Newer
Older
Yann Garcia
committed
6001
6002
6003
6004
6005
6006
6007
6008
6009
6010
6011
6012
6013
6014
6015
6016
6017
6018
6019
6020
6021
6022
6023
6024
6025
6026
6027
6028
6029
6030
6031
6032
6033
6034
6035
6036
6037
6038
6039
6040
6041
6042
6043
6044
6045
6046
6047
6048
6049
6050
6051
6052
6053
6054
6055
6056
6057
6058
6059
6060
6061
6062
6063
6064
6065
6066
6067
6068
6069
6070
6071
6072
6073
6074
6075
6076
6077
6078
6079
6080
6081
6082
6083
6084
6085
6086
6087
6088
6089
6090
6091
6092
6093
6094
f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
} else {
log("*** " & testcasename() & ": PASS: Repeatition request are different ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
}
// Postamble
// Process the next request
tc_ac.start;
alt {
[] a_await_at_http_response_from_iut(
mw_http_request(
mw_http_request_post(
PICS_HTTP_POST_URI_EC,
-,
mw_http_message_body_binary(
mw_binary_body_ieee1609dot2_data(
mw_enrolmentRequestMessage(
mw_encryptedData(
{ *, mw_recipientInfo_pskRecipInfo(vc_aaHashedId8), * },
mw_symmetricCiphertext_aes128ccm
)))))),
v_request
) {
var HttpMessage v_response;
var integer v_result;
var InnerAtRequest v_inner_at_request;
var InnerAtResponse v_inner_at_response;
tc_ac.stop;
// Verify IUT response
f_verify_http_at_request_from_iut_itss(v_request.request, v_headers, v_inner_ec_response.certificate, v_inner_at_request, v_inner_at_response, v_response, v_result);
// Send response
if (isvalue(v_response)) {
httpPort.send(v_response);
}
// Set verdict
if (v_result == 0) {
var octetstring v_msg;
var octetstring v_hashed_id8;
log("*** " & testcasename() & ": INFO: InnerEcRequest received ***");
v_msg := bit2oct(encvalue(v_inner_at_response.certificate));
if (ischosen(v_inner_at_response.certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaBrainpoolP384r1)) {
v_hashed_id8 := f_hashedId8FromSha384(f_hashWithSha384(v_msg));
} else {
v_hashed_id8 := f_hashedId8FromSha256(f_hashWithSha256(v_msg));
}
infoPort.send(InfoPortData : { hashed_id8 := v_hashed_id8, at_certificate := v_inner_at_response.certificate });
f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
} else {
log("*** " & testcasename() & ": INCONC: Failed to verify EA an EnrolmentRequestMessage ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout);
}
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout);
}
} // End of 'alt' statement
f_cfHttpDown();
} // End of function f_TC_SECPKI_ITSS_AUTH_REP_02_BV_pki
} // End of group f_TC_SECPKI_ITSS_AUTH_REP_02_BV
/**
* @desc Check that IUT stops sending the Authorization Request message if Authorization Response message has been received
* <pre>
* Pics Selection: PICS_SECPKI_AUTHORIZATION_RETRY
* Initial conditions: {
* the IUT being in the 'enrolled' state
* and the IUT has sent the Authorization Request more than 1 time
* }
* Expected behaviour:
* ensure that {
* when {
* the IUT receives an Authorization Response
* }
* then {
* the IUT stops sending Authorization Requests to AA
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 TP SECPKI_ITSS_AUTH_REP_03_BV
* @reference ETSI TS 103 601, clause 5.1.2
*/
testcase TC_SECPKI_ITSS_AUTH_REP_03_BV() runs on ItsMtc system ItsPkiItssSystem {
// Local variables
var ItsPkiItss v_itss;
var ItsPkiHttp v_ea;
// Test control
if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_AUTHORIZATION or not PICS_SECPKI_AUTHORIZATION_RETRY) {
Yann Garcia
committed
6096
6097
6098
6099
6100
6101
6102
6103
6104
6105
6106
6107
6108
6109
6110
6111
6112
6113
6114
6115
6116
6117
6118
6119
6120
6121
6122
6123
6124
6125
6126
6127
6128
6129
6130
6131
6132
6133
6134
6135
6136
6137
6138
6139
6140
6141
6142
6143
6144
6145
6146
6147
6148
6149
6150
6151
6152
6153
6154
6155
6156
6157
6158
6159
6160
6161
6162
6163
6164
6165
6166
6167
6168
6169
6170
6171
6172
6173
6174
6175
6176
6177
6178
6179
6180
6181
6182
6183
6184
6185
6186
6187
6188
6189
6190
6191
6192
6193
6194
6195
6196
6197
6198
6199
6200
6201
6202
6203
6204
6205
6206
6207
6208
6209
6210
6211
6212
6213
6214
6215
6216
6217
6218
6219
6220
6221
6222
6223
6224
6225
6226
6227
6228
6229
6230
6231
6232
6233
6234
6235
6236
6237
6238
6239
6240
6241
6242
6243
6244
6245
6246
6247
6248
6249
6250
6251
6252
6253
6254
6255
6256
6257
6258
6259
6260
6261
6262
6263
6264
6265
6266
6267
6268
6269
6270
6271
6272
6273
6274
6275
6276
6277
6278
6279
6280
6281
6282
6283
6284
6285
6286
6287
6288
6289
6290
6291
6292
6293
6294
6295
6296
6297
6298
6299
6300
6301
log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION required for executing the TC ***");
setverdict(inconc);
stop;
}
// Test component configuration
f_cfMtcUp01(v_itss, v_ea);
// Start component
v_itss.start(f_TC_SECPKI_ITSS_AUTH_REP_03_BV_itss());
v_ea.start(f_TC_SECPKI_ITSS_AUTH_REP_03_BV_pki());
// Synchronization
f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
// Cleanup
f_cfMtcDown01(v_itss, v_ea);
} // End of testcase TC_SECPKI_ITSS_AUTH_REP_03_BV
group f_TC_SECPKI_ITSS_AUTH_REP_03_BV {
function f_TC_SECPKI_ITSS_AUTH_REP_03_BV_itss() runs on ItsPkiItss system ItsPkiItssSystem {
// Local variables
var HashedId8 v_certificate_digest;
var EtsiTs103097Certificate v_certificate;
var InfoPortData v_info_port_data;
var boolean v_start_awaiting := false;
// Test component configuration
vc_hashedId8ToBeUsed := PX_IUT_DEFAULT_CERTIFICATE;
f_cfUp_itss();
// Test adapter configuration
// Preamble
// Initial state: No CAM shall be emitted
geoNetworkingPort.clear;
tc_noac.start;
alt {
[] geoNetworkingPort.receive {
log("No CA message expected");
f_selfOrClientSyncAndVerdict(c_prDone, e_error);
}
[] tc_noac.timeout {
f_sendUtTriggerEnrolmentRequestPrimitive();
log("*** " & testcasename() & "_itss: : INFO: No CA message received ***");
f_selfOrClientSyncAndVerdict(c_prDone, e_success);
}
} // End of 'alt' statement
// Test Body
f_sendUtTriggerAuthorizationRequestPrimitive();
tc_ac.start;
alt {
[v_start_awaiting == true] a_await_cam_with_current_cert(
v_info_port_data.at_certificate
) {
log("*** " & testcasename() & ": PASS: IUT started to send CA message using new AT certificate ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
}
[] geoNetworkingPort.receive {
log("*** " & testcasename() & ": FAIL: IUT started to send CA message using wrong AT certificate ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
}
[] infoPort.receive(InfoPortData:?) -> value v_info_port_data {
log("*** " & testcasename() & ": INFO: Received new AT certificate ***");
v_start_awaiting := true;
repeat;
}
[] tc_ac.timeout {
log("*** " & testcasename() & "_itss: : PASS: No CA message received ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_cfDown_itss();
} // End of function f_TC_SECPKI_ITSS_AUTH_REP_03_BV_itss
function f_TC_SECPKI_ITSS_AUTH_REP_03_BV_pki() runs on ItsPkiHttp system ItsPkiItssSystem {
// Local variable
var Headers v_headers;
var HttpMessage v_initial_request;
var HttpMessage v_request;
var InnerEcRequest v_inner_ec_request;
var InnerEcResponse v_inner_ec_response;
// Test component configuration
f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);
// Test adapter configuration
// Preamble
f_init_default_headers_list(-, "inner_at_response", v_headers);
if (PX_TRIGGER_EC_BEFORE_AT) {
f_await_ec_request_send_error_response(v_initial_request);
log("*** " & testcasename() & ": INFO: Reply with 400 Bad Request error message ***");
}
// Wait for the repetition
if (PX_TRIGGER_EC_BEFORE_AT) {
if (f_await_ec_request_send_response(v_inner_ec_request, v_inner_ec_response, v_request) == true) {
log("*** " & testcasename() & ": INFO: Enrolment succeed ***");
f_selfOrClientSyncAndVerdict(c_prDone, e_success);
} else {
log("*** " & testcasename() & ": INCONC: Enrolment failed ***");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
}
} else {
f_selfOrClientSyncAndVerdict(c_prDone, e_success);
}
// Test Body
tc_ac.start;
alt {
[] a_await_at_http_response_from_iut(
mw_http_request(
mw_http_request_post(
PICS_HTTP_POST_URI_EC,
-,
mw_http_message_body_binary(
mw_binary_body_ieee1609dot2_data(
mw_enrolmentRequestMessage(
mw_encryptedData(
{ *, mw_recipientInfo_pskRecipInfo(vc_aaHashedId8), * },
mw_symmetricCiphertext_aes128ccm
)))))),
v_request
) {
var HttpMessage v_response;
var integer v_result;
var InnerAtRequest v_inner_at_request;
var InnerAtResponse v_inner_at_response;
tc_ac.stop;
// Verify IUT response
if (f_verify_repeated_request(v_request, v_initial_request) == false) {
log("*** " & testcasename() & ": FAIL: Repeatition request are different ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
} else {
f_verify_http_at_request_from_iut_itss(v_request.request, v_headers, v_inner_ec_response.certificate, v_inner_at_request, v_inner_at_response, v_response, v_result);
// Send response
if (isvalue(v_response)) {
httpPort.send(v_response);
}
// Set verdict
if (v_result == 0) {
var octetstring v_msg;
var octetstring v_hashed_id8;
log("*** " & testcasename() & ": PASS: InnerEcRequest received ***");
v_msg := bit2oct(encvalue(v_inner_at_response.certificate));
if (ischosen(v_inner_at_response.certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaBrainpoolP384r1)) {
v_hashed_id8 := f_hashedId8FromSha384(f_hashWithSha384(v_msg));
} else {
v_hashed_id8 := f_hashedId8FromSha256(f_hashWithSha256(v_msg));
}
infoPort.send(InfoPortData : { hashed_id8 := v_hashed_id8, at_certificate := v_inner_at_response.certificate });
f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
} else {
log("*** " & testcasename() & ": FAIL: Failed to verify EA an EnrolmentRequestMessage ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
}
}
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_cfHttpDown();
} // End of function f_TC_SECPKI_ITSS_AUTH_REP_03_BV_pki
} // End of group f_TC_SECPKI_ITSS_AUTH_REP_03_BV
/**
* @desc Check that IUT stops sending the Authorization Request message if maximum number of retry has been reached
* <pre>
* Pics Selection: PICS_SECPKI_AUTHORIZATION_RETRY
* Initial conditions: {
* the IUT being in the 'enrolled' state
* and the IUT has sent the Authorization Request
* }
* Expected behaviour:
* ensure that {
* when {
* the IUT sent the PIXIT_AUTH_MAX_N1 Authorization Request messages
* }
* then {
* the IUT stops sending Authorization Requests
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 TP SECPKI_ITSS_AUTH_REP_04_BV
* @reference ETSI TS 103 601, clause 5.1.2
*/
testcase TC_SECPKI_ITSS_AUTH_REP_04_BV() runs on ItsMtc system ItsPkiItssSystem {
// Local variables
var ItsPkiItss v_itss;
var ItsPkiHttp v_ea;
// Test control
if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_AUTHORIZATION or not PICS_SECPKI_AUTHORIZATION_RETRY) {
Yann Garcia
committed
6303
6304
6305
6306
6307
6308
6309
6310
6311
6312
6313
6314
6315
6316
6317
6318
6319
6320
6321
6322
6323
6324
6325
6326
6327
6328
6329
6330
6331
6332
6333
6334
6335
6336
6337
6338
6339
6340
6341
6342
6343
6344
6345
6346
6347
6348
6349
6350
6351
6352
6353
6354
6355
6356
6357
6358
6359
6360
6361
6362
6363
6364
6365
6366
6367
6368
6369
6370
6371
6372
6373
6374
6375
6376
6377
6378
6379
6380
6381
6382
6383
6384
6385
6386
6387
6388
6389
6390
6391
6392
6393
6394
6395
6396
6397
6398
6399
6400
6401
6402
6403
6404
6405
6406
6407
6408
6409
6410
6411
6412
6413
6414
6415
6416
6417
6418
6419
6420
6421
6422
6423
6424
6425
6426
6427
6428
6429
6430
6431
6432
6433
6434
6435
6436
6437
6438
6439
6440
log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION required for executing the TC ***");
setverdict(inconc);
stop;
}
// Test component configuration
f_cfMtcUp01(v_itss, v_ea);
// Start component
v_itss.start(f_TC_SECPKI_ITSS_AUTH_REP_04_BV_itss());
v_ea.start(f_TC_SECPKI_ITSS_AUTH_REP_04_BV_pki());
// Synchronization
f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
// Cleanup
f_cfMtcDown01(v_itss, v_ea);
} // End of testcase TC_SECPKI_ITSS_AUTH_REP_04_BV
group f_TC_SECPKI_ITSS_AUTH_REP_04_BV {
function f_TC_SECPKI_ITSS_AUTH_REP_04_BV_itss() runs on ItsPkiItss system ItsPkiItssSystem {
// Local variables
var HashedId8 v_certificate_digest;
var EtsiTs103097Certificate v_certificate;
var InfoPortData v_info_port_data;
var boolean v_start_awaiting := false;
// Test component configuration
vc_hashedId8ToBeUsed := PX_IUT_DEFAULT_CERTIFICATE;
f_cfUp_itss();
// Test adapter configuration
// Preamble
// Initial state: No CAM shall be emitted
geoNetworkingPort.clear;
tc_noac.start;
alt {
[] geoNetworkingPort.receive {
log("No CA message expected");
f_selfOrClientSyncAndVerdict(c_prDone, e_error);
}
[] tc_noac.timeout {
f_sendUtTriggerEnrolmentRequestPrimitive();
log("*** " & testcasename() & "_itss: : INFO: No CA message received ***");
f_selfOrClientSyncAndVerdict(c_prDone, e_success);
}
} // End of 'alt' statement
// Test Body
geoNetworkingPort.clear;
tc_ac.start;
alt {
[] geoNetworkingPort.receive {
log("No CA message expected");
f_selfOrClientSyncAndVerdict(c_prDone, e_error);
}
[] tc_ac.timeout {
log("*** " & testcasename() & "_itss: : INFO: No CA message received ***");
f_selfOrClientSyncAndVerdict(c_prDone, e_success);
}
} // End of 'alt' statement
// Postamble
f_cfDown_itss();
} // End of function f_TC_SECPKI_ITSS_AUTH_REP_04_BV_itss
function f_TC_SECPKI_ITSS_AUTH_REP_04_BV_pki() runs on ItsPkiHttp system ItsPkiItssSystem {
// Local variable
var Headers v_headers;
var HttpMessage v_initial_request;
var HttpMessage v_request;
var InnerEcRequest v_inner_ec_request;
var InnerEcResponse v_inner_ec_response;
// Test component configuration
f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);
// Test adapter configuration
// Preamble
for (var integer v_i := 0; v_i < PX_AUTH_MAX_N1; v_i := v_i + 1) {
if (PX_TRIGGER_EC_BEFORE_AT) {
f_await_ec_request_send_error_response(v_initial_request);
log("*** " & testcasename() & ": INFO: Reply with 400 Bad Request error message ***");
}
f_selfOrClientSyncAndVerdict(c_prDone, e_success);
} // End of 'for' staement
// Do not expect any repetition
if (PX_TRIGGER_EC_BEFORE_AT) {
if (f_await_ec_request_send_response(v_inner_ec_request, v_inner_ec_response, v_request) == true) {
log("*** " & testcasename() & ": INFO: Enrolment not expected due to number of error ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
} else {
log("*** " & testcasename() & ": INCONC: No more enrolment request done ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
}
} else {
f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
}
// Postamble
f_cfHttpDown();
} // End of function f_TC_SECPKI_ITSS_AUTH_REP_04_BV_pki
} // End of group f_TC_SECPKI_ITSS_AUTH_REP_04_BV
/**
* @desc Check that IUT stops sending the Authorization Request message if timeout has been reached
* <pre>
* Pics Selection: PICS_SECPKI_AUTHORIZATION_RETRY
* Initial conditions: {
* the IUT being in the 'enrolled' state
* and the IUT has started sending the Authorization Request at the time T1
* }
* Expected behaviour:
* ensure that {
* when {
* the IUT local time is reached the T1 + PIXIT_AUTH_TIMEOUT_TH2
* }
* then {
* the IUT stops sending an Authorization Request messages
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 TP SECPKI_ITSS_AUTH_REP_05_BV
* @reference ETSI TS 103 601, clause 5.1.2
*/
testcase TC_SECPKI_ITSS_AUTH_REP_05_BV() runs on ItsMtc system ItsPkiItssSystem {
// Local variables
var ItsPkiItss v_itss;
var ItsPkiHttp v_ea;
// Test control
if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_AUTHORIZATION or not PICS_SECPKI_AUTHORIZATION_RETRY) {
Yann Garcia
committed
6442
6443
6444
6445
6446
6447
6448
6449
6450
6451
6452
6453
6454
6455
6456
6457
6458
6459
6460
6461
6462
6463
6464
6465
6466
6467
6468
6469
6470
6471
6472
6473
6474
6475
6476
6477
6478
6479
6480
6481
6482
6483
6484
6485
6486
6487
6488
6489
6490
6491
6492
log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION required for executing the TC ***");
setverdict(inconc);
stop;
}
// Test component configuration
f_cfMtcUp01(v_itss, v_ea);
// Start component
v_itss.start(f_TC_SECPKI_ITSS_AUTH_REP_05_BV_itss());
v_ea.start(f_TC_SECPKI_ITSS_AUTH_REP_05_BV_pki());
// Synchronization
f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
// Cleanup
f_cfMtcDown01(v_itss, v_ea);
}
group f_TC_SECPKI_ITSS_AUTH_REP_05_BV {
function f_TC_SECPKI_ITSS_AUTH_REP_05_BV_itss() runs on ItsPkiItss system ItsPkiItssSystem {
// Local variables
var HashedId8 v_certificate_digest;
var EtsiTs103097Certificate v_certificate;
var InfoPortData v_info_port_data;
var boolean v_start_awaiting := false;
// Test component configuration
vc_hashedId8ToBeUsed := PX_IUT_DEFAULT_CERTIFICATE;
f_cfUp_itss();
// Test adapter configuration
// Preamble
// Initial state: No CAM shall be emitted
geoNetworkingPort.clear;
tc_noac.start;
alt {
[] geoNetworkingPort.receive {
log("No CA message expected");
f_selfOrClientSyncAndVerdict(c_prDone, e_error);
}
[] tc_noac.timeout {
f_sendUtTriggerEnrolmentRequestPrimitive();
log("*** " & testcasename() & "_itss: : INFO: No CA message received ***");
f_selfOrClientSyncAndVerdict(c_prDone, e_success);
}
} // End of 'alt' statement
// Test Body
geoNetworkingPort.clear;
Yann Garcia
committed
tc_ac.start;
alt {
[] geoNetworkingPort.receive {
log("No CA message expected");
Yann Garcia
committed
f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
}
[] tc_ac.timeout {
log("*** " & testcasename() & "_itss: : INFO: No CA message received ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
Yann Garcia
committed
}
Yann Garcia
committed
// Postamble
f_cfDown_itss();
} // End of function f_TC_SECPKI_ITSS_AUTH_REP_05_BV_itss
function f_TC_SECPKI_ITSS_AUTH_REP_05_BV_pki() runs on ItsPkiHttp system ItsPkiItssSystem {
// Local variable
var Headers v_headers;
var HttpMessage v_request;
var HttpMessage v_at_request;
Yann Garcia
committed
6515
6516
6517
6518
6519
6520
6521
6522
6523
6524
6525
6526
6527
6528
6529
6530
6531
6532
6533
6534
6535
6536
6537
6538
6539
6540
6541
6542
6543
var InnerEcResponse v_inner_ec_response;
var InnerEcRequest v_inner_ec_request;
// Test component configuration
f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);
// Test adapter configuration
// Preamble
f_init_default_headers_list(-, "inner_at_response", v_headers);
if (PX_TRIGGER_EC_BEFORE_AT) {
f_await_ec_request_send_error_response(v_request);
log("*** " & testcasename() & ": INFO: Reply with 400 Bad Request error message ***");
} else {
f_selfOrClientSyncAndVerdict(c_prDone, e_success);
}
// Do not expect any repetition
if (PX_TRIGGER_EC_BEFORE_AT) {
if (f_await_ec_request_send_response(v_inner_ec_request, v_inner_ec_response, v_request) == true) {
log("*** " & testcasename() & ": INFO: Enrolment succeed ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
} else {
log("*** " & testcasename() & ": INCONC: Enrolment failed ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout);
}
}
// Test Body
tc_wait.start(PX_AT_REPETITION_TIMEOUT_TH2); // PX_AT_REPETITION_TIMEOUT
Yann Garcia
committed
alt {
[] a_await_at_http_request_from_iut(mw_http_at_request_generic, v_request) {
log("*** " & testcasename() & ": FAIL: AT repetition has been received after a ", tc_wait.read, " ***"); //fails in TC5
tc_wait.stop;
f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
}
[] tc_wait.timeout {
if (f_await_at_request_send_no_response(v_at_request) == true) {
log("*** " & testcasename() & ": FAIL: AT repetition was received ***");
Yann Garcia
committed
f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
} else {
log("*** " & testcasename() & ": PASS: AT repetition was not received ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
Yann Garcia
committed
}
}
Yann Garcia
committed
6561
6562
6563
6564
6565
6566
6567
6568
6569
6570
6571
6572
6573
6574
6575
6576
6577
6578
6579
6580
6581
6582
6583
6584
6585
6586
6587
6588
6589
6590
6591
6592
6593
6594
6595
6596
6597
6598
6599
6600
6601
6602
6603
6604
6605
6606
6607
6608
6609
6610
6611
6612
6613
6614
6615
6616
6617
6618
6619
6620
6621
6622
6623
6624
6625
6626
6627
6628
6629
6630
6631
6632
6633
6634
6635
6636
6637
6638
6639
6640
6641
6642
6643
6644
6645
6646
6647
6648
6649
6650
6651
6652
6653
6654
6655
6656
6657
6658
6659
6660
6661
6662
6663
6664
6665
6666
6667
6668
6669
6670
6671
6672
6673
6674
6675
6676
6677
6678
6679
6680
6681
6682
6683
6684
6685
6686
6687
6688
6689
6690
6691
6692
6693
6694
6695
6696
6697
6698
6699
6700
6701
6702
6703
6704
6705
6706
6707
6708
6709
6710
6711
6712
6713
6714
6715
6716
6717
6718
6719
6720
6721
6722
6723
6724
6725
6726
6727
6728
6729
6730
6731
6732
6733
6734
6735
6736
6737
6738
6739
6740
6741
6742
6743
6744
6745
6746
6747
6748
6749
6750
6751
6752
6753
6754
6755
6756
6757
6758
6759
6760
6761
6762
6763
6764
6765
6766
6767
6768
6769
6770
6771
6772
6773
6774
6775
6776
6777
6778
6779
6780
6781
6782
6783
6784
6785
6786
6787
6788
6789
6790
6791
6792
6793
6794
6795
6796
6797
6798
6799
6800
6801
6802
6803
6804
6805
6806
6807
6808
6809
6810
6811
6812
6813
6814
6815
6816
6817
6818
6819
6820
6821
6822
6823
6824
6825
6826
6827
6828
6829
6830
6831
6832
6833
6834
6835
6836
6837
6838
6839
6840
6841
6842
6843
6844
6845
6846
6847
6848
6849
6850
6851
6852
6853
6854
6855
6856
6857
6858
6859
6860
6861
6862
6863
6864
6865
6866
6867
6868
6869
6870
6871
6872
6873
6874
6875
6876
6877
6878
6879
6880
6881
6882
6883
6884
6885
6886
6887
6888
6889
6890
6891
6892
6893
6894
6895
6896
6897
6898
6899
6900
6901
6902
6903
6904
6905
6906
6907
6908
6909
6910
6911
6912
6913
6914
6915
6916
6917
6918
6919
6920
6921
6922
6923
6924
6925
6926
6927
6928
6929
6930
6931
6932
6933
6934
6935
6936
6937
6938
6939
6940
6941
6942
6943
6944
6945
6946
6947
6948
6949
6950
6951
6952
6953
6954
6955
6956
6957
6958
6959
6960
6961
6962
6963
6964
6965
6966
6967
6968
6969
6970
6971
6972
6973
6974
6975
6976
6977
6978
6979
6980
6981
6982
6983
6984
6985
6986
6987
6988
6989
6990
6991
6992
6993
6994
6995
6996
6997
6998
6999
7000
// Postamble
f_cfHttpDown();
} // End of function f_TC_SECPKI_ITSS_AUTH_REP_05_BV_pki
} // End of group f_TC_SECPKI_ITSS_AUTH_REP_05_BV
} // End of group itss_authorization_request_repetition
// ETSI TS 103 525-2 V2.0.2 (2023-07) Clause 5.2.3.4 Authorization using butterfly key expansion mechanism
group itss_authorization_request_bfk {
/**
* @desc Check that the ITS-S send the EtsiTs103097Data to the Enrollment Authority (EA) to request a batch of authorization tickets
Check that this message is encrypted and addressed to a single recipient.
* <pre>
* Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT and PICS_SEC_BFK_AUTH
* Initial conditions:
* with {
* the IUT being in the "initial state" and
* the EA in 'operational' state
* authorized with enrollment certificate CERT_IUT_A_EA
* }
* Expected behaviour:
* ensure that {
* when {
* the IUT is triggered to request a new batch of authorization tickets
* }
* then {
* the IUT sends a EtsiTs103097Data to the EA
* containing content.encryptedData
* containing recipients
* indicating size 1
* and containing the instance of RecipientInfo
* containing certRecipInfo
* containing recipientId
* indicating HashedId8 of the CERT_IUT_A_EA
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v2.0.1 SECPKI_ITSS_ENR_01_BV
* @reference ETSI TS 102 941 [1], clause 6.2.3.5.1
*/
testcase TC_SECPKI_ITSS_BFK_AUTH_01_BV() runs on ItsMtc system ItsPkiItssSystem {
// Local variables
var ItsPkiItss v_itss;
var ItsPkiHttp v_ea;
// Test control
if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_ENROLMENT or not PICS_SEC_BFK_AUTH) {
log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT or PICS_SEC_BFK_AUTH required for executing the TC ***");
setverdict(inconc);
stop;
}
// Test component configuration
f_cfMtcUp01(v_itss, v_ea);
// Start components
v_itss.start(f_TC_SECPKI_ITSS_BFK_AUTH_01_BV_itss());
v_ea.start(f_TC_SECPKI_ITSS_BFK_AUTH_01_BV_pki());
// Synchronization
f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
// Cleanup
f_cfMtcDown01(v_itss, v_ea);
} // End of testcase TC_SECPKI_ITSS_BFK_AUTH_01_BV
group f_TC_SECPKI_ITSS_BFK_AUTH_01_BV {
function f_TC_SECPKI_ITSS_BFK_AUTH_01_BV_itss() runs on ItsPkiItss system ItsPkiItssSystem {
// Local variables
var HashedId8 v_certificate_digest;
var EtsiTs103097Certificate v_certificate;
var InfoPortData v_info_port_data;
var boolean v_start_awaiting := false;
// Test component configuration
vc_hashedId8ToBeUsed := PX_IUT_DEFAULT_CERTIFICATE;
f_cfUp_itss();
// Test adapter configuration
// Preamble
// Initial state: No CAM shall be emitted
geoNetworkingPort.clear;
tc_noac.start;
alt {
[] geoNetworkingPort.receive {
log("No CA message expected");
f_selfOrClientSyncAndVerdict(c_prDone, e_error);
}
[] tc_noac.timeout {
f_sendUtTriggerEnrolmentRequestPrimitive();
tc_ac.start; // TDOD To refined, use altstep
alt {
[] utPort.receive(UtPkiTriggerInd: { state := 1 }) {
tc_ac.stop;
log("*** " & testcasename() & "_itss: INFO: IUT is in enrol state ***");
}
[] tc_ac.timeout {
log("*** " & testcasename() & "_itss: DBG: IUT state update not recieved ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout);
}
} // End of 'alt' statement
log("*** " & testcasename() & "_itss: : INFO: No CA message received ***");
f_selfOrClientSyncAndVerdict(c_prDone, e_success);
}
} // End of 'alt' statement
// Test Body
f_sendUtTriggerAuthorizationRequestPrimitive(); // TODO FSCOM Add BFK mode
tc_ac.start;
alt {
[v_start_awaiting == true] a_await_cam_with_current_cert(
v_info_port_data.at_certificate
) {
log("*** " & testcasename() & ": PASS: IUT started to send CA message using new AT certificate ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
}
[] geoNetworkingPort.receive {
log("*** " & testcasename() & ": FAIL: IUT started to send CA message using wrong AT certificate ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
}
[] infoPort.receive(InfoPortData:?) -> value v_info_port_data {
log("*** " & testcasename() & ": INFO: Received new AT certificate ***");
v_start_awaiting := true;
repeat;
}
[] tc_ac.timeout {
log("*** " & testcasename() & "_itss: : PASS: No CA message received ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_cfDown_itss();
} // End of function f_TC_SECPKI_ITSS_BFK_AUTH_01_BV_itss
function f_TC_SECPKI_ITSS_BFK_AUTH_01_BV_pki() runs on ItsPkiHttp system ItsPkiItssSystem {
// Local variable
var Headers v_headers;
var HttpMessage v_request;
var InnerEcResponse v_inner_ec_response;
var InnerEcRequest v_inner_ec_request;
// Test component configuration
f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);
// Test adapter configuration
// Preamble
if (f_await_ec_request_send_response(v_inner_ec_request, v_inner_ec_response, v_request) == true) {
log("*** " & testcasename() & ": INFO: Enrolment succeed ***");
f_selfOrClientSyncAndVerdict(c_prDone, e_success);
} else {
log("*** " & testcasename() & ": INCONC: Enrolment failed ***");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
}
// Test Body
tc_ac.start;
alt {
[] a_await_ec_http_request_from_iut(
mw_http_request(
mw_http_request_post(
PICS_HTTP_POST_URI_BFK_AUTH,
-,
mw_http_message_body_binary(
mw_binary_body_ieee1609dot2_data(
mw_enrolmentRequestMessage(
mw_encryptedData(
{ *, mw_recipientInfo_certRecipInfo(mw_pKRecipientInfo(vc_eaHashedId8)), * },
mw_symmetricCiphertext_aes128ccm
)))))),
v_request
) {
var HttpMessage v_response;
var integer v_result;
var EeRaCertRequest v_bfk_authorization_request;
var RaEeCertInfo v_bfk_authorization_response;
tc_ac.stop;
// Verify IUT response
f_verify_http_bfk_authorization_request(v_request.request, v_headers, v_inner_ec_response.certificate, v_bfk_authorization_request, v_bfk_authorization_response, v_response, v_result);
// Send response
if (isvalue(v_response)) {
httpPort.send(v_response);
} else { // Send HTTP error 500
f_send_500_Internal_Error(v_headers);
}
// Set verdict
if (v_result == 0) {
log("*** " & testcasename() & ": PASS: InnerEcRequest received ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
} else {
log("*** " & testcasename() & ": FAIL: Failed to verify EA an EnrolmentRequestMessage ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
}
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_cfHttpDown();
} // End of function f_TC_SECPKI_ITSS_BFK_AUTH_01_BV_pki
} // End of group f_TC_SECPKI_ITSS_BFK_AUTH_01_BV
/**
* @desc Check that the ButterflyAuthorizationRequestMessage is signed using the EC certificate
* <pre>
* Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT and PICS_SEC_BFK_AUTH
* Initial conditions:
* with {
* the IUT being in the 'enrolled' state
* with certificate CERT_EC
* issued by CA authorized with CERT_IUT_A_EA
* and the EA in 'operational' state
* authorized with enrollment certificate CERT_IUT_A_EA
* }
* Expected behaviour:
* ensure that {
* when {
* the IUT is triggered to request a new batch of authorization tickets
* }
* then {
* the IUT sends a EtsiTs103097Data to the EA
* containing content.encryptedData.cipherText
* containing encrypted representation of EtsiTs103097Data
* containing signedData
* containing tbsData
* containing psid
* indicating AID_PKI_CERT_REQUEST
* and containing generationTime
* and not containing any other field
* and containing payload.data
* indicating EtsiTs102941Data
* containing version
* indicating ‘1’
* and containing content
* containing butterflyAuthorizationRequest
* indicating EeRaCertRequest
* and containing signer
* containing digest
* indicating HashedId8 of the CERT_EC
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v2.0.1 SECPKI_ITSS_ENR_02_BV
* @reference ETSI TS 102 941 [1], clause 6.2.3.5.2
*/
testcase TC_SECPKI_ITSS_BFK_AUTH_02_BV() runs on ItsMtc system ItsPkiItssSystem {
// Local variables
var ItsPkiItss v_itss;
var ItsPkiHttp v_ea;
// Test control
if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_ENROLMENT or not PICS_SEC_BFK_AUTH) {
log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT or PICS_SEC_BFK_AUTH required for executing the TC ***");
setverdict(inconc);
stop;
}
// Test component configuration
f_cfMtcUp01(v_itss, v_ea);
// Start components
v_itss.start(f_TC_SECPKI_ITSS_BFK_AUTH_01_BV_itss());
v_ea.start(f_TC_SECPKI_ITSS_BFK_AUTH_01_BV_pki());
// Synchronization
f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
// Cleanup
f_cfMtcDown01(v_itss, v_ea);
} // End of testcase TC_SECPKI_ITSS_BFK_AUTH_02_BV
/**
* @desc Check that the ButterflyAuthorizationRequestMessage contains all required elements
* <pre>
* Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT and PICS_SEC_BFK_AUTH
* Initial conditions:
* with {
* the IUT being in the 'enrolled' state
* and the EA in 'operational' state
* }
* Expected behaviour:
* ensure that {
* when {
* the IUT is triggered to request a new batch of authorization tickets (AT)
* }
* then {
* the IUT sends to the EA a EtsiTs103097Data
* containing the EeRaCertRequest
* containing version
* indicating ‘2’
* and containing generationTime
* indicating current ITS timestamp
* and containing certificateType
* indicating ‘explicit”
* and containing tbsCert
* containing id
* indicating ‘none’
* and containing cracaId
* indicating ‘000000’H
* and containing crlSeries
* indicating ‘0’
* and containing additionalParams
* containing original
* or containing unified
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v2.0.1 SECPKI_ITSS_ENR_03_BV
* @reference ETSI TS 102 941 [1], clause 6.2.3.5.2
*/
testcase TC_SECPKI_ITSS_BFK_AUTH_03_BV() runs on ItsMtc system ItsPkiItssSystem {
// Local variables
var ItsPkiItss v_itss;
var ItsPkiHttp v_ea;
// Test control
if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_ENROLMENT or not PICS_SEC_BFK_AUTH) {
log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT or PICS_SEC_BFK_AUTH required for executing the TC ***");
setverdict(inconc);
stop;
}
// Test component configuration
f_cfMtcUp01(v_itss, v_ea);
// Start components
v_itss.start(f_TC_SECPKI_ITSS_BFK_AUTH_01_BV_itss());
v_ea.start(f_TC_SECPKI_ITSS_BFK_AUTH_01_BV_pki());
// Synchronization
f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
// Cleanup
f_cfMtcDown01(v_itss, v_ea);
} // End of testcase TC_SECPKI_ITSS_BFK_AUTH_04_BV
/**
* @desc Check that the ButterflyAuthorizationRequestMessage contains newlly generated caterpillar public key
* <pre>
* Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT and PICS_SEC_BFK_AUTH
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* and the IUT already sent one or more Butterfly Authorization Requests
* and the EA in 'operational' state
* }
* Expected behaviour:
* ensure that {
* when {
* the IUT is triggered to request a new batch of authorization tickets (AT)
* }
* then {
* the IUT sends to the EA a EtsiTs103097Data
* containing the EeRaCertRequest
* containing version
* indicating ‘2’
* and containing generationTime
* indicating current ITS timestamp
* and containing certificateType
* indicating ‘explicit”
* and containing tbsCert
* containing id
* indicating ‘none’
* and containing cracaId
* indicating ‘000000’H
* and containing crlSeries
* indicating ‘0’
* and containing additionalParams
* containing original
* or containing unified
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v2.0.1 SECPKI_ITSS_ENR_03_BV
* @reference ETSI TS 102 941 [1], clause 6.2.3.5.2
*/
testcase TC_SECPKI_ITSS_BFK_AUTH_04_BV() runs on ItsMtc system ItsPkiItssSystem {
// Local variables
var ItsPkiItss v_itss;
var ItsPkiHttp v_ea;
// Test control
if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_ENROLMENT or not PICS_SEC_BFK_AUTH) {
log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT or PICS_SEC_BFK_AUTH required for executing the TC ***");
setverdict(inconc);
stop;
}
// Test component configuration
f_cfMtcUp01(v_itss, v_ea);
// Start components
v_itss.start(f_TC_SECPKI_ITSS_BFK_AUTH_04_BV_itss());
v_ea.start(f_TC_SECPKI_ITSS_BFK_AUTH_04_BV_pki());
// Synchronization
f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
// Cleanup
f_cfMtcDown01(v_itss, v_ea);
} // End of testcase TC_SECPKI_ITSS_BFK_AUTH_04_BV
group f_TC_SECPKI_ITSS_BFK_AUTH_04_BV {
function f_TC_SECPKI_ITSS_BFK_AUTH_04_BV_itss() runs on ItsPkiItss system ItsPkiItssSystem {
// Local variables
var HashedId8 v_certificate_digest;
var EtsiTs103097Certificate v_certificate;
var InfoPortData v_info_port_data;
var boolean v_start_awaiting := false;
// Test component configuration
vc_hashedId8ToBeUsed := PX_IUT_DEFAULT_CERTIFICATE;
f_cfUp_itss();
// Test adapter configuration
// Preamble
// Initial state: No CAM shall be emitted
geoNetworkingPort.clear;