# ETSI ITS protocols project ## General Information This repositories contains the test specifications and test adapter code for ETSI ITS protocols testing. ETSI ITS protocols project supports: - ETSI EN 302 637-2: "Intelligent Transport Systems (ITS); Vehicular Communications; Basic Set of Applications; Part 2: Specification of Cooperative Awareness Basic Service" - ETSI EN 102 637-3: "Intelligent Transport Systems (ITS); Vehicular Communications; Basic Set of Applications; Part 3: Specifications of Decentralized Environmental Notification Basic Service" - ETSI TS 103 301: "Intelligent Transport Systems (ITS); Vehicular Communications; Basic Set of Applications; Facilities layer protocols and communication requirements for infrastructure services" - EN 302 636-5-1: "Intelligent Transport Systems (ITS); Vehicular Communications; GeoNetworking; Part 5: Transport Protocols; Sub-part 1: Basic Transport Protocol" - EN 302 636-4-1: "Intelligent Transport Systems (ITS); Vehicular Communications; GeoNetworking; Part 4: Geographical addressing and forwarding for point-to-point and point-to-multipoint communications; Sub-part 1: Media-Independent Functionality" In addition, it also support ITS Security as define by: - ETSI TS 103 940: "Intelligent Transport Systems (ITS); Security; Security Architecture and Management". - ETSI TS 103 097: "Intelligent Transport Systems (ITS); Security; Security header and certificate formats". - ETSI TS 102 941: "Intelligent Transport Systems (ITS); Security; Trust and Privacy Management technical specification" - IEEE Std 1609.2™-2016: "IEEE Standard for Wireless Access in Vehicular Environments –Security Services for Applications and Management Messages" - IEEE Std 1609.2a™-2017: "Standard for Wireless Access In Vehicular Environments – Security Services for Applications and Management Messages Amendment 1". Contact information Email at cti_support at etsi dot org License Unless specified otherwise, the content of this repository and the files contained are released under the ETSI Software License. See the attached LICENSE file or visit https://forge.etsi.org/etsi-software-license ## STFs The following STFs were or are currently involved in the evolutions of the ETSI ITS protocols project: - STF 405, STF 422, STF 424, STF 455, STF 462, STF 481, STF 484, STF 507, STF 517, STF 525, STF 538, STF 545, TTF T0002 ## Installation The ETSI ITS protocols project builds and tests regularly on the following platforms: - Linux (Ubuntu) - Windows ([Cygwin x64](https://cygwin.com/install.html), [Npcap SDK x64](https://nmap.org/npcap/#download) and [OpenSSL-Windows x64](https://www.openssl.org) are required) Note: The [OpenSSL](https://www.openssl.org) version >= 1.1.1 is also required. ### How to do it? They are three different methods: - Using [Vagrant](https://www.vagrantup.com/) - Using [Docker](https://www.docker.com/) - Using [Eclipse TITAN on Windows or Linux](https://projects.eclipse.org/projects/tools.titan/downloads) How to choose one of these methods is depending of your host system. NOTE: In all case, if you want to setup an continuous integration process (e.g. Jenkins), Docker is the best choice. #### The host system is Windows The both methods require a virtual machine. You can use either VirtualBox or WMware. In this case, the easiest way is to use Vagrant. #### The host system is Linux Vagrant requires a virtual machine. You can use either VirtualBox or WMware. Docker does not need a virtual machine, so it is the more efficant way. #### Using Vagrant Pre-requisites on your host machine: - Install [Virtualbox](https://www.virtualbox.org/manual/ch01.html) - Install [Vagrant](https://www.vagrantup.com/intro/getting-started/) - Install Vagrant plugin vagrant-vbguest - Credentials to access [ETSI forge](https://forge.etsi.org/gitlab/users/sign_in) - Set the environment variable USERNAME to your ETSI EOL account user name - Set the environment variable PASSWORD to your ETSI EOL account password Procedure: - On your host machine, open a command line session (PuTTY, DOS window...) - From the ETSI ITS protocols project, clone the Vagrant folder - In the file Vagrantfile, modify the tag config.vm.provision replacing & strings by your ETSI credentials - In the Vagrant folder, execute the following commands: ```sh $ vagrant up --provider virtualbox --provision ... ``` NOTE The creation and the installations will take some time to achieve - Stop vagrant virtual machine ```sh $ vagrant halt ... ``` - Update the file 'Vagrantfile' to match with your networks configuration - Re-start the vagrant virtual machine and log to to the machine ```sh $ vagrant up ... $ vagrant ssh ``` - Switch to the next clause (Usage) NOTE The user password is vagrant. ### Using Docker Pre-requisites on your host machine: - Install Virtualbox (For Windows host only) - Install Docker Procedure for a Windows host machine: - On your host machine, open a the Docker Quickstart Terminal and change to a working folder such as ./temp/docker_its Procedure for a Linux host machine: - On your host machine, open a terminal and change to a working folder such as $HOME/temp/docker_its On your host machine, download the following items from ETSI ITS protocols project: - The docker folder - The .jenkins.sh script file (hidden file) and add the execution rights on it - Check the rights of the script files and the folders From the your current directory, execute the following commands: ```sh $ ./.jenkins.sh ... ``` NOTE The creation and the installations will take some time to achieve - Start the container ```sh $ ./docker/run-container.sh ... ``` - Switch to the next clause (Usage) #### From scratch Pre-requisites: - Install Virtualbox Procedure: - Install a new Linux Virtual machine (Mint, Debian...) - Update your system with the latest version of kernel and security packages - Install the following packages (According to the Linux chosen, the package naming can be different) autoconf bison build-essential cmake curl dos2unix doxygen emacs expect flex g++:latest gcc:latest graphviz gdb git-core gnutls-bin libglib2.0-dev libpcap-dev libgcrypt-dev libncurses5-dev libjsoncpp-dev libssl-dev libtool-bin libtool libwireshark-dev libxml2-dev lsof ntp pkg-config qt5-default qtmultimedia5-dev libqt5svg5-dev subversion sudo sshpass tcpdump texlive-font-utils tshark valgrind vim vsftpd xutils-dev tree tzdata unzip wget xsltproc - In your home directory, create the following folders: - $HOME/frameworks, - $HOME/dev - $HOME/lib - In $HOME/frameworks, build the following package: - asn1c, according the procedure specified [here](https://github.com/vlm/asn1c.git) - Eclipse IDE for C/C++ Developers, according the procedure specified [here](https://www.eclipse.org/cdt/) - TITAN, according the procedure specified [here](https://github.com/eclipse/titan.core) - Import the TITAN plugin into your Eclipse IDE, according the procedure specified [here](https://github.com/eclipse/titan.core) - Clone the ETSI ITS protocols project into $HOME/dev folder ```sh $ git clone git clone --recurse-submodules -b TTF0002_Its --single-branch https://forge.etsi.org/gitlab/ITS/ITS.git ./TTF0002_Its ``` - Update your default environment with the content of the script $HOME/dev/TTF0002_Its/scripts/devenv.bash.ubuntu - Switch to the next clause (Usage) #### Using Eclipse TITAN When cloning the ETSI ITS project, you can find two specific files: - TTF0002.tpd - TTF0002_Linux.tpd These two files are used create the ETSI ITS project workspace on Eclipse TITAN. To do it, please follow the steps below: - Start eclipse using a new workspace, (e.g. with the name workspace_titan) - Select the menu option File/import - In the Dialog box,select TITAN/Project from .tpd file - Select the correct TTF0002 .tpd file and follow the instructions NOTE: When the Eclipse TITAN workspace is created, you have to build manually the librairy 'libasn1c.so' following the commands below: ```sh $ cd /TTF0002 $ mkdir -p ./bin/asn1 $ cd ./bin/asn1 $ make CC=gcc -f ../../asn1/Makefile $ rm *.cc # To prevent TITAN to import these .cc source files into our project ``` ## Usage This clause describes how to compile and execute an Abstract Test Suite. The procedures below illustrate how to run the CAM test suite. The same procedures will apply for any other ETSI ITS test suite. Pre-requisites: - Your machine is installed following one of the installation method describes in the previous clause - Refer to the ETSI TS 103 099 for the description of the Test System architecture and configuration - Your are logged as 'etsi' or 'vagrant' user - Procedure using TITAN command line (only): - Open several SSH session (PuTTY...) - Change to the directory ~/dev/TTF0002_Its/ - Modify the file config.mk according to your system: - On Linux, comment all the lines using the '#' character - On Windows, update the path accordingly - Build the test suite AtsCAM using the following command: ```sh $ export ATS=AtsCAM # The Abstract Test Suite you wnat to build, such as AtsDENM, AtsSecurity... $ make ... ``` - Edit the file ../etc/AtsCAM.cfg - Update the following fields (see ETSI TS 103 099 for details): - system.camPort.params - system.utPort.params - To run the test suitem, execute the following command: ```sh $ cd ~/dev/TTF0002_Its/scripts $ ../run_all.bash ... ``` - The log files are located in ../logs/AtsCAM folder for this example. You can edit them using any editor or using the Eclipse TITAN log plugins ## How to generate ITS test certificates The Test System includes a tool, asn1certgen, to generate ITS test certificates used for Conformance Testing. This tool is located in the folder '~/dev/TTF0002_Its/tools/itscertgen/'. Note: These certificates can not be used in a true architectures, there are present only for testing and/or debug purposes. ### Build the tool 'asn1certgen' to generate new certificates bundle To build the tool, run the 'make' command in each of the following folders: - cshared - cxml - checker - asn1certgen ### Generate the certificates After applying the previous clause, change to the folder '~/dev/TTF0002_Its/data/v3' and execute 'make' command: ``` $ cd ~/dev/TTF0002_Its/data/v3 $ make ``` The certificates will be located in the folder '~/dev/TTF0002_Its/data/v3/certificates'. To use this newly generated certificates, you shall update two parameters located in the TTCN-3 file LibItsSecurity_Pixits. These are: - LibItsSecurity_Pixits.PX_CERTIFICATE_POOL_PATH, which is the path the certificates folder (e.g. LibItsSecurity_Pixits.PX_CERTIFICATE_POOL_PATH := "/home//tmp") - LibItsSecurity_Pixits.PX_IUT_SEC_CONFIG_NAME, which is the name of the certificates folder (e.g. LibItsSecurity_Pixits.PX_IUT_SEC_CONFIG_NAME := "asn1c_cert") ### Modify or create new certificates The folder '~/dev/TTF0002_Its/data/v3/profiles' contains an XML file for each certificate to be generated. This XML file describes the certificate content (e.g. CERT_IUT_A_RCA.xml describes the root certificate for all CERT_IUT_A certificates). By modifying these files, you can change create new certificate with different geographical area, different validity periods or different SSPs. To re-generates the certificates, refer to the previous clause. ## Security Test suites configurations The security Test suites configurations depends of the Test suite to be executed. ### ITS Protocol Test suites for Facilities layer These are the ITS Test suites such as AtsCAM (102 868-x) , AtsDENM (102 869-x) or IVI (103 191-x) Test suites. These Test suite can be executed againt an ITS device configured to use Security. In this cases, the following parameters shall be modified to match the ITS device configuration: - PICS_IS_IUT_SECURED=true which indicates that the ITS device under test is secured In addition, the Test System shall be configured to support the security modifying the following settings as described below: - device_mode=1 - secured_mode=1 - sec_db_path=/home//dev/TTF0002_Its/data/v3/certificates ### ITS Protocol Test suites for Transport layer This is the AtsGeoNetworking Test suite (ETSI TS 102 871-x) which required more specific configuration (ETSI EN 302 636-4-1). In this cases, the following parameters shall be modified to match the ITS device configuration: - PICS_GN_SECURITY=false, which indicate the GeoNetworking Test Suite does not manage ITS Security protocol - PICS_IS_IUT_SECURED=true, which indicates that the ITS device under test is secured In addition, the Test System shall be configured to support the security modifying the following settings as described below: - device_mode=1 - secured_mode=1 - sec_db_path=/home//dev/TTF0002_Its/data/v3/certificates ### ITS Protocol Test suites for Security This clause is relative to the AtsSecurity (ETSI TS 103 096-x) Test suite which are focused on ITS Security protocol (ETSI TS 103 097). In this cases, the following parameters shall be modified to match the ITS device configuration: - PICS_GN_SECURITY=true, which indicate the GeoNetworking Test Suite manages ITS Security protocol - PICS_IS_IUT_SECURED=false In addition, the Test System shall be configured to support the security modifying the following settings as described below: - device_mode=0 - secured_mode=0 - its_aid=36 for CAM or 37 for DENM ### ITS Protocol Test suites for Security/PKI This clause is relative to the AtsPki (ETSI TR 103 525-x) Test suite which are focused on ITS PKI Security protocol (ETSI TS 102 941). In this cases, the following parameters shall be modified according to the considered group of tests: - For all tests focused on ITS device enrolment: - PICS_GN_SECURITY=true, which indicate the GeoNetworking Test Suite manages ITS Security protocol - PICS_IS_IUT_SECURED=false - HTTP_P_PL_ACT_AS_SERVER=true - PICS_TS_EA_CERTIFICATE_ID=CERT_TS_A_EA - PICS_MULTIPLE_END_POINT=false - PICS_IUT_ITS_S_ROLE=true - For all tests focused on PKI: - HTTP_P_PL_ACT_AS_SERVER=true - PICS_TS_EA_CERTIFICATE_ID=CERT_pki certificate_EA - PICS_MULTIPLE_END_POINT=true In addition, the Test System shall be configured to support the security modifying the following settings as described below: - device_mode=0 - secured_mode=0 ## Wireshark with support of ETSI ITS Protocols The official version of Wireshark, supporting ETSI ITS Protocols, is available [here](https://www.wireshark.org/download.html). Some sample capture files are available [here](https://wiki.wireshark.org/SampleCaptures). ## How to Report a Bug The ETSI ITS protocols project is under constant development, so it is possible that you will encounter a bug while using it. Please report bugs at cti_support at etsi dot org.