Skip to content
ItsPki_TestCases.ttcn 1.05 MiB
Newer Older
ASN.1 Documenter's avatar
ASN.1 Documenter committed
/**
ASN.1 Documenter's avatar
ASN.1 Documenter committed
 *  @version  $Url$
 *            $Id$
 *  @desc     Testcases  file for Security Protocol
 *  @reference   ETSI TS ITS-00546v006
 *  @copyright   ETSI Copyright Notification
 *               No part may be reproduced except as authorized by written permission.
 *               The copyright and the foregoing restriction extend to reproduction in all media.
 *               All rights reserved.
 */
module ItsPki_TestCases {
ASN.1 Documenter's avatar
ASN.1 Documenter committed
  // Libcommon
  import from LibCommon_Time all;
  import from LibCommon_VerdictControl all;
  import from LibCommon_Sync all;
  import from LibCommon_BasicTypesAndValues all;
  import from LibCommon_DataStrings all;
ASN.1 Documenter's avatar
ASN.1 Documenter committed
  // LibIts
  import from Ieee1609Dot2BaseTypes language "ASN.1:1997" all;
  import from Ieee1609Dot2 language "ASN.1:1997" all;
  import from EtsiTs102941BaseTypes language "ASN.1:1997" all;
  import from EtsiTs102941TypesEnrolment language "ASN.1:1997" all;
  import from EtsiTs102941TypesAuthorization language "ASN.1:1997" all;
  import from EtsiTs102941TypesAuthorizationValidation language "ASN.1:1997" all;
  import from EtsiTs102941MessagesCa language "ASN.1:1997" all;
  import from EtsiTs102941TrustLists language "ASN.1:1997" all;
  import from EtsiTs103097Module language "ASN.1:1997" all;
  import from Ieee1609Dot2Dot1AcaRaInterface language "ASN.1:1997" all;
  import from Ieee1609Dot2Dot1EeRaInterface language "ASN.1:1997" all;
  import from ETSI_ITS_CDD language "ASN.1:1997" all;
ASN.1 Documenter's avatar
ASN.1 Documenter committed
  import from CAM_PDU_Descriptions language "ASN.1:1997" all;
ASN.1 Documenter's avatar
ASN.1 Documenter committed
  // LibItsCommon
  import from LibItsCommon_TypesAndValues all;
  import from LibItsCommon_Functions all;
  import from LibItsCommon_TypesAndValues all;
  import from LibItsCommon_ASN1_NamedNumbers all;
ASN.1 Documenter's avatar
ASN.1 Documenter committed
  // LibItsGeoNetworking
  import from LibItsGeoNetworking_TypesAndValues all;
  import from LibItsGeoNetworking_Functions all;
  import from LibItsGeoNetworking_Templates all;
  import from LibItsGeoNetworking_Pics all;
  import from LibItsGeoNetworking_Pixits all;
ASN.1 Documenter's avatar
ASN.1 Documenter committed
  import from LibItsGeoNetworking_TestSystem all;

  // LibItsCam
  import from LibItsCam_TypesAndValues all;
  import from LibItsCam_Templates all;
ASN.1 Documenter's avatar
ASN.1 Documenter committed
  // LibItsSecurity
  import from LibItsSecurity_TypesAndValues all;
  import from LibItsSecurity_TestSystem all;
  import from LibItsSecurity_Templates all;
  import from LibItsSecurity_Functions all;
  import from LibItsSecurity_Pixits all;
  import from LibItsSecurity_Pics all;
  // LibHttp
  import from LibHttp_TypesAndValues all;
  import from LibHttp_Templates all;
  import from LibHttp_Functions all;
  import from LibHttp_TestSystem all;
  import from LibHttp_Pics all;
  import from LibHttp_BinaryTemplates all;

  // LibHelpers
  import from LibHelpers_Functions all;

ASN.1 Documenter's avatar
ASN.1 Documenter committed
  // LibItsPki
  import from LibItsPki_TypesAndValues all;
  import from LibItsPki_Templates all;
  import from LibItsPki_Functions all;
  import from LibItsPki_TestSystem all;
  import from LibItsPki_Pics all;
  import from LibItsPki_Pixits all;
  import from LibItsPki_EncdecDeclarations all;
ASN.1 Documenter's avatar
ASN.1 Documenter committed

  // ItsPki
  import from ItsPki_Pixits all;
ASN.1 Documenter's avatar
ASN.1 Documenter committed
  /**
ASN.1 Documenter's avatar
ASN.1 Documenter committed
   */
  group itss_behavior {
    group itss_states {
      const charstring c_stInitial := "initial";
      const charstring c_stEnrolled := "enrolled";
      const charstring c_stAuthorized := "authorized";
    }

ASN.1 Documenter's avatar
ASN.1 Documenter committed
    group itss_helpers {

      /**
       * @desc Send an HTTP error message 500 Internal error.
       *       Note: To be refined
       */
      function f_send_500_Internal_Error(
                                         in Headers p_headers, 
                                         in template (omit) charstring p_error_message := omit
                                         ) runs on ItsPkiHttp {
        f_http_send(
                    p_headers,
                    m_http_response(
                                    m_http_response_500_internal_error(
                                                                       p_headers
                    )));
      } // End function f_send_500_Internal_Error

ASN.1 Documenter's avatar
ASN.1 Documenter committed
      /**
       * @desc The purpose of this function is verify the EC request and extract InnerEcRequest and build the InnerEcResponse for the HTTP response
       *       Note: This function accepts additional parameters to alter the reponse
       */
      function f_verify_http_ec_request_from_iut_itss(
                                                      in Request p_request,
                                                      in Headers p_headers,
                                                      out InnerEcRequest p_inner_ec_request,
                                                      out InnerEcResponse p_inner_ec_response,
                                                      out HttpMessage p_response,
                                                      out integer p_result,
                                                      in template (present) octetstring p_its_id := PICS_ITS_S_CANONICAL_ID,
                                                      in template (present) SignerIdentifier p_signer := m_signerIdentifier_self,
ASN.1 Documenter's avatar
ASN.1 Documenter committed
                                                      in EnrolmentResponseCode p_force_response_code := ok
                                                      ) runs on ItsPkiHttp {
        // Local variables
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
        var Ieee1609Dot2Data v_ieee1609dot2_signed_data;
ASN.1 Documenter's avatar
ASN.1 Documenter committed
        var EtsiTs102941Data v_etsi_ts_102941_data;
        var Oct16 v_request_hash;
        var HashedId8 v_bfk_hashed_id8;
ASN.1 Documenter's avatar
ASN.1 Documenter committed
        var Oct16 v_aes_enc_key;
        var template (value) HttpMessage v_response;
        var EtsiTs103097Certificate v_ec_certificate;
        var HashedId8 v_ec_certificate_hashed_id8;
        var PublicVerificationKey v_canonical_key;
ASN.1 Documenter's avatar
ASN.1 Documenter committed
        log(">>> f_verify_http_ec_request_from_iut_itss: ", p_request);
ASN.1 Documenter's avatar
ASN.1 Documenter committed
        p_result := 0;
        if(false == f_get_canonical_itss_key(v_canonical_key)){
          log(">>> f_verify_http_ec_request_from_iut_itss: error getting canonical key");
          v_response := m_http_response(m_http_response_500_internal_error(p_headers));
          p_result := -1;
          return;
        }

        if(not(f_read_pki_request_message(
                                          p_request.body.binary_body.ieee1609dot2_data,
                                          vc_eaPrivateEncKey, vc_eaWholeHash/*salt*/,
                                          v_request_hash, v_aes_enc_key,
                                          v_ieee1609dot2_signed_data,
                                          v_etsi_ts_102941_data
                                          ))) {
          f_http_build_inner_ec_response(-, cantparse, v_request_hash, vc_eaPrivateKey, vc_eaWholeHash, v_aes_enc_key, v_ec_certificate, v_ec_certificate_hashed_id8, p_inner_ec_response, v_ieee1609dot2_signed_and_encrypted_data);
          p_result := -1;
          goto L_Done;
        }

        log("f_verify_http_ec_request_from_iut_itss: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentRequest(mw_innerEcRequestSignedForPop(mw_signedData(sha256, mw_toBeSignedData(-, mw_headerInfo_inner_pki_request), p_signer))))); // TODO In TITAN, this is the only way to get the unmatching in log
        if (false == match(v_etsi_ts_102941_data.content, mw_enrolmentRequest(mw_innerEcRequestSignedForPop(mw_signedData(sha256, mw_toBeSignedData(-, mw_headerInfo_inner_pki_request), p_signer))))) {
ASN.1 Documenter's avatar
ASN.1 Documenter committed
          // Send error message
          f_http_build_inner_ec_response(-, badcontenttype, v_request_hash, vc_eaPrivateKey, vc_eaWholeHash, v_aes_enc_key, v_ec_certificate, v_ec_certificate_hashed_id8, p_inner_ec_response, v_ieee1609dot2_signed_and_encrypted_data);
ASN.1 Documenter's avatar
ASN.1 Documenter committed
          // Set verdict
          p_result := -2;
          goto L_Done;
        }
        // Verify signature of mw_innerEcRequestSignedForPop
        if (false == f_verify_inner_ec_request_signed_for_pop(v_etsi_ts_102941_data, p_inner_ec_request)) {
          // Send error message
          f_http_build_inner_ec_response(p_inner_ec_request/*Not required*/, cantparse, v_request_hash, vc_eaPrivateKey, vc_eaWholeHash, v_aes_enc_key, v_ec_certificate, v_ec_certificate_hashed_id8, p_inner_ec_response, v_ieee1609dot2_signed_and_encrypted_data);
          v_response := m_http_response(m_http_response_ok(m_http_message_body_binary(m_binary_body_ieee1609dot2_data(v_ieee1609dot2_signed_and_encrypted_data)), p_headers));
          // Set verdict
          p_result := -3;
          goto L_Done;
        }

        log("f_verify_http_ec_request_from_iut_itss: matching: ", match(p_inner_ec_request, mw_innerEcRequest(p_its_id, -, mw_certificate_subject_attributes({mw_appPermissions(c_its_aid_SCR, ?)})))); // TODO In TITAN, this is the only way to get the unmatching in log
        if (false == match(p_inner_ec_request, mw_innerEcRequest(p_its_id, -, mw_certificate_subject_attributes_optional_assuranceLevel({mw_appPermissions(c_its_aid_SCR, ?)})))) {
          // Send error message: Not enrolmentrequest
          f_http_build_inner_ec_response(p_inner_ec_request, badcontenttype, v_request_hash, vc_eaPrivateKey, vc_eaWholeHash, v_aes_enc_key, v_ec_certificate, v_ec_certificate_hashed_id8, p_inner_ec_response, v_ieee1609dot2_signed_and_encrypted_data);
          v_response := m_http_response(m_http_response_ok(m_http_message_body_binary(m_binary_body_ieee1609dot2_data(v_ieee1609dot2_signed_and_encrypted_data)), p_headers));
          // Set verdict
          p_result := -4;
          goto L_Done;
        }
        // TODO Check ValidityPeriod

        // Send OK message
        log("f_verify_http_ec_request_from_iut_itss: Receive ", p_inner_ec_request);
        if (p_force_response_code == ok) { 
          // Send EC certificate with code ok
          log("====================================== vc_ec_keys_counter= ", vc_ec_keys_counter);
          f_http_build_inner_ec_response(p_inner_ec_request, ok, v_request_hash, vc_eaPrivateKey, vc_eaWholeHash, v_aes_enc_key, v_ec_certificate, v_ec_certificate_hashed_id8, p_inner_ec_response, v_ieee1609dot2_signed_and_encrypted_data);
          if (ispresent(p_inner_ec_request.publicKeys.verificationKey.ecdsaNistP256)) {
Loading full blame...