Skip to content
ItsPki_TestCases.ttcn 984 KiB
Newer Older
ASN.1 Documenter's avatar
ASN.1 Documenter committed
/**
ASN.1 Documenter's avatar
ASN.1 Documenter committed
 *  @version  $Url$
 *            $Id$
 *  @desc     Testcases  file for Security Protocol
 *  @reference   ETSI TS ITS-00546v006
 *  @copyright   ETSI Copyright Notification
 *               No part may be reproduced except as authorized by written permission.
 *               The copyright and the foregoing restriction extend to reproduction in all media.
 *               All rights reserved.
 */
module ItsPki_TestCases {
ASN.1 Documenter's avatar
ASN.1 Documenter committed
  // Libcommon
  import from LibCommon_Time all;
  import from LibCommon_VerdictControl all;
  import from LibCommon_Sync all;
  import from LibCommon_BasicTypesAndValues all;
  import from LibCommon_DataStrings all;
ASN.1 Documenter's avatar
ASN.1 Documenter committed
  // LibIts
  import from Ieee1609Dot2BaseTypes language "ASN.1:1997" all;
  import from Ieee1609Dot2 language "ASN.1:1997" all;
  import from EtsiTs102941BaseTypes language "ASN.1:1997" all;
  import from EtsiTs102941TypesEnrolment language "ASN.1:1997" all;
  import from EtsiTs102941TypesAuthorization language "ASN.1:1997" all;
  import from EtsiTs102941TypesAuthorizationValidation language "ASN.1:1997" all;
  import from EtsiTs102941MessagesCa language "ASN.1:1997" all;
  import from EtsiTs102941TrustLists language "ASN.1:1997" all;
  import from EtsiTs103097Module language "ASN.1:1997" all;
  import from Ieee1609Dot2Dot1AcaRaInterface language "ASN.1:1997" all;
  import from Ieee1609Dot2Dot1EeRaInterface language "ASN.1:1997" all;
  import from ETSI_ITS_CDD language "ASN.1:1997" all;
ASN.1 Documenter's avatar
ASN.1 Documenter committed
  import from CAM_PDU_Descriptions language "ASN.1:1997" all;
ASN.1 Documenter's avatar
ASN.1 Documenter committed
  // LibItsCommon
  import from LibItsCommon_TypesAndValues all;
  import from LibItsCommon_Functions all;
  import from LibItsCommon_TypesAndValues all;
  import from LibItsCommon_ASN1_NamedNumbers all;
ASN.1 Documenter's avatar
ASN.1 Documenter committed
  // LibItsGeoNetworking
  import from LibItsGeoNetworking_TypesAndValues all;
  import from LibItsGeoNetworking_Functions all;
  import from LibItsGeoNetworking_Templates all;
  import from LibItsGeoNetworking_Pics all;
  import from LibItsGeoNetworking_Pixits all;
ASN.1 Documenter's avatar
ASN.1 Documenter committed
  import from LibItsGeoNetworking_TestSystem all;

  // LibItsCam
  import from LibItsCam_TypesAndValues all;
  import from LibItsCam_Templates all;
ASN.1 Documenter's avatar
ASN.1 Documenter committed
  // LibItsSecurity
  import from LibItsSecurity_TypesAndValues all;
  import from LibItsSecurity_TestSystem all;
  import from LibItsSecurity_Templates all;
  import from LibItsSecurity_Functions all;
  import from LibItsSecurity_Pixits all;
  import from LibItsSecurity_Pics all;
  // LibHttp
  import from LibHttp_TypesAndValues all;
  import from LibHttp_Templates all;
  import from LibHttp_Functions all;
  import from LibHttp_TestSystem all;
  import from LibHttp_Pics all;
  import from LibHttp_BinaryTemplates all;

  // LibHelpers
  import from LibHelpers_Functions all;

ASN.1 Documenter's avatar
ASN.1 Documenter committed
  // LibItsPki
  import from LibItsPki_TypesAndValues all;
  import from LibItsPki_Templates all;
  import from LibItsPki_Functions all;
  import from LibItsPki_TestSystem all;
  import from LibItsPki_Pics all;
  import from LibItsPki_Pixits all;
  import from LibItsPki_EncdecDeclarations all;
ASN.1 Documenter's avatar
ASN.1 Documenter committed

  // ItsPki
  import from ItsPki_Pixits all;
ASN.1 Documenter's avatar
ASN.1 Documenter committed
  /**
ASN.1 Documenter's avatar
ASN.1 Documenter committed
   */
  group itss_behavior {
ASN.1 Documenter's avatar
ASN.1 Documenter committed
    group itss_helpers {

      /**
       * @desc Send an HTTP error message 500 Internal error.
       *       Note: To be refined
       */
      function f_send_500_Internal_Error(
                                         in Headers p_headers, 
                                         in template (omit) charstring p_error_message := omit
                                         ) runs on ItsPkiHttp {
        f_http_send(
                    p_headers,
                    m_http_response(
                                    m_http_response_500_internal_error(
                                                                       p_headers
                    )));
      } // End function f_send_500_Internal_Error

ASN.1 Documenter's avatar
ASN.1 Documenter committed
      /**
       * @desc The purpose of this function is verify the EC request and extract InnerEcRequest and build the InnerEcResponse for the HTTP response
       *       Note: This function accepts additional parameters to alter the reponse
       */
      function f_verify_http_ec_request_from_iut_itss(
                                                      in Request p_request,
                                                      in Headers p_headers,
                                                      out InnerEcRequest p_inner_ec_request,
                                                      out InnerEcResponse p_inner_ec_response,
                                                      out HttpMessage p_response,
                                                      out integer p_result,
                                                      in template octetstring p_its_id := PICS_ITS_S_CANONICAL_ID,
                                                      in template SignerIdentifier p_signer := m_signerIdentifier_self,
                                                      in EnrolmentResponseCode p_force_response_code := ok
                                                      ) runs on ItsPkiHttp {
        // Local variables
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
        var EtsiTs102941Data v_etsi_ts_102941_data;
        var Oct16 v_request_hash;
        var HashedId8 v_bfk_hashed_id8;
ASN.1 Documenter's avatar
ASN.1 Documenter committed
        var Oct16 v_aes_enc_key;
        var template (value) HttpMessage v_response;
        var EtsiTs103097Certificate v_ec_certificate;
        var HashedId8 v_ec_certificate_hashed_id8;
ASN.1 Documenter's avatar
ASN.1 Documenter committed
        log(">>> f_verify_http_ec_request_from_iut_itss: ", p_request);
ASN.1 Documenter's avatar
ASN.1 Documenter committed
        p_result := 0;
        if (f_verify_pki_request_message(vc_eaPrivateEncKey, vc_eaWholeHash/*salt*/, ''O, p_request.body.binary_body.ieee1609dot2_data, true, v_request_hash, v_bfk_hashed_id8, v_etsi_ts_102941_data, v_aes_enc_key) == false) { // Cannot decrypt the message
ASN.1 Documenter's avatar
ASN.1 Documenter committed
          // Send error message
          v_response := m_http_response(m_http_response_ko_no_body(p_headers, 400, "Bad request")); // Initialize v_reponse with an error message
          // Set verdict
          p_result := -1;
        } else {
          log("f_verify_http_ec_request_from_iut_itss: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentRequest(mw_innerEcRequestSignedForPop(mw_signedData(sha256, mw_toBeSignedData(-, mw_headerInfo_inner_pki_request), p_signer))))); // TODO In TITAN, this is the only way to get the unmatching in log
          if (match(v_etsi_ts_102941_data.content, mw_enrolmentRequest(mw_innerEcRequestSignedForPop(mw_signedData(sha256, mw_toBeSignedData(-, mw_headerInfo_inner_pki_request), p_signer)))) == false) {
            // Send error message
            f_http_build_inner_ec_response(p_inner_ec_request/*Not required*/, cantparse, v_request_hash, vc_eaPrivateKey, vc_eaWholeHash, v_aes_enc_key, v_ec_certificate, v_ec_certificate_hashed_id8, p_inner_ec_response, v_ieee1609dot2_signed_and_encrypted_data);
ASN.1 Documenter's avatar
ASN.1 Documenter committed
            // Set verdict
            p_result := -2;
          } else {
            // Verify signature of mw_innerEcRequestSignedForPop
            if (f_verify_inner_ec_request_signed_for_pop(v_etsi_ts_102941_data, p_inner_ec_request) == false) {
              // Send error message
              f_http_build_inner_ec_response(p_inner_ec_request/*Not required*/, cantparse, v_request_hash, vc_eaPrivateKey, vc_eaWholeHash, v_aes_enc_key, v_ec_certificate, v_ec_certificate_hashed_id8, p_inner_ec_response, v_ieee1609dot2_signed_and_encrypted_data);
ASN.1 Documenter's avatar
ASN.1 Documenter committed
              v_response := m_http_response(m_http_response_ok(m_http_message_body_binary(m_binary_body_ieee1609dot2_data(v_ieee1609dot2_signed_and_encrypted_data)), p_headers));
              // Set verdict
              p_result := -3;
            } else {
              log("f_verify_http_ec_request_from_iut_itss: matching: ", match(p_inner_ec_request, mw_innerEcRequest(p_its_id, -, mw_certificate_subject_attributes({mw_appPermissions(c_its_aid_SCR, ?)})))); // TODO In TITAN, this is the only way to get the unmatching in log
              if (match(p_inner_ec_request, mw_innerEcRequest(p_its_id, -, mw_certificate_subject_attributes_optional_assuranceLevel({mw_appPermissions(c_its_aid_SCR, ?)}))) == false) {
                // Send error message: Not enrolmentrequest
                f_http_build_inner_ec_response(p_inner_ec_request, badcontenttype, v_request_hash, vc_eaPrivateKey, vc_eaWholeHash, v_aes_enc_key, v_ec_certificate, v_ec_certificate_hashed_id8, p_inner_ec_response, v_ieee1609dot2_signed_and_encrypted_data);
ASN.1 Documenter's avatar
ASN.1 Documenter committed
                v_response := m_http_response(m_http_response_ok(m_http_message_body_binary(m_binary_body_ieee1609dot2_data(v_ieee1609dot2_signed_and_encrypted_data)), p_headers));
                // Set verdict
                p_result := -4;
              } else {
                // TODO Check ValidityPeriod
            // Send OK message
ASN.1 Documenter's avatar
ASN.1 Documenter committed
                log("f_verify_http_ec_request_from_iut_itss: Receive ", p_inner_ec_request);
            if (p_force_response_code == ok) { 
              // Send EC certificate with code ok
              log("====================================== vc_ec_keys_counter= ", vc_ec_keys_counter);
              f_http_build_inner_ec_response(p_inner_ec_request, ok, v_request_hash, vc_eaPrivateKey, vc_eaWholeHash, v_aes_enc_key, v_ec_certificate, v_ec_certificate_hashed_id8, p_inner_ec_response, v_ieee1609dot2_signed_and_encrypted_data);
              if (ispresent(p_inner_ec_request.publicKeys.verificationKey.ecdsaNistP256)) {
                if (ispresent(p_inner_ec_request.publicKeys.verificationKey.ecdsaNistP256.compressed_y_0)) {
                  vc_ec_public_compressed_key[vc_ec_keys_counter] := p_inner_ec_request.publicKeys.verificationKey.ecdsaNistP256.compressed_y_0;
                  vc_ec_compressed_modes[vc_ec_keys_counter] := 0;
ASN.1 Documenter's avatar
ASN.1 Documenter committed
                } else {
                  vc_ec_public_compressed_key[vc_ec_keys_counter] := p_inner_ec_request.publicKeys.verificationKey.ecdsaNistP256.compressed_y_1;
                  vc_ec_compressed_modes[vc_ec_keys_counter] := 1;
ASN.1 Documenter's avatar
ASN.1 Documenter committed
                }
              } else if (ispresent(p_inner_ec_request.publicKeys.verificationKey.ecdsaBrainpoolP256r1)) {                
                if (ispresent(p_inner_ec_request.publicKeys.verificationKey.ecdsaBrainpoolP256r1.compressed_y_0)) {
                  vc_ec_public_compressed_key[vc_ec_keys_counter] := p_inner_ec_request.publicKeys.verificationKey.ecdsaBrainpoolP256r1.compressed_y_0;
                  vc_ec_compressed_modes[vc_ec_keys_counter] := 0;
                } else {
                  vc_ec_public_compressed_key[vc_ec_keys_counter] := p_inner_ec_request.publicKeys.verificationKey.ecdsaBrainpoolP256r1.compressed_y_1;
                  vc_ec_compressed_modes[vc_ec_keys_counter] := 1;
                }
              } else {
                log("*** " & testcasename() & ": FAIL: Not implemented yet ***");
                f_selfOrClientSyncAndVerdict(c_prDone, e_error);
ASN.1 Documenter's avatar
ASN.1 Documenter committed
              }
              vc_ec_hashed_id8[vc_ec_keys_counter] := v_ec_certificate_hashed_id8;
              vc_ec_keys_counter := vc_ec_keys_counter + 1;
              vc_ec_certificates[vc_ec_counter] := v_ec_certificate;
              vc_ec_counter := vc_ec_counter + 1;
              log("====================================== vc_ec_keys_counter= ", vc_ec_keys_counter);
            } else {
                  log("f_verify_http_ec_request_from_iut_itss: Succeed but force error code ", p_force_response_code);
              f_http_build_inner_ec_response(p_inner_ec_request, p_force_response_code, v_request_hash, vc_eaPrivateKey, vc_eaWholeHash, v_aes_enc_key, v_ec_certificate, v_ec_certificate_hashed_id8, p_inner_ec_response, v_ieee1609dot2_signed_and_encrypted_data);
ASN.1 Documenter's avatar
ASN.1 Documenter committed
            }
            v_response := m_http_response(m_http_response_ok(m_http_message_body_binary(m_binary_body_ieee1609dot2_data(v_ieee1609dot2_signed_and_encrypted_data)), p_headers));
          }
        }
ASN.1 Documenter's avatar
ASN.1 Documenter committed
          }
        }

        p_response := valueof(v_response);
        log("<<< f_verify_http_ec_request_from_iut_itss: p_response: ", p_response);
        log("<<< f_verify_http_ec_request_from_iut_itss: p_result: ", p_result);
      } // End of function f_verify_http_ec_request_from_iut_itss

      /**
       * @desc The purpose of this function is verify the AT request and extract InnerAtRequest and build the InnerAtResponse for the HTTP response
       *       Note: This function accepts additional parameters to alter the reponse
       */
      function f_verify_http_at_request_from_iut_itss(
                                                      in Request p_request,
                                                      in Headers p_headers,
                                                      in EtsiTs103097Certificate p_ec_certificate,
                                                      out InnerAtRequest p_inner_at_request,
                                                      out InnerAtResponse p_inner_at_response,
                                                      out HttpMessage p_response,
                                                      out integer p_result,
                                                      in template octetstring p_its_id := PICS_ITS_S_CANONICAL_ID,
                                                      in AuthorizationResponseCode p_force_response_code := ok
                                                      ) runs on ItsPkiHttp {
        // Local variables
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
        var EtsiTs102941Data v_etsi_ts_102941_data;
        var Oct16 v_request_hash;
        var HashedId8 v_bfk_hashed_id8;
ASN.1 Documenter's avatar
ASN.1 Documenter committed
        var Oct16 v_aes_enc_key;
        var template (value) HttpMessage v_response;
ASN.1 Documenter's avatar
ASN.1 Documenter committed
        log(">>> f_verify_http_at_request_from_iut_itss:", p_request);
ASN.1 Documenter's avatar
ASN.1 Documenter committed
        p_result := 0;
ASN.1 Documenter's avatar
ASN.1 Documenter committed
        // Do not verify the signature now because ATRequest is required to verify the POP signature       ==> false
        if (f_verify_pki_request_message(vc_aaPrivateEncKey, vc_aaWholeHash/*salt*/, ''O, p_request.body.binary_body.ieee1609dot2_data, false, v_request_hash, v_bfk_hashed_id8, v_etsi_ts_102941_data, v_aes_enc_key) == false) { // Only decryption
ASN.1 Documenter's avatar
ASN.1 Documenter committed
          // Send error message, unable to decypt it
          v_response := m_http_response(m_http_response_ko_no_body(p_headers, 400, "Bad request")); // Initialize v_reponse with an error message
          // Set verdict
          p_result := -1;
        } else {
          log("f_verify_http_at_request_from_iut_itss: matching: ", match(v_etsi_ts_102941_data.content, mw_authorizationRequest(mw_innerAtRequest))); // TODO In TITAN, this is the only way to get the unmatching in log
          if (match(v_etsi_ts_102941_data.content, mw_authorizationRequest(mw_innerAtRequest)) == false) {
            // Send error message
            f_http_build_authorization_response(-, its_aa_cantparse, v_request_hash, -, -, v_aes_enc_key, p_inner_at_response, v_ieee1609dot2_signed_and_encrypted_data);
            // Set verdict
            p_result := -2;
          } else {
            // Extract InnerAtRequest and Verify signature of mw_innerATRequestSignedForPop
            if (f_verify_inner_at_request_signed_for_pop(v_etsi_ts_102941_data, p_ec_certificate, p_inner_at_request) == false) {
              // Send error message
              f_http_build_authorization_response(p_inner_at_request, its_aa_cantparse, v_request_hash, -, -, v_aes_enc_key, p_inner_at_response, v_ieee1609dot2_signed_and_encrypted_data);
              v_response := m_http_response(m_http_response_ok(m_http_message_body_binary(m_binary_body_ieee1609dot2_data(v_ieee1609dot2_signed_and_encrypted_data)), p_headers));
              // Set verdict
              p_result := -3;
            } else {
              log("f_verify_http_at_request_from_iut_itss: match ", match(p_inner_at_request, mw_innerAtRequest(mw_publicKeys, -, mw_shared_at_request, mw_ec_signature))); // TODO In TITAN, this is the only way to get the unmatching in log
              if (match(p_inner_at_request, mw_innerAtRequest(mw_publicKeys, -, mw_shared_at_request, mw_ec_signature)) == false) { // TODO To be refined
                // Send error message: No enrolment request
                f_http_build_authorization_response(p_inner_at_request, its_aa_badcontenttype, v_request_hash, -, -, v_aes_enc_key, p_inner_at_response, v_ieee1609dot2_signed_and_encrypted_data);
                v_response := m_http_response(m_http_response_ok(m_http_message_body_binary(m_binary_body_ieee1609dot2_data(v_ieee1609dot2_signed_and_encrypted_data)), p_headers));
                // Set verdict
                p_result := -4;
              } else {
                var PublicVerificationKey v_verification_tag;
                var octetstring v_encoded_tag;
                var octetstring v_key_tag;
ASN.1 Documenter's avatar
ASN.1 Documenter committed
                // Build the tag
                v_encoded_tag := bit2oct(encvalue(p_inner_at_request.publicKeys.verificationKey));
                if (ispresent(p_inner_at_request.publicKeys.encryptionKey)) {
                  v_encoded_tag := v_encoded_tag & bit2oct(encvalue(p_inner_at_request.publicKeys.encryptionKey));
                }
                // Verify HMAC-SHA256
                log("f_verify_http_at_request_from_iut_itss: v_encoded_tag= ", v_encoded_tag);
                v_key_tag := substr(
                                    fx_hmac_sha256( // TODO Rename and use a wrapper function
                                                   p_inner_at_request.hmacKey,
                                                   v_encoded_tag
                                                    ),
                                    0,
                                    16); // Leftmost 128 bits of the HMAC-SHA256 tag computed previously
                log("f_verify_http_at_request_from_iut_itss: v_key_tag: ", v_key_tag);
                log("f_verify_http_at_request_from_iut_itss: keyTag= ", p_inner_at_request.sharedAtRequest.keyTag);
                log("f_verify_http_at_request_from_iut_itss: matching: ", match(p_inner_at_request.sharedAtRequest.keyTag, v_key_tag));
                if (match(p_inner_at_request.sharedAtRequest.keyTag, v_key_tag) == false) {
                  // Send error message: No enrolment request
                  f_http_build_authorization_response(p_inner_at_request, its_aa_keysdontmatch, v_request_hash, -, -, v_aes_enc_key, p_inner_at_response, v_ieee1609dot2_signed_and_encrypted_data);
                  v_response := m_http_response(m_http_response_ok(m_http_message_body_binary(m_binary_body_ieee1609dot2_data(v_ieee1609dot2_signed_and_encrypted_data)), p_headers));
                  // Set verdict
                  p_result := -5;
                } else {
                  // Send OK message
                  log("f_verify_http_at_request_from_iut_itss: Receive ", p_inner_at_request);
                  if (p_force_response_code == ok) {
                    f_http_build_authorization_response(p_inner_at_request, ok, v_request_hash, vc_eaPrivateKey, vc_eaWholeHash, v_aes_enc_key, p_inner_at_response, v_ieee1609dot2_signed_and_encrypted_data);
                  } else {
                    log("f_verify_http_at_request_from_iut_itss: Succeed built force error code ", p_force_response_code);
                    f_http_build_authorization_response(p_inner_at_request, p_force_response_code, v_request_hash, -, -, v_aes_enc_key, p_inner_at_response, v_ieee1609dot2_signed_and_encrypted_data);
                  }
                  v_response := m_http_response(m_http_response_ok(m_http_message_body_binary(m_binary_body_ieee1609dot2_data(v_ieee1609dot2_signed_and_encrypted_data)), p_headers));
                }
              }
            }
          }
        }

        p_response := valueof(v_response);
        log("<<< f_verify_http_at_request_from_iut_itss: p_result: ", p_result);
        log("<<< f_verify_http_at_request_from_iut_itss: p_response: ", p_response);
      } // End of function f_verify_http_at_request_from_iut_itss

      function f_verify_http_bfk_authorization_request(
                                                       in Request p_request,
                                                       in Headers p_headers,
                                                       in EtsiTs103097Certificate p_ec_certificate,
                                                       out EeRaCertRequest p_bfk_authorization_request,
                                                       out RaEeCertInfo p_ra_ee_cert_info,
                                                       out HttpMessage p_response,
                                                       out integer p_result,
                                                       in template octetstring p_its_id := PICS_ITS_S_CANONICAL_ID,
                                                       in template SignerIdentifier p_signer := m_signerIdentifier_self,
                                                       in EnrolmentResponseCode p_force_response_code := ok
                                                       ) runs on ItsPkiHttp {
        // Local variables
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
        var EtsiTs102941Data v_etsi_ts_102941_data;
        var Oct16 v_request_hash;
        var HashedId8 v_bfk_request_hash;
        var Oct16 v_aes_enc_key;
        var template (value) HttpMessage v_response;

        log(">>> f_verify_http_bfk_authorization_request: ", p_request);

        p_result := 0;

        if (f_verify_pki_request_message_with_certificate(vc_eaPrivateEncKey, vc_eaWholeHash/*salt*/, p_ec_certificate, p_request.body.binary_body.ieee1609dot2_data, true, v_request_hash, v_bfk_request_hash, v_etsi_ts_102941_data, v_aes_enc_key) == false) { // Cannot decrypt the message
          // Send error message
          v_response := m_http_response(m_http_response_ko_no_body(p_headers, 400, "Bad request")); // Initialize v_reponse with an error message
          // Set verdict
          p_result := -1;
        } else { // TODO Add checks on date, 
          log("f_verify_http_bfk_authorization_request: match ", match(v_etsi_ts_102941_data.content, mw_butterflyAuthorizationRequest(mw_ee_ra_cert_request))); // TODO In TITAN, this is the only way to get the unmatching in log
          if (match(v_etsi_ts_102941_data.content, mw_butterflyAuthorizationRequest(mw_ee_ra_cert_request)) == false) {
            // Send error message
            f_http_build_butterfly_authorization_response_message(p_bfk_authorization_request/*Not required*/, v_bfk_request_hash, vc_eaPrivateKey, vc_eaWholeHash, v_aes_enc_key, p_ra_ee_cert_info, v_ieee1609dot2_signed_and_encrypted_data);
            // Set verdict
            p_result := -2;
          } else {
            // TODO Add checks
            p_bfk_authorization_request := v_etsi_ts_102941_data.content.butterflyAuthorizationRequest;
            f_http_build_butterfly_authorization_response_message(p_bfk_authorization_request, v_bfk_request_hash, vc_eaPrivateKey, vc_eaWholeHash, v_aes_enc_key, p_ra_ee_cert_info, v_ieee1609dot2_signed_and_encrypted_data);
            //       vc_ec_hashed_id8[vc_ec_keys_counter] := v_ec_certificate_hashed_id8;
            //       vc_ec_keys_counter := vc_ec_keys_counter + 1;
            //       vc_ec_certificates[vc_ec_counter] := v_ec_certificate;
            //       vc_ec_counter := vc_ec_counter + 1;
            //       log("====================================== vc_ec_keys_counter= ", vc_ec_keys_counter);

            //       
            // Verify signature of mw_innerEcRequestSignedForPop
            // if (f_verify_inner_ec_request_signed_for_pop(v_etsi_ts_102941_data, p_inner_ec_request) == false) {
            //   // Send error message
            //   f_http_build_inner_ec_response(p_inner_ec_request/*Not required*/, cantparse, v_request_hash, vc_eaPrivateKey, vc_eaWholeHash, v_aes_enc_key, v_ec_certificate, v_ec_certificate_hashed_id8, p_inner_ec_response, v_ieee1609dot2_signed_and_encrypted_data);
            //   v_response := m_http_response(m_http_response_ok(m_http_message_body_binary(m_binary_body_ieee1609dot2_data(v_ieee1609dot2_signed_and_encrypted_data)), p_headers));
            //   // Set verdict
            //   p_result := -3;
            // } else {
            //   log("f_verify_http_bfk_authorization_request: matching: ", match(p_inner_ec_request, mw_innerEcRequest(p_its_id, -, mw_certificate_subject_attributes({mw_appPermissions(c_its_aid_SCR, ?)})))); // TODO In TITAN, this is the only way to get the unmatching in log
            //   if (match(p_inner_ec_request, mw_innerEcRequest(p_its_id, -, mw_certificate_subject_attributes_optional_assuranceLevel({mw_appPermissions(c_its_aid_SCR, ?)}))) == false) {
            //     // Send error message: Not enrolmentrequest
            //     f_http_build_inner_ec_response(p_inner_ec_request, badcontenttype, v_request_hash, vc_eaPrivateKey, vc_eaWholeHash, v_aes_enc_key, v_ec_certificate, v_ec_certificate_hashed_id8, p_inner_ec_response, v_ieee1609dot2_signed_and_encrypted_data);
            //     v_response := m_http_response(m_http_response_ok(m_http_message_body_binary(m_binary_body_ieee1609dot2_data(v_ieee1609dot2_signed_and_encrypted_data)), p_headers));
            //     // Set verdict
            //     p_result := -4;
            //   } else {
            //     // TODO Check ValidityPeriod
            //     // Send OK message
            //     log("f_verify_http_bfk_authorization_request: Receive ", p_inner_ec_request);
            //     if (p_force_response_code == ok) { 
            //       // Send EC certificate with code ok
            //       log("====================================== vc_ec_keys_counter= ", vc_ec_keys_counter);
            //       f_http_build_inner_ec_response(p_inner_ec_request, ok, v_request_hash, vc_eaPrivateKey, vc_eaWholeHash, v_aes_enc_key, v_ec_certificate, v_ec_certificate_hashed_id8, p_inner_ec_response, v_ieee1609dot2_signed_and_encrypted_data);
            //       if (ispresent(p_inner_ec_request.publicKeys.verificationKey.ecdsaNistP256)) {
            //         if (ispresent(p_inner_ec_request.publicKeys.verificationKey.ecdsaNistP256.compressed_y_0)) {
            //           vc_ec_public_compressed_key[vc_ec_keys_counter] := p_inner_ec_request.publicKeys.verificationKey.ecdsaNistP256.compressed_y_0;
            //           vc_ec_compressed_modes[vc_ec_keys_counter] := 0;
            //         } else {
            //           vc_ec_public_compressed_key[vc_ec_keys_counter] := p_inner_ec_request.publicKeys.verificationKey.ecdsaNistP256.compressed_y_1;
            //           vc_ec_compressed_modes[vc_ec_keys_counter] := 1;
            //         }
            //       } else if (ispresent(p_inner_ec_request.publicKeys.verificationKey.ecdsaBrainpoolP256r1)) {                
            //         if (ispresent(p_inner_ec_request.publicKeys.verificationKey.ecdsaBrainpoolP256r1.compressed_y_0)) {
            //           vc_ec_public_compressed_key[vc_ec_keys_counter] := p_inner_ec_request.publicKeys.verificationKey.ecdsaBrainpoolP256r1.compressed_y_0;
            //           vc_ec_compressed_modes[vc_ec_keys_counter] := 0;
            //         } else {
            //           vc_ec_public_compressed_key[vc_ec_keys_counter] := p_inner_ec_request.publicKeys.verificationKey.ecdsaBrainpoolP256r1.compressed_y_1;
            //           vc_ec_compressed_modes[vc_ec_keys_counter] := 1;
            //         }
            //       } else {
            //         log("*** " & testcasename() & ": FAIL: Not implemented yet ***");
            //         f_selfOrClientSyncAndVerdict(c_prDone, e_error);
            //       }
            //       vc_ec_hashed_id8[vc_ec_keys_counter] := v_ec_certificate_hashed_id8;
            //       vc_ec_keys_counter := vc_ec_keys_counter + 1;
            //       vc_ec_certificates[vc_ec_counter] := v_ec_certificate;
            //       vc_ec_counter := vc_ec_counter + 1;
            //       log("====================================== vc_ec_keys_counter= ", vc_ec_keys_counter);
            //     } else {
            //       log("f_verify_http_bfk_authorization_request: Succeed but force error code ", p_force_response_code);
            //       f_http_build_inner_ec_response(p_inner_ec_request, p_force_response_code, v_request_hash, vc_eaPrivateKey, vc_eaWholeHash, v_aes_enc_key, v_ec_certificate, v_ec_certificate_hashed_id8, p_inner_ec_response, v_ieee1609dot2_signed_and_encrypted_data);
            //     }
                v_response := m_http_response(m_http_response_ok(m_http_message_body_binary(m_binary_body_ieee1609dot2_data(v_ieee1609dot2_signed_and_encrypted_data)), p_headers));
          }
        }

        p_response := valueof(v_response);
        log("<<< f_verify_http_bfk_authorization_request: p_response: ", p_response);
        log("<<< f_verify_http_bfk_authorization_request: p_result: ", p_result);
      } // End of function f_verify_http_bfk_authorization_request
ASN.1 Documenter's avatar
ASN.1 Documenter committed

      /**
       * @desc Await ITS CA message using the default AT certificate
       */
      altstep a_await_cam_with_current_cert(
                                            in EtsiTs103097Certificate p_certificate
                                            ) runs on ItsPkiItss {
        [PICS_SEC_SHA256 == true] geoNetworkingPort.receive(
                                                            mw_geoNwInd(
                                                                        mw_geoNwSecPdu(
                                                                                       mw_etsiTs103097Data_signed(
                                                                                                                  mw_signedData(
                                                                                                                                sha256,
                                                                                                                                mw_toBeSignedData(
                                                                                                                                                  mw_signedDataPayload,
                                                                                                                                                  mw_headerInfo_cam
                                                                                                                                                  ),
                                                                                                                                mw_signerIdentifier_certificate(
                                                                                                                                                                mw_etsiTs103097Certificate(
                                                                                                                                                                                           mw_issuerIdentifier_sha256AndDigest(
                                                                                                                                                                                                                               p_certificate.issuer.sha256AndDigest
                                                                                                                                                                                                                               ),
                                                                                                                                                                                           mw_toBeSignedCertificate_at(
                                                                                                                                                                                                                       -,
                                                                                                                                                                                                                       p_certificate.toBeSigned.verifyKeyIndicator
                                                                                                                                                                                                                       )
                                                                                                                                                                                           )
                                                                                                                                                                )
                                                                                                                                )
                                                                                                                  ), 
                                                                                       mw_geoNwShbPacket
                                                                                       ))) {
        }
        [PICS_SEC_SHA384 == true] geoNetworkingPort.receive(
                                                            mw_geoNwInd(
                                                                        mw_geoNwSecPdu(
                                                                                       mw_etsiTs103097Data_signed(
                                                                                                                  mw_signedData(
                                                                                                                                sha384, 
                                                                                                                                mw_toBeSignedData(
                                                                                                                                                  mw_signedDataPayload,
                                                                                                                                                  mw_headerInfo_cam
                                                                                                                                                  ),
                                                                                                                                mw_signerIdentifier_certificate(
                                                                                                                                                                mw_etsiTs103097Certificate(
                                                                                                                                                                                           mw_issuerIdentifier_sha384AndDigest(
                                                                                                                                                                                                                               p_certificate.issuer.sha384AndDigest
                                                                                                                                                                                                                               ),
                                                                                                                                                                                           mw_toBeSignedCertificate_at(
                                                                                                                                                                                                                       -,
                                                                                                                                                                                                                       p_certificate.toBeSigned.verifyKeyIndicator
                                                                                                                                                                                                                       )
                                                                                                                                                                                           )
                                                                                                                                                                )
                                                                                                                                )
                                                                                                                  ),
                                                                                       mw_geoNwShbPacket
                                                                                       ))) {
        }
      } // End of altstep a_await_cam_with_current_cert
ASN.1 Documenter's avatar
ASN.1 Documenter committed
    } // End of group itss_helpers

    // ETSI TS 103 525-2 V2.0.2 (2023-07) Clause 5.2.2.1  Enrollment request
ASN.1 Documenter's avatar
ASN.1 Documenter committed
    group itss_enrolment_request {
ASN.1 Documenter's avatar
ASN.1 Documenter committed
      /**
       * @desc Check that IUT sends an enrolment request when triggered.
       * <pre>
       * Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT
       * Initial conditions: 
       *     with {
       *         the IUT being in the "initial state"
       *     }
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT is triggered to requested a new Enrolment Certificate (EC)
       *         }
       *         then {
       *             the IUT sends to EA an EnrolmentRequestMessage
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 v2.0.1 SECPKI_ITSS_ENR_01_BV
ASN.1 Documenter's avatar
ASN.1 Documenter committed
       * @reference ETSI TS 102 941 [2], clause 6.1.3
       */
      testcase TC_SECPKI_ITSS_ENR_01_BV() runs on ItsMtc system ItsPkiItssSystem {
        // Local variables
        var ItsPkiItss v_itss;
        var ItsPkiHttp v_ea;
ASN.1 Documenter's avatar
ASN.1 Documenter committed
        // Test control
        if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_ENROLMENT) {
          log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
ASN.1 Documenter's avatar
ASN.1 Documenter committed
        // Test component configuration
        f_cfMtcUp01(v_itss, v_ea);
ASN.1 Documenter's avatar
ASN.1 Documenter committed
        // Start components
        v_itss.start(f_TC_SECPKI_ITSS_ENR_01_BV_itss());
        v_ea.start(f_TC_SECPKI_ITSS_ENR_01_BV_pki());
ASN.1 Documenter's avatar
ASN.1 Documenter committed
        // Synchronization
        f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
ASN.1 Documenter's avatar
ASN.1 Documenter committed
        // Cleanup
        f_cfMtcDown01(v_itss, v_ea);
ASN.1 Documenter's avatar
ASN.1 Documenter committed
      } // End of testcase TC_SECPKI_ITSS_ENR_01_BV
ASN.1 Documenter's avatar
ASN.1 Documenter committed
      group f_TC_SECPKI_ITSS_ENR_01_BV {
ASN.1 Documenter's avatar
ASN.1 Documenter committed
        function f_TC_SECPKI_ITSS_ENR_01_BV_itss() runs on ItsPkiItss system ItsPkiItssSystem {
          // Local variables
          var HashedId8               v_certificate_digest;
          var EtsiTs103097Certificate v_certificate;
ASN.1 Documenter's avatar
ASN.1 Documenter committed
          // Test component configuration
          vc_hashedId8ToBeUsed := ""; // No certificates //PX_IUT_DEFAULT_CERTIFICATE
ASN.1 Documenter's avatar
ASN.1 Documenter committed
          f_cfUp_itss();
ASN.1 Documenter's avatar
ASN.1 Documenter committed
          // Test adapter configuration
ASN.1 Documenter's avatar
ASN.1 Documenter committed
          // Preamble
          // Initial state: No CAM shall be emitted
          geoNetworkingPort.clear;
          tc_noac.start;
          alt {
            [] geoNetworkingPort.receive {
              log("No CA message expected");
              f_selfOrClientSyncAndVerdict(c_prDone, e_error);
            }
            [] tc_noac.timeout {
              log("*** " & testcasename() & ": INFO: No CA message received ***");
ASN.1 Documenter's avatar
ASN.1 Documenter committed
              f_selfOrClientSyncAndVerdict(c_prDone, e_success);
              }
          } // End of 'alt' statement
ASN.1 Documenter's avatar
ASN.1 Documenter committed
          // Test Body
          f_sendUtTriggerEnrolmentRequestPrimitive();
          tc_ac.start; // TDOD To refined, use altstep
          alt {
            [] utPort.receive(UtPkiTriggerInd: { state := 1 }) {
              tc_ac.stop;
              log("*** " & testcasename() & ": INFO: IUT is in enrolment state ***");
            }
            [] tc_ac.timeout {
              log("*** " & testcasename() & ": DBG: IUT state update not recieved ***");
              //f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout);
            }
          } // End of 'alt' statement
ASN.1 Documenter's avatar
ASN.1 Documenter committed
          tc_noac.start;
          alt {
            [] geoNetworkingPort.receive {
              log("No CA message expected");
              f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
            }
            [] tc_noac.timeout {
              log("*** " & testcasename() & ": PASS: Enrolment trigger sent succesfully ***");
              f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
            }
          } // End of 'alt' statement
ASN.1 Documenter's avatar
ASN.1 Documenter committed
          // Postamble
          f_cfDown_itss();
        } // End of function f_TC_SECPKI_ITSS_ENR_01_BV_itss
ASN.1 Documenter's avatar
ASN.1 Documenter committed
        function f_TC_SECPKI_ITSS_ENR_01_BV_pki() runs on ItsPkiHttp system ItsPkiItssSystem {
          // Local variable
          var Headers v_headers;
          var HttpMessage v_request;
ASN.1 Documenter's avatar
ASN.1 Documenter committed
          // Test component configuration
          f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);
ASN.1 Documenter's avatar
ASN.1 Documenter committed
          // Test adapter configuration
ASN.1 Documenter's avatar
ASN.1 Documenter committed
          // Preamble
          f_init_default_headers_list(-, "inner_ec_response", v_headers);
          f_selfOrClientSyncAndVerdict(c_prDone, e_success);
ASN.1 Documenter's avatar
ASN.1 Documenter committed
          // Test Body
          tc_ac.start;
          alt {
            [] a_await_ec_http_request_from_iut(
                                                mw_http_request(
                                                                mw_http_request_post(
                                                                                     PICS_HTTP_POST_URI_EC,
                                                                                     -,
                                                                                     mw_http_message_body_binary(
                                                                                                                 mw_binary_body_ieee1609dot2_data(
                                                                                                                                                  mw_enrolmentRequestMessage(
                                                                                                                                                                            mw_encryptedData(
                                                                                                                                                                                             { *, mw_recipientInfo_certRecipInfo(mw_pKRecipientInfo(vc_eaHashedId8)), * },
                                                                                                                                                                                             mw_symmetricCiphertext_aes128ccm
                                                                                                                                                                                             )))))),
                                                v_request
                                                ) {
ASN.1 Documenter's avatar
ASN.1 Documenter committed
              var HttpMessage v_response;
              var integer v_result;
              var InnerEcRequest v_inner_ec_request;
              var InnerEcResponse v_inner_ec_response;
ASN.1 Documenter's avatar
ASN.1 Documenter committed
              tc_ac.stop;

              // Verify IUT response
              f_verify_http_ec_request_from_iut_itss(v_request.request, v_headers, v_inner_ec_request, v_inner_ec_response, v_response, v_result);
              // Send response
              if (isvalue(v_response)) {
                httpPort.send(v_response);
              } else { // Send HTTP error 500
                f_send_500_Internal_Error(v_headers);
              }
ASN.1 Documenter's avatar
ASN.1 Documenter committed
              // Set verdict
              if (v_result == 0) {
                log("*** " & testcasename() & ": PASS: InnerEcRequest received ***");
                f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
              } else {
                log("*** " & testcasename() & ": FAIL: Failed to verify EA an EnrolmentRequestMessage ***");
                f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
              }
            }
            [] tc_ac.timeout {
              log("*** " & testcasename() & ": INCONC: Expected message not received ***");
              f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout);
            }
          } // End of 'alt' statement
ASN.1 Documenter's avatar
ASN.1 Documenter committed
          // Postamble
          f_cfHttpDown();
        } // End of function f_TC_SECPKI_ITSS_ENR_01_BV_pki
ASN.1 Documenter's avatar
ASN.1 Documenter committed
      } // End of group f_TC_SECPKI_ITSS_ENR_01_BV
ASN.1 Documenter's avatar
ASN.1 Documenter committed
      /**
       * @desc If the enrolment request of the IUT is an initial enrolment request, the itsId 
       *       (contained in the InnerECRequest) shall be set to the canonical identifier, the 
       *       signer (contained in the outer EtsiTs1030971Data-Signed) shall be set to self and 
       *       the outer signature shall be computed using the canonical private key.
       * <pre>
       * Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT is requested to send an EnrolmentRequestMessage
       *         }
       *         then {
       *             the IUT sends an EtsiTs103097Data-Encrypted
       *                 containing an encrypted EtsiTs103097Data-Signed
       *                     containing EtsiTs103097Data
       *                          containing InnerECRequestSignedForPOP
       *                             containing InnerEcRequest
       *                                 containing itsId
       *                                     indicating the canonical identifier of the ITS-S 
       *                 and containing signer
       *                     declared as self
       *                 and containing signature 
       *                     computed using the canonical private key
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 v2.0.1 SECPKI_ITSS_ENR_02_BV
ASN.1 Documenter's avatar
ASN.1 Documenter committed
       * @reference ETSI TS 102 941, clause 6.1.3
       */
      testcase TC_SECPKI_ITSS_ENR_02_BV() runs on ItsMtc system ItsPkiItssSystem {
        // Local variables
        var ItsPkiItss v_itss;
        var ItsPkiHttp v_ea;
ASN.1 Documenter's avatar
ASN.1 Documenter committed
        // Test control
        if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_ENROLMENT) {
          log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
ASN.1 Documenter's avatar
ASN.1 Documenter committed
        // Test component configuration
        f_cfMtcUp01(v_itss, v_ea);

        // Start components
        v_itss.start(f_TC_SECPKI_ITSS_ENR_01_BV_itss());
        v_ea.start(f_TC_SECPKI_ITSS_ENR_01_BV_pki());
ASN.1 Documenter's avatar
ASN.1 Documenter committed
        // Synchronization
        f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
ASN.1 Documenter's avatar
ASN.1 Documenter committed
        // Cleanup
        f_cfMtcDown01(v_itss, v_ea);
ASN.1 Documenter's avatar
ASN.1 Documenter committed
      } // End of testcase TC_SECPKI_ITSS_ENR_02_BV
ASN.1 Documenter's avatar
ASN.1 Documenter committed
      /**
       * @desc In presence of a valid EC, the enrolment request of the IUT is a rekeying enrolment 
               request with the itsId (contained in the InnerECRequest) and the SignerIdentifier 
               (contained in the outer EtsiTs1030971Data-Signed) both declared as digest containing 
               the HashedId8 of the EC and the outer signature computed using the current valid EC 
               private key corresponding to the verification public key.
       * <pre>
       * Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT and PICS_SECPKI_REENROLMENT
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT is requested to send an EnrolmentRequestMessage
       *         }
       *         then {
       *             the IUT sends an EtsiTs103097Data-Encrypted
       *                 containing an encrypted EtsiTs103097Data-Signed
       *                     containing EtsiTs103097Data
       *                          containing InnerECRequestSignedForPOP
       *                             containing InnerEcRequest
       *                                 containing itsId
       *                                     declared as digest containing the HashedId8 of the EC identifier
       *                 and containing signer
       *                     declared as digest containing the HashedId8 of the EC identifier 
       *                 and containing signature 
       *                     computed using the current valid EC private key corresponding to the verification public key
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 v2.0.1 SECPKI_ITSS_ENR_03_BV
ASN.1 Documenter's avatar
ASN.1 Documenter committed
       * @reference ETSI TS 102 941, clause 6.1.3
       */
      testcase TC_SECPKI_ITSS_ENR_03_BV() runs on ItsMtc system ItsPkiItssSystem {
        // Local variables
        var ItsPkiItss v_itss;
        var ItsPkiHttp v_ea;
ASN.1 Documenter's avatar
ASN.1 Documenter committed
        // Test control
        if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_ENROLMENT or not PICS_SECPKI_REENROLMENT) {
          log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT and PICS_SECPKI_REENROLMENT required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
ASN.1 Documenter's avatar
ASN.1 Documenter committed
        // Test component configuration
        f_cfMtcUp01(v_itss, v_ea);
ASN.1 Documenter's avatar
ASN.1 Documenter committed
        // Start components
        v_itss.start(f_TC_SECPKI_ITSS_ENR_03_BV_itss());
        v_ea.start(f_TC_SECPKI_ITSS_ENR_03_BV_pki());
ASN.1 Documenter's avatar
ASN.1 Documenter committed
        // Synchronization
        f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
ASN.1 Documenter's avatar
ASN.1 Documenter committed
        // Cleanup
        f_cfMtcDown01(v_itss, v_ea);
ASN.1 Documenter's avatar
ASN.1 Documenter committed
      } // End of testcase TC_SECPKI_ITSS_ENR_03_BV
ASN.1 Documenter's avatar
ASN.1 Documenter committed
      group f_TC_SECPKI_ITSS_ENR_03_BV {
ASN.1 Documenter's avatar
ASN.1 Documenter committed
        function f_TC_SECPKI_ITSS_ENR_03_BV_itss() runs on ItsPkiItss system ItsPkiItssSystem {
          // Local variables
          var HashedId8               v_certificate_digest;
          var EtsiTs103097Certificate v_certificate;
ASN.1 Documenter's avatar
ASN.1 Documenter committed
          // Test component configuration
          vc_hashedId8ToBeUsed := PX_IUT_DEFAULT_CERTIFICATE;
          f_cfUp_itss();
ASN.1 Documenter's avatar
ASN.1 Documenter committed
          // Test adapter configuration
ASN.1 Documenter's avatar
ASN.1 Documenter committed
          // Preamble
          // Initial state: No CAM shall be emitted
          geoNetworkingPort.clear;
          tc_noac.start;
          alt {
            [] geoNetworkingPort.receive {
              log("No CA message expected");
              f_selfOrClientSyncAndVerdict(c_prDone, e_error);
              }
            [] tc_noac.timeout {
              // Trigger the first enrolment
              f_sendUtTriggerEnrolmentRequestPrimitive();
              log("*** " & testcasename() & "_itss: INFO: No CA message received ***");
ASN.1 Documenter's avatar
ASN.1 Documenter committed
              f_selfOrClientSyncAndVerdict(c_prDone, e_success);
              } 
            } // End of 'alt' statement
ASN.1 Documenter's avatar
ASN.1 Documenter committed
          // Test Body
          // Give time to the IUT to setup enrol state
          tc_ac.start; // TDOD To refined, use altstep
          alt {
            [] utPort.receive(UtPkiTriggerInd: { state := 1 }) {
              tc_ac.stop;
              log("*** " & testcasename() & "_itss: INFO: IUT is in enrolment state ***");
            }
            [] tc_ac.timeout {
              log("*** " & testcasename() & "_itss: DBG: IUT state update not recieved ***");
              //f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout);
            }
          } // End of 'alt' statement
ASN.1 Documenter's avatar
ASN.1 Documenter committed
          // Trigger the second enrolment
          f_sendUtTriggerEnrolmentRequestPrimitive();
          tc_noac.start;
          alt {
            [] geoNetworkingPort.receive {
              log("*** " & testcasename() & "_itss: FAIL: No CA message expected ***");
ASN.1 Documenter's avatar
ASN.1 Documenter committed
              f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
            }
            [] tc_noac.timeout {
              log("*** " & testcasename() & "_itss: PASS: Re-enrolment trigger sent succesfully ***");
ASN.1 Documenter's avatar
ASN.1 Documenter committed
              f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
            }
          } // End of 'alt' statement
ASN.1 Documenter's avatar
ASN.1 Documenter committed
          // Postamble
          f_cfDown_itss();
        } // End of function f_TC_SECPKI_ITSS_ENR_03_BV_itss
ASN.1 Documenter's avatar
ASN.1 Documenter committed
        function f_TC_SECPKI_ITSS_ENR_03_BV_pki() runs on ItsPkiHttp system ItsPkiItssSystem {
          // Local variable
          var Headers v_headers;
          var HttpMessage v_request;
          var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
ASN.1 Documenter's avatar
ASN.1 Documenter committed
          // Test component configuration
          f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);
ASN.1 Documenter's avatar
ASN.1 Documenter committed
          // Test adapter configuration
ASN.1 Documenter's avatar
ASN.1 Documenter committed
          // Preamble
          f_init_default_headers_list(-, "inner_ec_response", v_headers);
          alt {
            [] a_await_ec_http_request_from_iut(
                                                mw_http_request(
                                                                mw_http_request_post(
                                                                                     PICS_HTTP_POST_URI_EC,
                                                                                     -,
                                                                                     mw_http_message_body_binary(
                                                                                                                 mw_binary_body_ieee1609dot2_data(
                                                                                                                                                  mw_enrolmentRequestMessage(
                                                                                                                                                                             mw_encryptedData(
                                                                                                                                                                                              { *, mw_recipientInfo_certRecipInfo(mw_pKRecipientInfo(vc_eaHashedId8)), * },
                                                                                                                                                                                              mw_symmetricCiphertext_aes128ccm
                                                                                                                                                                                              )))))),
                                                v_request
                                                ) {
ASN.1 Documenter's avatar
ASN.1 Documenter committed
              var integer v_result;
              var InnerEcRequest v_inner_ec_request;
              var InnerEcResponse v_inner_ec_response;
              var HttpMessage v_response;
ASN.1 Documenter's avatar
ASN.1 Documenter committed
              tc_ac.stop;

              // Verify IUT response
              f_verify_http_ec_request_from_iut_itss(v_request.request, v_headers, v_inner_ec_request, v_inner_ec_response, v_response, v_result);
ASN.1 Documenter's avatar
ASN.1 Documenter committed
              // Send response
              if (isvalue(v_response)) {
                httpPort.send(v_response);
              } else { // Send HTTP error 500
                f_send_500_Internal_Error(v_headers);
              }
ASN.1 Documenter's avatar
ASN.1 Documenter committed
              // Set verdict
              if (v_result == 0) {
                log("*** " & testcasename() & ": INFO: First InnerEcRequest received ***");
                f_selfOrClientSyncAndVerdict(c_prDone, e_success);
              } else {
                log("*** " & testcasename() & ": FAIL: Failed to verify EA an EnrolmentRequestMessage ***");
                f_selfOrClientSyncAndVerdict(c_prDone, e_error);
              }
            }
            [] tc_ac.timeout {
              log("*** " & testcasename() & ": INCONC: Expected message not received ***");
              f_selfOrClientSyncAndVerdict(c_prDone, e_timeout);
            }
          } // End of 'alt' statement
ASN.1 Documenter's avatar
ASN.1 Documenter committed
          // Test Body
          tc_ac.start;
          alt {
            [] a_await_ec_http_request_from_iut( // Re-enrolment request
                                                mw_http_request(
                                                                mw_http_request_post(
                                                                                     PICS_HTTP_POST_URI_EC,
                                                                                     -,
                                                                                     mw_http_message_body_binary(
                                                                                                                 mw_binary_body_ieee1609dot2_data(
                                                                                                                                                  mw_enrolmentRequestMessage(
                                                                                                                                                                             mw_encryptedData(
                                                                                                                                                                                              { *, mw_recipientInfo_certRecipInfo(mw_pKRecipientInfo(vc_eaHashedId8)), * },
                                                                                                                                                                                              mw_symmetricCiphertext_aes128ccm
                                                                                                                                                                                              )))))),
                                                v_request
                                                ) {
ASN.1 Documenter's avatar
ASN.1 Documenter committed
              var integer v_result;
              var InnerEcRequest v_inner_ec_request;
              var InnerEcResponse v_inner_ec_response;
              var HttpMessage v_response;
ASN.1 Documenter's avatar
ASN.1 Documenter committed
              tc_ac.stop;

              // Verify IUT response
              log(">>>>>>>>>>>>>> DBG:  vc_ec_keys_counter= ", vc_ec_keys_counter);
              log(">>>>>>>>>>>>>> DBG:  vc_ec_public_compressed_key[vc_ec_keys_counter - 1]= ", vc_ec_public_compressed_key[vc_ec_keys_counter - 1]);
              log(">>>>>>>>>>>>>> DBG:  vc_ec_compressed_modes[vc_ec_keys_counter - 1]= ", vc_ec_compressed_modes[vc_ec_keys_counter - 1]);
              log(">>>>>>>>>>>>>> DBG:  vc_ec_hashed_id8[vc_ec_keys_counter - 1]= ", vc_ec_hashed_id8[vc_ec_keys_counter - 1]);
ASN.1 Documenter's avatar
ASN.1 Documenter committed
              f_verify_http_ec_request_from_iut_itss(
                                                     v_request.request,
                                                     v_headers,
                                                     v_inner_ec_request, 
                                                     v_inner_ec_response,
                                                     v_response, 
                                                     v_result,
                                                     vc_ec_hashed_id8[vc_ec_keys_counter - 1], // v_response...
ASN.1 Documenter's avatar
ASN.1 Documenter committed
                                                                       // containing itsId declared as digest containing the HashedId8 of the EC identifier
                                                     m_signerIdentifier_digest(vc_ec_hashed_id8[vc_ec_keys_counter - 1] // containing signer declared as digest containing the HashedId8 of the EC identifier
ASN.1 Documenter's avatar
ASN.1 Documenter committed
                                                                               )
                                                     );
ASN.1 Documenter's avatar
ASN.1 Documenter committed
              // Send response
              if (isvalue(v_response)) {
                httpPort.send(v_response);
              } else { // Send HTTP error 500
                f_send_500_Internal_Error(v_headers);
              }
ASN.1 Documenter's avatar
ASN.1 Documenter committed
              // Set verdict
              if (v_result == 0) {
                log("*** " & testcasename() & ": PASS: InnerEcRequest received ***");
                f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
              } else {
                log("*** " & testcasename() & ": FAIL: Failed to verify EA an EnrolmentRequestMessage ***");
                f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
              }
            }
            [] tc_ac.timeout {
              log("*** " & testcasename() & ": INCONC: Expected message not received ***");
              f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout);
            }
          } // End of 'alt' statement
ASN.1 Documenter's avatar
ASN.1 Documenter committed
          // Postamble
          f_cfHttpDown();
        } // End of function f_TC_SECPKI_ITSS_ENR_03_BV_pki
ASN.1 Documenter's avatar
ASN.1 Documenter committed
      } // End of group f_TC_SECPKI_ITSS_ENR_03_BV
ASN.1 Documenter's avatar
ASN.1 Documenter committed
      /**
       * @desc If the EC is revoked, the IUT returns to the state 'initialized'.
       * <pre>
       * Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT and PICS_SECPKI_CRL
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT is informed about a revocation of its EC
       *         }
       *         then {
       *             the IUT returns to the "initialized" state
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 v2.0.1 SECPKI_ITSS_ENR_04_BV
ASN.1 Documenter's avatar
ASN.1 Documenter committed
       * @reference ETSI TS 102 941, clause 6.1.3, 6.2.3.2.1
       */
      testcase TC_SECPKI_ITSS_ENR_04_BV() runs on ItsMtc system ItsPkiItssSystem {
        // Local variables
        var Oct32      v_private_key;
        var Oct32      v_public_key_x;
        var Oct32      v_public_key_y;
        var Oct32      v_public_compressed_key;
        var integer    v_compressed_mode;
        var ItsPkiItss v_itss;
        var ItsPkiHttp v_ea;
ASN.1 Documenter's avatar
ASN.1 Documenter committed
        // Test control
        if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_ENROLMENT or not PICS_SECPKI_CRL) {
          log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT and PICS_SECPKI_CRL required for executing the TC ***");