Newer
Older
v_ea.start(f_TC_SECPKI_ITSS_ENR_REP_03_BV_pki());
// Synchronization
f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
// Cleanup
f_cfMtcDown01(v_itss, v_ea);
} // End of testcase TC_SECPKI_ITSS_ENR_REP_03_BV
group f_TC_SECPKI_ITSS_ENR_REP_03_BV {
function f_TC_SECPKI_ITSS_ENR_REP_03_BV_pki() runs on ItsPkiHttp system ItsPkiItssSystem {
// Local variable
var Headers v_headers;
var HttpMessage v_request;
var HttpMessage v_initial_request;
// Test component configuration
f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);
// Test adapter configuration
// Preamble
f_init_default_headers_list(-, "inner_ec_response", v_headers);
tc_ac.start;
alt {
[] a_await_ec_http_request_from_iut(mw_http_ec_request_generic, v_initial_request) {
log("*** " & testcasename() & ": INFO: First enrolment request received ***");
tc_ac.stop;
f_http_restart("inner_ec_request");
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: First enrolment request not received ***");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
}
} // End of 'alt' statement
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
tc_ac.start;
alt {
[] a_await_ec_http_request_from_iut(mw_http_ec_request_generic, v_request) {
log("*** " & testcasename() & ": EC repetition has been received ***");
var HttpMessage v_response;
var integer v_result;
var InnerEcRequest v_inner_ec_request;
var InnerEcResponse v_inner_ec_response;
tc_ac.stop;
// Verify IUT response
// Generate response when requests are same
if (match(v_request, v_initial_request)) {
f_verify_http_ec_request_from_iut_itss(v_request.request, v_headers, v_inner_ec_request, v_inner_ec_response, v_response, v_result);
// Send response
if (isvalue(v_response)) {
httpPort.send(v_response);
} else { // Send HTTP error 500
f_send_500_Internal_Error(v_headers);
}
// Set verdict
if (v_result == 0) {
log("*** " & testcasename() & ": PASS: InnerEcRequest received ***");
} else {
log("*** " & testcasename() & ": FAIL: Failed to verify EA an EnrolmentRequestMessage ***");
}
} else {
log("*** " & testcasename() & ": FAIL: Repetition request is different ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
log("*** " & testcasename() & ": PASS: EC repetition request was not received ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
3081
3082
3083
3084
3085
3086
3087
3088
3089
3090
3091
3092
3093
3094
3095
3096
3097
3098
3099
3100
3101
3102
3103
3104
3105
3106
3107
3108
3109
3110
3111
3112
3113
// Postamble
f_cfHttpDown();
} // End of function f_TC_SECPKI_ITSS_ENR_REP_03_BV_pki
} // End of group f_TC_SECPKI_ITSS_ENR_REP_03_BV
/**
* @desc Check that IUT stops sending the Enrollment Request message if maximum number of retry has been reached
* <pre>
* Pics Selection: PICS_SECPKI_ENROLLMENT_RETRY
* Initial conditions: {
* the IUT being in the 'initialized' state
* and the IUT has started sending the Enrollment Request
* }
* Expected behaviour:
* ensure that {
* when {
* the IUT sent the PIXIT_ENR_MAX_N1 Enrollment Request messages
* }
* then {
* the IUT stops sending Enrollment Requests
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 TP SECPKI_ITSS_ENR_REP_04_BV
* @reference ETSI TS 103 601, clause 5.1.2
*/
testcase TC_SECPKI_ITSS_ENR_REP_04_BV() runs on ItsMtc system ItsPkiItssSystem {
// Local variables
var ItsPkiItss v_itss;
var ItsPkiHttp v_ea;
// Test control
if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_ENROLMENT or not PICS_SECPKI_ENROLLMENT_RETRY) {
log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT or PICS_SECPKI_ENROLLMENT_RETRY required for executing the TC ***");
setverdict(inconc);
stop;
}
// Test component configuration
f_cfMtcUp01(v_itss, v_ea);
v_itss.start(f_TC_SECPKI_ITSS_ENR_01_BV_itss()); // reused from ENR group
v_ea.start(f_TC_SECPKI_ITSS_ENR_REP_04_BV_pki());
// Synchronization
f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
// Cleanup
f_cfMtcDown01(v_itss, v_ea);
} // End of testcase TC_SECPKI_ITSS_ENR_REP_04_BV
group f_TC_SECPKI_ITSS_ENR_REP_04_BV {
function f_TC_SECPKI_ITSS_ENR_REP_04_BV_pki() runs on ItsPkiHttp system ItsPkiItssSystem {
// Local variable
var Headers v_headers;
var HttpMessage v_initial_request;
var HttpMessage v_request;
var integer v_count := 0;
// Test component configuration
f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);
// Test adapter configuration
// Preamble
f_init_default_headers_list(-, "inner_ec_response", v_headers);
f_selfOrClientSyncAndVerdict(c_prDone, e_success);
// Test Body
tc_ac.start;
alt{
[v_count <= PX_ENR_MAX_N1] a_await_ec_http_request_from_iut(mw_http_ec_request_generic, v_initial_request) {
v_count := v_count + 1;
repeat;
}
[] a_await_ec_http_request_from_iut(mw_http_ec_request_generic, v_initial_request){
// count exceed
log("*** " & testcasename() & ": FAIL: Too many repetitions of Enrolment requests received ***");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_error);
}
[] tc_ac.timeout{
if(v_count > PX_ENR_MAX_N1){
log("*** " & testcasename() & ": PASS: Maximum number of Enrollment request repetitions received ***");
f_selfOrClientSyncAndVerdict(c_prDone, e_success);
} else {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout);
3176
3177
3178
3179
3180
3181
3182
3183
3184
3185
3186
3187
3188
3189
3190
3191
3192
3193
3194
3195
3196
3197
3198
3199
3200
3201
3202
3203
3204
3205
3206
3207
3208
3209
}
// Postamble
f_cfHttpDown();
} // End of function f_TC_SECPKI_ITSS_ENR_REP_04_BV_pki
} // End of group f_TC_SECPKI_ITSS_ENR_REP_04_BV
/**
* @desc Check that IUT stops sending the Enrollment Request message if timeout has been reached
* <pre>
* Pics Selection: PICS_SECPKI_ENROLLMENT_RETRY
* Initial conditions: {
* the IUT being in the 'initialized' state
* and the IUT has started sending the Enrollment Request at the time T1
* }
* Expected behaviour:
* ensure that {
* when {
* the IUT sent the PIXIT_ENR_TIMEOUT_TH2 Enrollment Request messages
* }
* then {
* the IUT stops sending an Enrollment Request messages
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 TP SECPKI_ITSS_ENR_REP_05_BV
* @reference ETSI TS 103 601, clause 5.1.2
*/
testcase TC_SECPKI_ITSS_ENR_REP_05_BV() runs on ItsMtc system ItsPkiItssSystem {
// Local variables
var ItsPkiItss v_itss;
var ItsPkiHttp v_ea;
// Test control
if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_ENROLMENT or not PICS_SECPKI_ENROLLMENT_RETRY) {
log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT or PICS_SECPKI_ENROLLMENT_RETRY required for executing the TC ***");
setverdict(inconc);
stop;
}
// Test component configuration
f_cfMtcUp01(v_itss, v_ea);
v_itss.start(f_TC_SECPKI_ITSS_ENR_01_BV_itss()); // reused from ENR group
v_ea.start(f_TC_SECPKI_ITSS_ENR_REP_05_BV_pki());
// Synchronization
f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
// Cleanup
f_cfMtcDown01(v_itss, v_ea);
} // End of testcase TC_SECPKI_ITSS_ENR_REP_05_BV
group f_TC_SECPKI_ITSS_ENR_REP_05_BV {
function f_TC_SECPKI_ITSS_ENR_REP_05_BV_pki() runs on ItsPkiHttp system ItsPkiItssSystem {
// Local variable
var Headers v_headers;
// Test component configuration
f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);
// Test adapter configuration
// Preamble
f_init_default_headers_list(-, "inner_ec_response", v_headers);
[] a_await_ec_http_request_from_iut(mw_http_ec_request_generic, v_initial_request) {
log("*** " & testcasename() & ": INFO: First enrolment request received ***");
f_http_restart("inner_ec_request");
}
log("*** " & testcasename() & ": INCONC: First enrolment request not received ***");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
}
} // End of 'alt' statement
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test body
tc_wait.start(PX_EC_REPETITION_TIMEOUT_TH2);
alt {
[] a_await_ec_http_request_from_iut(mw_http_ec_request_generic, v_request) {
log("*** " & testcasename() & ": FAIL: No EC repetition should be received ***");
tc_wait.stop;
f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
}
[] tc_wait.timeout {
log("*** " & testcasename() & ": PASS: EC repetition not received ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
}
}
// Postamble
f_cfHttpDown();
} // End of function f_TC_SECPKI_ITSS_ENR_REP_05_BV_pki
} // End of group f_TC_SECPKI_ITSS_ENR_REP_05_BV
} // End of group itss_enrollment_request_repetition
// ETSI TS 103 525-2 V2.0.2 (2023-07) Clause 5.2.3.1 Authorization request
/**
* @desc Check that the ITS-S send the Authorization HttpRequest message to the Authorization Authority (AA) to request an authorization ticket.
* <pre>
* Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION
* Initial conditions:
* with {
* the IUT being in the "operational state"
* }
* Expected behaviour:
* ensure that {
* when {
* the IUT is triggered to requested a new Authorization Ticket (AT)
* }
* then {
* the IUT sends EtsiTs103097Data to the AA
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v2.0.1 SECPKI_ITSS_AUTH_01_BV
* @reference ETSI TS 102 941 [2], clause 6.2.3.3.0
*/
testcase TC_SECPKI_ITSS_AUTH_01_BV() runs on ItsMtc system ItsPkiItssSystem {
// Local variables
var ItsPkiItss v_itss;
var ItsPkiHttp v_ea;
// Test control
if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_AUTHORIZATION) {
log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION required for executing the TC ***");
setverdict(inconc);
stop;
}
// Test component configuration
f_cfMtcUp01(v_itss, v_ea);
// Start component
v_itss.start(f_TC_SECPKI_ITSS_AUTH_01_BV_itss());
v_ea.start(f_TC_SECPKI_ITSS_AUTH_01_BV_pki());
// Synchronization
f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
function f_TC_SECPKI_ITSS_AUTH_01_BV_itss() runs on ItsPkiItss system ItsPkiItssSystem {
// Local variables
var HashedId8 v_certificate_digest;
var EtsiTs103097Certificate v_certificate;
var InfoPortData v_info_port_data;
var boolean v_start_awaiting := false;
vc_hashedId8ToBeUsed := "";
YannGarcia
committed
geoNetworkingPort.clear;
YannGarcia
committed
alt {
[] geoNetworkingPort.receive {
log("No CA message expected");
f_selfOrClientSyncAndVerdict(c_prDone, e_error);
YannGarcia
committed
}
log("*** " & testcasename() & "_itss: : INFO: No CA message received ***");
if (PX_TRIGGER_EC_BEFORE_AT) {
f_sendUtTriggerEnrolmentRequestPrimitive();
tc_ac.start;
alt {
[] utPort.receive(UtPkiTriggerInd: { state := 1 }) {
tc_ac.stop;
log("*** " & testcasename() & "_itss: INFO: IUT is in enrol state ***");
}
[LibItsPki_Pics.PICS_UT_STATE_INDICATION] tc_ac.timeout {
log("*** " & testcasename() & "_itss: DBG: IUT state update not recieved ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout);
}
[not(LibItsPki_Pics.PICS_UT_STATE_INDICATION)] tc_ac.timeout {
log("*** " & testcasename() & "_itss: DBG: IUT doesn't support state indication. Assume it was well done.***");
}
} // End of 'alt' statement
} else {
log("*** " & testcasename() & "_itss: DBG: Assume IUT already in enrolled state.***");
}
f_selfOrClientSyncAndVerdict(c_prDone, e_success);
}
} // End of 'alt' statement
// Test Body
f_sendUtTriggerAuthorizationRequestPrimitive();
tc_ac.start;
alt {
[v_start_awaiting == true] a_await_cam_with_current_cert(
v_info_port_data.at_certificate
) {
log("*** " & testcasename() & ": PASS: IUT started to send CA message using new AT certificate ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
}
[] geoNetworkingPort.receive {
log("*** " & testcasename() & ": FAIL: IUT started to send CA message using wrong AT certificate ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
}
[] infoPort.receive(InfoPortData:?) -> value v_info_port_data {
log("*** " & testcasename() & ": INFO: Received new AT certificate ***");
v_start_awaiting := true;
repeat;
}
[] tc_ac.timeout {
log("*** " & testcasename() & "_itss: : PASS: No CA message received ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_cfDown_itss();
} // End of function f_TC_SECPKI_ITSS_AUTH_01_BV_itss
function f_TC_SECPKI_ITSS_AUTH_01_BV_pki() runs on ItsPkiHttp system ItsPkiItssSystem {
// Local variable
var Headers v_headers;
var HttpMessage v_request;
var InnerEcRequest v_inner_ec_request;
var template (omit) EtsiTs103097Certificate v_ec_cert := omit;
// Test component configuration
f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);
f_init_default_headers_list(-, "inner_at_response", v_headers);
if (f_await_ec_request_send_response(v_inner_ec_request, v_inner_ec_response, v_request) == true) {
v_ec_cert := v_inner_ec_response.certificate;
log("*** " & testcasename() & ": INFO: Enrolment succeed ***");
f_selfOrClientSyncAndVerdict(c_prDone, e_success);
} else {
log("*** " & testcasename() & ": INCONC: Enrolment failed ***");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
}
} else {
f_selfOrClientSyncAndVerdict(c_prDone, e_success);
}
[] a_await_at_http_request_from_iut(
mw_http_request(
mw_http_request_post(
PICS_HTTP_POST_URI_AT,
-,
mw_http_message_body_binary(
mw_binary_body_ieee1609dot2_data(
mw_enrolmentRequestMessage(
mw_encryptedData(
{ *, mw_recipientInfo_certRecipInfo(mw_pKRecipientInfo(vc_aaHashedId8)), * },
mw_symmetricCiphertext_aes128ccm
var HttpMessage v_response;
var integer v_result;
var InnerAtRequest v_inner_at_request;
var InnerAtResponse v_inner_at_response;
f_verify_http_at_request_from_iut_itss(v_request.request, v_headers, v_ec_cert, v_inner_at_request, v_inner_at_response, v_response, v_result);
log("f_TC_SECPKI_ITSS_AUTH_01_BV_pki: v_result: ", v_result);
log("f_TC_SECPKI_ITSS_AUTH_01_BV_pki: v_response: ", v_response);
// Send response
if (isvalue(v_response)) {
httpPort.send(v_response);
}
// Set verdict
if (v_result == 0) {
var octetstring v_msg;
var octetstring v_hashed_id8;
log("*** " & testcasename() & ": PASS: InnerAtResponse received ***");
v_msg := bit2oct(encvalue(v_inner_at_response.certificate));
if (ischosen(v_inner_at_response.certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaBrainpoolP384r1)) {
v_hashed_id8 := f_hashedId8FromSha384(f_hashWithSha384(v_msg));
} else {
v_hashed_id8 := f_hashedId8FromSha256(f_hashWithSha256(v_msg));
}
infoPort.send(InfoPortData : { hashed_id8 := v_hashed_id8, at_certificate := v_inner_at_response.certificate });
f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
} else {
log("*** " & testcasename() & ": FAIL: Failed to verify EA an EnrolmentRequestMessage ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
}
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_cfHttpDown();
} // End of function f_TC_SECPKI_ITSS_AUTH_01_BV_pki
3506
3507
3508
3509
3510
3511
3512
3513
3514
3515
3516
3517
3518
3519
3520
3521
3522
3523
3524
3525
3526
3527
3528
3529
3530
3531
/**
* @desc Check that the AuthorizationRequest message is encrypted and sent to only one Authorization Authority.
* <pre>
* Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION
* Initial conditions:
* with {
* the IUT being in the "operational state"
* authorized with CERT_AA certificate
* }
* Expected behaviour:
* ensure that {
* when {
* the IUT is triggered to requested a new Authorization Ticket (AT)
* }
* then {
* the IUT sends EtsiTs103097Data to the AA
* containing content.encryptedData.recipients
* indicating size 1
* and containing the instance of RecipientInfo
* containing certRecipInfo
* containing recipientId
* indicating HashedId8 of the CERT_AA
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v2.0.1 SECPKI_ITSS_AUTH_02_BV
* @reference ETSI TS 102 941 [2], clause 6.2.3.3.1
*/
testcase TC_SECPKI_ITSS_AUTH_02_BV() runs on ItsMtc system ItsPkiItssSystem {
// Local variables
var ItsPkiItss v_itss;
var ItsPkiHttp v_ea;
// Test control
if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_AUTHORIZATION) {
log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION required for executing the TC ***");
setverdict(inconc);
stop;
}
// Test component configuration
f_cfMtcUp01(v_itss, v_ea);
// Start component
v_itss.start(f_TC_SECPKI_ITSS_AUTH_01_BV_itss());
v_ea.start(f_TC_SECPKI_ITSS_AUTH_01_BV_pki());
// Synchronization
f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
3562
3563
3564
3565
3566
3567
3568
3569
3570
3571
3572
3573
3574
3575
3576
3577
3578
3579
3580
3581
3582
3583
3584
3585
3586
/**
* @desc Check that the AuthorizationRequest message is encrypted using the encryptionKey found in the AA certificate referenced in recipientId.
* <pre>
* Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION
* Initial conditions:
* with {
* the IUT being in the "operational state"
* authorized with AA certificate
* containing encryptionKey (AA_ENC_PUB_KEY)
* }
* Expected behaviour:
* ensure that {
* when {
* the IUT is triggered to requested a new Authorization Ticket (AT)
* }
* then {
* the IUT sends EtsiTs103097Data to the AA
* containing content.encryptedData
* containing ciphertext
* containing data
* encrypted using AA_ENC_PUB_KEY
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v2.0.1 SECPKI_ITSS_AUTH_03_BV
* @reference ETSI TS 102 941 [2], clause 6.2.3.3.1
*/
testcase TC_SECPKI_ITSS_AUTH_03_BV() runs on ItsMtc system ItsPkiItssSystem {
// Local variables
var ItsPkiItss v_itss;
var ItsPkiHttp v_ea;
// Test control
if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_AUTHORIZATION) {
log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION required for executing the TC ***");
setverdict(inconc);
stop;
}
// Test component configuration
f_cfMtcUp01(v_itss, v_ea);
// Start component
v_itss.start(f_TC_SECPKI_ITSS_AUTH_01_BV_itss());
v_ea.start(f_TC_SECPKI_ITSS_AUTH_01_BV_pki());
// Synchronization
f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
/**
* @desc Check that the AuthorizationRequest message is never reused the same encryption key and nonce.
* <pre>
* Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION
* Initial conditions:
* with {
* the IUT being in the "operational state"
* }
* Expected behaviour:
* ensure that {
* when {
* the IUT is triggered to requested a new Authorization Ticket (AT)
* }
* then {
* the IUT sends EtsiTs103097Data to the AA
* containing content.encryptedData
* containing ciphertext.aes128Ccm.nonce
* indicating value not equal to the nonce in N previous messages
* and containing recipients[0].certRecipInfo.encKey
* containing encrypted symmetric key (S_KEY)
* indicating symmetric key not equal to the key was used in N previous messages
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v2.0.1 SECPKI_ITSS_AUTH_04_BV
* @reference ETSI TS 102 941 [2], clause 6.2.3.3.1
*/
testcase TC_SECPKI_ITSS_AUTH_04_BV() runs on ItsMtc system ItsPkiItssSystem {
// Local variables
var ItsPkiItss v_itss;
var ItsPkiHttp v_ea;
// Test control
if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_AUTHORIZATION) {
log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION required for executing the TC ***");
setverdict(inconc);
stop;
}
// Test component configuration
f_cfMtcUp01(v_itss, v_ea);
// Start component
v_itss.start(f_TC_SECPKI_ITSS_AUTH_04_BV_itss());
v_ea.start(f_TC_SECPKI_ITSS_AUTH_04_BV_pki());
// Synchronization
f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
function f_TC_SECPKI_ITSS_AUTH_04_BV_itss() runs on ItsPkiItss system ItsPkiItssSystem {
// Local variables
var HashedId8 v_certificate_digest := int2oct(0, 8);
var EtsiTs103097Certificate v_certificate;
3684
3685
3686
3687
3688
3689
3690
3691
3692
3693
3694
3695
3696
3697
3698
3699
3700
3701
3702
3703
3704
3705
3706
3707
3708
// Preamble
// First enrolment
geoNetworkingPort.clear;
tc_ac.start;
alt {
[] a_await_cam_with_current_cert(v_certificate) {
tc_ac.stop;
if (PX_TRIGGER_EC_BEFORE_AT) {
f_sendUtTriggerEnrolmentRequestPrimitive();
f_selfOrClientSyncAndVerdict(c_prDone, e_success);
}
}
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mw_etsiTs103097Data_signed
))) {
repeat;
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected CA message not received ***");
f_selfOrClientSyncAndVerdict(c_prDone, e_timeout);
}
} // End of 'alt' statement
// Test Body
// N authorization
for (var integer v_i := 0; v_i < PX_RE_AUTHORIZATION_COUNTER; v_i := v_i + 1) {
f_sendUtTriggerAuthorizationRequestPrimitive();
f_sleep(PX_RE_AUTHORIZATION_DELAY);
} // End of 'for' statement
log("*** " & testcasename() & ": PASS: Enrolment trigger sent succesfully ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
// Postamble
f_cfDown_itss();
} // End of function f_TC_SECPKI_ITSS_AUTH_04_BV_itss
function f_TC_SECPKI_ITSS_AUTH_04_BV_pki() runs on ItsPkiHttp system ItsPkiItssSystem {
// Local variable
var integer v_counter := 0;
var Headers v_headers;
var HttpMessage v_request;
var HttpMessage v_response;
var InnerAtRequest v_inner_at_request;
var ListOfPublicVerificationKey v_generated_keys;
var integer v_result;
// Preamble
/*f_init_default_headers_list(-, "inner_at_response", v_headers);
// Wait for the first enrolment response
tc_ac.start;
alt {
[] a_await_at_http_response_from_iut(
mw_http_request(
mw_http_request_post(
PICS_HTTP_POST_URI_EC,
-,
mw_http_message_body_binary(
mw_binary_body_ieee1609dot2_data(
mw_enrolmentRequestMessage(
mw_encryptedData(
{ *, mw_recipientInfo_pskRecipInfo(vc_aaHashedId8), * },
mw_symmetricCiphertext_aes128ccm
)))))),
v_request
) {
tc_ac.stop;
// Verify IUT response
f_verify_http_at_request_from_iut_itss(v_request.request, v_request.headers, v_inner_at_request, v_response, v_result);
// Send response
if (isvalue(v_response)) {
httpPort.send(v_response);
}
// Set verdict
if (v_result == 0) {
v_generated_keys[v_counter] := v_inner_at_request.publicKeys.verificationKey;
v_counter := v_counter + 1;
f_selfOrClientSyncAndVerdictTestBody(c_prDone, e_success);
} else {
log("*** " & testcasename() & ": FAIL: Failed to verify EA an EnrolmentRequestMessage ***");
f_selfOrClientSyncAndVerdict(c_prDone, e_error);
}
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdict(c_prDone, e_timeout);
}
} // End of 'alt' statement
// Test Body
tc_ac.start;
alt {
[] a_await_at_http_response_from_iut(
mw_http_request(
mw_http_request_post(
PICS_HTTP_POST_URI_AT,
-,
mw_http_message_body_binary(
mw_binary_body_ieee1609dot2_data(
mw_enrolmentRequestMessage(
mw_encryptedData(
{ *, mw_recipientInfo_pskRecipInfo(vc_aaHashedId8), * },
mw_symmetricCiphertext_aes128ccm
)))))),
v_request
) {
tc_ac.stop;
// Verify IUT response
f_verify_http_at_request_from_iut_itss(v_request.request, v_request.headers, v_inner_at_request, v_response, v_result);
3802
3803
3804
3805
3806
3807
3808
3809
3810
3811
3812
3813
3814
3815
3816
3817
3818
3819
3820
3821
3822
3823
3824
3825
3826
3827
3828
3829
3830
3831
3832
3833
3834
3835
// Send response
if (isvalue(v_response)) {
httpPort.send(v_response);
}
// Set verdict
if (v_result == 0) {
log("*** " & testcasename() & ": LOG: ", match(v_generated_keys, superset(v_inner_at_request.publicKeys.verificationKey)), "***");
if (match(v_generated_keys, superset(v_inner_at_request.publicKeys.verificationKey))) {
v_generated_keys[v_counter] := v_inner_at_request.publicKeys.verificationKey;
v_counter := v_counter + 1;
f_selfOrClientSyncAndVerdictTestBody(c_prDone, e_success);
} else {
log("*** " & testcasename() & ": FAIL: Duplication of generated public keys ***");
f_selfOrClientSyncAndVerdict(c_prDone, e_error);
}
} else {
log("*** " & testcasename() & ": FAIL: Failed to verify EA an EnrolmentRequestMessage ***");
f_selfOrClientSyncAndVerdict(c_prDone, e_error);
}
}
[] tc_ac.timeout {
if (v_counter == PX_RE_AUTHORIZATION_COUNTER) {
log("*** " & testcasename() & ": PASS: InnerAtRequest received with different key pairs ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
} else {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout);
}
}
} // End of 'alt' statement
*/
// Postamble
f_cfHttpDown();
} // End of function f_TC_SECPKI_ITSS_AUTH_04_BV_pki
YannGarcia
committed
3840
3841
3842
3843
3844
3845
3846
3847
3848
3849
3850
3851
3852
3853
3854
3855
3856
3857
3858
3859
3860
3861
* @desc Check that the Authozation request protocol version is set to 1.
* <pre>
* Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION
* Initial conditions:
* with {
* the IUT being in the "operational state"
* }
* Expected behaviour:
* ensure that {
* when {
* the IUT is triggered to requested a new Authorization Ticket (AT)
* }
* then {
* the IUT sends EtsiTs103097Data to the AA
* containing version
* indicating value 1
* and containing content
* containing autihorizationRequest
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v2.0.1 SECPKI_ITSS_AUTH_05_BV
YannGarcia
committed
* @reference ETSI TS 102 941 [2], clause 6.2.3.3.1
*/
testcase TC_SECPKI_ITSS_AUTH_05_BV() runs on ItsMtc system ItsPkiItssSystem {
// Local variables
var ItsPkiItss v_itss;
var ItsPkiHttp v_ea;
YannGarcia
committed
// Test control
if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_AUTHORIZATION) {
log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION required for executing the TC ***");
setverdict(inconc);
stop;
}
YannGarcia
committed
// Test component configuration
f_cfMtcUp01(v_itss, v_ea);
YannGarcia
committed
// Start component
v_itss.start(f_TC_SECPKI_ITSS_AUTH_01_BV_itss());
v_ea.start(f_TC_SECPKI_ITSS_AUTH_01_BV_pki());
YannGarcia
committed
// Synchronization
f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
YannGarcia
committed
// Cleanup
f_cfMtcDown01(v_itss, v_ea);
YannGarcia
committed
} // End of testcase TC_SECPKI_ITSS_AUTH_05_BV
3892
3893
3894
3895
3896
3897
3898
3899
3900
3901
3902
3903
3904
3905
3906
3907
3908
3909
3910
3911
3912
3913
3914
3915
3916
3917
3918
3919
3920
3921
3922
3923
3924
3925
3926
3927
3928
3929
3930
3931
3932
3933
3934
3935
3936
3937
3938
3939
3940
3941
3942
3943
3944
3945
3946
3947
3948
3949
3950
3951
3952
3953
3954
3955
3956
3957
3958
3959
3960
3961
3962
3963
3964
3965
3966
3967
3968
3969
3970
3971
3972
3973
3974
3975
3976
3977
3978
3979
3980
3981
3982
3983
3984
3985
3986
3987
3988
3989
3990
3991
3992
3993
3994
3995
3996
3997
3998
3999
4000
/**
* @desc Check that for each authorization request the ITS-S generates a new verification key pair
* Check that for each authorization request the ITS-S generates a new encryption key pair
* Check that for each authorization request the ITS-S generates a new hmac-key
* <pre>
* Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION
* Initial conditions:
* with {
* the IUT in 'enrolled' state
* the IUT being in the "operational state"
* }
* Expected behaviour:
* ensure that {
* when {
* the IUT is triggered to request new Authorization Ticket (AT)
* }
* then {
* the IUT sends a EtsiTs103097Data to the AA
* containing EtsiTs102941Data
* containing authorizationRequest
* containing publicKeys
* containing verificationKey
* indicating value not equal to the field verificationKey of N previous messages
* and not containing encryptionKey
* or containing encryptionKey
* indicating value not equal to the field encryptionKey of N previous messages
* and containing hmacKey
* indicating value not equal to the field hmacKey of N previous messages
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v2.0.1 SECPKI_ITSS_AUTH_06_BV
* @reference ETSI TS 102 941 [2], clause 6.2.3.3.1
*/
testcase TC_SECPKI_ITSS_AUTH_06_BV() runs on ItsMtc system ItsPkiItssSystem {
// Local variables
var ItsPkiItss v_itss;
var ItsPkiHttp v_ea;
// Test control
if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_AUTHORIZATION) {
log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION required for executing the TC ***");
setverdict(inconc);
stop;
}
// Test component configuration
f_cfMtcUp01(v_itss, v_ea);
// Start component
v_itss.start(f_TC_SECPKI_ITSS_AUTH_06_BV_itss());
v_ea.start(f_TC_SECPKI_ITSS_AUTH_06_BV_pki());
// Synchronization
f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
// Cleanup
f_cfMtcDown01(v_itss, v_ea);
} // End of testcase TC_SECPKI_ITSS_AUTH_06_BV
group f_TC_SECPKI_ITSS_AUTH_06_BV {
function f_TC_SECPKI_ITSS_AUTH_06_BV_itss() runs on ItsPkiItss system ItsPkiItssSystem {
// Local variables
var HashedId8 v_certificate_digest := int2oct(0, 8);
var EtsiTs103097Certificate v_certificate;
// Test component configuration
f_cfUp_itss();
// Test adapter configuration
// Preamble
// First enrolment
geoNetworkingPort.clear;
tc_ac.start;
alt {
[] a_await_cam_with_current_cert(v_certificate) {
tc_ac.stop;
if (PX_TRIGGER_EC_BEFORE_AT) {
f_sendUtTriggerEnrolmentRequestPrimitive();
f_selfOrClientSyncAndVerdict(c_prDone, e_success);
}
}
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mw_etsiTs103097Data_signed
))) {
repeat;
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected CA message not received ***");
f_selfOrClientSyncAndVerdict(c_prDone, e_timeout);
}
} // End of 'alt' statement
// Test Body
// N authorization
for (var integer v_i := 0; v_i < PX_RE_AUTHORIZATION_COUNTER; v_i := v_i + 1) {
f_sendUtTriggerAuthorizationRequestPrimitive();
f_sleep(PX_RE_AUTHORIZATION_DELAY);
} // End of 'for' statement
log("*** " & testcasename() & ": PASS: Enrolment trigger sent succesfully ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);