Newer
Older
Denis Filatov
committed
if( p_data.counter < p_execution_count ) {
f_clientSync(c_nextTry, e_success);
log("*** " & testcasename() & ": Wait for Auth message " & int2str(p_data.counter) & " ***");
tc_ac.start;
repeat;
}
log("*** " & testcasename() & ": PASS: Everything OK ***");
Yann Garcia
committed
}
Denis Filatov
committed
[] a_await_at_http_request_from_iut(?, v_request) {
log("*** " & testcasename() & ": ERROR: Strange message received ***");
f_selfOrClientSyncAndVerdict(c_interSyncPoint, e_error);
Yann Garcia
committed
}
Denis Filatov
committed
Yann Garcia
committed
[] tc_ac.timeout {
Denis Filatov
committed
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdict(c_interSyncPoint, e_timeout);
Yann Garcia
committed
}
} // End of 'alt' statement
Denis Filatov
committed
4022
4023
4024
4025
4026
4027
4028
4029
4030
4031
4032
4033
4034
4035
4036
4037
4038
4039
4040
4041
4042
4043
4044
4045
4046
4047
4048
4049
4050
4051
4052
4053
4054
4055
4056
4057
4058
4059
4060
4061
4062
4063
4064
4065
4066
4067
4068
4069
4070
4071
4072
4073
4074
4075
f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
} // End of function f_TC_SECPKI_ITSS_AUTH_pki
/**
* @desc Check that the ITS-S send the Authorization HttpRequest message to the Authorization Authority (AA) to request an authorization ticket.
* <pre>
* Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION
* Initial conditions:
* with {
* the IUT being in the "operational state"
* }
* Expected behaviour:
* ensure that {
* when {
* the IUT is triggered to requested a new Authorization Ticket (AT)
* }
* then {
* the IUT sends EtsiTs103097Data to the AA
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v2.0.1 SECPKI_ITSS_AUTH_01_BV
* @reference ETSI TS 102 941 [2], clause 6.2.3.3.0
*/
testcase TC_SECPKI_ITSS_AUTH_01_BV() runs on ItsMtc system ItsPkiItssSystem {
// Local variables
var ItsPkiItss v_itss;
var ItsPkiHttp v_aa;
// Test control
if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_AUTHORIZATION) {
log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION required for executing the TC ***");
setverdict(inconc);
stop;
}
// Test component configuration
f_cfMtcUp01(v_itss, v_aa);
// Start component
v_itss.start(f_TC_SECPKI_ITSS_AUTH_itss());
v_aa.start(f_TC_SECPKI_ITSS_AUTH_01_BV_pki());
// Synchronization
f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
// Cleanup
f_cfMtcDown01(v_itss, v_aa);
} // End of testcase TC_SECPKI_ITSS_AUTH_01_BV
group f_TC_SECPKI_ITSS_AUTH_01_BV {
Yann Garcia
committed
4076
4077
4078
4079
4080
4081
4082
4083
4084
4085
4086
4087
4088
4089
4090
4091
4092
4093
4094
4095
4096
4097
4098
4099
4100
4101
4102
4103
4104
4105
4106
4107
4108
4109
4110
4111
4112
4113
4114
function f_TC_SECPKI_ITSS_AUTH_01_BV_pki() runs on ItsPkiHttp system ItsPkiItssSystem {
// Local variable
var Headers v_headers;
var HttpMessage v_request;
var InnerEcRequest v_inner_ec_request;
var InnerEcResponse v_inner_ec_response;
var template (omit) EtsiTs103097Certificate v_ec_cert := omit;
// Test component configuration
f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);
// Test adapter configuration
// Preamble
f_init_default_headers_list(-, "inner_at_response", v_headers);
if (PX_TRIGGER_EC_BEFORE_AT) {
if (f_await_ec_request_send_response(v_inner_ec_request, v_inner_ec_response, v_request) == true) {
v_ec_cert := v_inner_ec_response.certificate;
log("*** " & testcasename() & ": INFO: Enrolment succeed ***");
f_selfOrClientSyncAndVerdict(c_prDone, e_success);
} else {
log("*** " & testcasename() & ": INCONC: Enrolment failed ***");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
}
} else {
f_selfOrClientSyncAndVerdict(c_prDone, e_success);
}
// Test Body
tc_ac.start;
alt {
[] a_await_at_http_request_from_iut(
mw_http_request(
mw_http_request_post(
PICS_HTTP_POST_URI_AT,
-,
mw_http_message_body_binary(
mw_binary_body_ieee1609dot2_data(
Denis Filatov
committed
mw_authorizationRequestMessage(
mw_encryptedData(
{ *, mw_recipientInfo_certRecipInfo(mw_pKRecipientInfo(vc_aaHashedId8)), * },
mw_symmetricCiphertext_aes128ccm
)))))),
Yann Garcia
committed
4120
4121
4122
4123
4124
4125
4126
4127
4128
4129
4130
4131
4132
4133
4134
4135
4136
4137
4138
4139
4140
4141
4142
4143
4144
4145
4146
4147
4148
4149
4150
4151
4152
4153
4154
4155
4156
4157
4158
4159
4160
4161
4162
4163
4164
4165
4166
4167
4168
4169
4170
4171
4172
4173
4174
4175
4176
4177
4178
4179
4180
4181
4182
4183
4184
4185
4186
4187
4188
4189
4190
4191
4192
4193
4194
4195
4196
4197
4198
4199
v_request
) {
var HttpMessage v_response;
var integer v_result;
var InnerAtRequest v_inner_at_request;
var InnerAtResponse v_inner_at_response;
tc_ac.stop;
// Verify IUT response
f_verify_http_at_request_from_iut_itss(v_request.request, v_headers, v_ec_cert, v_inner_at_request, v_inner_at_response, v_response, v_result);
log("f_TC_SECPKI_ITSS_AUTH_01_BV_pki: v_result: ", v_result);
log("f_TC_SECPKI_ITSS_AUTH_01_BV_pki: v_response: ", v_response);
// Send response
if (isvalue(v_response)) {
httpPort.send(v_response);
}
// Set verdict
if (v_result == 0) {
var octetstring v_msg;
var octetstring v_hashed_id8;
log("*** " & testcasename() & ": PASS: InnerAtResponse received ***");
v_msg := bit2oct(encvalue(v_inner_at_response.certificate));
if (ischosen(v_inner_at_response.certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaBrainpoolP384r1)) {
v_hashed_id8 := f_hashedId8FromSha384(f_hashWithSha384(v_msg));
} else {
v_hashed_id8 := f_hashedId8FromSha256(f_hashWithSha256(v_msg));
}
infoPort.send(InfoPortData : { hashed_id8 := v_hashed_id8, at_certificate := v_inner_at_response.certificate });
f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
} else {
log("*** " & testcasename() & ": FAIL: Failed to verify EA an EnrolmentRequestMessage ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
}
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_cfHttpDown();
} // End of function f_TC_SECPKI_ITSS_AUTH_01_BV_pki
} // End of group f_TC_SECPKI_ITSS_AUTH_01_BV
/**
* @desc Check that the AuthorizationRequest message is encrypted and sent to only one Authorization Authority.
* <pre>
* Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION
* Initial conditions:
* with {
* the IUT being in the "operational state"
* authorized with CERT_AA certificate
* }
* Expected behaviour:
* ensure that {
* when {
* the IUT is triggered to requested a new Authorization Ticket (AT)
* }
* then {
* the IUT sends EtsiTs103097Data to the AA
* containing content.encryptedData.recipients
* indicating size 1
* and containing the instance of RecipientInfo
* containing certRecipInfo
* containing recipientId
* indicating HashedId8 of the CERT_AA
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v2.0.1 SECPKI_ITSS_AUTH_02_BV
* @reference ETSI TS 102 941 [2], clause 6.2.3.3.1
*/
testcase TC_SECPKI_ITSS_AUTH_02_BV() runs on ItsMtc system ItsPkiItssSystem {
// Local variables
var ItsPkiItss v_itss;
Denis Filatov
committed
var ItsPkiHttp v_aa;
Yann Garcia
committed
// Test control
if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_AUTHORIZATION) {
log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION required for executing the TC ***");
setverdict(inconc);
stop;
}
// Test component configuration
Denis Filatov
committed
f_cfMtcUp01(v_itss, v_aa);
Yann Garcia
committed
// Start component
Denis Filatov
committed
v_itss.start(f_TC_SECPKI_ITSS_AUTH_itss());
v_aa.start(f_TC_SECPKI_ITSS_AUTH_02_BV_pki());
Yann Garcia
committed
// Synchronization
f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
// Cleanup
Denis Filatov
committed
f_cfMtcDown01(v_itss, v_aa);
Yann Garcia
committed
} // End of testcase TC_SECPKI_ITSS_AUTH_02_BV
Denis Filatov
committed
4224
4225
4226
4227
4228
4229
4230
4231
4232
4233
4234
4235
4236
4237
4238
4239
4240
4241
4242
4243
4244
4245
4246
4247
4248
4249
4250
4251
group f_TC_SECPKI_ITSS_AUTH_02_BV {
function f_TC_SECPKI_ITSS_AUTH_02_BV_pki() runs on ItsPkiHttp system ItsPkiItssSystem {
f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);
var SECPKI_ITSS_TestData v_data;
f_TC_SECPKI_ITSS_AUTH_pki(
v_data, -, -, -, -, -,
mw_http_request(
mw_http_request_post(
PICS_HTTP_POST_URI_AT,
-,
mw_http_message_body_binary(
mw_binary_body_ieee1609dot2_data(
mw_authorizationRequestMessage(
mw_encryptedData(
{ *, mw_recipientInfo_certRecipInfo(mw_pKRecipientInfo(vc_aaHashedId8)), * },
?
)))))),
ok
);
// Postamble
f_cfHttpDown();
} // end of function f_TC_SECPKI_ITSS_AUTH_02_BV_pki
} // end of group f_TC_SECPKI_ITSS_AUTH_02_BV
Yann Garcia
committed
/**
* @desc Check that the AuthorizationRequest message is encrypted using the encryptionKey found in the AA certificate referenced in recipientId.
* <pre>
* Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION
* Initial conditions:
* with {
Denis Filatov
committed
* the AA being in the "operational state"
Yann Garcia
committed
* authorized with AA certificate
* containing encryptionKey (AA_ENC_PUB_KEY)
Denis Filatov
committed
* and the IUT being in the "enrolled" state
Yann Garcia
committed
4262
4263
4264
4265
4266
4267
4268
4269
4270
4271
4272
4273
4274
4275
4276
4277
4278
4279
4280
4281
4282
4283
* }
* Expected behaviour:
* ensure that {
* when {
* the IUT is triggered to requested a new Authorization Ticket (AT)
* }
* then {
* the IUT sends EtsiTs103097Data to the AA
* containing content.encryptedData
* containing ciphertext
* containing data
* encrypted using AA_ENC_PUB_KEY
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v2.0.1 SECPKI_ITSS_AUTH_03_BV
* @reference ETSI TS 102 941 [2], clause 6.2.3.3.1
*/
testcase TC_SECPKI_ITSS_AUTH_03_BV() runs on ItsMtc system ItsPkiItssSystem {
// Local variables
var ItsPkiItss v_itss;
Denis Filatov
committed
var ItsPkiHttp v_aa;
Yann Garcia
committed
// Test control
if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_AUTHORIZATION) {
log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION required for executing the TC ***");
setverdict(inconc);
stop;
}
// Test component configuration
Denis Filatov
committed
f_cfMtcUp01(v_itss, v_aa);
Yann Garcia
committed
// Start component
Denis Filatov
committed
v_itss.start(f_TC_SECPKI_ITSS_AUTH_itss());
v_aa.start(f_TC_SECPKI_ITSS_AUTH_pki_simple(-,
refers(f_TC_SECPKI_ITSS_AUTH_03_BV_pki_check_encryptedData),
refers(f_TC_SECPKI_ITSS_AUTH_03_BV_pki_check_signedData)));
Yann Garcia
committed
// Synchronization
f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
// Cleanup
Denis Filatov
committed
f_cfMtcDown01(v_itss, v_aa);
Yann Garcia
committed
} // End of testcase TC_SECPKI_ITSS_AUTH_03_BV
Denis Filatov
committed
4308
4309
4310
4311
4312
4313
4314
4315
4316
4317
4318
4319
4320
4321
4322
4323
4324
4325
4326
4327
4328
4329
4330
4331
4332
4333
4334
4335
4336
4337
4338
4339
4340
4341
4342
4343
4344
4345
4346
4347
4348
4349
4350
4351
4352
4353
group f_TC_SECPKI_ITSS_AUTH_03_BV {
function f_TC_SECPKI_ITSS_AUTH_03_BV_pki_check_encryptedData (inout SECPKI_ITSS_TestData p_data, in Ieee1609Dot2Data p_value) runs on ItsPkiHttp return boolean {
var template (present) EtsiTs103097Data mw :=
m_etsiTs103097Data_encrypted(
mw_encryptedData(
{
[0] := mw_recipientInfo_certRecipInfo(
mw_pKRecipientInfo(
vc_aaHashedId8
)
)
}
)
);
/*
Ieee1609Dot2Data : {
protocolVersion := ?,
content := {
encryptedData := {
recipients := {
[0] := {
certRecipInfo := {
recipientId := vc_aaHashedId8,
encKey := ?
}
}
},
ciphertext := ?
}
}
};
*/
if(not match (p_value, mw)){
log("*** " & testcasename() & ": FAIL: Not an encrypted message or wrong encryption target used (not an AA digest) ***");
log(match(p_value, mw));
return false;
}
return true;
} // end of function f_TC_SECPKI_ITSS_AUTH_03_BV_pki_check_encryptedData
function f_TC_SECPKI_ITSS_AUTH_03_BV_pki_check_signedData ( inout SECPKI_ITSS_TestData p_data, in Ieee1609Dot2Data p_value) runs on ItsPkiHttp return boolean {
// need for this function to check an actual decryption
return true;
}
} // end of group f_TC_SECPKI_ITSS_AUTH_03_BV
Yann Garcia
committed
4354
4355
4356
4357
4358
4359
4360
4361
4362
4363
4364
4365
4366
4367
4368
4369
4370
4371
4372
4373
4374
4375
4376
4377
4378
4379
4380
4381
4382
4383
4384
4385
/**
* @desc Check that the AuthorizationRequest message is never reused the same encryption key and nonce.
* <pre>
* Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION
* Initial conditions:
* with {
* the IUT being in the "operational state"
* }
* Expected behaviour:
* ensure that {
* when {
* the IUT is triggered to requested a new Authorization Ticket (AT)
* }
* then {
* the IUT sends EtsiTs103097Data to the AA
* containing content.encryptedData
* containing ciphertext.aes128Ccm.nonce
* indicating value not equal to the nonce in N previous messages
* and containing recipients[0].certRecipInfo.encKey
* containing encrypted symmetric key (S_KEY)
* indicating symmetric key not equal to the key was used in N previous messages
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v2.0.1 SECPKI_ITSS_AUTH_04_BV
* @reference ETSI TS 102 941 [2], clause 6.2.3.3.1
*/
testcase TC_SECPKI_ITSS_AUTH_04_BV() runs on ItsMtc system ItsPkiItssSystem {
// Local variables
var ItsPkiItss v_itss;
Denis Filatov
committed
var ItsPkiHttp v_aa;
var SECPKI_ITSS_TestData v_data := SECPKI_ITSS_TestData_init_value;
v_data.anyData.tc04 := {{},{}};
Yann Garcia
committed
// Test control
if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_AUTHORIZATION) {
log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION required for executing the TC ***");
setverdict(inconc);
stop;
}
// Test component configuration
Denis Filatov
committed
f_cfMtcUp01(v_itss, v_aa);
Yann Garcia
committed
// Start component
Denis Filatov
committed
v_itss.start(f_TC_SECPKI_ITSS_AUTH_itss(PX_RE_AUTHORIZATION_COUNTER));
v_aa.start(f_TC_SECPKI_ITSS_AUTH_pki_simple(v_data,
refers(f_TC_SECPKI_ITSS_AUTH_04_BV_pki_check_encryptedData),
refers(f_TC_SECPKI_ITSS_AUTH_04_BV_pki_check_signedData),
null,
PX_RE_AUTHORIZATION_COUNTER
));
Yann Garcia
committed
// Synchronization
Denis Filatov
committed
f_serverSyncClientsTimed (2, c_prDone, PX_TSYNC_TIME_LIMIT );
for (var integer v_i := 1; v_i < PX_RE_AUTHORIZATION_COUNTER; v_i := v_i + 1) {
f_serverSyncClientsTimed (2, c_nextTry, PX_TSYNC_TIME_LIMIT );
}
f_serverSyncClientsTimed (2, c_tbDone, PX_TSYNC_TIME_LIMIT );
f_serverWaitForAllClientsToStop();
Yann Garcia
committed
// Cleanup
Denis Filatov
committed
f_cfMtcDown01(v_itss, v_aa);
Yann Garcia
committed
} // End of testcase TC_SECPKI_ITSS_AUTH_04_BV
group f_TC_SECPKI_ITSS_AUTH_04_BV {
Denis Filatov
committed
function f_TC_SECPKI_ITSS_AUTH_04_BV_pki_check_encryptedData (inout SECPKI_ITSS_TestData p_data, in Ieee1609Dot2Data p_value) runs on ItsPkiHttp return boolean {
if( not isbound (p_value.content.encryptedData.ciphertext.aes128ccm.nonce)){
log("*** " & testcasename() & ": FAIL: At step " & int2str(p_data.counter) &": nonce not found in a message ***");
return false;
}
var octetstring v_nonce := p_value.content.encryptedData.ciphertext.aes128ccm.nonce;
if (isbound(p_data.anyData.tc04.nonces) and match(p_data.anyData.tc04.nonces, superset(v_nonce))) {
log("*** " & testcasename() & ": FAIL: At step " & int2str(p_data.counter) & " duplicate nonce found ***");
log(" nonce is: ", v_nonce);
return false;
}
log("*** " & testcasename() & ": LOG: At step " & int2str(p_data.counter) &" nonces are unique ***");
p_data.anyData.tc04.nonces[p_data.counter] := v_nonce;
return true;
}
Yann Garcia
committed
Denis Filatov
committed
function f_TC_SECPKI_ITSS_AUTH_04_BV_pki_check_signedData (inout SECPKI_ITSS_TestData p_data, in Ieee1609Dot2Data p_value) runs on ItsPkiHttp return boolean {
if (isbound(p_data.anyData.tc04.symmKeys) and match(p_data.anyData.tc04.symmKeys, superset(p_data.aesKey))) {
log("*** " & testcasename() & ": FAIL: At step " & int2str(p_data.counter) &": duplicate symmetric encryption keys found ***");
log(" key is: ", p_data.aesKey);
return false;
}
log("*** " & testcasename() & ": LOG: At step " & int2str(p_data.counter) &": symmetric encryption keys are unique ***");
p_data.anyData.tc04.symmKeys[p_data.counter] := p_data.aesKey;
Yann Garcia
committed
Denis Filatov
committed
return true;
}
} // End of group f_TC_SECPKI_ITSS_AUTH_04_BV
Yann Garcia
committed
4454
4455
4456
4457
4458
4459
4460
4461
4462
4463
4464
4465
4466
4467
4468
4469
4470
4471
4472
4473
4474
4475
4476
4477
4478
4479
4480
4481
4482
4483
4484
4485
4486
4487
4488
4489
4490
4491
4492
4493
4494
4495
4496
/**
* @desc Check that the Authozation request protocol version is set to 1.
* <pre>
* Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION
* Initial conditions:
* with {
* the IUT being in the "operational state"
* }
* Expected behaviour:
* ensure that {
* when {
* the IUT is triggered to requested a new Authorization Ticket (AT)
* }
* then {
* the IUT sends EtsiTs103097Data to the AA
* containing version
* indicating value 1
* and containing content
* containing autihorizationRequest
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v2.0.1 SECPKI_ITSS_AUTH_05_BV
* @reference ETSI TS 102 941 [2], clause 6.2.3.3.1
*/
testcase TC_SECPKI_ITSS_AUTH_05_BV() runs on ItsMtc system ItsPkiItssSystem {
// Local variables
var ItsPkiItss v_itss;
var ItsPkiHttp v_ea;
// Test control
if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_AUTHORIZATION) {
log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION required for executing the TC ***");
setverdict(inconc);
stop;
}
// Test component configuration
f_cfMtcUp01(v_itss, v_ea);
// Start component
Denis Filatov
committed
v_itss.start(f_TC_SECPKI_ITSS_AUTH_itss());
v_ea.start(f_TC_SECPKI_ITSS_AUTH_pki_simple(-, null, null,
refers(f_TC_SECPKI_ITSS_AUTH_05_BV_pki_check_authRequest)));
Yann Garcia
committed
// Synchronization
f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
// Cleanup
f_cfMtcDown01(v_itss, v_ea);
} // End of testcase TC_SECPKI_ITSS_AUTH_05_BV
Denis Filatov
committed
group f_TC_SECPKI_ITSS_AUTH_05_BV {
function f_TC_SECPKI_ITSS_AUTH_05_BV_pki_check_authRequest (inout SECPKI_ITSS_TestData p_data, in EtsiTs102941Data p_value) runs on ItsPkiHttp return boolean {
if(not match (p_value, mw_etsiTs102941Data_authorization_request)){
log("*** " & testcasename() & "_pki: FAIL: Invalid message received ***");
return false;
}
return true;
}
} // End of group f_TC_SECPKI_ITSS_AUTH_05_BV_pki
Yann Garcia
committed
4520
4521
4522
4523
4524
4525
4526
4527
4528
4529
4530
4531
4532
4533
4534
4535
4536
4537
4538
4539
4540
4541
4542
4543
4544
4545
4546
4547
4548
4549
4550
4551
4552
4553
4554
4555
4556
4557
/**
* @desc Check that for each authorization request the ITS-S generates a new verification key pair
* Check that for each authorization request the ITS-S generates a new encryption key pair
* Check that for each authorization request the ITS-S generates a new hmac-key
* <pre>
* Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION
* Initial conditions:
* with {
* the IUT in 'enrolled' state
* the IUT being in the "operational state"
* }
* Expected behaviour:
* ensure that {
* when {
* the IUT is triggered to request new Authorization Ticket (AT)
* }
* then {
* the IUT sends a EtsiTs103097Data to the AA
* containing EtsiTs102941Data
* containing authorizationRequest
* containing publicKeys
* containing verificationKey
* indicating value not equal to the field verificationKey of N previous messages
* and not containing encryptionKey
* or containing encryptionKey
* indicating value not equal to the field encryptionKey of N previous messages
* and containing hmacKey
* indicating value not equal to the field hmacKey of N previous messages
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v2.0.1 SECPKI_ITSS_AUTH_06_BV
* @reference ETSI TS 102 941 [2], clause 6.2.3.3.1
*/
testcase TC_SECPKI_ITSS_AUTH_06_BV() runs on ItsMtc system ItsPkiItssSystem {
// Local variables
var ItsPkiItss v_itss;
Denis Filatov
committed
var ItsPkiHttp v_aa;
var SECPKI_ITSS_TestData v_data := SECPKI_ITSS_TestData_init_value;
v_data.anyData.tc06 := {{},{},{}};
Yann Garcia
committed
// Test control
if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_AUTHORIZATION) {
log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION required for executing the TC ***");
setverdict(inconc);
stop;
}
// Test component configuration
Denis Filatov
committed
f_cfMtcUp01(v_itss, v_aa);
Yann Garcia
committed
// Start component
Denis Filatov
committed
v_itss.start(f_TC_SECPKI_ITSS_AUTH_itss(PX_RE_AUTHORIZATION_COUNTER));
v_aa.start(f_TC_SECPKI_ITSS_AUTH_pki_simple(v_data, null, null,
refers(f_TC_SECPKI_ITSS_AUTH_05_BV_pki_check_authRequest),
PX_RE_AUTHORIZATION_COUNTER
));
Yann Garcia
committed
// Synchronization
Denis Filatov
committed
f_serverSyncClientsTimed ( 2, c_prDone, PX_TSYNC_TIME_LIMIT );
for (var integer v_i := 1; v_i < PX_RE_AUTHORIZATION_COUNTER; v_i := v_i + 1) {
f_serverSyncClientsTimed ( 2, c_nextTry, PX_TSYNC_TIME_LIMIT );
}
f_serverSyncClientsTimed ( 2, c_tbDone, PX_TSYNC_TIME_LIMIT );
f_serverWaitForAllClientsToStop();
Yann Garcia
committed
// Cleanup
Denis Filatov
committed
f_cfMtcDown01(v_itss, v_aa);
Yann Garcia
committed
} // End of testcase TC_SECPKI_ITSS_AUTH_06_BV
group f_TC_SECPKI_ITSS_AUTH_06_BV {
Denis Filatov
committed
function f_TC_SECPKI_ITSS_AUTH_06_BV_pki_check_authRequest (inout SECPKI_ITSS_TestData p_data, in EtsiTs102941Data p_value) runs on ItsPkiHttp return boolean {
if (not isvalue(p_value.content.authorizationRequest)){
log("*** " & testcasename() & "_pki: FAIL: Invalid message received ***");
return false;
}
if (isbound(p_data.anyData.tc06.vKeys) and match(p_data.anyData.tc06.vKeys, superset(p_value.content.authorizationRequest.publicKeys.verificationKey))) {
log("*** " & testcasename() & "_pki: FAIL: At step " & int2str(p_data.counter) & " duplicate verification key found ***");
return false;
}
log("*** " & testcasename() & "_pki: LOG: At step " & int2str(p_data.counter) &" verification keys are unique ***");
p_data.anyData.tc06.vKeys[p_data.counter] := p_value.content.authorizationRequest.publicKeys.verificationKey;
Yann Garcia
committed
Denis Filatov
committed
if( ispresent (p_value.content.authorizationRequest.publicKeys.encryptionKey)){
if (isbound(p_data.anyData.tc06.eKeys) and match(p_data.anyData.tc06.eKeys, superset(p_value.content.authorizationRequest.publicKeys.encryptionKey.publicKey))) {
log("*** " & testcasename() & "_pki: FAIL: At step " & int2str(p_data.counter) & " duplicate encryption key found ***");
return false;
Denis Filatov
committed
log("*** " & testcasename() & "_pki: LOG: At step " & int2str(p_data.counter) &" encryption keys are unique ***");
p_data.anyData.tc06.eKeys[p_data.counter] := p_value.content.authorizationRequest.publicKeys.encryptionKey.publicKey;
Yann Garcia
committed
Denis Filatov
committed
if (isbound(p_data.anyData.tc06.hmacKeys) and match(p_data.anyData.tc06.hmacKeys, superset(p_value.content.authorizationRequest.hmacKey))) {
log("*** " & testcasename() & "_pki: FAIL: At step " & int2str(p_data.counter) & " duplicate HMAC key found ***");
return false;
}
log("*** " & testcasename() & "_pki: LOG: At step " & int2str(p_data.counter) &" HMAC keys are unique ***");
p_data.anyData.tc06.hmacKeys[p_data.counter] := p_value.content.authorizationRequest.hmacKey;
Yann Garcia
committed
Denis Filatov
committed
return true;
}
Yann Garcia
committed
4626
4627
4628
4629
4630
4631
4632
4633
4634
4635
4636
4637
4638
4639
4640
4641
4642
4643
4644
4645
4646
4647
4648
4649
4650
4651
4652
4653
4654
4655
4656
4657
4658
4659
4660
4661
4662
4663
4664
4665
4666
4667
4668
4669
4670
4671
} // End of group f_TC_SECPKI_ITSS_AUTH_06_BV
/**
* @desc Check that ITS-S sends Authorization request with a keyTag field computed as described in ETSI TS 102 941 [1], clause 6.2.3.3.1
* <pre>
* Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION
* Initial conditions:
* with {
* the IUT in 'enrolled' state
* the IUT being in the "operational state"
* }
* Expected behaviour:
* ensure that {
* when {
* the IUT is triggered to request a new Authorization Ticket (AT)
* }
* then {
* the IUT sends a EtsiTs103097Data to the AA
* containing EtsiTs102941Data
* containing authorizationRequest
* containing sharedAtRequest
* containing keyTag
* indicating properly calculated value
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v2.0.1 SECPKI_ITSS_AUTH_07_BV
* @reference ETSI TS 102 941 [2], clause 6.2.3.3.1
*/
testcase TC_SECPKI_ITSS_AUTH_07_BV() runs on ItsMtc system ItsPkiItssSystem {
// Local variables
var ItsPkiItss v_itss;
var ItsPkiHttp v_ea;
// Test control
if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_AUTHORIZATION) {
log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION required for executing the TC ***");
setverdict(inconc);
stop;
}
// Test component configuration
f_cfMtcUp01(v_itss, v_ea);
// Start component
Denis Filatov
committed
v_itss.start(f_TC_SECPKI_ITSS_AUTH_itss());
v_ea.start(f_TC_SECPKI_ITSS_AUTH_pki_simple(-, null, null,
refers(f_TC_SECPKI_ITSS_AUTH_07_BV_pki_check_authRequest))
);
Yann Garcia
committed
// Synchronization
f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
// Cleanup
f_cfMtcDown01(v_itss, v_ea);
} // End of testcase TC_SECPKI_ITSS_AUTH_07_BV
Denis Filatov
committed
4685
4686
4687
4688
4689
4690
4691
4692
4693
4694
4695
4696
4697
4698
4699
4700
4701
4702
4703
4704
4705
4706
4707
4708
4709
4710
4711
4712
4713
4714
4715
4716
4717
4718
4719
4720
4721
4722
4723
4724
4725
4726
4727
4728
4729
4730
4731
4732
4733
4734
4735
4736
group f_TC_SECPKI_ITSS_AUTH_07_BV {
function f_TC_SECPKI_ITSS_AUTH_07_BV_pki_check_authRequest (inout SECPKI_ITSS_TestData p_data, in EtsiTs102941Data p_value) runs on ItsPkiHttp return boolean {
// calculate keyTag
var octetstring v_encoded_tag;
var octetstring v_key_tag;
v_encoded_tag := bit2oct(encvalue(p_value.content.authorizationRequest.publicKeys.verificationKey));
if (ispresent(p_value.content.authorizationRequest.publicKeys.encryptionKey)) {
v_encoded_tag := v_encoded_tag & bit2oct(encvalue(p_value.content.authorizationRequest.publicKeys.encryptionKey));
}
v_key_tag := substr(
fx_hmac_sha256( // TODO Rename and use a wrapper function
p_value.content.authorizationRequest.hmacKey,
v_encoded_tag
),
0,
16); // Leftmost 128 bits of the HMAC-SHA256 tag computed previously
var template (present) EtsiTs102941Data mw :=
mw_etsiTs102941Data_authorization_request(
mw_innerAtRequest(
-,
-,
mw_shared_at_request(
-,
v_key_tag,
-
),
-
)
);
if(not match (p_value, mw)){
log("*** " & testcasename() & "_pki: FAIL: Wrong keyTag value ***");
log(match (p_value, mw));
return false;
}
return true;
}
/*
function f_TC_SECPKI_ITSS_AUTH_07_BV_pki() runs on ItsPkiHttp system ItsPkiItssSystem {
// Test component configuration
var SECPKI_ITSS_TestData v_data;
f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);
f_TC_SECPKI_ITSS_AUTH_pki(v_data, null, null,
refers(f_TC_SECPKI_ITSS_AUTH_07_BV_pki_check_authRequest));
f_cfHttpDown();
}
*/
} // End of group f_TC_SECPKI_ITSS_AUTH_07_BV_pki
Yann Garcia
committed
/**
* @desc Check that ITS-S sends Authorization request with eaId of EA certificate
* <pre>
* Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION
* Initial conditions:
* with {
Denis Filatov
committed
* the IUT is enrolled by the EC, signed with the CERT_EA certificate
Yann Garcia
committed
* the IUT being in the "operational" state
* }
* Expected behaviour:
* ensure that {
* when {
* the IUT is triggered to request new Authorization Ticket (AT)
* }
* then {
* the IUT sends a EtsiTs103097Data to the AA
* containing EtsiTs102941Data
* containing authorizationRequest
* containing sharedAtRequest
* containing eaId
Denis Filatov
committed
* indicating HashedId8 of CERT_EA certificate
Yann Garcia
committed
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v2.0.1 SECPKI_ITSS_AUTH_08_BV
* @reference ETSI TS 102 941 [2], clause 6.2.3.3.1
*/
testcase TC_SECPKI_ITSS_AUTH_08_BV() runs on ItsMtc system ItsPkiItssSystem {
// Local variables
var ItsPkiItss v_itss;
Denis Filatov
committed
var ItsPkiHttp v_aa;
Yann Garcia
committed
// Test control
if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_AUTHORIZATION) {
log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION required for executing the TC ***");
setverdict(inconc);
stop;
}
// Test component configuration
Denis Filatov
committed
f_cfMtcUp01(v_itss, v_aa);
Yann Garcia
committed
// Start component
Denis Filatov
committed
v_itss.start(f_TC_SECPKI_ITSS_AUTH_itss()); // force enrolment
v_aa.start(f_TC_SECPKI_ITSS_AUTH_pki_simple(-, null, null,
refers(f_TC_SECPKI_ITSS_AUTH_08_BV_pki_check_authRequest))
);
Yann Garcia
committed
// Synchronization
f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
// Cleanup
Denis Filatov
committed
f_cfMtcDown01(v_itss, v_aa);
Yann Garcia
committed
} // End of testcase TC_SECPKI_ITSS_AUTH_08_BV
group f_TC_SECPKI_ITSS_AUTH_08_BV {
Denis Filatov
committed
function f_TC_SECPKI_ITSS_AUTH_08_BV_pki_check_authRequest (inout SECPKI_ITSS_TestData p_data, in EtsiTs102941Data p_value) runs on ItsPkiHttp return boolean {
var template (present) EtsiTs102941Data mw :=
mw_etsiTs102941Data_authorization_request(
mw_innerAtRequest(
-,
-,
mw_shared_at_request(vc_eaHashedId8)
)
);
if(not match (p_value, mw)){
log("*** " & testcasename() & "_pki: FAIL: Invalid message received ***");
log(match(p_value, mw));
return false;
}
return true;
}
/*
Yann Garcia
committed
function f_TC_SECPKI_ITSS_AUTH_08_BV_pki() runs on ItsPkiHttp system ItsPkiItssSystem {
// Test component configuration
Denis Filatov
committed
var SECPKI_ITSS_TestData v_data;
Yann Garcia
committed
f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);
Denis Filatov
committed
f_TC_SECPKI_ITSS_AUTH_pki(v_data, null, null,
refers(f_TC_SECPKI_ITSS_AUTH_08_BV_pki_check_authRequest));
Yann Garcia
committed
f_cfHttpDown();
} // End of function f_TC_SECPKI_ITSS_AUTH_08_BV_pki
Denis Filatov
committed
*/
Yann Garcia
committed
4823
4824
4825
4826
4827
4828
4829
4830
4831
4832
4833
4834
4835
4836
4837
4838
4839
4840
4841
4842
4843
4844
4845
4846
4847
4848
4849
4850
4851
4852
4853
4854
4855
} // End of group f_TC_SECPKI_ITSS_AUTH_08_BV
/**
* @desc Check that ITS-S sends Authorization request with the certificateFormat equal to 1
* <pre>
* Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION
* Initial conditions:
* with {
* the IUT in 'enrolled' state
* and the AA in 'operational' state
* }
* Expected behaviour:
* ensure that {
* when {
* the IUT is triggered to request new Authorization Ticket (AT)
* }
* then {
* the IUT sends a EtsiTs103097Data to the AA
* containing EtsiTs102941Data
* containing authorizationRequest
* containing sharedAtRequest
* containing certificateFormat
* indicating 1
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v2.0.1 SECPKI_ITSS_AUTH_09_BV
* @reference ETSI TS 102 941 [2], clause 6.2.3.3.1
*/
testcase TC_SECPKI_ITSS_AUTH_09_BV() runs on ItsMtc system ItsPkiItssSystem {
// Local variables
var ItsPkiItss v_itss;
Denis Filatov
committed
var ItsPkiHttp v_aa;
Yann Garcia
committed
// Test control
if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_AUTHORIZATION) {
log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION required for executing the TC ***");
setverdict(inconc);
stop;
}
// Test component configuration
Denis Filatov
committed
f_cfMtcUp01(v_itss, v_aa);
Yann Garcia
committed
// Start component
Denis Filatov
committed
v_itss.start(f_TC_SECPKI_ITSS_AUTH_itss());
v_aa.start(f_TC_SECPKI_ITSS_AUTH_pki_simple(-, null, null,
refers(f_TC_SECPKI_ITSS_AUTH_09_BV_pki_check_authRequest))
);
Yann Garcia
committed
// Synchronization
f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
// Cleanup
Denis Filatov
committed
f_cfMtcDown01(v_itss, v_aa);
Yann Garcia
committed
} // End of testcase TC_SECPKI_ITSS_AUTH_09_BV
Yann Garcia
committed
group f_TC_SECPKI_ITSS_AUTH_09_BV {
Denis Filatov
committed
function f_TC_SECPKI_ITSS_AUTH_09_BV_pki_check_authRequest (inout SECPKI_ITSS_TestData p_data, in EtsiTs102941Data p_value) runs on ItsPkiHttp return boolean {
if(not match (p_value, mw_etsiTs102941Data_authorization_request)){
log("*** " & testcasename() & "_pki: FAIL: Invalid message received ***");
log(match(p_value, mw_etsiTs102941Data_authorization_request));
return false;
Yann Garcia
committed
}
Denis Filatov
committed
return true;
}
Yann Garcia
committed
4892
4893
4894
4895
4896
4897
4898
4899
4900
4901
4902
4903
4904
4905
4906
4907
4908
4909
4910
4911
4912
4913
4914
4915
4916
4917
4918
4919
4920
4921
4922
4923
4924
4925
} // End of group f_TC_SECPKI_ITSS_AUTH_09_BV
/**
* @desc Check that ITS-S sends Authorization request certificate attributes are properly set
* <pre>
* Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION
* Initial conditions:
* with {
* the IUT in 'enrolled' state
* and the AA in 'operational' state
* }
* Expected behaviour:
* ensure that {
* when {
* the IUT is triggered to request new Authorization Ticket (AT)
* }
* then {
* the IUT sends a EtsiTs103097Data to the AA
* containing EtsiTs102941Data
* containing authorizationRequest
* containing sharedAtRequest
* containing requestedSubjectAttributes
* containing appPermissions
* and not containing certIssuePermissions
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v2.0.1 SECPKI_ITSS_AUTH_10_BV
* @reference ETSI TS 102 941 [2], clause 6.2.3.3.1
*/
testcase TC_SECPKI_ITSS_AUTH_10_BV() runs on ItsMtc system ItsPkiItssSystem {
// Local variables
var ItsPkiItss v_itss;
Denis Filatov
committed
var ItsPkiHttp v_aa;
Yann Garcia
committed
// Test control
if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_AUTHORIZATION) {
log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION required for executing the TC ***");
setverdict(inconc);
stop;
}
// Test component configuration
Denis Filatov
committed
f_cfMtcUp01(v_itss, v_aa);
Yann Garcia
committed
// Start component
Denis Filatov
committed
v_itss.start(f_TC_SECPKI_ITSS_AUTH_itss());
v_aa.start(f_TC_SECPKI_ITSS_AUTH_pki_simple(-, null, null,
refers(f_TC_SECPKI_ITSS_AUTH_10_BV_pki_check_authRequest))
);
Yann Garcia
committed
// Synchronization
f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
// Cleanup
Denis Filatov
committed
f_cfMtcDown01(v_itss, v_aa);
Yann Garcia
committed
} // End of testcase TC_SECPKI_ITSS_AUTH_08_BV
group f_TC_SECPKI_ITSS_AUTH_10_BV {
Denis Filatov
committed
function f_TC_SECPKI_ITSS_AUTH_10_BV_pki_check_authRequest (inout SECPKI_ITSS_TestData p_data, in EtsiTs102941Data p_value) runs on ItsPkiHttp return boolean {
var template (present) EtsiTs102941Data mw :=
mw_etsiTs102941Data_authorization_request(
mw_innerAtRequest( -, -,
mw_shared_at_request( -, -,
mw_certificate_subject_attributes
)
)
);
if(not match (p_value, mw)){
log("*** " & testcasename() & "_pki: FAIL: Invalid message received ***");
log(match (p_value, mw));
return false;
}
return true;
}
/*
Yann Garcia
committed
function f_TC_SECPKI_ITSS_AUTH_10_BV_pki() runs on ItsPkiHttp system ItsPkiItssSystem {
// Test component configuration
Denis Filatov
committed
var SECPKI_ITSS_TestData v_data;
Yann Garcia
committed
f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);
Denis Filatov
committed
f_TC_SECPKI_ITSS_AUTH_pki(v_data, null, null,
refers(f_TC_SECPKI_ITSS_AUTH_10_BV_pki_check_authRequest));
Yann Garcia
committed
f_cfHttpDown();
} // End of function f_TC_SECPKI_ITSS_AUTH_10_BV_pki
Denis Filatov
committed
*/
} // End of group f_TC_SECPKI_ITSS_AUTH_10_BV
Yann Garcia
committed
Denis Filatov
committed
* @desc Check that ITS-S sends Authorization request containing EC signature calculated over the
* sharedATRequest using supported hash algorithm
* <pre>
* Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION
* Initial conditions:
* with {
* the IUT in 'enrolled' state
* and the AA in 'operational' state
* }
* Expected behaviour:
* ensure that {
* when {
* the IUT is triggered to request new Authorization Ticket (AT)
* }
* then {