Unify STF525 TTCN-3 code with spirent

ttcn/AtsPki/ItsPki_TestCases.ttcn

@@ -156,6 +156,7 @@ module ItsPki_TestCases {
                                                       in Headers p_headers,
                                                       in EtsiTs103097Certificate p_ec_certificate,
                                                       out InnerAtRequest p_inner_at_request,
+                                                      out InnerAtResponse p_inner_at_response,
                                                       out HttpMessage p_response,
                                                       out integer p_result,
                                                       in template octetstring p_its_id := PICS_ITS_S_CANONICAL_ID,
@@ -166,7 +167,6 @@ module ItsPki_TestCases {
         var EtsiTs102941Data v_etsi_ts_102941_data;
         var Oct16 v_request_hash;
         var Oct16 v_aes_enc_key;
-        var InnerAtResponse v_inner_at_response;
         var template (value) HttpMessage v_response;
         
         log(">>> f_verify_http_at_request_from_iut_itss:", p_request);
@@ -183,14 +183,14 @@ module ItsPki_TestCases {
           log("f_verify_http_at_request_from_iut_itss: matching: ", match(v_etsi_ts_102941_data.content, mw_authorizationRequest(mw_innerAtRequest))); // TODO In TITAN, this is the only way to get the unmatching in log
           if (match(v_etsi_ts_102941_data.content, mw_authorizationRequest(mw_innerAtRequest)) == false) {
             // Send error message
-            f_http_build_authorization_response(-, its_aa_cantparse, v_request_hash, -, -, v_aes_enc_key, v_inner_at_response, v_ieee1609dot2_signed_and_encrypted_data);
+            f_http_build_authorization_response(-, its_aa_cantparse, v_request_hash, -, -, v_aes_enc_key, p_inner_at_response, v_ieee1609dot2_signed_and_encrypted_data);
             // Set verdict
             p_result := -2;
           } else {
             // Extract InnerAtRequest and Verify signature of mw_innerATRequestSignedForPop
             if (f_verify_inner_at_request_signed_for_pop(v_etsi_ts_102941_data, p_ec_certificate, p_inner_at_request) == false) {
               // Send error message
-              f_http_build_authorization_response(p_inner_at_request, its_aa_cantparse, v_request_hash, -, -, v_aes_enc_key, v_inner_at_response, v_ieee1609dot2_signed_and_encrypted_data);
+              f_http_build_authorization_response(p_inner_at_request, its_aa_cantparse, v_request_hash, -, -, v_aes_enc_key, p_inner_at_response, v_ieee1609dot2_signed_and_encrypted_data);
               v_response := m_http_response(m_http_response_ok(m_http_message_body_binary(m_binary_body_ieee1609dot2_data(v_ieee1609dot2_signed_and_encrypted_data)), p_headers));
               // Set verdict
               p_result := -3;
@@ -198,7 +198,7 @@ module ItsPki_TestCases {
               log("f_verify_http_at_request_from_iut_itss: match ", match(p_inner_at_request, mw_innerAtRequest(mw_publicKeys, -, mw_shared_at_request, mw_ec_signature))); // TODO In TITAN, this is the only way to get the unmatching in log
               if (match(p_inner_at_request, mw_innerAtRequest(mw_publicKeys, -, mw_shared_at_request, mw_ec_signature)) == false) { // TODO To be refined
                 // Send error message: No enrolment request
-                f_http_build_authorization_response(p_inner_at_request, its_aa_badcontenttype, v_request_hash, -, -, v_aes_enc_key, v_inner_at_response, v_ieee1609dot2_signed_and_encrypted_data);
+                f_http_build_authorization_response(p_inner_at_request, its_aa_badcontenttype, v_request_hash, -, -, v_aes_enc_key, p_inner_at_response, v_ieee1609dot2_signed_and_encrypted_data);
                 v_response := m_http_response(m_http_response_ok(m_http_message_body_binary(m_binary_body_ieee1609dot2_data(v_ieee1609dot2_signed_and_encrypted_data)), p_headers));
                 // Set verdict
                 p_result := -4;
@@ -226,7 +226,7 @@ module ItsPki_TestCases {
                 log("f_verify_http_at_request_from_iut_itss: matching: ", match(p_inner_at_request.sharedAtRequest.keyTag, v_key_tag));
                 if (match(p_inner_at_request.sharedAtRequest.keyTag, v_key_tag) == false) {
                   // Send error message: No enrolment request
-                  f_http_build_authorization_response(p_inner_at_request, its_aa_keysdontmatch, v_request_hash, -, -, v_aes_enc_key, v_inner_at_response, v_ieee1609dot2_signed_and_encrypted_data);
+                  f_http_build_authorization_response(p_inner_at_request, its_aa_keysdontmatch, v_request_hash, -, -, v_aes_enc_key, p_inner_at_response, v_ieee1609dot2_signed_and_encrypted_data);
                 v_response := m_http_response(m_http_response_ok(m_http_message_body_binary(m_binary_body_ieee1609dot2_data(v_ieee1609dot2_signed_and_encrypted_data)), p_headers));
                   // Set verdict
                   p_result := -5;
@@ -235,10 +235,10 @@ module ItsPki_TestCases {
                   // Send OK message
                   log("f_verify_http_at_request_from_iut_itss: Receive ", p_inner_at_request);
                   if (p_force_response_code == ok) {
-                    f_http_build_authorization_response(p_inner_at_request, ok, v_request_hash, vc_eaPrivateKey, vc_eaWholeHash, v_aes_enc_key, v_inner_at_response, v_ieee1609dot2_signed_and_encrypted_data);
+                    f_http_build_authorization_response(p_inner_at_request, ok, v_request_hash, vc_eaPrivateKey, vc_eaWholeHash, v_aes_enc_key, p_inner_at_response, v_ieee1609dot2_signed_and_encrypted_data);
                   } else {
                     log("f_verify_http_at_request_from_iut_itss: Succeed built force error code ", p_force_response_code);
-                    f_http_build_authorization_response(p_inner_at_request, p_force_response_code, v_request_hash, -, -, v_aes_enc_key, v_inner_at_response, v_ieee1609dot2_signed_and_encrypted_data);
+                    f_http_build_authorization_response(p_inner_at_request, p_force_response_code, v_request_hash, -, -, v_aes_enc_key, p_inner_at_response, v_ieee1609dot2_signed_and_encrypted_data);
                   }
                   v_response := m_http_response(m_http_response_ok(m_http_message_body_binary(m_binary_body_ieee1609dot2_data(v_ieee1609dot2_signed_and_encrypted_data)), p_headers));
                   // Set verdict
@@ -1742,6 +1742,8 @@ module ItsPki_TestCases {
           // Local variables
           var HashedId8               v_certificate_digest;
           var EtsiTs103097Certificate v_certificate;
+          var InfoPortData            v_info_port_data;
+          var boolean                 v_start_awaiting := false;
           
           // Test component configuration
           vc_hashedId8ToBeUsed := PX_IUT_DEFAULT_CERTIFICATE;
@@ -1769,9 +1771,21 @@ module ItsPki_TestCases {
           f_sendUtTriggerAuthorizationRequestPrimitive();
           tc_ac.start;
           alt {
-            [] geoNetworkingPort.receive { // FIXME Wait for new AT certificate
-              log("*** " & testcasename() & ": PASS: IUT started to send CAM using new AT certificate ***");
-          f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
+            [v_start_awaiting == true] a_await_cam_with_current_cert(
+                                                                     v_info_port_data.hashed_id8,
+                                                                     v_info_port_data.at_certificate
+            ) {
+              log("*** " & testcasename() & ": PASS: IUT started to send CA message using new AT certificate ***");
+              f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
+            }
+            [] geoNetworkingPort.receive { 
+              log("*** " & testcasename() & ": FAIL: IUT started to send CA message using wrong AT certificate ***");
+              f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
+            }
+            [] infoPort.receive(InfoPortData:?) -> value v_info_port_data {
+              log("*** " & testcasename() & ": INFO: Received new AT certificate ***");
+              v_start_awaiting := true;
+              repeat;
             }
             [] tc_ac.timeout {
               log("*** " & testcasename() & ": PASS: No CA message received ***");
@@ -1827,18 +1841,29 @@ module ItsPki_TestCases {
               var HttpMessage v_response;
               var integer v_result;
               var InnerAtRequest v_inner_at_request;
+              var InnerAtResponse v_inner_at_response;
               
               tc_ac.stop;
 
               // Verify IUT response
-              f_verify_http_at_request_from_iut_itss(v_request.request, v_headers, v_inner_ec_response.certificate, v_inner_at_request, v_response, v_result);
+              f_verify_http_at_request_from_iut_itss(v_request.request, v_headers, v_inner_ec_response.certificate, v_inner_at_request, v_inner_at_response, v_response, v_result);
               // Send response
               if (isvalue(v_response)) {
                 httpPort.send(v_response);
               }
               // Set verdict
               if (v_result == 0) {
+                var octetstring v_msg;
+                var octetstring v_hashed_id8;
+                
                 log("*** " & testcasename() & ": PASS: InnerEcRequest received ***");
+                v_msg := bit2oct(encvalue(v_inner_at_response.certificate));
+                if (ischosen(v_inner_at_response.certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaBrainpoolP384r1)) {
+                  v_hashed_id8 := f_hashedId8FromSha384(f_hashWithSha384(v_msg));
+                } else {
+                  v_hashed_id8 := f_hashedId8FromSha256(f_hashWithSha256(v_msg));
+                }
+                infoPort.send(InfoPortData : { hashed_id8 := v_hashed_id8, at_certificate := v_inner_at_response.certificate });
                 f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
               } else {
                 log("*** " & testcasename() & ": FAIL: Failed to verify EA an EnrolmentRequestMessage ***");

ttcn/AtsSecurity/ItsSecurity_Pics.ttcn

@@ -19,7 +19,6 @@ module ItsSecurity_Pics {
     // LibItsSecurity
     import from LibItsSecurity_TypesAndValues all;
     
-    // TODO To be removed
     type record certificates_foi {
         charstring certificate_id,
         HashAlgorithm hashAlgorithm,
@@ -33,7 +32,7 @@ module ItsSecurity_Pics {
         { cc_iutCert_A, sha256, '39CF4DF85C18EBA5'O, 'EFEB473043DD2B88'O, omit }, // CERT_IUT_A_AT
         { cc_iutCert_A_B, sha256, 'F437DE395A471B0A'O, 'FE18C80573BD41A5'O, omit }, // CERT_IUT_A_B_AT
         { cc_iutCert_A_B3, sha256, 'F437DE395A471B0A'O, '623F3CE451FA1A04'O, omit }, // CERT_IUT_A_B3_AT
-        { cc_iutCert_B, sha256, '39CF4DF85C18EBA5'O, 'E9DAF8626F52D687'O, { circularRegion := { center := {436169490, 70533080}, radius := 5000 } } }, // CERT_IUT_B_AT
+        { cc_iutCert_B, sha256, '39CF4DF85C18EBA5'O, 'E9DAF8626F52D687'O, { circularRegion := { center := {436169490, 70533080}, radius := 5000 } } }, // CERT_IUT_A_B_AT
         { cc_iutCert_C, sha256, '39CF4DF85C18EBA5'O, '46C778C826B25328'O, { rectangularRegion := { { northWest := { latitude := 436618657, longitude := 70083912 }, southEast := { latitude := 435720322, longitude := 70982247 } } } } }, // CERT_IUT_C_AT
 
         { cc_taCert_A1, sha256, '39CF4DF85C18EBA5'O, '01063FEF92C015BB'O, omit }, // CERT_IUT_A1_AT

ttcn/AtsSecurity/ItsSecurity_TestControl.ttcn

@@ -97,18 +97,6 @@ module ItsSecurity_TestControl {
             execute(TC_SEC_ITSS_SND_GENMSG_07_BV());
             execute(TC_SEC_ITSS_SND_GENMSG_08_BV());
             
-            /**
-             * @desc Sending behaviour test cases for certificates profile
-             * @see ETSI TS 103 096-2 V1.3.32 (2018-01) Clause 5.2.7 Encrypted messages profile
-             */
-            if (PICS_SEC_ENCRYPTION_SUPPORT) {
-                execute(TC_SEC_ITSS_SND_ENC_01_BV());  
-                execute(TC_SEC_ITSS_SND_ENC_02_BV());  
-                execute(TC_SEC_ITSS_SND_ENC_03_BV());  
-                execute(TC_SEC_ITSS_SND_ENC_04_BV());  
-                execute(TC_SEC_ITSS_SND_ENC_05_BV()); 
-            }
-            
             /**
              * @desc Sending behaviour test cases for certificates profile
              * @see ETSI TS 103 096-2 V1.3.32 (2018-01) Clause 5.2.8 Profiles for certificates

LibIts @ 0181ca54

-Subproject commit ee2c278910c882b90b8fbea6bee5be70ec92aa83
+Subproject commit 0181ca54a8bcae4214b6aba217dff20f2035504e