Commit d86b45cb authored by filatov's avatar filatov

add TCs to be compatible with TS103097 v1.2.5

parent 2785d819
<certificate name="CERT_IUT_A_1_AT">
<version>2</version>
<signer type="digest" name="CERT_TS_A_AA"/>
<subject type="AT" name="">
<!-- verification_key -->
<attribute type="verification_key">
<public_key algorythm="0">
<ecc_point type="uncompressed"/>
</public_key>
</attribute>
<!-- assurance_level -->
<attribute type="assurance_level">
<assurance level="3"/>
</attribute>
<!-- its_aid_ssp_list -->
<attribute type="its_aid_ssp_list">
<ssp aid="36">&#01;&#xFF;&#xFF;</ssp> <!-- CAM -->
<ssp aid="37">&#01;&#xFF;&#xFF;&#xFF;</ssp> <!-- DENM -->
</attribute>
</subject>
<validity>
<restriction type="time" start="+0" end="+365d"/>
<restriction type="region">
<none/>
</restriction>
</validity>
<signature algorithm="0"/>
</certificate>
......@@ -12,4 +12,9 @@ module ItsSecurity_Pics {
*/
modulepar boolean PICS_DEBUG_ADDON := false;
/**
* @desc Set to true to enable restrictions of TS 103 097 v1.2.5
*/
modulepar boolean PICS_PLUGTEST_VERSION := false;
} // End of module ItsSecurity_Pics
......@@ -1516,6 +1516,157 @@ module ItsSecurity_TestCases {
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_CAM_09_01_BV
/**
* @desc Check that the IUT doesn't send a secured CAM contains the signer_info of type certificate_chain
* when the AA certificate was previously requested and already received from another ITS-S
* <pre>
* Pics Selection: PICS_GN_SECURITY PICS_PLUGTEST_VERSION
* Config Id: CF01
* Initial conditions:
* </pre>
* with
* the IUT being in the 'authorized' state
* and the IUT is configured to send more than one CAM per second
* and the IUT having already sent a CAM
* containing header_fields['signer_info'].signer.type
* indicating 'certificate'
* at TIME_1
* and the IUT having received a SecuredMessage
* containing header_fields['request_unrecognized_certificate']
* containing digests
* containing HashedId3 value (HASH1)
* referencing to the AA certificate
* at TIME_2 (TIME_1 < TIME_2 < TIME_1+1sec)
* and the IUT having received a SecuredMessage
* containing header_fields['signer_info'].signer.type
* indicating 'certificate_chain'
* containing AA certificate
* having HashedId3 value of HASH1
* at TIME_3 (TIME_2 < TIME_3 < TIME_2+0.1sec)
* ensure that
* when
* the IUT is requested to send a CAM
* at TIME_3 (TIME_1 < TIME_2 < TIME_3 < TIME_1+1sec)
* then
* the IUT sends a SecuredMessage
* and containing header_fields['signer_info']
* containing signer
* containing type
* indicating 'digest'
* or indicating 'certificate'
*
* @see ETSI TS 103 096-2 v1.3.3 TP_SEC_ITSS_SND_CAM_09_02_BV
* @reference ETSI TS 103 097 [1], clause 7.1
*/
testcase TC_SEC_ITSS_SND_CAM_09_02_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
const float c_certificateGenerationTime := 1.0;
timer t_maxTransInterval := c_certificateGenerationTime * 1.1;
var GeoNetworkingInd v_geoNwInd;
var ItsCam v_component;
var SignerInfo v_si;
// Test control
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ": ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
if (not(PICS_PLUGTEST_VERSION)) {
log("*** " & testcasename() & ": ERROR: 'PICS_PLUGTEST_VERSION' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
geoNetworkingPort.clear;
v_component := f_setCamFrequencyGreatherThan1Hz();
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage_CAMs(
mw_header_field_signer_info_certificate
)))) -> value v_geoNwInd {
tc_ac.stop;
t_maxTransInterval.start;
f_getMsgSignerInfo(f_getSecuredMessage(v_geoNwInd.msgIn),v_si);
f_getCertificateSignerInfo(v_si.signerInfo.certificate, v_si);
log("*** " & testcasename() & ": INFO: Initial conditions: First CAM message with certificate received ***");
// Send secured message with request for unrecognized certificate
f_sendSecuredCam(
cc_taCert_A,
{
m_header_field_unrecognised_certificate( // containing digests
f_HashedId3FromHashedId8( // containing HashedId3 value
v_si.signerInfo.digest // referencing to the AA certificate
)
)
});
// Send secured message signed with certificate_chain
f_sendSecuredCam(
cc_taCert_A1,
{
omit,
e_certificate_chain
});
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Initial conditions: CAM message with certificate not received ***");
f_selfOrClientSyncAndVerdictPreamble("error", e_timeout);
}
} // End of 'alt' statement
// Test Body
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage_CAMs(
mw_header_field_signer_info_certificate_chain
)))) {
log("*** " & testcasename() & ": FAIL: CAM retransmition with unexpected certificate_chain ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage_CAMs
))) {
log("*** " & testcasename() & ": INFO: CAM retransmission w/o certificate chain ***");
repeat;
}
[] t_maxTransInterval.timeout {
tc_ac.stop;
log("*** " & testcasename() & ": PASS: Generation of CAM messages including certificate chain was successfully skipped ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected CAM not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_terminateCam(v_component);
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_CAM_09_02_BV
/**
* @desc Check that the sent secured CAM contains exactly one HeaderField generation_time which is inside
* the validity time of the certificate referenced by the signer_info
......@@ -1640,17 +1791,20 @@ module ItsSecurity_TestCases {
) {
log("*** " & testcasename() & ": PASS: Generation time within certificate validity ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
} else if (
(f_getCertificateValidityRestriction(v_certificate, e_time_start_and_duration, v_validity) == true) and
(v_generationTime >= (v_validity.validity.time_start_and_duration.start_validity * 1000000)) and
(v_generationTime < (f_duration2time(v_validity.validity.time_start_and_duration.duration_) * 1000000))
) {
log("*** " & testcasename() & ": PASS: Generation time within certificate validity ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
} else {
log("*** " & testcasename() & ": FAIL: Generation time not within certificate validity ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else if (f_getCertificateValidityRestriction(v_certificate, e_time_start_and_duration, v_validity) == true) {
if (PICS_PLUGTEST_VERSION) {
log("*** " & testcasename() & ": FAIL: Usage of time_start_and_duration is forbidden in TS103097 v1.2.5 ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
if ((v_generationTime >= (v_validity.validity.time_start_and_duration.start_validity * 1000000)) and
(v_generationTime < (f_duration2time(v_validity.validity.time_start_and_duration.duration_) * 1000000))
) {
log("*** " & testcasename() & ": PASS: Generation time within certificate validity ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
}
log("*** " & testcasename() & ": FAIL: Generation time not within certificate validity ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
[] geoNetworkingPort.receive(
mw_geoNwInd(
......@@ -1853,6 +2007,101 @@ module ItsSecurity_TestCases {
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_CAM_14_01_BV
/**
* @desc Check that the secured CAM contains only the trailer field of type signature
* and no other trailer fields
* <pre>
* Pics Selection: PICS_GN_SECURITY PICS_PLUGTEST_VERSION
* Config Id: CF01
* Initial conditions:
* with
* the IUT being in the 'authorized' state
* ensure that
* when
* the IUT is requested to send a CAM
* then
* the IUT sends a SecuredMessage
* containing trailer_fields
* containing trailer_fields[0]
* containing type
* indicating 'signature'
* and not containing any other items
* </pre>
*
* @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CAM_15_01_BV
* @reference ETSI TS 103 097 [1], clause 7.1
*/
testcase TC_SEC_ITSS_SND_CAM_15_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
const integer c_nbVerification := 3;
var integer v_nbVerification := 0;
var GeoNetworkingInd v_geoNwInd;
var SignerInfo v_signerInfo;
var Certificate v_certificate;
var boolean v_certificateReceived := false;
// Test control
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
if (not(PICS_PLUGTEST_VERSION)) {
log("*** " & testcasename() & ":ERROR: 'PICS_PLUGTEST_VERSION' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage_CAMs(?, ?,
superset(mw_trailer_field_signature,
mw_trailer_field
))))){
tc_ac.stop;
log("*** " & testcasename() & ": FAIL: CAM received with more then one trailer fields");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage_CAMs(?, ?,
{ mw_trailer_field_signature }
)))){
tc_ac.stop;
log("*** " & testcasename() & ": INFO: CAM message with signature trailer received ***");
v_nbVerification := v_nbVerification + 1;
if (v_nbVerification < c_nbVerification) {
tc_ac.start;
repeat;
}
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected CAM not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
log("*** " & testcasename() & ": PASS: All CAMs received with correct trailer fields count");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_CAM_15_01_BV
/**
* @desc Check that the secured CAM contains only one TrailerField of type signature.
......@@ -2432,6 +2681,10 @@ module ItsSecurity_TestCases {
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
} else if (v_cert.validity_restrictions[v_counter].type_ == e_time_start_and_duration) {
if (PICS_PLUGTEST_VERSION){
log("*** " & testcasename() & ": FAIL: Usage of time_start_and_duration is not allowed in TS103097 v1.2.5");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
v_startTime := v_cert.validity_restrictions[v_counter].validity.time_start_and_duration.start_validity * 1000000;
v_duration := f_duration2time(v_cert.validity_restrictions[v_counter].validity.time_start_and_duration.duration_) * 1000000;
if (not match(v_generationTime, Time64:(v_startTime .. v_duration))){
......@@ -3001,6 +3254,108 @@ module ItsSecurity_TestCases {
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_DENM_08_01_BV
/**
* @desc Check that the secured DENM contains only the trailer field of type signature
* and no other trailer fields
* <pre>
* Pics Selection: PICS_GN_SECURITY and PICS_PLUGTEST_VERSION
* Config Id: CF01
* Initial conditions:
* with
* the IUT being in the 'authorized' state
* ensure that
* when
* the IUT is requested to send DENM
* then
* the IUT sends a SecuredMessage
* containing trailer_fields
* containing trailer_fields[0]
* containing type
* indicating 'signature'
* and not containing other items
* </pre>
* @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_DENM_09_01_BV
* @reference ETSI TS 103 097 [1], clause 7.2
*/
testcase TC_SEC_ITSS_SND_DENM_09_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
const integer c_nbVerification := 3;
var integer v_nbVerification := 0;
var ItsDenm v_denmComponent;
// Test control
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
if (not(PICS_PLUGTEST_VERSION)) {
log("*** " & testcasename() & ":ERROR: 'PICS_PLUGTEST_VERSION' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
// Preamble
f_prNeighbour();
v_denmComponent := f_triggerDenmEvent();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage_DENMs(?, ?, {
mw_trailer_field_signature
})
))){
tc_ac.stop;
log("*** " & testcasename() & ": INFO: DENM message with signature trailer received ***");
v_nbVerification := v_nbVerification + 1;
if (v_nbVerification < c_nbVerification) {
tc_ac.start;
repeat;
}
}
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage_DENMs(?, ?, {})
))) {
tc_ac.stop;
log("*** " & testcasename() & ": FAIL: DENM message with NO trailer fields received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage_DENMs(?, ?,
superset( mw_trailer_field, ? )
)))) {
tc_ac.stop;
log("*** " & testcasename() & ": FAIL: DENM message with more than one trailer field received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected DENM not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
log("*** " & testcasename() & ": PASS: DENM received with correct signature");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
// Postamble
f_cancelDenmEvent(v_denmComponent);
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_DENM_09_01_BV
/**
* @desc Check that the secured DENM contains only one TrailerField of type signature.
* Check that the signature contained in the SecuredMessage is calculated
......@@ -3526,13 +3881,6 @@ module ItsSecurity_TestCases {
v_cert := v_headerField.headerField.signer.signerInfo.certificate;
for (v_counter := 0; v_counter < lengthof(v_cert.validity_restrictions); v_counter := v_counter + 1) {
if (v_cert.validity_restrictions[v_counter].type_ == e_time_end) {
v_endTime := v_cert.validity_restrictions[v_counter].validity.end_validity * 1000000;
if (v_generationTime > v_endTime ) {
log("*** " & testcasename() & ": FAIL: Beacon generation time is not inside the validity of the certificate");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}
if (v_cert.validity_restrictions[v_counter].type_ == e_time_end) {
v_endTime := v_cert.validity_restrictions[v_counter].validity.end_validity * 1000000;
if (v_generationTime > v_endTime ) {
......@@ -3547,6 +3895,10 @@ module ItsSecurity_TestCases {
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
} else if (v_cert.validity_restrictions[v_counter].type_ == e_time_start_and_duration) {
if (PICS_PLUGTEST_VERSION){
log("*** " & testcasename() & ": FAIL: Usage of time_start_and_duration is not allowed in TS103097 v1.2.5");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
v_startTime := v_cert.validity_restrictions[v_counter].validity.time_start_and_duration.start_validity * 1000000;
v_duration := f_duration2time(v_cert.validity_restrictions[v_counter].validity.time_start_and_duration.duration_) * 1000000;
if (v_generationTime < v_startTime or (v_startTime + v_duration) > v_endTime ) {
......@@ -4580,9 +4932,11 @@ module ItsSecurity_TestCases {
log("*** " & testcasename() & ": FAIL: Certificate[ " & int2str(v_counter) & "] doesn't contain signer info ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
if (not match(v_si.type_, e_certificate_digest_with_sha256) and not match(v_si.type_, e_certificate_digest_with_other_algorithm)) {
log("*** " & testcasename() & ": FAIL: Certificate is not signed with digest ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
if (not match(v_si.type_, e_certificate_digest_with_sha256)) {
if (not match(v_si.type_, e_certificate_digest_with_other_algorithm) or PICS_PLUGTEST_VERSION) {
log("*** " & testcasename() & ": FAIL: Certificate is not signed with digest ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}
// signer_info.type indicates 'certificate_digest_with_sha256' or 'certificate_digest_with_other_algorythm'
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment