/** * @Author ETSI / STF545 * @version $URL$ * $Id$ * @desc Testcases file for Security Protocol * @reference ETSI TS ITS-00546v006 * @copyright ETSI Copyright Notification * No part may be reproduced except as authorized by written permission. * The copyright and the foregoing restriction extend to reproduction in all media. * All rights reserved. */ module ItsPki_TestCases { // Libcommon import from LibCommon_Time all; import from LibCommon_VerdictControl all; import from LibCommon_Sync all; import from LibCommon_BasicTypesAndValues all; import from LibCommon_DataStrings all; // LibIts import from IEEE1609dot2BaseTypes language "ASN.1:1997" all; import from IEEE1609dot2 language "ASN.1:1997" all; import from EtsiTs102941BaseTypes language "ASN.1:1997" all; import from EtsiTs102941TypesEnrolment language "ASN.1:1997" all; import from EtsiTs102941TypesAuthorization language "ASN.1:1997" all; import from EtsiTs102941TypesAuthorizationValidation language "ASN.1:1997" all; import from EtsiTs102941MessagesCa language "ASN.1:1997" all; import from EtsiTs103097Module language "ASN.1:1997" all; import from ITS_Container language "ASN.1:1997" all; import from CAM_PDU_Descriptions language "ASN.1:1997" all; // LibItsCommon import from LibItsCommon_TypesAndValues all; import from LibItsCommon_Functions all; import from LibItsCommon_TypesAndValues all; import from LibItsCommon_ASN1_NamedNumbers all; // LibItsGeoNetworking import from LibItsGeoNetworking_TypesAndValues all; import from LibItsGeoNetworking_Functions all; import from LibItsGeoNetworking_Templates all; import from LibItsGeoNetworking_Pics all; import from LibItsGeoNetworking_TestSystem all; // LibItsSecurity import from LibItsSecurity_TypesAndValues all; import from LibItsSecurity_TestSystem all; import from LibItsSecurity_Templates all; import from LibItsSecurity_Functions all; import from LibItsSecurity_Pixits all; import from LibItsSecurity_Pics all; // LibItsHttp import from LibItsHttp_TypesAndValues all; import from LibItsHttp_Templates all; import from LibItsHttp_BinaryTemplates all; import from LibItsHttp_Functions all; import from LibItsHttp_TestSystem all; // LibItsPki import from LibItsPki_Templates all; import from LibItsPki_Functions all; import from LibItsPki_TestSystem all; import from LibItsPki_Pics all; import from LibItsPki_Pixits all; /** * @desc 5.2 ITS-S behaviour */ group itss_behavior { group itss_enrolment_request { /** * @desc Check that IUT sends an enrolment request when triggered. *
       * Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT
       * Initial conditions: 
       *     with {
       *         the IUT being in the "initial state"
       *     }
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT is triggered to requested a new Enrolment Certificate (EC)
       *         }
       *         then {
       *             the IUT sends to EA an EnrolmentRequestMessage
       *         }
       *     }
       * 
* * @see ETSI TS 103 525-2 v0.0.10 SECPKI_ITSS_ENR_01_BV * @reference ETSI TS 102 941 [2], clause 6.1.3 */ testcase TC_SECPKI_ITSS_ENR_01_BV() runs on ItsMtc /*system ItsPkiItssSystem*/ { // Local variables var Oct32 v_private_key; var Oct32 v_public_key_x; var Oct32 v_public_key_y; var Oct32 v_public_compressed_key; var integer v_compressed_mode; var ItsPkiItss v_itss; var ItsPkiHttp v_ea; // Test control if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_ENROLMENT) { log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT required for executing the TC ***"); setverdict(inconc); stop; } // Test component configuration f_cfMtcUp(v_itss, v_ea); // Generate private/public keys if (f_generate_key_pair_nistp256(v_private_key, v_public_key_x, v_public_key_y, v_public_compressed_key, v_compressed_mode) == false) { log("*** " & testcasename() & ": FAIL: Failed to setup InnerEcRequest message ***") setverdict(inconc); stop; } // Start component v_itss.start(f_TC_SECPKI_ITSS_ENR_01_BV_itss(cc_taCert_A, v_private_key, v_public_compressed_key, v_compressed_mode)); v_ea.start(f_TC_SECPKI_ITSS_ENR_01_BV_pki(cc_taCert_A, v_private_key, v_public_compressed_key, v_compressed_mode)); // Synchronization f_serverSync2ClientsAndStop({c_prDone, c_tbDone}); // Cleanup f_cfMtcDown(v_itss, v_ea); } // End of testcase TC_SECPKI_ITSS_ENR_01_BV group f_TC_SECPKI_ITSS_ENR_01_BV { function f_TC_SECPKI_ITSS_ENR_01_BV_itss( in charstring p_certificate_id, in octetstring p_private_key, in octetstring p_publicKeyCompressed, in integer p_compressed_mode ) runs on ItsPkiItss /*system ItsPkiItssSystem*/ { // Local variables // Test component configuration vc_hashedId8ToBeUsed := PX_IUT_DEFAULT_CERTIFICATE; f_cfUp_itss(); // Test adapter configuration // Preamble f_sendUtTriggerPrimitive(PICS_ITS_S_CANONICAL_ID, '00'O, p_private_key, p_publicKeyCompressed, p_compressed_mode); f_selfOrClientSyncAndVerdict(c_prDone, e_success); // Test Body f_selfOrClientSyncAndVerdict(c_tbDone, e_success); // Postamble f_cfDown_itss(); } // End of function f_TC_SECPKI_ITSS_ENR_01_BV_itss function f_TC_SECPKI_ITSS_ENR_01_BV_pki( in charstring p_certificate_id, in octetstring p_private_key, in octetstring p_publicKeyCompressed, in integer p_compressed_mode ) runs on ItsPkiHttp /*system ItsPkiHttpSystem*/ { // Local variable var HeaderLines v_headers; var HttpMessage v_request; var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data; var boolean v_send_response := true; // Test component configuration f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID); // Test adapter configuration // Preamble f_init_default_headers_list(-, "inner_ec_response", v_headers); f_selfOrClientSyncAndVerdict(c_prDone, e_success); // Test Body tc_ac.start; alt { [not(PICS_MULTIPLE_END_POINT)] httpPort.receive( mw_http_request( mw_http_request_post( PICS_HTTP_POST_URI, -, mw_http_message_body_binary( mw_binary_body_ieee1609dot2_data( mw_enrolmentRequestMessage( mw_encryptedData( -, mw_SymmetricCiphertext_aes128ccm ))))))) -> value v_request { var EtsiTs102941Data v_etsi_ts_102941_data; var Oct16 v_request_hash; var Oct16 v_aes_enc_key; var InnerEcRequest v_inner_ec_request; tc_ac.stop; if (f_verify_pki_request_message(vc_eaPrivateEncKey, vc_eaWholeHash/*salt*/, vc_eaWholeHash, v_request.request.body.binary_body.ieee1609dot2_data, false, v_request_hash, v_etsi_ts_102941_data, v_aes_enc_key) == false) { log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***"); f_selfOrClientSyncAndVerdict(c_tbDone, e_error); } else { v_send_response := false; // FIXME Bug in the ETSI TS 102 941, if message cannot be decrypted, cannot send encrypted response :D log("*** " & testcasename() & ": DEBUG: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentRequest(mw_innerEcRequestSignedForPop(mw_signedData))), " ***"); // TODO In TITAN, this is the only way to get the unmatching in log if (match(v_etsi_ts_102941_data.content, mw_enrolmentRequest(mw_innerEcRequestSignedForPop(mw_signedData)))) { // Verify signature of mw_innerEcRequestSignedForPop if (f_verify_inner_ec_request_signed_for_pop(v_etsi_ts_102941_data, v_inner_ec_request) == false) { f_http_build_inner_ec_response(v_inner_ec_request, cantparse, v_request_hash, -, -, v_aes_enc_key, v_ieee1609dot2_signed_and_encrypted_data); log("*** " & testcasename() & ": FAIL: Failed to verify InnerEcResponseSignedForPop message ***"); f_selfOrClientSyncAndVerdict(c_tbDone, e_error); } else { log("*** " & testcasename() & ": DEBUG: match ", match(v_inner_ec_request, mw_innerEcRequest), " ***"); // TODO In TITAN, this is the only way to get the unmatching in log if (match(v_inner_ec_request, mw_innerEcRequest)) { log("*** " & testcasename() & ": LOG: Receive ", v_inner_ec_request, " ***"); f_http_build_inner_ec_response(v_inner_ec_request, ok, v_request_hash, '3E4CAB36D3BCB08A838CECBE0AACD1AE1EB2C4E60896AB23B88CE14568AE16EF'O,//TODO vc_eaPrivateKey, waiting for new certificates 'B8B3E88138D442B34CFC7F9C1DB5F825D372344931CBD67CE033CA4219D70BF6'O, //TODO vc_eaHash, waiting for new certificates v_aes_enc_key, v_ieee1609dot2_signed_and_encrypted_data); log("*** " & testcasename() & ": PASS: InnerEcRequest received ***"); f_selfOrClientSyncAndVerdict(c_tbDone, e_success); } else { f_http_build_inner_ec_response(v_inner_ec_request, cantparse, v_request_hash, -, -, v_aes_enc_key, v_ieee1609dot2_signed_and_encrypted_data); log("*** " & testcasename() & ": FAIL: Unexpected message received ***"); f_selfOrClientSyncAndVerdict(c_tbDone, e_error); } } } else { f_http_build_inner_ec_response(v_inner_ec_request, cantparse, v_request_hash, -, -, v_aes_enc_key, v_ieee1609dot2_signed_and_encrypted_data); log("*** " & testcasename() & ": FAIL: Unexpected message received ***"); f_selfOrClientSyncAndVerdict(c_tbDone, e_error); } } } [] tc_ac.timeout { v_send_response := false; log("*** " & testcasename() & ": INCONC: Expected message not received ***"); f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout); } } // End of 'alt' statement // Postamble // Send response if (v_send_response == true) { httpPort.send( m_http_response( m_http_response_ok( m_http_message_body_binary( m_binary_body_ieee1609dot2_data( v_ieee1609dot2_signed_and_encrypted_data )), v_headers ))); } f_cfHttpDown(); } // End of function f_TC_SECPKI_ITSS_ENR_01_BV_pki } // End of group f_TC_SECPKI_ITSS_ENR_01_BV /** * @desc If the enrolment request of the IUT is an initial enrolment request, the itsId * (contained in the InnerECRequest) shall be set to the canonical identifier, the * signer (contained in the outer EtsiTs1030971Data-Signed) shall be set to self and * the outer signature shall be computed using the canonical private key. *
       * Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT is requested to send an EnrolmentRequestMessage
       *         }
       *         then {
       *             the IUT sends an EtsiTs103097Data-Encrypted
       *                 containing an encrypted EtsiTs103097Data-Signed
       *                     containing EtsiTs103097Data
       *                          containing InnerECRequestSignedForPOP
       *                             containing InnerEcRequest
       *                                 containing itsId
       *                                     indicating the canonical identifier of the ITS-S 
       *                 and containing signer
       *                     declared as self
       *                 and containing signature 
       *                     computed using the canonical private key
       *         }
       *     }
       * 
* * @see ETSI TS 103 525-2 v0.0.10 SECPKI_ITSS_ENR_02_BV * @reference ETSI TS 102 941, clause 6.1.3 */ testcase TC_SECPKI_ITSS_ENR_02_BV() runs on ItsMtc /*system ItsPkiItssSystem*/ { // Local variables var Oct32 v_private_key; var Oct32 v_public_key_x; var Oct32 v_public_key_y; var Oct32 v_public_compressed_key; var integer v_compressed_mode; var ItsPkiItss v_itss; var ItsPkiHttp v_ea; // Test control if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_ENROLMENT) { log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT required for executing the TC ***"); setverdict(inconc); stop; } // Test component configuration if (f_generate_key_pair_nistp256(v_private_key, v_public_key_x, v_public_key_y, v_public_compressed_key, v_compressed_mode) == false) { log("*** " & testcasename() & ": FAIL: Failed to setup InnerEcRequest message ***") setverdict(inconc); stop; } v_itss.start(f_TC_SECPKI_ITSS_ENR_02_BV_itss(cc_taCert_A, v_private_key, v_public_compressed_key, v_compressed_mode)); v_ea.start(f_TC_SECPKI_ITSS_ENR_02_BV_pki(cc_taCert_A, v_private_key, v_public_compressed_key, v_compressed_mode)); // Synchronization f_serverSync2ClientsAndStop({c_prDone, c_tbDone, c_poDone}); // Cleanup } // End of TC_SECPKI_ITSS_ENR_02_BV group f_TC_SECPKI_ITSS_ENR_02_BV { function f_TC_SECPKI_ITSS_ENR_02_BV_itss( in charstring p_certificate_id, in octetstring p_private_key, in octetstring p_publicKeyCompressed, in integer p_compressed_mode ) runs on ItsPkiItss /*system ItsPkiItssSystem*/ { // Local variables // Test component configuration f_cfUp_itss(); // Test adapter configuration // Preamble f_sendUtTriggerPrimitive(PICS_ITS_S_CANONICAL_ID, '00'O, p_private_key, p_publicKeyCompressed, p_compressed_mode); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); // Postamble f_cfDown_itss(); } // End of function f_TC_SECPKI_ITSS_ENR_02_BV_itss function f_TC_SECPKI_ITSS_ENR_02_BV_pki( in charstring p_certificate_id, in octetstring p_private_key, in octetstring p_publicKeyCompressed, in integer p_compressed_mode ) runs on ItsPkiHttp /*system ItsPkiHttpSystem*/ { // Local variable var HttpMessage v_response; var EtsiTs102941Data v_etsi_ts_102941_data; var InnerEcRequest v_inner_ec_request; // Test component configuration f_cfHttpUp(); // Test adapter configuration // Preamble f_selfOrClientSyncAndVerdictTestBody(c_prDone, e_success); // Test Body tc_ac.start; alt { [not(PICS_MULTIPLE_END_POINT)] httpPort.receive( mw_http_response( mw_http_response_ok( mw_http_message_body_binary( mw_binary_body_ieee1609dot2_data( mw_enrolmentRequestMessage( mw_encryptedData( -, mw_SymmetricCiphertext_aes128ccm ))))))) -> value v_response { tc_ac.stop; /*if (f_verify_pki_response_message(vc_eaPrivateEncKey, int2oct(0, 32), v_response.response.body.binary_body.ieee1609dot2_data, false, v_etsi_ts_102941_data) == false) { log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***"); log("*** " & testcasename() & ": DEBUG: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentRequest(mw_innerEcRequestSignedForPop(mw_signedData))), " ***"); // TODO In TITAN, this is the only way to get the unmatching in log if (match(v_etsi_ts_102941_data.content, mw_enrolmentRequest(mw_innerEcRequestSignedForPop(mw_signedData)))) { // TODO Verify signature of mw_innerEcRequestSignedForPop log("*** " & testcasename() & ": PASS: InnerEcRequestSignedForPop received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } else { log("*** " & testcasename() & ": FAIL: Unexpected message received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } }*/ } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected message not received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); } } // End of 'alt' statement // Postamble f_cfHttpDown(); } // End of function f_TC_SECPKI_ITSS_ENR_02_BV_pki } // End of f_TC_SECPKI_ITSS_ENR_02_BV /** * @desc In presence of a valid EC, the enrolment request of the IUT is a rekeying enrolment request with the itsId (contained in the InnerECRequest) and the SignerIdentifier (contained in the outer EtsiTs1030971Data-Signed) both declared as digest containing the HashedId8 of the EC and the outer signature computed using the current valid EC private key corresponding to the verification public key. *
       * Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT and PICS_SECPKI_REENROLMENT
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT is requested to send an EnrolmentRequestMessage
       *         }
       *         then {
       *             the IUT sends an EtsiTs103097Data-Encrypted
       *                 containing an encrypted EtsiTs103097Data-Signed
       *                     containing EtsiTs103097Data
       *                          containing InnerECRequestSignedForPOP
       *                             containing InnerEcRequest
       *                                 containing itsId
       *                                     declared as digest containing the HashedId8 of the EC identifier
       *                 and containing signer
       *                     declared as digest containing the HashedId8 of the EC identifier 
       *                 and containing signature 
       *                     computed using the current valid EC private key corresponding to the verification public key
       *         }
       *     }
       * 
* * @see ETSI TS 103 525-2 v0.0.10 SECPKI_ITSS_ENR_03_BV * @reference ETSI TS 102 941, clause 6.1.3 */ testcase TC_SECPKI_ITSS_ENR_03_BV() runs on ItsMtc /*system ItsPkiItssSystem*/ { // Local variables var Oct32 v_private_key; var Oct32 v_public_key_x; var Oct32 v_public_key_y; var Oct32 v_public_compressed_key; var integer v_compressed_mode; var ItsPkiItss v_itss; var ItsPkiHttp v_ea; // Test control if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_ENROLMENT or not PICS_SECPKI_REENROLMENT) { log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT and PICS_SECPKI_REENROLMENT required for executing the TC ***"); setverdict(inconc); stop; } // Test component configuration if (f_generate_key_pair_nistp256(v_private_key, v_public_key_x, v_public_key_y, v_public_compressed_key, v_compressed_mode) == false) { log("*** " & testcasename() & ": FAIL: Failed to setup InnerEcRequest message ***") setverdict(inconc); stop; } v_itss.start(f_TC_SECPKI_ITSS_ENR_03_BV_itss(cc_taCert_A, v_private_key, v_public_compressed_key, v_compressed_mode)); v_ea.start(f_TC_SECPKI_ITSS_ENR_03_BV_pki(cc_taCert_A, v_private_key, v_public_compressed_key, v_compressed_mode)); // Synchronization f_serverSync2ClientsAndStop({c_prDone, c_tbDone, c_poDone}); // Cleanup } // End of TC_SECPKI_ITSS_ENR_03_BV group f_TC_SECPKI_ITSS_ENR_03_BV { function f_TC_SECPKI_ITSS_ENR_03_BV_itss( in charstring p_certificate_id, in octetstring p_private_key, in octetstring p_publicKeyCompressed, in integer p_compressed_mode ) runs on ItsPkiItss /*system ItsPkiItssSystem*/ { // Local variables // Test component configuration f_cfUp_itss(); // Test adapter configuration // Preamble f_sendUtTriggerPrimitive(PICS_ITS_S_CANONICAL_ID, '00'O, p_private_key, p_publicKeyCompressed, p_compressed_mode); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); // Postamble f_cfDown_itss(); } // End of function f_TC_SECPKI_ITSS_ENR_03_BV_itss function f_TC_SECPKI_ITSS_ENR_03_BV_pki( in charstring p_certificate_id, in octetstring p_private_key, in octetstring p_publicKeyCompressed, in integer p_compressed_mode ) runs on ItsPkiHttp /*system ItsPkiHttpSystem*/ { // Local variable var HttpMessage v_response; var EtsiTs102941Data v_etsi_ts_102941_data; var InnerEcRequest v_inner_ec_request; // Test component configuration f_cfHttpUp(); // Test adapter configuration // Preamble f_selfOrClientSyncAndVerdictTestBody(c_prDone, e_success); // Test Body tc_ac.start; alt { [not(PICS_MULTIPLE_END_POINT)] httpPort.receive( mw_http_response( mw_http_response_ok( mw_http_message_body_binary( mw_binary_body_ieee1609dot2_data( mw_enrolmentRequestMessage( mw_encryptedData( -, mw_SymmetricCiphertext_aes128ccm ))))))) -> value v_response { tc_ac.stop; /*if (f_verify_pki_response_message(vc_eaPrivateEncKey, int2oct(0, 32), v_response.response.body.binary_body.ieee1609dot2_data, false, v_etsi_ts_102941_data) == false) { log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***"); log("*** " & testcasename() & ": DEBUG: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentRequest(mw_innerEcRequestSignedForPop(mw_signedData))), " ***"); // TODO In TITAN, this is the only way to get the unmatching in log if (match(v_etsi_ts_102941_data.content, mw_enrolmentRequest(mw_innerEcRequestSignedForPop(mw_signedData)))) { // TODO Verify signature of mw_innerEcRequestSignedForPop log("*** " & testcasename() & ": PASS: InnerEcRequestSignedForPop received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } else { log("*** " & testcasename() & ": FAIL: Unexpected message received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } }*/ } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected message not received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); } } // End of 'alt' statement // Postamble f_cfHttpDown(); } // End of function f_TC_SECPKI_ITSS_ENR_03_BV_pki } // End of f_TC_SECPKI_ITSS_ENR_03_BV /** * @desc If the EC is revoked, the IUT returns to the state 'initialized'. *
       * Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT and PICS_SECPKI_CRL
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT is informed about a revocation of its EC
       *         }
       *         then {
       *             the IUT returns to the "initialized" state
       *         }
       *     }
       * 
* * @see ETSI TS 103 525-2 v0.0.10 SECPKI_ITSS_ENR_04_BV * @reference ETSI TS 102 941, clause 6.1.3, 6.2.3.2.1 */ testcase TC_SECPKI_ITSS_ENR_04_BV() runs on ItsMtc /*system ItsPkiItssSystem*/ { // Local variables var Oct32 v_private_key; var Oct32 v_public_key_x; var Oct32 v_public_key_y; var Oct32 v_public_compressed_key; var integer v_compressed_mode; var ItsPkiItss v_itss; var ItsPkiHttp v_ea; // Test control if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_ENROLMENT or not PICS_SECPKI_CRL) { log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT and PICS_SECPKI_CRL required for executing the TC ***"); setverdict(inconc); stop; } // Test component configuration // Synchronization // Cleanup } // End of TC_SECPKI_ITSS_ENR_04_BV /** * @desc If the EC expires, the IUT returns to the state 'initialized'. *
       * Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the EC of the IUT expires
       *         }
       *         then {
       *             the IUT returns to the "initialized" state
       *         }
       *     }
       * 
* * @see ETSI TS 103 525-2 v0.0.10 SECPKI_ITSS_ENR_05_BV * @reference ETSI TS 102 941, clause 6.1.3, 6.2.3.2.1 */ testcase TC_SECPKI_ITSS_ENR_05_BV() runs on ItsMtc /*system ItsPkiItssSystem*/ { // Local variables var Oct32 v_private_key; var Oct32 v_public_key_x; var Oct32 v_public_key_y; var Oct32 v_public_compressed_key; var integer v_compressed_mode; var ItsPkiItss v_itss; var ItsPkiHttp v_ea; // Test control if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_ENROLMENT) { log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT required for executing the TC ***"); setverdict(inconc); stop; } // Test component configuration // Synchronization // Cleanup } // End of TC_SECPKI_ITSS_ENR_05_BV /** * @desc For each enrolment request, the ITS-S shall generate a new verification key pair corresponding to an approved signature algorithm as specified in TS 103 097. *
       * Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT and not PICS_SECPKI_REENROLMENT
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT is requested to send multiple EnrolmentRequestMessage
       *         }
       *         then {
       *             each EnrolmentRequestMessage
       *                 contains a different and unique verification key pair within the InnerECRequest
       *         }
       *     }
       * 
* * @see ETSI TS 103 525-2 v0.0.10 SECPKI_ITSS_ENR_06_BV * @reference ETSI TS 102 941, clause 6.1.3 */ testcase TC_SECPKI_ITSS_ENR_06_BV() runs on ItsMtc /*system ItsPkiItssSystem*/ { // Local variables var Oct32 v_private_key; var Oct32 v_public_key_x; var Oct32 v_public_key_y; var Oct32 v_public_compressed_key; var integer v_compressed_mode; var ItsPkiItss v_itss; var ItsPkiHttp v_ea; // Test control if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_ENROLMENT or PICS_SECPKI_REENROLMENT) { log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT and not PICS_SECPKI_REENROLMENT required for executing the TC ***"); setverdict(inconc); stop; } // Test component configuration if (f_generate_key_pair_nistp256(v_private_key, v_public_key_x, v_public_key_y, v_public_compressed_key, v_compressed_mode) == false) { log("*** " & testcasename() & ": FAIL: Failed to setup InnerEcRequest message ***") setverdict(inconc); stop; } v_itss.start(f_TC_SECPKI_ITSS_ENR_06_BV_itss(cc_taCert_A, v_private_key, v_public_compressed_key, v_compressed_mode)); v_ea.start(f_TC_SECPKI_ITSS_ENR_06_BV_pki(cc_taCert_A, v_private_key, v_public_compressed_key, v_compressed_mode)); // Synchronization f_serverSync2ClientsAndStop({c_prDone, c_tbDone, c_poDone}); // Cleanup } // End of TC_SECPKI_ITSS_ENR_06_BV group f_TC_SECPKI_ITSS_ENR_06_BV { function f_TC_SECPKI_ITSS_ENR_06_BV_itss( in charstring p_certificate_id, in octetstring p_private_key, in octetstring p_publicKeyCompressed, in integer p_compressed_mode ) runs on ItsPkiItss /*system ItsPkiItssSystem*/ { // Local variables // Test component configuration f_cfUp_itss(); // Test adapter configuration // Preamble f_sendUtTriggerPrimitive(PICS_ITS_S_CANONICAL_ID, '00'O, p_private_key, p_publicKeyCompressed, p_compressed_mode); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); // Postamble f_cfDown_itss(); } // End of function f_TC_SECPKI_ITSS_ENR_06_BV_itss function f_TC_SECPKI_ITSS_ENR_06_BV_pki( in charstring p_certificate_id, in octetstring p_private_key, in octetstring p_publicKeyCompressed, in integer p_compressed_mode ) runs on ItsPkiHttp /*system ItsPkiHttpSystem*/ { // Local variable var HttpMessage v_response; var EtsiTs102941Data v_etsi_ts_102941_data; var InnerEcRequest v_inner_ec_request; // Test component configuration f_cfHttpUp(); // Test adapter configuration // Preamble f_selfOrClientSyncAndVerdictTestBody(c_prDone, e_success); // Test Body tc_ac.start; alt { [not(PICS_MULTIPLE_END_POINT)] httpPort.receive( mw_http_response( mw_http_response_ok( mw_http_message_body_binary( mw_binary_body_ieee1609dot2_data( mw_enrolmentRequestMessage( mw_encryptedData( -, mw_SymmetricCiphertext_aes128ccm ))))))) -> value v_response { tc_ac.stop; /*if (f_verify_pki_response_message(vc_eaPrivateEncKey, int2oct(0, 32), v_response.response.body.binary_body.ieee1609dot2_data, false, v_etsi_ts_102941_data) == false) { log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***"); log("*** " & testcasename() & ": DEBUG: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentRequest(mw_innerEcRequestSignedForPop(mw_signedData))), " ***"); // TODO In TITAN, this is the only way to get the unmatching in log if (match(v_etsi_ts_102941_data.content, mw_enrolmentRequest(mw_innerEcRequestSignedForPop(mw_signedData)))) { // TODO Verify signature of mw_innerEcRequestSignedForPop log("*** " & testcasename() & ": PASS: InnerEcRequestSignedForPop received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } else { log("*** " & testcasename() & ": FAIL: Unexpected message received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } }*/ } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected message not received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); } } // End of 'alt' statement // Postamble f_cfHttpDown(); } // End of function f_TC_SECPKI_ITSS_ENR_06_BV_pki } // End of f_TC_SECPKI_ITSS_ENR_06_BV /** * @desc Within the InnerECRequest, the requestedSubjectAttributes shall not contain a certIssuePermissions field. *
       * Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT is requested to send an EnrolmentRequestMessage
       *         }
       *         then {
       *             the IUT sends an EtsiTs103097Data-Encrypted
       *                 containing an encrypted EtsiTs103097Data-Signed
       *                     containing EtsiTs103097Data
       *                         containing InnerECRequestSignedForPOP
       *                             containing InnerEcRequest
       *                                 containing requestedSubjectAttributes
       *                                     not containing certIssuePermissions 
       *         }
       *     }
       * 
* * @see ETSI TS 103 525-2 v0.0.10 SECPKI_ITSS_ENR_07_BV * @reference ETSI TS 102 941, clause 6.2.3.2.1 */ testcase TC_SECPKI_ITSS_ENR_07_BV() runs on ItsMtc /*system ItsPkiItssSystem*/ { // Local variables var Oct32 v_private_key; var Oct32 v_public_key_x; var Oct32 v_public_key_y; var Oct32 v_public_compressed_key; var integer v_compressed_mode; var ItsPkiItss v_itss; var ItsPkiHttp v_ea; // Test control if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_ENROLMENT) { log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT required for executing the TC ***"); setverdict(inconc); stop; } // Test component configuration if (f_generate_key_pair_nistp256(v_private_key, v_public_key_x, v_public_key_y, v_public_compressed_key, v_compressed_mode) == false) { log("*** " & testcasename() & ": FAIL: Failed to setup InnerEcRequest message ***") setverdict(inconc); stop; } v_itss.start(f_TC_SECPKI_ITSS_ENR_07_BV_itss(cc_taCert_A, v_private_key, v_public_compressed_key, v_compressed_mode)); v_ea.start(f_TC_SECPKI_ITSS_ENR_07_BV_pki(cc_taCert_A, v_private_key, v_public_compressed_key, v_compressed_mode)); // Synchronization f_serverSync2ClientsAndStop({c_prDone, c_tbDone, c_poDone}); // Cleanup } // End of TC_SECPKI_ITSS_ENR_07_BV group f_TC_SECPKI_ITSS_ENR_07_BV { function f_TC_SECPKI_ITSS_ENR_07_BV_itss( in charstring p_certificate_id, in octetstring p_private_key, in octetstring p_publicKeyCompressed, in integer p_compressed_mode ) runs on ItsPkiItss /*system ItsPkiItssSystem*/ { // Local variables // Test component configuration f_cfUp_itss(); // Test adapter configuration // Preamble f_sendUtTriggerPrimitive(PICS_ITS_S_CANONICAL_ID, '00'O, p_private_key, p_publicKeyCompressed, p_compressed_mode); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); // Postamble f_cfDown_itss(); } // End of function f_TC_SECPKI_ITSS_ENR_07_BV_itss function f_TC_SECPKI_ITSS_ENR_07_BV_pki( in charstring p_certificate_id, in octetstring p_private_key, in octetstring p_publicKeyCompressed, in integer p_compressed_mode ) runs on ItsPkiHttp /*system ItsPkiHttpSystem*/ { // Local variable var HttpMessage v_response; var EtsiTs102941Data v_etsi_ts_102941_data; var InnerEcRequest v_inner_ec_request; // Test component configuration f_cfHttpUp(); // Test adapter configuration // Preamble f_selfOrClientSyncAndVerdictTestBody(c_prDone, e_success); // Test Body tc_ac.start; alt { [not(PICS_MULTIPLE_END_POINT)] httpPort.receive( mw_http_response( mw_http_response_ok( mw_http_message_body_binary( mw_binary_body_ieee1609dot2_data( mw_enrolmentRequestMessage( mw_encryptedData( -, mw_SymmetricCiphertext_aes128ccm ))))))) -> value v_response { tc_ac.stop; /*if (f_verify_pki_response_message(vc_eaPrivateEncKey, int2oct(0, 32), v_response.response.body.binary_body.ieee1609dot2_data, false, v_etsi_ts_102941_data) == false) { log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***"); log("*** " & testcasename() & ": DEBUG: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentRequest(mw_innerEcRequestSignedForPop(mw_signedData))), " ***"); // TODO In TITAN, this is the only way to get the unmatching in log if (match(v_etsi_ts_102941_data.content, mw_enrolmentRequest(mw_innerEcRequestSignedForPop(mw_signedData)))) { // TODO Verify signature of mw_innerEcRequestSignedForPop log("*** " & testcasename() & ": PASS: InnerEcRequestSignedForPop received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } else { log("*** " & testcasename() & ": FAIL: Unexpected message received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } }*/ } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected message not received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); } } // End of 'alt' statement // Postamble f_cfHttpDown(); } // End of function f_TC_SECPKI_ITSS_ENR_07_BV_pki } // End of f_TC_SECPKI_ITSS_ENR_07_BV /** * @desc In the headerInfo of the tbsData of the InnerECRequestSignedForPOP all other components * of the component tbsdata.headerInfo except generationTime and psid are not used and absent. * The psid shall be set to "secured certificate request" as assigned in ETSI TS 102 965 and * the generationTime shall be present. *
       * Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT is requested to send an EnrolmentRequestMessage
       *         }
       *         then {
       *             the IUT sends an EtsiTs103097Data-Encrypted
       *                 containing an encrypted EtsiTs103097Data-Signed
       *                     containing EtsiTs103097Data
       *                         containing InnerECRequestSignedForPOP
       *                             containing tbsData
       *                                 containing headerInfo
       *                                     containing psid
       *                                         indicating AID_CERT_REQ
       *                                     and containing generationTime
       *                                     and not containing any other component of tbsdata.headerInfo
       *         }
       *     }
       * 
* * @see ETSI TS 103 525-2 v0.0.10 SECPKI_ITSS_ENR_08_BV * @reference ETSI TS 102 941, clause 6.2.3.2.1 */ testcase TC_SECPKI_ITSS_ENR_08_BV() runs on ItsMtc /*system ItsPkiItssSystem*/ { // Local variables var Oct32 v_private_key; var Oct32 v_public_key_x; var Oct32 v_public_key_y; var Oct32 v_public_compressed_key; var integer v_compressed_mode; var ItsPkiItss v_itss; var ItsPkiHttp v_ea; // Test control if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_ENROLMENT) { log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT required for executing the TC ***"); setverdict(inconc); stop; } // Test component configuration if (f_generate_key_pair_nistp256(v_private_key, v_public_key_x, v_public_key_y, v_public_compressed_key, v_compressed_mode) == false) { log("*** " & testcasename() & ": FAIL: Failed to setup InnerEcRequest message ***") setverdict(inconc); stop; } v_itss.start(f_TC_SECPKI_ITSS_ENR_08_BV_itss(cc_taCert_A, v_private_key, v_public_compressed_key, v_compressed_mode)); v_ea.start(f_TC_SECPKI_ITSS_ENR_08_BV_pki(cc_taCert_A, v_private_key, v_public_compressed_key, v_compressed_mode)); // Synchronization f_serverSync2ClientsAndStop({c_prDone, c_tbDone, c_poDone}); // Cleanup } // End of TC_SECPKI_ITSS_ENR_08_BV group f_TC_SECPKI_ITSS_ENR_08_BV { function f_TC_SECPKI_ITSS_ENR_08_BV_itss( in charstring p_certificate_id, in octetstring p_private_key, in octetstring p_publicKeyCompressed, in integer p_compressed_mode ) runs on ItsPkiItss /*system ItsPkiItssSystem*/ { // Local variables // Test component configuration f_cfUp_itss(); // Test adapter configuration // Preamble f_sendUtTriggerPrimitive(PICS_ITS_S_CANONICAL_ID, '00'O, p_private_key, p_publicKeyCompressed, p_compressed_mode); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); // Postamble f_cfDown_itss(); } // End of function f_TC_SECPKI_ITSS_ENR_08_BV_itss function f_TC_SECPKI_ITSS_ENR_08_BV_pki( in charstring p_certificate_id, in octetstring p_private_key, in octetstring p_publicKeyCompressed, in integer p_compressed_mode ) runs on ItsPkiHttp /*system ItsPkiHttpSystem*/ { // Local variable var HttpMessage v_response; var EtsiTs102941Data v_etsi_ts_102941_data; var InnerEcRequest v_inner_ec_request; // Test component configuration f_cfHttpUp(); // Test adapter configuration // Preamble f_selfOrClientSyncAndVerdictTestBody(c_prDone, e_success); // Test Body tc_ac.start; alt { [not(PICS_MULTIPLE_END_POINT)] httpPort.receive( mw_http_response( mw_http_response_ok( mw_http_message_body_binary( mw_binary_body_ieee1609dot2_data( mw_enrolmentRequestMessage( mw_encryptedData( -, mw_SymmetricCiphertext_aes128ccm ))))))) -> value v_response { tc_ac.stop; /*if (f_verify_pki_response_message(vc_eaPrivateEncKey, int2oct(0, 32), v_response.response.body.binary_body.ieee1609dot2_data, false, v_etsi_ts_102941_data) == false) { log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***"); log("*** " & testcasename() & ": DEBUG: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentRequest(mw_innerEcRequestSignedForPop(mw_signedData))), " ***"); // TODO In TITAN, this is the only way to get the unmatching in log if (match(v_etsi_ts_102941_data.content, mw_enrolmentRequest(mw_innerEcRequestSignedForPop(mw_signedData)))) { // TODO Verify signature of mw_innerEcRequestSignedForPop log("*** " & testcasename() & ": PASS: InnerEcRequestSignedForPop received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } else { log("*** " & testcasename() & ": FAIL: Unexpected message received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } }*/ } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected message not received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); } } // End of 'alt' statement // Postamble f_cfHttpDown(); } // End of function f_TC_SECPKI_ITSS_ENR_08_BV_pki } // End of f_TC_SECPKI_ITSS_ENR_08_BV /** * @desc In the headerInfo of the tbsData of the outer EtsiTs102941Data-Signed all other components * of the component tbsdata.headerInfo except generationTime and psid are not used and absent. * The psid shall be set to "secured certificate request" as assigned in ETSI TS 102 965 and * the generationTime shall be present. *
       * Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT is requested to send an EnrolmentRequestMessage
       *         }
       *         then {
       *             the IUT sends an EtsiTs103097Data-Encrypted
       *                 containing an encrypted EtsiTs103097Data-Signed
       *                     containing EtsiTs103097Data
       *                         containing InnerECRequestSignedForPOP
       *                             containing tbsData
       *                                 containing headerInfo
       *                                     containing psid
       *                                         indicating AID_CERT_REQ
       *                                     and containing generationTime
       *                                     and not containing any other component of tbsdata.headerInfo
       *         }
       *     }
       * 
* * @see ETSI TS 103 525-2 v0.0.10 SECPKI_ITSS_ENR_09_BV * @reference ETSI TS 102 941, clause 6.2.3.2.1 */ testcase TC_SECPKI_ITSS_ENR_09_BV() runs on ItsMtc /*system ItsPkiItssSystem*/ { // Local variables var Oct32 v_private_key; var Oct32 v_public_key_x; var Oct32 v_public_key_y; var Oct32 v_public_compressed_key; var integer v_compressed_mode; var ItsPkiItss v_itss; var ItsPkiHttp v_ea; // Test control if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_ENROLMENT) { log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT required for executing the TC ***"); setverdict(inconc); stop; } // Test component configuration if (f_generate_key_pair_nistp256(v_private_key, v_public_key_x, v_public_key_y, v_public_compressed_key, v_compressed_mode) == false) { log("*** " & testcasename() & ": FAIL: Failed to setup InnerEcRequest message ***") setverdict(inconc); stop; } v_itss.start(f_TC_SECPKI_ITSS_ENR_09_BV_itss(cc_taCert_A, v_private_key, v_public_compressed_key, v_compressed_mode)); v_ea.start(f_TC_SECPKI_ITSS_ENR_09_BV_pki(cc_taCert_A, v_private_key, v_public_compressed_key, v_compressed_mode)); // Synchronization f_serverSync2ClientsAndStop({c_prDone, c_tbDone, c_poDone}); // Cleanup } // End of TC_SECPKI_ITSS_ENR_09_BV group f_TC_SECPKI_ITSS_ENR_09_BV { function f_TC_SECPKI_ITSS_ENR_09_BV_itss( in charstring p_certificate_id, in octetstring p_private_key, in octetstring p_publicKeyCompressed, in integer p_compressed_mode ) runs on ItsPkiItss /*system ItsPkiItssSystem*/ { // Local variables // Test component configuration f_cfUp_itss(); // Test adapter configuration // Preamble f_sendUtTriggerPrimitive(PICS_ITS_S_CANONICAL_ID, '00'O, p_private_key, p_publicKeyCompressed, p_compressed_mode); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); // Postamble f_cfDown_itss(); } // End of function f_TC_SECPKI_ITSS_ENR_09_BV_itss function f_TC_SECPKI_ITSS_ENR_09_BV_pki( in charstring p_certificate_id, in octetstring p_private_key, in octetstring p_publicKeyCompressed, in integer p_compressed_mode ) runs on ItsPkiHttp /*system ItsPkiHttpSystem*/ { // Local variable var HttpMessage v_response; var EtsiTs102941Data v_etsi_ts_102941_data; var InnerEcRequest v_inner_ec_request; // Test component configuration f_cfHttpUp(); // Test adapter configuration // Preamble f_selfOrClientSyncAndVerdictTestBody(c_prDone, e_success); // Test Body tc_ac.start; alt { [not(PICS_MULTIPLE_END_POINT)] httpPort.receive( mw_http_response( mw_http_response_ok( mw_http_message_body_binary( mw_binary_body_ieee1609dot2_data( mw_enrolmentRequestMessage( mw_encryptedData( -, mw_SymmetricCiphertext_aes128ccm ))))))) -> value v_response { tc_ac.stop; /*if (f_verify_pki_response_message(vc_eaPrivateEncKey, int2oct(0, 32), v_response.response.body.binary_body.ieee1609dot2_data, false, v_etsi_ts_102941_data) == false) { log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***"); log("*** " & testcasename() & ": DEBUG: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentRequest(mw_innerEcRequestSignedForPop(mw_signedData))), " ***"); // TODO In TITAN, this is the only way to get the unmatching in log if (match(v_etsi_ts_102941_data.content, mw_enrolmentRequest(mw_innerEcRequestSignedForPop(mw_signedData)))) { // TODO Verify signature of mw_innerEcRequestSignedForPop log("*** " & testcasename() & ": PASS: InnerEcRequestSignedForPop received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } else { log("*** " & testcasename() & ": FAIL: Unexpected message received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } }*/ } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected message not received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); } } // End of 'alt' statement // Postamble f_cfHttpDown(); } // End of function f_TC_SECPKI_ITSS_ENR_09_BV_pki } // End of f_TC_SECPKI_ITSS_ENR_09_BV /** * @desc The EtsiTs103097Data-Encrypted containing the correctly encrypted ciphertext and a recipients * component containing one instance of RecipientInfo of choice certRecipInfo containing the * hashedId8 of the EA certificate in recipientId and the encrypted data encryption key in encKey. * The data encryption key is encrypted using the public key found in the EA certificate referenced * in the recipientId. *
       * Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT is requested to send an EnrolmentRequestMessage
       *         }
       *         then {
       *             the IUT sends an EtsiTs103097Data-Encrypted
       *                 containing recipients
       *                     containing exactly one instance of RecipientInfo of choice certRecipInfo
       *                         containing recipientId
       *                             indicating the hashedId8
       *                                 referencing to the EA certificate
       *                                     containing encryptionKey (KEY)
       *                      and containing encKey
       *                          being a symmetric key (SYMKEY) encrypted using the key KEY
       *                  containing ciphertext
       *                      which is encrypted using the symmetric key SYMKEY contained in encKey
       *         }
       *     }
       * 
* * @see ETSI TS 103 525-2 v0.0.10 SECPKI_ITSS_ENR_10_BV * @reference ETSI TS 102 941, clause 6.2.3.2.1 */ testcase TC_SECPKI_ITSS_ENR_10_BV() runs on ItsMtc /*system ItsPkiItssSystem*/ { // Local variables var Oct32 v_private_key; var Oct32 v_public_key_x; var Oct32 v_public_key_y; var Oct32 v_public_compressed_key; var integer v_compressed_mode; var ItsPkiItss v_itss; var ItsPkiHttp v_ea; // Test control if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_ENROLMENT) { log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT required for executing the TC ***"); setverdict(inconc); stop; } // Test component configuration if (f_generate_key_pair_nistp256(v_private_key, v_public_key_x, v_public_key_y, v_public_compressed_key, v_compressed_mode) == false) { log("*** " & testcasename() & ": FAIL: Failed to setup InnerEcRequest message ***") setverdict(inconc); stop; } v_itss.start(f_TC_SECPKI_ITSS_ENR_10_BV_itss(cc_taCert_A, v_private_key, v_public_compressed_key, v_compressed_mode)); v_ea.start(f_TC_SECPKI_ITSS_ENR_10_BV_pki(cc_taCert_A, v_private_key, v_public_compressed_key, v_compressed_mode)); // Synchronization f_serverSync2ClientsAndStop({c_prDone, c_tbDone, c_poDone}); // Cleanup } // End of TC_SECPKI_ITSS_ENR_10_BV group f_TC_SECPKI_ITSS_ENR_10_BV { function f_TC_SECPKI_ITSS_ENR_10_BV_itss( in charstring p_certificate_id, in octetstring p_private_key, in octetstring p_publicKeyCompressed, in integer p_compressed_mode ) runs on ItsPkiItss /*system ItsPkiItssSystem*/ { // Local variables // Test component configuration f_cfUp_itss(); // Test adapter configuration // Preamble f_sendUtTriggerPrimitive(PICS_ITS_S_CANONICAL_ID, '00'O, p_private_key, p_publicKeyCompressed, p_compressed_mode); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); // Postamble f_cfDown_itss(); } // End of function f_TC_SECPKI_ITSS_ENR_10_BV_itss function f_TC_SECPKI_ITSS_ENR_10_BV_pki( in charstring p_certificate_id, in octetstring p_private_key, in octetstring p_publicKeyCompressed, in integer p_compressed_mode ) runs on ItsPkiHttp /*system ItsPkiHttpSystem*/ { // Local variable var HttpMessage v_response; var EtsiTs102941Data v_etsi_ts_102941_data; var InnerEcRequest v_inner_ec_request; // Test component configuration f_cfHttpUp(); // Test adapter configuration // Preamble f_selfOrClientSyncAndVerdictTestBody(c_prDone, e_success); // Test Body tc_ac.start; alt { [not(PICS_MULTIPLE_END_POINT)] httpPort.receive( mw_http_response( mw_http_response_ok( mw_http_message_body_binary( mw_binary_body_ieee1609dot2_data( mw_enrolmentRequestMessage( mw_encryptedData( -, mw_SymmetricCiphertext_aes128ccm ))))))) -> value v_response { tc_ac.stop; /*if (f_verify_pki_response_message(vc_eaPrivateEncKey, int2oct(0, 32), v_response.response.body.binary_body.ieee1609dot2_data, false, v_etsi_ts_102941_data) == false) { log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***"); log("*** " & testcasename() & ": DEBUG: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentRequest(mw_innerEcRequestSignedForPop(mw_signedData))), " ***"); // TODO In TITAN, this is the only way to get the unmatching in log if (match(v_etsi_ts_102941_data.content, mw_enrolmentRequest(mw_innerEcRequestSignedForPop(mw_signedData)))) { // TODO Verify signature of mw_innerEcRequestSignedForPop log("*** " & testcasename() & ": PASS: InnerEcRequestSignedForPop received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } else { log("*** " & testcasename() & ": FAIL: Unexpected message received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } }*/ } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected message not received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); } } // End of 'alt' statement // Postamble f_cfHttpDown(); } // End of function f_TC_SECPKI_ITSS_ENR_10_BV_pki } // End of f_TC_SECPKI_ITSS_ENR_10_BV /** * @desc In the inner signed data structure (InnerECRequestSignedForPOP), the signature is computed * on InnerECRequest with the private key corresponding to the new verificationKey to prove * possession of the generated verification key pair. *
       * Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT is requested to send an EnrolmentRequestMessage
       *         }
       *         then {
       *             the IUT sends an EtsiTs103097Data-Encrypted
       *                 containing an encrypted EtsiTs103097Data-Signed
       *                     containing EtsiTs103097Data
       *                         containing InnerECRequestSignedForPOP
       *                             containing tbsData
       *                                 containing InnerEcRequest
       *                                     containing verificationKey (VKEY)
       *                              containing signature
       *                                  computed on InnerECRequest
       *                                      using the private key corresponding to VKEY
       *                                          contained in InnerECRequest
       *         }
       *     }
       * 
* * @see ETSI TS 103 525-2 v0.0.10 SECPKI_ITSS_ENR_11_BV * @reference ETSI TS 102 941, clause 6.2.3.2.1 */ testcase TC_SECPKI_ITSS_ENR_11_BV() runs on ItsMtc /*system ItsPkiItssSystem*/ { // Local variables var Oct32 v_private_key; var Oct32 v_public_key_x; var Oct32 v_public_key_y; var Oct32 v_public_compressed_key; var integer v_compressed_mode; var ItsPkiItss v_itss; var ItsPkiHttp v_ea; // Test control if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_ENROLMENT) { log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT required for executing the TC ***"); setverdict(inconc); stop; } // Test component configuration if (f_generate_key_pair_nistp256(v_private_key, v_public_key_x, v_public_key_y, v_public_compressed_key, v_compressed_mode) == false) { log("*** " & testcasename() & ": FAIL: Failed to setup InnerEcRequest message ***") setverdict(inconc); stop; } v_itss.start(f_TC_SECPKI_ITSS_ENR_11_BV_itss(cc_taCert_A, v_private_key, v_public_compressed_key, v_compressed_mode)); v_ea.start(f_TC_SECPKI_ITSS_ENR_11_BV_pki(cc_taCert_A, v_private_key, v_public_compressed_key, v_compressed_mode)); // Synchronization f_serverSync2ClientsAndStop({c_prDone, c_tbDone, c_poDone}); // Cleanup } // End of TC_SECPKI_ITSS_ENR_11_BV group f_TC_SECPKI_ITSS_ENR_11_BV { function f_TC_SECPKI_ITSS_ENR_11_BV_itss( in charstring p_certificate_id, in octetstring p_private_key, in octetstring p_publicKeyCompressed, in integer p_compressed_mode ) runs on ItsPkiItss /*system ItsPkiItssSystem*/ { // Local variables // Test component configuration f_cfUp_itss(); // Test adapter configuration // Preamble f_sendUtTriggerPrimitive(PICS_ITS_S_CANONICAL_ID, '00'O, p_private_key, p_publicKeyCompressed, p_compressed_mode); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); // Postamble f_cfDown_itss(); } // End of function f_TC_SECPKI_ITSS_ENR_11_BV_itss function f_TC_SECPKI_ITSS_ENR_11_BV_pki( in charstring p_certificate_id, in octetstring p_private_key, in octetstring p_publicKeyCompressed, in integer p_compressed_mode ) runs on ItsPkiHttp /*system ItsPkiHttpSystem*/ { // Local variable var HttpMessage v_response; var EtsiTs102941Data v_etsi_ts_112941_data; var InnerEcRequest v_inner_ec_request; // Test component configuration f_cfHttpUp(); // Test adapter configuration // Preamble f_selfOrClientSyncAndVerdictTestBody(c_prDone, e_success); // Test Body tc_ac.start; alt { [not(PICS_MULTIPLE_END_POINT)] httpPort.receive( mw_http_response( mw_http_response_ok( mw_http_message_body_binary( mw_binary_body_ieee1609dot2_data( mw_enrolmentRequestMessage( mw_encryptedData( -, mw_SymmetricCiphertext_aes128ccm ))))))) -> value v_response { tc_ac.stop; /*if (f_verify_pki_response_message(vc_eaPrivateEncKey, int2oct(0, 32), v_response.response.body.binary_body.ieee1609dot2_data, false, v_etsi_ts_112941_data) == false) { log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_112941_data, " ***"); log("*** " & testcasename() & ": DEBUG: match ", match(v_etsi_ts_112941_data.content, mw_enrolmentRequest(mw_innerEcRequestSignedForPop(mw_signedData))), " ***"); // TODO In TITAN, this is the only way to get the unmatching in log if (match(v_etsi_ts_112941_data.content, mw_enrolmentRequest(mw_innerEcRequestSignedForPop(mw_signedData)))) { // TODO Verify signature of mw_innerEcRequestSignedForPop log("*** " & testcasename() & ": PASS: InnerEcRequestSignedForPop received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } else { log("*** " & testcasename() & ": FAIL: Unexpected message received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } }*/ } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected message not received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); } } // End of 'alt' statement // Postamble f_cfHttpDown(); } // End of function f_TC_SECPKI_ITSS_ENR_11_BV_pki } // End of f_TC_SECPKI_ITSS_ENR_11_BV /** * @desc Check that signing of Enrolment Request message is permitted by the EC certificate. *
       * Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT and PICS_SECPKI_REENROLMENT 
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT is requested to send an EnrolmentRequestMessage
       *         }
       *         then {
       *             the IUT sends an EtsiTs103097Data-Encrypted
       *                 containing an encrypted EtsiTs103097Data-Signed
       *                     containing signer
       *                         containing digest
       *                             indicating HashedId8 of the EC certificate
       *                                 containing appPermissions
       *                                     containing an item of type PsidSsp
       *                                         containing psid
       *                                             indicating AID_CERT_REQ
       *                                         and containing ssp
       *                                             containing opaque[0] (version) 
       *                                                 indicating 1
       *                                             containing opaque[1] (value) 
       *                                                 indicating "Enrolment Request" (bit 1) set to 1
       *         }
       *     }
       * 
* * @see ETSI TS 103 525-2 v0.0.10 SECPKI_ITSS_ENR_12_BV * @reference ETSI TS 102 941, clause 6.1.3, 6.2.3.2.1 */ testcase TC_SECPKI_ITSS_ENR_12_BV() runs on ItsMtc /*system ItsPkiItssSystem*/ { // Local variables var Oct32 v_private_key; var Oct32 v_public_key_x; var Oct32 v_public_key_y; var Oct32 v_public_compressed_key; var integer v_compressed_mode; var ItsPkiItss v_itss; var ItsPkiHttp v_ea; // Test control if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_ENROLMENT) { log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT required for executing the TC ***"); setverdict(inconc); stop; } // Test component configuration if (f_generate_key_pair_nistp256(v_private_key, v_public_key_x, v_public_key_y, v_public_compressed_key, v_compressed_mode) == false) { log("*** " & testcasename() & ": FAIL: Failed to setup InnerEcRequest message ***") setverdict(inconc); stop; } v_itss.start(f_TC_SECPKI_ITSS_ENR_12_BV_itss(cc_taCert_A, v_private_key, v_public_compressed_key, v_compressed_mode)); v_ea.start(f_TC_SECPKI_ITSS_ENR_12_BV_pki(cc_taCert_A, v_private_key, v_public_compressed_key, v_compressed_mode)); // Synchronization f_serverSync2ClientsAndStop({c_prDone, c_tbDone, c_poDone}); // Cleanup } // End of TC_SECPKI_ITSS_ENR_12_BV group f_TC_SECPKI_ITSS_ENR_12_BV { function f_TC_SECPKI_ITSS_ENR_12_BV_itss( in charstring p_certificate_id, in octetstring p_private_key, in octetstring p_publicKeyCompressed, in integer p_compressed_mode ) runs on ItsPkiItss /*system ItsPkiItssSystem*/ { // Local variables // Test component configuration f_cfUp_itss(); // Test adapter configuration // Preamble f_sendUtTriggerPrimitive(PICS_ITS_S_CANONICAL_ID, '00'O, p_private_key, p_publicKeyCompressed, p_compressed_mode); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); // Postamble f_cfDown_itss(); } // End of function f_TC_SECPKI_ITSS_ENR_12_BV_itss function f_TC_SECPKI_ITSS_ENR_12_BV_pki( in charstring p_certificate_id, in octetstring p_private_key, in octetstring p_publicKeyCompressed, in integer p_compressed_mode ) runs on ItsPkiHttp /*system ItsPkiHttpSystem*/ { // Local variable var HttpMessage v_response; var EtsiTs102941Data v_etsi_ts_122941_data; var InnerEcRequest v_inner_ec_request; // Test component configuration f_cfHttpUp(); // Test adapter configuration // Preamble f_selfOrClientSyncAndVerdictTestBody(c_prDone, e_success); // Test Body tc_ac.start; alt { [not(PICS_MULTIPLE_END_POINT)] httpPort.receive( mw_http_response( mw_http_response_ok( mw_http_message_body_binary( mw_binary_body_ieee1609dot2_data( mw_enrolmentRequestMessage( mw_encryptedData( -, mw_SymmetricCiphertext_aes128ccm ))))))) -> value v_response { tc_ac.stop; /*if (f_verify_pki_response_message(vc_eaPrivateEncKey, int2oct(0, 32), v_response.response.body.binary_body.ieee1609dot2_data, false, v_etsi_ts_122941_data) == false) { log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_122941_data, " ***"); log("*** " & testcasename() & ": DEBUG: match ", match(v_etsi_ts_122941_data.content, mw_enrolmentRequest(mw_innerEcRequestSignedForPop(mw_signedData))), " ***"); // TODO In TITAN, this is the only way to get the unmatching in log if (match(v_etsi_ts_122941_data.content, mw_enrolmentRequest(mw_innerEcRequestSignedForPop(mw_signedData)))) { // TODO Verify signature of mw_innerEcRequestSignedForPop log("*** " & testcasename() & ": PASS: InnerEcRequestSignedForPop received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } else { log("*** " & testcasename() & ": FAIL: Unexpected message received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } }*/ } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected message not received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); } } // End of 'alt' statement // Postamble f_cfHttpDown(); } // End of function f_TC_SECPKI_ITSS_ENR_12_BV_pki } // End of f_TC_SECPKI_ITSS_ENR_12_BV } // End of group itss_enrolment_request group itss_enrolment_response { /** * @desc If an enrolment request fails, the IUT returns to the state 'initialized. *
       * Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT is requested to send an EnrolmentRequestMessage
       *             and the EnrolmentResponseMessage is received
       *                 containing a responseCode different than 0
       *         }
       *         then {
       *             the IUT returns to the "initialized" state
       *         }
       *     }
       * 
* * @see ETSI TS 103 525-2 v0.0.10 SECPKI_ITSS_ENR_RECV_01_BV * @reference ETSI TS 102 941, clause 6.1.3, 6.2.3.2.1 */ testcase TC_SECPKI_ITSS_ENR_RECV_01_BV() runs on ItsMtc /*system ItsPkiItssSystem*/ { // Local variables var Oct32 v_private_key; var Oct32 v_public_key_x; var Oct32 v_public_key_y; var Oct32 v_public_compressed_key; var integer v_compressed_mode; var ItsPkiItss v_itss; var ItsPkiHttp v_ea; // Test control if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_ENROLMENT) { log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT required for executing the TC ***"); setverdict(inconc); stop; } // Test component configuration // Synchronization // Cleanup } // End of TC_SECPKI_ITSS_ENR_RECV_01_BV /** * @desc The IUT is capable of parsing and handling of positive EnrolmentResponse messages * containing the requested EC. In case of a successful enrolment, the IUT switches * to the state 'enrolled'. *
       * Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT is requested to send an initial EnrolmentRequestMessage
       *             and when the IUT receives a subsequent EnrolmentResponseMessage as an answer of the EA
       *                 containing a responseCode
       *                     indicating 0
       *                 and containing an enrolment certificate
       *         }
       *         then {
       *             the IUT switches to the "enrolled" state
       *         }
       *     }
       * 
* * @see ETSI TS 103 525-2 v0.0.10 SECPKI_ITSS_ENR_RECV_02_BV * @reference ETSI TS 102 941, clause 6.1.3, 6.2.3.2.1 */ testcase TC_SECPKI_ITSS_ENR_RECV_02_BV() runs on ItsMtc /*system ItsPkiItssSystem*/ { // Local variables var Oct32 v_private_key; var Oct32 v_public_key_x; var Oct32 v_public_key_y; var Oct32 v_public_compressed_key; var integer v_compressed_mode; var ItsPkiItss v_itss; var ItsPkiHttp v_ea; // Test control if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_ENROLMENT) { log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT required for executing the TC ***"); setverdict(inconc); stop; } // Test component configuration // Synchronization // Cleanup } // End of TC_SECPKI_ITSS_ENR_RECV_02_BV } // End of group itss_enrolment_response group itss_authorization_request { // TODO } // End of group itss_authorization_request group itss_authorization_response { // TODO } // End of group itss_authorization_response group itss_ctl_handling { // TODO } // End of group itss_ctl_handling group itss_crl_handling { // TODO } // End of group itss_crl_handling } // End of group itss_behavior group ea_behavior { group enrolment_request_handling { /** * @desc The EnrolmentResponse message shall be sent by the EA to the ITS-S across the interface at * reference point S3 in response to a received EnrolmentRequest message. *
       * Pics Selection: PICS_IUT_EA_ROLE
       * Initial conditions: 
       *     with {
       *         the IUT being in the "operational state"
       *     }
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives an EnrolmentRequestMessage across the interface at the reference point S3
       *         }
       *         then {
       *             the IUT answers with an EnrolmentResponseMessage across the interface at reference point S3
       *         }
       *     }
       * 
* * @see ETSI TS 103 525-2 v0.0.10 TP SECPKI_EA_ENR_RCV_01_BV * @reference ETSI TS 102 941, clause 6.2.3.2.2 */ testcase TC_SECPKI_EA_ENR_RCV_01_BV() runs on ItsPkiHttp system ItsPkiHttpSystem { // Local variables var Oct32 v_private_key; var Oct32 v_public_compressed_key; var integer v_compressed_mode; var Oct32 v_request_hash; var Oct16 v_encrypted_sym_key; var Oct16 v_aes_sym_key; var Oct16 v_authentication_vector; var Oct12 v_nonce; var octetstring v_salt; var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data; var HeaderLines v_headers; var HttpMessage v_response; var EtsiTs102941Data v_etsi_ts_102941_data; // Test control if (not PICS_IUT_EA_ROLE) { log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***"); setverdict(inconc); stop; } // Test component configuration f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID); // Test adapter configuration // Preamble f_http_build_inner_ec_request(v_private_key, v_public_compressed_key, v_compressed_mode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash); f_init_default_headers_list(-, "inner_ec_request", v_headers); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body f_http_send( v_headers, m_http_request( m_http_request_post( PICS_HTTP_POST_URI_EC, v_headers, m_http_message_body_binary( m_binary_body_ieee1609dot2_data( v_ieee1609dot2_signed_and_encrypted_data ))))); tc_ac.start; alt { [not(PICS_MULTIPLE_END_POINT)] httpPort.receive( mw_http_response( mw_http_response_ok( mw_http_message_body_binary( mw_binary_body_ieee1609dot2_data( mw_enrolmentResponseMessage( mw_encryptedData( -, mw_SymmetricCiphertext_aes128ccm ))))))) -> value v_response { tc_ac.stop; if (f_verify_pki_response_message(v_private_key, v_aes_sym_key, v_authentication_vector, vc_eaWholeHash, v_response.response.body.binary_body.ieee1609dot2_data, false, v_etsi_ts_102941_data) == false) { log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: InnerEcResponse received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } } [PICS_MULTIPLE_END_POINT] httpEcPort.receive( mw_http_response( mw_http_response_ok( mw_http_message_body_binary( mw_binary_body_ieee1609dot2_data( mw_enrolmentResponseMessage( mw_encryptedData( -, mw_SymmetricCiphertext_aes128ccm ))))))) -> value v_response { tc_ac.stop; if (f_verify_pki_response_message(v_private_key, v_aes_sym_key, v_authentication_vector, vc_eaWholeHash, v_response.response.body.binary_body.ieee1609dot2_data, false, v_etsi_ts_102941_data) == false) { log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: InnerEcResponse received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected message not received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); } } // End of 'alt' statement // Postamble f_cfHttpDown(); } // End of testcase TC_SECPKI_EA_ENR_RCV_01_BV /** * @desc Check that EA doesn't accept Enrolment rekeying request when enrolment is not permitted * by signing certificate. *
       * Pics Selection: PICS_IUT_EA_ROLE
       * Initial conditions: 
       *     with {
       *         the IUT being in the "operational state"
       *     }
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives an EnrolmentRequestMessage
       *                 containing an encrypted EtsiTs103097Data-Signed
       *                     containing signer
       *                         containing digest
       *                             indicating HashedId8 of the certificate CERT
       *                                 containing appPermissions
       *                                     not containing an item of type PsidSsp
       *                                         containing psid
       *                                             indicating AID_CERT_REQ
       *                                     or containing an item of type PsidSsp
       *                                         containing psid
       *                                             indicating AID_CERT_REQ
       *                                         and containing ssp
       *                                             containing opaque[0] (version)
       *                                                 indicating other value than 1
       *                                             or containing opaque[1] (value)
       *                                                 indicating "Enrolment Request" (bit 1) set to 0
       *         }
       *         then {
       *             the IUT answers with an EnrolmentResponseMessage
       *                 containing InnerECResponse
       *                     containing responseCode
       *                         indicating "deniedpermissions"
       *         }
       *     }
       * 
* * @see ETSI TS 103 525-2 v0.0.10 TP SECPKI_EA_ENR_RCV_02_BI * @reference ETSI TS 102 941, clause B.5 */ testcase TC_SECPKI_EA_ENR_RCV_02_BI() runs on ItsPkiHttp system ItsPkiHttpSystem { // Local variables var Oct32 v_private_key; var Oct32 v_public_compressed_key; var integer v_compressed_mode; var Oct32 v_request_hash; var Oct16 v_encrypted_sym_key; var Oct16 v_aes_sym_key; var Oct16 v_authentication_vector; var Oct12 v_nonce; var octetstring v_salt; var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data; var HeaderLines v_headers; var HttpMessage v_response; var EtsiTs102941Data v_etsi_ts_102941_data; // Test control if (not PICS_IUT_EA_ROLE) { log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***"); setverdict(inconc); stop; } // Test component configuration f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID); // Test adapter configuration // Preamble // TODO Implement error case f_http_build_inner_ec_request(v_private_key, v_public_compressed_key, v_compressed_mode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash); f_init_default_headers_list(-, "inner_ec_request", v_headers); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body httpPort.send( m_http_request( m_http_request_post( PICS_HTTP_POST_URI_EC, v_headers, m_http_message_body_binary( m_binary_body_ieee1609dot2_data( v_ieee1609dot2_signed_and_encrypted_data ))))); tc_ac.start; alt { [not(PICS_MULTIPLE_END_POINT)] httpPort.receive( mw_http_response( mw_http_response_ok( mw_http_message_body_binary( mw_binary_body_ieee1609dot2_data( mw_enrolmentResponseMessage( mw_encryptedData( -, mw_SymmetricCiphertext_aes128ccm ))))))) -> value v_response { tc_ac.stop; if (f_verify_pki_response_message(v_private_key, v_aes_sym_key, v_authentication_vector, vc_eaWholeHash, v_response.response.body.binary_body.ieee1609dot2_data, false, v_etsi_ts_102941_data) == false) { log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": PASS: InnerEcResponse received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } } [not(PICS_MULTIPLE_END_POINT)] httpPort.receive( mw_http_response( mw_http_response_ko )) { tc_ac.stop; log("*** " & testcasename() & ": FAIL: Unexpected message received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected message not received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); } } // End of 'alt' statement // Postamble f_cfHttpDown(); } // EMd of testcase TC_SECPKI_EA_ENR_RCV_02_BI } // End of group enrolment_request_handling group enrolment_response { /** * @desc The EnrolmentResponse message shall be encrypted using an ETSI TS 103 097 approved * algorithm and the encryption shall be done with the same AES key as the one used * by the ITS-S requestor for the encryption of the EnrolmentRequest message *
       * Pics Selection: PICS_IUT_EA_ROLE
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives an EnrolmentRequestMessage
       *                 containing encKey
       *                     containing an encrypted AES key (SYMKEY)
       *         }
       *         then {
       *             the IUT answers with an EnrolmentResponseMessage
       *                 containing cipherTex
       *                     being encrypted using SYMKEY
       *         }
       *     }
       * 
* * @see ETSI TS 103 525-2 v0.0.10 TP SECPKI_EA_ENR_01_BV * @reference ETSI TS 102 941, clause 6.2.3.2.2 */ testcase TC_SECPKI_EA_ENR_01_BV() runs on ItsPkiHttp system ItsPkiHttpSystem { // Local variables var Oct32 v_private_key; var Oct32 v_public_compressed_key; var integer v_compressed_mode; var Oct32 v_request_hash; var Oct16 v_encrypted_sym_key; var Oct16 v_aes_sym_key; var Oct16 v_authentication_vector; var Oct12 v_nonce; var octetstring v_salt; var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data; var HeaderLines v_headers; var HttpMessage v_response; var EtsiTs102941Data v_etsi_ts_102941_data; // Test control if (not PICS_IUT_EA_ROLE) { log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***"); setverdict(inconc); stop; } // Test component configuration f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID); // Test adapter configuration // Preamble f_http_build_inner_ec_request(v_private_key, v_public_compressed_key, v_compressed_mode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash); f_init_default_headers_list(-, "inner_ec_request", v_headers); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body httpPort.send( m_http_request( m_http_request_post( PICS_HTTP_POST_URI_EC, v_headers, m_http_message_body_binary( m_binary_body_ieee1609dot2_data( v_ieee1609dot2_signed_and_encrypted_data ))))); tc_ac.start; alt { [not(PICS_MULTIPLE_END_POINT)] httpPort.receive( mw_http_response( mw_http_response_ok( mw_http_message_body_binary( mw_binary_body_ieee1609dot2_data( mw_enrolmentResponseMessage( mw_encryptedData( -, mw_SymmetricCiphertext_aes128ccm ))))))) -> value v_response { tc_ac.stop; if (f_verify_pki_response_message(v_private_key, v_aes_sym_key, v_authentication_vector, vc_eaWholeHash, v_response.response.body.binary_body.ieee1609dot2_data, false, v_etsi_ts_102941_data) == false) { log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***"); log("*** " & testcasename() & ": DEBUG: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16)))), " ***"); // TODO In TITAN, this is the only way to get the unmatching in log if (match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16))))) { log("*** " & testcasename() & ": PASS: InnerEcResponse received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } else { log("*** " & testcasename() & ": FAIL: Unexpected message received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } } } [not(PICS_MULTIPLE_END_POINT)] httpPort.receive( mw_http_response( mw_http_response_ko )) { tc_ac.stop; log("*** " & testcasename() & ": FAIL: Unexpected message received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected message not received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); } } // End of 'alt' statement // Postamble f_cfHttpDown(); } // End of testcase TC_SECPKI_EA_ENR_01_BV /** * @desc The EnrolmentResponse message shall be encrypted using an ETSI TS 103 097 approved * algorithm and the encryption shall be done with the same AES key as the one used * by the ITS-S requestor for the encryption of the EnrolmentRequest message. *
       * Pics Selection: PICS_IUT_EA_ROLE
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives an EnrolmentRequestMessage
       *                 containing encKey
       *                     containing an encrypted AES key (SYMKEY)
       *         }
       *         then {
       *             the IUT answers with an EnrolmentResponseMessage
       *                 containing cipherTex
       *                     being encrypted
       *                         using SYMKEY
       *                         and using an ETSI TS 103 097 approved algorithm
       *         }
       *     }
       * 
* * @see ETSI TS 103 525-2 v0.0.10 TP 22 * @reference ETSI TS 102 941, clause 6.2.3.2.2 */ testcase TC_SECPKI_EA_ENR_02_BV() runs on ItsPkiHttp system ItsPkiHttpSystem { // Local variables var Oct32 v_private_key; var Oct32 v_public_compressed_key; var integer v_compressed_mode; var Oct32 v_request_hash; var Oct16 v_encrypted_sym_key; var Oct16 v_aes_sym_key; var Oct16 v_authentication_vector; var Oct12 v_nonce; var octetstring v_salt; var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data; var HeaderLines v_headers; var HttpMessage v_response; var EtsiTs102941Data v_etsi_ts_102941_data; // Test control if (not PICS_IUT_EA_ROLE) { log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***"); setverdict(inconc); stop; } // Test component configuration f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID); // Test adapter configuration // Preamble f_http_build_inner_ec_request(v_private_key, v_public_compressed_key, v_compressed_mode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash); f_init_default_headers_list(-, "inner_ec_request", v_headers); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body httpPort.send( m_http_request( m_http_request_post( PICS_HTTP_POST_URI_EC, v_headers, m_http_message_body_binary( m_binary_body_ieee1609dot2_data( v_ieee1609dot2_signed_and_encrypted_data ))))); tc_ac.start; alt { [not(PICS_MULTIPLE_END_POINT)] httpPort.receive( mw_http_response( mw_http_response_ok( mw_http_message_body_binary( mw_binary_body_ieee1609dot2_data( mw_enrolmentResponseMessage( mw_encryptedData( -, mw_SymmetricCiphertext_aes128ccm ))))))) -> value v_response { tc_ac.stop; if (f_verify_pki_response_message(v_private_key, v_aes_sym_key, v_authentication_vector, vc_eaWholeHash, v_response.response.body.binary_body.ieee1609dot2_data, false, v_etsi_ts_102941_data) == false) { log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***"); log("*** " & testcasename() & ": DEBUG: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16)))), " ***"); // TODO In TITAN, this is the only way to get the unmatching in log if (match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16))))) { log("*** " & testcasename() & ": PASS: InnerEcResponse received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } else { log("*** " & testcasename() & ": FAIL: Unexpected message received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } } } [not(PICS_MULTIPLE_END_POINT)] httpPort.receive( mw_http_response( mw_http_response_ko )) { tc_ac.stop; log("*** " & testcasename() & ": FAIL: Unexpected message received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected message not received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); } } // End of 'alt' statement // Postamble f_cfHttpDown(); } // End of testcase TC_SECPKI_EA_ENR_02_BV /** * @desc The outermost structure is an EtsiTs103097Data-Encrypted structure containing * the component recipients containing one instance of RecipientInfo of choice * pskRecipInfo, which contains the HashedId8 of the symmetric key used by the * ITS-S to encrypt the EnrolmentRequest message to which the response is built * and containing the component ciphertext, once decrypted, contains an * EtsiTs103097Data-Signed structure *
       * Pics Selection: PICS_IUT_EA_ROLE
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives an EnrolmentRequestMessage
       *         }
       *         then {
       *             the IUT sends an EtsiTs103097Data-Encrypted structure
       *                 containing recipients
       *                     containing one instance of RecipientInfo of choice pskRecipInfo
       *                         containing the HashedId8 of the symmetric key used to encrypt the EnrolmentRequestMessage
       *                 and containing cipherText
       *                     being an encrypted EtsiTs103097Data-Signed structure
       *         }
       *     }
       * 
* * @see ETSI TS 103 525-2 v0.0.10 TP SECPKI_EA_ENR_03_BV * @reference ETSI TS 102 941, clause 6.2.3.2.2 */ testcase TC_SECPKI_EA_ENR_03_BV() runs on ItsPkiHttp system ItsPkiHttpSystem { // Local variables var Oct32 v_private_key; var Oct32 v_public_compressed_key; var integer v_compressed_mode; var Oct32 v_request_hash; var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data; var Oct16 v_aes_sym_key; var Oct16 v_encrypted_sym_key; var Oct16 v_authentication_vector; var Oct12 v_nonce; var octetstring v_salt; var HeaderLines v_headers; var HttpMessage v_response; var EtsiTs102941Data v_etsi_ts_102941_data; // Test control if (not PICS_IUT_EA_ROLE) { log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***"); setverdict(inconc); stop; } // Test component configuration f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID); // Test adapter configuration // Preamble f_http_build_inner_ec_request(v_private_key, v_public_compressed_key, v_compressed_mode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash); f_init_default_headers_list(-, "inner_ec_request", v_headers); httpPort.send( m_http_request( m_http_request_post( PICS_HTTP_POST_URI_EC, v_headers, m_http_message_body_binary( m_binary_body_ieee1609dot2_data( v_ieee1609dot2_signed_and_encrypted_data ))))); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body tc_ac.start; alt { [not(PICS_MULTIPLE_END_POINT)] httpPort.receive( mw_http_response( mw_http_response_ok( mw_http_message_body_binary( mw_binary_body_ieee1609dot2_data( mw_enrolmentResponseMessage( mw_encryptedData( -, mw_SymmetricCiphertext_aes128ccm ))))))) -> value v_response { tc_ac.stop; if (f_verify_pki_response_message(v_private_key, v_aes_sym_key, v_authentication_vector, vc_eaWholeHash, v_response.response.body.binary_body.ieee1609dot2_data, true, v_etsi_ts_102941_data) == false) { log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***"); log("*** " & testcasename() & ": DEBUG: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16)))), " ***"); // TODO In TITAN, this is the only way to get the unmatching in log if (match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16))))) { log("*** " & testcasename() & ": PASS: InnerEcResponse received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } else { log("*** " & testcasename() & ": FAIL: Unexpected message received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } } } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected message not received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); } } // End of 'alt' statement // Postamble f_cfHttpDown(); } // End of testcase TC_SECPKI_EA_ENR_03_BV /** * @desc If the ITS-S has been able to decrypt the content, this expected EtsiTs103097Data-Signed structure shall * contain hashId, tbsData, signer and signature. The hashId shall indicate the hash algorithm to be used as * specified in ETSI TS 103 097, the signer shall be declared as a digest, containing the HashedId8 of the * EA certificate and the signature over tbsData shall be computed using the EA private key corresponding to * its publicVerificationKey found in the referenced EA certificate. *
       * Pics Selection: PICS_IUT_EA_ROLE
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives an EnrolmentRequestMessage
       *         }
       *         then {
       *             the IUT sends an EtsiTs103097Data-Encrypted structure
       *                 containing an encrypted EtsiTs103097Data-Signed structure
       *                     containing hashId
       *                        indicating the hash algorithm to be used as specified in ETSI TS 103 097
       *                     and containing tbsData
       *                     and containing signer
       *                         declared as a digest
       *                             containing the HashedId8 of the EA certificate
       *                     and containing signature
       *                         computed over tbsData
       *                             using the EA private key
       *                                 corresponding to the publicVerificationKey found in the referenced EA certificate
       *         }
       *     }
       * 
* * @see ETSI TS 103 525-2 v0.0.10 TP SECPKI_EA_ENR_04_BV * @reference ETSI TS 102 941, clause 6.2.3.2.2 */ testcase TC_SECPKI_EA_ENR_04_BV() runs on ItsPkiHttp system ItsPkiHttpSystem { // Local variables var Oct32 v_private_key; var Oct32 v_public_compressed_key; var integer v_compressed_mode; var Oct32 v_request_hash; var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data; var Oct16 v_aes_sym_key; var Oct16 v_encrypted_sym_key; var Oct16 v_authentication_vector; var Oct12 v_nonce; var octetstring v_salt; var HeaderLines v_headers; var HttpMessage v_response; var EtsiTs102941Data v_etsi_ts_102941_data; // Test control if (not PICS_IUT_EA_ROLE) { log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***"); setverdict(inconc); stop; } // Test component configuration f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID); // Test adapter configuration // Preamble f_http_build_inner_ec_request(v_private_key, v_public_compressed_key, v_compressed_mode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash); f_init_default_headers_list(-, "inner_ec_request", v_headers); httpPort.send( m_http_request( m_http_request_post( PICS_HTTP_POST_URI_EC, v_headers, m_http_message_body_binary( m_binary_body_ieee1609dot2_data( v_ieee1609dot2_signed_and_encrypted_data ))))); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body tc_ac.start; alt { [not(PICS_MULTIPLE_END_POINT)] httpPort.receive( mw_http_response( mw_http_response_ok( mw_http_message_body_binary( mw_binary_body_ieee1609dot2_data( mw_enrolmentResponseMessage( mw_encryptedData( -, mw_SymmetricCiphertext_aes128ccm ))))))) -> value v_response { tc_ac.stop; if (f_verify_pki_response_message(v_private_key, v_aes_sym_key, v_authentication_vector, vc_eaWholeHash, v_response.response.body.binary_body.ieee1609dot2_data, true, v_etsi_ts_102941_data) == false) { log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***"); log("*** " & testcasename() & ": DEBUG: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16)))), " ***"); // TODO In TITAN, this is the only way to get the unmatching in log if (match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16))))) { if (f_verify_ec_certificate(v_etsi_ts_102941_data.content.enrolmentResponse.certificate, vc_eaCertificate, v_public_compressed_key, v_compressed_mode)) { log("*** " & testcasename() & ": PASS: Well-secured EA certificate received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } else { log("*** " & testcasename() & ": FAIL: Cannot verify EC certificate signature ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } } else { log("*** " & testcasename() & ": FAIL: Unexpected message received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } } } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected message not received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); } } // End of 'alt' statement // Postamble f_cfHttpDown(); } // End of testcase TC_SECPKI_EA_ENR_04_BV /** * @desc Within the headerInfo of the tbsData, the psid shall be set to “secured certificate request� as assigned in * ETSI TS 102 965 and the generationTime shall be present. *
       * Pics Selection: PICS_IUT_EA_ROLE
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives an EnrolmentRequestMessage
       *         }
       *         then {
       *             the IUT sends an EtsiTs103097Data-Encrypted structure
       *                 containing an encrypted EtsiTs103097Data-Signed structure
       *                     containing tbsData
       *                         containing headerInfo
       *                             containing psid
       *                                 indicating AID_CERT_REQ
       *                             and containing generationTime
       *         }
       *     }
       * 
* * @see ETSI TS 103 525-2 v0.0.10 TP SECPKI_EA_ENR_05_BV * @reference ETSI TS 102 941, clause 6.2.3.2.2 */ testcase TC_SECPKI_EA_ENR_05_BV() runs on ItsPkiHttp system ItsPkiHttpSystem { // Local variables var Oct32 v_private_key; var Oct32 v_public_compressed_key; var integer v_compressed_mode; var Oct32 v_request_hash; var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data; var Oct16 v_aes_sym_key; var Oct16 v_encrypted_sym_key; var Oct16 v_authentication_vector; var Oct12 v_nonce; var octetstring v_salt; var HeaderLines v_headers; var HttpMessage v_response; var EtsiTs102941Data v_etsi_ts_102941_data; // Test control if (not PICS_IUT_EA_ROLE) { log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***"); setverdict(inconc); stop; } // Test component configuration f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID); // Test adapter configuration // Preamble f_http_build_inner_ec_request(v_private_key, v_public_compressed_key, v_compressed_mode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash); f_init_default_headers_list(-, "inner_ec_request", v_headers); httpPort.send( m_http_request( m_http_request_post( PICS_HTTP_POST_URI_EC, v_headers, m_http_message_body_binary( m_binary_body_ieee1609dot2_data( v_ieee1609dot2_signed_and_encrypted_data ))))); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body tc_ac.start; alt { [not(PICS_MULTIPLE_END_POINT)] httpPort.receive( mw_http_response( mw_http_response_ok( mw_http_message_body_binary( mw_binary_body_ieee1609dot2_data( mw_enrolmentResponseMessage( mw_encryptedData( -, mw_SymmetricCiphertext_aes128ccm ))))))) -> value v_response { tc_ac.stop; if (f_verify_pki_response_message(v_private_key, v_aes_sym_key, v_authentication_vector, vc_eaWholeHash, v_response.response.body.binary_body.ieee1609dot2_data, true, v_etsi_ts_102941_data) == false) { log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***"); log("*** " & testcasename() & ": DEBUG: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16)))), " ***"); // TODO In TITAN, this is the only way to get the unmatching in log if (match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16))))) { if (f_verify_ec_certificate(v_etsi_ts_102941_data.content.enrolmentResponse.certificate, vc_eaCertificate, v_public_compressed_key, v_compressed_mode)) { log("*** " & testcasename() & ": PASS: Well-secured EC certificate received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } else { log("*** " & testcasename() & ": FAIL: Cannot verify EC certificate signature ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } } else { log("*** " & testcasename() & ": FAIL: Unexpected message received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } } } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected message not received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); } } // End of 'alt' statement // Postamble f_cfHttpDown(); } // End of testcase TC_SECPKI_EA_ENR_05_BV /** * @desc Within the headerInfo of the tbsData, aside from psid and generationTime, * all other components of the component tbsData.headerInfo not used and absent. *
       * Pics Selection: PICS_IUT_EA_ROLE
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives an EnrolmentRequestMessage
       *         }
       *         then {
       *             the IUT sends an EtsiTs103097Data-Encrypted structure
       *                 containing an encrypted EtsiTs103097Data-Signed structure
       *                     containing tbsData
       *                         containing headerInfo
       *                             containing psid
       *                             and containing generationTime
       *         }
       *     }
       * 
* * @see ETSI TS 103 525-2 v0.0.10 TP SECPKI_EA_ENR_06_BV * @reference ETSI TS 102 941, clause 6.2.3.2.2 */ testcase TC_SECPKI_EA_ENR_06_BV() runs on ItsPkiHttp system ItsPkiHttpSystem { // Local variables var Oct32 v_private_key; var Oct32 v_public_compressed_key; var integer v_compressed_mode; var Oct32 v_request_hash; var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data; var Oct16 v_aes_sym_key; var Oct16 v_encrypted_sym_key; var Oct16 v_authentication_vector; var Oct12 v_nonce; var octetstring v_salt; var HeaderLines v_headers; var HttpMessage v_response; var EtsiTs102941Data v_etsi_ts_102941_data; // Test control if (not PICS_IUT_EA_ROLE) { log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***"); setverdict(inconc); stop; } // Test component configuration f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID); // Test adapter configuration // Preamble f_http_build_inner_ec_request(v_private_key, v_public_compressed_key, v_compressed_mode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash); f_init_default_headers_list(-, "inner_ec_request", v_headers); httpPort.send( m_http_request( m_http_request_post( PICS_HTTP_POST_URI_EC, v_headers, m_http_message_body_binary( m_binary_body_ieee1609dot2_data( v_ieee1609dot2_signed_and_encrypted_data ))))); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body tc_ac.start; alt { [not(PICS_MULTIPLE_END_POINT)] httpPort.receive( mw_http_response( mw_http_response_ok( mw_http_message_body_binary( mw_binary_body_ieee1609dot2_data( mw_enrolmentResponseMessage( mw_encryptedData( -, mw_SymmetricCiphertext_aes128ccm ))))))) -> value v_response { tc_ac.stop; if (f_verify_pki_response_message(v_private_key, v_aes_sym_key, v_authentication_vector, vc_eaWholeHash, v_response.response.body.binary_body.ieee1609dot2_data, true, v_etsi_ts_102941_data) == false) { log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***"); log("*** " & testcasename() & ": DEBUG: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16)))), " ***"); // TODO In TITAN, this is the only way to get the unmatching in log if (match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16))))) { if (f_verify_ec_certificate(v_etsi_ts_102941_data.content.enrolmentResponse.certificate, vc_eaCertificate, v_public_compressed_key, v_compressed_mode)) { log("*** " & testcasename() & ": PASS: Well-secured EC certificate received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } else { log("*** " & testcasename() & ": FAIL: Cannot verify EC certificate signature ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } } else { log("*** " & testcasename() & ": FAIL: Unexpected message received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } } } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected message not received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); } } // End of 'alt' statement // Postamble f_cfHttpDown(); } // End of testcase TC_SECPKI_EA_ENR_06_BV /** * @desc The EtsiTS102941Data shall contain the version set to v1 (integer value set to 1) * and the content set to InnerECResponse. *
       * Pics Selection: PICS_IUT_EA_ROLE
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives an EnrolmentRequestMessage
       *         }
       *         then {
       *             the IUT sends an EtsiTs103097Data-Encrypted structure
       *                 containing an encrypted EtsiTs103097Data-Signed structure
       *                     containing tbsData
       *                         containing EtsiTS102941Data
       *                             containing version
       *                                 indicating v1 (integer value set to 1)
       *         }
       *     }
       * 
* * @see ETSI TS 103 525-2 v0.0.10 TP SECPKI_EA_ENR_07_BV * @reference ETSI TS 102 941, clause 6.2.3.2.2 */ testcase TC_SECPKI_EA_ENR_07_BV() runs on ItsPkiHttp system ItsPkiHttpSystem { // Local variables var Oct32 v_private_key; var Oct32 v_public_compressed_key; var integer v_compressed_mode; var Oct32 v_request_hash; var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data; var Oct16 v_aes_sym_key; var Oct16 v_encrypted_sym_key; var Oct16 v_authentication_vector; var Oct12 v_nonce; var octetstring v_salt; var HeaderLines v_headers; var HttpMessage v_response; var EtsiTs102941Data v_etsi_ts_102941_data; // Test control if (not PICS_IUT_EA_ROLE) { log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***"); setverdict(inconc); stop; } // Test component configuration f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID); // Test adapter configuration // Preamble f_http_build_inner_ec_request(v_private_key, v_public_compressed_key, v_compressed_mode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash); f_init_default_headers_list(-, "inner_ec_request", v_headers); httpPort.send( m_http_request( m_http_request_post( PICS_HTTP_POST_URI_EC, v_headers, m_http_message_body_binary( m_binary_body_ieee1609dot2_data( v_ieee1609dot2_signed_and_encrypted_data ))))); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body tc_ac.start; alt { [not(PICS_MULTIPLE_END_POINT)] httpPort.receive( mw_http_response( mw_http_response_ok( mw_http_message_body_binary( mw_binary_body_ieee1609dot2_data( mw_enrolmentResponseMessage( mw_encryptedData( -, mw_SymmetricCiphertext_aes128ccm ))))))) -> value v_response { tc_ac.stop; if (f_verify_pki_response_message(v_private_key, v_aes_sym_key, v_authentication_vector, vc_eaWholeHash, v_response.response.body.binary_body.ieee1609dot2_data, true, v_etsi_ts_102941_data) == false) { log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***"); log("*** " & testcasename() & ": DEBUG: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16)))), " ***"); // TODO In TITAN, this is the only way to get the unmatching in log if (match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16))))) { log("*** " & testcasename() & ": PASS: Well-secured EA certificate received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } else { log("*** " & testcasename() & ": FAIL: Unexpected message received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } } } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected message not received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); } } // End of 'alt' statement // Postamble f_cfHttpDown(); } // End of testcase TC_SECPKI_EA_ENR_07_BV /** * @desc The InnerECResponse shall contain the requestHash, which is the left-most 16 octets of the SHA256 digest of the * EtsiTs103097Data - Signed structure received in the request and a responseCode indicating the result of the request. *
       * Pics Selection: PICS_IUT_EA_ROLE
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives an EnrolmentRequestMessage
       *         }
       *         then {
       *             the IUT sends an EtsiTs103097Data-Encrypted structure
       *                 containing an encrypted EtsiTs103097Data-Signed structure
       *                     containing tbsData
       *                         containing EtsiTS102941Data
       *                             containing requestHash
       *                                 indicating the left-most 16 octets of the SHA256 digest of the EtsiTs103097Data-Signed structure received in the request
       *                             and containing responseCode
       *         }
       *     }
       * 
* * @see ETSI TS 103 525-2 v0.0.10 TP SECPKI_EA_ENR_08_BV * @reference ETSI TS 102 941, clause 6.2.3.2.2 */ testcase TC_SECPKI_EA_ENR_08_BV() runs on ItsPkiHttp system ItsPkiHttpSystem { // Local variables var Oct32 v_private_key; var Oct32 v_public_compressed_key; var integer v_compressed_mode; var Oct32 v_request_hash; var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data; var Oct16 v_aes_sym_key; var Oct16 v_encrypted_sym_key; var Oct16 v_authentication_vector; var Oct12 v_nonce; var octetstring v_salt; var HeaderLines v_headers; var HttpMessage v_response; var EtsiTs102941Data v_etsi_ts_102941_data; // Test control if (not PICS_IUT_EA_ROLE) { log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***"); setverdict(inconc); stop; } // Test component configuration f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID); // Test adapter configuration // Preamble f_http_build_inner_ec_request(v_private_key, v_public_compressed_key, v_compressed_mode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash); f_init_default_headers_list(-, "inner_ec_request", v_headers); httpPort.send( m_http_request( m_http_request_post( PICS_HTTP_POST_URI_EC, v_headers, m_http_message_body_binary( m_binary_body_ieee1609dot2_data( v_ieee1609dot2_signed_and_encrypted_data ))))); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body tc_ac.start; alt { [not(PICS_MULTIPLE_END_POINT)] httpPort.receive( mw_http_response( mw_http_response_ok( mw_http_message_body_binary( mw_binary_body_ieee1609dot2_data( mw_enrolmentResponseMessage( mw_encryptedData( -, mw_SymmetricCiphertext_aes128ccm ))))))) -> value v_response { tc_ac.stop; if (f_verify_pki_response_message(v_private_key, v_aes_sym_key, v_authentication_vector, vc_eaWholeHash, v_response.response.body.binary_body.ieee1609dot2_data, true, v_etsi_ts_102941_data) == false) { log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***"); log("*** " & testcasename() & ": DEBUG: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16)))), " ***"); // TODO In TITAN, this is the only way to get the unmatching in log if (match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16))))) { log("*** " & testcasename() & ": PASS: Well-secured EA certificate received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } else { log("*** " & testcasename() & ": FAIL: Unexpected message received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } } } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected message not received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); } } // End of 'alt' statement // Postamble f_cfHttpDown(); } // End of testcase TC_SECPKI_EA_ENR_08_BV /** * @desc If the responseCode is 0, the InnerECResponse shall also contain an (enrolment) certificate. *
       * Pics Selection: PICS_IUT_EA_ROLE
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives an EnrolmentRequestMessage
       *         }
       *         then {
       *             the IUT sends an EtsiTs103097Data-Encrypted structure
       *                 containing an encrypted EtsiTs103097Data-Signed structure
       *                     containing tbsData
       *                         containing EtsiTS102941Data
       *                             containing InnerECResponse
       *                                 containing an enrolment certificate
       *         }
       *     }
       * 
* * @see ETSI TS 103 525-2 v0.0.10 TP SECPKI_EA_ENR_09_BV * @reference ETSI TS 102 941, clause 6.2.3.2.2 */ testcase TC_SECPKI_EA_ENR_09_BV() runs on ItsPkiHttp system ItsPkiHttpSystem { // Local variables var Oct32 v_private_key; var Oct32 v_public_compressed_key; var integer v_compressed_mode; var Oct32 v_request_hash; var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data; var Oct16 v_aes_sym_key; var Oct16 v_encrypted_sym_key; var Oct16 v_authentication_vector; var Oct12 v_nonce; var octetstring v_salt; var HeaderLines v_headers; var HttpMessage v_response; var EtsiTs102941Data v_etsi_ts_102941_data; // Test control if (not PICS_IUT_EA_ROLE) { log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***"); setverdict(inconc); stop; } // Test component configuration f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID); // Test adapter configuration // Preamble f_http_build_inner_ec_request(v_private_key, v_public_compressed_key, v_compressed_mode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash); f_init_default_headers_list(-, "inner_ec_request", v_headers); httpPort.send( m_http_request( m_http_request_post( PICS_HTTP_POST_URI_EC, v_headers, m_http_message_body_binary( m_binary_body_ieee1609dot2_data( v_ieee1609dot2_signed_and_encrypted_data ))))); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body tc_ac.start; alt { [not(PICS_MULTIPLE_END_POINT)] httpPort.receive( mw_http_response( mw_http_response_ok( mw_http_message_body_binary( mw_binary_body_ieee1609dot2_data( mw_enrolmentResponseMessage( mw_encryptedData( { mw_recipientInfo_pskRecipInfo }, mw_SymmetricCiphertext_aes128ccm ))))))) -> value v_response { tc_ac.stop; if (f_verify_pki_response_message(v_private_key, v_aes_sym_key, v_authentication_vector, vc_eaWholeHash, v_response.response.body.binary_body.ieee1609dot2_data, true, v_etsi_ts_102941_data) == false) { log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***"); log("*** " & testcasename() & ": DEBUG: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16), mw_etsiTs103097Certificate(-, mw_toBeSignedCertificate_ec, -)))), " ***"); // TODO In TITAN, this is the only way to get the unmatching in log if (match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16), mw_etsiTs103097Certificate(-, mw_toBeSignedCertificate_ec, -))))) { if (f_verify_ec_certificate(v_etsi_ts_102941_data.content.enrolmentResponse.certificate, vc_eaCertificate, v_public_compressed_key, v_compressed_mode) == true) { log("*** " & testcasename() & ": PASS: Well-secured EC certificate received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } else { log("*** " & testcasename() & ": FAIL: EC certificate is not proerly formated ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } } else { log("*** " & testcasename() & ": FAIL: Unexpected message received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } } } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected message not received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); } } // End of 'alt' statement // Postamble f_cfHttpDown(); } // End of testcase TC_SECPKI_EA_ENR_09_BV /** * @desc If the responseCode is different than 0, the InnerECResponse shall not contain a certificate. *
       * Pics Selection: PICS_IUT_EA_ROLE
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives an EnrolmentRequestMessage
       *         }
       *         then {
       *             the IUT sends an EtsiTs103097Data-Encrypted structure
       *                 containing an encrypted EtsiTs103097Data-Signed structure
       *                     containing tbsData
       *                         containing EtsiTS102941Data
       *                             containing InnerECResponse
       *                                 not containing a certificate
       *         }
       *     }
       * 
* * @see ETSI TS 103 525-2 v0.0.10 TP SECPKI_EA_ENR_10_BV * @reference ETSI TS 102 941, clause 6.2.3.2.2 */ testcase TC_SECPKI_EA_ENR_10_BV() runs on ItsPkiHttp system ItsPkiHttpSystem { // Local variables var Oct32 v_private_key; var Oct32 v_public_compressed_key; var integer v_compressed_mode; var Oct32 v_request_hash; var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data; var Oct16 v_aes_sym_key; var Oct16 v_encrypted_sym_key; var Oct16 v_authentication_vector; var Oct12 v_nonce; var octetstring v_salt; var HeaderLines v_headers; var HttpMessage v_response; var EtsiTs102941Data v_etsi_ts_102941_data; // Test control if (not PICS_IUT_EA_ROLE) { log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***"); setverdict(inconc); stop; } // Test component configuration f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID); // Test adapter configuration // Preamble f_http_build_invalid_enrolment_request(v_private_key, v_public_compressed_key, v_compressed_mode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash); f_init_default_headers_list(-, "inner_ec_request", v_headers); httpPort.send( m_http_request( m_http_request_post( PICS_HTTP_POST_URI_EC, v_headers, m_http_message_body_binary( m_binary_body_ieee1609dot2_data( v_ieee1609dot2_signed_and_encrypted_data ))))); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body tc_ac.start; alt { [not(PICS_MULTIPLE_END_POINT)] httpPort.receive( mw_http_response( mw_http_response_ok( mw_http_message_body_binary( mw_binary_body_ieee1609dot2_data( mw_enrolmentResponseMessage( mw_encryptedData( -, mw_SymmetricCiphertext_aes128ccm ))))))) -> value v_response { tc_ac.stop; if (f_verify_pki_response_message(v_private_key, v_aes_sym_key, v_authentication_vector, vc_eaWholeHash, v_response.response.body.binary_body.ieee1609dot2_data, true, v_etsi_ts_102941_data) == false) { log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***"); if (match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ko))) { log("*** " & testcasename() & ": PASS: Well-secured EA certificate received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } else { log("*** " & testcasename() & ": FAIL: Unexpected message received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } } } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected message not received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); } } // End of 'alt' statement // Postamble f_cfHttpDown(); } // End of testcase TC_SECPKI_EA_ENR_10_BV /** * @desc Check that signing of Enrolment response message is permitted by the EA certificate. *
       * Pics Selection: PICS_IUT_EA_ROLE
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives an EnrolmentRequestMessage
       *         }
       *         then {
       *             the IUT sends an EtsiTs103097Data-Encrypted structure
       *                 containing an encrypted EtsiTs103097Data-Signed structure
       *                     containing signer
       *                         declared as a digest
       *                             containing the HashedId8 of the EA certificate
       *                                 containing appPermissions
       *                                     containing an item of type PsidSsp
       *                                         containing psid
       *                                             indicating AID_CERT_REQ
       *                                         and containing ssp
       *                                             containing opaque[0] (version) 
       *                                                 indicating 1
       *                                             containing opaque[1] (value) 
       *                                                 indicating bit "Enrolment Response" (5) set to 1
       *         }
       *     }
       * 
* * @see ETSI TS 103 525-2 v0.0.10 TP SECPKI_EA_ENR_11_BV * @reference ETSI TS 102 941, clause B[5] */ testcase TC_SECPKI_EA_ENR_11_BV() runs on ItsPkiHttp system ItsPkiHttpSystem { // Local variables var Oct32 v_private_key; var Oct32 v_public_compressed_key; var integer v_compressed_mode; var Oct32 v_request_hash; var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data; var Oct16 v_aes_sym_key; var Oct16 v_encrypted_sym_key; var Oct16 v_authentication_vector; var Oct12 v_nonce; var octetstring v_salt; var HeaderLines v_headers; var HttpMessage v_response; var EtsiTs102941Data v_etsi_ts_102941_data; // Test control if (not PICS_IUT_EA_ROLE) { log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***"); setverdict(inconc); stop; } // Test component configuration f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID); // Test adapter configuration // Preamble f_http_build_inner_ec_request(v_private_key, v_public_compressed_key, v_compressed_mode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash); f_init_default_headers_list(-, "inner_ec_request", v_headers); httpPort.send( m_http_request( m_http_request_post( PICS_HTTP_POST_URI_EC, v_headers, m_http_message_body_binary( m_binary_body_ieee1609dot2_data( v_ieee1609dot2_signed_and_encrypted_data ))))); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body tc_ac.start; alt { [not(PICS_MULTIPLE_END_POINT)] httpPort.receive( mw_http_response( mw_http_response_ok( mw_http_message_body_binary( mw_binary_body_ieee1609dot2_data( mw_enrolmentResponseMessage( mw_encryptedData( { mw_recipientInfo_pskRecipInfo }, mw_SymmetricCiphertext_aes128ccm ))))))) -> value v_response { tc_ac.stop; if (f_verify_pki_response_message(v_private_key, v_aes_sym_key, v_authentication_vector, vc_eaWholeHash, v_response.response.body.binary_body.ieee1609dot2_data, true, v_etsi_ts_102941_data) == false) { log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***"); log("*** " & testcasename() & ": DEBUG: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16), mw_etsiTs103097Certificate(-, mw_toBeSignedCertificate_ec, -)))), " ***"); // TODO In TITAN, this is the only way to get the unmatching in log if (match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16), mw_etsiTs103097Certificate(-, mw_toBeSignedCertificate_ec, -))))) { if (f_verify_ec_certificate(v_etsi_ts_102941_data.content.enrolmentResponse.certificate, vc_eaCertificate, v_public_compressed_key, v_compressed_mode) == true) { log("*** " & testcasename() & ": PASS: Well-secured EC certificate received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } else { log("*** " & testcasename() & ": FAIL: EC certificate is not proerly formated ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } } else { log("*** " & testcasename() & ": FAIL: Unexpected message received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } } } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected message not received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); } } // End of 'alt' statement // Postamble f_cfHttpDown(); } // End of testcase TC_SECPKI_EA_ENR_11_BV /** * @desc Check that generated EC certificate contains only allowed permissions. *
       * Pics Selection: PICS_IUT_EA_ROLE
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives an EnrolmentRequestMessage
       *         }
       *         then {
       *             the EC_CERT
       *                 containing appPermissions
       *                     containing an item of type PsidSsp
       *                         containing psid
       *                             indicating AID_CERT_REQ
       *                         and containing ssp
       *                             containing opaque[0] (version) 
       *                                 indicating 1
       *                             containing opaque[1] (value) 
       *                                 indicating "Enrolment Request" (bit 0) set to 1
       *                                 indicating "Authorization Request" (bit 1) set to 1
       *                                 indicating other bits set to 0
       *                     and NOT containing an item of type PsidSsp
       *                         containing psid
       *                             indicating AID_CTL
       *                     and NOT containing an item of type PsidSsp
       *                         containing psid
       *                             indicating AID_CRL
       *         }
       *     }
       * 
* * @see ETSI TS 103 525-2 v0.0.10 TP SECPKI_EA_ENR_12_BV * @reference ETSI TS 102 941, clause B[5] */ testcase TC_SECPKI_EA_ENR_12_BV() runs on ItsPkiHttp system ItsPkiHttpSystem { // Local variables var Oct32 v_private_key; var Oct32 v_public_compressed_key; var integer v_compressed_mode; var Oct32 v_request_hash; var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data; var Oct16 v_aes_sym_key; var Oct16 v_encrypted_sym_key; var Oct16 v_authentication_vector; var Oct12 v_nonce; var octetstring v_salt; var HeaderLines v_headers; var HttpMessage v_response; var EtsiTs102941Data v_etsi_ts_102941_data; // Test control if (not PICS_IUT_EA_ROLE) { log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***"); setverdict(inconc); stop; } // Test component configuration f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID); // Test adapter configuration // Preamble f_http_build_inner_ec_request(v_private_key, v_public_compressed_key, v_compressed_mode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash); f_init_default_headers_list(-, "inner_ec_request", v_headers); httpPort.send( m_http_request( m_http_request_post( PICS_HTTP_POST_URI_EC, v_headers, m_http_message_body_binary( m_binary_body_ieee1609dot2_data( v_ieee1609dot2_signed_and_encrypted_data ))))); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body tc_ac.start; alt { [not(PICS_MULTIPLE_END_POINT)] httpPort.receive( mw_http_response( mw_http_response_ok( mw_http_message_body_binary( mw_binary_body_ieee1609dot2_data( mw_enrolmentResponseMessage( mw_encryptedData( { mw_recipientInfo_pskRecipInfo }, mw_SymmetricCiphertext_aes128ccm ))))))) -> value v_response { tc_ac.stop; if (f_verify_pki_response_message(v_private_key, v_aes_sym_key, v_authentication_vector, vc_eaWholeHash, v_response.response.body.binary_body.ieee1609dot2_data, true, v_etsi_ts_102941_data) == false) { log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***"); log("*** " & testcasename() & ": DEBUG: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16), mw_etsiTs103097Certificate(-, mw_toBeSignedCertificate_ec, -)))), " ***"); // TODO In TITAN, this is the only way to get the unmatching in log if (match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16), mw_etsiTs103097Certificate(-, mw_toBeSignedCertificate_ec, -))))) { if (f_verify_ec_certificate(v_etsi_ts_102941_data.content.enrolmentResponse.certificate, vc_eaCertificate, v_public_compressed_key, v_compressed_mode) == true) { log("*** " & testcasename() & ": PASS: Well-secured EC certificate received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } else { log("*** " & testcasename() & ": FAIL: EC certificate is not proerly formated ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } } else { log("*** " & testcasename() & ": FAIL: Unexpected message received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } } } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected message not received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); } } // End of 'alt' statement // Postamble f_cfHttpDown(); } // End of testcase TC_SECPKI_EA_ENR_12_BV } // End of group enrolment_response group authorization_validation_request { /** * @desc The AuthorizationValidationResponse message shall be sent by the EA to the AA across the interface * at reference point S4 in response to a received AuthorizationValidationRequest message *
       * Pics Selection: PICS_IUT_EA_ROLE
       * Initial conditions: 
       *     with {
       *         the IUT being in the "operational state"
       *     }
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives a AuthorizationValidationRequest message
       *         }
       *         then {
       *             the IUT sends a AuthorizationValidationResponse message
       *                 across the reference point S4 to the AA
       *         }
       *     }
       * 
* * @see ETSI TS 103 525-2 v0.0.10 TP SECPKI_EA_AUTHVAL_RCV_01_BV * @reference ETSI TS 102 941, clause 6.2.3.4 */ testcase TC_SECPKI_EA_AUTHVAL_RCV_01_BV() runs on ItsPkiHttp system ItsPkiHttpSystem { // Local variables var Oct32 v_private_key_ec; var Oct32 v_public_compressed_key_ec; var integer v_compressed_key_mode_ec; var InnerEcResponse v_inner_ec_response; var Oct32 v_private_key_at; var Oct32 v_public_compressed_key_at; var integer v_compressed_key_mode_at; var Oct32 v_private_enc_key_at; var Oct32 v_public_compressed_enc_key_at; var integer v_compressed_enc_mode_at; var InnerAtRequest v_inner_at_request; var Oct32 v_request_hash; var Oct16 v_encrypted_sym_key; var Oct16 v_aes_sym_key; var Oct16 v_authentication_vector; var Oct12 v_nonce; var octetstring v_salt; var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data; var HeaderLines v_headers; var HttpMessage v_response; var EtsiTs102941Data v_etsi_ts_102941_data; // Test control if (not PICS_IUT_EA_ROLE) { log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***"); setverdict(inconc); stop; } // Test component configuration f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID); // Test adapter configuration // Preamble // Trigger an enrolment request if (f_await_http_inner_ec_request_response(v_private_key_ec, v_public_compressed_key_ec, v_compressed_key_mode_ec, v_inner_ec_response) == true) { log("*** " & testcasename() & ": INFO: Enrolment succeed ***"); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); } else { log("*** " & testcasename() & ": INCONC: Enrolment failed ***"); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout); } log("*** " & testcasename() & ": DEBUG: v_inner_ec_response= ", v_inner_ec_response); log("*** " & testcasename() & ": DEBUG: v_private_key_ec= ", v_private_key_ec); // Generate an InnerAtRequest if (f_generate_inner_at_request(vc_eaCertificate, vc_eaHashedId8, v_inner_ec_response.certificate, v_private_key_ec, v_private_key_at, v_public_compressed_key_at, v_compressed_key_mode_at, v_private_enc_key_at, v_public_compressed_enc_key_at, v_compressed_enc_mode_at, v_inner_at_request) == false) { log("*** " & testcasename() & ": ERROR: Failed to generate AuthorizationValidationRequest ***"); f_selfOrClientSyncAndVerdict("error", e_error); } log("*** " & testcasename() & ": DEBUG: v_inner_at_request= ", v_inner_at_request); log("*** " & testcasename() & ": DEBUG: v_private_key_at= ", v_private_key_at); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body f_http_build_authorization_validation_request(v_inner_at_request, v_private_key_at, v_public_compressed_key_at, v_compressed_key_mode_at, v_private_enc_key_at, v_public_compressed_enc_key_at, v_compressed_enc_mode_at, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash); f_init_default_headers_list(-, "inner_atv_request", v_headers); f_http_send( v_headers, m_http_request( m_http_request_post( PICS_HTTP_POST_URI_ATV, v_headers, m_http_message_body_binary( m_binary_body_ieee1609dot2_data( v_ieee1609dot2_signed_and_encrypted_data ))))); tc_ac.start; alt { [not(PICS_MULTIPLE_END_POINT)] httpPort.receive( mw_http_response( mw_http_response_ok( mw_http_message_body_binary( mw_binary_body_ieee1609dot2_data( mw_authorizationValidationResponseMessage( mw_encryptedData( -, mw_SymmetricCiphertext_aes128ccm ))))))) -> value v_response { tc_ac.stop; log("*** " & testcasename() & ": PASS: AuthorizationValidationResponse received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } [PICS_MULTIPLE_END_POINT] httpAtVPort.receive( mw_http_response( mw_http_response_ok( mw_http_message_body_binary( mw_binary_body_ieee1609dot2_data( mw_authorizationValidationResponseMessage( mw_encryptedData( -, mw_SymmetricCiphertext_aes128ccm ))))))) -> value v_response { tc_ac.stop; if (f_verify_pki_response_message(v_private_key_at, v_aes_sym_key, v_authentication_vector, vc_eaWholeHash, v_response.response.body.binary_body.ieee1609dot2_data, false, v_etsi_ts_102941_data) == false) { log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***"); log(match(v_etsi_ts_102941_data.content, mw_authorizationValidationResponse(mw_authorizationValidationResponse_ok(substr(v_request_hash, 0, 16), ?/*TODO To be refined*/)))); // TODO In TITAN, this is the only way to get the unmatching in log if (match(v_etsi_ts_102941_data.content, mw_authorizationValidationResponse(mw_authorizationValidationResponse_ok(substr(v_request_hash, 0, 16), ?/*TODO To be refined*/)))) { // TODO Refined expected mw_signature_ecdsaNistP256 log("*** " & testcasename() & ": PASS: Authorization was confirmation by EA ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } else { log("*** " & testcasename() & ": FAIL: Unexpected message received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } } } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected message not received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); } } // End of 'alt' statement // Postamble f_cfHttpDown(); } // End of testcase TC_SECPKI_EA_AUTHVAL_RCV_01_BV /** * @desc Check that EA doesn't accept Authorization Validation Request when * SharedAtRequest is signed with certificate without appropriate * permissions *
       * Pics Selection: PICS_IUT_EA_ROLE
       * Initial conditions: 
       *     with {
       *         the IUT being in the "operational state"
       *     }
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives a AuthorizationValidationRequest  message
       *         }
       *         then {
       *             the IUT sends a AuthorizationValidationResponse message
       *                 across the reference point S4 to the AA
       *         }
       *     }
       * 
* * @see ETSI TS 103 525-2 v0.0.10 TP SECPKI_EA_AUTHVAL_RCV_02_BI * @reference ETSI TS 102 941, clause B[5] */ testcase TC_SECPKI_EA_AUTHVAL_RCV_02_BI() runs on ItsPkiHttp system ItsPkiHttpSystem { // Local variables var Oct32 v_private_key; var Oct32 v_public_compressed_key; var integer v_compressed_mode; var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data; var HeaderLines v_headers; var HttpMessage v_response; // Test control if (not PICS_IUT_EA_ROLE) { log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***"); setverdict(inconc); stop; } // Test component configuration f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID); // Test adapter configuration // Preamble /*f_http_build_authorization_validation_request(v_private_key, v_public_compressed_key, v_compressed_mode, v_ieee1609dot2_signed_and_encrypted_data); f_init_default_headers_list(-, "inner_ec_request", v_headers); httpPort.send( m_http_request( m_http_request_post( PICS_HTTP_POST_URI_EC, v_headers, m_http_message_body_binary( m_binary_body_ieee1609dot2_data( v_ieee1609dot2_signed_and_encrypted_data ))))); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body tc_ac.start; alt { [not(PICS_MULTIPLE_END_POINT)] httpPort.receive( mw_http_response( mw_http_response_ok( mw_http_message_body_binary( mw_binary_body_ieee1609dot2_data( mw_authorizationValidationResponseMessage( mw_encryptedData( -, mw_SymmetricCiphertext_aes128ccm ))))))) -> value v_response { tc_ac.stop; log("*** " & testcasename() & ": PASS: AuthorizationValidationResponse received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected message not received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); } } // End of 'alt' statement */ // Postamble f_cfHttpDown(); } // End of testcase TC_SECPKI_EA_AUTHVAL_RCV_02_BI } // End of group authorization_validation_request group authorization_validation_response { // TODO } // End of group authorization_validation_response group authorization_response { // TODO } // End of group authorization_response group ca_ceetificate_request { // TODO } // End of group ca_ceetificate_request } // End of group ea_behavior group aa_behavior { group authorization_request { /** * @desc Check that the EA/AA is able to decrypt the AuthorizationRequest message using the encryption private key corresponding to the recipient certificate * Check that the EA/AA is able to verify the inner signature * Check that the EA/AA is able to verify the request authenticity using the hmacKey verification * Check that the EA/AA sends the AuthorizationValidationRequest message to the correspondent EA *
       * Pics Selection: PICS_IUT_AA_ROLE
       * Initial conditions: 
       *     with {
       *          the EA/AA in "operational state"
       *              authorized with the certificate CERT_AA
       *                  containing encryptionKey (AA_ENC_PUB_KEY)
       *     }
       * Expected behaviour:
       *     ensure that {
       *         when {
       *            the IUT receives an EtsiTs103097Data message
       *                containing content.encryptedData
       *                    containing recipients
       *                        containing the instance of RecipientInfo
       *                            containing certRecipInfo
       *                                containing recipientId
       *                                    indicating HashedId8 of the certificate CERT_AA
       *                                and containing encKey
       *                                    indicating symmetric key (S_KEY)
       *                                        encrypted with the private key correspondent to the AA_ENC_PUB_KEY
       *                    and containing cyphertext (ENC_DATA)
       *                        containing encrypted representation of the EtsiTs103097Data-Signed
       *                            containing content.signedData
       *                                containing hashId
       *                                    indicating valid hash algorythm
       *                and containing signer
       *                    containing self
       *                and containing tbsData (SIGNED_DATA)
       *                    containing payload
       *                        containing EtsiTs102941Data
       *                            containing content.authorizationRequest
       *                                containing publicKeys.verificationKey (V_KEY)
       *                                and containing hmacKey (HMAC)
       *                                and containing sharedAtRequest
       *                                    containing keyTag (KEY_TAG)
       *                                    and containing eaId (EA_ID)
       *                                        indicating HashedId8 of the known EA certificate
       *                and containing signature (SIGNATURE)
       *         }
       *         then {
       *            the IUT is able to decrypt the S_KEY
       *                using the private key
       *                    corresponding to the AA_ENC_PUB_KEY
       *            and the IUT is able to decrypt the cypthertext ENC_DATA
       *                using the S_KEY
       *            and the IUT is able to verify the signature SIGNATURE over the SIGNED_DATA
       *                using the V_KEY
       *            and the IUT is able to verify integrity of HMAC and KEY_TAG
       *            and the IUT sends the AuthorizationValidationRequest message to the EA
       *                identified by the EA_ID
       *         }
       *     }
       * 
* * @see ETSI TS 103 525-2 v0.0.10 SECPKI_AA_AUTH_RCV_01_BV * @reference ETSI TS 102 941, clause 6.2.3.3.1 */ testcase TC_SECPKI_AA_AUTH_RCV_01_BV() runs on ItsPkiHttp system ItsPkiHttpSystem { var Oct32 v_private_key_ec; var Oct32 v_public_compressed_key_ec; var integer v_compressed_key_mode_ec; var InnerEcResponse v_inner_ec_response; var Oct32 v_private_key_at; var Oct32 v_public_compressed_key_at; var integer p_compressed_mode_at; var Oct32 v_private_enc_key_at; var Oct32 v_public_compressed_enc_key_at; var integer v_compressed_enc_mode_at; var Oct32 v_request_hash; var Oct16 v_encrypted_sym_key; var Oct16 v_aes_sym_key; var Oct16 v_authentication_vector; var Oct12 v_nonce; var octetstring v_salt; var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data; var HeaderLines v_headers; var HttpMessage v_response; var EtsiTs102941Data v_etsi_ts_102941_data; // Test control if (not PICS_IUT_AA_ROLE) { log("*** " & testcasename() & ": PICS_IUT_AA_ROLE required for executing the TC ***"); setverdict(inconc); stop; } // Test component configuration f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID); // Test adapter configuration // Preamble if (f_await_http_inner_ec_request_response(v_private_key_ec, v_public_compressed_key_ec, v_compressed_key_mode_ec, v_inner_ec_response) == true) { log("*** " & testcasename() & ": INFO: Enrolment succeed ***"); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); } else { log("*** " & testcasename() & ": INCONC: Enrolment failed ***"); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout); } log("*** " & testcasename() & ": DEBUG: v_inner_ec_response= ", v_inner_ec_response); log("*** " & testcasename() & ": DEBUG: v_private_key_ec= ", v_private_key_ec); // Test Body f_http_build_authorization_request(v_inner_ec_response.certificate, v_private_key_ec, v_private_key_at, v_public_compressed_key_at, p_compressed_mode_at, v_private_enc_key_at, v_public_compressed_enc_key_at, v_compressed_enc_mode_at, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash); f_init_default_headers_list(-, "inner_at_request", v_headers); f_http_send( v_headers, m_http_request( m_http_request_post( PICS_HTTP_POST_URI_AT, v_headers, m_http_message_body_binary( m_binary_body_ieee1609dot2_data( v_ieee1609dot2_signed_and_encrypted_data ))))); tc_ac.start; alt { [not(PICS_MULTIPLE_END_POINT)] httpPort.receive( mw_http_response( mw_http_response_ok( mw_http_message_body_binary( mw_binary_body_ieee1609dot2_data( mw_authorizationResponseMessage( mw_encryptedData( -, mw_SymmetricCiphertext_aes128ccm ))))))) -> value v_response { tc_ac.stop; if (f_verify_pki_response_message(v_private_key_at, v_aes_sym_key, v_authentication_vector, vc_eaWholeHash, v_response.response.body.binary_body.ieee1609dot2_data, false, v_etsi_ts_102941_data) == false) { log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***"); log(match(v_etsi_ts_102941_data.content, mw_authorizationResponse(mw_innerAtResponse_ok(substr(v_request_hash, 0, 16), mw_etsiTs103097Certificate(-, mw_toBeSignedCertificate_ec, -))))); // TODO In TITAN, this is the only way to get the unmatching in log if (match(v_etsi_ts_102941_data.content, mw_authorizationResponse(mw_innerAtResponse_ok(substr(v_request_hash, 0, 16), mw_etsiTs103097Certificate(-, mw_toBeSignedCertificate_ec, -))))) { // TODO Refined expected mw_signature_ecdsaNistP256 log("*** " & testcasename() & ": PASS: Well-secured AT certificate received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } else { log("*** " & testcasename() & ": FAIL: Unexpected message received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } } } [PICS_MULTIPLE_END_POINT] httpAtPort.receive( mw_http_response( mw_http_response_ok( mw_http_message_body_binary( mw_binary_body_ieee1609dot2_data( mw_authorizationResponseMessage( mw_encryptedData( -, mw_SymmetricCiphertext_aes128ccm ))))))) -> value v_response { tc_ac.stop; if (f_verify_pki_response_message(v_private_key_at, v_aes_sym_key, v_authentication_vector, vc_eaWholeHash, v_response.response.body.binary_body.ieee1609dot2_data, false, v_etsi_ts_102941_data) == false) { log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } else { log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***"); log(match(v_etsi_ts_102941_data.content, mw_authorizationResponse(mw_innerAtResponse_ok(substr(v_request_hash, 0, 16), mw_etsiTs103097Certificate(-, mw_toBeSignedCertificate_ec, -))))); // TODO In TITAN, this is the only way to get the unmatching in log if (match(v_etsi_ts_102941_data.content, mw_authorizationResponse(mw_innerAtResponse_ok(substr(v_request_hash, 0, 16), mw_etsiTs103097Certificate(-, mw_toBeSignedCertificate_ec, -))))) { // TODO Refined expected mw_signature_ecdsaNistP256 log("*** " & testcasename() & ": PASS: Well-secured AT certificate received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); } else { log("*** " & testcasename() & ": FAIL: Unexpected message received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } } } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected message not received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); } } // End of 'alt' statement // Postamble f_cfHttpDown(); } // End of testcase TC_SECPKI_AA_AUTH_RCV_01_BV } // End of group authorization_request } // End of group aa_beavior } // End of module ItsPki_TestCases