diff --git a/data/profiles/CERT_IUT_A_1_AT.xml b/data/profiles/CERT_IUT_A_1_AT.xml
new file mode 100644
index 0000000000000000000000000000000000000000..ae33e4a543360c6a648d5c0fe9656ebf40431372
--- /dev/null
+++ b/data/profiles/CERT_IUT_A_1_AT.xml
@@ -0,0 +1,28 @@
+
+ 2
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ �ÿÿ
+ �ÿÿÿ
+
+
+
+
+
+
+
+
+
+
diff --git a/ttcn/AtsSecurity/ItsSecurity_Pics.ttcn3 b/ttcn/AtsSecurity/ItsSecurity_Pics.ttcn3
index a14fb96e71e9e98ceeedc7b729f11cdee08a3a8b..0092079e1dda573937fcc5b7beee709d9deb99ad 100644
--- a/ttcn/AtsSecurity/ItsSecurity_Pics.ttcn3
+++ b/ttcn/AtsSecurity/ItsSecurity_Pics.ttcn3
@@ -12,4 +12,9 @@ module ItsSecurity_Pics {
*/
modulepar boolean PICS_DEBUG_ADDON := false;
+ /**
+ * @desc Set to true to enable restrictions of TS 103 097 v1.2.5
+ */
+ modulepar boolean PICS_PLUGTEST_VERSION := false;
+
} // End of module ItsSecurity_Pics
diff --git a/ttcn/AtsSecurity/ItsSecurity_TestCases.ttcn3 b/ttcn/AtsSecurity/ItsSecurity_TestCases.ttcn3
index 66cabcbcf29b90ff5c62b667160beff4b21757bf..29d1b57fb10f3fee3cbf06e55e1055b9b154c044 100644
--- a/ttcn/AtsSecurity/ItsSecurity_TestCases.ttcn3
+++ b/ttcn/AtsSecurity/ItsSecurity_TestCases.ttcn3
@@ -1516,6 +1516,157 @@ module ItsSecurity_TestCases {
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_CAM_09_01_BV
+ /**
+ * @desc Check that the IUT doesn't send a secured CAM contains the signer_info of type certificate_chain
+ * when the AA certificate was previously requested and already received from another ITS-S
+ *
+ * Pics Selection: PICS_GN_SECURITY PICS_PLUGTEST_VERSION
+ * Config Id: CF01
+ * Initial conditions:
+ *
+ * with
+ * the IUT being in the 'authorized' state
+ * and the IUT is configured to send more than one CAM per second
+ * and the IUT having already sent a CAM
+ * containing header_fields['signer_info'].signer.type
+ * indicating 'certificate'
+ * at TIME_1
+ * and the IUT having received a SecuredMessage
+ * containing header_fields['request_unrecognized_certificate']
+ * containing digests
+ * containing HashedId3 value (HASH1)
+ * referencing to the AA certificate
+ * at TIME_2 (TIME_1 < TIME_2 < TIME_1+1sec)
+ * and the IUT having received a SecuredMessage
+ * containing header_fields['signer_info'].signer.type
+ * indicating 'certificate_chain'
+ * containing AA certificate
+ * having HashedId3 value of HASH1
+ * at TIME_3 (TIME_2 < TIME_3 < TIME_2+0.1sec)
+ * ensure that
+ * when
+ * the IUT is requested to send a CAM
+ * at TIME_3 (TIME_1 < TIME_2 < TIME_3 < TIME_1+1sec)
+ * then
+ * the IUT sends a SecuredMessage
+ * and containing header_fields['signer_info']
+ * containing signer
+ * containing type
+ * indicating 'digest'
+ * or indicating 'certificate'
+ *
+ * @see ETSI TS 103 096-2 v1.3.3 TP_SEC_ITSS_SND_CAM_09_02_BV
+ * @reference ETSI TS 103 097 [1], clause 7.1
+ */
+ testcase TC_SEC_ITSS_SND_CAM_09_02_BV() runs on ItsGeoNetworking system ItsSecSystem {
+
+ // Local variables
+ const float c_certificateGenerationTime := 1.0;
+
+ timer t_maxTransInterval := c_certificateGenerationTime * 1.1;
+ var GeoNetworkingInd v_geoNwInd;
+ var ItsCam v_component;
+ var SignerInfo v_si;
+
+ // Test control
+ if (not(PICS_GN_SECURITY)) {
+ log("*** " & testcasename() & ": ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
+ stop;
+ }
+ if (not(PICS_PLUGTEST_VERSION)) {
+ log("*** " & testcasename() & ": ERROR: 'PICS_PLUGTEST_VERSION' required for executing the TC ***");
+ stop;
+ }
+ // Test component configuration
+ f_cf01Up();
+
+ // Test adapter configuration
+
+ // Preamble
+ f_prNeighbour();
+ geoNetworkingPort.clear;
+ v_component := f_setCamFrequencyGreatherThan1Hz();
+ tc_ac.start;
+ alt {
+ [] geoNetworkingPort.receive(
+ mw_geoNwInd(
+ mw_geoNwSecPdu(
+ mdw_securedMessage_CAMs(
+ mw_header_field_signer_info_certificate
+ )))) -> value v_geoNwInd {
+ tc_ac.stop;
+ t_maxTransInterval.start;
+
+ f_getMsgSignerInfo(f_getSecuredMessage(v_geoNwInd.msgIn),v_si);
+ f_getCertificateSignerInfo(v_si.signerInfo.certificate, v_si);
+ log("*** " & testcasename() & ": INFO: Initial conditions: First CAM message with certificate received ***");
+
+ // Send secured message with request for unrecognized certificate
+ f_sendSecuredCam(
+ cc_taCert_A,
+ {
+ m_header_field_unrecognised_certificate( // containing digests
+ f_HashedId3FromHashedId8( // containing HashedId3 value
+ v_si.signerInfo.digest // referencing to the AA certificate
+ )
+ )
+ });
+
+ // Send secured message signed with certificate_chain
+ f_sendSecuredCam(
+ cc_taCert_A1,
+ {
+ omit,
+ e_certificate_chain
+ });
+
+ f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
+ }
+ [] tc_ac.timeout {
+ log("*** " & testcasename() & ": INCONC: Initial conditions: CAM message with certificate not received ***");
+ f_selfOrClientSyncAndVerdictPreamble("error", e_timeout);
+ }
+ } // End of 'alt' statement
+
+ // Test Body
+ tc_ac.start;
+ alt {
+ [] geoNetworkingPort.receive(
+ mw_geoNwInd(
+ mw_geoNwSecPdu(
+ mdw_securedMessage_CAMs(
+ mw_header_field_signer_info_certificate_chain
+ )))) {
+ log("*** " & testcasename() & ": FAIL: CAM retransmition with unexpected certificate_chain ***");
+ f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+ }
+ [] geoNetworkingPort.receive(
+ mw_geoNwInd(
+ mw_geoNwSecPdu(
+ mdw_securedMessage_CAMs
+ ))) {
+ log("*** " & testcasename() & ": INFO: CAM retransmission w/o certificate chain ***");
+ repeat;
+ }
+ [] t_maxTransInterval.timeout {
+ tc_ac.stop;
+ log("*** " & testcasename() & ": PASS: Generation of CAM messages including certificate chain was successfully skipped ***");
+ f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+ }
+
+ [] tc_ac.timeout {
+ log("*** " & testcasename() & ": INCONC: Expected CAM not received ***");
+ f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
+ }
+ } // End of 'alt' statement
+
+ // Postamble
+ f_terminateCam(v_component);
+ f_poNeighbour();
+ f_cf01Down();
+ } // End of testcase TC_SEC_ITSS_SND_CAM_09_02_BV
+
+
/**
* @desc Check that the sent secured CAM contains exactly one HeaderField generation_time which is inside
* the validity time of the certificate referenced by the signer_info
@@ -1640,17 +1791,20 @@ module ItsSecurity_TestCases {
) {
log("*** " & testcasename() & ": PASS: Generation time within certificate validity ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
- } else if (
- (f_getCertificateValidityRestriction(v_certificate, e_time_start_and_duration, v_validity) == true) and
- (v_generationTime >= (v_validity.validity.time_start_and_duration.start_validity * 1000000)) and
- (v_generationTime < (f_duration2time(v_validity.validity.time_start_and_duration.duration_) * 1000000))
- ) {
- log("*** " & testcasename() & ": PASS: Generation time within certificate validity ***");
- f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
- } else {
- log("*** " & testcasename() & ": FAIL: Generation time not within certificate validity ***");
- f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+ } else if (f_getCertificateValidityRestriction(v_certificate, e_time_start_and_duration, v_validity) == true) {
+ if (PICS_PLUGTEST_VERSION) {
+ log("*** " & testcasename() & ": FAIL: Usage of time_start_and_duration is forbidden in TS103097 v1.2.5 ***");
+ f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+ }
+ if ((v_generationTime >= (v_validity.validity.time_start_and_duration.start_validity * 1000000)) and
+ (v_generationTime < (f_duration2time(v_validity.validity.time_start_and_duration.duration_) * 1000000))
+ ) {
+ log("*** " & testcasename() & ": PASS: Generation time within certificate validity ***");
+ f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+ }
}
+ log("*** " & testcasename() & ": FAIL: Generation time not within certificate validity ***");
+ f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
[] geoNetworkingPort.receive(
mw_geoNwInd(
@@ -1853,6 +2007,101 @@ module ItsSecurity_TestCases {
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_CAM_14_01_BV
+ /**
+ * @desc Check that the secured CAM contains only the trailer field of type signature
+ * and no other trailer fields
+ *
+ * Pics Selection: PICS_GN_SECURITY PICS_PLUGTEST_VERSION
+ * Config Id: CF01
+ * Initial conditions:
+ * with
+ * the IUT being in the 'authorized' state
+ * ensure that
+ * when
+ * the IUT is requested to send a CAM
+ * then
+ * the IUT sends a SecuredMessage
+ * containing trailer_fields
+ * containing trailer_fields[0]
+ * containing type
+ * indicating 'signature'
+ * and not containing any other items
+
+ *
+ *
+ * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CAM_15_01_BV
+ * @reference ETSI TS 103 097 [1], clause 7.1
+ */
+ testcase TC_SEC_ITSS_SND_CAM_15_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
+
+ // Local variables
+ const integer c_nbVerification := 3;
+ var integer v_nbVerification := 0;
+ var GeoNetworkingInd v_geoNwInd;
+ var SignerInfo v_signerInfo;
+ var Certificate v_certificate;
+ var boolean v_certificateReceived := false;
+
+ // Test control
+ if (not(PICS_GN_SECURITY)) {
+ log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
+ stop;
+ }
+ if (not(PICS_PLUGTEST_VERSION)) {
+ log("*** " & testcasename() & ":ERROR: 'PICS_PLUGTEST_VERSION' required for executing the TC ***");
+ stop;
+ }
+
+ // Test component configuration
+ f_cf01Up();
+
+ // Test adapter configuration
+
+ // Preamble
+ f_prNeighbour();
+ f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
+
+ // Test Body
+ tc_ac.start;
+ alt {
+ [] geoNetworkingPort.receive(
+ mw_geoNwInd(
+ mw_geoNwSecPdu(
+ mdw_securedMessage_CAMs(?, ?,
+ superset(mw_trailer_field_signature,
+ mw_trailer_field
+ ))))){
+ tc_ac.stop;
+ log("*** " & testcasename() & ": FAIL: CAM received with more then one trailer fields");
+ f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+ }
+ [] geoNetworkingPort.receive(
+ mw_geoNwInd(
+ mw_geoNwSecPdu(
+ mdw_securedMessage_CAMs(?, ?,
+ { mw_trailer_field_signature }
+ )))){
+ tc_ac.stop;
+ log("*** " & testcasename() & ": INFO: CAM message with signature trailer received ***");
+ v_nbVerification := v_nbVerification + 1;
+ if (v_nbVerification < c_nbVerification) {
+ tc_ac.start;
+ repeat;
+ }
+ }
+ [] tc_ac.timeout {
+ log("*** " & testcasename() & ": INCONC: Expected CAM not received ***");
+ f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
+ }
+ } // End of 'alt' statement
+ log("*** " & testcasename() & ": PASS: All CAMs received with correct trailer fields count");
+ f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+
+ // Postamble
+ f_poNeighbour();
+ f_cf01Down();
+ } // End of testcase TC_SEC_ITSS_SND_CAM_15_01_BV
+
/**
* @desc Check that the secured CAM contains only one TrailerField of type signature.
@@ -2432,6 +2681,10 @@ module ItsSecurity_TestCases {
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
} else if (v_cert.validity_restrictions[v_counter].type_ == e_time_start_and_duration) {
+ if (PICS_PLUGTEST_VERSION){
+ log("*** " & testcasename() & ": FAIL: Usage of time_start_and_duration is not allowed in TS103097 v1.2.5");
+ f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+ }
v_startTime := v_cert.validity_restrictions[v_counter].validity.time_start_and_duration.start_validity * 1000000;
v_duration := f_duration2time(v_cert.validity_restrictions[v_counter].validity.time_start_and_duration.duration_) * 1000000;
if (not match(v_generationTime, Time64:(v_startTime .. v_duration))){
@@ -3001,6 +3254,108 @@ module ItsSecurity_TestCases {
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_DENM_08_01_BV
+ /**
+ * @desc Check that the secured DENM contains only the trailer field of type signature
+ * and no other trailer fields
+ *
+ * Pics Selection: PICS_GN_SECURITY and PICS_PLUGTEST_VERSION
+ * Config Id: CF01
+ * Initial conditions:
+ * with
+ * the IUT being in the 'authorized' state
+ * ensure that
+ * when
+ * the IUT is requested to send DENM
+ * then
+ * the IUT sends a SecuredMessage
+ * containing trailer_fields
+ * containing trailer_fields[0]
+ * containing type
+ * indicating 'signature'
+ * and not containing other items
+ *
+ * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_DENM_09_01_BV
+ * @reference ETSI TS 103 097 [1], clause 7.2
+ */
+ testcase TC_SEC_ITSS_SND_DENM_09_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
+ // Local variables
+ const integer c_nbVerification := 3;
+ var integer v_nbVerification := 0;
+ var ItsDenm v_denmComponent;
+
+ // Test control
+ if (not(PICS_GN_SECURITY)) {
+ log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
+ stop;
+ }
+
+ if (not(PICS_PLUGTEST_VERSION)) {
+ log("*** " & testcasename() & ":ERROR: 'PICS_PLUGTEST_VERSION' required for executing the TC ***");
+ stop;
+ }
+
+ // Test component configuration
+ f_cf01Up();
+
+ // Preamble
+ f_prNeighbour();
+ v_denmComponent := f_triggerDenmEvent();
+ f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
+
+ // Test Body
+ tc_ac.start;
+ alt {
+ [] geoNetworkingPort.receive(
+ mw_geoNwInd(
+ mw_geoNwSecPdu(
+ mdw_securedMessage_DENMs(?, ?, {
+ mw_trailer_field_signature
+ })
+ ))){
+ tc_ac.stop;
+ log("*** " & testcasename() & ": INFO: DENM message with signature trailer received ***");
+ v_nbVerification := v_nbVerification + 1;
+ if (v_nbVerification < c_nbVerification) {
+ tc_ac.start;
+ repeat;
+ }
+ }
+
+ [] geoNetworkingPort.receive(
+ mw_geoNwInd(
+ mw_geoNwSecPdu(
+ mdw_securedMessage_DENMs(?, ?, {})
+ ))) {
+ tc_ac.stop;
+ log("*** " & testcasename() & ": FAIL: DENM message with NO trailer fields received ***");
+ f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+ }
+
+ [] geoNetworkingPort.receive(
+ mw_geoNwInd(
+ mw_geoNwSecPdu(
+ mdw_securedMessage_DENMs(?, ?,
+ superset( mw_trailer_field, ? )
+ )))) {
+ tc_ac.stop;
+ log("*** " & testcasename() & ": FAIL: DENM message with more than one trailer field received ***");
+ f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+ }
+
+ [] tc_ac.timeout {
+ log("*** " & testcasename() & ": INCONC: Expected DENM not received ***");
+ f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
+ }
+ } // End of 'alt' statement
+ log("*** " & testcasename() & ": PASS: DENM received with correct signature");
+ f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+
+ // Postamble
+ f_cancelDenmEvent(v_denmComponent);
+ f_poNeighbour();
+ f_cf01Down();
+ } // End of testcase TC_SEC_ITSS_SND_DENM_09_01_BV
+
/**
* @desc Check that the secured DENM contains only one TrailerField of type signature.
* Check that the signature contained in the SecuredMessage is calculated
@@ -3526,13 +3881,6 @@ module ItsSecurity_TestCases {
v_cert := v_headerField.headerField.signer.signerInfo.certificate;
for (v_counter := 0; v_counter < lengthof(v_cert.validity_restrictions); v_counter := v_counter + 1) {
- if (v_cert.validity_restrictions[v_counter].type_ == e_time_end) {
- v_endTime := v_cert.validity_restrictions[v_counter].validity.end_validity * 1000000;
- if (v_generationTime > v_endTime ) {
- log("*** " & testcasename() & ": FAIL: Beacon generation time is not inside the validity of the certificate");
- f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
- }
- }
if (v_cert.validity_restrictions[v_counter].type_ == e_time_end) {
v_endTime := v_cert.validity_restrictions[v_counter].validity.end_validity * 1000000;
if (v_generationTime > v_endTime ) {
@@ -3547,6 +3895,10 @@ module ItsSecurity_TestCases {
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
} else if (v_cert.validity_restrictions[v_counter].type_ == e_time_start_and_duration) {
+ if (PICS_PLUGTEST_VERSION){
+ log("*** " & testcasename() & ": FAIL: Usage of time_start_and_duration is not allowed in TS103097 v1.2.5");
+ f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+ }
v_startTime := v_cert.validity_restrictions[v_counter].validity.time_start_and_duration.start_validity * 1000000;
v_duration := f_duration2time(v_cert.validity_restrictions[v_counter].validity.time_start_and_duration.duration_) * 1000000;
if (v_generationTime < v_startTime or (v_startTime + v_duration) > v_endTime ) {
@@ -4580,9 +4932,11 @@ module ItsSecurity_TestCases {
log("*** " & testcasename() & ": FAIL: Certificate[ " & int2str(v_counter) & "] doesn't contain signer info ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
- if (not match(v_si.type_, e_certificate_digest_with_sha256) and not match(v_si.type_, e_certificate_digest_with_other_algorithm)) {
- log("*** " & testcasename() & ": FAIL: Certificate is not signed with digest ***");
- f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+ if (not match(v_si.type_, e_certificate_digest_with_sha256)) {
+ if (not match(v_si.type_, e_certificate_digest_with_other_algorithm) or PICS_PLUGTEST_VERSION) {
+ log("*** " & testcasename() & ": FAIL: Certificate is not signed with digest ***");
+ f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+ }
}
// signer_info.type indicates 'certificate_digest_with_sha256' or 'certificate_digest_with_other_algorythm'