Newer
Older
3001
3002
3003
3004
3005
3006
3007
3008
3009
3010
3011
3012
3013
3014
3015
3016
3017
3018
3019
3020
3021
3022
3023
3024
3025
3026
3027
3028
3029
3030
3031
3032
3033
3034
3035
3036
3037
3038
3039
3040
3041
3042
3043
3044
3045
3046
3047
3048
3049
3050
3051
3052
3053
3054
3055
3056
3057
3058
3059
3060
3061
3062
3063
3064
3065
3066
3067
3068
3069
3070
3071
3072
3073
3074
3075
// Test control
if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_ENROLMENT or not PICS_SECPKI_ENROLLMENT_RETRY) {
log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLLMENT or PICS_SECPKI_ENROLMENT_RETRY required for executing the TC ***");
setverdict(inconc);
stop;
}
// Test component configuration
f_cfMtcUp01(v_itss, v_ea);
// Start component
v_itss.start(f_TC_SECPKI_ITSS_ENR_REP_04_BV_itss());
v_ea.start(f_TC_SECPKI_ITSS_ENR_REP_04_BV_pki());
// Synchronization
f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
// Cleanup
f_cfMtcDown01(v_itss, v_ea);
} // End of testcase TC_SECPKI_ITSS_ENR_REP_04_BV
group f_TC_SECPKI_ITSS_ENR_REP_04_BV {
function f_TC_SECPKI_ITSS_ENR_REP_04_BV_itss() runs on ItsPkiItss system ItsPkiItssSystem {
// Local variables
var HashedId8 v_certificate_digest;
var EtsiTs103097Certificate v_certificate;
// Test component configuration
vc_hashedId8ToBeUsed := PX_IUT_DEFAULT_CERTIFICATE;
f_cfUp_itss();
// Test adapter configuration
// Preamble
// Initial state: No CAM shall be emitted
geoNetworkingPort.clear;
tc_noac.start;
alt {
[] geoNetworkingPort.receive {
log("No CA message expected");
f_selfOrClientSyncAndVerdict(c_prDone, e_error);
}
[] tc_noac.timeout {
log("*** " & testcasename() & ": INFO: No CA message received ***");
f_selfOrClientSyncAndVerdict(c_prDone, e_success);
}
} // End of 'alt' statement
// Test Body
f_sendUtTriggerEnrolmentRequestPrimitive();
tc_noac.start;
alt {
[] geoNetworkingPort.receive {
log("No CA message expected");
f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
}
[] tc_noac.timeout {
log("*** " & testcasename() & ": PASS: Enrolment trigger sent succesfully ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
}
} // End of 'alt' statement
// Postamble
f_cfDown_itss();
} // End of function f_TC_SECPKI_ITSS_ENR_REP_04_BV_itss
function f_TC_SECPKI_ITSS_ENR_REP_04_BV_pki() runs on ItsPkiHttp system ItsPkiItssSystem {
// Local variable
var Headers v_headers;
var HttpMessage v_request;
var HttpMessage v_initial_request;
var InnerEcResponse v_inner_ec_response;
var InnerEcRequest v_inner_ec_request;
// Test component configuration
f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);
// Test adapter configuration
// Preamble
f_init_default_headers_list(-, "inner_ec_response", v_headers);
f_selfOrClientSyncAndVerdict(c_prDone, e_success);
// Test Body
for (var integer v_i := 0; v_i < PX_ENR_MAX_N1; v_i := v_i + 1) {
f_await_ec_request_send_error_response(v_initial_request);
log("*** " & testcasename() & ": INFO: Reply with 400 Bad Request error message ***");
} // End of 'for' staement
// Do not expect any repetition
if (f_await_ec_request_send_response(v_inner_ec_request, v_inner_ec_response, v_request) == true) {
3095
3096
3097
3098
3099
3100
3101
3102
3103
3104
3105
3106
3107
3108
3109
3110
3111
3112
3113
3114
3115
3116
3117
3118
3119
3120
3121
3122
3123
3124
3125
3126
3127
3128
3129
3130
3131
3132
3133
3134
3135
3136
3137
3138
3139
3140
3141
3142
3143
3144
3145
3146
3147
3148
3149
3150
3151
3152
3153
3154
3155
3156
3157
3158
3159
3160
3161
3162
3163
3164
3165
3166
3167
3168
3169
3170
3171
3172
3173
3174
3175
3176
3177
3178
3179
3180
3181
3182
3183
3184
3185
3186
3187
3188
3189
3190
3191
3192
3193
3194
3195
3196
3197
3198
3199
3200
3201
3202
3203
3204
3205
3206
3207
3208
3209
3210
3211
3212
3213
3214
3215
3216
3217
3218
3219
3220
3221
3222
3223
3224
3225
3226
3227
3228
3229
3230
3231
3232
3233
3234
3235
3236
3237
3238
3239
3240
3241
3242
3243
3244
3245
3246
3247
3248
3249
3250
3251
3252
3253
3254
3255
3256
3257
3258
3259
3260
3261
3262
3263
3264
3265
3266
3267
log("*** " & testcasename() & ": INFO: Enrolment not expected due to number of error ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
} else {
log("*** " & testcasename() & ": INCONC: No more enrolment request done ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
}
// Postamble
f_cfHttpDown();
} // End of function f_TC_SECPKI_ITSS_ENR_REP_04_BV_pki
} // End of group f_TC_SECPKI_ITSS_ENR_REP_04_BV
/**
* @desc Check that IUT stops sending the Enrollment Request message if timeout has been reached
* <pre>
* Pics Selection: PICS_SECPKI_ENROLLMENT_RETRY
* Initial conditions: {
* the IUT being in the 'initialized' state
* and the IUT has started sending the Enrollment Request at the time T1
* }
* Expected behaviour:
* ensure that {
* when {
* the IUT sent the PIXIT_ENR_TIMEOUT_TH2 Enrollment Request messages
* }
* then {
* the IUT stops sending an Enrollment Request messages
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 TP SECPKI_ITSS_ENR_REP_05_BV
* @reference ETSI TS 103 601, clause 5.1.2
*/
testcase TC_SECPKI_ITSS_ENR_REP_05_BV() runs on ItsMtc system ItsPkiItssSystem {
// Local variables
var ItsPkiItss v_itss;
var ItsPkiHttp v_ea;
// Test control
if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_ENROLMENT or not PICS_SECPKI_ENROLLMENT_RETRY) {
log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLLMENT or PICS_SECPKI_ENROLMENT_RETRY required for executing the TC ***");
setverdict(inconc);
stop;
}
// Test component configuration
f_cfMtcUp01(v_itss, v_ea);
// Start component
v_itss.start(f_TC_SECPKI_ITSS_ENR_REP_05_BV_itss());
v_ea.start(f_TC_SECPKI_ITSS_ENR_REP_05_BV_pki());
// Synchronization
f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
// Cleanup
f_cfMtcDown01(v_itss, v_ea);
} // End of testcase TC_SECPKI_ITSS_ENR_REP_05_BV
group f_TC_SECPKI_ITSS_ENR_REP_05_BV {
function f_TC_SECPKI_ITSS_ENR_REP_05_BV_itss() runs on ItsPkiItss system ItsPkiItssSystem {
// Local variables
var HashedId8 v_certificate_digest;
var EtsiTs103097Certificate v_certificate;
// Test component configuration
vc_hashedId8ToBeUsed := PX_IUT_DEFAULT_CERTIFICATE;
f_cfUp_itss();
// Test adapter configuration
// Preamble
// Initial state: No CAM shall be emitted
geoNetworkingPort.clear;
tc_noac.start;
alt {
[] geoNetworkingPort.receive {
log("No CA message expected");
f_selfOrClientSyncAndVerdict(c_prDone, e_error);
}
[] tc_noac.timeout {
log("*** " & testcasename() & ": INFO: No CA message received ***");
f_selfOrClientSyncAndVerdict(c_prDone, e_success);
}
} // End of 'alt' statement
// Test Body
f_sendUtTriggerEnrolmentRequestPrimitive();
tc_noac.start;
alt {
[] geoNetworkingPort.receive {
log("No CA message expected");
f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
}
[] tc_noac.timeout {
log("*** " & testcasename() & ": PASS: Enrolment trigger sent succesfully ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
}
} // End of 'alt' statement
// Postamble
f_cfDown_itss();
} // End of function f_TC_SECPKI_ITSS_ENR_REP_05_BV_itss
function f_TC_SECPKI_ITSS_ENR_REP_05_BV_pki() runs on ItsPkiHttp system ItsPkiItssSystem {
// Local variable
var Headers v_headers;
var HttpMessage v_request;
var HttpMessage v_initial_request;
// Test component configuration
f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);
// Test adapter configuration
// Preamble
f_init_default_headers_list(-, "inner_ec_response", v_headers);
f_selfOrClientSyncAndVerdict(c_prDone, e_success);
// Test Body
tc_ac.start(PX_TAC * 1.1); // PIXIT_ENR_TIMEOUT_TH2 = PX_TAC * 1.1
alt {
[] a_await_ec_http_request_from_iut(
mw_http_request(
mw_http_request_post(
PICS_HTTP_POST_URI_EC,
-,
mw_http_message_body_binary(
mw_binary_body_ieee1609dot2_data(
mw_enrolmentRequestMessage(
mw_encryptedData(
{ *, mw_recipientInfo_certRecipInfo(mw_pKRecipientInfo(vc_eaHashedId8)), * },
mw_symmetricCiphertext_aes128ccm
)))))),
v_request
) {
var HttpMessage v_response;
var integer v_result;
var InnerEcRequest v_inner_ec_request;
var InnerEcResponse v_inner_ec_response;
tc_ac.stop;
// Verify IUT response
if (f_verify_repeated_request(v_request, v_initial_request) == false) {
log("*** " & testcasename() & ": FAIL: Repetition request are different ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
} else {
f_verify_http_ec_request_from_iut_itss(v_request.request, v_headers, v_inner_ec_request, v_inner_ec_response, v_response, v_result);
// Send response
if (isvalue(v_response)) {
httpPort.send(v_response);
} else { // Send HTTP error 500
f_send_500_Internal_Error(v_headers);
}
// Set verdict
if (v_result == 0) {
log("*** " & testcasename() & ": PASS: InnerEcRequest received ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
} else {
log("*** " & testcasename() & ": FAIL: Failed to verify EA an EnrolmentRequestMessage ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
}
}
}
[] tc_ac.timeout {
// Do not expect any repetition
var InnerEcResponse v_inner_ec_response;
var InnerEcRequest v_inner_ec_request;
if (f_await_ec_request_send_response(v_inner_ec_request, v_inner_ec_response, v_request) == true) {
log("*** " & testcasename() & ": INFO: Enrolment not expected due to timeout ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
} else {
log("*** " & testcasename() & ": INCONC: No more enrolment request done ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
}
}
} // End of 'alt' statement
// Postamble
f_cfHttpDown();
} // End of function f_TC_SECPKI_ITSS_ENR_REP_05_BV_pki
} // End of group f_TC_SECPKI_ITSS_ENR_REP_05_BV
} // End of group itss_enrollment_request_repetition
// ETSI TS 103 525-2 V2.0.2 (2023-07) Clause 5.2.3.1 Authorization request
/**
* @desc Check that the ITS-S send the Authorization HttpRequest message to the Authorization Authority (AA) to request an authorization ticket.
* <pre>
* Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION
* Initial conditions:
* with {
* the IUT being in the "operational state"
* }
* Expected behaviour:
* ensure that {
* when {
* the IUT is triggered to requested a new Authorization Ticket (AT)
* }
* then {
* the IUT sends EtsiTs103097Data to the AA
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v2.0.1 SECPKI_ITSS_AUTH_01_BV
* @reference ETSI TS 102 941 [2], clause 6.2.3.3.0
*/
testcase TC_SECPKI_ITSS_AUTH_01_BV() runs on ItsMtc system ItsPkiItssSystem {
// Local variables
var ItsPkiItss v_itss;
var ItsPkiHttp v_ea;
// Test control
if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_AUTHORIZATION) {
log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION required for executing the TC ***");
setverdict(inconc);
stop;
}
// Test component configuration
f_cfMtcUp01(v_itss, v_ea);
// Start component
v_itss.start(f_TC_SECPKI_ITSS_AUTH_01_BV_itss());
v_ea.start(f_TC_SECPKI_ITSS_AUTH_01_BV_pki());
// Synchronization
f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
function f_TC_SECPKI_ITSS_AUTH_01_BV_itss() runs on ItsPkiItss system ItsPkiItssSystem {
// Local variables
var HashedId8 v_certificate_digest;
var EtsiTs103097Certificate v_certificate;
var InfoPortData v_info_port_data;
var boolean v_start_awaiting := false;
// vc_hashedId8ToBeUsed := PX_IUT_DEFAULT_CERTIFICATE;
vc_hashedId8ToBeUsed := "";
YannGarcia
committed
geoNetworkingPort.clear;
YannGarcia
committed
alt {
[] geoNetworkingPort.receive {
log("No CA message expected");
f_selfOrClientSyncAndVerdict(c_prDone, e_error);
YannGarcia
committed
}
log("*** " & testcasename() & "_itss: : INFO: No CA message received ***");
if(PX_TRIGGER_EC_BEFORE_AT){
tc_ac.start; // TDOD To refined, use altstep
alt {
[] utPort.receive(UtPkiTriggerInd: { state := 1 }) {
tc_ac.stop;
log("*** " & testcasename() & "_itss: INFO: IUT is in enrol state ***");
}
[LibItsPki_Pics.PICS_UT_STATE_INDICATION] tc_ac.timeout {
log("*** " & testcasename() & "_itss: DBG: IUT state update not recieved ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout);
}
[not(LibItsPki_Pics.PICS_UT_STATE_INDICATION)] tc_ac.timeout {
log("*** " & testcasename() & "_itss: DBG: IUT doesn't support state indication. Assume it was well done.***");
}
}else{
log("*** " & testcasename() & "_itss: DBG: Assume IUT already in enrolled state.***");
}
f_selfOrClientSyncAndVerdict(c_prDone, e_success);
}
} // End of 'alt' statement
// Test Body
f_sendUtTriggerAuthorizationRequestPrimitive();
tc_ac.start;
alt {
[v_start_awaiting == true] a_await_cam_with_current_cert(
v_info_port_data.at_certificate
) {
log("*** " & testcasename() & ": PASS: IUT started to send CA message using new AT certificate ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
}
[] geoNetworkingPort.receive {
log("*** " & testcasename() & ": FAIL: IUT started to send CA message using wrong AT certificate ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
}
[] infoPort.receive(InfoPortData:?) -> value v_info_port_data {
log("*** " & testcasename() & ": INFO: Received new AT certificate ***");
v_start_awaiting := true;
repeat;
}
[] tc_ac.timeout {
log("*** " & testcasename() & "_itss: : PASS: No CA message received ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_cfDown_itss();
} // End of function f_TC_SECPKI_ITSS_AUTH_01_BV_itss
function f_TC_SECPKI_ITSS_AUTH_01_BV_pki() runs on ItsPkiHttp system ItsPkiItssSystem {
// Local variable
var Headers v_headers;
var HttpMessage v_request;
var InnerEcRequest v_inner_ec_request;
var template (omit) EtsiTs103097Certificate v_ec_cert := omit;
// Test component configuration
f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);
f_init_default_headers_list(-, "inner_at_response", v_headers);
if (f_await_ec_request_send_response(v_inner_ec_request, v_inner_ec_response, v_request) == true) {
v_ec_cert := v_inner_ec_response.certificate;
log("*** " & testcasename() & ": INFO: Enrolment succeed ***");
f_selfOrClientSyncAndVerdict(c_prDone, e_success);
} else {
log("*** " & testcasename() & ": INCONC: Enrolment failed ***");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
}
} else {
// f_readCertificate(PICS_IUT_EC_CERTIFICATE_ID, v_inner_ec_response.certificate);
// v_ec_cert := omit;
[] a_await_at_http_request_from_iut(
mw_http_request(
mw_http_request_post(
PICS_HTTP_POST_URI_AT,
-,
mw_http_message_body_binary(
mw_binary_body_ieee1609dot2_data(
mw_enrolmentRequestMessage(
mw_encryptedData(
{ *, mw_recipientInfo_certRecipInfo(mw_pKRecipientInfo(vc_aaHashedId8)), * },
mw_symmetricCiphertext_aes128ccm
var HttpMessage v_response;
var integer v_result;
var InnerAtRequest v_inner_at_request;
var InnerAtResponse v_inner_at_response;
f_verify_http_at_request_from_iut_itss(v_request.request, v_headers, v_ec_cert, v_inner_at_request, v_inner_at_response, v_response, v_result);
log("f_TC_SECPKI_ITSS_AUTH_01_BV_pki: v_result: ", v_result);
log("f_TC_SECPKI_ITSS_AUTH_01_BV_pki: v_response: ", v_response);
// Send response
if (isvalue(v_response)) {
httpPort.send(v_response);
}
// Set verdict
if (v_result == 0) {
var octetstring v_msg;
var octetstring v_hashed_id8;
log("*** " & testcasename() & ": PASS: InnerAtResponse received ***");
v_msg := bit2oct(encvalue(v_inner_at_response.certificate));
if (ischosen(v_inner_at_response.certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaBrainpoolP384r1)) {
v_hashed_id8 := f_hashedId8FromSha384(f_hashWithSha384(v_msg));
} else {
v_hashed_id8 := f_hashedId8FromSha256(f_hashWithSha256(v_msg));
}
infoPort.send(InfoPortData : { hashed_id8 := v_hashed_id8, at_certificate := v_inner_at_response.certificate });
f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
} else {
log("*** " & testcasename() & ": FAIL: Failed to verify EA an EnrolmentRequestMessage ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
}
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_cfHttpDown();
} // End of function f_TC_SECPKI_ITSS_AUTH_01_BV_pki
3512
3513
3514
3515
3516
3517
3518
3519
3520
3521
3522
3523
3524
3525
3526
3527
3528
3529
3530
3531
3532
3533
3534
3535
3536
3537
/**
* @desc Check that the AuthorizationRequest message is encrypted and sent to only one Authorization Authority.
* <pre>
* Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION
* Initial conditions:
* with {
* the IUT being in the "operational state"
* authorized with CERT_AA certificate
* }
* Expected behaviour:
* ensure that {
* when {
* the IUT is triggered to requested a new Authorization Ticket (AT)
* }
* then {
* the IUT sends EtsiTs103097Data to the AA
* containing content.encryptedData.recipients
* indicating size 1
* and containing the instance of RecipientInfo
* containing certRecipInfo
* containing recipientId
* indicating HashedId8 of the CERT_AA
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v2.0.1 SECPKI_ITSS_AUTH_02_BV
* @reference ETSI TS 102 941 [2], clause 6.2.3.3.1
*/
testcase TC_SECPKI_ITSS_AUTH_02_BV() runs on ItsMtc system ItsPkiItssSystem {
// Local variables
var ItsPkiItss v_itss;
var ItsPkiHttp v_ea;
// Test control
if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_AUTHORIZATION) {
log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION required for executing the TC ***");
setverdict(inconc);
stop;
}
// Test component configuration
f_cfMtcUp01(v_itss, v_ea);
// Start component
v_itss.start(f_TC_SECPKI_ITSS_AUTH_01_BV_itss());
v_ea.start(f_TC_SECPKI_ITSS_AUTH_01_BV_pki());
// Synchronization
f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
3568
3569
3570
3571
3572
3573
3574
3575
3576
3577
3578
3579
3580
3581
3582
3583
3584
3585
3586
3587
3588
3589
3590
3591
3592
/**
* @desc Check that the AuthorizationRequest message is encrypted using the encryptionKey found in the AA certificate referenced in recipientId.
* <pre>
* Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION
* Initial conditions:
* with {
* the IUT being in the "operational state"
* authorized with AA certificate
* containing encryptionKey (AA_ENC_PUB_KEY)
* }
* Expected behaviour:
* ensure that {
* when {
* the IUT is triggered to requested a new Authorization Ticket (AT)
* }
* then {
* the IUT sends EtsiTs103097Data to the AA
* containing content.encryptedData
* containing ciphertext
* containing data
* encrypted using AA_ENC_PUB_KEY
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v2.0.1 SECPKI_ITSS_AUTH_03_BV
* @reference ETSI TS 102 941 [2], clause 6.2.3.3.1
*/
testcase TC_SECPKI_ITSS_AUTH_03_BV() runs on ItsMtc system ItsPkiItssSystem {
// Local variables
var ItsPkiItss v_itss;
var ItsPkiHttp v_ea;
// Test control
if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_AUTHORIZATION) {
log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION required for executing the TC ***");
setverdict(inconc);
stop;
}
// Test component configuration
f_cfMtcUp01(v_itss, v_ea);
// Start component
v_itss.start(f_TC_SECPKI_ITSS_AUTH_01_BV_itss());
v_ea.start(f_TC_SECPKI_ITSS_AUTH_01_BV_pki());
// Synchronization
f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
/**
* @desc Check that the AuthorizationRequest message is never reused the same encryption key and nonce.
* <pre>
* Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION
* Initial conditions:
* with {
* the IUT being in the "operational state"
* }
* Expected behaviour:
* ensure that {
* when {
* the IUT is triggered to requested a new Authorization Ticket (AT)
* }
* then {
* the IUT sends EtsiTs103097Data to the AA
* containing content.encryptedData
* containing ciphertext.aes128Ccm.nonce
* indicating value not equal to the nonce in N previous messages
* and containing recipients[0].certRecipInfo.encKey
* containing encrypted symmetric key (S_KEY)
* indicating symmetric key not equal to the key was used in N previous messages
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v2.0.1 SECPKI_ITSS_AUTH_04_BV
* @reference ETSI TS 102 941 [2], clause 6.2.3.3.1
*/
testcase TC_SECPKI_ITSS_AUTH_04_BV() runs on ItsMtc system ItsPkiItssSystem {
// Local variables
var ItsPkiItss v_itss;
var ItsPkiHttp v_ea;
// Test control
if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_AUTHORIZATION) {
log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION required for executing the TC ***");
setverdict(inconc);
stop;
}
// Test component configuration
f_cfMtcUp01(v_itss, v_ea);
// Start component
v_itss.start(f_TC_SECPKI_ITSS_AUTH_04_BV_itss());
v_ea.start(f_TC_SECPKI_ITSS_AUTH_04_BV_pki());
// Synchronization
f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
function f_TC_SECPKI_ITSS_AUTH_04_BV_itss() runs on ItsPkiItss system ItsPkiItssSystem {
// Local variables
var HashedId8 v_certificate_digest := int2oct(0, 8);
var EtsiTs103097Certificate v_certificate;
3690
3691
3692
3693
3694
3695
3696
3697
3698
3699
3700
3701
3702
3703
3704
3705
3706
3707
3708
3709
3710
3711
3712
3713
3714
// Preamble
// First enrolment
geoNetworkingPort.clear;
tc_ac.start;
alt {
[] a_await_cam_with_current_cert(v_certificate) {
tc_ac.stop;
if (PX_TRIGGER_EC_BEFORE_AT) {
f_sendUtTriggerEnrolmentRequestPrimitive();
f_selfOrClientSyncAndVerdict(c_prDone, e_success);
}
}
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mw_etsiTs103097Data_signed
))) {
repeat;
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected CA message not received ***");
f_selfOrClientSyncAndVerdict(c_prDone, e_timeout);
}
} // End of 'alt' statement
// Test Body
// N authorization
for (var integer v_i := 0; v_i < PX_RE_AUTHORIZATION_COUNTER; v_i := v_i + 1) {
f_sendUtTriggerAuthorizationRequestPrimitive();
f_sleep(PX_RE_AUTHORIZATION_DELAY);
} // End of 'for' statement
log("*** " & testcasename() & ": PASS: Enrolment trigger sent succesfully ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
// Postamble
f_cfDown_itss();
} // End of function f_TC_SECPKI_ITSS_AUTH_04_BV_itss
function f_TC_SECPKI_ITSS_AUTH_04_BV_pki() runs on ItsPkiHttp system ItsPkiItssSystem {
// Local variable
var integer v_counter := 0;
var Headers v_headers;
var HttpMessage v_request;
var HttpMessage v_response;
var InnerAtRequest v_inner_at_request;
var ListOfPublicVerificationKey v_generated_keys;
var integer v_result;
// Preamble
/*f_init_default_headers_list(-, "inner_at_response", v_headers);
// Wait for the first enrolment response
tc_ac.start;
alt {
[] a_await_at_http_response_from_iut(
mw_http_request(
mw_http_request_post(
PICS_HTTP_POST_URI_EC,
-,
mw_http_message_body_binary(
mw_binary_body_ieee1609dot2_data(
mw_enrolmentRequestMessage(
mw_encryptedData(
{ *, mw_recipientInfo_pskRecipInfo(vc_aaHashedId8), * },
mw_symmetricCiphertext_aes128ccm
)))))),
v_request
) {
tc_ac.stop;
// Verify IUT response
f_verify_http_at_request_from_iut_itss(v_request.request, v_request.headers, v_inner_at_request, v_response, v_result);
// Send response
if (isvalue(v_response)) {
httpPort.send(v_response);
}
// Set verdict
if (v_result == 0) {
v_generated_keys[v_counter] := v_inner_at_request.publicKeys.verificationKey;
v_counter := v_counter + 1;
f_selfOrClientSyncAndVerdictTestBody(c_prDone, e_success);
} else {
log("*** " & testcasename() & ": FAIL: Failed to verify EA an EnrolmentRequestMessage ***");
f_selfOrClientSyncAndVerdict(c_prDone, e_error);
}
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdict(c_prDone, e_timeout);
}
} // End of 'alt' statement
// Test Body
tc_ac.start;
alt {
[] a_await_at_http_response_from_iut(
mw_http_request(
mw_http_request_post(
PICS_HTTP_POST_URI_AT,
-,
mw_http_message_body_binary(
mw_binary_body_ieee1609dot2_data(
mw_enrolmentRequestMessage(
mw_encryptedData(
{ *, mw_recipientInfo_pskRecipInfo(vc_aaHashedId8), * },
mw_symmetricCiphertext_aes128ccm
)))))),
v_request
) {
tc_ac.stop;
// Verify IUT response
f_verify_http_at_request_from_iut_itss(v_request.request, v_request.headers, v_inner_at_request, v_response, v_result);
3808
3809
3810
3811
3812
3813
3814
3815
3816
3817
3818
3819
3820
3821
3822
3823
3824
3825
3826
3827
3828
3829
3830
3831
3832
3833
3834
3835
3836
3837
3838
3839
3840
3841
// Send response
if (isvalue(v_response)) {
httpPort.send(v_response);
}
// Set verdict
if (v_result == 0) {
log("*** " & testcasename() & ": LOG: ", match(v_generated_keys, superset(v_inner_at_request.publicKeys.verificationKey)), "***");
if (match(v_generated_keys, superset(v_inner_at_request.publicKeys.verificationKey))) {
v_generated_keys[v_counter] := v_inner_at_request.publicKeys.verificationKey;
v_counter := v_counter + 1;
f_selfOrClientSyncAndVerdictTestBody(c_prDone, e_success);
} else {
log("*** " & testcasename() & ": FAIL: Duplication of generated public keys ***");
f_selfOrClientSyncAndVerdict(c_prDone, e_error);
}
} else {
log("*** " & testcasename() & ": FAIL: Failed to verify EA an EnrolmentRequestMessage ***");
f_selfOrClientSyncAndVerdict(c_prDone, e_error);
}
}
[] tc_ac.timeout {
if (v_counter == PX_RE_AUTHORIZATION_COUNTER) {
log("*** " & testcasename() & ": PASS: InnerAtRequest received with different key pairs ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
} else {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout);
}
}
} // End of 'alt' statement
*/
// Postamble
f_cfHttpDown();
} // End of function f_TC_SECPKI_ITSS_AUTH_04_BV_pki
YannGarcia
committed
3846
3847
3848
3849
3850
3851
3852
3853
3854
3855
3856
3857
3858
3859
3860
3861
3862
3863
3864
3865
3866
3867
* @desc Check that the Authozation request protocol version is set to 1.
* <pre>
* Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION
* Initial conditions:
* with {
* the IUT being in the "operational state"
* }
* Expected behaviour:
* ensure that {
* when {
* the IUT is triggered to requested a new Authorization Ticket (AT)
* }
* then {
* the IUT sends EtsiTs103097Data to the AA
* containing version
* indicating value 1
* and containing content
* containing autihorizationRequest
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v2.0.1 SECPKI_ITSS_AUTH_05_BV
YannGarcia
committed
* @reference ETSI TS 102 941 [2], clause 6.2.3.3.1
*/
testcase TC_SECPKI_ITSS_AUTH_05_BV() runs on ItsMtc system ItsPkiItssSystem {
// Local variables
var ItsPkiItss v_itss;
var ItsPkiHttp v_ea;
YannGarcia
committed
// Test control
if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_AUTHORIZATION) {
log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION required for executing the TC ***");
setverdict(inconc);
stop;
}
YannGarcia
committed
// Test component configuration
f_cfMtcUp01(v_itss, v_ea);
YannGarcia
committed
// Start component
v_itss.start(f_TC_SECPKI_ITSS_AUTH_01_BV_itss());
v_ea.start(f_TC_SECPKI_ITSS_AUTH_01_BV_pki());
YannGarcia
committed
// Synchronization
f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
YannGarcia
committed
// Cleanup
f_cfMtcDown01(v_itss, v_ea);
YannGarcia
committed
} // End of testcase TC_SECPKI_ITSS_AUTH_05_BV
// TODO Missing TPs TC_SECPKI_ITSS_AUTH_06..19
YannGarcia
committed
} // End of group itss_authorization_request
// ETSI TS 103 525-2 V2.0.2 (2023-07) Clause 5.2.3.2 Authorization response handling
YannGarcia
committed
group itss_authorization_response {
// Void
} // End of group itss_authorization_response
// ETSI TS 103 525-2 V2.0.2 (2023-07) Clause 5.2.3.3 Authorization request repetition
YannGarcia
committed
3908
3909
3910
3911
3912
3913
3914
3915
3916
3917
3918
3919
3920
3921
3922
3923
3924
3925
3926
3927
3928
3929
3930
3931
3932
3933
3934
3935
3936
group itss_authorization_request_repetition {
/**
* @desc Check that IUT repeats an authorization request when response has not been received
* <pre>
* Pics Selection: PICS_SECPKI_AUTHORIZATION_RETRY
* Initial conditions: {
* the IUT being in the 'enrolled' state
* and the IUT already sent the Authorization Request at the time T1
* and the IUT has not yet received the Authorization Response
* }
* Expected behaviour:
* ensure that {
* when {
* the IUT local time is reached the T1 + PIXIT_AUTH_TIMEOUT_TH1
* }
* then {
* the IUT sends to EA an AuthorizationRequestMessage
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 TP SECPKI_ITSS_AUTH_REP_01_BV
* @reference ETSI TS 103 601, clause 5.2
*/
testcase TC_SECPKI_ITSS_AUTH_REP_01_BV() runs on ItsMtc system ItsPkiItssSystem {
// Local variables
var ItsPkiItss v_itss;
var ItsPkiHttp v_ea;
YannGarcia
committed
// Test control
if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_AUTHORIZATION) {
log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION required for executing the TC ***");
setverdict(inconc);
stop;
}
YannGarcia
committed
// Test component configuration
f_cfMtcUp01(v_itss, v_ea);
YannGarcia
committed
// Start component
v_itss.start(f_TC_SECPKI_ITSS_AUTH_REP_01_BV_itss());
v_ea.start(f_TC_SECPKI_ITSS_AUTH_REP_01_BV_pki());
YannGarcia
committed
// Synchronization
f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
YannGarcia
committed
// Cleanup
f_cfMtcDown01(v_itss, v_ea);
YannGarcia
committed
} // End of testcase TC_SECPKI_ITSS_AUTH_REP_01_BV
YannGarcia
committed
group f_TC_SECPKI_ITSS_AUTH_REP_01_BV {
YannGarcia
committed
function f_TC_SECPKI_ITSS_AUTH_REP_01_BV_itss() runs on ItsPkiItss system ItsPkiItssSystem {
// Local variables
var HashedId8 v_certificate_digest;
var EtsiTs103097Certificate v_certificate;
var InfoPortData v_info_port_data;
var boolean v_start_awaiting := false;
YannGarcia
committed
// Test component configuration
vc_hashedId8ToBeUsed := PX_IUT_DEFAULT_CERTIFICATE;
f_cfUp_itss();
YannGarcia
committed
// Test adapter configuration
YannGarcia
committed
// Preamble
// Initial state: No CAM shall be emitted
geoNetworkingPort.clear;
tc_noac.start;
alt {
[] geoNetworkingPort.receive {
log("No CA message expected");
f_selfOrClientSyncAndVerdict(c_prDone, e_error);
}
[] tc_noac.timeout {
f_sendUtTriggerEnrolmentRequestPrimitive();
log("*** " & testcasename() & "_itss: : INFO: No CA message received ***");
YannGarcia
committed
f_selfOrClientSyncAndVerdict(c_prDone, e_success);
}
} // End of 'alt' statement
YannGarcia
committed
// Test Body
f_sendUtTriggerAuthorizationRequestPrimitive();
tc_ac.start;
alt {
[v_start_awaiting == true] a_await_cam_with_current_cert(
v_info_port_data.at_certificate
) {
log("*** " & testcasename() & ": PASS: IUT started to send CA message using new AT certificate ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
}