Newer
Older
var Oct32 v_public_compressed_enc_key_at;
var integer v_compressed_enc_mode_at;
var InnerAtRequest v_inner_at_request;
var Oct32 v_request_hash;
var Oct16 v_encrypted_sym_key;
var Oct16 v_aes_sym_key;
var HashedId8 v_aes_sym_key_hashed_id8;
var Oct16 v_authentication_vector;
var Oct12 v_nonce;
var octetstring v_salt;
var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
var Headers v_headers;
var HttpMessage v_response;
var EtsiTs102941Data v_etsi_ts_102941_data;
// Test control
if (not PICS_IUT_EA_ROLE) {
log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
setverdict(inconc);
stop;
}
// Test component configuration
f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);
if (f_await_http_inner_ec_request_response(v_private_key_ec, v_public_compressed_key_ec, v_compressed_key_mode_ec, v_ec_cert_hashed_id8, v_inner_ec_response) == false) {
log("*** " & testcasename() & ": INCONC: Enrolment failed ***");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
} else {
log("*** " & testcasename() & ": INFO: Enrolment succeed ***");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
}
log("*** " & testcasename() & ": DEBUG: v_inner_ec_response= ", v_inner_ec_response);
log("*** " & testcasename() & ": DEBUG: v_private_key_ec= ", v_private_key_ec);
// Generate an InnerAtRequest
if (f_generate_inner_at_request(vc_aaCertificate, -, vc_aaHashedId8, vc_eaCertificate, vc_eaWholeHash/*salt*/, vc_eaHashedId8, v_inner_ec_response.certificate, v_private_key_ec, v_private_key_at, v_public_compressed_key_at, v_compressed_key_mode_at, v_private_enc_key_at, v_public_compressed_enc_key_at, v_compressed_enc_mode_at, v_inner_at_request) == false) {
log("*** " & testcasename() & ": ERROR: Failed to generate AuthorizationValidationRequest ***");
f_selfOrClientSyncAndVerdict("error", e_error);
}
log("*** " & testcasename() & ": DEBUG: v_inner_at_request= ", v_inner_at_request);
log("*** " & testcasename() & ": DEBUG: v_private_key_at= ", v_private_key_at);
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
11048
11049
11050
11051
11052
11053
11054
11055
11056
11057
11058
11059
11060
11061
11062
11063
11064
11065
11066
11067
11068
11069
11070
11071
// Test Body
f_http_build_authorization_validation_request(v_inner_at_request, v_public_compressed_key_at, v_compressed_key_mode_at, v_private_enc_key_at, v_public_compressed_enc_key_at, v_compressed_enc_mode_at, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
v_aes_sym_key_hashed_id8 := f_hashedId8FromSha256(f_hashWithSha256('80'O & v_aes_sym_key)); // Used to match the response
f_init_default_headers_list(-, "inner_atv_request", v_headers);
f_http_send(
v_headers,
m_http_request(
m_http_request_post(
PICS_HTTP_POST_URI_ATV,
v_headers,
m_http_message_body_binary(
m_binary_body_ieee1609dot2_data(
v_ieee1609dot2_signed_and_encrypted_data
)))));
tc_ac.start;
alt {
[] a_await_atv_http_response_from_iut(
mw_http_response(
mw_http_response_ok(
mw_http_message_body_binary(
mw_binary_body_ieee1609dot2_data(
mw_authorizationResponseMessage(
mw_encryptedData(
{ *, mw_recipientInfo_pskRecipInfo(v_aes_sym_key_hashed_id8), * },
mw_symmetricCiphertext_aes128ccm
)))))),
v_response
) {
var integer v_result;
var InnerAtResponse v_inner_at_response;
f_verify_http_at_response_from_iut_atv(v_inner_at_request, v_response.response, v_private_key_at, v_aes_sym_key, v_authentication_vector, v_request_hash, v_inner_at_response, v_result);
// Set verdict
if (v_result == 0) {
log("*** " & testcasename() & ": PASS: Well-secured ATV certificate received ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
} else {
log("*** " & testcasename() & ": FAIL: Failed to verify ATV response ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
}
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
11102
11103
11104
11105
11106
11107
11108
11109
11110
11111
11112
11113
11114
11115
11116
11117
11118
11119
11120
11121
11122
11123
11124
11125
11126
/**
* @desc If the responseCode is 0, the AuthorizationValidationResponse structure contains the component
* confirmedSubjectAttributes with the attributes the EA wishes to confirm, except for certIssuePermissions
* which is not allowed to be present.
* <pre>
* Pics Selection: PICS_IUT_EA_ROLE
* Initial conditions:
* Expected behaviour:
* ensure that {
* when {
* the IUT receives a AuthorizationValidationRequest message
* and the IUT responds with a AuthorizationValidationResponse message
* containing AuthorizationValidationResponse
* containing responseCode
* indicating 0
* }
* then {
* the IUT sends a AuthorizationValidationResponse message
* contains an AuthorizationValidationResponse structure
* containing confirmedSubjectAttributes
* not containing certIssuePermissions
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v2.0.1 TP SECPKI_EA_AUTHVAL_04_BV
* @reference ETSI TS 102 941, clause 6.2.3.4.2
*/
testcase TC_SECPKI_EA_AUTHVAL_04_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
// Local variables
var Oct32 v_private_key_ec;
var Oct32 v_public_compressed_key_ec;
var integer v_compressed_key_mode_ec;
var HashedId8 v_ec_cert_hashed_id8;
11136
11137
11138
11139
11140
11141
11142
11143
11144
11145
11146
11147
11148
11149
11150
11151
11152
11153
11154
var InnerEcResponse v_inner_ec_response;
var Oct32 v_private_key_at;
var Oct32 v_public_compressed_key_at;
var integer v_compressed_key_mode_at;
var Oct32 v_private_enc_key_at;
var Oct32 v_public_compressed_enc_key_at;
var integer v_compressed_enc_mode_at;
var InnerAtRequest v_inner_at_request;
var Oct32 v_request_hash;
var Oct16 v_encrypted_sym_key;
var Oct16 v_aes_sym_key;
var HashedId8 v_aes_sym_key_hashed_id8;
var Oct16 v_authentication_vector;
var Oct12 v_nonce;
var octetstring v_salt;
var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
var Headers v_headers;
var HttpMessage v_response;
var EtsiTs102941Data v_etsi_ts_102941_data;
// Test control
if (not PICS_IUT_EA_ROLE) {
log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
setverdict(inconc);
stop;
}
// Test component configuration
f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);
if (f_await_http_inner_ec_request_response(v_private_key_ec, v_public_compressed_key_ec, v_compressed_key_mode_ec, v_ec_cert_hashed_id8, v_inner_ec_response) == false) {
log("*** " & testcasename() & ": INCONC: Enrolment failed ***");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
} else {
log("*** " & testcasename() & ": INFO: Enrolment succeed ***");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
}
log("*** " & testcasename() & ": DEBUG: v_inner_ec_response= ", v_inner_ec_response);
log("*** " & testcasename() & ": DEBUG: v_private_key_ec= ", v_private_key_ec);
// Generate an InnerAtRequest
if (f_generate_inner_at_request(vc_aaCertificate, -, vc_aaHashedId8, vc_eaCertificate, vc_eaWholeHash/*salt*/, vc_eaHashedId8, v_inner_ec_response.certificate, v_private_key_ec, v_private_key_at, v_public_compressed_key_at, v_compressed_key_mode_at, v_private_enc_key_at, v_public_compressed_enc_key_at, v_compressed_enc_mode_at, v_inner_at_request) == false) {
log("*** " & testcasename() & ": ERROR: Failed to generate AuthorizationValidationRequest ***");
f_selfOrClientSyncAndVerdict("error", e_error);
}
log("*** " & testcasename() & ": DEBUG: v_inner_at_request= ", v_inner_at_request);
log("*** " & testcasename() & ": DEBUG: v_private_key_at= ", v_private_key_at);
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
11188
11189
11190
11191
11192
11193
11194
11195
11196
11197
11198
11199
11200
11201
11202
11203
11204
11205
11206
11207
11208
11209
11210
11211
// Test Body
f_http_build_authorization_validation_request(v_inner_at_request, v_public_compressed_key_at, v_compressed_key_mode_at, v_private_enc_key_at, v_public_compressed_enc_key_at, v_compressed_enc_mode_at, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
v_aes_sym_key_hashed_id8 := f_hashedId8FromSha256(f_hashWithSha256('80'O & v_aes_sym_key)); // Used to match the response
f_init_default_headers_list(-, "inner_atv_request", v_headers);
f_http_send(
v_headers,
m_http_request(
m_http_request_post(
PICS_HTTP_POST_URI_ATV,
v_headers,
m_http_message_body_binary(
m_binary_body_ieee1609dot2_data(
v_ieee1609dot2_signed_and_encrypted_data
)))));
tc_ac.start;
alt {
[] a_await_atv_http_response_from_iut(
mw_http_response(
mw_http_response_ok(
mw_http_message_body_binary(
mw_binary_body_ieee1609dot2_data(
mw_authorizationResponseMessage(
mw_encryptedData(
{ *, mw_recipientInfo_pskRecipInfo(v_aes_sym_key_hashed_id8), * },
mw_symmetricCiphertext_aes128ccm
)))))),
v_response
) {
var integer v_result;
var InnerAtResponse v_inner_at_response;
f_verify_http_at_response_from_iut_atv(v_inner_at_request, v_response.response, v_private_key_at, v_aes_sym_key, v_authentication_vector, v_request_hash, v_inner_at_response, v_result);
// Set verdict
if (v_result == 0) {
log("*** " & testcasename() & ": PASS: Well-secured ATV certificate received ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
} else {
log("*** " & testcasename() & ": FAIL: Failed to verify ATV response ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
}
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
11242
11243
11244
11245
11246
11247
11248
11249
11250
11251
11252
11253
11254
11255
11256
11257
11258
11259
11260
11261
11262
11263
11264
/**
* @desc If the responseCode is different than 0, the AuthorizationValidationResponse structure does not contain
* the component confirmedSubjectAttributes.
* <pre>
* Pics Selection: PICS_IUT_EA_ROLE
* Initial conditions:
* Expected behaviour:
* ensure that {
* when {
* the IUT receives a AuthorizationValidationRequest message
* and the IUT responds with a AuthorizationValidationResponse message
* containing AuthorizationValidationResponse
* containing responseCode
* indicating a value different than 0
* }
* then {
* the IUT sends a AuthorizationValidationResponse message
* contains an AuthorizationValidationResponse structure
* not containing confirmedSubjectAttributes
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v2.0.1 TP SECPKI_EA_AUTHVAL_05_BV
* @reference ETSI TS 102 941, clause 6.2.3.4.2
*/
testcase TC_SECPKI_EA_AUTHVAL_05_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
// Local variables
var Oct32 v_private_key_ec;
var Oct32 v_public_compressed_key_ec;
var integer v_compressed_key_mode_ec;
11274
11275
11276
11277
11278
11279
11280
11281
11282
11283
11284
11285
11286
11287
11288
11289
11290
11291
11292
var InnerEcResponse v_inner_ec_response;
var Oct32 v_private_key_at;
var Oct32 v_public_compressed_key_at;
var integer v_compressed_key_mode_at;
var Oct32 v_private_enc_key_at;
var Oct32 v_public_compressed_enc_key_at;
var integer v_compressed_enc_mode_at;
var InnerAtRequest v_inner_at_request;
var Oct32 v_request_hash;
var Oct16 v_encrypted_sym_key;
var Oct16 v_aes_sym_key;
var HashedId8 v_aes_sym_key_hashed_id8;
var Oct16 v_authentication_vector;
var Oct12 v_nonce;
var octetstring v_salt;
var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
var Headers v_headers;
var HttpMessage v_response;
var EtsiTs102941Data v_etsi_ts_102941_data;
// Test control
if (not PICS_IUT_EA_ROLE) {
log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
setverdict(inconc);
stop;
}
// Test component configuration
f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);
if (f_await_http_inner_ec_request_response(v_private_key_ec, v_public_compressed_key_ec, v_compressed_key_mode_ec, v_ec_cert_hash_256, v_inner_ec_response) == false) {
log("*** " & testcasename() & ": INCONC: Enrolment failed ***");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
} else {
log("*** " & testcasename() & ": INFO: Enrolment succeed ***");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
}
log("*** " & testcasename() & ": DEBUG: v_inner_ec_response= ", v_inner_ec_response);
log("*** " & testcasename() & ": DEBUG: v_private_key_ec= ", v_private_key_ec);
// Generate an InnerAtRequest
if (f_generate_inner_at_request(vc_aaCertificate, -, vc_aaHashedId8, vc_eaCertificate, vc_eaWholeHash/*salt*/, vc_eaHashedId8, v_inner_ec_response.certificate, v_private_key_ec, v_private_key_at, v_public_compressed_key_at, v_compressed_key_mode_at, v_private_enc_key_at, v_public_compressed_enc_key_at, v_compressed_enc_mode_at, v_inner_at_request) == false) {
log("*** " & testcasename() & ": ERROR: Failed to generate AuthorizationValidationRequest ***");
f_selfOrClientSyncAndVerdict("error", e_error);
}
log("*** " & testcasename() & ": DEBUG: v_inner_at_request= ", v_inner_at_request);
log("*** " & testcasename() & ": DEBUG: v_private_key_at= ", v_private_key_at);
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
11326
11327
11328
11329
11330
11331
11332
11333
11334
11335
11336
11337
11338
11339
11340
11341
11342
11343
11344
11345
11346
11347
11348
11349
// Test Body
f_http_build_invalid_authorization_validation_request(v_inner_at_request, v_public_compressed_key_at, v_compressed_key_mode_at, v_private_enc_key_at, v_public_compressed_enc_key_at, v_compressed_enc_mode_at, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
v_aes_sym_key_hashed_id8 := f_hashedId8FromSha256(f_hashWithSha256('80'O & v_aes_sym_key)); // Used to match the response
f_init_default_headers_list(-, "inner_atv_request", v_headers);
f_http_send(
v_headers,
m_http_request(
m_http_request_post(
PICS_HTTP_POST_URI_ATV,
v_headers,
m_http_message_body_binary(
m_binary_body_ieee1609dot2_data(
v_ieee1609dot2_signed_and_encrypted_data
)))));
tc_ac.start;
alt {
[] a_await_atv_http_response_from_iut(
mw_http_response(
mw_http_response_ok(
mw_http_message_body_binary(
mw_binary_body_ieee1609dot2_data(
mw_authorizationResponseMessage(
mw_encryptedData(
{ *, mw_recipientInfo_pskRecipInfo(v_aes_sym_key_hashed_id8), * },
mw_symmetricCiphertext_aes128ccm
)))))),
v_response
) {
var integer v_result;
var InnerAtResponse v_inner_at_response;
f_verify_http_at_response_from_iut_atv_error(v_inner_at_request, v_response.response, v_private_key_at, v_aes_sym_key, v_authentication_vector, v_request_hash, v_inner_at_response, v_result);
// Set verdict
if (v_result == 0) {
log("*** " & testcasename() & ": PASS: Well-formatted error response received ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
} else {
log("*** " & testcasename() & ": FAIL: Failed to verify AT response ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
}
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
11380
11381
11382
11383
11384
11385
11386
11387
11388
11389
11390
11391
11392
11393
11394
11395
11396
11397
11398
11399
/**
* @desc The component version of the EtsiTs102941Data structure is set to v1 (integer value set to 1).
* <pre>
* Pics Selection: PICS_IUT_EA_ROLE
* Initial conditions:
* Expected behaviour:
* ensure that {
* when {
* the IUT receives a AuthorizationValidationRequest message
* }
* then {
* the IUT sends a AuthorizationValidationResponse message
* containing EtsiTs103097Data-Signed
* containing EtsiTs103097Data
* containing version
* indicating v1 (integer value set to 1)
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v2.0.1 TP SECPKI_EA_AUTHVAL_06_BV
* @reference ETSI TS 102 941, clause 6.2.3.4.2
*/
testcase TC_SECPKI_EA_AUTHVAL_06_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
// Local variables
var Oct32 v_private_key_ec;
var Oct32 v_public_compressed_key_ec;
var integer v_compressed_key_mode_ec;
var HashedId8 v_ec_cert_hashed_id8;
11409
11410
11411
11412
11413
11414
11415
11416
11417
11418
11419
11420
11421
11422
11423
11424
11425
11426
11427
var InnerEcResponse v_inner_ec_response;
var Oct32 v_private_key_at;
var Oct32 v_public_compressed_key_at;
var integer v_compressed_key_mode_at;
var Oct32 v_private_enc_key_at;
var Oct32 v_public_compressed_enc_key_at;
var integer v_compressed_enc_mode_at;
var InnerAtRequest v_inner_at_request;
var Oct32 v_request_hash;
var Oct16 v_encrypted_sym_key;
var Oct16 v_aes_sym_key;
var HashedId8 v_aes_sym_key_hashed_id8;
var Oct16 v_authentication_vector;
var Oct12 v_nonce;
var octetstring v_salt;
var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
var Headers v_headers;
var HttpMessage v_response;
var EtsiTs102941Data v_etsi_ts_102941_data;
// Test control
if (not PICS_IUT_EA_ROLE) {
log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
setverdict(inconc);
stop;
}
// Test component configuration
f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);
if (f_await_http_inner_ec_request_response(v_private_key_ec, v_public_compressed_key_ec, v_compressed_key_mode_ec, v_ec_cert_hashed_id8, v_inner_ec_response) == false) {
log("*** " & testcasename() & ": INCONC: Enrolment failed ***");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
} else {
log("*** " & testcasename() & ": INFO: Enrolment succeed ***");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
}
log("*** " & testcasename() & ": DEBUG: v_inner_ec_response= ", v_inner_ec_response);
log("*** " & testcasename() & ": DEBUG: v_private_key_ec= ", v_private_key_ec);
// Generate an InnerAtRequest
if (f_generate_inner_at_request(vc_aaCertificate, -, vc_aaHashedId8, vc_eaCertificate, vc_eaWholeHash/*salt*/, vc_eaHashedId8, v_inner_ec_response.certificate, v_private_key_ec, v_private_key_at, v_public_compressed_key_at, v_compressed_key_mode_at, v_private_enc_key_at, v_public_compressed_enc_key_at, v_compressed_enc_mode_at, v_inner_at_request) == false) {
log("*** " & testcasename() & ": ERROR: Failed to generate AuthorizationValidationRequest ***");
f_selfOrClientSyncAndVerdict("error", e_error);
}
log("*** " & testcasename() & ": DEBUG: v_inner_at_request= ", v_inner_at_request);
log("*** " & testcasename() & ": DEBUG: v_private_key_at= ", v_private_key_at);
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
11461
11462
11463
11464
11465
11466
11467
11468
11469
11470
11471
11472
11473
11474
11475
11476
11477
11478
11479
11480
11481
11482
11483
11484
// Test Body
f_http_build_authorization_validation_request(v_inner_at_request, v_public_compressed_key_at, v_compressed_key_mode_at, v_private_enc_key_at, v_public_compressed_enc_key_at, v_compressed_enc_mode_at, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
v_aes_sym_key_hashed_id8 := f_hashedId8FromSha256(f_hashWithSha256('80'O & v_aes_sym_key)); // Used to match the response
f_init_default_headers_list(-, "inner_atv_request", v_headers);
f_http_send(
v_headers,
m_http_request(
m_http_request_post(
PICS_HTTP_POST_URI_ATV,
v_headers,
m_http_message_body_binary(
m_binary_body_ieee1609dot2_data(
v_ieee1609dot2_signed_and_encrypted_data
)))));
tc_ac.start;
alt {
[] a_await_atv_http_response_from_iut(
mw_http_response(
mw_http_response_ok(
mw_http_message_body_binary(
mw_binary_body_ieee1609dot2_data(
mw_authorizationResponseMessage(
mw_encryptedData(
{ *, mw_recipientInfo_pskRecipInfo(v_aes_sym_key_hashed_id8), * },
mw_symmetricCiphertext_aes128ccm
)))))),
v_response
) {
var integer v_result;
var InnerAtResponse v_inner_at_response;
f_verify_http_at_response_from_iut_atv(v_inner_at_request, v_response.response, v_private_key_at, v_aes_sym_key, v_authentication_vector, v_request_hash, v_inner_at_response, v_result);
// Set verdict
if (v_result == 0) {
log("*** " & testcasename() & ": PASS: Well-secured ATV certificate received ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
} else {
log("*** " & testcasename() & ": FAIL: Failed to verify ATV response ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
}
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
} // End of testcase TC_SECPKI_EA_AUTHVAL_06_BV
// TC_SECPKI_EA_AUTHVAL_07_BV covered by TC_SECPKI_EA_AUTHVAL_02..04_BV
// TC_SECPKI_EA_AUTHVAL_08_BV covered by TC_SECPKI_EA_AUTHVAL_02..04_BV
// TC_SECPKI_EA_AUTHVAL_09_BV covered by TC_SECPKI_EA_AUTHVAL_02..04_BV
} // End of group authorization_validation_response
* @desc SubCA certificate requests of the EA are transported to the RCA using CACertificateRequest messages across the reference point S10
* Initial conditions:
* Expected behaviour:
* ensure that {
* when {
* the IUT is requested to send a CACertificateRequestMessage
* the IUT sends a CACertificateRequestMessage
* across the reference point S10 to the RCA
* @see ETSI TS 103 525-2 v2.0.1 TP SECPKI_EA_CERTGEN_01_BV
* @reference ETSI TS 102 941, clause 6.2.1
11545
11546
11547
11548
11549
11550
11551
11552
11553
11554
11555
11556
11557
11558
11559
11560
11561
11562
11563
11564
11565
11566
11567
11568
testcase TC_SECPKI_EA_CERTGEN_01_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
setverdict(inconc);
} // End of testcase TC_SECPKI_EA_CERTGEN_01_BV
/**
* @desc The application form should include the digital fingerprint of the CACertificateRequestMessage in printable format
* <pre>
* Pics Selection:
* Initial conditions:
* Expected behaviour:
* ensure that {
* when {
* the IUT is requested to send a CACertificateRequestMessage
* }
* then {
* the IUT sends a CACertificateRequestMessage
* containing a signature (SIG)
* containing EtsiTs103097Data
* being computed using a ETSI TS 103 097 [2] approved hash algorithm
* and the IUT exports the digital fingerprint SIG in a printable format
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v2.0.1 TP SECPKI_EA_CERTGEN_02_BV
11570
11571
11572
11573
11574
11575
11576
11577
11578
11579
11580
11581
11582
11583
11584
11585
11586
11587
11588
11589
11590
11591
11592
11593
11594
11595
11596
11597
11598
11599
11600
11601
11602
11603
11604
* @reference ETSI TS 102 941, clause 6.2.1
*/
testcase TC_SECPKI_EA_CERTGEN_02_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
setverdict(inconc);
} // End of testcase TC_SECPKI_EA_CERTGEN_02_BV
/**
* @desc The hashId shall indicate the hash algorithm to be used as specified in ETSI TS 103 097,
* the signer is set to 'self' and the signature over the tbsData is computed using the private key corresponding to the new verificationKey to be certified (i.e. the request is self-signed)
* <pre>
* Pics Selection:
* Initial conditions:
* Expected behaviour:
* ensure that {
* when {
* the IUT is requested to send a CACertificateRequestMessage
* }
* then {
* the IUT sends a CACertificateRequestMessage
* containing EtsiTs103097Data-Signed structure
* containing hashId
* indicating the hash algorithm to be used
* and containing signer
* indicating 'self'
* and containing tbsData
* containing the EtsiTs102941Data structure
* containing caCertificateRequest
* containing publicKeys
* containing verification_key (VKEY)
* and containing signature
* computed over tbsData using the private key corresponding to the verificationKey (VKEY)
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v2.0.1 TP SECPKI_EA_CERTGEN_03_BV
11606
11607
11608
11609
11610
11611
11612
11613
11614
11615
11616
11617
11618
11619
11620
11621
11622
11623
11624
11625
11626
11627
11628
11629
11630
11631
11632
11633
* @reference ETSI TS 102 941, clause 6.2.1
* ETSI TS 103 097, clause 7
*/
testcase TC_SECPKI_EA_CERTGEN_03_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
setverdict(inconc);
} // End of testcase TC_SECPKI_EA_CERTGEN_03_BV
/**
* @desc An ECC private key is randomly generated, the corresponding public key (verificationKey) is provided to be included in the CaCertificateRequest
* An ECC encryption private key is randomly generated, the corresponding public key (encryptionKey) is provided to be included in the CACertificateRequest.
* CaCertificateRequest.publicKeys shall contain verification_key and encryption_key
* <pre>
* Pics Selection:
* Initial conditions:
* Expected behaviour:
* ensure that {
* when {
* the IUT is requested to send a CACertificateRequestMessage
* }
* then {
* the IUT sends a CACertificateRequestMessage
* containing caCertificateRequest
* containing publicKeys
* and containing encryption_key
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v2.0.1 TP SECPKI_EA_CERTGEN_04_BV
11635
11636
11637
11638
11639
11640
11641
11642
11643
11644
11645
11646
11647
11648
11649
11650
11651
11652
11653
11654
11655
11656
11657
11658
11659
* @reference ETSI TS 102 941, clause 6.2.1
*/
testcase TC_SECPKI_EA_CERTGEN_04_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
setverdict(inconc);
} // End of testcase TC_SECPKI_EA_CERTGEN_04_BV
/**
* @desc The EtsiTs102941Data structure is built with version set to v1 (integer value set to 1)
* <pre>
* Pics Selection:
* Initial conditions:
* Expected behaviour:
* ensure that {
* when {
* the IUT is requested to send a CACertificateRequestMessage
* }
* then {
* the IUT sends a CACertificateRequestMessage
* containing EtsiTs102941Data
* containing version
* indicating v1 (integer value set to 1)
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v2.0.1 TP SECPKI_EA_CERTGEN_05_BV
11661
11662
11663
11664
11665
11666
11667
11668
11669
11670
11671
11672
11673
11674
11675
11676
11677
11678
11679
11680
11681
11682
11683
11684
11685
* @reference ETSI TS 102 941, clause 6.2.1
*/
testcase TC_SECPKI_EA_CERTGEN_05_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
setverdict(inconc);
} // End of testcase TC_SECPKI_EA_CERTGEN_05_BV
/**
* @desc CaCertificateRequest.requestedSubjectAttributes shall contain the requested certificates attributes as specified in ETSI TS 103 097, clause 7.2.4
* <pre>
* Pics Selection:
* Initial conditions:
* Expected behaviour:
* ensure that {
* when {
* the IUT is requested to send a CACertificateRequestMessage
* }
* then {
* the IUT sends a CACertificateRequestMessage
* containing CaCertificateRequest
* containing requestedSubjectAttributes
* as specified in ETSI TS 103 097, clause 7.2.4
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v2.0.1 TP SECPKI_EA_CERTGEN_06_BV
11687
11688
11689
11690
11691
11692
11693
11694
11695
11696
11697
11698
11699
11700
11701
11702
11703
11704
11705
11706
11707
11708
11709
11710
11711
11712
11713
11714
11715
11716
* @reference ETSI TS 102 941, clause 6.2.1
* ETSI TS 103 097, clause 7.2.4
*/
testcase TC_SECPKI_EA_CERTGEN_06_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
setverdict(inconc);
} // End of testcase TC_SECPKI_EA_CERTGEN_06_BV
/**
* @desc EtsiTs103097Data-Signed.tbsData contains the EtsiTs102941Data as payload and the headerInfo containing psid and generationTime
* The psid shall be set to "secured certificate request" as assigned in ETSI TS 102 965 and the generationTime shall be present
* All other components of the component tbsdata.headerInfo are not used and absent
* <pre>
* Pics Selection:
* Initial conditions:
* Expected behaviour:
* ensure that {
* when {
* the IUT is requested to send a CACertificateRequestMessage
* }
* then {
* the IUT sends a CACertificateRequestMessage
* containing headerInfo
* containing psid
* indicating SEC_CERT_REQ
* and containing generationTime
* and not containing any other component of tbsdata.headerInfo
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v2.0.1 TP SECPKI_EA_CERTGEN_07_BV
11718
11719
11720
11721
11722
11723
11724
11725
11726
11727
11728
11729
11730
11731
11732
11733
11734
11735
11736
11737
11738
11739
11740
11741
* @reference ETSI TS 102 941, clause 6.2.1
*/
testcase TC_SECPKI_EA_CERTGEN_07_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
setverdict(inconc);
} // End of testcase TC_SECPKI_EA_CERTGEN_07_BV
/**
* @desc If the current private key has reached its end of validity period or is revoked, the SubCA shall restart the initial certificate application process
* <pre>
* Pics Selection:
* Initial conditions:
* Expected behaviour:
* ensure that {
* when {
* the IUT is requested to perform a CA certificate rekeying procedure
* and SubCA certificate is no longer valid (due to end of validity or revocation)
* }
* then {
* the IUT switches to the ''initial' state
* and sends a CACertificateRequestMessage
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v2.0.1 TP SECPKI_EA_CERTGEN_08_BV
11743
11744
11745
11746
11747
11748
11749
11750
11751
11752
11753
11754
11755
11756
11757
11758
11759
11760
11761
11762
11763
11764
11765
11766
11767
11768
11769
11770
11771
11772
11773
11774
11775
11776
* @reference ETSI TS 102 941, clause 6.2.1
*/
testcase TC_SECPKI_EA_CERTGEN_08_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
setverdict(inconc);
} // End of testcase TC_SECPKI_EA_CERTGEN_08_BV
/**
* @desc For the re-keying application to the RCA (CaCertificateRekeyingMessage), an EtsiTs103097Data-Signed structure is built, containing: hashId, tbsData, signer and signature
* The hashId shall indicate the hash algorithm to be used as specified in ETSI TS 103 097
* The signer declared as a digest, containing the hashedId8 of the EA certificate and the signature over tbsData is computed using the currently valid private key corresponding to the EA certificate (outer signature)
* <pre>
* Pics Selection:
* Initial conditions:
* Expected behaviour:
* ensure that {
* when {
* the IUT is requested to send a CACertificateRequestMessage
* }
* then {
* the IUT sends a CACertificateRequestMessage
* containing EtsiTs103097Data-Signed structure
* containing hashId
* indicating the hash algorithm to be used
* and containing tbsData
* and containing signer
* containing digest
* indicating HashedId8 of the SubCA certificate (CERT)
* and containing signature
* computed over tbsData
* using the private key corresponding to CERT
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v2.0.1 TP SECPKI_EA_CERTGEN_09_BV
11778
11779
11780
11781
11782
11783
11784
11785
11786
11787
11788
11789
11790
11791
11792
11793
11794
11795
11796
11797
11798
11799
11800
11801
11802
11803
* @reference ETSI TS 102 941, clause 6.2.1
* ETSI TS 103 097, clause 7
*/
testcase TC_SECPKI_EA_CERTGEN_09_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
setverdict(inconc);
} // End of testcase TC_SECPKI_EA_CERTGEN_09_BV
/**
* @desc The (outer) tbsData of the CACertificateRekeyingMessage shall contain the CaCertificateRequestMessage as payload
* <pre>
* Pics Selection:
* Initial conditions:
* Expected behaviour:
* ensure that {
* when {
* the IUT is requested to perform a CA certificate rekeying procedure
* }
* then {
* the IUT sends a CACertificateRekeyingMessage
* containing EtsiTs103097Data-Signed structure
* containing tbsData
* containing CaCertificateRequestMessage
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v2.0.1 TP SECPKI_EA_CERTGEN_10_BV
11805
11806
11807
11808
11809
11810
11811
11812
11813
11814
11815
11816
11817
11818
11819
11820
11821
11822
11823
11824
11825
11826
11827
11828
11829
11830
11831
11832
11833
* @reference ETSI TS 102 941, clause 6.2.1
*/
testcase TC_SECPKI_EA_CERTGEN_10_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
setverdict(inconc);
} // End of testcase TC_SECPKI_EA_CERTGEN_10_BV
/**
* @desc The (outer) tbsData of the CACertificateRekeyingMessage shall contain a headerInfo containing psid and generationTime.
* The psid shall be set to "secured certificate request" as assigned in ETSI TS 102 965 and the generationTime shall be present
* All other components of the component tbsdata.headerInfo are not used and absent
* <pre>
* Pics Selection:
* Initial conditions:
* Expected behaviour:
* ensure that {
* when {
* the IUT is requested to perform a CA certificate rekeying procedure
* }
* then {
* the IUT sends a CACertificateRekeyingMessage
* containing tbsData
* containing psid
* indicating SEC_CERT_REQ
* and containing generationTime
* and not containing any other component of tbsdata.headerInfo
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v2.0.1 TP SECPKI_EA_CERTGEN_11_BV
11835
11836
11837
11838
11839
11840
11841
11842
11843
11844
11845
11846
11847
11848
11849
11850
11851
11852
11853
11854
11855
11856
11857
11858
11859
11860
11861
11862
11863
11864
11865
11866
11867
11868
11869
11870
* @reference ETSI TS 102 941, clause 6.2.1
*/
testcase TC_SECPKI_EA_CERTGEN_11_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
setverdict(inconc);
} // End of testcase TC_SECPKI_EA_CERTGEN_11_BV
/**
* @desc Check that the CaCertificateRekeyingMessage is permitted by CA certificate
* <pre>
* Pics Selection:
* Initial conditions:
* Expected behaviour:
* ensure that {
* when {
* the IUT is requested to perform a CA certificate rekeying procedure
* }
* then {
* the IUT sends a CACertificateRekeyingMessage
* containing EtsiTs103097Data-Signed structure
* containing tbsData
* and containing signer
* containing digest
* indicating HashedId8 of the CA certificate
* containing appPermissions
* containing an item of type PsidSsp
* containing psid
* indicating AID_CERT_REQ
* and containing ssp
* containing opaque[0] (version)
* indicating 1
* containing opaque[1] (value)
* indicating 'CA Certificate Response' (bit 6) set to 1
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v2.0.1 TP SECPKI_EA_CERTGEN_12_BV
11872
11873
11874
11875
11876
11877
11878
11879
11880
11881
11882
11883
11884
11885
11886
11887
11888
11889
* @reference ETSI TS 102 941, clause 6.2.1
*/
testcase TC_SECPKI_EA_CERTGEN_12_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
setverdict(inconc);
} // End of testcase TC_SECPKI_EA_CERTGEN_12_BV
} // End of group ca_certificate_request
group authorization_with_bfk {
group bfk_auth_response {
/**
* @desc Check that the EA sends the butterfly authorization respond message after receiving of the butterfly authorization request
* Check that this message is signed with EA certificate
* <pre>
* Pics Selection: PICS_IUT_EA_ROLE
* Initial conditions:
* the EA in 'operational' state
* authorized with CERT_EA certificate
* and the ITS-S in 'enrolled' state
11893
11894
11895
11896
11897
11898
11899
11900
11901
11902
11903
11904
11905
11906
11907
11908
11909
11910
11911
11912
11913
11914
11915
11916
11917
11918
11919
11920
11921
* Expected behaviour:
* ensure that {
* when {
* the IUT receives a ButterflyAuthorizationRequestMessage message
* }
* then {
* the IUT send an EtsiTs103097Data to the ITS-S
* containing content.signedData
* containing tbsData
* containing headerInfo
* containing psid
* indicating AID_PKI_CERT_REQUEST
* and containing generationTime
* and not containing any other field
* and containing payload.data
* indicating EtsiTs102941Data
* containing version
* indicating ‘1’
* and containing content
* containing butterflyCertificateResponse
* and containing signer
* containing digest
* indicating HashedId8 of the CERT_EA
* and containing signature
* validated using CERT_EA verification public key
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v2.0.1 TP SECPKI_EA_BFK_AUTH_01_BV
* @reference ETSI TS 102 941 [1], clause 6.2.3.5.3
*/
testcase TC_SECPKI_EA_BFK_AUTH_01_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
// Local variables
var octetstring v_private_key_ec;
var octetstring v_public_compressed_key_ec;
var integer v_compressed_key_mode_ec;
var HashedId8 v_ec_cert_hashed_id8;
var InnerEcResponse v_inner_ec_response;
var octetstring v_caterpillar_private_key;
var octetstring v_caterpillar_public_key_compressed;
var integer v_caterpillar_compressed_mode;
Yann Garcia
committed
var octetstring v_caterpillar_enc_private_key;
var octetstring v_caterpillar_enc_public_key_compressed;
var integer v_caterpillar_enc_compressed_mode;
var EeRaCertRequest v_ee_ra_cert_request;
var Oct32 v_request_hash;
var Oct16 v_encrypted_sym_key;
var Oct16 v_aes_sym_key;
var HashedId8 v_aes_sym_key_hashed_id8;
var Oct16 v_authentication_vector;
var Oct12 v_nonce;
var octetstring v_salt;
var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
var Headers v_headers;
var HttpMessage v_response;
Yann Garcia
committed
// Test control
if (not PICS_IUT_EA_ROLE) {
log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
setverdict(inconc);
stop;
}
// Test component configuration
f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID);
// Test adapter configuration
// Preamble
// Trigger an enrolment request
if (f_await_http_inner_ec_request_response(v_private_key_ec, v_public_compressed_key_ec, v_compressed_key_mode_ec, v_ec_cert_hashed_id8, v_inner_ec_response, -, true) == false) {
log("*** " & testcasename() & ": INCONC: Enrolment failed ***");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
} else {
log("*** " & testcasename() & ": INFO: Enrolment succeed ***");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
}
log("*** " & testcasename() & ": DEBUG: v_inner_ec_response= ", v_inner_ec_response);
log("*** " & testcasename() & ": DEBUG: = ", v_private_key_ec);
// Generate an ButterflyAutorizationRequest
f_http_build_butterfly_authorization_request_message(v_private_key_ec, v_ec_cert_hashed_id8, v_caterpillar_private_key, v_caterpillar_public_key_compressed, v_caterpillar_compressed_mode, v_caterpillar_enc_private_key, v_caterpillar_enc_public_key_compressed, v_caterpillar_enc_compressed_mode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash, v_ee_ra_cert_request);
log("*** " & testcasename() & ": DEBUG: v_ee_ra_cert_request= ", v_ee_ra_cert_request);
log("*** " & testcasename() & ": DEBUG: v_caterpillar_private_key= ", v_caterpillar_private_key);
v_aes_sym_key_hashed_id8 := f_hashedId8FromSha256(f_hashWithSha256('80'O & v_aes_sym_key)); // Used to match the response
f_init_default_headers_list(-, "bfk_auth_request", v_headers);
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
f_http_send(
v_headers,
m_http_request(
m_http_request_post(
v_headers,
m_http_message_body_binary(
m_binary_body_ieee1609dot2_data(
v_ieee1609dot2_signed_and_encrypted_data
)))));
tc_ac.start;
alt {
[] a_await_ec_http_response_from_iut(
mw_http_response_ok(
mw_http_message_body_binary(
mw_binary_body_ieee1609dot2_data(
mw_butterflyAuthorizationResponseMessage(