Newer
Older
} // End of 'alt' statement
// Postamble
f_cfDown_itss();
} // End of function f_TC_SECPKI_ITSS_BFK_AUTH_01_BV_itss
function f_TC_SECPKI_ITSS_BFK_AUTH_01_BV_pki() runs on ItsPkiHttp system ItsPkiItssSystem {
// Local variable
var Headers v_headers;
var HttpMessage v_request;
var InnerEcResponse v_inner_ec_response;
var InnerEcRequest v_inner_ec_request;
// Test component configuration
f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);
// Test adapter configuration
// Preamble
if (f_await_ec_request_send_response(v_inner_ec_request, v_inner_ec_response, v_request) == true) {
5021
5022
5023
5024
5025
5026
5027
5028
5029
5030
5031
5032
5033
5034
5035
5036
5037
5038
5039
5040
5041
5042
5043
5044
5045
5046
5047
5048
5049
5050
5051
5052
5053
5054
5055
5056
5057
5058
5059
5060
5061
5062
5063
5064
5065
5066
5067
5068
5069
5070
5071
5072
5073
5074
5075
5076
5077
5078
5079
5080
5081
5082
5083
5084
5085
5086
5087
5088
5089
5090
5091
5092
5093
5094
5095
5096
5097
5098
5099
5100
5101
5102
5103
5104
5105
5106
5107
5108
5109
5110
5111
5112
5113
5114
5115
5116
5117
5118
5119
5120
5121
5122
5123
5124
5125
5126
5127
5128
5129
5130
5131
5132
5133
5134
5135
5136
5137
5138
5139
5140
5141
5142
5143
5144
5145
5146
5147
5148
5149
5150
5151
5152
5153
5154
5155
5156
5157
5158
5159
5160
5161
5162
5163
5164
5165
5166
5167
5168
5169
5170
5171
5172
5173
5174
5175
5176
5177
5178
5179
5180
5181
5182
5183
5184
5185
5186
5187
5188
5189
5190
5191
5192
5193
5194
5195
5196
5197
5198
5199
5200
5201
5202
log("*** " & testcasename() & ": INFO: Enrolment succeed ***");
f_selfOrClientSyncAndVerdict(c_prDone, e_success);
} else {
log("*** " & testcasename() & ": INCONC: Enrolment failed ***");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
}
// Test Body
tc_ac.start;
alt {
[] a_await_ec_http_request_from_iut(
mw_http_request(
mw_http_request_post(
PICS_HTTP_POST_URI_BFK_AUTH,
-,
mw_http_message_body_binary(
mw_binary_body_ieee1609dot2_data(
mw_enrolmentRequestMessage(
mw_encryptedData(
{ *, mw_recipientInfo_certRecipInfo(mw_pKRecipientInfo(vc_eaHashedId8)), * },
mw_symmetricCiphertext_aes128ccm
)))))),
v_request
) {
var HttpMessage v_response;
var integer v_result;
var EeRaCertRequest v_bfk_authorization_request;
var RaEeCertInfo v_bfk_authorization_response;
tc_ac.stop;
// Verify IUT response
f_verify_http_bfk_authorization_request(v_request.request, v_headers, v_inner_ec_response.certificate, v_bfk_authorization_request, v_bfk_authorization_response, v_response, v_result);
// Send response
if (isvalue(v_response)) {
httpPort.send(v_response);
} else { // Send HTTP error 500
f_send_500_Internal_Error(v_headers);
}
// Set verdict
if (v_result == 0) {
log("*** " & testcasename() & ": PASS: InnerEcRequest received ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
} else {
log("*** " & testcasename() & ": FAIL: Failed to verify EA an EnrolmentRequestMessage ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
}
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_cfHttpDown();
} // End of function f_TC_SECPKI_ITSS_BFK_AUTH_01_BV_pki
} // End of group f_TC_SECPKI_ITSS_BFK_AUTH_01_BV
/**
* @desc Check that the ButterflyAuthorizationRequestMessage is signed using the EC certificate
* <pre>
* Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT and PICS_SEC_BFK_AUTH
* Initial conditions:
* with {
* the IUT being in the 'enrolled' state
* with certificate CERT_EC
* issued by CA authorized with CERT_IUT_A_EA
* and the EA in 'operational' state
* authorized with enrollment certificate CERT_IUT_A_EA
* }
* Expected behaviour:
* ensure that {
* when {
* the IUT is triggered to request a new batch of authorization tickets
* }
* then {
* the IUT sends a EtsiTs103097Data to the EA
* containing content.encryptedData.cipherText
* containing encrypted representation of EtsiTs103097Data
* containing signedData
* containing tbsData
* containing psid
* indicating AID_PKI_CERT_REQUEST
* and containing generationTime
* and not containing any other field
* and containing payload.data
* indicating EtsiTs102941Data
* containing version
* indicating ‘1’
* and containing content
* containing butterflyAuthorizationRequest
* indicating EeRaCertRequest
* and containing signer
* containing digest
* indicating HashedId8 of the CERT_EC
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v2.0.1 SECPKI_ITSS_ENR_02_BV
* @reference ETSI TS 102 941 [1], clause 6.2.3.5.2
*/
testcase TC_SECPKI_ITSS_BFK_AUTH_02_BV() runs on ItsMtc system ItsPkiItssSystem {
// Local variables
var ItsPkiItss v_itss;
var ItsPkiHttp v_ea;
// Test control
if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_ENROLMENT or not PICS_SEC_BFK_AUTH) {
log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT or PICS_SEC_BFK_AUTH required for executing the TC ***");
setverdict(inconc);
stop;
}
// Test component configuration
f_cfMtcUp01(v_itss, v_ea);
// Start components
v_itss.start(f_TC_SECPKI_ITSS_BFK_AUTH_01_BV_itss());
v_ea.start(f_TC_SECPKI_ITSS_BFK_AUTH_01_BV_pki());
// Synchronization
f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
// Cleanup
f_cfMtcDown01(v_itss, v_ea);
} // End of testcase TC_SECPKI_ITSS_BFK_AUTH_02_BV
/**
* @desc Check that the ButterflyAuthorizationRequestMessage contains all required elements
* <pre>
* Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT and PICS_SEC_BFK_AUTH
* Initial conditions:
* with {
* the IUT being in the 'enrolled' state
* and the EA in 'operational' state
* }
* Expected behaviour:
* ensure that {
* when {
* the IUT is triggered to request a new batch of authorization tickets (AT)
* }
* then {
* the IUT sends to the EA a EtsiTs103097Data
* containing the EeRaCertRequest
* containing version
* indicating ‘2’
* and containing generationTime
* indicating current ITS timestamp
* and containing certificateType
* indicating ‘explicit”
* and containing tbsCert
* containing id
* indicating ‘none’
* and containing cracaId
* indicating ‘000000’H
* and containing crlSeries
* indicating ‘0’
* and containing additionalParams
* containing original
* or containing unified
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v2.0.1 SECPKI_ITSS_ENR_03_BV
* @reference ETSI TS 102 941 [1], clause 6.2.3.5.2
*/
testcase TC_SECPKI_ITSS_BFK_AUTH_03_BV() runs on ItsMtc system ItsPkiItssSystem {
// Local variables
var ItsPkiItss v_itss;
var ItsPkiHttp v_ea;
// Test control
if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_ENROLMENT or not PICS_SEC_BFK_AUTH) {
log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT or PICS_SEC_BFK_AUTH required for executing the TC ***");
setverdict(inconc);
stop;
}
// Test component configuration
f_cfMtcUp01(v_itss, v_ea);
// Start components
v_itss.start(f_TC_SECPKI_ITSS_BFK_AUTH_01_BV_itss());
v_ea.start(f_TC_SECPKI_ITSS_BFK_AUTH_01_BV_pki());
// Synchronization
f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
// Cleanup
f_cfMtcDown01(v_itss, v_ea);
} // End of testcase TC_SECPKI_ITSS_BFK_AUTH_04_BV
YannGarcia
committed
/**
* @desc Check that the ButterflyAuthorizationRequestMessage contains newlly generated caterpillar public key
YannGarcia
committed
* <pre>
* Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT and PICS_SEC_BFK_AUTH
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* and the IUT already sent one or more Butterfly Authorization Requests
* and the EA in 'operational' state
YannGarcia
committed
* }
* Expected behaviour:
* ensure that {
* when {
* the IUT is triggered to request a new batch of authorization tickets (AT)
YannGarcia
committed
* }
* then {
* the IUT sends to the EA a EtsiTs103097Data
* containing the EeRaCertRequest
* containing version
* indicating ‘2’
* and containing generationTime
* indicating current ITS timestamp
* and containing certificateType
* indicating ‘explicit”
* and containing tbsCert
* containing id
* indicating ‘none’
* and containing cracaId
* indicating ‘000000’H
* and containing crlSeries
* indicating ‘0’
* and containing additionalParams
* containing original
* or containing unified
YannGarcia
committed
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v2.0.1 SECPKI_ITSS_ENR_03_BV
* @reference ETSI TS 102 941 [1], clause 6.2.3.5.2
YannGarcia
committed
*/
testcase TC_SECPKI_ITSS_BFK_AUTH_04_BV() runs on ItsMtc system ItsPkiItssSystem {
YannGarcia
committed
// Local variables
var ItsPkiItss v_itss;
var ItsPkiHttp v_ea;
YannGarcia
committed
// Test control
if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_ENROLMENT or not PICS_SEC_BFK_AUTH) {
log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT or PICS_SEC_BFK_AUTH required for executing the TC ***");
YannGarcia
committed
setverdict(inconc);
stop;
}
YannGarcia
committed
// Test component configuration
f_cfMtcUp01(v_itss, v_ea);
// Start components
v_itss.start(f_TC_SECPKI_ITSS_BFK_AUTH_04_BV_itss());
v_ea.start(f_TC_SECPKI_ITSS_BFK_AUTH_04_BV_pki());
YannGarcia
committed
// Synchronization
f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
YannGarcia
committed
// Cleanup
f_cfMtcDown01(v_itss, v_ea);
} // End of testcase TC_SECPKI_ITSS_BFK_AUTH_04_BV
group f_TC_SECPKI_ITSS_BFK_AUTH_04_BV {
function f_TC_SECPKI_ITSS_BFK_AUTH_04_BV_itss() runs on ItsPkiItss system ItsPkiItssSystem {
YannGarcia
committed
// Local variables
var HashedId8 v_certificate_digest;
var EtsiTs103097Certificate v_certificate;
var InfoPortData v_info_port_data;
var boolean v_start_awaiting := false;
YannGarcia
committed
// Test component configuration
vc_hashedId8ToBeUsed := PX_IUT_DEFAULT_CERTIFICATE;
f_cfUp_itss();
YannGarcia
committed
// Test adapter configuration
YannGarcia
committed
// Preamble
// Initial state: No CAM shall be emitted
geoNetworkingPort.clear;
tc_noac.start;
alt {
[] geoNetworkingPort.receive {
log("No CA message expected");
f_selfOrClientSyncAndVerdict(c_prDone, e_error);
}
[] tc_noac.timeout {
f_sendUtTriggerEnrolmentRequestPrimitive();
tc_ac.start; // TDOD To refined, use altstep
alt {
[] utPort.receive(UtPkiTriggerInd: { state := 1 }) {
tc_ac.stop;
log("*** " & testcasename() & "_itss: INFO: IUT is in enrol state ***");
}
[] tc_ac.timeout {
log("*** " & testcasename() & "_itss: DBG: IUT state update not recieved ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout);
}
} // End of 'alt' statement
log("*** " & testcasename() & "_itss: : INFO: No CA message received ***");
f_selfOrClientSyncAndVerdict(c_prDone, e_success);
}
} // End of 'alt' statement
YannGarcia
committed
// Test Body
f_sendUtTriggerAuthorizationRequestPrimitive(); // TODO FSCOM Add BFK mode
YannGarcia
committed
tc_ac.start;
alt {
[v_start_awaiting == true] a_await_cam_with_current_cert(
v_info_port_data.at_certificate
) {
log("*** " & testcasename() & ": PASS: IUT started to send CA message using new AT certificate ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
}
[] geoNetworkingPort.receive {
log("*** " & testcasename() & ": FAIL: IUT started to send CA message using wrong AT certificate ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
}
[] infoPort.receive(InfoPortData:?) -> value v_info_port_data {
log("*** " & testcasename() & ": INFO: Received new AT certificate ***");
v_start_awaiting := true;
repeat;
YannGarcia
committed
}
[] tc_ac.timeout {
log("*** " & testcasename() & "_itss: : PASS: No CA message received ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout);
YannGarcia
committed
}
} // End of 'alt' statement
YannGarcia
committed
// Postamble
f_cfDown_itss();
} // End of function f_TC_SECPKI_ITSS_BFK_AUTH_04_BV_itss
function f_TC_SECPKI_ITSS_BFK_AUTH_04_BV_pki() runs on ItsPkiHttp system ItsPkiItssSystem {
YannGarcia
committed
// Local variable
var Headers v_headers;
var HttpMessage v_request;
var InnerEcResponse v_inner_ec_response;
var InnerEcRequest v_inner_ec_request;
YannGarcia
committed
// Test component configuration
f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);
YannGarcia
committed
// Test adapter configuration
YannGarcia
committed
// Preamble
if (f_await_ec_request_send_response(v_inner_ec_request, v_inner_ec_response, v_request) == true) {
log("*** " & testcasename() & ": INFO: Enrolment succeed ***");
f_selfOrClientSyncAndVerdict(c_prDone, e_success);
YannGarcia
committed
} else {
log("*** " & testcasename() & ": INCONC: Enrolment failed ***");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
YannGarcia
committed
}
5379
5380
5381
5382
5383
5384
5385
5386
5387
5388
5389
5390
5391
5392
5393
5394
5395
5396
5397
5398
5399
5400
5401
5402
5403
5404
5405
5406
5407
5408
5409
5410
5411
5412
5413
5414
5415
5416
5417
5418
5419
5420
5421
5422
5423
5424
5425
// Test Body
tc_ac.start;
alt {
[] a_await_ec_http_request_from_iut(
mw_http_request(
mw_http_request_post(
PICS_HTTP_POST_URI_EC,
-,
mw_http_message_body_binary(
mw_binary_body_ieee1609dot2_data(
mw_enrolmentRequestMessage(
mw_encryptedData(
{ *, mw_recipientInfo_certRecipInfo(mw_pKRecipientInfo(vc_eaHashedId8)), * },
mw_symmetricCiphertext_aes128ccm
)))))),
v_request
) {
var HttpMessage v_response;
var integer v_result;
var EeRaCertRequest v_bfk_authorization_request;
var RaEeCertInfo v_bfk_authorization_response;
tc_ac.stop;
// Verify IUT response
f_verify_http_bfk_authorization_request(v_request.request, v_headers, v_inner_ec_response.certificate, v_bfk_authorization_request, v_bfk_authorization_response, v_response, v_result);
// Send response
if (isvalue(v_response)) {
httpPort.send(v_response);
} else { // Send HTTP error 500
f_send_500_Internal_Error(v_headers);
}
// Set verdict
if (v_result == 0) {
log("*** " & testcasename() & ": PASS: InnerEcRequest received ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
} else {
log("*** " & testcasename() & ": FAIL: Failed to verify EA an EnrolmentRequestMessage ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
}
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout);
}
} // End of 'alt' statement
YannGarcia
committed
// Postamble
f_cfHttpDown();
} // End of function f_TC_SECPKI_ITSS_BFK_AUTH_04_BV_pki
} // End of group f_TC_SECPKI_ITSS_BFK_AUTH_04_BV
5432
5433
5434
5435
5436
5437
5438
5439
5440
5441
5442
5443
5444
5445
5446
5447
5448
5449
5450
5451
5452
5453
5454
5455
5456
5457
5458
5459
5460
5461
5462
5463
5464
5465
5466
5467
5468
5469
5470
5471
5472
5473
5474
5475
5476
5477
5478
5479
5480
5481
5482
5483
5484
5485
5486
5487
5488
5489
5490
5491
5492
5493
5494
5495
5496
5497
5498
5499
5500
5501
5502
5503
5504
5505
5506
5507
5508
5509
5510
/**
* @desc Check that IUT downloads the AT certificates batch after receiving of positive ButterflyAuthorizationResponse message
* <pre>
* Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT and PICS_SEC_BFK_AUTH
* Initial conditions:
* with {
* the IUT being in the 'enrolled' state
* and the EA in 'operational' state
* and the IUT has sent the ButterflyAuthorizationRequestMessage
* }
* Expected behaviour:
* ensure that {
* when {
* the IUT receives an EtsiTs102941Data as an answer of the EA
* containing butterflyAuthorizationResponse
* indicating RaEeCertInfo
* containing generationTime
* indicating GEN_TIME
* and containing currentI
* indicating VALUE_I
* and containing requestHash
* indicating REQ_HASH
* and containing nextDlTime
* indicating time between GEN_TIME and current time
* }
* then {
* the IUT send the ButterflyAtDownloadRequestMessage
* containing butterflyAtDownloadRequest
* indicating EeRaDownloadRequest
* containing generationTime
* indicating value more than GEN_TIME
* and containing filename
* indicating string REQ_HASH + “_” + VALUE_I + “.zip”
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v2.0.1 SECPKI_ITSS_BFK_CERTDNL_01_BV
* @reference ETSI TS 102 941 [1], clauses 6.2.3.5.3 and 6.2.3.5.6
*/
testcase TC_SECPKI_ITSS_BFK_CERTDNL_01_BV() runs on ItsMtc system ItsPkiItssSystem {
// Local variables
var ItsPkiItss v_itss;
var ItsPkiHttp v_ea;
// Test control
if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_ENROLMENT or not PICS_SEC_BFK_AUTH) {
log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT or PICS_SEC_BFK_AUTH required for executing the TC ***");
setverdict(inconc);
stop;
}
// Test component configuration
f_cfMtcUp01(v_itss, v_ea);
// Start components
v_itss.start(TC_SECPKI_ITSS_BFK_CERTDNL_01_BV_itss());
v_ea.start(TC_SECPKI_ITSS_BFK_CERTDNL_01_BV_pki());
// Synchronization
f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
// Cleanup
f_cfMtcDown01(v_itss, v_ea);
} // End of testcase TC_SECPKI_ITSS_BFK_CERTDNL_01_BV
group f_TC_SECPKI_ITSS_BFK_CERTDNL_01_BV {
function TC_SECPKI_ITSS_BFK_CERTDNL_01_BV_itss() runs on ItsPkiItss system ItsPkiItssSystem {
// FIXME TODO
} // End of function TC_SECPKI_ITSS_BFK_CERTDNL_01_BV_itss
function TC_SECPKI_ITSS_BFK_CERTDNL_01_BV_pki() runs on ItsPkiHttp system ItsPkiItssSystem {
// FIXME TODO
} // End of function TC_SECPKI_ITSS_BFK_CERTDNL_01_BV_pki
} // End of group f_TC_SECPKI_ITSS_BFK_CERTDNL_01_BV
} // End of group itss_authorization_request_bfk
// ETSI TS 103 525-2 V2.0.2 (2023-07) Clause 5.2.4 CTL handling
YannGarcia
committed
group itss_ctl_handling {
YannGarcia
committed
5515
5516
5517
5518
5519
5520
5521
5522
5523
5524
5525
5526
5527
5528
5529
5530
5531
5532
5533
5534
5535
5536
5537
5538
5539
5540
5541
5542
5543
5544
/**
* @desc Check that the IUT trust the new RCA from the received ECTL
* <pre>
* Pics Selection:
* Initial conditions: {
* the IUT does not trust the CERT_RCA_NEW
* the IUT has received the TLM CTL
* containing the CERT_RCA_NEW
* }
* Expected behaviour:
* ensure that {
* when {
* the IUT received a CAM
* signed with AT certificate
* signed with AA certificate
* signed with CERT_RCA_NEW
* }
* then {
* the IUT accepts this CAM
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 TP SECPKI_ITSS_CTL_01_BV
* @reference ETSI TS 102 941, clause 6.3.5
*/
testcase TC_SECPKI_ITSS_CTL_01_BV() runs on ItsMtc system ItsPkiItssSystem {
// Local variables
var ItsPkiItss v_itss;
var ItsPkiHttp v_cpoc;
YannGarcia
committed
// Test control
if (not PICS_IUT_ITS_S_ROLE) {
log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE required for executing the TC ***");
setverdict(inconc);
stop;
}
YannGarcia
committed
// Test component configuration
f_cfMtcUp03(v_itss, v_cpoc);
// Start components
v_itss.start(f_TC_SECPKI_ITSS_CTL_01_BV_itss());
v_cpoc.start(f_TC_SECPKI_ITSS_CTL_01_BV_pki());
YannGarcia
committed
// Synchronization
f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
YannGarcia
committed
// Cleanup
f_cfMtcDown03(v_itss, v_cpoc);
YannGarcia
committed
} // End of testcase TC_SECPKI_ITSS_CTL_01_BV
YannGarcia
committed
group f_TC_SECPKI_ITSS_CTL_01_BV {
YannGarcia
committed
function f_TC_SECPKI_ITSS_CTL_01_BV_itss() runs on ItsPkiItss system ItsPkiItssSystem {
// Local variables
var GeoNetworkingPdu v_securedGnPdu;
var integer i;
// Test component configuration
YannGarcia
committed
f_cfUp_itss();
YannGarcia
committed
// Test adapter configuration
YannGarcia
committed
// Preamble
geoNetworkingPort.clear;
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mw_etsiTs103097Data_signed(
mw_signedData
)))) {
tc_ac.stop;
YannGarcia
committed
f_sendUtTriggerUpdateEctl(""); // FIXME Create PIXIT for ETCL URI
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
}
} // End of 'alt' statement
YannGarcia
committed
// Test Body
v_securedGnPdu := f_sendSecuredCam(cc_ectl_rca_new);
// Check that the CAM message is forwarde to Facilies layer
f_sleep(PX_TAC);
for(i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, valueof(v_securedGnPdu.gnPacket.packet.payload)); i := i + 1) {
// empty on purpose
}
if(i < lengthof(vc_utInds)) {
log("*** " & testcasename() & ": PASS: CA message was transmitted to upper layer ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
} else {
log("*** " & testcasename() & ": FAIL: CA message was not transmitted to upper layer ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
}
YannGarcia
committed
// Postamble
f_cfDown_itss();
YannGarcia
committed
} // End of function f_TC_SECPKI_ITSS_CTL_01_BV_itss
function f_TC_SECPKI_ITSS_CTL_01_BV_pki() runs on ItsPkiHttp system ItsPkiItssSystem {
// Local variable
var HttpMessage v_response;
var Headers v_headers;
// Test component configuration
f_cfHttpUp_tlm();
YannGarcia
committed
// Test adapter configuration
YannGarcia
committed
// Preamble
tc_ac.start;
alt {
[] a_await_cpoc_http_request_from_iut(
mw_http_request(
mw_http_request_get(
YannGarcia
committed
5638
5639
5640
5641
5642
5643
5644
5645
5646
5647
5648
5649
5650
5651
5652
5653
5654
5655
5656
5657
5658
5659
5660
5661
5662
5663
5664
5665
5666
5667
5668
5669
5670
5671
5672
5673
5674
5675
5676
5677
5678
5679
5680
5681
5682
5683
5684
5685
5686
5687
5688
5689
5690
5691
5692
5693
5694
5695
5696
5697
5698
5699
5700
5701
5702
5703
5704
5705
5706
5707
5708
5709
)),
v_response
) {
var HashedId8 v_rca_hashed_id8; // Used for signature
var Oct32 v_rca_private_key;
var EtsiTs103097Certificate v_rca_new; // The CERT_RCA_NEW
var bitstring v_enc_msg;
var ToBeSignedData v_tbs;
var bitstring v_tbs_enc;
var Oct32 v_tbs_signed;
var Signature v_signature;
var Ieee1609Dot2Data v_ieee1609dot2_signed_data;
tc_ac.stop;
// Read certificates
f_getCertificateHash(PICS_IUT_CA_CERTIFICATE_ID, v_rca_hashed_id8);
f_readSigningKey(PICS_IUT_CA_CERTIFICATE_ID, v_rca_private_key);
f_readCertificate(cc_ectl_rca_new, v_rca_new);
// Build the ToBeSignedTlmCtl data structure
v_enc_msg := encvalue(
valueof(
m_to_be_signed_tlm_full_ctl(
f_getCurrentTime() / 1000 + 3600,
10,
{
m_ctrl_command_add(
m_ctl_entry_rca(
m_root_ca_entry(
v_rca_new
)))
}
)));
v_tbs := valueof(
m_toBeSignedData(
m_signedDataPayload(
m_etsiTs103097Data_unsecured(bit2oct(v_enc_msg))
),
m_headerInfo_inner_pki_request(-, (f_getCurrentTime() * 1000)/*us*/)
));
v_tbs_enc := encvalue(v_tbs);
// Sign the certificate
v_tbs_signed := f_signWithEcdsa(bit2oct(v_tbs_enc), v_rca_hashed_id8, v_rca_private_key);
v_signature := valueof(
m_signature_ecdsaNistP256(
m_ecdsaP256Signature(
m_eccP256CurvePoint_x_only(
substr(v_tbs_signed, 0, 32)
),
substr(v_tbs_signed, 32, 32)
)));
log(testcasename() & ": v_signature= ", v_signature);
v_ieee1609dot2_signed_data := valueof(
m_etsiTs103097Data_signed(
m_signedData(
sha256,
v_tbs,
m_signerIdentifier_digest(v_rca_hashed_id8),
v_signature
)));
// Send response with CERT_RCA_NEW
f_init_default_headers_list(-, "tlm_ectl", v_headers);
f_http_send(
v_headers,
m_http_response(
m_http_response_ok(
m_http_message_body_binary(
m_binary_body_ieee1609dot2_data(
v_ieee1609dot2_signed_data
)),
v_headers
)));
YannGarcia
committed
log("*** " & testcasename() & ": INFO: CERT_RCA_NEW was sent to the IUT ***");
f_selfOrClientSyncAndVerdict(c_prDone, e_success);
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdict(c_prDone, e_timeout);
}
} // End of 'alt' statement
YannGarcia
committed
// Test Body
f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
YannGarcia
committed
// Postamble
f_cfHttpDown_tlm();
} // End of function f_TC_SECPKI_ITSS_CTL_01_BV_pki
YannGarcia
committed
5727
5728
5729
5730
5731
5732
5733
5734
5735
5736
5737
5738
5739
5740
5741
5742
5743
5744
5745
5746
5747
5748
5749
5750
5751
5752
5753
5754
5755
5756
5757
5758
} // End of group f_TC_SECPKI_ITSS_CTL_01_BV
/**
* @desc Check that the IUT untrust the RCA when it is deleted from ECTL
* <pre>
* Pics Selection:
* Initial conditions: {
* the IUT does not trust the CERT_RCA
* the IUT has received the TLM CTL
* not containing the CERT_RCA
* }
* Expected behaviour:
* ensure that {
* when {
* the IUT received a CAM
* signed with AT certificate
* signed with AA certificate
* signed with CERT_RCA
* }
* then {
* the IUT rejects this CAM
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 TP SECPKI_ITSS_CTL_02_BV
* @reference ETSI TS 102 941, clause 6.3.5
*/
testcase TC_SECPKI_ITSS_CTL_02_BV() runs on ItsPkiItss system ItsPkiItssSystem {
// Local variables
var GeoNetworkingPdu v_securedGnPdu;
var integer i;
YannGarcia
committed
// Test control
if (not PICS_IUT_ITS_S_ROLE) {
log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE required for executing the TC ***");
setverdict(inconc);
stop;
}
YannGarcia
committed
// Test component configuration
f_cfUp_itss();
YannGarcia
committed
// Test adapter configuration
YannGarcia
committed
// Preamble
geoNetworkingPort.clear;
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mw_etsiTs103097Data_signed(
mw_signedData
)))) {
tc_ac.stop;
YannGarcia
committed
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
}
} // End of 'alt' statement
YannGarcia
committed
5792
5793
5794
5795
5796
5797
5798
5799
5800
5801
5802
5803
5804
5805
5806
5807
5808
5809
5810
5811
5812
5813
5814
5815
5816
5817
5818
5819
5820
5821
5822
5823
5824
5825
5826
5827
5828
5829
5830
5831
5832
5833
5834
5835
5836
5837
5838
5839
5840
5841
// Test Body
v_securedGnPdu := f_sendSecuredCam(cc_ectl_rca_untrust);
// Check that the CAM message is forwarde to Facilies layer
f_sleep(PX_TAC);
for(i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, valueof(v_securedGnPdu.gnPacket.packet.payload)); i := i + 1) {
// empty on purpose
}
if(i < lengthof(vc_utInds)) {
log("*** " & testcasename() & ": FAIL: CA message was not transmitted to upper layer ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
} else {
log("*** " & testcasename() & ": PASS: CA message was transmitted to upper layer ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
}
// Postamble
f_cfDown_itss();
} // End of testcase TC_SECPKI_ITSS_CTL_02_BV
/**
* @desc Check that the IUT trust the AA when it is received in RCA CTL
* <pre>
* Pics Selection:
* Initial conditions: {
* the IUT is trusting the CERT_AA_NEW
* the IUT has received the RCA CTL
* containing the CERT_AA_NEW
* and signed by CERT_RCA
* }
* Expected behaviour:
* ensure that {
* when {
* the IUT received a CAM
* signed with AT certificate
* signed with AA_NEW certificate
* }
* then {
* the IUT accepts this CAM
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 TP SECPKI_ITSS_CTL_03_BV
* @reference ETSI TS 102 941, clause 6.3.5
*/
testcase TC_SECPKI_ITSS_CTL_03_BV() runs on ItsMtc system ItsPkiItssSystem {
// Local variables
var ItsPkiItss v_itss;
var ItsPkiHttp v_dc;
YannGarcia
committed
// Test control
if (not PICS_IUT_ITS_S_ROLE) {
log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE required for executing the TC ***");
setverdict(inconc);
stop;
}
YannGarcia
committed
// Test component configuration
f_cfMtcUp04(v_itss, v_dc);
// Start components
v_itss.start(f_TC_SECPKI_ITSS_CTL_03_BV_itss());
v_dc.start(f_TC_SECPKI_ITSS_CTL_03_BV_pki());
YannGarcia
committed
// Synchronization
f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
YannGarcia
committed
// Cleanup
f_cfMtcDown04(v_itss, v_dc);
YannGarcia
committed
} // End of testcase TC_SECPKI_ITSS_CTL_03_BV
YannGarcia
committed
group f_TC_SECPKI_ITSS_CTL_03_BV {
YannGarcia
committed
function f_TC_SECPKI_ITSS_CTL_03_BV_itss() runs on ItsPkiItss system ItsPkiItssSystem {
// Local variables
var GeoNetworkingPdu v_securedGnPdu;
var integer i;
YannGarcia
committed
// Test component configuration
f_cfUp_itss();
YannGarcia
committed
// Test adapter configuration
YannGarcia
committed
// Preamble
geoNetworkingPort.clear;
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mw_etsiTs103097Data_signed(
mw_signedData
)))) {
tc_ac.stop;
YannGarcia
committed
f_sendUtTriggerRequestForRcaCtl(""); // FIXME Create PIXIT for RCA DC
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
}
} // End of 'alt' statement
YannGarcia
committed
// Test Body
v_securedGnPdu := f_sendSecuredCam(cc_ectl_aa_new);
// Check that the CAM message is forwarde to Facilies layer
f_sleep(PX_TAC);
for(i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, valueof(v_securedGnPdu.gnPacket.packet.payload)); i := i + 1) {
// empty on purpose
}
if(i < lengthof(vc_utInds)) {
log("*** " & testcasename() & ": PASS: CA message was transmitted to upper layer ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
} else {
log("*** " & testcasename() & ": FAIL: CA message was not transmitted to upper layer ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
}
YannGarcia
committed
// Postamble
f_cfDown_itss();
} // End of function f_TC_SECPKI_ITSS_CTL_03_BV_itss
YannGarcia
committed
function f_TC_SECPKI_ITSS_CTL_03_BV_pki() runs on ItsPkiHttp system ItsPkiItssSystem {
// Local variable
var HttpMessage v_response;
var Headers v_headers;
// Test component configuration
f_cfHttpUp_ca();
YannGarcia
committed
// Test adapter configuration
YannGarcia
committed
// Preamble
tc_ac.start;
alt {
[] a_await_dc_http_request_from_iut(
mw_http_request(
mw_http_request_get(
YannGarcia
committed
5934
5935
5936
5937
5938
5939
5940
5941
5942
5943
5944
5945
5946
5947
5948
5949
5950
5951
5952
5953
5954
5955
5956
5957
5958
5959
5960
5961
5962
5963
5964
5965
5966
5967
5968
5969
5970
5971
5972
5973
5974
5975
5976
5977
5978
5979
5980
5981
5982
5983
5984
5985
5986
5987
5988
5989
5990
5991
5992
5993
5994
5995
5996
5997
5998
5999
6000
)),
v_response
) {
var HashedId8 v_aa_hashed_id8; // Used for signature
var Oct32 v_aa_private_key;
var EtsiTs103097Certificate v_aa_new; // The CERT_AA_NEW
var bitstring v_enc_msg;
var ToBeSignedData v_tbs;
var bitstring v_tbs_enc;
var Oct32 v_tbs_signed;
var Signature v_signature;
var Ieee1609Dot2Data v_ieee1609dot2_signed_data;
tc_ac.stop;
// Read certificates
f_getCertificateHash("CERT_IUT_AA", v_aa_hashed_id8);
f_readSigningKey("CERT_IUT_AA", v_aa_private_key);
f_readCertificate(cc_ectl_aa_new, v_aa_new);
// Build the ToBeSignedRcaCtl data structure
v_enc_msg := encvalue(
valueof(
m_to_be_signed_rca_full_ctl(
f_getCurrentTime() / 1000 + 3600,
10,
{
m_ctrl_command_add(
m_ctl_entry_aa(
m_aa_entry(
v_aa_new,
"" // FIXME PICS_AA_ENTRY_URL
)))
}
)));
v_tbs := valueof(
m_toBeSignedData(
m_signedDataPayload(
m_etsiTs103097Data_unsecured(bit2oct(v_enc_msg))
),
m_headerInfo_inner_pki_request(-, (f_getCurrentTime() * 1000)/*us*/)
));
v_tbs_enc := encvalue(v_tbs);
// Sign the certificate
v_tbs_signed := f_signWithEcdsa(bit2oct(v_tbs_enc), v_aa_hashed_id8, v_aa_private_key);
v_signature := valueof(
m_signature_ecdsaNistP256(
m_ecdsaP256Signature(
m_eccP256CurvePoint_x_only(
substr(v_tbs_signed, 0, 32)
),
substr(v_tbs_signed, 32, 32)
)));
log(testcasename() & ": v_signature= ", v_signature);
v_ieee1609dot2_signed_data := valueof(
m_etsiTs103097Data_signed(
m_signedData(
sha256,
v_tbs,
m_signerIdentifier_digest(v_aa_hashed_id8),
v_signature
)));
// Send response with CERT_AA_NEW
f_init_default_headers_list(-, "ca_request", v_headers);
f_http_send(
v_headers,
m_http_response(
m_http_response_ok(