Newer
Older
19001
19002
19003
19004
19005
19006
19007
19008
19009
19010
19011
19012
19013
19014
19015
19016
19017
19018
19019
19020
19021
19022
19023
19024
19025
19026
19027
19028
19029
19030
19031
19032
19033
19034
19035
19036
19037
19038
19039
19040
19041
19042
19043
19044
19045
19046
19047
19048
19049
19050
19051
19052
19053
19054
19055
19056
19057
19058
19059
19060
19061
19062
19063
19064
19065
19066
19067
19068
19069
19070
19071
19072
19073
19074
19075
19076
19077
19078
19079
19080
19081
19082
19083
19084
19085
19086
19087
19088
19089
19090
19091
19092
19093
19094
19095
19096
19097
19098
19099
19100
19101
19102
19103
19104
19105
19106
19107
19108
19109
19110
19111
19112
19113
19114
19115
19116
19117
19118
19119
19120
19121
19122
19123
19124
19125
19126
19127
19128
19129
19130
19131
19132
19133
19134
19135
19136
19137
19138
19139
19140
19141
19142
19143
19144
19145
19146
19147
19148
19149
19150
19151
19152
19153
19154
19155
19156
19157
19158
19159
19160
19161
19162
19163
19164
19165
19166
19167
19168
19169
19170
19171
19172
19173
19174
19175
19176
19177
19178
19179
19180
19181
19182
19183
19184
19185
19186
19187
19188
19189
19190
19191
19192
19193
19194
19195
19196
19197
19198
19199
19200
19201
19202
19203
19204
19205
19206
19207
19208
19209
19210
19211
19212
19213
19214
19215
19216
19217
19218
19219
19220
19221
19222
19223
19224
19225
19226
19227
19228
19229
19230
19231
19232
19233
19234
19235
19236
19237
19238
19239
19240
19241
19242
19243
19244
19245
19246
19247
19248
19249
19250
19251
19252
19253
19254
19255
19256
19257
19258
19259
19260
19261
19262
19263
19264
19265
19266
19267
19268
19269
19270
19271
19272
19273
19274
19275
19276
19277
19278
19279
19280
19281
19282
19283
19284
19285
19286
19287
19288
19289
19290
19291
19292
19293
19294
19295
19296
19297
19298
19299
19300
19301
19302
19303
19304
19305
19306
19307
19308
19309
19310
19311
19312
19313
19314
19315
19316
19317
19318
19319
19320
19321
19322
19323
19324
19325
19326
19327
19328
19329
19330
19331
19332
19333
19334
19335
19336
19337
19338
19339
19340
19341
19342
19343
19344
19345
19346
19347
19348
19349
19350
19351
19352
19353
19354
19355
19356
19357
19358
19359
19360
19361
19362
19363
19364
19365
19366
19367
19368
19369
19370
19371
19372
19373
19374
19375
19376
19377
19378
19379
19380
19381
19382
19383
19384
19385
19386
19387
19388
19389
19390
19391
19392
19393
19394
19395
19396
19397
19398
19399
19400
19401
19402
19403
19404
19405
19406
19407
19408
19409
19410
19411
19412
19413
19414
19415
19416
19417
19418
19419
19420
19421
19422
19423
19424
19425
19426
19427
19428
19429
19430
19431
19432
19433
19434
19435
19436
19437
19438
19439
19440
19441
19442
19443
19444
19445
19446
19447
19448
19449
19450
19451
19452
19453
19454
19455
19456
19457
19458
19459
19460
19461
19462
19463
19464
19465
19466
19467
19468
19469
19470
19471
19472
19473
19474
19475
19476
19477
19478
19479
19480
19481
19482
19483
19484
19485
19486
19487
19488
19489
19490
19491
19492
19493
19494
19495
}
[] tc_ac.timeout {
log("*** f_TC_SECPKI_AA_AUTH_01_BV_itss: INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_cfHttpDown_itss();
} // End of function f_TC_SECPKI_AA_AUTH_01_BV_itss
function f_TC_SECPKI_AA_AUTH_01_BV_ea() runs on ItsPkiHttp system ItsPkiHttpSystem {
var Oct32 v_private_key_ec;
var Oct32 v_public_compressed_key_ec;
var integer v_compressed_key_mode_ec;
var InnerEcRequest v_inner_ec_request;
var EtsiTs103097Certificate v_ec_certificate;
var Oct32 v_private_key_at;
var Oct32 v_public_compressed_key_at;
var integer v_compressed_mode_at;
var Oct32 v_private_enc_key_at;
var Oct32 v_public_compressed_enc_key_at;
var integer v_compressed_enc_mode_at;
var octetstring v_request_hash;
var Oct16 v_encrypted_sym_key;
var Oct16 v_aes_sym_key;
var HashedId8 v_aes_sym_key_hashed_id8;
var Oct12 v_nonce;
var octetstring v_salt;
var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
var Headers v_headers;
var HttpMessage v_request;
var HttpMessage v_response;
var EtsiTs102941Data v_etsi_ts_102941_data;
var Oct16 v_aes_enc_key := int2oct(0, 16);
var SharedAtRequest v_shared_at_request;
var AuthorizationValidationResponse v_authorization_validation_response;
// Test component configuration
f_cfHttpUp_ea(cc_taCert_A_EA, PICS_IUT_AA_CERTIFICATE_ID);
// Test adapter configuration
// Preamble
tc_ac.start;
alt {
[] a_await_atv_http_request_from_iut( // Wait for authorizationValidation Request from IUT to EA
mw_http_request(
mw_http_request_post(
-, //FIXME: Use another PIXIT than PICS_HTTP_POST_URI_ATV,
-,
mw_http_message_body_binary(
mw_binary_body_ieee1609dot2_data(
mw_authorizationRequestMessage(
mw_encryptedData(
{ *, mw_recipientInfo_certRecipInfo(mw_pKRecipientInfo(vc_eaHashedId8)), * },
mw_symmetricCiphertext_aes128ccm
)))))),
v_request
) {
var integer v_result;
tc_ac.stop;
f_verify_http_at_request_from_iut_atv(v_request.request, v_aes_sym_key, v_request_hash, v_shared_at_request, v_result);
// Set verdict
if (v_result == 0) {
log("*** f_TC_SECPKI_AA_AUTH_01_BV_ea: INFO: IUT has sent AuthorizationValidation request ***");
// Send AuthorizationValidation response to finalize the exchange
log("*** f_TC_SECPKI_AA_AUTH_01_BV_ea: INFO: Send AuthorizationValidation response to finalize the exchange ***");
f_init_default_headers_list(-, "inner_atv_response", v_headers);
f_http_build_authorization_validation_response(v_shared_at_request, ok, v_request_hash, vc_eaPrivateKey, vc_eaWholeHash, v_aes_enc_key, v_authorization_validation_response, v_ieee1609dot2_signed_and_encrypted_data);
f_http_send(
v_headers,
m_http_response(
m_http_response_ok(
m_http_message_body_binary(
m_binary_body_ieee1609dot2_data(
v_ieee1609dot2_signed_and_encrypted_data
)),
v_headers
)));
f_selfOrClientSyncAndVerdict(c_prDone, e_success);
} else {
log("*** f_TC_SECPKI_AA_AUTH_01_BV_ea: INCONC: Failed to verify AuthorizationValidation request ***");
// Send AuthorizationValidation response to finalize the exchange
log("*** f_TC_SECPKI_AA_AUTH_01_BV_ea: INFO: Send AuthorizationValidation response to finalize the exchange ***");
f_init_default_headers_list(-, "inner_atv_response", v_headers);
f_http_build_authorization_validation_response(v_shared_at_request, deniedpermissions, v_request_hash, vc_eaPrivateKey, vc_eaWholeHash, v_aes_enc_key, v_authorization_validation_response, v_ieee1609dot2_signed_and_encrypted_data);
f_http_send(
v_headers,
m_http_request(
m_http_request_post(
PICS_HTTP_POST_URI_AT,
v_headers,
m_http_message_body_binary(
m_binary_body_ieee1609dot2_data(
v_ieee1609dot2_signed_and_encrypted_data
)))));
f_selfOrClientSyncAndVerdict(c_prDone, e_timeout);
}
}
[] tc_ac.timeout {
log("*** f_TC_SECPKI_AA_AUTH_01_BV_ea: INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_prDone, e_timeout);
}
} // End of 'alt' statement
// Test body
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
// Postamble
// TODO Wait for AuthorizationResponse
f_cfHttpDown_ea();
} // End of function f_TC_SECPKI_AA_AUTH
} // End of group f_TC_SECPKI_AA_AUTH_01_BV
/**
* @desc Check that the AA sends signed authorization response.
* <pre>
* Pics Selection: PICS_IUT_AA_ROLE
* Initial conditions:
* with {
* the ITS-S in "enrolled" state and
* the IUT(AA) in 'operational' state
* authorized with CERT_AA certificate
* and the EA in 'operational' state
* }
* Expected behaviour:
* ensure that {
* when {
* the IUT is triggered to send the authorization response to the ITS-S
* }
* then {
* the IUT is triggered to send the authorization response to the ITS-S
* containing the EtsiTs103097Data-Signed
* containing signedData
* containing signer
* containing digest
* indicating HashedId8 value of the CERT_AA
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v2.0.1 SECPKI_AA_AUTH_02_BV
* @reference ETSI TS 102 941, clause 6.2.3.3.2
*/
testcase TC_SECPKI_AA_AUTH_02_BV() runs on ServerSyncComp system ItsPkiHttpSystem {
// Local variables
var ItsPkiHttp v_itss;
var ItsPkiHttp v_ea;
// Test control
if (not PICS_IUT_AA_ROLE) {
log("*** " & testcasename() & ": PICS_IUT_AA_ROLE required for executing the TC ***");
setverdict(inconc);
stop;
}
// Test component configuration
f_cfMtcUp02(v_itss, v_ea);
// Test adapter configuration
// Start components
v_itss.start(f_TC_SECPKI_AA_AUTH_02_BV_itss());
v_ea.start(f_TC_SECPKI_AA_AUTH_02_BV_ea());
// Synchronization
f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
f_cfMtcDown02(v_itss, v_ea);
} // End of testcase TC_SECPKI_AA_AUTH_02_BV
group f_TC_SECPKI_AA_AUTH_02_BV {
function f_TC_SECPKI_AA_AUTH_02_BV_itss() runs on ItsPkiHttp system ItsPkiHttpSystem {
var Oct32 v_private_key_ec;
var Oct32 v_public_compressed_key_ec;
var integer v_compressed_key_mode_ec;
var InnerEcRequest v_inner_ec_request;
var EtsiTs103097Certificate v_ec_certificate;
var Oct32 v_private_key_at;
var Oct32 v_public_compressed_key_at;
var integer v_compressed_mode_at;
var Oct32 v_private_enc_key_at;
var Oct32 v_public_compressed_enc_key_at;
var integer v_compressed_enc_mode_at;
var octetstring v_request_hash;
var Oct16 v_encrypted_sym_key;
var Oct16 v_aes_sym_key;
var HashedId8 v_aes_sym_key_hashed_id8;
var Oct16 v_authentication_vector;
var Oct12 v_nonce;
var octetstring v_salt;
var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
var Headers v_headers;
var HttpMessage v_request;
var HttpMessage v_response;
var EtsiTs102941Data v_etsi_ts_102941_data;
var Oct16 v_aes_enc_key;
var InnerAtRequest v_inner_at_request;
var InnerAtResponse v_inner_at_response;
var HashedId8 v_ec_certificate_hashed_id8;
// Test component configuration
f_cfHttpUp_itss(cc_taCert_A_EA, PICS_IUT_AA_CERTIFICATE_ID);
// Test adapter configuration
// Preamble
// Generate EC certificate
f_generate_inner_ec_request(v_private_key_ec, v_public_compressed_key_ec, v_compressed_key_mode_ec, v_inner_ec_request);
f_generate_ec_certificate_for_inner_ec_response(v_inner_ec_request, v_private_key_ec, vc_eaWholeHash, v_ec_certificate, v_ec_certificate_hashed_id8);
// Send AuthorizationRequest
f_http_build_authorization_request(v_ec_certificate, v_private_key_ec, v_private_key_at, v_public_compressed_key_at, v_compressed_mode_at, v_private_enc_key_at, v_public_compressed_enc_key_at, v_compressed_enc_mode_at, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
v_aes_sym_key_hashed_id8 := f_hashedId8FromSha256(f_hashWithSha256('80'O & v_aes_sym_key)); // Used to match the response
f_init_default_headers_list(-, "inner_at_request", v_headers);
f_http_send(
v_headers,
m_http_request(
m_http_request_post(
PICS_HTTP_POST_URI_AT,
v_headers,
m_http_message_body_binary(
m_binary_body_ieee1609dot2_data(
v_ieee1609dot2_signed_and_encrypted_data
)))));
f_selfOrClientSyncAndVerdict(c_prDone, e_success);
// Test body
tc_ac.start;
alt {
[] a_await_at_http_response_from_iut(
mw_http_response(
mw_http_response_ok(
mw_http_message_body_binary(
mw_binary_body_ieee1609dot2_data(
mw_authorizationRequestMessage(
mw_encryptedData(
{ *, mw_recipientInfo_pskRecipInfo, * },
mw_symmetricCiphertext_aes128ccm
)))))),
v_response
) {
var integer v_result;
tc_ac.stop;
f_verify_http_at_response_from_iut_aa(v_response.response, v_private_key_at, v_aes_sym_key, v_authentication_vector, v_request_hash, v_inner_at_response, v_result);
if (v_result == 0) {
log("*** f_TC_SECPKI_AA_AUTH_02_BV_itss: PASS: Received exptected response ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
} else {
log("*** f_TC_SECPKI_AA_AUTH_02_BV_itss: FAIL: Unexptected response ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout);
}
}
[] tc_ac.timeout {
log("*** f_TC_SECPKI_AA_AUTH_02_BV_itss: INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_cfHttpDown_itss();
} // End of function f_TC_SECPKI_AA_AUTH_02_BV_itss
function f_TC_SECPKI_AA_AUTH_02_BV_ea() runs on ItsPkiHttp system ItsPkiHttpSystem {
var Oct32 v_private_key_ec;
var Oct32 v_public_compressed_key_ec;
var integer v_compressed_key_mode_ec;
var InnerEcRequest v_inner_ec_request;
var EtsiTs103097Certificate v_ec_certificate;
var Oct32 v_private_key_at;
var Oct32 v_public_compressed_key_at;
var integer v_compressed_mode_at;
var Oct32 v_private_enc_key_at;
var Oct32 v_public_compressed_enc_key_at;
var integer v_compressed_enc_mode_at;
var octetstring v_request_hash;
var Oct16 v_encrypted_sym_key;
var Oct16 v_aes_sym_key;
var HashedId8 v_aes_sym_key_hashed_id8;
var Oct12 v_nonce;
var octetstring v_salt;
var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
var Headers v_headers;
var HttpMessage v_request;
var HttpMessage v_response;
var EtsiTs102941Data v_etsi_ts_102941_data;
var Oct16 v_aes_enc_key := int2oct(0, 16);
var SharedAtRequest v_shared_at_request;
var AuthorizationValidationResponse v_authorization_validation_response;
// Test component configuration
f_cfHttpUp_ea(cc_taCert_A_EA, PICS_IUT_AA_CERTIFICATE_ID);
// Test adapter configuration
// Preamble
tc_ac.start;
alt {
[] a_await_atv_http_request_from_iut( // Wait for authorizationValidation Request from IUT to EA
mw_http_request(
mw_http_request_post(
-, //FIXME: Use another PIXIT than PICS_HTTP_POST_URI_ATV,
-,
mw_http_message_body_binary(
mw_binary_body_ieee1609dot2_data(
mw_authorizationRequestMessage(
mw_encryptedData(
{ *, mw_recipientInfo_certRecipInfo(mw_pKRecipientInfo(vc_eaHashedId8)), * },
mw_symmetricCiphertext_aes128ccm
)))))),
v_request
) {
var integer v_result;
tc_ac.stop;
f_verify_http_at_request_from_iut_atv(v_request.request, v_aes_sym_key, v_request_hash, v_shared_at_request, v_result);
// Set verdict
if (v_result == 0) {
log("*** f_TC_SECPKI_AA_AUTH_02_BV_ea: INFO: IUT has sent AuthorizationValidation request ***");
// Send AuthorizationValidation response to finalize the exchange
log("*** f_TC_SECPKI_AA_AUTH_02_BV_ea: INFO: Send AuthorizationValidation response to finalize the exchange ***");
f_init_default_headers_list(-, "inner_atv_response", v_headers);
f_http_build_authorization_validation_response(v_shared_at_request, ok, v_request_hash, vc_eaPrivateKey, vc_eaWholeHash, v_aes_enc_key, v_authorization_validation_response, v_ieee1609dot2_signed_and_encrypted_data);
f_http_send(
v_headers,
m_http_response(
m_http_response_ok(
m_http_message_body_binary(
m_binary_body_ieee1609dot2_data(
v_ieee1609dot2_signed_and_encrypted_data
)),
v_headers
)));
f_selfOrClientSyncAndVerdict(c_prDone, e_success);
} else {
log("*** f_TC_SECPKI_AA_AUTH_02_BV_ea: INCONC: Failed to verify AuthorizationValidation request ***");
// Send AuthorizationValidation response to finalize the exchange
log("*** f_TC_SECPKI_AA_AUTH_02_BV_ea: INFO: Send AuthorizationValidation response to finalize the exchange ***");
f_init_default_headers_list(-, "inner_atv_response", v_headers);
f_http_build_authorization_validation_response(v_shared_at_request, deniedpermissions, v_request_hash, vc_eaPrivateKey, vc_eaWholeHash, v_aes_enc_key, v_authorization_validation_response, v_ieee1609dot2_signed_and_encrypted_data);
f_http_send(
v_headers,
m_http_request(
m_http_request_post(
PICS_HTTP_POST_URI_AT,
v_headers,
m_http_message_body_binary(
m_binary_body_ieee1609dot2_data(
v_ieee1609dot2_signed_and_encrypted_data
)))));
f_selfOrClientSyncAndVerdict(c_prDone, e_timeout);
}
}
[] tc_ac.timeout {
log("*** f_TC_SECPKI_AA_AUTH_02_BV_ea: INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_prDone, e_timeout);
}
} // End of 'alt' statement
// Test body
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
// Postamble
// TODO Wait for AuthorizationResponse
f_cfHttpDown_ea();
} // End of function f_TC_SECPKI_AA_AUTH
} // End of group f_TC_SECPKI_AA_AUTH_02_BV
/**
* @desc Check that the AA sends signed authorization response with signature properly calculated using approved hash algorithm.
* <pre>
* Pics Selection: PICS_IUT_AA_ROLE
* Initial conditions:
* with {
* the ITS-S in "enrolled" state and
* the IUT(AA) in 'operational' state
* authorized with CERT_AA certificate
* containing verificationKey (AA_PUB_V_KEY)
* and the EA in 'operational' state
* }
* Expected behaviour:
* ensure that {
* when {
* the IUT is triggered to send the authorization response to the ITS-S
* }
* then {
* the IUT is triggered to send the authorization response to the ITS-S
* containing the EtsiTs103097Data-Signed
* containing signedData
* containing hashId
* indicating supported hash algorithm (HASH_ALG)
* and containing signature
* calculated using the HASH_ALG and private key correspondent to the AA_PUB_V_KEY
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v2.0.1 SECPKI_AA_AUTH_02_BV
* @reference ETSI TS 102 941, clause 6.2.3.3.2
*/
testcase TC_SECPKI_AA_AUTH_03_BV() runs on ServerSyncComp system ItsPkiHttpSystem {
// Local variables
var ItsPkiHttp v_itss;
var ItsPkiHttp v_ea;
// Test control
if (not PICS_IUT_AA_ROLE) {
log("*** " & testcasename() & ": PICS_IUT_AA_ROLE required for executing the TC ***");
setverdict(inconc);
stop;
}
// Test component configuration
f_cfMtcUp02(v_itss, v_ea);
// Test adapter configuration
// Start components
v_itss.start(f_TC_SECPKI_AA_AUTH_02_BV_itss());
v_ea.start(f_TC_SECPKI_AA_AUTH_02_BV_ea());
// Synchronization
f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
f_cfMtcDown02(v_itss, v_ea);
} // End of testcase TC_SECPKI_AA_AUTH_03_BV
/**
* @desc Check that the AA sends signed AuthorizationResponseMessage using valid ITS AID and only allowed headers.
* <pre>
* Pics Selection: PICS_IUT_AA_ROLE
* Initial conditions:
* with {
* the ITS-S in "enrolled" state and
* the IUT(AA) in 'operational' state
* and the EA in 'operational' state
* }
* Expected behaviour:
* ensure that {
* when {
* the IUT is triggered to send the authorization response to the ITS-S
* }
* then {
* the IUT is triggered to send the authorization response to the ITS-S
* containing the EtsiTs103097Data-Signed
* containing signedData
* containing tbsData
* containing psid
* indicating AID_PKI_CERT_REQUEST
* and containing generationTime
* and not containing any other headers
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v2.0.1 SECPKI_AA_AUTH_02_BV
* @reference ETSI TS 102 941, clause 6.2.3.3.2
*/
testcase TC_SECPKI_AA_AUTH_04_BV() runs on ServerSyncComp system ItsPkiHttpSystem {
// Local variables
var ItsPkiHttp v_itss;
var ItsPkiHttp v_ea;
// Test control
if (not PICS_IUT_AA_ROLE) {
log("*** " & testcasename() & ": PICS_IUT_AA_ROLE required for executing the TC ***");
setverdict(inconc);
stop;
}
// Test component configuration
f_cfMtcUp02(v_itss, v_ea);
// Test adapter configuration
// Start components
v_itss.start(f_TC_SECPKI_AA_AUTH_02_BV_itss());
v_ea.start(f_TC_SECPKI_AA_AUTH_02_BV_ea());
// Synchronization
f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
f_cfMtcDown02(v_itss, v_ea);
} // End of testcase TC_SECPKI_AA_AUTH_04_BV
} // End of group aa_authorization_response
Yann Garcia
committed
// ETSI TS 103 525-2 V2.0.2 (2023-07) Clause 5.5.5 CA Certificate Request
group aa_ca_certificates_request {
// TODO
} // End of group aa_ca_certificates_request
Yann Garcia
committed
// ETSI TS 103 525-2 V2.0.2 (2023-07) Clause 5.5.6 Authorization using butterfly key expansion mechanism
group aa_authorization_with_bfk {
Yann Garcia
committed
19505
19506
19507
19508
19509
19510
19511
19512
19513
19514
19515
19516
19517
19518
19519
19520
19521
19522
19523
19524
19525
19526
19527
19528
19529
19530
19531
19532
19533
19534
19535
19536
19537
19538
19539
19540
19541
19542
19543
19544
19545
19546
19547
19548
19549
19550
19551
19552
19553
19554
19555
19556
19557
19558
19559
19560
19561
19562
19563
19564
19565
19566
group bfk_cert_request_helpers {
function f_trigger_butterfly_cert_request(
out HashedId8 p_aes_sym_key_hashed_id8,
out RaAcaCertRequest p_ra_aca_cert_request
) runs on ItsPkiHttp {
// Local variables
var octetstring v_caterpillar_private_key
var octetstring v_caterpillar_public_key_compressed;
var integer v_caterpillar_compressed_mode;
var octetstring v_caterpillar_enc_private_key
var octetstring v_caterpillar_enc_public_key_compressed;
var integer v_caterpillar_enc_compressed_mode;
var EeRaCertRequest v_ee_ra_cert_request;
var octetstring v_private_key;
var Oct16 v_encrypted_sym_key;
var Oct16 v_aes_sym_key;
var Oct16 v_authentication_vector;
var Oct12 v_nonce;
var Oct32 v_request_hash;
var octetstring v_salt;
var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
var Headers v_headers;
var HttpMessage v_response;
var EtsiTs102941Data v_etsi_ts_102941_data;
// Generate EeRaCertRequest
if (f_generate_ee_ra_cert_request(v_caterpillar_private_key, v_caterpillar_public_key_compressed, v_caterpillar_compressed_mode, v_caterpillar_enc_private_key, v_caterpillar_enc_public_key_compressed, v_caterpillar_enc_compressed_mode, v_ee_ra_cert_request) == false) {
log("*** f_trigger_butterfly_cert_request: ERROR: Failed to generate InnerEcRequest ***");
f_selfOrClientSyncAndVerdict("error", e_error);
}
log ("f_trigger_butterfly_cert_request: p_ee_ra_cert_request: ", v_ee_ra_cert_request);
// Buikd theHTTP request
f_http_build_butterfly_cert_request(v_ee_ra_cert_request, vc_eaPrivateKey, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, p_ra_aca_cert_request, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
p_aes_sym_key_hashed_id8 := f_hashedId8FromSha256(f_hashWithSha256('80'O & v_aes_sym_key)); // Used to match the response
f_init_default_headers_list(-, "bfk_cert_request", v_headers);
f_http_send(
v_headers,
m_http_request(
m_http_request_post(
PICS_HTTP_POST_URI_BFK_AA,
v_headers,
m_http_message_body_binary(
m_binary_body_ieee1609dot2_data(
v_ieee1609dot2_signed_and_encrypted_data
)))));
} // End of function f_trigger_butterfly_cert_request
function f_verify_http_butterfly_cert_request_message_to_ea(
in Request p_request,
in Headers p_headers,
out integer p_result,
out AcaRaCertResponse p_aca_ra_cert_response
) runs on ItsPkiHttp {
// Local variables
var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
var EtsiTs102941Data v_etsi_ts_102941_data;
var template (value) HttpMessage v_response;
var Oct16 v_request_hash;
Yann Garcia
committed
var Oct16 v_aes_enc_key;
log(">>> f_verify_http_butterfly_cert_request_message_to_ea: ", p_request);
p_result := 0;
if (f_verify_pki_request_message(vc_aaPrivateEncKey, vc_aaWholeHash/*salt*/, ''O,
omit,
p_request.body.binary_body.ieee1609dot2_data, true, v_request_hash, v_bfk_hashed_id8, v_etsi_ts_102941_data, v_aes_enc_key) == false) { // Cannot decrypt the message
Yann Garcia
committed
19577
19578
19579
19580
19581
19582
19583
19584
19585
19586
19587
19588
19589
19590
19591
19592
19593
19594
19595
19596
19597
19598
19599
19600
19601
19602
19603
19604
19605
19606
19607
19608
19609
19610
19611
19612
19613
19614
19615
19616
19617
19618
19619
19620
19621
19622
19623
19624
19625
19626
19627
19628
19629
19630
19631
19632
19633
// Send error message
v_response := m_http_response(m_http_response_ko_no_body(p_headers, 400, "Bad request")); // Initialize v_reponse with an error message
// Set verdict
p_result := -1;
} else {
var UInt64 v_current_time := f_getCurrentTimeUtc();
var UInt64 v_delta_time := 30;
log("f_verify_http_butterfly_cert_request_message_to_ea: match ", match(v_etsi_ts_102941_data, mw_etsiTs102941Data_ra_aca_cert_request(mw_ra_aca_cert_request))); // TODO In TITAN, this is the only way to get the unmatching in log
if (match(v_etsi_ts_102941_data, mw_etsiTs102941Data_ra_aca_cert_request(mw_ra_aca_cert_request((v_current_time - v_delta_time .. v_current_time + v_delta_time), explicit, '00000000'B/*butterflyExplicit*/, mw_bfk_to_be_signed_certificate))) == false) {
// Send error message
v_response := m_http_response(m_http_response_ko_no_body(p_headers, 400, "Bad request")); // Initialize v_reponse with an error message
// Set verdict
p_result := -2;
} else {
// TODO Add checked ???
}
}
log("<<< f_verify_http_butterfly_cert_request_message_to_ea: p_result: ", p_result);
} // End of function f_verify_http_butterfly_cert_request_message_to_ea
} // End of group bfk_cert_request_helpers
/**
* @desc Check that the AA sends the butterfly certificate response message after receiving of the butterfly certificate request
* Check that this message is encrypted using the same symmetric encryption key as the butterfly certificate request message
* <pre>
* Pics Selection: PICS_IUT_AA_ROLE
* Initial conditions:
* with {
* the EA in "operational" state
* authorized with CERT_AA certificate
* }
* Expected behaviour:
* ensure that {
* when {
* the IUT received the ButterflyCertificateRequestMessage
* containing content.encryptedData.recipients
* containing the instance of RecipientInfo
* containing certRecipInfo
* containing recipientId
* indicating HashedId8 of the CERT_AA
* and containing encKey
* containing encrypted symmetric encryption key (ENC_KEY)
* }
* then {
* the IUT sends to the EA a EtsiTs103097Data-Encrypted
* containing content.encryptedData.recipients
* indicating size 1
* and containing the instance of RecipientInfo
* containing pskRecipInfo
* indicating HashedId8 of the ENC_KEY
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v2.0.1 SECPKI_AA_AUTHVAL_01_BV
Yann Garcia
committed
19635
19636
19637
19638
19639
19640
19641
19642
19643
19644
19645
19646
19647
19648
19649
19650
19651
19652
19653
19654
19655
19656
19657
19658
19659
19660
19661
19662
19663
19664
19665
19666
19667
19668
19669
19670
19671
* @reference ETSI TS 102 941, clause 6.2.3.3.2
*/
testcase TC_SECPKI_AA_BFK_AUTH_01_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
// Local variables
var HashedId8 v_aes_sym_key_hashed_id8;
var Headers v_headers;
var HttpMessage v_request;
var integer v_result;
var RaAcaCertRequest v_ra_aca_cert_request;
var AcaRaCertResponse v_aca_ra_cert_response;
// Test control
if (not PICS_IUT_AA_ROLE) {
log("*** " & testcasename() & ": PICS_IUT_AA_ROLE required for executing the TC ***");
setverdict(inconc);
stop;
}
// Test component configuration
f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);
// Test adapter configuration
// Preamble
f_trigger_butterfly_cert_request(v_aes_sym_key_hashed_id8, v_ra_aca_cert_request);
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
tc_ac.start;
alt {
[] httpAtVPort.receive(
mw_http_request(
mw_http_request_post(
-, // URI
v_headers, // Headers
mw_http_message_body_binary(
mw_binary_body_ieee1609dot2_data(
mw_butterflyCertResponseMessage(
mw_encryptedData
Yann Garcia
committed
19674
19675
19676
19677
19678
19679
19680
19681
19682
19683
19684
19685
19686
19687
19688
19689
19690
19691
19692
19693
19694
19695
19696
19697
)))))) -> value v_request {
tc_ac.stop;
f_verify_http_butterfly_cert_request_message_to_ea(v_request.request, v_headers, v_result, v_aca_ra_cert_response);
// Set verdict
if (v_result == 0) {
log("*** " & testcasename() & ": PASS: ButterflyCertResponsetMessage received ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
} else {
log("*** " & testcasename() & ": FAIL: Failed to verify ButterflyCertResponsetMessage ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
}
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_cfHttpDown();
} // End of testcase TC_SECPKI_AA_BFK_AUTH_01_BV
} // End of group aa_authorization_with_bfk
Yann Garcia
committed
// ETSI TS 103 525-2 V2.0.2 (2023-07) Clause 5.6 RootCA behaviour
// ETSI TS 103 525-2 V2.0.2 (2023-07) Clause 5.6.1 CTL generation
group ca_ctl_generation {
19708
19709
19710
19711
19712
19713
19714
19715
19716
19717
19718
19719
19720
19721
19722
19723
19724
19725
19726
19727
19728
19729
19730
19731
19732
19733
19734
19735
19736
19737
19738
19739
/**
* @desc Check that the RootCA generates the Full CTL when new EA is about to be added to the Root CTL
* <pre>
* Pics Selection: PICS_IUT_CA_ROLE
* Initial conditions:
* }
* Expected behaviour:
* ensure that {
* when {
* the RootCA is triggered to add new EA certificate (CERT_EA) in the CTL
* }
* then {
* the IUT issue a new CTL of type CtlFormat
* containing isFullCtl
* indicating TRUE
* and containing ctlCommands
* containing CtlCommand
* containing add
* containing ea
* containing eaCertificate
* indicating CERT_EA
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 TP RCA_CTLGEN_01_BV
* @reference ETSI TS 102 941, clause 6.3.2 and 6.3.4
*/
testcase TC_RCA_CTLGEN_01_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
// Local variables
var Headers v_headers;
var HttpMessage v_response;
// Test control
if (not PICS_IUT_CA_ROLE) {
log("*** " & testcasename() & ": PICS_IUT_CA_ROLE required for executing the TC ***");
setverdict(inconc);
stop;
}
// Preamble
f_init_default_headers_list(PICS_HEADER_CTL_CONTENT_TYPE, "ca_request", v_headers);
action("The RootCA is triggered to add new EA certificate (CERT_EA) in the CTL");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
19758
19759
19760
19761
19762
19763
19764
19765
19766
19767
19768
19769
19770
19771
19772
19773
19774
19775
19776
19777
19778
// Test Body
f_http_send(
v_headers,
m_http_request(
m_http_request_get(
PICS_HTTP_GET_URI_CTL,
v_headers
)));
tc_ac.start;
alt {
[not(PICS_MULTIPLE_END_POINT)] httpPort.receive(
mw_http_response(
mw_http_response_ok(
mw_http_message_body_binary(
mw_binary_body_ieee1609dot2_data(
mw_etsiTs103097Data_signed(
mw_signedData(
-,
mw_toBeSignedData(
mw_signedDataPayload
),
var ToBeSignedRcaCtl v_to_be_signed_rca_ctl;
tc_ac.stop;
// Check ETag header
if (f_check_headers(v_response.response.header, c_etag_http_header) == false) {
log("*** " & testcasename() & ": INFO: 'ETag' HTTP header not set ***");
//f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout);
} else {
f_get_header(v_response.response.header, c_etag_http_header, v_etag);
log("*** " & testcasename() & ": INFO: ETag= ", v_etag[0]);
}
19795
19796
19797
19798
19799
19800
19801
19802
19803
19804
19805
19806
19807
19808
19809
19810
19811
19812
19813
19814
19815
19816
19817
19818
if (f_verify_rca_ctl_response_message(v_response.response.body.binary_body.ieee1609dot2_data, true, v_to_be_signed_rca_ctl) == false) {
log("*** " & testcasename() & ": FAIL: Failed to verify RCA message ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else {
if (f_verify_full_ctl(v_to_be_signed_rca_ctl) == true) {
log("*** " & testcasename() & ": PASS: ToBeSignedRcaCtl received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
} else {
log("*** " & testcasename() & ": FAIL: Receive unexpected message ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}
}
[PICS_MULTIPLE_END_POINT] httpCaPort.receive(
mw_http_response(
mw_http_response_ok(
mw_http_message_body_binary(
mw_binary_body_ieee1609dot2_data(
mw_etsiTs103097Data_signed(
mw_signedData(
-,
mw_toBeSignedData(
mw_signedDataPayload
),
YannGarcia
committed
?
var ToBeSignedRcaCtl v_to_be_signed_rca_ctl;
tc_ac.stop;
// Check ETag header
if (f_check_headers(v_response.response.header, c_etag_http_header) == false) {
log("*** " & testcasename() & ": INCONC: 'ETag' HTTP header not set ***");
//f_selfOrClientSyncAndVerdict(c_prDone, e_timeout);
} else {
f_get_header(v_response.response.header, c_etag_http_header, v_etag);
log("*** " & testcasename() & ": INFO: ETag= ", v_etag[0]);
}
19835
19836
19837
19838
19839
19840
19841
19842
19843
19844
19845
19846
19847
19848
19849
19850
19851
19852
19853
19854
19855
19856
19857
19858
if (f_verify_rca_ctl_response_message(v_response.response.body.binary_body.ieee1609dot2_data, true, v_to_be_signed_rca_ctl) == false) {
log("*** " & testcasename() & ": FAIL: Failed to verify RCA message ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else {
if (f_verify_full_ctl(v_to_be_signed_rca_ctl) == true) {
log("*** " & testcasename() & ": PASS: ToBeSignedRcaCtl received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
} else {
log("*** " & testcasename() & ": FAIL: Receive unexpected message ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_cfHttpDown_ca();
} // End of testcase TC_RCA_CTLGEN_01_BV
} // End of ca_group ctl_generation
// ETSI TS 103 525-2 V2.0.2 (2023-07) Clause 5.6.2 CRL generation
group ca_crl_generation {
19864
19865
19866
19867
19868
19869
19870
19871
19872
19873
19874
19875
19876
19877
19878
19879
19880
19881
19882
19883
19884
19885
19886
19887
19888
19889
19890
/**
* @desc Check that the RootCA generates the CRL signed with appropriate certificate
* <pre>
* Pics Selection: PICS_IUT_CA_ROLE
* Initial conditions:
* }
* Expected behaviour:
* ensure that {
* when {
* the RootCA is triggered to add new CA certificate (CERT_CA) to the revocation list
* }
* then {
* the IUT issue a new CRL of type ToBeSignedCrl
* containing emtries
* containing item of type CrlEntry
* indicating HashedId8 of CERT_CA
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 TP RCA_CRLGEN_01_BV
* @reference ETSI TS 102 941, clause 6.3.3
*/
testcase TC_RCA_CRLGEN_01_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
// Local variables
var Headers v_headers;
var HttpMessage v_response;
// Test control
if (not PICS_IUT_CA_ROLE) {
log("*** " & testcasename() & ": PICS_IUT_CA_ROLE required for executing the TC ***");
setverdict(inconc);
stop;
}
// Preamble
f_init_default_headers_list(PICS_HEADER_CRL_CONTENT_TYPE, "ca_request", v_headers);
action("the RootCA is triggered to generate new CRL");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
19909
19910
19911
19912
19913
19914
19915
19916
19917
19918
19919
19920
19921
19922
19923
19924
19925
19926
19927
19928
19929
19930
19931
19932
19933
19934
19935
19936
19937
19938
19939
19940
19941
19942
19943
19944
19945
19946
19947
19948
19949
19950
19951
19952
19953
19954
19955
19956
19957
19958
19959
19960
19961
19962
19963
19964
19965
19966
19967
19968
19969
19970
19971
19972
19973
19974
19975
19976
19977
19978
19979
19980
19981
19982
19983
19984
19985
// Test Body
f_http_send(
v_headers,
m_http_request(
m_http_request_get(
PICS_HTTP_GET_URI_CRL,
v_headers
)));
tc_ac.start;
alt {
[not(PICS_MULTIPLE_END_POINT)] httpPort.receive(
mw_http_response(
mw_http_response_ok(
mw_http_message_body_binary(
mw_binary_body_ieee1609dot2_data(
mw_etsiTs103097Data_signed(
mw_signedData(
-,
mw_toBeSignedData( mw_signedDataPayload ),
mw_signerIdentifier_digest
))))))) -> value v_response {
var ToBeSignedCrl v_to_be_signed_crl;
tc_ac.stop;
if (f_verify_rca_crl_response_message(v_response.response.body.binary_body.ieee1609dot2_data, true, v_to_be_signed_crl) == false) {
log("*** " & testcasename() & ": FAIL: Failed to verify RCA message ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else {
if (f_verify_full_crl(v_to_be_signed_crl) == true) {
log("*** " & testcasename() & ": PASS: ToBeSignedCrl received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
} else {
log("*** " & testcasename() & ": FAIL: Receive unexpected message ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}
}
[PICS_MULTIPLE_END_POINT] httpCaPort.receive(
mw_http_response(
mw_http_response_ok(
mw_http_message_body_binary(
mw_binary_body_ieee1609dot2_data(
mw_etsiTs103097Data_signed(
mw_signedData(
-,
mw_toBeSignedData( mw_signedDataPayload ),
mw_signerIdentifier_digest
))))))) -> value v_response {
var ToBeSignedCrl v_to_be_signed_crl;
tc_ac.stop;
if (f_verify_rca_crl_response_message(v_response.response.body.binary_body.ieee1609dot2_data, true, v_to_be_signed_crl) == false) {
log("*** " & testcasename() & ": FAIL: Failed to verify RCA message ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else {
if (f_verify_full_crl(v_to_be_signed_crl) == true) {
log("*** " & testcasename() & ": PASS: ToBeSignedCrl received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
} else {
log("*** " & testcasename() & ": FAIL: Receive unexpected message ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_cfHttpDown_ca();
} // End of testcase TC_RCA_CRLGEN_01_BV
} // End of group ca_crl_generation
// ETSI TS 103 525-2 V2.0.2 (2023-07) Clause 5.7 DC behaviour
group dc_behavior {
// TODO
} // End of group dc_behavior
// ETSI TS 103 525-2 V2.0.2 (2023-07) Clause 5.8 TLM behaviour
// ETSI TS 103 525-2 V2.0.2 (2023-07) Clause 5.8.1 CTL generation
group tlm_ctl_generation {