Newer
Older
YannGarcia
committed
log("*** " & testcasename() & ": PICS_IUT_CA_ROLE required for executing the TC ***");
setverdict(inconc);
stop;
}
YannGarcia
committed
// Test component configuration
f_connect4SelfOrClientSync();
YannGarcia
committed
// Test adapter configuration
if (not f_loadCertificates(PX_IUT_SEC_CONFIG_NAME) ) {
log("*** INFO: TEST CASE NOW STOPPING ITSELF! ***");
stop;
}
YannGarcia
committed
// Preamble
v_result := f_get_root_ca_certificate(-, -, v_root_certificate);
if (v_result == -1) {
log("*** " & testcasename() & ": INCONC: Fail to retrive the RCA ***");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
} else {
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
}
YannGarcia
committed
10024
10025
10026
10027
10028
10029
10030
10031
10032
10033
10034
10035
10036
10037
10038
10039
10040
10041
10042
10043
10044
10045
10046
10047
10048
10049
10050
10051
10052
10053
10054
10055
10056
10057
10058
10059
10060
10061
10062
10063
10064
10065
10066
10067
10068
10069
10070
10071
10072
10073
10074
10075
10076
10077
10078
10079
10080
// Test Body
if (f_verify_rca_certificate(-, v_root_certificate, -, -, -, -, -, true) == false) {
log("*** " & testcasename() & ": FAIL: Failed to verify RCA message ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else {
log("*** " & testcasename() & ": PASS: ToBeSignedRcaCtl received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
// Postamble
f_disconnect4SelfOrClientSync();
} // End of testcase TC_SECPKI_CA_CERTGEN_16_BV
/**
* @desc Check that SSP field in each entry of the appPermissions component of the AT certificate is equal to or a subset of the SSP Range in the corresponding issuing entry
* <pre>
* Pics Selection: PICS_IUT_CA_ROLE
* Initial conditions:
* with {
* CA is in 'operational' state
* }
* Expected behaviour:
* ensure that {
* when {
* the CA issued the certificate
* containing toBeSigned
* containing certIssuePermissions
* }
* then {
* this certificate is of type EtsiTs103097Certificate
* containing issuer
* referenced to the certificate
* containing toBeSigned
* containing certIssuePermissions
* containing items of type PsidGroupPermissions
* containing eeType
* indicating app(0)
* and containing subjectPermissions
* containing explicit
* containing items of type PsidSspRange
* containing psid
* indicating X_PSID_AA
* containing sspRange
* indicating X_SSP_AA [ X_PSID_AA ]
* or containing all
* and containing toBeSigned
* containing appPermissions
* containing items of type PsidSsp
* containing psid
* indicating value equal to X_PSID_AA
* containing ssp
* indicating value permitted by X_SSP_AA [ X_PSID_AA ]
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v2.0.1 SECPKI_CA_CERTGEN_17_BV
YannGarcia
committed
* @reference ETSI TS 103 097 [1], clauses 6.4.28, 5.1.2.4
*/
YannGarcia
committed
testcase TC_SECPKI_CA_CERTGEN_17_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
YannGarcia
committed
// Local variables
var integer v_result;
var Certificate v_root_certificate;
YannGarcia
committed
// Test control
if (not PICS_IUT_CA_ROLE) {
log("*** " & testcasename() & ": PICS_IUT_CA_ROLE required for executing the TC ***");
setverdict(inconc);
stop;
}
YannGarcia
committed
// Test component configuration
f_connect4SelfOrClientSync();
YannGarcia
committed
// Test adapter configuration
if (not f_loadCertificates(PX_IUT_SEC_CONFIG_NAME) ) {
log("*** INFO: TEST CASE NOW STOPPING ITSELF! ***");
stop;
}
YannGarcia
committed
// Preamble
v_result := f_get_root_ca_certificate(-, -, v_root_certificate);
if (v_result == -1) {
log("*** " & testcasename() & ": INCONC: Fail to retrive the RCA ***");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
} else {
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
}
YannGarcia
committed
10114
10115
10116
10117
10118
10119
10120
10121
10122
10123
10124
10125
10126
10127
10128
10129
10130
10131
10132
10133
10134
10135
10136
10137
10138
10139
10140
10141
10142
10143
10144
10145
10146
10147
10148
10149
10150
10151
10152
10153
10154
10155
10156
10157
10158
10159
10160
10161
// Test Body
if (f_verify_rca_certificate(-, v_root_certificate, -, -, -, -, -, -, true) == false) {
log("*** " & testcasename() & ": FAIL: Failed to verify RCA message ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else {
log("*** " & testcasename() & ": PASS: ToBeSignedRcaCtl received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
// Postamble
f_disconnect4SelfOrClientSync();
} // End of testcase TC_SECPKI_CA_CERTGEN_17_BV
/**
* @desc Check that the validityPeriod of the subordinate certificate is inside the validityPeriod of the issuing certificate
* <pre>
* Pics Selection: PICS_IUT_CA_ROLE
* Initial conditions:
* with {
* CA is in 'operational' state
* and the CA is authorized with CA certificate
* containing toBeSigned
* containing validityPeriod
* containing start
* indicating X_START_VALIDITY_CA
* containing duration
* indicating X_DURATION_CA
* }
* Expected behaviour:
* ensure that {
* when {
* the CA issued the certificate
* containing toBeSigned
* containing certIssuePermissions
* }
* then {
* this certificate is of type EtsiTs103097Certificate
* containing toBeSigned
* containing validityPeriod
* containing start
* indicating X_START_VALIDITY ( X_START_VALIDITY >= X_START_VALIDITY_CA )
* and containing duration
* indicating value <= X_START_VALIDITY_CA + X_DURATION_CA - X_START_VALIDITY
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v2.0.1 SECPKI_CA_CERTGEN_18_BV
YannGarcia
committed
* @reference ETSI TS 103 097 [1], clauses 6.4.28, 5.1.2.4
*/
YannGarcia
committed
testcase TC_SECPKI_CA_CERTGEN_18_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
YannGarcia
committed
// Local variables
var integer v_result;
var Certificate v_root_certificate;
YannGarcia
committed
// Test control
if (not PICS_IUT_CA_ROLE) {
log("*** " & testcasename() & ": PICS_IUT_CA_ROLE required for executing the TC ***");
setverdict(inconc);
stop;
}
YannGarcia
committed
// Test component configuration
f_connect4SelfOrClientSync();
YannGarcia
committed
// Test adapter configuration
if (not f_loadCertificates(PX_IUT_SEC_CONFIG_NAME) ) {
log("*** INFO: TEST CASE NOW STOPPING ITSELF! ***");
stop;
}
YannGarcia
committed
// Preamble
v_result := f_get_root_ca_certificate(-, -, v_root_certificate);
if (v_result == -1) {
log("*** " & testcasename() & ": INCONC: Fail to retrive the RCA ***");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
} else {
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
}
YannGarcia
committed
// Test Body
if (f_verify_rca_certificate(-, v_root_certificate, -, -, -, -, -, -, -, true) == false) {
log("*** " & testcasename() & ": FAIL: Failed to verify RCA message ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else {
log("*** " & testcasename() & ": PASS: ToBeSignedRcaCtl received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
// Postamble
f_disconnect4SelfOrClientSync();
} // End of testcase TC_SECPKI_CA_CERTGEN_18_BV
} // End of group ca_behaviour
group ea_behavior {
group ea_helpers {
} // End of group ea_helpers
// ETSI TS 103 525-2 V2.0.2 (2023-07) Clause 5.4.1 Enrollment request handling
group ea_enrolment_request_handling {
10219
10220
10221
10222
10223
10224
10225
10226
10227
10228
10229
10230
10231
10232
10233
10234
10235
10236
10237
10238
10239
/**
* @desc The EnrolmentResponse message shall be sent by the EA to the ITS-S across the interface at
* reference point S3 in response to a received EnrolmentRequest message.
* <pre>
* Pics Selection: PICS_IUT_EA_ROLE
* Initial conditions:
* with {
* the IUT being in the "operational state"
* }
* Expected behaviour:
* ensure that {
* when {
* the IUT receives an EnrolmentRequestMessage across the interface at the reference point S3
* }
* then {
* the IUT answers with an EnrolmentResponseMessage across the interface at reference point S3
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v2.0.1 TP SECPKI_EA_ENR_RCV_01_BV
10241
10242
10243
10244
10245
10246
10247
10248
10249
10250
10251
10252
10253
10254
10255
10256
10257
10258
* @reference ETSI TS 102 941, clause 6.2.3.2.2
*/
testcase TC_SECPKI_EA_ENR_RCV_01_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
// Local variables
var Oct32 v_private_key;
var Oct32 v_public_compressed_key;
var integer v_compressed_mode;
var Oct32 v_request_hash;
var Oct16 v_encrypted_sym_key;
var Oct16 v_aes_sym_key;
var HashedId8 v_aes_sym_key_hashed_id8;
var Oct16 v_authentication_vector;
var Oct12 v_nonce;
var octetstring v_salt;
var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
var Headers v_headers;
var HttpMessage v_response;
var EtsiTs102941Data v_etsi_ts_102941_data;
// Test control
if (not PICS_IUT_EA_ROLE) {
log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
setverdict(inconc);
stop;
}
// Test component configuration
f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID);
// Preamble
f_http_build_inner_ec_request(v_private_key, v_public_compressed_key, v_compressed_mode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
v_aes_sym_key_hashed_id8 := f_hashedId8FromSha256(f_hashWithSha256('80'O & v_aes_sym_key)); // Used to match the response
f_init_default_headers_list(-, "inner_ec_request", v_headers);
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
10278
10279
10280
10281
10282
10283
10284
10285
10286
10287
10288
10289
10290
10291
10292
10293
10294
10295
10296
10297
10298
// Test Body
f_http_send(
v_headers,
m_http_request(
m_http_request_post(
PICS_HTTP_POST_URI_EC,
v_headers,
m_http_message_body_binary(
m_binary_body_ieee1609dot2_data(
v_ieee1609dot2_signed_and_encrypted_data
)))));
tc_ac.start;
alt {
[] a_await_ec_http_response_from_iut(
mw_http_response(
mw_http_response_ok(
mw_http_message_body_binary(
mw_binary_body_ieee1609dot2_data(
mw_enrolmentResponseMessage(
mw_encryptedData(
{ *, mw_recipientInfo_pskRecipInfo(v_aes_sym_key_hashed_id8), * },
mw_symmetricCiphertext_aes128ccm
if (f_verify_pki_response_message(v_private_key, v_aes_sym_key, v_authentication_vector, vc_eaWholeHash, v_response.response.body.binary_body.ieee1609dot2_data, true, 1, v_etsi_ts_102941_data) == false) {
log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else {
log("*** " & testcasename() & ": PASS: InnerEcResponse received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
10322
10323
10324
10325
10326
10327
10328
10329
10330
10331
10332
10333
10334
10335
10336
10337
10338
10339
10340
10341
10342
10343
10344
10345
10346
10347
10348
10349
10350
10351
10352
10353
10354
10355
10356
10357
10358
10359
10360
10361
10362
} // End of testcase TC_SECPKI_EA_ENR_RCV_01_BV
/**
* @desc Check that EA doesn't accept Enrolment rekeying request when enrolment is not permitted
* by signing certificate.
* <pre>
* Pics Selection: PICS_IUT_EA_ROLE
* Initial conditions:
* with {
* the IUT being in the "operational state"
* }
* Expected behaviour:
* ensure that {
* when {
* the IUT receives an EnrolmentRequestMessage
* containing an encrypted EtsiTs103097Data-Signed
* containing signer
* containing digest
* indicating HashedId8 of the certificate CERT
* containing appPermissions
* not containing an item of type PsidSsp
* containing psid
* indicating AID_CERT_REQ
* or containing an item of type PsidSsp
* containing psid
* indicating AID_CERT_REQ
* and containing ssp
* containing opaque[0] (version)
* indicating other value than 1
* or containing opaque[1] (value)
* indicating "Enrolment Request" (bit 1) set to 0
* }
* then {
* the IUT answers with an EnrolmentResponseMessage
* containing InnerECResponse
* containing responseCode
* indicating "deniedpermissions"
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v2.0.1 TP SECPKI_EA_ENR_RCV_02_BI
10364
10365
10366
10367
10368
10369
10370
10371
10372
10373
10374
10375
10376
10377
10378
10379
10380
* @reference ETSI TS 102 941, clause B.5
*/
testcase TC_SECPKI_EA_ENR_RCV_02_BI_01() runs on ItsPkiHttp system ItsPkiHttpSystem {
// Local variables
var Oct32 v_private_key;
var Oct32 v_public_compressed_key;
var integer v_compressed_mode;
var Oct32 v_request_hash;
var Oct16 v_encrypted_sym_key;
var Oct16 v_aes_sym_key;
var Oct16 v_authentication_vector;
var Oct12 v_nonce;
var octetstring v_salt;
var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
var Headers v_headers;
var HttpMessage v_response;
var EtsiTs102941Data v_etsi_ts_102941_data;
// Test control
if (not PICS_IUT_EA_ROLE) {
log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
setverdict(inconc);
stop;
}
// Test component configuration
f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID);
// f_cfHttpUp("CERT_TS_A_EA_AA_AUTHVAL_RCV_02_BI_01", PICS_TS_AA_CERTIFICATE_ID);
// Preamble
f_http_build_inner_ec_request_with_wrong_parameters({ valueof(m_appPermissions(c_its_aid_CAM, { bitmapSsp := PX_INNER_EC_CERTFICATE_BITMAP_SSP_SCR })) }, -, f_getCurrentTime() / 1000, valueof(m_duration_in_hours(PX_GENERATED_CERTIFICATE_DURATION)), -, v_private_key, v_public_compressed_key, v_compressed_mode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
// f_http_build_inner_ec_request(v_private_key, v_public_compressed_key, v_compressed_mode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
f_init_default_headers_list(-, "inner_ec_request", v_headers);
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
10401
10402
10403
10404
10405
10406
10407
10408
10409
10410
10411
10412
10413
10414
10415
10416
10417
10418
10419
10420
10421
// Test Body
f_http_send(
v_headers,
m_http_request(
m_http_request_post(
PICS_HTTP_POST_URI_EC,
v_headers,
m_http_message_body_binary(
m_binary_body_ieee1609dot2_data(
v_ieee1609dot2_signed_and_encrypted_data
)))));
tc_ac.start;
alt {
[] a_await_ec_http_response_from_iut(
mw_http_response(
mw_http_response_ok(
mw_http_message_body_binary(
mw_binary_body_ieee1609dot2_data(
mw_enrolmentResponseMessage(
mw_encryptedData(
-,
mw_symmetricCiphertext_aes128ccm
10428
10429
10430
10431
10432
10433
10434
10435
10436
10437
10438
10439
10440
10441
10442
10443
10444
10445
10446
if (f_verify_pki_response_message(v_private_key, v_aes_sym_key, v_authentication_vector, vc_eaWholeHash, v_response.response.body.binary_body.ieee1609dot2_data, true, 1, v_etsi_ts_102941_data) == false) {
log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else {
log(match(v_etsi_ts_102941_data, mw_etsiTs102941Data_inner_ec_response(mw_innerEcResponse_ko(substr(v_request_hash, 0, 16), deniedpermissions))));
if (match(v_etsi_ts_102941_data, mw_etsiTs102941Data_inner_ec_response(mw_innerEcResponse_ko(substr(v_request_hash, 0, 16), deniedpermissions))) == true) {
log("*** " & testcasename() & ": PASS: InnerEcResponse error code received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
} else {
log("*** " & testcasename() & ": FAIL: Invalid InnerEcResponse received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_cfHttpDown();
} // End of testcase TC_SECPKI_EA_ENR_RCV_02_BI_01
testcase TC_SECPKI_EA_ENR_RCV_02_BI_02() runs on ItsPkiHttp system ItsPkiHttpSystem {
// Local variables
var Oct32 v_private_key;
var Oct32 v_public_compressed_key;
var integer v_compressed_mode;
var Oct32 v_request_hash;
var Oct16 v_encrypted_sym_key;
var Oct16 v_aes_sym_key;
var Oct16 v_authentication_vector;
var Oct12 v_nonce;
var octetstring v_salt;
var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
var Headers v_headers;
var HttpMessage v_response;
var EtsiTs102941Data v_etsi_ts_102941_data;
// Test control
if (not PICS_IUT_EA_ROLE) {
log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
setverdict(inconc);
stop;
}
// Test component configuration
f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID);
// f_cfHttpUp("CERT_TS_A_EA_AA_AUTHVAL_RCV_02_BI_01", PICS_TS_AA_CERTIFICATE_ID);
// Preamble
f_http_build_inner_ec_request_with_wrong_parameters({ valueof(m_appPermissions(c_its_aid_SCR, { bitmapSsp := PX_INNER_EC_CERTFICATE_INCORRECT_BITMAP_SSP_SCR_WRONG_VERSION })) }, -, f_getCurrentTime() / 1000, valueof(m_duration_in_hours(PX_GENERATED_CERTIFICATE_DURATION)), -, v_private_key, v_public_compressed_key, v_compressed_mode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
// f_http_build_inner_ec_request(v_private_key, v_public_compressed_key, v_compressed_mode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
f_init_default_headers_list(-, "inner_ec_request", v_headers);
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
10488
10489
10490
10491
10492
10493
10494
10495
10496
10497
10498
10499
10500
10501
10502
10503
10504
10505
10506
10507
10508
// Test Body
f_http_send(
v_headers,
m_http_request(
m_http_request_post(
PICS_HTTP_POST_URI_EC,
v_headers,
m_http_message_body_binary(
m_binary_body_ieee1609dot2_data(
v_ieee1609dot2_signed_and_encrypted_data
)))));
tc_ac.start;
alt {
[] a_await_ec_http_response_from_iut(
mw_http_response(
mw_http_response_ok(
mw_http_message_body_binary(
mw_binary_body_ieee1609dot2_data(
mw_enrolmentResponseMessage(
mw_encryptedData(
-,
mw_symmetricCiphertext_aes128ccm
10515
10516
10517
10518
10519
10520
10521
10522
10523
10524
10525
10526
10527
10528
10529
10530
10531
10532
10533
if (f_verify_pki_response_message(v_private_key, v_aes_sym_key, v_authentication_vector, vc_eaWholeHash, v_response.response.body.binary_body.ieee1609dot2_data, true, 1, v_etsi_ts_102941_data) == false) {
log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else {
log(match(v_etsi_ts_102941_data, mw_etsiTs102941Data_inner_ec_response(mw_innerEcResponse_ko(substr(v_request_hash, 0, 16), deniedpermissions))));
if (match(v_etsi_ts_102941_data, mw_etsiTs102941Data_inner_ec_response(mw_innerEcResponse_ko(substr(v_request_hash, 0, 16), deniedpermissions))) == true) {
log("*** " & testcasename() & ": PASS: InnerEcResponse error code received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
} else {
log("*** " & testcasename() & ": FAIL: Invalid InnerEcResponse received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_cfHttpDown();
} // End of testcase TC_SECPKI_EA_ENR_RCV_02_BI_02
testcase TC_SECPKI_EA_ENR_RCV_02_BI_03() runs on ItsPkiHttp system ItsPkiHttpSystem {
// Local variables
var Oct32 v_private_key;
var Oct32 v_public_compressed_key;
var integer v_compressed_mode;
var Oct32 v_request_hash;
var Oct16 v_encrypted_sym_key;
var Oct16 v_aes_sym_key;
var Oct16 v_authentication_vector;
var Oct12 v_nonce;
var octetstring v_salt;
var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
var Headers v_headers;
var HttpMessage v_response;
var EtsiTs102941Data v_etsi_ts_102941_data;
// Test control
if (not PICS_IUT_EA_ROLE) {
log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
setverdict(inconc);
stop;
}
// Test component configuration
f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID);
// f_cfHttpUp("CERT_TS_A_EA_AA_AUTHVAL_RCV_02_BI_01", PICS_TS_AA_CERTIFICATE_ID);
// Preamble
f_http_build_inner_ec_request_with_wrong_parameters({ valueof(m_appPermissions(c_its_aid_SCR, { bitmapSsp := PX_INNER_EC_CERTFICATE_INCORRECT_BITMAP_SSP_SCR_WRONG_SSP_BIT })) }, -, f_getCurrentTime() / 1000, valueof(m_duration_in_hours(PX_GENERATED_CERTIFICATE_DURATION)), -, v_private_key, v_public_compressed_key, v_compressed_mode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
// f_http_build_inner_ec_request(v_private_key, v_public_compressed_key, v_compressed_mode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
f_init_default_headers_list(-, "inner_ec_request", v_headers);
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
10575
10576
10577
10578
10579
10580
10581
10582
10583
10584
10585
10586
10587
10588
10589
10590
10591
10592
10593
10594
10595
// Test Body
f_http_send(
v_headers,
m_http_request(
m_http_request_post(
PICS_HTTP_POST_URI_EC,
v_headers,
m_http_message_body_binary(
m_binary_body_ieee1609dot2_data(
v_ieee1609dot2_signed_and_encrypted_data
)))));
tc_ac.start;
alt {
[] a_await_ec_http_response_from_iut(
mw_http_response(
mw_http_response_ok(
mw_http_message_body_binary(
mw_binary_body_ieee1609dot2_data(
mw_enrolmentResponseMessage(
mw_encryptedData(
-,
mw_symmetricCiphertext_aes128ccm
10602
10603
10604
10605
10606
10607
10608
10609
10610
10611
10612
10613
10614
10615
10616
10617
10618
10619
10620
if (f_verify_pki_response_message(v_private_key, v_aes_sym_key, v_authentication_vector, vc_eaWholeHash, v_response.response.body.binary_body.ieee1609dot2_data, true, 1, v_etsi_ts_102941_data) == false) {
log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else {
log(match(v_etsi_ts_102941_data, mw_etsiTs102941Data_inner_ec_response(mw_innerEcResponse_ko(substr(v_request_hash, 0, 16), deniedpermissions))));
if (match(v_etsi_ts_102941_data, mw_etsiTs102941Data_inner_ec_response(mw_innerEcResponse_ko(substr(v_request_hash, 0, 16), deniedpermissions))) == true) {
log("*** " & testcasename() & ": PASS: InnerEcResponse error code received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
} else {
log("*** " & testcasename() & ": FAIL: Invalid InnerEcResponse received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_cfHttpDown();
} // End of testcase TC_SECPKI_EA_ENR_RCV_02_BI_03
10627
10628
10629
10630
10631
10632
10633
10634
10635
10636
10637
10638
10639
10640
10641
10642
10643
10644
/**
* @desc Enroll an ITS-Station, but with a canonical-ID, that is not registered.
*/
testcase TC_SECPKI_EA_ENR_RCV_05_BI() runs on ItsPkiHttp system ItsPkiHttpSystem {
// Local variables
var Oct32 v_private_key;
var Oct32 v_public_compressed_key;
var integer v_compressed_mode;
var Oct32 v_request_hash;
var Oct16 v_encrypted_sym_key;
var Oct16 v_aes_sym_key;
var Oct16 v_authentication_vector;
var Oct12 v_nonce;
var octetstring v_salt;
var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
var Headers v_headers;
var HttpMessage v_response;
var EtsiTs102941Data v_etsi_ts_102941_data;
// Test control
if (not PICS_IUT_EA_ROLE) {
log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
setverdict(inconc);
stop;
}
// Test component configuration
f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);
// Preamble
f_http_build_inner_ec_request_with_wrong_parameters({ valueof(m_appPermissions(c_its_aid_SCR, { bitmapSsp := PX_INNER_EC_CERTFICATE_BITMAP_SSP_SCR })) }, PICS_INVALID_ITS_S_CANONICAL_ID, f_getCurrentTime() / 1000, valueof(m_duration_in_hours(PX_GENERATED_CERTIFICATE_DURATION)), -, v_private_key, v_public_compressed_key, v_compressed_mode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
f_init_default_headers_list(-, "inner_ec_request", v_headers);
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
10663
10664
10665
10666
10667
10668
10669
10670
10671
10672
10673
10674
10675
10676
10677
10678
10679
10680
10681
10682
10683
// Test Body
f_http_send(
v_headers,
m_http_request(
m_http_request_post(
PICS_HTTP_POST_URI_EC,
v_headers,
m_http_message_body_binary(
m_binary_body_ieee1609dot2_data(
v_ieee1609dot2_signed_and_encrypted_data
)))));
tc_ac.start;
alt {
[] a_await_ec_http_response_from_iut(
mw_http_response(
mw_http_response_ok(
mw_http_message_body_binary(
mw_binary_body_ieee1609dot2_data(
mw_enrolmentResponseMessage(
mw_encryptedData(
-,
mw_symmetricCiphertext_aes128ccm
10690
10691
10692
10693
10694
10695
10696
10697
10698
10699
10700
10701
10702
10703
10704
10705
10706
10707
10708
if (f_verify_pki_response_message(v_private_key, v_aes_sym_key, v_authentication_vector, vc_eaWholeHash, v_response.response.body.binary_body.ieee1609dot2_data, true, 1, v_etsi_ts_102941_data) == false) {
log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else {
log(match(v_etsi_ts_102941_data, mw_etsiTs102941Data_inner_ec_response(mw_innerEcResponse_ko(substr(v_request_hash, 0, 16), unknownits))));
if (match(v_etsi_ts_102941_data, mw_etsiTs102941Data_inner_ec_response(mw_innerEcResponse_ko(substr(v_request_hash, 0, 16), unknownits))) == false) {
log("*** " & testcasename() & ": FAIL: Invalid InnerEcResponse received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else {
log("*** " & testcasename() & ": PASS: InnerEcResponse with deniedrequest received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
}
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_cfHttpDown();
} // End of testcase TC_SECPKI_EA_ENR_RCV_05_BI
10715
10716
10717
10718
10719
10720
10721
10722
10723
10724
10725
10726
10727
10728
10729
10730
10731
10732
10733
/**
* @desc Enroll the ITS-Station, but the CSR re-quests more permissions than the issuer allows,
* i.e. request for security management SSP bit which is not set in the EA SSP
*/
testcase TC_SECPKI_EA_ENR_RCV_06_BI() runs on ItsPkiHttp system ItsPkiHttpSystem {
// Local variables
var Oct32 v_private_key;
var Oct32 v_public_compressed_key;
var integer v_compressed_mode;
var Oct32 v_request_hash;
var Oct16 v_encrypted_sym_key;
var Oct16 v_aes_sym_key;
var Oct16 v_authentication_vector;
var Oct12 v_nonce;
var octetstring v_salt;
var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
var Headers v_headers;
var HttpMessage v_response;
var EtsiTs102941Data v_etsi_ts_102941_data;
// Test control
if (not PICS_IUT_EA_ROLE) {
log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
setverdict(inconc);
stop;
}
// Test component configuration
f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);
// Preamble
f_http_build_inner_ec_request_with_wrong_parameters({ valueof(m_appPermissions(c_its_aid_SCR, { bitmapSsp := PX_INNER_EC_CERTFICATE_INCORRECT_BITMAP_SSP_SCR })) }, -, f_getCurrentTime() / 1000, valueof(m_duration_in_hours(PX_GENERATED_CERTIFICATE_DURATION)), -, v_private_key, v_public_compressed_key, v_compressed_mode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
f_init_default_headers_list(-, "inner_ec_request", v_headers);
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
10752
10753
10754
10755
10756
10757
10758
10759
10760
10761
10762
10763
10764
10765
10766
10767
10768
10769
10770
10771
10772
// Test Body
f_http_send(
v_headers,
m_http_request(
m_http_request_post(
PICS_HTTP_POST_URI_EC,
v_headers,
m_http_message_body_binary(
m_binary_body_ieee1609dot2_data(
v_ieee1609dot2_signed_and_encrypted_data
)))));
tc_ac.start;
alt {
[] a_await_ec_http_response_from_iut(
mw_http_response(
mw_http_response_ok(
mw_http_message_body_binary(
mw_binary_body_ieee1609dot2_data(
mw_enrolmentResponseMessage(
mw_encryptedData(
-,
mw_symmetricCiphertext_aes128ccm
10779
10780
10781
10782
10783
10784
10785
10786
10787
10788
10789
10790
10791
10792
10793
10794
10795
10796
10797
if (f_verify_pki_response_message(v_private_key, v_aes_sym_key, v_authentication_vector, vc_eaWholeHash, v_response.response.body.binary_body.ieee1609dot2_data, true, 1, v_etsi_ts_102941_data) == false) {
log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else {
log(match(v_etsi_ts_102941_data, mw_etsiTs102941Data_inner_ec_response(mw_innerEcResponse_ko(substr(v_request_hash, 0, 16), deniedpermissions))));
if (match(v_etsi_ts_102941_data, mw_etsiTs102941Data_inner_ec_response(mw_innerEcResponse_ko(substr(v_request_hash, 0, 16), deniedpermissions))) == false) {
log("*** " & testcasename() & ": FAIL: Invalid InnerEcResponse received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else {
log("*** " & testcasename() & ": PASS: InnerEcResponse with deniedpermissions received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
}
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
10799
10800
10801
10802
10803
10804
10805
10806
10807
10808
10809
10810
10811
10812
10813
10814
10815
10816
10817
10818
10819
10820
10821
// Postamble
f_cfHttpDown();
} // End of testcase TC_SECPKI_EA_ENR_RCV_06_BI
/**
* @desc Enroll the ITS-Station, but the CSR requests a AID permission that the issuer does not allow, i.e. request for CAM AID
*/
testcase TC_SECPKI_EA_ENR_RCV_07_BI() runs on ItsPkiHttp system ItsPkiHttpSystem {
// Local variables
var Oct32 v_private_key;
var Oct32 v_public_compressed_key;
var integer v_compressed_mode;
var Oct32 v_request_hash;
var Oct16 v_encrypted_sym_key;
var Oct16 v_aes_sym_key;
var Oct16 v_authentication_vector;
var Oct12 v_nonce;
var octetstring v_salt;
var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
var Headers v_headers;
var HttpMessage v_response;
var EtsiTs102941Data v_etsi_ts_102941_data;
// Test control
if (not PICS_IUT_EA_ROLE) {
log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
setverdict(inconc);
stop;
}
// Test component configuration
f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);
// Preamble
f_http_build_inner_ec_request_with_wrong_parameters({ valueof(m_appPermissions(c_its_aid_SCR, { bitmapSsp := PX_INNER_EC_CERTFICATE_BITMAP_SSP_SCR })), valueof(m_appPermissions(c_its_aid_CAM, { bitmapSsp := PX_INNER_EC_CERTFICATE_BITMAP_SSP_CAM })) }, -, f_getCurrentTime() / 1000, valueof(m_duration_in_hours(PX_GENERATED_CERTIFICATE_DURATION)), -, v_private_key, v_public_compressed_key, v_compressed_mode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
f_init_default_headers_list(-, "inner_ec_request", v_headers);
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
10840
10841
10842
10843
10844
10845
10846
10847
10848
10849
10850
10851
10852
10853
10854
10855
10856
10857
10858
10859
10860
// Test Body
f_http_send(
v_headers,
m_http_request(
m_http_request_post(
PICS_HTTP_POST_URI_EC,
v_headers,
m_http_message_body_binary(
m_binary_body_ieee1609dot2_data(
v_ieee1609dot2_signed_and_encrypted_data
)))));
tc_ac.start;
alt {
[] a_await_ec_http_response_from_iut(
mw_http_response(
mw_http_response_ok(
mw_http_message_body_binary(
mw_binary_body_ieee1609dot2_data(
mw_enrolmentResponseMessage(
mw_encryptedData(
-,
mw_symmetricCiphertext_aes128ccm
10867
10868
10869
10870
10871
10872
10873
10874
10875
10876
10877
10878
10879
10880
10881
10882
10883
10884
10885
if (f_verify_pki_response_message(v_private_key, v_aes_sym_key, v_authentication_vector, vc_eaWholeHash, v_response.response.body.binary_body.ieee1609dot2_data, true, 1, v_etsi_ts_102941_data) == false) {
log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else {
log(match(v_etsi_ts_102941_data, mw_etsiTs102941Data_inner_ec_response(mw_innerEcResponse_ko(substr(v_request_hash, 0, 16), deniedpermissions))));
if (match(v_etsi_ts_102941_data, mw_etsiTs102941Data_inner_ec_response(mw_innerEcResponse_ko(substr(v_request_hash, 0, 16), deniedpermissions))) == false) {
log("*** " & testcasename() & ": FAIL: Invalid InnerEcResponse received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else {
log("*** " & testcasename() & ": PASS: InnerEcResponse with deniedpermissions received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
}
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
10887
10888
10889
10890
10891
10892
10893
10894
10895
10896
10897
10898
10899
10900
10901
10902
10903
10904
10905
10906
10907
10908
10909
// Postamble
f_cfHttpDown();
} // End of testcase TC_SECPKI_EA_ENR_RCV_07_BI
/**
* @desc Enroll the ITS-Station, but the expiring date of the CSR is before the start date of the EA
*/
testcase TC_SECPKI_EA_ENR_RCV_08_BI() runs on ItsPkiHttp system ItsPkiHttpSystem {
// Local variables
var Oct32 v_private_key;
var Oct32 v_public_compressed_key;
var integer v_compressed_mode;
var Oct32 v_request_hash;
var Oct16 v_encrypted_sym_key;
var Oct16 v_aes_sym_key;
var Oct16 v_authentication_vector;
var Oct12 v_nonce;
var octetstring v_salt;
var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
var Headers v_headers;
var HttpMessage v_response;
var EtsiTs102941Data v_etsi_ts_102941_data;
// Test control
if (not PICS_IUT_EA_ROLE) {
log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
setverdict(inconc);
stop;
}
// Test component configuration
f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);
// Preamble
f_http_build_inner_ec_request_with_wrong_parameters({ valueof(m_appPermissions(c_its_aid_SCR, { bitmapSsp := PX_INNER_EC_CERTFICATE_BITMAP_SSP_SCR })) }, -, vc_eaCertificate.toBeSigned.validityPeriod.start_ / 2, valueof(m_duration_years(50)), -, v_private_key, v_public_compressed_key, v_compressed_mode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
f_init_default_headers_list(-, "inner_ec_request", v_headers);
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
10928
10929
10930
10931
10932
10933
10934
10935
10936
10937
10938
10939
10940
10941
10942
10943
10944
10945
10946
10947
10948
// Test Body
f_http_send(
v_headers,
m_http_request(
m_http_request_post(
PICS_HTTP_POST_URI_EC,
v_headers,
m_http_message_body_binary(
m_binary_body_ieee1609dot2_data(
v_ieee1609dot2_signed_and_encrypted_data
)))));
tc_ac.start;
alt {
[] a_await_ec_http_response_from_iut(
mw_http_response(
mw_http_response_ok(
mw_http_message_body_binary(
mw_binary_body_ieee1609dot2_data(
mw_enrolmentResponseMessage(
mw_encryptedData(
-,
mw_symmetricCiphertext_aes128ccm
10955
10956
10957
10958
10959
10960
10961
10962
10963
10964
10965
10966
10967
10968
10969
10970
10971
10972
10973
if (f_verify_pki_response_message(v_private_key, v_aes_sym_key, v_authentication_vector, vc_eaWholeHash, v_response.response.body.binary_body.ieee1609dot2_data, true, 1, v_etsi_ts_102941_data) == false) {
log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else {
log(match(v_etsi_ts_102941_data, mw_etsiTs102941Data_inner_ec_response(mw_innerEcResponse_ko(substr(v_request_hash, 0, 16), deniedrequest))));
if (match(v_etsi_ts_102941_data, mw_etsiTs102941Data_inner_ec_response(mw_innerEcResponse_ko(substr(v_request_hash, 0, 16), deniedrequest))) == false) {
log("*** " & testcasename() & ": FAIL: Invalid InnerEcResponse received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else {
log("*** " & testcasename() & ": PASS: InnerEcResponse with deniedrequest received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
}
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
10975
10976
10977
10978
10979
10980
10981
10982
10983
10984
10985
10986
10987
10988
10989
10990
10991
10992
10993
10994
10995
10996
10997
// Postamble
f_cfHttpDown();
} // End of testcase TC_SECPKI_EA_ENR_RCV_08_BI
/**
* @desc Enroll the ITS-Station, but the start date of the CSR is before the start date of the EA
*/
testcase TC_SECPKI_EA_ENR_RCV_09_BI() runs on ItsPkiHttp system ItsPkiHttpSystem {
// Local variables
var Oct32 v_private_key;
var Oct32 v_public_compressed_key;
var integer v_compressed_mode;
var Oct32 v_request_hash;
var Oct16 v_encrypted_sym_key;
var Oct16 v_aes_sym_key;
var Oct16 v_authentication_vector;
var Oct12 v_nonce;
var octetstring v_salt;
var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
var Headers v_headers;
var HttpMessage v_response;
var EtsiTs102941Data v_etsi_ts_102941_data;