Newer
Older
5001
5002
5003
5004
5005
5006
5007
5008
5009
5010
5011
5012
5013
5014
5015
5016
5017
5018
5019
5020
5021
5022
5023
5024
5025
5026
5027
5028
5029
5030
5031
5032
5033
5034
5035
5036
5037
5038
5039
5040
5041
5042
5043
5044
5045
5046
5047
5048
5049
5050
5051
5052
5053
5054
5055
5056
5057
5058
5059
5060
5061
5062
5063
// Test adapter configuration
// Preamble
// Initial state: No CAM shall be emitted
geoNetworkingPort.clear;
tc_noac.start;
alt {
[] geoNetworkingPort.receive {
log("No CA message expected");
f_selfOrClientSyncAndVerdict(c_prDone, e_error);
}
[] tc_noac.timeout {
f_sendUtTriggerEnrolmentRequestPrimitive();
tc_ac.start; // TDOD To refined, use altstep
alt {
[] utPort.receive(UtPkiTriggerInd: { state := 1 }) {
tc_ac.stop;
log("*** " & testcasename() & "_itss: INFO: IUT is in enrol state ***");
}
[] tc_ac.timeout {
log("*** " & testcasename() & "_itss: DBG: IUT state update not recieved ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout);
}
} // End of 'alt' statement
log("*** " & testcasename() & "_itss: : INFO: No CA message received ***");
f_selfOrClientSyncAndVerdict(c_prDone, e_success);
}
} // End of 'alt' statement
// Test Body
f_sendUtTriggerAuthorizationRequestPrimitive(); // TODO FSCOM Add BFK mode
tc_ac.start;
alt {
[v_start_awaiting == true] a_await_cam_with_current_cert(
v_info_port_data.at_certificate
) {
log("*** " & testcasename() & ": PASS: IUT started to send CA message using new AT certificate ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
}
[] geoNetworkingPort.receive {
log("*** " & testcasename() & ": FAIL: IUT started to send CA message using wrong AT certificate ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
}
[] infoPort.receive(InfoPortData:?) -> value v_info_port_data {
log("*** " & testcasename() & ": INFO: Received new AT certificate ***");
v_start_awaiting := true;
repeat;
}
[] tc_ac.timeout {
log("*** " & testcasename() & "_itss: : PASS: No CA message received ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_cfDown_itss();
} // End of function f_TC_SECPKI_ITSS_BFK_AUTH_01_BV_itss
function f_TC_SECPKI_ITSS_BFK_AUTH_01_BV_pki() runs on ItsPkiHttp system ItsPkiItssSystem {
// Local variable
var Headers v_headers;
var HttpMessage v_request;
var InnerEcResponse v_inner_ec_response;
var InnerEcRequest v_inner_ec_request;
// Test component configuration
f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);
// Test adapter configuration
// Preamble
if (f_await_ec_request_send_response(v_inner_ec_request, v_inner_ec_response, v_request) == true) {
5073
5074
5075
5076
5077
5078
5079
5080
5081
5082
5083
5084
5085
5086
5087
5088
5089
5090
5091
5092
5093
5094
5095
5096
5097
5098
5099
5100
5101
5102
5103
5104
5105
5106
5107
5108
5109
5110
5111
5112
5113
5114
5115
5116
5117
5118
5119
5120
5121
5122
5123
5124
5125
5126
5127
5128
5129
5130
5131
5132
5133
5134
5135
5136
5137
5138
5139
5140
5141
5142
5143
5144
5145
5146
5147
5148
5149
5150
5151
5152
5153
5154
5155
5156
5157
5158
5159
5160
5161
5162
5163
5164
5165
5166
5167
5168
5169
5170
5171
5172
5173
5174
5175
5176
5177
5178
5179
5180
5181
5182
5183
5184
5185
5186
5187
5188
5189
5190
5191
5192
5193
5194
5195
5196
5197
5198
5199
5200
5201
5202
5203
5204
5205
5206
5207
5208
5209
5210
5211
5212
5213
5214
5215
5216
5217
5218
5219
5220
5221
5222
5223
5224
5225
5226
5227
5228
5229
5230
5231
5232
5233
5234
5235
5236
5237
5238
5239
5240
5241
5242
5243
5244
5245
5246
5247
5248
5249
5250
5251
5252
5253
5254
log("*** " & testcasename() & ": INFO: Enrolment succeed ***");
f_selfOrClientSyncAndVerdict(c_prDone, e_success);
} else {
log("*** " & testcasename() & ": INCONC: Enrolment failed ***");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
}
// Test Body
tc_ac.start;
alt {
[] a_await_ec_http_request_from_iut(
mw_http_request(
mw_http_request_post(
PICS_HTTP_POST_URI_BFK_AUTH,
-,
mw_http_message_body_binary(
mw_binary_body_ieee1609dot2_data(
mw_enrolmentRequestMessage(
mw_encryptedData(
{ *, mw_recipientInfo_certRecipInfo(mw_pKRecipientInfo(vc_eaHashedId8)), * },
mw_symmetricCiphertext_aes128ccm
)))))),
v_request
) {
var HttpMessage v_response;
var integer v_result;
var EeRaCertRequest v_bfk_authorization_request;
var RaEeCertInfo v_bfk_authorization_response;
tc_ac.stop;
// Verify IUT response
f_verify_http_bfk_authorization_request(v_request.request, v_headers, v_inner_ec_response.certificate, v_bfk_authorization_request, v_bfk_authorization_response, v_response, v_result);
// Send response
if (isvalue(v_response)) {
httpPort.send(v_response);
} else { // Send HTTP error 500
f_send_500_Internal_Error(v_headers);
}
// Set verdict
if (v_result == 0) {
log("*** " & testcasename() & ": PASS: InnerEcRequest received ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
} else {
log("*** " & testcasename() & ": FAIL: Failed to verify EA an EnrolmentRequestMessage ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
}
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_cfHttpDown();
} // End of function f_TC_SECPKI_ITSS_BFK_AUTH_01_BV_pki
} // End of group f_TC_SECPKI_ITSS_BFK_AUTH_01_BV
/**
* @desc Check that the ButterflyAuthorizationRequestMessage is signed using the EC certificate
* <pre>
* Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT and PICS_SEC_BFK_AUTH
* Initial conditions:
* with {
* the IUT being in the 'enrolled' state
* with certificate CERT_EC
* issued by CA authorized with CERT_IUT_A_EA
* and the EA in 'operational' state
* authorized with enrollment certificate CERT_IUT_A_EA
* }
* Expected behaviour:
* ensure that {
* when {
* the IUT is triggered to request a new batch of authorization tickets
* }
* then {
* the IUT sends a EtsiTs103097Data to the EA
* containing content.encryptedData.cipherText
* containing encrypted representation of EtsiTs103097Data
* containing signedData
* containing tbsData
* containing psid
* indicating AID_PKI_CERT_REQUEST
* and containing generationTime
* and not containing any other field
* and containing payload.data
* indicating EtsiTs102941Data
* containing version
* indicating ‘1’
* and containing content
* containing butterflyAuthorizationRequest
* indicating EeRaCertRequest
* and containing signer
* containing digest
* indicating HashedId8 of the CERT_EC
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v2.0.1 SECPKI_ITSS_ENR_02_BV
* @reference ETSI TS 102 941 [1], clause 6.2.3.5.2
*/
testcase TC_SECPKI_ITSS_BFK_AUTH_02_BV() runs on ItsMtc system ItsPkiItssSystem {
// Local variables
var ItsPkiItss v_itss;
var ItsPkiHttp v_ea;
// Test control
if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_ENROLMENT or not PICS_SEC_BFK_AUTH) {
log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT or PICS_SEC_BFK_AUTH required for executing the TC ***");
setverdict(inconc);
stop;
}
// Test component configuration
f_cfMtcUp01(v_itss, v_ea);
// Start components
v_itss.start(f_TC_SECPKI_ITSS_BFK_AUTH_01_BV_itss());
v_ea.start(f_TC_SECPKI_ITSS_BFK_AUTH_01_BV_pki());
// Synchronization
f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
// Cleanup
f_cfMtcDown01(v_itss, v_ea);
} // End of testcase TC_SECPKI_ITSS_BFK_AUTH_02_BV
/**
* @desc Check that the ButterflyAuthorizationRequestMessage contains all required elements
* <pre>
* Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT and PICS_SEC_BFK_AUTH
* Initial conditions:
* with {
* the IUT being in the 'enrolled' state
* and the EA in 'operational' state
* }
* Expected behaviour:
* ensure that {
* when {
* the IUT is triggered to request a new batch of authorization tickets (AT)
* }
* then {
* the IUT sends to the EA a EtsiTs103097Data
* containing the EeRaCertRequest
* containing version
* indicating ‘2’
* and containing generationTime
* indicating current ITS timestamp
* and containing certificateType
* indicating ‘explicit”
* and containing tbsCert
* containing id
* indicating ‘none’
* and containing cracaId
* indicating ‘000000’H
* and containing crlSeries
* indicating ‘0’
* and containing additionalParams
* containing original
* or containing unified
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v2.0.1 SECPKI_ITSS_ENR_03_BV
* @reference ETSI TS 102 941 [1], clause 6.2.3.5.2
*/
testcase TC_SECPKI_ITSS_BFK_AUTH_03_BV() runs on ItsMtc system ItsPkiItssSystem {
// Local variables
var ItsPkiItss v_itss;
var ItsPkiHttp v_ea;
// Test control
if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_ENROLMENT or not PICS_SEC_BFK_AUTH) {
log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT or PICS_SEC_BFK_AUTH required for executing the TC ***");
setverdict(inconc);
stop;
}
// Test component configuration
f_cfMtcUp01(v_itss, v_ea);
// Start components
v_itss.start(f_TC_SECPKI_ITSS_BFK_AUTH_01_BV_itss());
v_ea.start(f_TC_SECPKI_ITSS_BFK_AUTH_01_BV_pki());
// Synchronization
f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
// Cleanup
f_cfMtcDown01(v_itss, v_ea);
} // End of testcase TC_SECPKI_ITSS_BFK_AUTH_04_BV
YannGarcia
committed
/**
* @desc Check that the ButterflyAuthorizationRequestMessage contains newlly generated caterpillar public key
YannGarcia
committed
* <pre>
* Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT and PICS_SEC_BFK_AUTH
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* and the IUT already sent one or more Butterfly Authorization Requests
* and the EA in 'operational' state
YannGarcia
committed
* }
* Expected behaviour:
* ensure that {
* when {
* the IUT is triggered to request a new batch of authorization tickets (AT)
YannGarcia
committed
* }
* then {
* the IUT sends to the EA a EtsiTs103097Data
* containing the EeRaCertRequest
* containing version
* indicating ‘2’
* and containing generationTime
* indicating current ITS timestamp
* and containing certificateType
* indicating ‘explicit”
* and containing tbsCert
* containing id
* indicating ‘none’
* and containing cracaId
* indicating ‘000000’H
* and containing crlSeries
* indicating ‘0’
* and containing additionalParams
* containing original
* or containing unified
YannGarcia
committed
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v2.0.1 SECPKI_ITSS_ENR_03_BV
* @reference ETSI TS 102 941 [1], clause 6.2.3.5.2
YannGarcia
committed
*/
testcase TC_SECPKI_ITSS_BFK_AUTH_04_BV() runs on ItsMtc system ItsPkiItssSystem {
YannGarcia
committed
// Local variables
var ItsPkiItss v_itss;
var ItsPkiHttp v_ea;
YannGarcia
committed
// Test control
if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_ENROLMENT or not PICS_SEC_BFK_AUTH) {
log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT or PICS_SEC_BFK_AUTH required for executing the TC ***");
YannGarcia
committed
setverdict(inconc);
stop;
}
YannGarcia
committed
// Test component configuration
f_cfMtcUp01(v_itss, v_ea);
// Start components
v_itss.start(f_TC_SECPKI_ITSS_BFK_AUTH_04_BV_itss());
v_ea.start(f_TC_SECPKI_ITSS_BFK_AUTH_04_BV_pki());
YannGarcia
committed
// Synchronization
f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
YannGarcia
committed
// Cleanup
f_cfMtcDown01(v_itss, v_ea);
} // End of testcase TC_SECPKI_ITSS_BFK_AUTH_04_BV
group f_TC_SECPKI_ITSS_BFK_AUTH_04_BV {
function f_TC_SECPKI_ITSS_BFK_AUTH_04_BV_itss() runs on ItsPkiItss system ItsPkiItssSystem {
YannGarcia
committed
// Local variables
var HashedId8 v_certificate_digest;
var EtsiTs103097Certificate v_certificate;
var InfoPortData v_info_port_data;
var boolean v_start_awaiting := false;
YannGarcia
committed
// Test component configuration
vc_hashedId8ToBeUsed := PX_IUT_DEFAULT_CERTIFICATE;
f_cfUp_itss();
YannGarcia
committed
// Test adapter configuration
YannGarcia
committed
// Preamble
// Initial state: No CAM shall be emitted
geoNetworkingPort.clear;
tc_noac.start;
alt {
[] geoNetworkingPort.receive {
log("No CA message expected");
f_selfOrClientSyncAndVerdict(c_prDone, e_error);
}
[] tc_noac.timeout {
f_sendUtTriggerEnrolmentRequestPrimitive();
tc_ac.start; // TDOD To refined, use altstep
alt {
[] utPort.receive(UtPkiTriggerInd: { state := 1 }) {
tc_ac.stop;
log("*** " & testcasename() & "_itss: INFO: IUT is in enrol state ***");
}
[] tc_ac.timeout {
log("*** " & testcasename() & "_itss: DBG: IUT state update not recieved ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout);
}
} // End of 'alt' statement
log("*** " & testcasename() & "_itss: : INFO: No CA message received ***");
f_selfOrClientSyncAndVerdict(c_prDone, e_success);
}
} // End of 'alt' statement
YannGarcia
committed
// Test Body
f_sendUtTriggerAuthorizationRequestPrimitive(); // TODO FSCOM Add BFK mode
YannGarcia
committed
tc_ac.start;
alt {
[v_start_awaiting == true] a_await_cam_with_current_cert(
v_info_port_data.at_certificate
) {
log("*** " & testcasename() & ": PASS: IUT started to send CA message using new AT certificate ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
}
[] geoNetworkingPort.receive {
log("*** " & testcasename() & ": FAIL: IUT started to send CA message using wrong AT certificate ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
}
[] infoPort.receive(InfoPortData:?) -> value v_info_port_data {
log("*** " & testcasename() & ": INFO: Received new AT certificate ***");
v_start_awaiting := true;
repeat;
YannGarcia
committed
}
[] tc_ac.timeout {
log("*** " & testcasename() & "_itss: : PASS: No CA message received ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout);
YannGarcia
committed
}
} // End of 'alt' statement
YannGarcia
committed
// Postamble
f_cfDown_itss();
} // End of function f_TC_SECPKI_ITSS_BFK_AUTH_04_BV_itss
function f_TC_SECPKI_ITSS_BFK_AUTH_04_BV_pki() runs on ItsPkiHttp system ItsPkiItssSystem {
YannGarcia
committed
// Local variable
var Headers v_headers;
var HttpMessage v_request;
var InnerEcResponse v_inner_ec_response;
var InnerEcRequest v_inner_ec_request;
YannGarcia
committed
// Test component configuration
f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);
YannGarcia
committed
// Test adapter configuration
YannGarcia
committed
// Preamble
if (f_await_ec_request_send_response(v_inner_ec_request, v_inner_ec_response, v_request) == true) {
log("*** " & testcasename() & ": INFO: Enrolment succeed ***");
f_selfOrClientSyncAndVerdict(c_prDone, e_success);
YannGarcia
committed
} else {
log("*** " & testcasename() & ": INCONC: Enrolment failed ***");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
YannGarcia
committed
}
5431
5432
5433
5434
5435
5436
5437
5438
5439
5440
5441
5442
5443
5444
5445
5446
5447
5448
5449
5450
5451
5452
5453
5454
5455
5456
5457
5458
5459
5460
5461
5462
5463
5464
5465
5466
5467
5468
5469
5470
5471
5472
5473
5474
5475
5476
5477
// Test Body
tc_ac.start;
alt {
[] a_await_ec_http_request_from_iut(
mw_http_request(
mw_http_request_post(
PICS_HTTP_POST_URI_EC,
-,
mw_http_message_body_binary(
mw_binary_body_ieee1609dot2_data(
mw_enrolmentRequestMessage(
mw_encryptedData(
{ *, mw_recipientInfo_certRecipInfo(mw_pKRecipientInfo(vc_eaHashedId8)), * },
mw_symmetricCiphertext_aes128ccm
)))))),
v_request
) {
var HttpMessage v_response;
var integer v_result;
var EeRaCertRequest v_bfk_authorization_request;
var RaEeCertInfo v_bfk_authorization_response;
tc_ac.stop;
// Verify IUT response
f_verify_http_bfk_authorization_request(v_request.request, v_headers, v_inner_ec_response.certificate, v_bfk_authorization_request, v_bfk_authorization_response, v_response, v_result);
// Send response
if (isvalue(v_response)) {
httpPort.send(v_response);
} else { // Send HTTP error 500
f_send_500_Internal_Error(v_headers);
}
// Set verdict
if (v_result == 0) {
log("*** " & testcasename() & ": PASS: InnerEcRequest received ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
} else {
log("*** " & testcasename() & ": FAIL: Failed to verify EA an EnrolmentRequestMessage ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
}
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout);
}
} // End of 'alt' statement
YannGarcia
committed
// Postamble
f_cfHttpDown();
} // End of function f_TC_SECPKI_ITSS_BFK_AUTH_04_BV_pki
} // End of group f_TC_SECPKI_ITSS_BFK_AUTH_04_BV
5484
5485
5486
5487
5488
5489
5490
5491
5492
5493
5494
5495
5496
5497
5498
5499
5500
5501
5502
5503
5504
5505
5506
5507
5508
5509
5510
5511
5512
5513
5514
5515
5516
5517
5518
5519
5520
5521
5522
5523
5524
5525
5526
5527
5528
5529
5530
5531
5532
5533
5534
5535
5536
5537
5538
5539
5540
5541
5542
5543
5544
5545
5546
5547
5548
5549
5550
5551
5552
5553
5554
5555
5556
5557
5558
5559
5560
5561
5562
/**
* @desc Check that IUT downloads the AT certificates batch after receiving of positive ButterflyAuthorizationResponse message
* <pre>
* Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT and PICS_SEC_BFK_AUTH
* Initial conditions:
* with {
* the IUT being in the 'enrolled' state
* and the EA in 'operational' state
* and the IUT has sent the ButterflyAuthorizationRequestMessage
* }
* Expected behaviour:
* ensure that {
* when {
* the IUT receives an EtsiTs102941Data as an answer of the EA
* containing butterflyAuthorizationResponse
* indicating RaEeCertInfo
* containing generationTime
* indicating GEN_TIME
* and containing currentI
* indicating VALUE_I
* and containing requestHash
* indicating REQ_HASH
* and containing nextDlTime
* indicating time between GEN_TIME and current time
* }
* then {
* the IUT send the ButterflyAtDownloadRequestMessage
* containing butterflyAtDownloadRequest
* indicating EeRaDownloadRequest
* containing generationTime
* indicating value more than GEN_TIME
* and containing filename
* indicating string REQ_HASH + “_” + VALUE_I + “.zip”
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v2.0.1 SECPKI_ITSS_BFK_CERTDNL_01_BV
* @reference ETSI TS 102 941 [1], clauses 6.2.3.5.3 and 6.2.3.5.6
*/
testcase TC_SECPKI_ITSS_BFK_CERTDNL_01_BV() runs on ItsMtc system ItsPkiItssSystem {
// Local variables
var ItsPkiItss v_itss;
var ItsPkiHttp v_ea;
// Test control
if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_ENROLMENT or not PICS_SEC_BFK_AUTH) {
log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT or PICS_SEC_BFK_AUTH required for executing the TC ***");
setverdict(inconc);
stop;
}
// Test component configuration
f_cfMtcUp01(v_itss, v_ea);
// Start components
v_itss.start(TC_SECPKI_ITSS_BFK_CERTDNL_01_BV_itss());
v_ea.start(TC_SECPKI_ITSS_BFK_CERTDNL_01_BV_pki());
// Synchronization
f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
// Cleanup
f_cfMtcDown01(v_itss, v_ea);
} // End of testcase TC_SECPKI_ITSS_BFK_CERTDNL_01_BV
group f_TC_SECPKI_ITSS_BFK_CERTDNL_01_BV {
function TC_SECPKI_ITSS_BFK_CERTDNL_01_BV_itss() runs on ItsPkiItss system ItsPkiItssSystem {
// FIXME TODO
} // End of function TC_SECPKI_ITSS_BFK_CERTDNL_01_BV_itss
function TC_SECPKI_ITSS_BFK_CERTDNL_01_BV_pki() runs on ItsPkiHttp system ItsPkiItssSystem {
// FIXME TODO
} // End of function TC_SECPKI_ITSS_BFK_CERTDNL_01_BV_pki
} // End of group f_TC_SECPKI_ITSS_BFK_CERTDNL_01_BV
} // End of group itss_authorization_request_bfk
// ETSI TS 103 525-2 V2.0.2 (2023-07) Clause 5.2.4 CTL handling
YannGarcia
committed
group itss_ctl_handling {
YannGarcia
committed
5567
5568
5569
5570
5571
5572
5573
5574
5575
5576
5577
5578
5579
5580
5581
5582
5583
5584
5585
5586
5587
5588
5589
5590
5591
5592
5593
5594
5595
5596
/**
* @desc Check that the IUT trust the new RCA from the received ECTL
* <pre>
* Pics Selection:
* Initial conditions: {
* the IUT does not trust the CERT_RCA_NEW
* the IUT has received the TLM CTL
* containing the CERT_RCA_NEW
* }
* Expected behaviour:
* ensure that {
* when {
* the IUT received a CAM
* signed with AT certificate
* signed with AA certificate
* signed with CERT_RCA_NEW
* }
* then {
* the IUT accepts this CAM
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 TP SECPKI_ITSS_CTL_01_BV
* @reference ETSI TS 102 941, clause 6.3.5
*/
testcase TC_SECPKI_ITSS_CTL_01_BV() runs on ItsMtc system ItsPkiItssSystem {
// Local variables
var ItsPkiItss v_itss;
var ItsPkiHttp v_cpoc;
YannGarcia
committed
// Test control
if (not PICS_IUT_ITS_S_ROLE) {
log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE required for executing the TC ***");
setverdict(inconc);
stop;
}
YannGarcia
committed
// Test component configuration
f_cfMtcUp03(v_itss, v_cpoc);
// Start components
v_itss.start(f_TC_SECPKI_ITSS_CTL_01_BV_itss());
v_cpoc.start(f_TC_SECPKI_ITSS_CTL_01_BV_pki());
YannGarcia
committed
// Synchronization
f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
YannGarcia
committed
// Cleanup
f_cfMtcDown03(v_itss, v_cpoc);
YannGarcia
committed
} // End of testcase TC_SECPKI_ITSS_CTL_01_BV
YannGarcia
committed
group f_TC_SECPKI_ITSS_CTL_01_BV {
YannGarcia
committed
function f_TC_SECPKI_ITSS_CTL_01_BV_itss() runs on ItsPkiItss system ItsPkiItssSystem {
// Local variables
var GeoNetworkingPdu v_securedGnPdu;
var integer i;
// Test component configuration
YannGarcia
committed
f_cfUp_itss();
YannGarcia
committed
// Test adapter configuration
YannGarcia
committed
// Preamble
geoNetworkingPort.clear;
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mw_etsiTs103097Data_signed(
mw_signedData
)))) {
tc_ac.stop;
YannGarcia
committed
f_sendUtTriggerUpdateEctl(""); // FIXME Create PIXIT for ETCL URI
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
}
} // End of 'alt' statement
YannGarcia
committed
// Test Body
v_securedGnPdu := f_sendSecuredCam(cc_ectl_rca_new);
// Check that the CAM message is forwarde to Facilies layer
f_sleep(PX_TAC);
for(i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, valueof(v_securedGnPdu.gnPacket.packet.payload)); i := i + 1) {
// empty on purpose
}
if(i < lengthof(vc_utInds)) {
log("*** " & testcasename() & ": PASS: CA message was transmitted to upper layer ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
} else {
log("*** " & testcasename() & ": FAIL: CA message was not transmitted to upper layer ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
}
YannGarcia
committed
// Postamble
f_cfDown_itss();
YannGarcia
committed
} // End of function f_TC_SECPKI_ITSS_CTL_01_BV_itss
function f_TC_SECPKI_ITSS_CTL_01_BV_pki() runs on ItsPkiHttp system ItsPkiItssSystem {
// Local variable
var HttpMessage v_response;
var Headers v_headers;
// Test component configuration
f_cfHttpUp_tlm();
YannGarcia
committed
// Test adapter configuration
YannGarcia
committed
// Preamble
tc_ac.start;
alt {
[] a_await_cpoc_http_request_from_iut(
mw_http_request(
mw_http_request_get(
YannGarcia
committed
5690
5691
5692
5693
5694
5695
5696
5697
5698
5699
5700
5701
5702
5703
5704
5705
5706
5707
5708
5709
5710
5711
5712
5713
5714
5715
5716
5717
5718
5719
5720
5721
5722
5723
5724
5725
5726
5727
5728
5729
5730
5731
5732
5733
5734
5735
5736
5737
5738
5739
5740
5741
5742
5743
5744
5745
5746
5747
5748
5749
5750
5751
5752
5753
5754
5755
5756
5757
5758
5759
5760
5761
)),
v_response
) {
var HashedId8 v_rca_hashed_id8; // Used for signature
var Oct32 v_rca_private_key;
var EtsiTs103097Certificate v_rca_new; // The CERT_RCA_NEW
var bitstring v_enc_msg;
var ToBeSignedData v_tbs;
var bitstring v_tbs_enc;
var Oct32 v_tbs_signed;
var Signature v_signature;
var Ieee1609Dot2Data v_ieee1609dot2_signed_data;
tc_ac.stop;
// Read certificates
f_getCertificateHash(PICS_IUT_CA_CERTIFICATE_ID, v_rca_hashed_id8);
f_readSigningKey(PICS_IUT_CA_CERTIFICATE_ID, v_rca_private_key);
f_readCertificate(cc_ectl_rca_new, v_rca_new);
// Build the ToBeSignedTlmCtl data structure
v_enc_msg := encvalue(
valueof(
m_to_be_signed_tlm_full_ctl(
f_getCurrentTime() / 1000 + 3600,
10,
{
m_ctrl_command_add(
m_ctl_entry_rca(
m_root_ca_entry(
v_rca_new
)))
}
)));
v_tbs := valueof(
m_toBeSignedData(
m_signedDataPayload(
m_etsiTs103097Data_unsecured(bit2oct(v_enc_msg))
),
m_headerInfo_inner_pki_request(-, (f_getCurrentTime() * 1000)/*us*/)
));
v_tbs_enc := encvalue(v_tbs);
// Sign the certificate
v_tbs_signed := f_signWithEcdsa(bit2oct(v_tbs_enc), v_rca_hashed_id8, v_rca_private_key);
v_signature := valueof(
m_signature_ecdsaNistP256(
m_ecdsaP256Signature(
m_eccP256CurvePoint_x_only(
substr(v_tbs_signed, 0, 32)
),
substr(v_tbs_signed, 32, 32)
)));
log(testcasename() & ": v_signature= ", v_signature);
v_ieee1609dot2_signed_data := valueof(
m_etsiTs103097Data_signed(
m_signedData(
sha256,
v_tbs,
m_signerIdentifier_digest(v_rca_hashed_id8),
v_signature
)));
// Send response with CERT_RCA_NEW
f_init_default_headers_list(-, "tlm_ectl", v_headers);
f_http_send(
v_headers,
m_http_response(
m_http_response_ok(
m_http_message_body_binary(
m_binary_body_ieee1609dot2_data(
v_ieee1609dot2_signed_data
)),
v_headers
)));
YannGarcia
committed
log("*** " & testcasename() & ": INFO: CERT_RCA_NEW was sent to the IUT ***");
f_selfOrClientSyncAndVerdict(c_prDone, e_success);
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdict(c_prDone, e_timeout);
}
} // End of 'alt' statement
YannGarcia
committed
// Test Body
f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
YannGarcia
committed
// Postamble
f_cfHttpDown_tlm();
} // End of function f_TC_SECPKI_ITSS_CTL_01_BV_pki
YannGarcia
committed
5779
5780
5781
5782
5783
5784
5785
5786
5787
5788
5789
5790
5791
5792
5793
5794
5795
5796
5797
5798
5799
5800
5801
5802
5803
5804
5805
5806
5807
5808
5809
5810
} // End of group f_TC_SECPKI_ITSS_CTL_01_BV
/**
* @desc Check that the IUT untrust the RCA when it is deleted from ECTL
* <pre>
* Pics Selection:
* Initial conditions: {
* the IUT does not trust the CERT_RCA
* the IUT has received the TLM CTL
* not containing the CERT_RCA
* }
* Expected behaviour:
* ensure that {
* when {
* the IUT received a CAM
* signed with AT certificate
* signed with AA certificate
* signed with CERT_RCA
* }
* then {
* the IUT rejects this CAM
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 TP SECPKI_ITSS_CTL_02_BV
* @reference ETSI TS 102 941, clause 6.3.5
*/
testcase TC_SECPKI_ITSS_CTL_02_BV() runs on ItsPkiItss system ItsPkiItssSystem {
// Local variables
var GeoNetworkingPdu v_securedGnPdu;
var integer i;
YannGarcia
committed
// Test control
if (not PICS_IUT_ITS_S_ROLE) {
log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE required for executing the TC ***");
setverdict(inconc);
stop;
}
YannGarcia
committed
// Test component configuration
f_cfUp_itss();
YannGarcia
committed
// Test adapter configuration
YannGarcia
committed
// Preamble
geoNetworkingPort.clear;
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mw_etsiTs103097Data_signed(
mw_signedData
)))) {
tc_ac.stop;
YannGarcia
committed
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
}
} // End of 'alt' statement
YannGarcia
committed
5844
5845
5846
5847
5848
5849
5850
5851
5852
5853
5854
5855
5856
5857
5858
5859
5860
5861
5862
5863
5864
5865
5866
5867
5868
5869
5870
5871
5872
5873
5874
5875
5876
5877
5878
5879
5880
5881
5882
5883
5884
5885
5886
5887
5888
5889
5890
5891
5892
5893
// Test Body
v_securedGnPdu := f_sendSecuredCam(cc_ectl_rca_untrust);
// Check that the CAM message is forwarde to Facilies layer
f_sleep(PX_TAC);
for(i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, valueof(v_securedGnPdu.gnPacket.packet.payload)); i := i + 1) {
// empty on purpose
}
if(i < lengthof(vc_utInds)) {
log("*** " & testcasename() & ": FAIL: CA message was not transmitted to upper layer ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
} else {
log("*** " & testcasename() & ": PASS: CA message was transmitted to upper layer ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
}
// Postamble
f_cfDown_itss();
} // End of testcase TC_SECPKI_ITSS_CTL_02_BV
/**
* @desc Check that the IUT trust the AA when it is received in RCA CTL
* <pre>
* Pics Selection:
* Initial conditions: {
* the IUT is trusting the CERT_AA_NEW
* the IUT has received the RCA CTL
* containing the CERT_AA_NEW
* and signed by CERT_RCA
* }
* Expected behaviour:
* ensure that {
* when {
* the IUT received a CAM
* signed with AT certificate
* signed with AA_NEW certificate
* }
* then {
* the IUT accepts this CAM
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 TP SECPKI_ITSS_CTL_03_BV
* @reference ETSI TS 102 941, clause 6.3.5
*/
testcase TC_SECPKI_ITSS_CTL_03_BV() runs on ItsMtc system ItsPkiItssSystem {
// Local variables
var ItsPkiItss v_itss;
var ItsPkiHttp v_dc;
YannGarcia
committed
// Test control
if (not PICS_IUT_ITS_S_ROLE) {
log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE required for executing the TC ***");
setverdict(inconc);
stop;
}
YannGarcia
committed
// Test component configuration
f_cfMtcUp04(v_itss, v_dc);
// Start components
v_itss.start(f_TC_SECPKI_ITSS_CTL_03_BV_itss());
v_dc.start(f_TC_SECPKI_ITSS_CTL_03_BV_pki());
YannGarcia
committed
// Synchronization
f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
YannGarcia
committed
// Cleanup
f_cfMtcDown04(v_itss, v_dc);
YannGarcia
committed
} // End of testcase TC_SECPKI_ITSS_CTL_03_BV
YannGarcia
committed
group f_TC_SECPKI_ITSS_CTL_03_BV {
YannGarcia
committed
function f_TC_SECPKI_ITSS_CTL_03_BV_itss() runs on ItsPkiItss system ItsPkiItssSystem {
// Local variables
var GeoNetworkingPdu v_securedGnPdu;
var integer i;
YannGarcia
committed
// Test component configuration
f_cfUp_itss();
YannGarcia
committed
// Test adapter configuration
YannGarcia
committed
// Preamble
geoNetworkingPort.clear;
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mw_etsiTs103097Data_signed(
mw_signedData
)))) {
tc_ac.stop;
YannGarcia
committed
f_sendUtTriggerRequestForRcaCtl(""); // FIXME Create PIXIT for RCA DC
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
}
} // End of 'alt' statement
YannGarcia
committed
// Test Body
v_securedGnPdu := f_sendSecuredCam(cc_ectl_aa_new);
// Check that the CAM message is forwarde to Facilies layer
f_sleep(PX_TAC);
for(i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, valueof(v_securedGnPdu.gnPacket.packet.payload)); i := i + 1) {
// empty on purpose
}
if(i < lengthof(vc_utInds)) {
log("*** " & testcasename() & ": PASS: CA message was transmitted to upper layer ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
} else {
log("*** " & testcasename() & ": FAIL: CA message was not transmitted to upper layer ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
}
YannGarcia
committed
// Postamble
f_cfDown_itss();
} // End of function f_TC_SECPKI_ITSS_CTL_03_BV_itss
YannGarcia
committed
function f_TC_SECPKI_ITSS_CTL_03_BV_pki() runs on ItsPkiHttp system ItsPkiItssSystem {
// Local variable
var HttpMessage v_response;
var Headers v_headers;
// Test component configuration
f_cfHttpUp_ca();
YannGarcia
committed
// Test adapter configuration
YannGarcia
committed
// Preamble
tc_ac.start;
alt {
[] a_await_dc_http_request_from_iut(
mw_http_request(
mw_http_request_get(
YannGarcia
committed
)),
v_response
) {
var HashedId8 v_aa_hashed_id8; // Used for signature
var Oct32 v_aa_private_key;
var EtsiTs103097Certificate v_aa_new; // The CERT_AA_NEW
var bitstring v_enc_msg;
var ToBeSignedData v_tbs;
var bitstring v_tbs_enc;
var Oct32 v_tbs_signed;
var Signature v_signature;
var Ieee1609Dot2Data v_ieee1609dot2_signed_data;
tc_ac.stop;