Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
# ETSI ITS protocols project
## General Information
This repositories contains the test specifications and test adapter code for ETSI ITS protocols testing.
ETSI ITS protocols project supports:
- ETSI EN 302 637-2: "Intelligent Transport Systems (ITS); Vehicular Communications; Basic Set of Applications; Part 2: Specification of Cooperative Awareness Basic Service"
- ETSI EN 102 637-3: "Intelligent Transport Systems (ITS); Vehicular Communications; Basic Set of Applications; Part 3: Specifications of Decentralized Environmental Notification Basic Service"
- ETSI TS 103 301: "Intelligent Transport Systems (ITS); Vehicular Communications; Basic Set of Applications; Facilities layer protocols and communication requirements for infrastructure services"
- EN 302 636-5-1: "Intelligent Transport Systems (ITS); Vehicular Communications; GeoNetworking; Part 5: Transport Protocols; Sub-part 1: Basic Transport Protocol"
- EN 302 636-4-1: "Intelligent Transport Systems (ITS); Vehicular Communications; GeoNetworking; Part 4: Geographical addressing and forwarding for point-to-point and point-to-multipoint communications; Sub-part 1: Media-Independent Functionality"
In addition, it also support ITS Security as define by:
- ETSI TS 103 940: "Intelligent Transport Systems (ITS); Security; Security Architecture and Management".
- ETSI TS 103 097: "Intelligent Transport Systems (ITS); Security; Security header and certificate formats".
- ETSI TS 102 941: "Intelligent Transport Systems (ITS); Security; Trust and Privacy Management technical specification"
- IEEE Std 1609.2™-2016: "IEEE Standard for Wireless Access in Vehicular Environments –Security Services for Applications and Management Messages"
- IEEE Std 1609.2a™-2017: "Standard for Wireless Access In Vehicular Environments – Security Services for Applications and Management Messages Amendment 1".
Contact information
Email at cti_support at etsi dot org
License
Unless specified otherwise, the content of this repository and the files contained are released under the ETSI Software License.
See the attached LICENSE file or visit
https://forge.etsi.org/etsi-software-license
## STFs
The following STFs were or are currently involved in the evolutions of the ETSI ITS protocols project:
- STF 405, STF 422, STF 424, STF 455, STF 462, STF 481, STF 484, STF 507, STF 517, STF 525, STF 538, STF 545, TTF T002, TTF T011
## Installation
The ETSI ITS protocols project builds and tests regularly on the following platforms:
- Linux (Ubuntu)
- Windows ([Cygwin x64](https://cygwin.com/install.html), [Npcap SDK x64](https://nmap.org/npcap/#download) and [OpenSSL-Windows x64](https://www.openssl.org) are required)
Note: The [OpenSSL](https://www.openssl.org) version >= 1.1.1 is also required.
### How to do it?
They are three different methods:
- Using [Vagrant](https://www.vagrantup.com/)
- Using [Docker](https://www.docker.com/)
- Using [Eclipse TITAN on Windows or Linux](https://projects.eclipse.org/projects/tools.titan/downloads)
How to choose one of these methods is depending of your host system.
NOTE: In all case, if you want to setup an continuous integration process (e.g. Jenkins), Docker is the best choice.
#### The host system is Windows
The both methods require a virtual machine. You can use either VirtualBox or WMware.
In this case, the easiest way is to use Vagrant.
#### The host system is Linux
Vagrant requires a virtual machine. You can use either VirtualBox or WMware.
Docker does not need a virtual machine, so it is the more efficant way.
#### Using Vagrant
Pre-requisites on your host machine:
- Install [Virtualbox](https://www.virtualbox.org/manual/ch01.html)
- Install [Vagrant](https://www.vagrantup.com/intro/getting-started/)
- Install Vagrant plugin vagrant-vbguest
- Credentials to access [ETSI forge](https://forge.etsi.org/gitlab/users/sign_in)
- Set the environment variable USERNAME to your ETSI EOL account user name
- Set the environment variable PASSWORD to your ETSI EOL account password
Procedure:
- On your host machine, open a command line session (PuTTY, DOS window...)
- From the ETSI ITS protocols project, clone the Vagrant folder
- In the file Vagrantfile, modify the tag config.vm.provision replacing <username> & <password> strings by your ETSI credentials
- In the Vagrant folder, execute the following commands:
```sh
$ vagrant up --provider virtualbox --provision
...
```
NOTE The creation and the installations will take some time to achieve
- Stop vagrant virtual machine
```sh
$ vagrant halt
...
```
- Update the file 'Vagrantfile' to match with your networks configuration
- Re-start the vagrant virtual machine and log to to the machine
```sh
$ vagrant up
...
$ vagrant ssh
```
- Switch to the next clause (Usage)
NOTE The user password is vagrant.
### Using Docker
Pre-requisites on your host machine:
- Install Virtualbox (For Windows host only)
- Install Docker
Procedure for a Windows host machine:
- On your host machine, open a the Docker Quickstart Terminal and change to a working folder such as ./temp/docker_its
Procedure for a Linux host machine:
- On your host machine, open a terminal and change to a working folder such as $HOME/temp/docker_its
On your host machine, download the following items from ETSI ITS protocols project:
- The docker folder
- The .jenkins.sh script file (hidden file) and add the execution rights on it
- Check the rights of the script files and the folders
From the your current directory, execute the following commands:
```sh
$ ./.jenkins.sh
...
```
NOTE The creation and the installations will take some time to achieve
- Start the container
```sh
$ ./docker/run-container.sh
...
```
- Switch to the next clause (Usage)
#### From scratch
Pre-requisites:
- Install Virtualbox
Procedure:
- Install a new Linux Virtual machine (Mint, Debian...)
- Update your system with the latest version of kernel and security packages
- Install the following packages (According to the Linux chosen, the package naming can be different)
autoconf
bison
build-essential
cmake
curl
dos2unix
doxygen
emacs
expect
flex
g++:latest
gcc:latest
graphviz
gdb
git-core
gnutls-bin
libglib2.0-dev
libpcap-dev
libgcrypt-dev
libncurses5-dev
libjsoncpp-dev
libssl-dev
libtool-bin
libtool
libwireshark-dev
libxml2-dev
lsof
ntp
pkg-config
qt5-default
qtmultimedia5-dev
libqt5svg5-dev
subversion
sudo
sshpass
tcpdump
texlive-font-utils
tshark
valgrind
vim
vsftpd
xutils-dev
tree
tzdata
unzip
wget
xsltproc
- In your home directory, create the following folders:
- $HOME/frameworks,
- $HOME/dev
- $HOME/lib
- In $HOME/frameworks, build the following package:
- asn1c, according the procedure specified [here](https://github.com/vlm/asn1c.git)
- Eclipse IDE for C/C++ Developers, according the procedure specified [here](https://www.eclipse.org/cdt/)
- TITAN, according the procedure specified [here](https://github.com/eclipse/titan.core)
- Import the TITAN plugin into your Eclipse IDE, according the procedure specified [here](https://github.com/eclipse/titan.core)
- Clone the ETSI ITS protocols project into $HOME/dev folder
```sh
$ git clone --recurse-submodules --single-branch https://forge.etsi.org/gitlab/ITS/TS.ITS.git ./TTF011_Its
```
- Update your default environment with the content of the script $HOME/dev/TTF011_Its/scripts/devenv.bash.ubuntu
- Switch to the next clause (Usage)
#### Using Eclipse TITAN
When cloning the ETSI ITS project, you can find two specific files:
- TTF011.tpd
- TTF011_Linux.tpd
These two files are used create the ETSI ITS project workspace on Eclipse TITAN. To do it, please follow the steps below:
- Start eclipse using a new workspace, (e.g. with the name workspace_titan)
- Select the menu option File/import
- In the Dialog box,select TITAN/Project from .tpd file
- Select the correct TTF011.tpd file and follow the instructions
NOTE: When the Eclipse TITAN workspace is created, you have to build manually the librairy 'libasn1c.so' following the commands below:
```sh
$ cd <eclipse workspace>/TTF011_Its
$ mkdir -p ./bin/asn1
$ cd ./bin/asn1
$ make CC=gcc -f ../../asn1/Makefile
$ rm *.cc # To prevent TITAN to import these .cc source files into our project
```
## Usage
This clause describes how to compile and execute an Abstract Test Suite.
The procedures below illustrate how to run the CAM test suite. The same procedures will apply for any other ETSI ITS test suite.
Pre-requisites:
- Your machine is installed following one of the installation method describes in the previous clause
- Refer to the ETSI TS 103 099 for the description of the Test System architecture and configuration
- Your are logged as 'etsi' or 'vagrant' user
- Procedure using TITAN command line (only):
- Open several SSH session (PuTTY...)
- Change to the directory ~/dev/TTF011_Its/
- Modify the file config.mk according to your system:
- On Linux, comment all the lines using the '#' character
- On Windows, update the path accordingly
- Build the test suite AtsCAM using the following command:
```sh
$ export ATS=AtsCAM # The Abstract Test Suite you wnat to build, such as AtsDENM, AtsSecurity...
$ make
...
```
- Edit the file ../etc/AtsCAM.cfg
- Update the following fields (see ETSI TS 103 099 for details):
- system.camPort.params
- system.utPort.params
- To run the test suitem, execute the following command:
```sh
$ cd ~/dev/TTF011_Its/scripts
$ ../run_all.bash
...
```
- The log files are located in ../logs/AtsCAM folder for this example. You can edit them using any editor or using the Eclipse TITAN log plugins
## How to generate ITS test certificates
The Test System includes a tool, asn1certgen, to generate ITS test certificates used for Conformance Testing.
This tool is located in the folder '~/dev/TTF011_Its/tools/itscertgen/'.
Note: These certificates can not be used in a true architectures, there are present only for testing and/or debug purposes.
### Build the tool 'asn1certgen' to generate new certificates bundle
To build the tool, run the 'make' command in each of the following folders:
- cshared
- cxml
- checker
- asn1certgen
### Generate the certificates
After applying the previous clause, change to the folder '~/dev/TTF011_Its/data/v3' and execute 'make' command:
```
$ cd ~/dev/TTF011_Its/data/v3
$ make
```
The certificates will be located in the folder '~/dev/TTF011_Its/data/v3/certificates'.
To use this newly generated certificates, you shall update two parameters located in the TTCN-3 file LibItsSecurity_Pixits. These are:
- LibItsSecurity_Pixits.PX_CERTIFICATE_POOL_PATH, which is the path the certificates folder (e.g. LibItsSecurity_Pixits.PX_CERTIFICATE_POOL_PATH := "/home/<user>/tmp")
- LibItsSecurity_Pixits.PX_IUT_SEC_CONFIG_NAME, which is the name of the certificates folder (e.g. LibItsSecurity_Pixits.PX_IUT_SEC_CONFIG_NAME := "asn1c_cert")
### Modify or create new certificates
The folder '~/dev/TTF011_Its/data/v3/profiles' contains an XML file for each certificate to be generated.
This XML file describes the certificate content (e.g. CERT_IUT_A_RCA.xml describes the root certificate for all CERT_IUT_A certificates).
By modifying these files, you can change create new certificate with different geographical area, different validity periods or different SSPs.
To re-generates the certificates, refer to the previous clause.
## Security Test suites configurations
The security Test suites configurations depends of the Test suite to be executed.
### ITS Protocol Test suites for Facilities layer
These are the ITS Test suites such as AtsCAM (102 868-x) , AtsDENM (102 869-x) or IVI (103 191-x) Test suites. These Test suite can be executed againt an ITS device configured to use Security.
In this cases, the following parameters shall be modified to match the ITS device configuration:
- PICS_IS_IUT_SECURED=true which indicates that the ITS device under test is secured
In addition, the Test System shall be configured to support the security modifying the following settings as described below:
- device_mode=1
- secured_mode=1
- sec_db_path=/home/<user>/dev/TTF011_Its/data/v3/certificates
### ITS Protocol Test suites for Transport layer
This is the AtsGeoNetworking Test suite (ETSI TS 102 871-x) which required more specific configuration (ETSI EN 302 636-4-1).
In this cases, the following parameters shall be modified to match the ITS device configuration:
- PICS_GN_SECURITY=false, which indicate the GeoNetworking Test Suite does not manage ITS Security protocol
- PICS_IS_IUT_SECURED=true, which indicates that the ITS device under test is secured
In addition, the Test System shall be configured to support the security modifying the following settings as described below:
- device_mode=1
- secured_mode=1
- sec_db_path=/home/<user>/dev/TTF011_Its/data/v3/certificates
### ITS Protocol Test suites for Security
This clause is relative to the AtsSecurity (ETSI TS 103 096-x) Test suite which are focused on ITS Security protocol (ETSI TS 103 097).
In this cases, the following parameters shall be modified to match the ITS device configuration:
- PICS_GN_SECURITY=true, which indicate the GeoNetworking Test Suite manages ITS Security protocol
- PICS_IS_IUT_SECURED=false
In addition, the Test System shall be configured to support the security modifying the following settings as described below:
- device_mode=0
- secured_mode=0
- its_aid=36 for CAM or 37 for DENM
### ITS Protocol Test suites for Security/PKI
This clause is relative to the AtsPki (ETSI TR 103 525-x) Test suite which are focused on ITS PKI Security protocol (ETSI TS 102 941).
In this cases, the following parameters shall be modified according to the considered group of tests:
- For all tests focused on ITS device enrolment:
- PICS_GN_SECURITY=true, which indicate the GeoNetworking Test Suite manages ITS Security protocol
- PICS_IS_IUT_SECURED=false
- HTTP_P_PL_ACT_AS_SERVER=true
- PICS_TS_EA_CERTIFICATE_ID=CERT_TS_A_EA
- PICS_MULTIPLE_END_POINT=false
- PICS_IUT_ITS_S_ROLE=true
- For all tests focused on PKI:
- HTTP_P_PL_ACT_AS_SERVER=true
- PICS_TS_EA_CERTIFICATE_ID=CERT_pki certificate_EA
- PICS_MULTIPLE_END_POINT=true
In addition, the Test System shall be configured to support the security modifying the following settings as described below:
- device_mode=0
- secured_mode=0
## Wireshark with support of ETSI ITS Protocols
The official version of Wireshark, supporting ETSI ITS Protocols, is available [here](https://www.wireshark.org/download.html).
Some sample capture files are available [here](https://wiki.wireshark.org/SampleCaptures).
## How to Report a Bug
The ETSI ITS protocols project is under constant development, so it is possible that you will
encounter a bug while using it. Please report bugs at cti_support at etsi dot org.