102 941, clause 6.1.3 */ testcase TC_SEC_PKI_ITSS_ENR_BV_02() runs on ItsMtc /*system ItsPkiItssSystem*/ { // Local variables var Oct32 v_private_key; var Oct32 v_publicKeyX; var Oct32 v_publicKeyY; var Oct32 v_publicKeyCompressed; var integer v_compressedMode; var ItsPkiItss v_itss; var ItsPkiHttp v_ea; // Test control if (not PICS_IUT_ITS_S_ROLE) { log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE required for executing the TC ***"); setverdict(inconc); stop; } // Test component configuration if (f_generate_key_pair_nistp256(v_private_key, v_publicKeyX, v_publicKeyY, v_publicKeyCompressed, v_compressedMode) == false) { log("*** " & testcasename() & ": FAIL: Failed to setup InnerEcRequest message ***") setverdict(inconc); stop; } v_itss.start(f_TC_SEC_PKI_ITSS_ENR_BV_02_itss(cc_taCert_A, v_private_key, v_publicKeyCompressed, v_compressedMode)); v_ea.start(f_TC_SEC_PKI_ITSS_ENR_BV_02_pki(cc_taCert_A, v_private_key, v_publicKeyCompressed, v_compressedMode)); // Synchronization f_serverSync2ClientsAndStop({c_prDone, c_tbDone, c_poDone}); // Cleanup } // End of TC_SEC_PKI_ITSS_ENR_BV_02 group f_TC_SEC_PKI_ITSS_ENR_BV_02 { function f_TC_SEC_PKI_ITSS_ENR_BV_02_itss( in charstring p_certificate_id, in octetstring p_private_key, in octetstring p_publicKeyCompressed, in integer p_compressedMode ) runs on ItsPkiItss /*system ItsPkiItssSystem*/ { // Local variables // Test component configuration f_cfUp_itss(); // Test adapter configuration // Preamble f_sendUtTriggerPrimitive(PICS_ITS_S_CANONICAL_ID, '00'O, p_private_key, p_publicKeyCompressed, p_compressedMode); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); // Postamble f_cfDown_itss(); } // End of function f_TC_SEC_PKI_ITSS_ENR_BV_02_itss function f_TC_SEC_PKI_ITSS_ENR_BV_02_pki( in charstring p_certificate_id, in octetstring p_private_key, in octetstring p_publicKeyCompressed, in integer p_compressedMode ) runs on ItsPkiHttp /*system ItsPkiHttpSystem*/ { // Local variable var HttpMessage v_response; var EtsiTs102941Data v_etsi_ts_102941_data; var InnerEcRequest v_inner_ec_request; // Test component configuration f_cfHttpUp(); // Test adapter configuration // Preamble f_selfOrClientSyncAndVerdictTestBody(c_prDone, e_success); // Test Body tc_ac.start; alt { [] httpPort.receive( mw_http_response( mw_http_response_ok( mw_http_message_body_binary( mw_binary_body_ieee1609dot2_data( mw_enrolmentRequestMessage( mw_encryptedData( -, mw_SymmetricCiphertext_aes128ccm ))))))) -> value v_response { tc_ac.stop; if (f_verify_pki_message(vc_eaPrivateEncKey, int2oct(0, 32), vc_eaCertificate, v_response.response.body.binary_body.ieee1609dot2_data, false, v_etsi_ts_102941_data) == false) { log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***"); log("*** " & testcasename() & ": DEBUG: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentRequest(mw_innerEcRequestSignedForPop(mw_signedData))), " ***"); // TODO In TITAN, this is the oly way to get the unmatching in log if (match(v_etsi_ts_102941_data.content, mw_enrolmentRequest(mw_innerEcRequestSignedForPop(mw_signedData)))) { // TODO Verify signature of mw_innerEcRequestSignedForPop log("*** " & testcasename() & ": PASS: InnerEcRequestSignedForPop received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } else { log("*** " & testcasename() & ": FAIL: Unexpected message received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } } } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected message not received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); } } // End of 'alt' statement // Postamble f_cfHttpDown(); } // End of function f_TC_SEC_PKI_ITSS_ENR_BV_02_pki } // End of f_TC_SEC_PKI_ITSS_ENR_BV_02 /** * @desc Check that IUT sends an enrolment request when triggered. *
       * Pics Selection: 
       * Initial conditions: 
       *     with {
       *         the IUT being in the "initial state"
       *     }
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT is triggered to requested a new Enrolment Certificate (EC)
       *         }
       *         then {
       *             the IUT sends to EA an EnrolmentRequestMessage
       *         }
       *     }
       * 
* * @see ETSI TS ITS-00546v006 TP 2 * @reference ETSI TS 102 941 [2], clause 6.1.3 */ testcase TEST() runs on ItsMtc /*system ItsPkiItssSystem*/ { // Local variables var Oct32 v_private_key; var Oct32 v_publicKeyX; var Oct32 v_publicKeyY; var Oct32 v_publicKeyCompressed; var integer v_compressedMode; var ItsPkiItss v_itss; var ItsPki v_ea; // Test control if (not PICS_IUT_ITS_S_ROLE) { log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE required for executing the TC ***"); setverdict(inconc); stop; } // Test component configuration if (f_generate_key_pair_nistp256(v_private_key, v_publicKeyX, v_publicKeyY, v_publicKeyCompressed, v_compressedMode) == false) { log("*** " & testcasename() & ": FAIL: Failed to setup InnerEcRequest message ***") setverdict(inconc); stop; } v_itss.start(f_TEST_itss(cc_taCert_A, v_private_key, v_publicKeyX, v_publicKeyY, v_publicKeyCompressed, v_compressedMode)); v_ea.start(f_TEST_pki(cc_taCert_A, v_private_key, v_publicKeyX, v_publicKeyY, v_publicKeyCompressed, v_compressedMode)); // Synchronization f_serverSync2ClientsAndStop({c_prDone, c_tbDone, c_poDone}); // Cleanup } // End of testcase TEST group f_TEST { function f_TEST_itss( in charstring p_certificate_id, in octetstring p_private_key, in octetstring p_publicKeyX, in octetstring p_publicKeyY, in octetstring p_publicKeyCompressed, in integer p_compressedMode ) runs on ItsPkiItss /*system ItsPkiItssSystem*/ { // Local variables var GeoNetworkingInd v_geoNwInd; var EtsiTs103097Certificate v_initial_certificate; // Test component configuration f_cfUp_itss(); // Test adapter configuration // Preamble tc_ac.start; // Wait for current certificate alt { [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mw_etsiTs103097Data_signed( mw_signedData( -, mw_toBeSignedData( mw_signedDataPayload, mw_headerInfo_cam ), mw_signerIdentifier_certificate( mw_etsiTs103097Certificate( -, mw_toBeSignedCertificate_at( { mw_appPermissions(c_its_aid_CAM) } ) ) ) ) ), mw_geoNwShbPacket ))) -> value v_geoNwInd { tc_ac.stop; log("*** " & testcasename() & ": INFO: Receieve initial certificate"); // Extract the initial certificate v_initial_certificate := v_geoNwInd.msgIn.gnPacket.securedMsg.content.signedData.signer.certificate[0]; f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); } [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mw_etsiTs103097Data_signed ))) { log("*** " & testcasename() & ": DEBUG: Still waiting for certificate"); repeat; } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected CA message not received ***"); f_selfOrClientSyncAndVerdictTestBody(c_prDone, e_timeout); } } // End of 'alt' statement // Test Body tc_ac.start; alt { [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mw_etsiTs103097Data_signed( mw_signedData( -, mw_toBeSignedData( mw_signedDataPayload, mw_headerInfo_cam ), mw_signerIdentifier_certificate( v_initial_certificate ) ) ), mw_geoNwShbPacket ))) { log("*** " & testcasename() & ": INFO: IUT still using initial certificate ***"); repeat; } [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mw_etsiTs103097Data_signed( mw_signedData( -, mw_toBeSignedData( mw_signedDataPayload, mw_headerInfo_gn ), mw_signerIdentifier_certificate ) ) ))) -> value v_geoNwInd { tc_ac.stop; log("*** " & testcasename() & ": PASS: IUT uses new certificate ***"); // TODO Check that is the expected one f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } [] geoNetworkingPort.receive( mw_geoNwInd( mw_geoNwSecPdu( mw_etsiTs103097Data_signed ))) { log("*** " & testcasename() & ": INFO: Unexpected message received, continue ***"); repeat; } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected message not received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); } } // End of 'alt' statement // Postamble f_cfDown_itss(); } // End of function f_TEST_itss function f_TEST_pki( in charstring p_certificate_id, in octetstring p_private_key, in octetstring p_publicKeyX, in octetstring p_publicKeyY, in octetstring p_publicKeyCompressed, in integer p_compressedMode ) runs on ItsPki /*system ItsPkiSystem*/ { // Local variables // Test component configuration LibItsPki_Functions.f_cfUp(); // Test adapter configuration // Preamble tc_ac.start; alt { [] pkiPort.receive( mw_innerEcRequest ) { log("*** " & testcasename() & ": INFO: InnerEcRequest received ***"); repeat; } [] pkiPort.receive( mw_innerEcResponse_ok ) { tc_ac.stop; log("*** " & testcasename() & ": INFO: InnerEcResponse received ***"); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected message not received ***"); f_selfOrClientSyncAndVerdictTestBody(c_prDone, e_timeout); } } // End of 'alt' statement // Test Body log("*** " & testcasename() & ": PASS: Message triggered ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); // Postamble LibItsPki_Functions.f_cfDown(); } // End of function f_TEST_pki } // End of f_TEST } // End of group itss_manufacturing } // End of group itss_behavior group ea_behavior { group enrolment_request_handling { /** * @desc The EnrolmentResponse message shall be sent by the EA to the * ITS-S across the interface at reference point S3 in response * to a received EnrolmentRequest message. *
       * Pics Selection: 
       * Initial conditions: 
       *     with {
       *         the IUT being in the "operational state"
       *     }
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives an EnrolmentRequestMessage across the interface at the reference point S3
       *         }
       *         then {
       *             the IUT answers with an EnrolmentResponseMessage across the interface at reference point S3
       *         }
       *     }
       * 
* * @see ETSI TS ITS-00546v006 TP 20 * @reference ETSI TS 102 941, clause 6.2.3.2.2 */ testcase TC_SEC_PKI_SND_EA_BV_01() runs on ItsPki system ItsPkiSystem { // Local variables var Oct32 v_private_key; var Oct32 v_publicKeyX; var Oct32 v_publicKeyY; var Oct32 v_publicKeyCompressed; var integer v_compressedMode; var InnerEcRequest v_inner_ec_request; // Test control if (not PICS_IUT_EA_ROLE) { log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***"); setverdict(inconc); stop; } // Test component configuration LibItsPki_Functions.f_cfUp(); // Test adapter configuration // Preamble if (f_generate_inner_ec_request(v_private_key, v_publicKeyX, v_publicKeyY, v_publicKeyCompressed, v_compressedMode, v_inner_ec_request) == false) { log("*** " & testcasename() & ": FAIL: Failed to setup InnerEcRequest message ***") f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_error); stop; } f_sendAcPkiPrimitive(v_private_key, v_publicKeyCompressed, v_compressedMode); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body pkiPort.send(v_inner_ec_request); tc_ac.start; alt { [] pkiPort.receive( mw_innerEcResponse_ok ) { tc_ac.stop; log("*** " & testcasename() & ": PASS: InnerEcResponse received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected message not received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); } } // End of 'alt' statement // Postamble LibItsPki_Functions.f_cfDown(); } // End of testcase TC_SEC_PKI_SND_EA_BV_01 } // End of group enrolment_request_handling group enrolment_response { /** * @desc The EnrolmentResponse message shall be encrypted using an ETSI TS 103 097 approved * algorithm and the encryption shall be done with the same AES key as the one used * by the ITS-S requestor for the encryption of the EnrolmentRequest message *
       * Pics Selection: 
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives an EnrolmentRequestMessage
       *                 containing encKey
       *                     containing an encrypted AES key (SYMKEY)
       *         }
       *         then {
       *             the IUT answers with an EnrolmentResponseMessage
       *                 containing cipherTex
       *                     being encrypted
       *                         using SYMKEY
       *                         and using an ETSI TS 103 097 approved algorithm
       *         }
       *     }
       * 
* * @see ETSI TS ITS-00546v006 TP 22 * @reference ETSI TS 102 941, clause 6.2.3.2.2 */ testcase TC_SEC_PKI_SND_EA_BV_02() runs on ItsPkiHttp system ItsPkiHttpSystem { // Local variables var Oct32 v_private_key; var Oct32 v_publicKeyX; var Oct32 v_publicKeyY; var Oct32 v_publicKeyCompressed; var integer v_compressedMode; var Oct32 v_hash_inner_ec_request_signed_for_pop; var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data; var HeaderLines v_headers; var HttpMessage v_response; var EtsiTs102941Data v_etsi_ts_102941_data; // Test control if (not PICS_IUT_EA_ROLE) { log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***"); setverdict(inconc); stop; } // Test component configuration f_cfHttpUp(); // Default value: CERT_TS_A_EA // Test adapter configuration // Preamble f_http_build_enrolment_request(v_private_key, v_publicKeyX, v_publicKeyY, v_publicKeyCompressed, v_compressedMode, v_ieee1609dot2_signed_and_encrypted_data, v_hash_inner_ec_request_signed_for_pop); f_init_default_headers_list(v_headers); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body httpPort.send( m_http_request( m_http_request_get( PICS_HTTP_GET_URI, v_headers, m_http_message_body_binary( m_binary_body_ieee1609dot2_data( v_ieee1609dot2_signed_and_encrypted_data ))))); tc_ac.start; alt { [] httpPort.receive( mw_http_response( mw_http_response_ok( mw_http_message_body_binary( mw_binary_body_ieee1609dot2_data( mw_enrolmentResponseMessage( mw_encryptedData( -, mw_SymmetricCiphertext_aes128ccm ))))))) -> value v_response { tc_ac.stop; if (f_verify_pki_message(vc_eaPrivateEncKey, vc_eaPeerWholeHash, vc_peerEaCertificate, v_response.response.body.binary_body.ieee1609dot2_data, false, v_etsi_ts_102941_data) == false) { log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***"); log("*** " & testcasename() & ": DEBUG: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_hash_inner_ec_request_signed_for_pop, 0, 16)))), " ***"); // TODO In TITAN, this is the oly way to get the unmatching in log if (match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_hash_inner_ec_request_signed_for_pop, 0, 16))))) { log("*** " & testcasename() & ": PASS: InnerEcResponse received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } else { log("*** " & testcasename() & ": FAIL: Unexpected message received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } } } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected message not received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); } } // End of 'alt' statement // Postamble f_cfHttpDown(); } // End of testcase TC_SEC_PKI_SND_EA_BV_02 /** * @desc The outermost structure is an EtsiTs103097Data-Encrypted structure containing * the component recipients containing one instance of RecipientInfo of choice * pskRecipInfo, which contains the HashedId8 of the symmetric key used by the * ITS-S to encrypt the EnrolmentRequest message to which the response is built * and containing the component ciphertext, once decrypted, contains an * EtsiTs103097Data-Signed structure *
       * Pics Selection: 
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives an EnrolmentRequestMessage
       *         }
       *         then {
       *             the IUT sends an EtsiTs103097Data-Encrypted structure
       *                 containing recipients
       *                     containing one instance of RecipientInfo of choice pskRecipInfo
       *                         containing the HashedId8 of the symmetric key used to encrypt the EnrolmentRequestMessage
       *                 and containing cipherText
       *                     being an encrypted EtsiTs103097Data-Signed structure
       *         }
       *     }
       * 
* * @see ETSI TS ITS-00546v006 TP 24 * @reference ETSI TS 102 941, clause 6.2.3.2.2 */ testcase TC_SEC_PKI_SND_EA_BV_03() runs on ItsPkiHttp system ItsPkiHttpSystem { // Local variables var Oct32 v_private_key; var Oct32 v_publicKeyX; var Oct32 v_publicKeyY; var Oct32 v_publicKeyCompressed; var integer v_compressedMode; var Oct32 v_hash_inner_ec_request_signed_for_pop; var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data; var HeaderLines v_headers; var HttpMessage v_response; var EtsiTs102941Data v_etsi_ts_102941_data; // Test control if (not PICS_IUT_EA_ROLE) { log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***"); setverdict(inconc); stop; } // Test component configuration f_cfHttpUp(); // Default value: CERT_TS_A_EA // Test adapter configuration // Preamble f_http_build_enrolment_request(v_private_key, v_publicKeyX, v_publicKeyY, v_publicKeyCompressed, v_compressedMode, v_ieee1609dot2_signed_and_encrypted_data, v_hash_inner_ec_request_signed_for_pop); f_init_default_headers_list(v_headers); httpPort.send( m_http_request( m_http_request_get( PICS_HTTP_GET_URI, v_headers, m_http_message_body_binary( m_binary_body_ieee1609dot2_data( v_ieee1609dot2_signed_and_encrypted_data ))))); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body tc_ac.start; alt { [] httpPort.receive( mw_http_response( mw_http_response_ok( mw_http_message_body_binary( mw_binary_body_ieee1609dot2_data( mw_enrolmentResponseMessage( mw_encryptedData( -, mw_SymmetricCiphertext_aes128ccm ))))))) -> value v_response { tc_ac.stop; if (f_verify_pki_message(vc_eaPrivateEncKey, vc_eaPeerWholeHash, vc_peerEaCertificate, v_response.response.body.binary_body.ieee1609dot2_data, false, v_etsi_ts_102941_data) == false) { log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***"); log("*** " & testcasename() & ": DEBUG: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_hash_inner_ec_request_signed_for_pop, 0, 16)))), " ***"); // TODO In TITAN, this is the oly way to get the unmatching in log if (match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_hash_inner_ec_request_signed_for_pop, 0, 16))))) { log("*** " & testcasename() & ": PASS: InnerEcResponse received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } else { log("*** " & testcasename() & ": FAIL: Unexpected message received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } } } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected message not received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); } } // End of 'alt' statement // Postamble f_cfHttpDown(); } // End of testcase TC_SEC_PKI_SND_EA_BV_03 /** * @desc If the ITS-S has been able to decrypt the content, this expected EtsiTs103097Data-Signed structure shall * contain hashId, tbsData, signer and signature. The hashId shall indicate the hash algorithm to be used as * specified in ETSI TS 103 097, the signer shall be declared as a digest, containing the HashedId8 of the * EA certificate and the signature over tbsData shall be computed using the EA private key corresponding to * its publicVerificationKey found in the referenced EA certificate. *
       * Pics Selection: 
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives an EnrolmentRequestMessage
       *         }
       *         then {
       *             the IUT sends an EtsiTs103097Data-Encrypted structure
       *                 containing an encrypted EtsiTs103097Data-Signed structure
       *                     containing hashId
       *                        indicating the hash algorithm to be used as specified in ETSI TS 103 097
       *                     and containing tbsData
       *                     and containing signer
       *                         declared as a digest
       *                             containing the HashedId8 of the EA certificate
       *                     and containing signature
       *                         computed over tbsData
       *                             using the EA private key
       *                                 corresponding to the publicVerificationKey found in the referenced EA certificate
       *         }
       *     }
       * 
* * @see ETSI TS ITS-00546v006 TP 25 * @reference ETSI TS 102 941, clause 6.2.3.2.2 */ testcase TC_SEC_PKI_SND_EA_BV_04() runs on ItsPkiHttp system ItsPkiHttpSystem { // Local variables var Oct32 v_private_key; var Oct32 v_publicKeyX; var Oct32 v_publicKeyY; var Oct32 v_publicKeyCompressed; var integer v_compressedMode; var Oct32 v_hash_inner_ec_request_signed_for_pop; var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data; var HeaderLines v_headers; var HttpMessage v_response; var EtsiTs102941Data v_etsi_ts_102941_data; // Test control if (not PICS_IUT_EA_ROLE) { log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***"); setverdict(inconc); stop; } // Test component configuration f_cfHttpUp(); // Default value: CERT_TS_A_EA // Test adapter configuration // Preamble f_http_build_enrolment_request(v_private_key, v_publicKeyX, v_publicKeyY, v_publicKeyCompressed, v_compressedMode, v_ieee1609dot2_signed_and_encrypted_data, v_hash_inner_ec_request_signed_for_pop); f_init_default_headers_list(v_headers); httpPort.send( m_http_request( m_http_request_get( PICS_HTTP_GET_URI, v_headers, m_http_message_body_binary( m_binary_body_ieee1609dot2_data( v_ieee1609dot2_signed_and_encrypted_data ))))); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body tc_ac.start; alt { [] httpPort.receive( mw_http_response( mw_http_response_ok( mw_http_message_body_binary( mw_binary_body_ieee1609dot2_data( mw_enrolmentResponseMessage( mw_encryptedData( -, mw_SymmetricCiphertext_aes128ccm ))))))) -> value v_response { tc_ac.stop; if (f_verify_pki_message(vc_eaPrivateEncKey, vc_eaPeerWholeHash, vc_peerEaCertificate, v_response.response.body.binary_body.ieee1609dot2_data, false, v_etsi_ts_102941_data) == false) { log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***"); log("*** " & testcasename() & ": DEBUG: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_hash_inner_ec_request_signed_for_pop, 0, 16)))), " ***"); // TODO In TITAN, this is the oly way to get the unmatching in log if (match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_hash_inner_ec_request_signed_for_pop, 0, 16))))) { if (f_verify_ea_certificate(v_etsi_ts_102941_data.content.enrolmentResponse.certificate, v_publicKeyCompressed, v_compressedMode)) { log("*** " & testcasename() & ": PASS: Well-secured EA certificate received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } else { log("*** " & testcasename() & ": FAIL: Cannot verify EA certificate signature ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } } else { log("*** " & testcasename() & ": FAIL: Unexpected message received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } } } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected message not received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); } } // End of 'alt' statement // Postamble f_cfHttpDown(); } // End of testcase TC_SEC_PKI_SND_EA_BV_04 /** * @desc Within the headerInfo of the tbsData, the psid shall be set to “secured certificate request” as assigned in * ETSI TS 102 965 and the generationTime shall be present. *
       * Pics Selection: 
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives an EnrolmentRequestMessage
       *         }
       *         then {
       *             the IUT sends an EtsiTs103097Data-Encrypted structure
       *                 containing an encrypted EtsiTs103097Data-Signed structure
       *                     containing tbsData
       *                         containing headerInfo
       *                             containing psid
       *                                 indicating AID_CERT_REQ
       *                             and containing generationTime
       *         }
       *     }
       * 
* * @see ETSI TS ITS-00546v006 TP 26 * @reference ETSI TS 102 941, clause 6.2.3.2.2 */ testcase TC_SEC_PKI_SND_EA_BV_05() runs on ItsPkiHttp system ItsPkiHttpSystem { // Local variables var Oct32 v_private_key; var Oct32 v_publicKeyX; var Oct32 v_publicKeyY; var Oct32 v_publicKeyCompressed; var integer v_compressedMode; var Oct32 v_hash_inner_ec_request_signed_for_pop; var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data; var HeaderLines v_headers; var HttpMessage v_response; var EtsiTs102941Data v_etsi_ts_102941_data; // Test control if (not PICS_IUT_EA_ROLE) { log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***"); setverdict(inconc); stop; } // Test component configuration f_cfHttpUp(); // Default value: CERT_TS_A_EA // Test adapter configuration // Preamble f_http_build_enrolment_request(v_private_key, v_publicKeyX, v_publicKeyY, v_publicKeyCompressed, v_compressedMode, v_ieee1609dot2_signed_and_encrypted_data, v_hash_inner_ec_request_signed_for_pop); f_init_default_headers_list(v_headers); httpPort.send( m_http_request( m_http_request_get( PICS_HTTP_GET_URI, v_headers, m_http_message_body_binary( m_binary_body_ieee1609dot2_data( v_ieee1609dot2_signed_and_encrypted_data ))))); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body tc_ac.start; alt { [] httpPort.receive( mw_http_response( mw_http_response_ok( mw_http_message_body_binary( mw_binary_body_ieee1609dot2_data( mw_enrolmentResponseMessage( mw_encryptedData( -, mw_SymmetricCiphertext_aes128ccm ))))))) -> value v_response { tc_ac.stop; if (f_verify_pki_message(vc_eaPrivateEncKey, vc_eaPeerWholeHash, vc_peerEaCertificate, v_response.response.body.binary_body.ieee1609dot2_data, false, v_etsi_ts_102941_data) == false) { log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***"); log("*** " & testcasename() & ": DEBUG: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_hash_inner_ec_request_signed_for_pop, 0, 16)))), " ***"); // TODO In TITAN, this is the oly way to get the unmatching in log if (match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_hash_inner_ec_request_signed_for_pop, 0, 16))))) { if (f_verify_ea_certificate(v_etsi_ts_102941_data.content.enrolmentResponse.certificate, v_publicKeyCompressed, v_compressedMode)) { log("*** " & testcasename() & ": PASS: Well-secured EA certificate received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } else { log("*** " & testcasename() & ": FAIL: Cannot verify EA certificate signature ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } } else { log("*** " & testcasename() & ": FAIL: Unexpected message received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } } } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected message not received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); } } // End of 'alt' statement // Postamble f_cfHttpDown(); } // End of testcase TC_SEC_PKI_SND_EA_BV_05 /** * @desc Within the headerInfo of the tbsData, aside from psid and generationTime, * all other components of the component tbsData.headerInfo not used and absent. *
       * Pics Selection: 
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives an EnrolmentRequestMessage
       *         }
       *         then {
       *             the IUT sends an EtsiTs103097Data-Encrypted structure
       *                 containing an encrypted EtsiTs103097Data-Signed structure
       *                     containing tbsData
       *                         containing headerInfo
       *                             containing psid
       *                             and containing generationTime
       *         }
       *     }
       * 
* * @see ETSI TS ITS-00546v006 TP 27 * @reference ETSI TS 102 941, clause 6.2.3.2.2 */ testcase TC_SEC_PKI_SND_EA_BV_06() runs on ItsPkiHttp system ItsPkiHttpSystem { // Local variables var Oct32 v_private_key; var Oct32 v_publicKeyX; var Oct32 v_publicKeyY; var Oct32 v_publicKeyCompressed; var integer v_compressedMode; var Oct32 v_hash_inner_ec_request_signed_for_pop; var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data; var HeaderLines v_headers; var HttpMessage v_response; var EtsiTs102941Data v_etsi_ts_102941_data; // Test control if (not PICS_IUT_EA_ROLE) { log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***"); setverdict(inconc); stop; } // Test component configuration f_cfHttpUp(); // Default value: CERT_TS_A_EA // Test adapter configuration // Preamble f_http_build_enrolment_request(v_private_key, v_publicKeyX, v_publicKeyY, v_publicKeyCompressed, v_compressedMode, v_ieee1609dot2_signed_and_encrypted_data, v_hash_inner_ec_request_signed_for_pop); f_init_default_headers_list(v_headers); httpPort.send( m_http_request( m_http_request_get( PICS_HTTP_GET_URI, v_headers, m_http_message_body_binary( m_binary_body_ieee1609dot2_data( v_ieee1609dot2_signed_and_encrypted_data ))))); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body tc_ac.start; alt { [] httpPort.receive( mw_http_response( mw_http_response_ok( mw_http_message_body_binary( mw_binary_body_ieee1609dot2_data( mw_enrolmentResponseMessage( mw_encryptedData( -, mw_SymmetricCiphertext_aes128ccm ))))))) -> value v_response { tc_ac.stop; if (f_verify_pki_message(vc_eaPrivateEncKey, vc_eaPeerWholeHash, vc_eaCertificate, v_response.response.body.binary_body.ieee1609dot2_data, false, v_etsi_ts_102941_data) == false) { log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***"); log("*** " & testcasename() & ": DEBUG: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_hash_inner_ec_request_signed_for_pop, 0, 16)))), " ***"); // TODO In TITAN, this is the oly way to get the unmatching in log if (match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_hash_inner_ec_request_signed_for_pop, 0, 16))))) { if (f_verify_ea_certificate(v_etsi_ts_102941_data.content.enrolmentResponse.certificate, v_publicKeyCompressed, v_compressedMode)) { log("*** " & testcasename() & ": PASS: Well-secured EA certificate received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } else { log("*** " & testcasename() & ": FAIL: Cannot verify EA certificate signature ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } } else { log("*** " & testcasename() & ": FAIL: Unexpected message received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } } } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected message not received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); } } // End of 'alt' statement // Postamble f_cfHttpDown(); } // End of testcase TC_SEC_PKI_SND_EA_BV_06 /** * @desc The EtsiTS102941Data shall contain the version set to v1 (integer value set to 1) * and the content set to InnerECResponse. *
       * Pics Selection: 
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives an EnrolmentRequestMessage
       *         }
       *         then {
       *             the IUT sends an EtsiTs103097Data-Encrypted structure
       *                 containing an encrypted EtsiTs103097Data-Signed structure
       *                     containing tbsData
       *                         containing EtsiTS102941Data
       *                             containing version
       *                                 indicating v1 (integer value set to 1)
       *         }
       *     }
       * 
* * @see ETSI TS ITS-00546v006 TP 28 * @reference ETSI TS 102 941, clause 6.2.3.2.2 */ testcase TC_SEC_PKI_SND_EA_BV_07() runs on ItsPkiHttp system ItsPkiHttpSystem { // Local variables var Oct32 v_private_key; var Oct32 v_publicKeyX; var Oct32 v_publicKeyY; var Oct32 v_publicKeyCompressed; var integer v_compressedMode; var Oct32 v_hash_inner_ec_request_signed_for_pop; var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data; var HeaderLines v_headers; var HttpMessage v_response; var EtsiTs102941Data v_etsi_ts_102941_data; // Test control if (not PICS_IUT_EA_ROLE) { log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***"); setverdict(inconc); stop; } // Test component configuration f_cfHttpUp(); // Default value: CERT_TS_A_EA // Test adapter configuration // Preamble f_http_build_enrolment_request(v_private_key, v_publicKeyX, v_publicKeyY, v_publicKeyCompressed, v_compressedMode, v_ieee1609dot2_signed_and_encrypted_data, v_hash_inner_ec_request_signed_for_pop); f_init_default_headers_list(v_headers); httpPort.send( m_http_request( m_http_request_get( PICS_HTTP_GET_URI, v_headers, m_http_message_body_binary( m_binary_body_ieee1609dot2_data( v_ieee1609dot2_signed_and_encrypted_data ))))); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body tc_ac.start; alt { [] httpPort.receive( mw_http_response( mw_http_response_ok( mw_http_message_body_binary( mw_binary_body_ieee1609dot2_data( mw_enrolmentResponseMessage( mw_encryptedData( -, mw_SymmetricCiphertext_aes128ccm ))))))) -> value v_response { tc_ac.stop; if (f_verify_pki_message(vc_eaPrivateEncKey, vc_eaPeerWholeHash, vc_eaCertificate, v_response.response.body.binary_body.ieee1609dot2_data, false, v_etsi_ts_102941_data) == false) { log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***"); log("*** " & testcasename() & ": DEBUG: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_hash_inner_ec_request_signed_for_pop, 0, 16)))), " ***"); // TODO In TITAN, this is the oly way to get the unmatching in log if (match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_hash_inner_ec_request_signed_for_pop, 0, 16))))) { log("*** " & testcasename() & ": PASS: Well-secured EA certificate received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } else { log("*** " & testcasename() & ": FAIL: Unexpected message received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } } } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected message not received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); } } // End of 'alt' statement // Postamble f_cfHttpDown(); } // End of testcase TC_SEC_PKI_SND_EA_BV_07 /** * @desc The InnerECResponse shall contain the requestHash, which is the left-most 16 octets of the SHA256 digest of the * EtsiTs103097Data - Signed structure received in the request and a responseCode indicating the result of the request. *
       * Pics Selection: 
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives an EnrolmentRequestMessage
       *         }
       *         then {
       *             the IUT sends an EtsiTs103097Data-Encrypted structure
       *                 containing an encrypted EtsiTs103097Data-Signed structure
       *                     containing tbsData
       *                         containing EtsiTS102941Data
       *                             containing requestHash
       *                                 indicating the left-most 16 octets of the SHA256 digest of the EtsiTs103097Data-Signed structure received in the request
       *                             and containing responseCode
       *         }
       *     }
       * 
* * @see ETSI TS ITS-00546v006 TP 29 * @reference ETSI TS 102 941, clause 6.2.3.2.2 */ testcase TC_SEC_PKI_SND_EA_BV_08() runs on ItsPkiHttp system ItsPkiHttpSystem { // Local variables var Oct32 v_private_key; var Oct32 v_publicKeyX; var Oct32 v_publicKeyY; var Oct32 v_publicKeyCompressed; var integer v_compressedMode; var Oct32 v_hash_inner_ec_request_signed_for_pop; var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data; var HeaderLines v_headers; var HttpMessage v_response; var EtsiTs102941Data v_etsi_ts_102941_data; // Test control if (not PICS_IUT_EA_ROLE) { log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***"); setverdict(inconc); stop; } // Test component configuration f_cfHttpUp(); // Default value: CERT_TS_A_EA // Test adapter configuration // Preamble f_http_build_enrolment_request(v_private_key, v_publicKeyX, v_publicKeyY, v_publicKeyCompressed, v_compressedMode, v_ieee1609dot2_signed_and_encrypted_data, v_hash_inner_ec_request_signed_for_pop); f_init_default_headers_list(v_headers); httpPort.send( m_http_request( m_http_request_get( PICS_HTTP_GET_URI, v_headers, m_http_message_body_binary( m_binary_body_ieee1609dot2_data( v_ieee1609dot2_signed_and_encrypted_data ))))); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body tc_ac.start; alt { [] httpPort.receive( mw_http_response( mw_http_response_ok( mw_http_message_body_binary( mw_binary_body_ieee1609dot2_data( mw_enrolmentResponseMessage( mw_encryptedData( -, mw_SymmetricCiphertext_aes128ccm ))))))) -> value v_response { tc_ac.stop; if (f_verify_pki_message(vc_eaPrivateEncKey, vc_eaPeerWholeHash, vc_eaCertificate, v_response.response.body.binary_body.ieee1609dot2_data, false, v_etsi_ts_102941_data) == false) { log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***"); log("*** " & testcasename() & ": DEBUG: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_hash_inner_ec_request_signed_for_pop, 0, 16)))), " ***"); // TODO In TITAN, this is the oly way to get the unmatching in log if (match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_hash_inner_ec_request_signed_for_pop, 0, 16))))) { log("*** " & testcasename() & ": PASS: Well-secured EA certificate received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } else { log("*** " & testcasename() & ": FAIL: Unexpected message received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } } } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected message not received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); } } // End of 'alt' statement // Postamble f_cfHttpDown(); } // End of testcase TC_SEC_PKI_SND_EA_BV_08 /** * @desc If the responseCode is 0, the InnerECResponse shall also contain an (enrolment) certificate. *
       * Pics Selection: 
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives an EnrolmentRequestMessage
       *         }
       *         then {
       *             the IUT sends an EtsiTs103097Data-Encrypted structure
       *                 containing an encrypted EtsiTs103097Data-Signed structure
       *                     containing tbsData
       *                         containing EtsiTS102941Data
       *                             containing InnerECResponse
       *                                 containing an enrolment certificate
       *         }
       *     }
       * 
* * @see ETSI TS ITS-00546v006 TP 30 * @reference ETSI TS 102 941, clause 6.2.3.2.2 */ testcase TC_SEC_PKI_SND_EA_BV_09() runs on ItsPkiHttp system ItsPkiHttpSystem { // Local variables var Oct32 v_private_key; var Oct32 v_publicKeyX; var Oct32 v_publicKeyY; var Oct32 v_publicKeyCompressed; var integer v_compressedMode; var Oct32 v_hash_inner_ec_request_signed_for_pop; var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data; var HeaderLines v_headers; var HttpMessage v_response; var EtsiTs102941Data v_etsi_ts_102941_data; // Test control if (not PICS_IUT_EA_ROLE) { log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***"); setverdict(inconc); stop; } // Test component configuration f_cfHttpUp(); // Default value: CERT_TS_A_EA // Test adapter configuration // Preamble f_http_build_enrolment_request(v_private_key, v_publicKeyX, v_publicKeyY, v_publicKeyCompressed, v_compressedMode, v_ieee1609dot2_signed_and_encrypted_data, v_hash_inner_ec_request_signed_for_pop); f_init_default_headers_list(v_headers); httpPort.send( m_http_request( m_http_request_get( PICS_HTTP_GET_URI, v_headers, m_http_message_body_binary( m_binary_body_ieee1609dot2_data( v_ieee1609dot2_signed_and_encrypted_data ))))); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body tc_ac.start; alt { [] httpPort.receive( mw_http_response( mw_http_response_ok( mw_http_message_body_binary( mw_binary_body_ieee1609dot2_data( mw_enrolmentResponseMessage( mw_encryptedData( -, mw_SymmetricCiphertext_aes128ccm ))))))) -> value v_response { tc_ac.stop; if (f_verify_pki_message(vc_eaPrivateEncKey, vc_eaPeerWholeHash, vc_eaCertificate, v_response.response.body.binary_body.ieee1609dot2_data, false, v_etsi_ts_102941_data) == false) { log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***"); log("*** " & testcasename() & ": DEBUG: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_hash_inner_ec_request_signed_for_pop, 0, 16)))), " ***"); // TODO In TITAN, this is the oly way to get the unmatching in log if (match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_hash_inner_ec_request_signed_for_pop, 0, 16))))) { log("*** " & testcasename() & ": PASS: Well-secured EA certificate received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } else { log("*** " & testcasename() & ": FAIL: Unexpected message received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } } } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected message not received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); } } // End of 'alt' statement // Postamble f_cfHttpDown(); } // End of testcase TC_SEC_PKI_SND_EA_BV_09 /** * @desc If the responseCode is 0, the InnerECResponse shall also contain an (enrolment) certificate. *
       * Pics Selection: 
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives an EnrolmentRequestMessage
       *         }
       *         then {
       *             the IUT sends an EtsiTs103097Data-Encrypted structure
       *                 containing an encrypted EtsiTs103097Data-Signed structure
       *                     containing tbsData
       *                         containing EtsiTS102941Data
       *                             containing InnerECResponse
       *                                 containing an enrolment certificate
       *         }
       *     }
       * 
* * @see ETSI TS ITS-00546v006 TP 31 * @reference ETSI TS 102 941, clause 6.2.3.2.2 */ testcase TC_SEC_PKI_SND_EA_BV_10() runs on ItsPkiHttp system ItsPkiHttpSystem { // Local variables var Oct32 v_private_key; var Oct32 v_publicKeyX; var Oct32 v_publicKeyY; var Oct32 v_publicKeyCompressed; var integer v_compressedMode; var Oct32 v_hash_inner_ec_request_signed_for_pop; var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data; var HeaderLines v_headers; var HttpMessage v_response; var EtsiTs102941Data v_etsi_ts_102941_data; // Test control if (not PICS_IUT_EA_ROLE) { log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***"); setverdict(inconc); stop; } // Test component configuration f_cfHttpUp(); // Default value: CERT_TS_A_EA // Test adapter configuration // Preamble f_http_build_invalid_enrolment_request(v_private_key, v_publicKeyX, v_publicKeyY, v_publicKeyCompressed, v_compressedMode, v_ieee1609dot2_signed_and_encrypted_data, v_hash_inner_ec_request_signed_for_pop); f_init_default_headers_list(v_headers); httpPort.send( m_http_request( m_http_request_get( PICS_HTTP_GET_URI, v_headers, m_http_message_body_binary( m_binary_body_ieee1609dot2_data( v_ieee1609dot2_signed_and_encrypted_data ))))); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body tc_ac.start; alt { [] httpPort.receive( mw_http_response( mw_http_response_ok( mw_http_message_body_binary( mw_binary_body_ieee1609dot2_data( mw_enrolmentResponseMessage( mw_encryptedData( -, mw_SymmetricCiphertext_aes128ccm ))))))) -> value v_response { tc_ac.stop; if (f_verify_pki_message(vc_eaPrivateEncKey, vc_eaPeerWholeHash, vc_eaCertificate, v_response.response.body.binary_body.ieee1609dot2_data, false, v_etsi_ts_102941_data) == false) { log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***"); if (match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ko))) { log("*** " & testcasename() & ": PASS: Well-secured EA certificate received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } else { log("*** " & testcasename() & ": FAIL: Unexpected message received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } } } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected message not received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); } } // End of 'alt' statement // Postamble f_cfHttpDown(); } // End of testcase TC_SEC_PKI_SND_EA_BV_10 } // End of group enrolment_response group authorization_vaidation_response { /** * @desc The AuthorizationValidationResponse message shall be sent by the EA to the AA across the interface * at reference point S4 in response to a received AuthorizationValidationRequest message *
       * Pics Selection: 
       * Initial conditions: 
       *     with {
       *         the IUT being in the "operational state"
       *     }
       * Expected behaviour:
       *     ensure that {
       *         when {
       *            the IUT receives a AuthorizationValidationRequest  message
       *         }
       *         then {
       *            the IUT sends a AuthorizationValidationResponse message
       *                across the reference point S4 to the AA
       *         }
       *     }
       * 
* * @see ETSI TS ITS-00546v006 TP AuthValRes_1_EA * @reference ETSI TS 102 941, clause 6.2.3.4 */ testcase TC_SEC_PKI_SND_EA_BV_11() runs on ItsPki system ItsPkiSystem { // Local variables var Oct32 v_private_key; var Oct32 v_publicKeyX; var Oct32 v_publicKeyY; var Oct32 v_publicKeyCompressed; var Oct32 v_private_enc_key; var Oct32 v_publicEncKeyX; var Oct32 v_publicEncKeyY; var Oct32 v_publicEncKeyCompressed; var integer v_compressedMode; var InnerEcRequest v_inner_ec_request; var Certificate v_ec_certificate; var InnerAtRequest v_inner_at_request; var Ieee1609Dot2Data v_inner_at_request_data; var AuthorizationValidationRequest v_authorization_validation_request; // Test control if (not PICS_IUT_EA_ROLE) { log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***"); setverdict(inconc); stop; } // Test component configuration LibItsPki_Functions.f_cfUp(); // Test adapter configuration // Preamble f_generate_inner_ec_request(v_private_key, v_publicKeyX, v_publicKeyY, v_publicKeyCompressed, v_compressedMode, v_inner_ec_request); /*if (f_generate_inner_ec_request(v_private_key, v_publicKeyX, v_publicKeyY, v_publicKeyCompressed, v_compressedMode, v_inner_ec_request) == false) { log("*** " & testcasename() & ": FAIL: Failed to setup InnerEcRequest message ***") f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_error); stop; }*/ if (f_generate_ec_certificate(v_private_key, v_inner_ec_request, v_ec_certificate) == false) { log("*** " & testcasename() & ": FAIL: Failed to generate EC certificate ***") f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_error); stop; } if (f_generate_inner_at_request(v_ec_certificate, v_private_key, vc_eaCertificate, vc_eaHashedId8, true, v_private_enc_key, v_publicEncKeyX, v_publicEncKeyY, v_publicEncKeyCompressed, v_compressedMode, v_inner_at_request, v_inner_at_request_data) == false) { log("*** " & testcasename() & ": FAIL: Failed to setup InnerAtRequest message ***") f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_error); stop; } if (f_generate_authorization_validation_request(v_inner_at_request, v_ec_certificate, v_authorization_validation_request) == false) { log("*** " & testcasename() & ": FAIL: Failed to setup AuthorisationValidationRequest message ***") f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_error); stop; } f_sendAcPkiPrimitive(v_private_key, v_publicKeyCompressed, v_compressedMode); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body pkiPort.send(v_authorization_validation_request); tc_ac.start; alt { [] pkiPort.receive( mw_authorizationValidationResponse_ok ) { tc_ac.stop; log("*** " & testcasename() & ": PASS: AuthorizationValidationResponse received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected message not received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); } } // End of 'alt' statement // Postamble LibItsPki_Functions.f_cfDown(); } // End of testcase TC_SEC_PKI_SND_EA_BV_11 } // End of group authorization_vaidation_response } // End of group ea_behavior group aa_behavior { } // End of group aa_beavior } // End of module ItsPki_TestCases