Newer
Older
// Test component configuration
f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);
10010
10011
10012
10013
10014
10015
10016
10017
10018
10019
10020
10021
10022
10023
10024
10025
10026
10027
10028
// Preamble
// Trigger an enrolment request
if (f_await_http_inner_ec_request_response(v_private_key_ec, v_public_compressed_key_ec, v_compressed_key_mode_ec, v_inner_ec_response) == false) {
log("*** " & testcasename() & ": INCONC: Enrolment failed ***");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
} else {
log("*** " & testcasename() & ": INFO: Enrolment succeed ***");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
}
log("*** " & testcasename() & ": DEBUG: v_inner_ec_response= ", v_inner_ec_response);
log("*** " & testcasename() & ": DEBUG: v_private_key_ec= ", v_private_key_ec);
// Generate an InnerAtRequest
if (f_generate_inner_at_request(vc_aaCertificate, -, vc_aaHashedId8, vc_eaCertificate, vc_eaWholeHash/*salt*/, vc_eaHashedId8, v_inner_ec_response.certificate, v_private_key_ec, v_private_key_at, v_public_compressed_key_at, v_compressed_key_mode_at, v_private_enc_key_at, v_public_compressed_enc_key_at, v_compressed_enc_mode_at, v_inner_at_request) == false) {
log("*** " & testcasename() & ": ERROR: Failed to generate AuthorizationValidationRequest ***");
f_selfOrClientSyncAndVerdict("error", e_error);
}
log("*** " & testcasename() & ": DEBUG: v_inner_at_request= ", v_inner_at_request);
log("*** " & testcasename() & ": DEBUG: v_private_key_at= ", v_private_key_at);
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
10030
10031
10032
10033
10034
10035
10036
10037
10038
10039
10040
10041
10042
10043
10044
10045
10046
10047
10048
10049
10050
10051
10052
10053
// Test Body
f_http_build_authorization_validation_request(v_inner_at_request, v_public_compressed_key_at, v_compressed_key_mode_at, v_private_enc_key_at, v_public_compressed_enc_key_at, v_compressed_enc_mode_at, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
v_aes_sym_key_hashed_id8 := f_hashedId8FromSha256(f_hashWithSha256('80'O & v_aes_sym_key)); // Used to match the response
f_init_default_headers_list(-, "inner_atv_request", v_headers);
f_http_send(
v_headers,
m_http_request(
m_http_request_post(
PICS_HTTP_POST_URI_ATV,
v_headers,
m_http_message_body_binary(
m_binary_body_ieee1609dot2_data(
v_ieee1609dot2_signed_and_encrypted_data
)))));
tc_ac.start;
alt {
[] a_await_atv_http_response_from_iut(
mw_http_response(
mw_http_response_ok(
mw_http_message_body_binary(
mw_binary_body_ieee1609dot2_data(
mw_authorizationResponseMessage(
mw_encryptedData(
{ *, mw_recipientInfo_pskRecipInfo(v_aes_sym_key_hashed_id8), * },
mw_symmetricCiphertext_aes128ccm
)))))),
v_response
) {
var integer v_result;
var InnerAtResponse v_inner_at_response;
f_verify_http_at_response_from_iut_atv(v_inner_at_request, v_response.response, v_private_key_at, v_aes_sym_key, v_authentication_vector, v_request_hash, v_inner_at_response, v_result);
// Set verdict
if (v_result == 0) {
log("*** " & testcasename() & ": PASS: Well-secured AT certificate received ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
} else {
log("*** " & testcasename() & ": FAIL: Failed to verify AT response ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
}
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
10084
10085
10086
10087
10088
10089
10090
10091
10092
10093
10094
10095
10096
10097
10098
10099
10100
10101
10102
10103
/**
* @desc To read an authorization validation response, the AA shall receive an EtsiTs103097Data-Encrypted structure,
* containing a EtsiTs103097Data-Signed structure, containing a EtsiTs102941Data structure, containing an
* AuthorizationValidationResponse structure.
* <pre>
* Pics Selection: PICS_IUT_EA_ROLE
* Initial conditions:
* Expected behaviour:
* ensure that {
* when {
* the IUT receives a AuthorizationValidationRequest message
* }
* then {
* the IUT sends a AuthorizationValidationResponse message
* containing EtsiTs103097Data-Signed
* containing AuthorizationValidationResponse
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v1.2.2 TP SECPKI_EA_AUTHVAL_02_BV
10105
10106
10107
10108
10109
10110
10111
10112
10113
10114
10115
10116
10117
10118
10119
10120
10121
10122
10123
10124
10125
10126
10127
10128
10129
10130
* @reference ETSI TS 102 941, clause 6.2.3.4.2
*/
testcase TC_SECPKI_EA_AUTHVAL_02_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
// Local variables
var Oct32 v_private_key_ec;
var Oct32 v_public_compressed_key_ec;
var integer v_compressed_key_mode_ec;
var InnerEcResponse v_inner_ec_response;
var Oct32 v_private_key_at;
var Oct32 v_public_compressed_key_at;
var integer v_compressed_key_mode_at;
var Oct32 v_private_enc_key_at;
var Oct32 v_public_compressed_enc_key_at;
var integer v_compressed_enc_mode_at;
var InnerAtRequest v_inner_at_request;
var Oct32 v_request_hash;
var Oct16 v_encrypted_sym_key;
var Oct16 v_aes_sym_key;
var HashedId8 v_aes_sym_key_hashed_id8;
var Oct16 v_authentication_vector;
var Oct12 v_nonce;
var octetstring v_salt;
var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
var Headers v_headers;
var HttpMessage v_response;
var EtsiTs102941Data v_etsi_ts_102941_data;
// Test control
if (not PICS_IUT_EA_ROLE) {
log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
setverdict(inconc);
stop;
}
// Test component configuration
f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);
10144
10145
10146
10147
10148
10149
10150
10151
10152
10153
10154
10155
10156
10157
10158
10159
10160
10161
10162
// Preamble
// Trigger an enrolment request
if (f_await_http_inner_ec_request_response(v_private_key_ec, v_public_compressed_key_ec, v_compressed_key_mode_ec, v_inner_ec_response) == false) {
log("*** " & testcasename() & ": INCONC: Enrolment failed ***");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
} else {
log("*** " & testcasename() & ": INFO: Enrolment succeed ***");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
}
log("*** " & testcasename() & ": DEBUG: v_inner_ec_response= ", v_inner_ec_response);
log("*** " & testcasename() & ": DEBUG: v_private_key_ec= ", v_private_key_ec);
// Generate an InnerAtRequest
if (f_generate_inner_at_request(vc_aaCertificate, -, vc_aaHashedId8, vc_eaCertificate, vc_eaWholeHash/*salt*/, vc_eaHashedId8, v_inner_ec_response.certificate, v_private_key_ec, v_private_key_at, v_public_compressed_key_at, v_compressed_key_mode_at, v_private_enc_key_at, v_public_compressed_enc_key_at, v_compressed_enc_mode_at, v_inner_at_request) == false) {
log("*** " & testcasename() & ": ERROR: Failed to generate AuthorizationValidationRequest ***");
f_selfOrClientSyncAndVerdict("error", e_error);
}
log("*** " & testcasename() & ": DEBUG: v_inner_at_request= ", v_inner_at_request);
log("*** " & testcasename() & ": DEBUG: v_private_key_at= ", v_private_key_at);
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
10164
10165
10166
10167
10168
10169
10170
10171
10172
10173
10174
10175
10176
10177
10178
10179
10180
10181
10182
10183
10184
10185
10186
10187
// Test Body
f_http_build_authorization_validation_request(v_inner_at_request, v_public_compressed_key_at, v_compressed_key_mode_at, v_private_enc_key_at, v_public_compressed_enc_key_at, v_compressed_enc_mode_at, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
v_aes_sym_key_hashed_id8 := f_hashedId8FromSha256(f_hashWithSha256('80'O & v_aes_sym_key)); // Used to match the response
f_init_default_headers_list(-, "inner_atv_request", v_headers);
f_http_send(
v_headers,
m_http_request(
m_http_request_post(
PICS_HTTP_POST_URI_ATV,
v_headers,
m_http_message_body_binary(
m_binary_body_ieee1609dot2_data(
v_ieee1609dot2_signed_and_encrypted_data
)))));
tc_ac.start;
alt {
[] a_await_atv_http_response_from_iut(
mw_http_response(
mw_http_response_ok(
mw_http_message_body_binary(
mw_binary_body_ieee1609dot2_data(
mw_authorizationResponseMessage(
mw_encryptedData(
{ *, mw_recipientInfo_pskRecipInfo(v_aes_sym_key_hashed_id8), * },
mw_symmetricCiphertext_aes128ccm
)))))),
v_response
) {
var integer v_result;
var InnerAtResponse v_inner_at_response;
f_verify_http_at_response_from_iut_atv(v_inner_at_request, v_response.response, v_private_key_at, v_aes_sym_key, v_authentication_vector, v_request_hash, v_inner_at_response, v_result);
// Set verdict
if (v_result == 0) {
log("*** " & testcasename() & ": PASS: Well-secured ATV certificate received ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
} else {
log("*** " & testcasename() & ": FAIL: Failed to verify ATV response ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
}
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
10218
10219
10220
10221
10222
10223
10224
10225
10226
10227
10228
10229
10230
10231
10232
10233
10234
10235
10236
10237
10238
10239
10240
10241
10242
/**
* @desc The AuthorizationValidationResponse structure contains the requestHash being the left-most 16 octets of
* the SHA256 digest of the EtsiTs103097Data-Signed structure received in the AuthorizationValidationRequest
* and a responseCode.
* <pre>
* Pics Selection: PICS_IUT_EA_ROLE
* Initial conditions:
* Expected behaviour:
* ensure that {
* when {
* the IUT receives a AuthorizationValidationRequest message
* containing EtsiTs103097Data-Signed structure (REQDSS)
* }
* then {
* the IUT sends a AuthorizationValidationResponse message
* containing EtsiTs103097Data-Signed
* containing EtsiTs102941Data
* containing AuthorizationValidationResponse
* containing requestHash
* indicating the left-most 16 octets of the SHA256 digest of REQDSS
* and containing responseCode
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v1.2.2 TP SECPKI_EA_AUTHVAL_03_BV
10244
10245
10246
10247
10248
10249
10250
10251
10252
10253
10254
10255
10256
10257
10258
10259
10260
10261
10262
10263
10264
10265
10266
10267
10268
10269
* @reference ETSI TS 102 941, clause 6.2.3.4.2
*/
testcase TC_SECPKI_EA_AUTHVAL_03_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
// Local variables
var Oct32 v_private_key_ec;
var Oct32 v_public_compressed_key_ec;
var integer v_compressed_key_mode_ec;
var InnerEcResponse v_inner_ec_response;
var Oct32 v_private_key_at;
var Oct32 v_public_compressed_key_at;
var integer v_compressed_key_mode_at;
var Oct32 v_private_enc_key_at;
var Oct32 v_public_compressed_enc_key_at;
var integer v_compressed_enc_mode_at;
var InnerAtRequest v_inner_at_request;
var Oct32 v_request_hash;
var Oct16 v_encrypted_sym_key;
var Oct16 v_aes_sym_key;
var HashedId8 v_aes_sym_key_hashed_id8;
var Oct16 v_authentication_vector;
var Oct12 v_nonce;
var octetstring v_salt;
var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
var Headers v_headers;
var HttpMessage v_response;
var EtsiTs102941Data v_etsi_ts_102941_data;
// Test control
if (not PICS_IUT_EA_ROLE) {
log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
setverdict(inconc);
stop;
}
// Test component configuration
f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);
10283
10284
10285
10286
10287
10288
10289
10290
10291
10292
10293
10294
10295
10296
10297
10298
10299
10300
10301
// Preamble
// Trigger an enrolment request
if (f_await_http_inner_ec_request_response(v_private_key_ec, v_public_compressed_key_ec, v_compressed_key_mode_ec, v_inner_ec_response) == false) {
log("*** " & testcasename() & ": INCONC: Enrolment failed ***");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
} else {
log("*** " & testcasename() & ": INFO: Enrolment succeed ***");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
}
log("*** " & testcasename() & ": DEBUG: v_inner_ec_response= ", v_inner_ec_response);
log("*** " & testcasename() & ": DEBUG: v_private_key_ec= ", v_private_key_ec);
// Generate an InnerAtRequest
if (f_generate_inner_at_request(vc_aaCertificate, -, vc_aaHashedId8, vc_eaCertificate, vc_eaWholeHash/*salt*/, vc_eaHashedId8, v_inner_ec_response.certificate, v_private_key_ec, v_private_key_at, v_public_compressed_key_at, v_compressed_key_mode_at, v_private_enc_key_at, v_public_compressed_enc_key_at, v_compressed_enc_mode_at, v_inner_at_request) == false) {
log("*** " & testcasename() & ": ERROR: Failed to generate AuthorizationValidationRequest ***");
f_selfOrClientSyncAndVerdict("error", e_error);
}
log("*** " & testcasename() & ": DEBUG: v_inner_at_request= ", v_inner_at_request);
log("*** " & testcasename() & ": DEBUG: v_private_key_at= ", v_private_key_at);
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
10303
10304
10305
10306
10307
10308
10309
10310
10311
10312
10313
10314
10315
10316
10317
10318
10319
10320
10321
10322
10323
10324
10325
10326
// Test Body
f_http_build_authorization_validation_request(v_inner_at_request, v_public_compressed_key_at, v_compressed_key_mode_at, v_private_enc_key_at, v_public_compressed_enc_key_at, v_compressed_enc_mode_at, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
v_aes_sym_key_hashed_id8 := f_hashedId8FromSha256(f_hashWithSha256('80'O & v_aes_sym_key)); // Used to match the response
f_init_default_headers_list(-, "inner_atv_request", v_headers);
f_http_send(
v_headers,
m_http_request(
m_http_request_post(
PICS_HTTP_POST_URI_ATV,
v_headers,
m_http_message_body_binary(
m_binary_body_ieee1609dot2_data(
v_ieee1609dot2_signed_and_encrypted_data
)))));
tc_ac.start;
alt {
[] a_await_atv_http_response_from_iut(
mw_http_response(
mw_http_response_ok(
mw_http_message_body_binary(
mw_binary_body_ieee1609dot2_data(
mw_authorizationResponseMessage(
mw_encryptedData(
{ *, mw_recipientInfo_pskRecipInfo(v_aes_sym_key_hashed_id8), * },
mw_symmetricCiphertext_aes128ccm
)))))),
v_response
) {
var integer v_result;
var InnerAtResponse v_inner_at_response;
f_verify_http_at_response_from_iut_atv(v_inner_at_request, v_response.response, v_private_key_at, v_aes_sym_key, v_authentication_vector, v_request_hash, v_inner_at_response, v_result);
// Set verdict
if (v_result == 0) {
log("*** " & testcasename() & ": PASS: Well-secured ATV certificate received ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
} else {
log("*** " & testcasename() & ": FAIL: Failed to verify ATV response ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
}
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
10357
10358
10359
10360
10361
10362
10363
10364
10365
10366
10367
10368
10369
10370
10371
10372
10373
10374
10375
10376
10377
10378
10379
10380
10381
/**
* @desc If the responseCode is 0, the AuthorizationValidationResponse structure contains the component
* confirmedSubjectAttributes with the attributes the EA wishes to confirm, except for certIssuePermissions
* which is not allowed to be present.
* <pre>
* Pics Selection: PICS_IUT_EA_ROLE
* Initial conditions:
* Expected behaviour:
* ensure that {
* when {
* the IUT receives a AuthorizationValidationRequest message
* and the IUT responds with a AuthorizationValidationResponse message
* containing AuthorizationValidationResponse
* containing responseCode
* indicating 0
* }
* then {
* the IUT sends a AuthorizationValidationResponse message
* contains an AuthorizationValidationResponse structure
* containing confirmedSubjectAttributes
* not containing certIssuePermissions
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v1.2.2 TP SECPKI_EA_AUTHVAL_04_BV
10383
10384
10385
10386
10387
10388
10389
10390
10391
10392
10393
10394
10395
10396
10397
10398
10399
10400
10401
10402
10403
10404
10405
10406
10407
10408
* @reference ETSI TS 102 941, clause 6.2.3.4.2
*/
testcase TC_SECPKI_EA_AUTHVAL_04_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
// Local variables
var Oct32 v_private_key_ec;
var Oct32 v_public_compressed_key_ec;
var integer v_compressed_key_mode_ec;
var InnerEcResponse v_inner_ec_response;
var Oct32 v_private_key_at;
var Oct32 v_public_compressed_key_at;
var integer v_compressed_key_mode_at;
var Oct32 v_private_enc_key_at;
var Oct32 v_public_compressed_enc_key_at;
var integer v_compressed_enc_mode_at;
var InnerAtRequest v_inner_at_request;
var Oct32 v_request_hash;
var Oct16 v_encrypted_sym_key;
var Oct16 v_aes_sym_key;
var HashedId8 v_aes_sym_key_hashed_id8;
var Oct16 v_authentication_vector;
var Oct12 v_nonce;
var octetstring v_salt;
var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
var Headers v_headers;
var HttpMessage v_response;
var EtsiTs102941Data v_etsi_ts_102941_data;
// Test control
if (not PICS_IUT_EA_ROLE) {
log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
setverdict(inconc);
stop;
}
// Test component configuration
f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);
10422
10423
10424
10425
10426
10427
10428
10429
10430
10431
10432
10433
10434
10435
10436
10437
10438
10439
10440
// Preamble
// Trigger an enrolment request
if (f_await_http_inner_ec_request_response(v_private_key_ec, v_public_compressed_key_ec, v_compressed_key_mode_ec, v_inner_ec_response) == false) {
log("*** " & testcasename() & ": INCONC: Enrolment failed ***");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
} else {
log("*** " & testcasename() & ": INFO: Enrolment succeed ***");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
}
log("*** " & testcasename() & ": DEBUG: v_inner_ec_response= ", v_inner_ec_response);
log("*** " & testcasename() & ": DEBUG: v_private_key_ec= ", v_private_key_ec);
// Generate an InnerAtRequest
if (f_generate_inner_at_request(vc_aaCertificate, -, vc_aaHashedId8, vc_eaCertificate, vc_eaWholeHash/*salt*/, vc_eaHashedId8, v_inner_ec_response.certificate, v_private_key_ec, v_private_key_at, v_public_compressed_key_at, v_compressed_key_mode_at, v_private_enc_key_at, v_public_compressed_enc_key_at, v_compressed_enc_mode_at, v_inner_at_request) == false) {
log("*** " & testcasename() & ": ERROR: Failed to generate AuthorizationValidationRequest ***");
f_selfOrClientSyncAndVerdict("error", e_error);
}
log("*** " & testcasename() & ": DEBUG: v_inner_at_request= ", v_inner_at_request);
log("*** " & testcasename() & ": DEBUG: v_private_key_at= ", v_private_key_at);
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
10442
10443
10444
10445
10446
10447
10448
10449
10450
10451
10452
10453
10454
10455
10456
10457
10458
10459
10460
10461
10462
10463
10464
10465
// Test Body
f_http_build_authorization_validation_request(v_inner_at_request, v_public_compressed_key_at, v_compressed_key_mode_at, v_private_enc_key_at, v_public_compressed_enc_key_at, v_compressed_enc_mode_at, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
v_aes_sym_key_hashed_id8 := f_hashedId8FromSha256(f_hashWithSha256('80'O & v_aes_sym_key)); // Used to match the response
f_init_default_headers_list(-, "inner_atv_request", v_headers);
f_http_send(
v_headers,
m_http_request(
m_http_request_post(
PICS_HTTP_POST_URI_ATV,
v_headers,
m_http_message_body_binary(
m_binary_body_ieee1609dot2_data(
v_ieee1609dot2_signed_and_encrypted_data
)))));
tc_ac.start;
alt {
[] a_await_atv_http_response_from_iut(
mw_http_response(
mw_http_response_ok(
mw_http_message_body_binary(
mw_binary_body_ieee1609dot2_data(
mw_authorizationResponseMessage(
mw_encryptedData(
{ *, mw_recipientInfo_pskRecipInfo(v_aes_sym_key_hashed_id8), * },
mw_symmetricCiphertext_aes128ccm
)))))),
v_response
) {
var integer v_result;
var InnerAtResponse v_inner_at_response;
f_verify_http_at_response_from_iut_atv(v_inner_at_request, v_response.response, v_private_key_at, v_aes_sym_key, v_authentication_vector, v_request_hash, v_inner_at_response, v_result);
// Set verdict
if (v_result == 0) {
log("*** " & testcasename() & ": PASS: Well-secured ATV certificate received ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
} else {
log("*** " & testcasename() & ": FAIL: Failed to verify ATV response ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
}
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
10496
10497
10498
10499
10500
10501
10502
10503
10504
10505
10506
10507
10508
10509
10510
10511
10512
10513
10514
10515
10516
10517
10518
/**
* @desc If the responseCode is different than 0, the AuthorizationValidationResponse structure does not contain
* the component confirmedSubjectAttributes.
* <pre>
* Pics Selection: PICS_IUT_EA_ROLE
* Initial conditions:
* Expected behaviour:
* ensure that {
* when {
* the IUT receives a AuthorizationValidationRequest message
* and the IUT responds with a AuthorizationValidationResponse message
* containing AuthorizationValidationResponse
* containing responseCode
* indicating a value different than 0
* }
* then {
* the IUT sends a AuthorizationValidationResponse message
* contains an AuthorizationValidationResponse structure
* not containing confirmedSubjectAttributes
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v1.2.2 TP SECPKI_EA_AUTHVAL_05_BV
10520
10521
10522
10523
10524
10525
10526
10527
10528
10529
10530
10531
10532
10533
10534
10535
10536
10537
10538
10539
10540
10541
10542
10543
10544
10545
* @reference ETSI TS 102 941, clause 6.2.3.4.2
*/
testcase TC_SECPKI_EA_AUTHVAL_05_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
// Local variables
var Oct32 v_private_key_ec;
var Oct32 v_public_compressed_key_ec;
var integer v_compressed_key_mode_ec;
var InnerEcResponse v_inner_ec_response;
var Oct32 v_private_key_at;
var Oct32 v_public_compressed_key_at;
var integer v_compressed_key_mode_at;
var Oct32 v_private_enc_key_at;
var Oct32 v_public_compressed_enc_key_at;
var integer v_compressed_enc_mode_at;
var InnerAtRequest v_inner_at_request;
var Oct32 v_request_hash;
var Oct16 v_encrypted_sym_key;
var Oct16 v_aes_sym_key;
var HashedId8 v_aes_sym_key_hashed_id8;
var Oct16 v_authentication_vector;
var Oct12 v_nonce;
var octetstring v_salt;
var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
var Headers v_headers;
var HttpMessage v_response;
var EtsiTs102941Data v_etsi_ts_102941_data;
// Test control
if (not PICS_IUT_EA_ROLE) {
log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
setverdict(inconc);
stop;
}
// Test component configuration
f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);
10559
10560
10561
10562
10563
10564
10565
10566
10567
10568
10569
10570
10571
10572
10573
10574
10575
10576
10577
// Preamble
// Trigger an enrolment request
if (f_await_http_inner_ec_request_response(v_private_key_ec, v_public_compressed_key_ec, v_compressed_key_mode_ec, v_inner_ec_response) == false) {
log("*** " & testcasename() & ": INCONC: Enrolment failed ***");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
} else {
log("*** " & testcasename() & ": INFO: Enrolment succeed ***");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
}
log("*** " & testcasename() & ": DEBUG: v_inner_ec_response= ", v_inner_ec_response);
log("*** " & testcasename() & ": DEBUG: v_private_key_ec= ", v_private_key_ec);
// Generate an InnerAtRequest
if (f_generate_inner_at_request(vc_aaCertificate, -, vc_aaHashedId8, vc_eaCertificate, vc_eaWholeHash/*salt*/, vc_eaHashedId8, v_inner_ec_response.certificate, v_private_key_ec, v_private_key_at, v_public_compressed_key_at, v_compressed_key_mode_at, v_private_enc_key_at, v_public_compressed_enc_key_at, v_compressed_enc_mode_at, v_inner_at_request) == false) {
log("*** " & testcasename() & ": ERROR: Failed to generate AuthorizationValidationRequest ***");
f_selfOrClientSyncAndVerdict("error", e_error);
}
log("*** " & testcasename() & ": DEBUG: v_inner_at_request= ", v_inner_at_request);
log("*** " & testcasename() & ": DEBUG: v_private_key_at= ", v_private_key_at);
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
10579
10580
10581
10582
10583
10584
10585
10586
10587
10588
10589
10590
10591
10592
10593
10594
10595
10596
10597
10598
10599
10600
10601
10602
// Test Body
f_http_build_invalid_authorization_validation_request(v_inner_at_request, v_public_compressed_key_at, v_compressed_key_mode_at, v_private_enc_key_at, v_public_compressed_enc_key_at, v_compressed_enc_mode_at, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
v_aes_sym_key_hashed_id8 := f_hashedId8FromSha256(f_hashWithSha256('80'O & v_aes_sym_key)); // Used to match the response
f_init_default_headers_list(-, "inner_atv_request", v_headers);
f_http_send(
v_headers,
m_http_request(
m_http_request_post(
PICS_HTTP_POST_URI_ATV,
v_headers,
m_http_message_body_binary(
m_binary_body_ieee1609dot2_data(
v_ieee1609dot2_signed_and_encrypted_data
)))));
tc_ac.start;
alt {
[] a_await_atv_http_response_from_iut(
mw_http_response(
mw_http_response_ok(
mw_http_message_body_binary(
mw_binary_body_ieee1609dot2_data(
mw_authorizationResponseMessage(
mw_encryptedData(
{ *, mw_recipientInfo_pskRecipInfo(v_aes_sym_key_hashed_id8), * },
mw_symmetricCiphertext_aes128ccm
)))))),
v_response
) {
var integer v_result;
var InnerAtResponse v_inner_at_response;
f_verify_http_at_response_from_iut_atv_error(v_inner_at_request, v_response.response, v_private_key_at, v_aes_sym_key, v_authentication_vector, v_request_hash, v_inner_at_response, v_result);
// Set verdict
if (v_result == 0) {
log("*** " & testcasename() & ": PASS: Well-formatted error response received ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
} else {
log("*** " & testcasename() & ": FAIL: Failed to verify AT response ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
}
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
10633
10634
10635
10636
10637
10638
10639
10640
10641
10642
10643
10644
10645
10646
10647
10648
10649
10650
10651
10652
/**
* @desc The component version of the EtsiTs102941Data structure is set to v1 (integer value set to 1).
* <pre>
* Pics Selection: PICS_IUT_EA_ROLE
* Initial conditions:
* Expected behaviour:
* ensure that {
* when {
* the IUT receives a AuthorizationValidationRequest message
* }
* then {
* the IUT sends a AuthorizationValidationResponse message
* containing EtsiTs103097Data-Signed
* containing EtsiTs103097Data
* containing version
* indicating v1 (integer value set to 1)
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v1.2.2 TP SECPKI_EA_AUTHVAL_06_BV
10654
10655
10656
10657
10658
10659
10660
10661
10662
10663
10664
10665
10666
10667
10668
10669
10670
10671
10672
10673
10674
10675
10676
10677
10678
10679
* @reference ETSI TS 102 941, clause 6.2.3.4.2
*/
testcase TC_SECPKI_EA_AUTHVAL_06_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
// Local variables
var Oct32 v_private_key_ec;
var Oct32 v_public_compressed_key_ec;
var integer v_compressed_key_mode_ec;
var InnerEcResponse v_inner_ec_response;
var Oct32 v_private_key_at;
var Oct32 v_public_compressed_key_at;
var integer v_compressed_key_mode_at;
var Oct32 v_private_enc_key_at;
var Oct32 v_public_compressed_enc_key_at;
var integer v_compressed_enc_mode_at;
var InnerAtRequest v_inner_at_request;
var Oct32 v_request_hash;
var Oct16 v_encrypted_sym_key;
var Oct16 v_aes_sym_key;
var HashedId8 v_aes_sym_key_hashed_id8;
var Oct16 v_authentication_vector;
var Oct12 v_nonce;
var octetstring v_salt;
var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
var Headers v_headers;
var HttpMessage v_response;
var EtsiTs102941Data v_etsi_ts_102941_data;
// Test control
if (not PICS_IUT_EA_ROLE) {
log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
setverdict(inconc);
stop;
}
// Test component configuration
f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);
10693
10694
10695
10696
10697
10698
10699
10700
10701
10702
10703
10704
10705
10706
10707
10708
10709
10710
10711
// Preamble
// Trigger an enrolment request
if (f_await_http_inner_ec_request_response(v_private_key_ec, v_public_compressed_key_ec, v_compressed_key_mode_ec, v_inner_ec_response) == false) {
log("*** " & testcasename() & ": INCONC: Enrolment failed ***");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
} else {
log("*** " & testcasename() & ": INFO: Enrolment succeed ***");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
}
log("*** " & testcasename() & ": DEBUG: v_inner_ec_response= ", v_inner_ec_response);
log("*** " & testcasename() & ": DEBUG: v_private_key_ec= ", v_private_key_ec);
// Generate an InnerAtRequest
if (f_generate_inner_at_request(vc_aaCertificate, -, vc_aaHashedId8, vc_eaCertificate, vc_eaWholeHash/*salt*/, vc_eaHashedId8, v_inner_ec_response.certificate, v_private_key_ec, v_private_key_at, v_public_compressed_key_at, v_compressed_key_mode_at, v_private_enc_key_at, v_public_compressed_enc_key_at, v_compressed_enc_mode_at, v_inner_at_request) == false) {
log("*** " & testcasename() & ": ERROR: Failed to generate AuthorizationValidationRequest ***");
f_selfOrClientSyncAndVerdict("error", e_error);
}
log("*** " & testcasename() & ": DEBUG: v_inner_at_request= ", v_inner_at_request);
log("*** " & testcasename() & ": DEBUG: v_private_key_at= ", v_private_key_at);
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
10713
10714
10715
10716
10717
10718
10719
10720
10721
10722
10723
10724
10725
10726
10727
10728
10729
10730
10731
10732
10733
10734
10735
10736
// Test Body
f_http_build_authorization_validation_request(v_inner_at_request, v_public_compressed_key_at, v_compressed_key_mode_at, v_private_enc_key_at, v_public_compressed_enc_key_at, v_compressed_enc_mode_at, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
v_aes_sym_key_hashed_id8 := f_hashedId8FromSha256(f_hashWithSha256('80'O & v_aes_sym_key)); // Used to match the response
f_init_default_headers_list(-, "inner_atv_request", v_headers);
f_http_send(
v_headers,
m_http_request(
m_http_request_post(
PICS_HTTP_POST_URI_ATV,
v_headers,
m_http_message_body_binary(
m_binary_body_ieee1609dot2_data(
v_ieee1609dot2_signed_and_encrypted_data
)))));
tc_ac.start;
alt {
[] a_await_atv_http_response_from_iut(
mw_http_response(
mw_http_response_ok(
mw_http_message_body_binary(
mw_binary_body_ieee1609dot2_data(
mw_authorizationResponseMessage(
mw_encryptedData(
{ *, mw_recipientInfo_pskRecipInfo(v_aes_sym_key_hashed_id8), * },
mw_symmetricCiphertext_aes128ccm
)))))),
v_response
) {
var integer v_result;
var InnerAtResponse v_inner_at_response;
f_verify_http_at_response_from_iut_atv(v_inner_at_request, v_response.response, v_private_key_at, v_aes_sym_key, v_authentication_vector, v_request_hash, v_inner_at_response, v_result);
// Set verdict
if (v_result == 0) {
log("*** " & testcasename() & ": PASS: Well-secured ATV certificate received ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
} else {
log("*** " & testcasename() & ": FAIL: Failed to verify ATV response ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
}
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
} // End of testcase TC_SECPKI_EA_AUTHVAL_06_BV
// TC_SECPKI_EA_AUTHVAL_07_BV covered by TC_SECPKI_EA_AUTHVAL_02..04_BV
// TC_SECPKI_EA_AUTHVAL_08_BV covered by TC_SECPKI_EA_AUTHVAL_02..04_BV
// TC_SECPKI_EA_AUTHVAL_09_BV covered by TC_SECPKI_EA_AUTHVAL_02..04_BV
} // End of group authorization_validation_response
* @desc SubCA certificate requests of the EA are transported to the RCA using CACertificateRequest messages across the reference point S10
* Initial conditions:
* Expected behaviour:
* ensure that {
* when {
* the IUT is requested to send a CACertificateRequestMessage
* the IUT sends a CACertificateRequestMessage
* across the reference point S10 to the RCA
* @see ETSI TS 103 525-2 v1.2.2 TP SECPKI_EA_CERTGEN_01_BV
* @reference ETSI TS 102 941, clause 6.2.1
10797
10798
10799
10800
10801
10802
10803
10804
10805
10806
10807
10808
10809
10810
10811
10812
10813
10814
10815
10816
10817
10818
10819
10820
10821
10822
10823
10824
10825
10826
10827
10828
10829
10830
10831
10832
10833
10834
10835
10836
10837
10838
10839
10840
10841
10842
10843
10844
10845
10846
10847
10848
10849
10850
10851
10852
10853
10854
10855
10856
10857
10858
10859
10860
10861
10862
10863
10864
10865
10866
10867
10868
10869
10870
10871
10872
10873
10874
10875
10876
10877
10878
10879
10880
10881
10882
10883
10884
10885
10886
10887
10888
10889
10890
10891
10892
10893
10894
10895
10896
10897
10898
10899
10900
10901
10902
10903
10904
10905
10906
10907
10908
10909
10910
10911
10912
10913
10914
10915
10916
10917
10918
10919
10920
10921
10922
10923
10924
10925
10926
10927
10928
10929
10930
10931
10932
10933
10934
10935
10936
10937
10938
10939
10940
10941
10942
10943
10944
10945
10946
10947
10948
10949
10950
10951
10952
10953
10954
10955
10956
10957
10958
10959
10960
10961
10962
10963
10964
10965
10966
10967
10968
10969
10970
10971
10972
10973
10974
10975
10976
10977
10978
10979
10980
10981
10982
10983
10984
10985
10986
10987
10988
10989
10990
10991
10992
10993
10994
10995
10996
10997
10998
10999
11000
testcase TC_SECPKI_EA_CERTGEN_01_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
setverdict(inconc);
} // End of testcase TC_SECPKI_EA_CERTGEN_01_BV
/**
* @desc The application form should include the digital fingerprint of the CACertificateRequestMessage in printable format
* <pre>
* Pics Selection:
* Initial conditions:
* Expected behaviour:
* ensure that {
* when {
* the IUT is requested to send a CACertificateRequestMessage
* }
* then {
* the IUT sends a CACertificateRequestMessage
* containing a signature (SIG)
* containing EtsiTs103097Data
* being computed using a ETSI TS 103 097 [2] approved hash algorithm
* and the IUT exports the digital fingerprint SIG in a printable format
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v1.2.2 TP SECPKI_EA_CERTGEN_02_BV
* @reference ETSI TS 102 941, clause 6.2.1
*/
testcase TC_SECPKI_EA_CERTGEN_02_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
setverdict(inconc);
} // End of testcase TC_SECPKI_EA_CERTGEN_02_BV
/**
* @desc The hashId shall indicate the hash algorithm to be used as specified in ETSI TS 103 097,
* the signer is set to 'self' and the signature over the tbsData is computed using the private key corresponding to the new verificationKey to be certified (i.e. the request is self-signed)
* <pre>
* Pics Selection:
* Initial conditions:
* Expected behaviour:
* ensure that {
* when {
* the IUT is requested to send a CACertificateRequestMessage
* }
* then {
* the IUT sends a CACertificateRequestMessage
* containing EtsiTs103097Data-Signed structure
* containing hashId
* indicating the hash algorithm to be used
* and containing signer
* indicating 'self'
* and containing tbsData
* containing the EtsiTs102941Data structure
* containing caCertificateRequest
* containing publicKeys
* containing verification_key (VKEY)
* and containing signature
* computed over tbsData using the private key corresponding to the verificationKey (VKEY)
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v1.2.2 TP SECPKI_EA_CERTGEN_03_BV
* @reference ETSI TS 102 941, clause 6.2.1
* ETSI TS 103 097, clause 7
*/
testcase TC_SECPKI_EA_CERTGEN_03_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
setverdict(inconc);
} // End of testcase TC_SECPKI_EA_CERTGEN_03_BV
/**
* @desc An ECC private key is randomly generated, the corresponding public key (verificationKey) is provided to be included in the CaCertificateRequest
* An ECC encryption private key is randomly generated, the corresponding public key (encryptionKey) is provided to be included in the CACertificateRequest.
* CaCertificateRequest.publicKeys shall contain verification_key and encryption_key
* <pre>
* Pics Selection:
* Initial conditions:
* Expected behaviour:
* ensure that {
* when {
* the IUT is requested to send a CACertificateRequestMessage
* }
* then {
* the IUT sends a CACertificateRequestMessage
* containing caCertificateRequest
* containing publicKeys
* and containing encryption_key
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v1.2.2 TP SECPKI_EA_CERTGEN_04_BV
* @reference ETSI TS 102 941, clause 6.2.1
*/
testcase TC_SECPKI_EA_CERTGEN_04_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
setverdict(inconc);
} // End of testcase TC_SECPKI_EA_CERTGEN_04_BV
/**
* @desc The EtsiTs102941Data structure is built with version set to v1 (integer value set to 1)
* <pre>
* Pics Selection:
* Initial conditions:
* Expected behaviour:
* ensure that {
* when {
* the IUT is requested to send a CACertificateRequestMessage
* }
* then {
* the IUT sends a CACertificateRequestMessage
* containing EtsiTs102941Data
* containing version
* indicating v1 (integer value set to 1)
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v1.2.2 TP SECPKI_EA_CERTGEN_05_BV
* @reference ETSI TS 102 941, clause 6.2.1
*/
testcase TC_SECPKI_EA_CERTGEN_05_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
setverdict(inconc);
} // End of testcase TC_SECPKI_EA_CERTGEN_05_BV
/**
* @desc CaCertificateRequest.requestedSubjectAttributes shall contain the requested certificates attributes as specified in ETSI TS 103 097, clause 7.2.4
* <pre>
* Pics Selection:
* Initial conditions:
* Expected behaviour:
* ensure that {
* when {
* the IUT is requested to send a CACertificateRequestMessage
* }
* then {
* the IUT sends a CACertificateRequestMessage
* containing CaCertificateRequest
* containing requestedSubjectAttributes
* as specified in ETSI TS 103 097, clause 7.2.4
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v1.2.2 TP SECPKI_EA_CERTGEN_06_BV
* @reference ETSI TS 102 941, clause 6.2.1
* ETSI TS 103 097, clause 7.2.4
*/
testcase TC_SECPKI_EA_CERTGEN_06_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
setverdict(inconc);
} // End of testcase TC_SECPKI_EA_CERTGEN_06_BV
/**
* @desc EtsiTs103097Data-Signed.tbsData contains the EtsiTs102941Data as payload and the headerInfo containing psid and generationTime
* The psid shall be set to "secured certificate request" as assigned in ETSI TS 102 965 and the generationTime shall be present
* All other components of the component tbsdata.headerInfo are not used and absent
* <pre>
* Pics Selection:
* Initial conditions:
* Expected behaviour:
* ensure that {
* when {
* the IUT is requested to send a CACertificateRequestMessage
* }
* then {
* the IUT sends a CACertificateRequestMessage
* containing headerInfo
* containing psid
* indicating SEC_CERT_REQ
* and containing generationTime
* and not containing any other component of tbsdata.headerInfo
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v1.2.2 TP SECPKI_EA_CERTGEN_07_BV
* @reference ETSI TS 102 941, clause 6.2.1
*/
testcase TC_SECPKI_EA_CERTGEN_07_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
setverdict(inconc);
} // End of testcase TC_SECPKI_EA_CERTGEN_07_BV
/**
* @desc If the current private key has reached its end of validity period or is revoked, the SubCA shall restart the initial certificate application process
* <pre>
* Pics Selection:
* Initial conditions:
* Expected behaviour:
* ensure that {
* when {
* the IUT is requested to perform a CA certificate rekeying procedure
* and SubCA certificate is no longer valid (due to end of validity or revocation)
* }
* then {
* the IUT switches to the ''initial' state
* and sends a CACertificateRequestMessage
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v1.2.2 TP SECPKI_EA_CERTGEN_08_BV
* @reference ETSI TS 102 941, clause 6.2.1
*/
testcase TC_SECPKI_EA_CERTGEN_08_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
setverdict(inconc);
} // End of testcase TC_SECPKI_EA_CERTGEN_08_BV