Skip to content
ItsPki_TestCases.ttcn 793 KiB
Newer Older
ASN.1 Documenter's avatar
ASN.1 Documenter committed
        tc_ac.start;
        alt {
          [] a_await_ec_http_response_from_iut(
                                               mw_http_response(
                                                                mw_http_response_ok(
                                                                                    mw_http_message_body_binary(
                                                                                                                mw_binary_body_ieee1609dot2_data(
                                                                                                                                                 mw_enrolmentResponseMessage(
                                                                                                                                                                             mw_encryptedData(
                                                                                                                                                                                              -,
                                                                                                                                                                                              mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                                              )))))),
                                               v_response
                                               ) {
            tc_ac.stop;
            
            if (f_verify_pki_response_message(v_private_key, v_aes_sym_key, v_authentication_vector, vc_eaWholeHash, v_response.response.body.binary_body.ieee1609dot2_data, true, -, v_etsi_ts_102941_data) == false) {
              log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***");
              f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
            } else {
              log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***");
              log("*** " & testcasename() & ": DEBUG: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16)))), " ***"); // TODO In TITAN, this is the only way to get the unmatching in log
              if (match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16))))) {
                log("*** " & testcasename() & ": PASS: Well-secured EA certificate received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
              } else {
                log("*** " & testcasename() & ": FAIL: Unexpected message received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
              }
            }
          }
          [] tc_ac.timeout {
            log("*** " & testcasename() & ": INCONC: Expected message not received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
          }
        } // End of 'alt' statement
        
        // Postamble
        f_cfHttpDown();
        
      } // End of testcase TC_SECPKI_EA_ENR_07_BV
      
      /**
       * @desc The InnerECResponse shall contain the requestHash, which is the left-most 16 octets of the SHA256 digest of the 
       *       EtsiTs103097Data - Signed structure received in the request and a responseCode indicating the result of the request.
       * <pre>
       * Pics Selection: PICS_IUT_EA_ROLE
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives an EnrolmentRequestMessage
       *         }
       *         then {
       *             the IUT sends an EtsiTs103097Data-Encrypted structure
       *                 containing an encrypted EtsiTs103097Data-Signed structure
       *                     containing tbsData
       *                         containing EtsiTS102941Data
       *                             containing requestHash
       *                                 indicating the left-most 16 octets of the SHA256 digest of the EtsiTs103097Data-Signed structure received in the request
       *                             and containing responseCode
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 v1.2.1 TP SECPKI_EA_ENR_08_BV
ASN.1 Documenter's avatar
ASN.1 Documenter committed
       * @reference ETSI TS 102 941, clause 6.2.3.2.2
       */
      testcase TC_SECPKI_EA_ENR_08_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
        // Local variables
        var Oct32 v_private_key;
        var Oct32 v_public_compressed_key;
        var integer v_compressed_mode;
        var Oct32 v_request_hash;
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
        var Oct16 v_aes_sym_key;
        var Oct16 v_encrypted_sym_key;
        var Oct16 v_authentication_vector;
        var Oct12 v_nonce;
        var octetstring v_salt;
        var Headers v_headers;
        var HttpMessage v_response;
        var EtsiTs102941Data v_etsi_ts_102941_data;
        
        // Test control
        if (not PICS_IUT_EA_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID);
        
        // Test adapter configuration
        
        // Preamble
        f_http_build_inner_ec_request(v_private_key, v_public_compressed_key, v_compressed_mode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
        f_init_default_headers_list(-, "inner_ec_request", v_headers);
        f_http_send(
                    v_headers,
                    m_http_request(
                                   m_http_request_post(
                                                       PICS_HTTP_POST_URI_EC,
                                                       v_headers,
                                                       m_http_message_body_binary(
                                                                                  m_binary_body_ieee1609dot2_data(
                                                                                                                  v_ieee1609dot2_signed_and_encrypted_data
                                                                                                                  )))));
        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
        
        // Test Body
        tc_ac.start;
        alt {
          [] a_await_ec_http_response_from_iut(
                                               mw_http_response(
                                                                mw_http_response_ok(
                                                                                    mw_http_message_body_binary(
                                                                                                                mw_binary_body_ieee1609dot2_data(
                                                                                                                                                 mw_enrolmentResponseMessage(
                                                                                                                                                                             mw_encryptedData(
                                                                                                                                                                                              -,
                                                                                                                                                                                              mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                                              )))))),
                                               v_response
                                               ) {
            tc_ac.stop;
            
            if (f_verify_pki_response_message(v_private_key, v_aes_sym_key, v_authentication_vector, vc_eaWholeHash, v_response.response.body.binary_body.ieee1609dot2_data, true, -, v_etsi_ts_102941_data) == false) {
              log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***");
              f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
            } else {
              log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***");
              log("*** " & testcasename() & ": DEBUG: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16)))), " ***"); // TODO In TITAN, this is the only way to get the unmatching in log
              if (match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16))))) {
                log("*** " & testcasename() & ": PASS: Well-secured EA certificate received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
              } else {
                log("*** " & testcasename() & ": FAIL: Unexpected message received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
              }
            }
          }
          [] tc_ac.timeout {
            log("*** " & testcasename() & ": INCONC: Expected message not received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
          }
        } // End of 'alt' statement
        
        // Postamble
        f_cfHttpDown();
        
      } // End of testcase TC_SECPKI_EA_ENR_08_BV
      
      /**
       * @desc If the responseCode is 0, the InnerECResponse shall also contain an (enrolment) certificate.
       * <pre>
       * Pics Selection: PICS_IUT_EA_ROLE
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives an EnrolmentRequestMessage
       *         }
       *         then {
       *             the IUT sends an EtsiTs103097Data-Encrypted structure
       *                 containing an encrypted EtsiTs103097Data-Signed structure
       *                     containing tbsData
       *                         containing EtsiTS102941Data
       *                             containing InnerECResponse
       *                                 containing an enrolment certificate
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 v1.2.1 TP SECPKI_EA_ENR_09_BV
ASN.1 Documenter's avatar
ASN.1 Documenter committed
       * @reference ETSI TS 102 941, clause 6.2.3.2.2
       */
      testcase TC_SECPKI_EA_ENR_09_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
        // Local variables
        var Oct32 v_private_key;
        var Oct32 v_public_compressed_key;
        var integer v_compressed_mode;
        var Oct32 v_request_hash;
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
        var Oct16 v_aes_sym_key;
        var Oct16 v_encrypted_sym_key;
        var Oct16 v_authentication_vector;
        var Oct12 v_nonce;
        var octetstring v_salt;
        var Headers v_headers;
        var HttpMessage v_response;
        var EtsiTs102941Data v_etsi_ts_102941_data;
        
        // Test control
        if (not PICS_IUT_EA_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID);
        
        // Test adapter configuration
        
        // Preamble
        f_http_build_inner_ec_request(v_private_key, v_public_compressed_key, v_compressed_mode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
        f_init_default_headers_list(-, "inner_ec_request", v_headers);
        f_http_send(
                    v_headers,
                    m_http_request(
                                   m_http_request_post(
                                                       PICS_HTTP_POST_URI_EC,
                                                       v_headers,
                                                       m_http_message_body_binary(
                                                                                  m_binary_body_ieee1609dot2_data(
                                                                                                                  v_ieee1609dot2_signed_and_encrypted_data
                                                                                                                  )))));
        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
        
        // Test Body
        tc_ac.start;
        alt {
          [] a_await_ec_http_response_from_iut(
                                               mw_http_response(
                                                                mw_http_response_ok(
                                                                                    mw_http_message_body_binary(
                                                                                                                mw_binary_body_ieee1609dot2_data(
                                                                                                                                                 mw_enrolmentResponseMessage(
                                                                                                                                                                             mw_encryptedData(
                                                                                                                                                                                              { mw_recipientInfo_pskRecipInfo },
                                                                                                                                                                                              mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                                              )))))),
                                               v_response
                                               ) {
            tc_ac.stop;
            
            if (f_verify_pki_response_message(v_private_key, v_aes_sym_key, v_authentication_vector, vc_eaWholeHash, v_response.response.body.binary_body.ieee1609dot2_data, true, -, v_etsi_ts_102941_data) == false) {
              log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***");
              f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
            } else {
              log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***");
              log("*** " & testcasename() & ": DEBUG: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16), mw_etsiTs103097Certificate(-, mw_toBeSignedCertificate_ec, -)))), " ***"); // TODO In TITAN, this is the only way to get the unmatching in log
              if (match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16), mw_etsiTs103097Certificate(-, mw_toBeSignedCertificate_ec, -))))) {
                var HashedId8 v_ec_cert_hashed_id8;
              
                if (f_verify_ec_certificate(v_etsi_ts_102941_data.content.enrolmentResponse.certificate, vc_eaCertificate, vc_eaHashedId8, v_public_compressed_key, v_compressed_mode, v_ec_cert_hashed_id8) == true) {
ASN.1 Documenter's avatar
ASN.1 Documenter committed
                  log("*** " & testcasename() & ": PASS: Well-secured EC certificate received ***");
                  f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                } else {
                  log("*** " & testcasename() & ": FAIL: EC certificate is not proerly formated ***");
                  f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                }
              } else {
                log("*** " & testcasename() & ": FAIL: Unexpected message received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
              }
            }
          }
          [] tc_ac.timeout {
            log("*** " & testcasename() & ": INCONC: Expected message not received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
          }
        } // End of 'alt' statement
        
        // Postamble
        f_cfHttpDown();
        
      } // End of testcase TC_SECPKI_EA_ENR_09_BV
      
      /**
       * @desc If the responseCode is different than 0, the InnerECResponse shall not contain a certificate.
       * <pre>
       * Pics Selection: PICS_IUT_EA_ROLE
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives an EnrolmentRequestMessage
       *         }
       *         then {
       *             the IUT sends an EtsiTs103097Data-Encrypted structure
       *                 containing an encrypted EtsiTs103097Data-Signed structure
       *                     containing tbsData
       *                         containing EtsiTS102941Data
       *                             containing InnerECResponse
       *                                 not containing a certificate
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 v1.2.1 TP SECPKI_EA_ENR_10_BV
ASN.1 Documenter's avatar
ASN.1 Documenter committed
       * @reference ETSI TS 102 941, clause 6.2.3.2.2
       */
      testcase TC_SECPKI_EA_ENR_10_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
        // Local variables
        var Oct32 v_private_key;
        var Oct32 v_public_compressed_key;
        var integer v_compressed_mode;
        var Oct32 v_request_hash;
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
        var Oct16 v_aes_sym_key;
        var Oct16 v_encrypted_sym_key;
        var Oct16 v_authentication_vector;
        var Oct12 v_nonce;
        var octetstring v_salt;
        var Headers v_headers;
        var HttpMessage v_response;
        var EtsiTs102941Data v_etsi_ts_102941_data;
        
        // Test control
        if (not PICS_IUT_EA_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID);
        
        // Test adapter configuration
        
        // Preamble
        f_http_build_invalid_enrolment_request(v_private_key, v_public_compressed_key, v_compressed_mode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
        f_init_default_headers_list(-, "inner_ec_request", v_headers);
        f_http_send(
                    v_headers,
                    m_http_request(
                                   m_http_request_post(
                                                       PICS_HTTP_POST_URI_EC,
                                                       v_headers,
                                                       m_http_message_body_binary(
                                                                                  m_binary_body_ieee1609dot2_data(
                                                                                                                  v_ieee1609dot2_signed_and_encrypted_data
                                                                                                                  )))));
        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
        
        // Test Body
        tc_ac.start;
        alt {
          [] a_await_ec_http_response_from_iut(
                                               mw_http_response(
                                                                mw_http_response_ok(
                                                                                    mw_http_message_body_binary(
                                                                                                                mw_binary_body_ieee1609dot2_data(
                                                                                                                                                 mw_enrolmentResponseMessage(
                                                                                                                                                                             mw_encryptedData(
                                                                                                                                                                                              -,
                                                                                                                                                                                              mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                                              )))))),
                                               v_response
                                               ) {
            tc_ac.stop;
            
            if (f_verify_pki_response_message(v_private_key, v_aes_sym_key, v_authentication_vector, vc_eaWholeHash, v_response.response.body.binary_body.ieee1609dot2_data, true, -, v_etsi_ts_102941_data) == false) {
              log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***");
              f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
            } else {
              log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***");
              if (match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ko))) {
                log("*** " & testcasename() & ": PASS: Well-secured EA certificate received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
              } else {
                log("*** " & testcasename() & ": FAIL: Unexpected message received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
              }
            }
          }
          [] tc_ac.timeout {
            log("*** " & testcasename() & ": INCONC: Expected message not received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
          }
        } // End of 'alt' statement
        
        // Postamble
        f_cfHttpDown();
        
      } // End of testcase TC_SECPKI_EA_ENR_10_BV
      
      /**
       * @desc Check that signing of Enrolment response message is permitted by the EA certificate.
       * <pre>
       * Pics Selection: PICS_IUT_EA_ROLE
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives an EnrolmentRequestMessage
       *         }
       *         then {
       *             the IUT sends an EtsiTs103097Data-Encrypted structure
       *                 containing an encrypted EtsiTs103097Data-Signed structure
       *                     containing signer
       *                         declared as a digest
       *                             containing the HashedId8 of the EA certificate
       *                                 containing appPermissions
       *                                     containing an item of type PsidSsp
       *                                         containing psid
       *                                             indicating AID_CERT_REQ
       *                                         and containing ssp
       *                                             containing opaque[0] (version) 
       *                                                 indicating 1
       *                                             containing opaque[1] (value) 
       *                                                 indicating bit "Enrolment Response" (5) set to 1
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 v1.2.1 TP SECPKI_EA_ENR_11_BV
ASN.1 Documenter's avatar
ASN.1 Documenter committed
       * @reference ETSI TS 102 941, clause B[5]
       */
      testcase TC_SECPKI_EA_ENR_11_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
        // Local variables
        var Oct32 v_private_key;
        var Oct32 v_public_compressed_key;
        var integer v_compressed_mode;
        var Oct32 v_request_hash;
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
        var Oct16 v_aes_sym_key;
        var Oct16 v_encrypted_sym_key;
        var Oct16 v_authentication_vector;
        var Oct12 v_nonce;
        var octetstring v_salt;
        var Headers v_headers;
        var HttpMessage v_response;
        var EtsiTs102941Data v_etsi_ts_102941_data;
        
        // Test control
        if (not PICS_IUT_EA_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID);
        
        // Test adapter configuration
        
        // Preamble
        f_http_build_inner_ec_request(v_private_key, v_public_compressed_key, v_compressed_mode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
        f_init_default_headers_list(-, "inner_ec_request", v_headers);
        f_http_send(
                    v_headers,
                    m_http_request(
                                   m_http_request_post(
                                                       PICS_HTTP_POST_URI_EC,
                                                       v_headers,
                                                       m_http_message_body_binary(
                                                                                  m_binary_body_ieee1609dot2_data(
                                                                                                                  v_ieee1609dot2_signed_and_encrypted_data
                                                                                                                  )))));
        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
        
        // Test Body
        tc_ac.start;
        alt {
          [] a_await_ec_http_response_from_iut(
                                               mw_http_response(
                                                                mw_http_response_ok(
                                                                                    mw_http_message_body_binary(
                                                                                                                mw_binary_body_ieee1609dot2_data(
                                                                                                                                                 mw_enrolmentResponseMessage(
                                                                                                                                                                             mw_encryptedData(
                                                                                                                                                                                              { mw_recipientInfo_pskRecipInfo },
                                                                                                                                                                                              mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                                              )))))),
                                               v_response
                                               ) {
            tc_ac.stop;
            
            if (f_verify_pki_response_message(v_private_key, v_aes_sym_key, v_authentication_vector, vc_eaWholeHash, v_response.response.body.binary_body.ieee1609dot2_data, true, -, v_etsi_ts_102941_data) == false) {
              log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***");
              f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
            } else {
              log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***");
              log("*** " & testcasename() & ": DEBUG: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16), mw_etsiTs103097Certificate(-, mw_toBeSignedCertificate_ec, -)))), " ***"); // TODO In TITAN, this is the only way to get the unmatching in log
              if (match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16), mw_etsiTs103097Certificate(-, mw_toBeSignedCertificate_ec, -))))) {
                var HashedId8 v_ec_cert_hashed_id8;

                if (f_verify_ec_certificate(v_etsi_ts_102941_data.content.enrolmentResponse.certificate, vc_eaCertificate, vc_eaHashedId8, v_public_compressed_key, v_compressed_mode, v_ec_cert_hashed_id8) == true) {
ASN.1 Documenter's avatar
ASN.1 Documenter committed
                  log("*** " & testcasename() & ": PASS: Well-secured EC certificate received ***");
                  f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                } else {
                  log("*** " & testcasename() & ": FAIL: EC certificate is not proerly formated ***");
                  f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                }
              } else {
                log("*** " & testcasename() & ": FAIL: Unexpected message received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
              }
            }
          }
          [] tc_ac.timeout {
            log("*** " & testcasename() & ": INCONC: Expected message not received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
          }
        } // End of 'alt' statement
        
        // Postamble
        f_cfHttpDown();
        
      } // End of testcase TC_SECPKI_EA_ENR_11_BV
      
      /**
       * @desc Check that generated EC certificate contains only allowed permissions.
       * <pre>
       * Pics Selection: PICS_IUT_EA_ROLE
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives an EnrolmentRequestMessage
       *         }
       *         then {
       *             the EC_CERT
       *                 containing appPermissions
       *                     containing an item of type PsidSsp
       *                         containing psid
       *                             indicating AID_CERT_REQ
       *                         and containing ssp
       *                             containing opaque[0] (version) 
       *                                 indicating 1
       *                             containing opaque[1] (value) 
       *                                 indicating "Enrolment Request" (bit 0) set to 1
       *                                 indicating "Authorization Request" (bit 1) set to 1
       *                                 indicating other bits set to 0
       *                     and NOT containing an item of type PsidSsp
       *                         containing psid
       *                             indicating AID_CTL
       *                     and NOT containing an item of type PsidSsp
       *                         containing psid
       *                             indicating AID_CRL
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 v1.2.1 TP SECPKI_EA_ENR_12_BV
ASN.1 Documenter's avatar
ASN.1 Documenter committed
       * @reference ETSI TS 102 941, clause B[5]
       */
      testcase TC_SECPKI_EA_ENR_12_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
        // Local variables
        var Oct32 v_private_key;
        var Oct32 v_public_compressed_key;
        var integer v_compressed_mode;
        var Oct32 v_request_hash;
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
        var Oct16 v_aes_sym_key;
        var Oct16 v_encrypted_sym_key;
        var Oct16 v_authentication_vector;
        var Oct12 v_nonce;
        var octetstring v_salt;
        var Headers v_headers;
        var HttpMessage v_response;
        var EtsiTs102941Data v_etsi_ts_102941_data;
        
        // Test control
        if (not PICS_IUT_EA_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID);
        
        // Test adapter configuration
        
        // Preamble
        f_http_build_inner_ec_request(v_private_key, v_public_compressed_key, v_compressed_mode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
        f_init_default_headers_list(-, "inner_ec_request", v_headers);
        f_http_send(
                    v_headers,
                    m_http_request(
                                   m_http_request_post(
                                                       PICS_HTTP_POST_URI_EC,
                                                       v_headers,
                                                       m_http_message_body_binary(
                                                                                  m_binary_body_ieee1609dot2_data(
                                                                                                                  v_ieee1609dot2_signed_and_encrypted_data
                                                                                                                  )))));
        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
        
        // Test Body
        tc_ac.start;
        alt {
          [] a_await_ec_http_response_from_iut(
                                               mw_http_response(
                                                                mw_http_response_ok(
                                                                                    mw_http_message_body_binary(
                                                                                                                mw_binary_body_ieee1609dot2_data(
                                                                                                                                                 mw_enrolmentResponseMessage(
                                                                                                                                                                             mw_encryptedData(
                                                                                                                                                                                              { mw_recipientInfo_pskRecipInfo },
                                                                                                                                                                                              mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                                              )))))),
                                               v_response
                                               ) {
            tc_ac.stop;
            
            if (f_verify_pki_response_message(v_private_key, v_aes_sym_key, v_authentication_vector, vc_eaWholeHash, v_response.response.body.binary_body.ieee1609dot2_data, true, -, v_etsi_ts_102941_data) == false) {
              log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***");
              f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
            } else {
              log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***");
              log("*** " & testcasename() & ": DEBUG: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16), mw_etsiTs103097Certificate(-, mw_toBeSignedCertificate_ec, -)))), " ***"); // TODO In TITAN, this is the only way to get the unmatching in log
              if (match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16), mw_etsiTs103097Certificate(-, mw_toBeSignedCertificate_ec, -))))) {
                var HashedId8 v_ec_cert_hashed_id8;
                
                if (f_verify_ec_certificate(v_etsi_ts_102941_data.content.enrolmentResponse.certificate, vc_eaCertificate, vc_eaHashedId8, v_public_compressed_key, v_compressed_mode, v_ec_cert_hashed_id8) == true) {
ASN.1 Documenter's avatar
ASN.1 Documenter committed
                  log("*** " & testcasename() & ": PASS: Well-secured EC certificate received ***");
                  f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                } else {
                  log("*** " & testcasename() & ": FAIL: EC certificate is not proerly formated ***");
                  f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                }
              } else {
                log("*** " & testcasename() & ": FAIL: Unexpected message received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
              }
            }
          }
          [] tc_ac.timeout {
            log("*** " & testcasename() & ": INCONC: Expected message not received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
          }
        } // End of 'alt' statement
        
        // Postamble
        f_cfHttpDown();
        
      } // End of testcase TC_SECPKI_EA_ENR_12_BV
      
    } // End of group enrolment_response

    group authorization_validation_request {

      group atv_helpers {

        function f_verify_http_at_request_from_iut_atv(
                                                       in Request p_request,
                                                       out Oct16 p_aes_enc_key,
                                                       out Oct16 p_request_hash,
                                                       out SharedAtRequest p_shared_at_request,
                                                       out integer p_result
                                                       ) runs on ItsPkiHttp {
          // Local variables
          var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
          var EtsiTs102941Data v_etsi_ts_102941_data;
          
          log(">>> f_verify_http_at_request_from_iut_atv: p_request= ", p_request);
          
          p_result := 0;
          
          if (f_verify_pki_request_message(vc_eaPrivateEncKey/*Encrypted with AA*/, vc_eaWholeHash/*salt*/, vc_aaWholeHash/*Issuer is AA*/, p_request.body.binary_body.ieee1609dot2_data, true, p_request_hash, v_etsi_ts_102941_data, p_aes_enc_key) == false) {
            // Set verdict
            p_result := -1;
          } else {
            log("f_verify_http_at_request_from_iut_atv: Receive ", v_etsi_ts_102941_data);
            log(match(v_etsi_ts_102941_data.content, mw_authorizationValidationRequest(mw_authorization_validation_request(mw_shared_at_request, mw_ec_signature)))); // TODO In TITAN, this is the only way to get the unmatching in log
            if (match(v_etsi_ts_102941_data.content, mw_authorizationValidationRequest(mw_authorization_validation_request(mw_shared_at_request, mw_ec_signature))) == false) { // TODO To be refined
              // Set verdict
              p_result := -2;
            } else {
              p_shared_at_request := v_etsi_ts_102941_data.content.authorizationValidationRequest.sharedAtRequest;
              log("f_verify_http_at_request_from_iut_atv: p_shared_at_request= ", p_shared_at_request);
              // TODO Refined expected mw_signature_ecdsaNistP256
            }
          }
          
          log("<<< f_verify_http_at_request_from_iut_atv: p_shared_at_request= ", p_shared_at_request);
          log("<<< f_verify_http_at_request_from_iut_atv: p_aes_sym_key= ", p_aes_enc_key);
          log("<<< f_verify_http_at_request_from_iut_atv: p_request_hash= ", p_request_hash);
          log("<<< f_verify_http_at_request_from_iut_atv: p_result: ", p_result);
        } // End of function f_verify_http_at_request_from_iut_atv
        
        function f_verify_http_at_response_from_iut_atv(
                                                        in InnerAtRequest p_inner_at_request,
                                                        in Response p_response,
                                                        in octetstring p_private_key,
                                                        in Oct16 p_aes_sym_key,
                                                        in Oct16 p_authentication_vector,
                                                        in Oct32 p_request_hash,
                                                        out InnerAtResponse p_inner_at_response,
                                                        //TODO out EtsiTs103097Data p_authorization_validation_response,
                                                        out integer p_result
                                                        ) runs on ItsPkiHttp {
          // Local variables
          var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
          var EtsiTs102941Data v_etsi_ts_102941_data;
          var Oct16 v_aes_enc_key;
          var InnerEcResponse v_inner_ec_response;
          
          log(">>> f_verify_http_at_response_from_iut_atv: p_inner_at_request= ", p_inner_at_request);
          log(">>> f_verify_http_at_response_from_iut_atv: p_response= ", p_response);
          log(">>> f_verify_http_at_response_from_iut_atv: p_private_key= ", p_private_key);
          log(">>> f_verify_http_at_response_from_iut_atv: p_aes_sym_key= ", p_aes_sym_key);
          log(">>> f_verify_http_at_response_from_iut_atv: p_authentication_vector= ", p_authentication_vector);
          log(">>> f_verify_http_at_response_from_iut_atv: p_request_hash= ", p_request_hash);
          
          p_result := 0;
          
          if (f_verify_pki_response_message(p_private_key, p_aes_sym_key, p_authentication_vector, vc_eaWholeHash, p_response.body.binary_body.ieee1609dot2_data, true, 1, v_etsi_ts_102941_data) == false) {
            // Set verdict
            p_result := -1;
          } else {
            log("f_verify_http_at_response_from_iut_atv: Receive ", v_etsi_ts_102941_data);
            log(match(v_etsi_ts_102941_data.content, mw_authorizationValidationResponse(mw_authorizationValidationResponse_ok(substr(p_request_hash, 0, 16), mw_certificate_subject_attributes(p_inner_at_request.sharedAtRequest.requestedSubjectAttributes.appPermissions, p_inner_at_request.sharedAtRequest.requestedSubjectAttributes.id, p_inner_at_request.sharedAtRequest.requestedSubjectAttributes.validityPeriod))))); // TODO In TITAN, this is the only way to get the unmatching in log
            if (match(v_etsi_ts_102941_data.content, mw_authorizationValidationResponse(mw_authorizationValidationResponse_ok(substr(p_request_hash, 0, 16), mw_certificate_subject_attributes(p_inner_at_request.sharedAtRequest.requestedSubjectAttributes.appPermissions, p_inner_at_request.sharedAtRequest.requestedSubjectAttributes.id, p_inner_at_request.sharedAtRequest.requestedSubjectAttributes.validityPeriod)))) == false) { 
              // Set verdict
              p_result := -2;
            } else {
              // TODO Refined expected mw_signature_ecdsaNistP256
              log("f_verify_http_at_response_from_iut_atv: Well-secured AT certificate received");
            }
          }
          
          log("<<< f_verify_http_at_response_from_iut_atv: p_result: ", p_result);
        } // End of function f_verify_http_at_response_from_iut_atv
        
        function f_verify_http_at_response_from_iut_atv_error(
                                                              in InnerAtRequest p_inner_at_request,
                                                              in Response p_response,
                                                              in octetstring p_private_key,
                                                              in Oct16 p_aes_sym_key,
                                                              in Oct16 p_authentication_vector,
                                                              in Oct32 p_request_hash,
                                                              out InnerAtResponse p_inner_at_response,
                                                              //TODO out EtsiTs103097Data p_authorization_validation_response,
                                                              out integer p_result
                                                              ) runs on ItsPkiHttp {
          // Local variables
          var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
          var EtsiTs102941Data v_etsi_ts_102941_data;
          var Oct16 v_aes_enc_key;
          var InnerEcResponse v_inner_ec_response;
          
          log(">>> f_verify_http_at_response_from_iut_atv_error: p_inner_at_request= ", p_inner_at_request);
          log(">>> f_verify_http_at_response_from_iut_atv_error: p_response= ", p_response);
          log(">>> f_verify_http_at_response_from_iut_atv_error: p_private_key= ", p_private_key);
          log(">>> f_verify_http_at_response_from_iut_atv_error: p_aes_sym_key= ", p_aes_sym_key);
          log(">>> f_verify_http_at_response_from_iut_atv_error: p_authentication_vector= ", p_authentication_vector);
          log(">>> f_verify_http_at_response_from_iut_atv_error: p_request_hash= ", p_request_hash);
          
          p_result := 0;
          
          if (f_verify_pki_response_message(p_private_key, p_aes_sym_key, p_authentication_vector, vc_eaWholeHash, p_response.body.binary_body.ieee1609dot2_data, true, 1, v_etsi_ts_102941_data) == false) {
            // Set verdict
            p_result := -1;
          } else {
            log("f_verify_http_at_response_from_iut_atv_error: Receive ", v_etsi_ts_102941_data);
            log(match(v_etsi_ts_102941_data.content, mw_authorizationValidationResponse(mw_authorizationValidationResponse_ko(substr(p_request_hash, 0, 16))))); // TODO In TITAN, this is the only way to get the unmatching in log
            if (match(v_etsi_ts_102941_data.content, mw_authorizationValidationResponse(mw_authorizationValidationResponse_ko(substr(p_request_hash, 0, 16)))) == false) { 
              // Set verdict
              p_result := -2;
            } else {
              // TODO Refined expected mw_signature_ecdsaNistP256
              log("f_verify_http_at_response_from_iut_atv_error: Well-formatted error response received");
            }
          }
          
          log("<<< f_verify_http_at_response_from_iut_atv_error: p_result: ", p_result);
        } // End of function f_verify_http_at_response_from_iut_atv_error
        
      } // End of group atv_helpers
      
      /**
       * @desc The AuthorizationValidationResponse message shall be sent by the EA to the AA across the interface 
       *       at reference point S4 in response to a received AuthorizationValidationRequest message
       * <pre>
       * Pics Selection: PICS_IUT_EA_ROLE
       * Initial conditions: 
       *     with {
       *         the IUT being in the "operational state"
       *     }
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives a AuthorizationValidationRequest message
       *         }
       *         then {
       *             the IUT sends a AuthorizationValidationResponse message
       *                 across the reference point S4 to the AA
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 v1.2.1 TP SECPKI_EA_AUTHVAL_RCV_01_BV
ASN.1 Documenter's avatar
ASN.1 Documenter committed
       * @reference ETSI TS 102 941, clause 6.2.3.4
       * @remark    Need to provide CERT_TS_A_AA & CERT_IUT_A_RCA to the PKI
       */
      testcase TC_SECPKI_EA_AUTHVAL_RCV_01_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
        // Local variables
        var Oct32 v_private_key_ec;
        var Oct32 v_public_compressed_key_ec;
        var integer v_compressed_key_mode_ec;
        var InnerEcResponse v_inner_ec_response;
        var Oct32 v_private_key_at;
        var Oct32 v_public_compressed_key_at;
        var integer v_compressed_key_mode_at;
        var Oct32 v_private_enc_key_at;
        var Oct32 v_public_compressed_enc_key_at;
        var integer v_compressed_enc_mode_at;
        var InnerAtRequest v_inner_at_request;
        var Oct32 v_request_hash;
        var Oct16 v_encrypted_sym_key;
        var Oct16 v_aes_sym_key;
        var HashedId8 v_aes_sym_key_hashed_id8;
        var Oct16 v_authentication_vector;
        var Oct12 v_nonce;
        var octetstring v_salt;
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
        var Headers v_headers;
        var HttpMessage v_response;
        var EtsiTs102941Data v_etsi_ts_102941_data;
        
        // Test control
        if (not PICS_IUT_EA_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);
        
        // Test adapter configuration
        
        // Preamble
        // Trigger an enrolment request
        if (f_await_http_inner_ec_request_response(v_private_key_ec, v_public_compressed_key_ec, v_compressed_key_mode_ec, v_inner_ec_response) == false) {
          log("*** " & testcasename() & ": INCONC: Enrolment failed ***");
          f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
        } else {
          log("*** " & testcasename() & ": INFO: Enrolment succeed ***");
          f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
        }
        log("*** " & testcasename() & ": DEBUG: v_inner_ec_response= ", v_inner_ec_response);
        log("*** " & testcasename() & ": DEBUG: v_private_key_ec= ", v_private_key_ec);
        // Generate an InnerAtRequest
        if (f_generate_inner_at_request(vc_aaCertificate, -, vc_aaHashedId8, vc_eaCertificate, vc_eaWholeHash/*salt*/, vc_eaHashedId8, v_inner_ec_response.certificate, v_private_key_ec, v_private_key_at, v_public_compressed_key_at, v_compressed_key_mode_at, v_private_enc_key_at, v_public_compressed_enc_key_at, v_compressed_enc_mode_at, v_inner_at_request) == false) {
          log("*** " & testcasename() & ": ERROR: Failed to generate AuthorizationValidationRequest ***");
          f_selfOrClientSyncAndVerdict("error", e_error);
        }
        log("*** " & testcasename() & ": DEBUG: v_inner_at_request= ", v_inner_at_request);
        log("*** " & testcasename() & ": DEBUG: v_private_key_at= ", v_private_key_at);
        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
        
        // Test Body
        f_http_build_authorization_validation_request(v_inner_at_request, v_public_compressed_key_at, v_compressed_key_mode_at, v_private_enc_key_at, v_public_compressed_enc_key_at, v_compressed_enc_mode_at, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
        v_aes_sym_key_hashed_id8 := f_hashedId8FromSha256(f_hashWithSha256('80'O & v_aes_sym_key)); // Used to match the response
        f_init_default_headers_list(-, "inner_atv_request", v_headers);
        f_http_send(
                    v_headers,
                    m_http_request(
                                   m_http_request_post(
                                                       PICS_HTTP_POST_URI_ATV,
                                                       v_headers,
                                                       m_http_message_body_binary(
                                                                                  m_binary_body_ieee1609dot2_data(
                                                                                                                  v_ieee1609dot2_signed_and_encrypted_data
                                                                                                                  )))));
        tc_ac.start;
        alt {
          [] a_await_atv_http_response_from_iut(
                                                mw_http_response(
                                                                 mw_http_response_ok(
                                                                                     mw_http_message_body_binary(
                                                                                                                 mw_binary_body_ieee1609dot2_data(
                                                                                                                                                  mw_authorizationResponseMessage(
                                                                                                                                                                                  mw_encryptedData(
                                                                                                                                                                                                   { *, mw_recipientInfo_pskRecipInfo(v_aes_sym_key_hashed_id8), * },
                                                                                                                                                                                                   mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                                                   )))))),
                                                v_response
                                                ) {
            var integer v_result;
            var InnerAtResponse v_inner_at_response;
            
            tc_ac.stop;
            
            f_verify_http_at_response_from_iut_atv(v_inner_at_request, v_response.response, v_private_key_at, v_aes_sym_key, v_authentication_vector, v_request_hash, v_inner_at_response, v_result);
            // Set verdict
            if (v_result == 0) {
              log("*** " & testcasename() & ": PASS: Well-secured AT certificate received ***");
              f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
            } else {
              log("*** " & testcasename() & ": FAIL: Failed to verify AT response  ***");
              f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
            }
          }
          [] tc_ac.timeout {
            log("*** " & testcasename() & ": INCONC: Expected message not received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
          }
        } // End of 'alt' statement
        
        // Postamble
        f_cfHttpDown();
        
      } // End of testcase TC_SECPKI_EA_AUTHVAL_RCV_01_BV
      
      /**
       * @desc Check that EA doesn't accept Authorization Validation Request when 
       *       SharedAtRequest is signed with certificate without appropriate 
       *       permissions
       * <pre>
       * Pics Selection: PICS_IUT_EA_ROLE
       * Initial conditions: 
       *     with {
       *         the IUT being in the "operational state"
       *     }
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives a AuthorizationValidationRequest  message
       *         }
       *         then {
       *             the IUT sends a AuthorizationValidationResponse message
       *                 across the reference point S4 to the AA
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 v1.2.1 TP SECPKI_EA_AUTHVAL_RCV_02_BI
ASN.1 Documenter's avatar
ASN.1 Documenter committed
       * @reference ETSI TS 102 941, clause B[5]
       * @remark    Need to provide CERT_TS_A_EA_AA_AUTHVAL_RCV_02_BI_01 to the PKI
       */
      testcase TC_SECPKI_EA_AUTHVAL_RCV_02_BI() runs on ItsPkiHttp system ItsPkiHttpSystem {
        // Local variables
        var Oct32 v_private_key_ec;
        var Oct32 v_public_compressed_key_ec;
        var integer v_compressed_key_mode_ec;
        var InnerEcResponse v_inner_ec_response;
        var Oct32 v_private_key_at;
        var Oct32 v_public_compressed_key_at;
        var integer v_compressed_key_mode_at;
        var Oct32 v_private_enc_key_at;
        var Oct32 v_public_compressed_enc_key_at;
        var integer v_compressed_enc_mode_at;
        var InnerAtRequest v_inner_at_request;
        var Oct32 v_request_hash;
        var Oct16 v_encrypted_sym_key;
        var Oct16 v_aes_sym_key;
        var HashedId8 v_aes_sym_key_hashed_id8;
        var Oct16 v_authentication_vector;
        var Oct12 v_nonce;
        var octetstring v_salt;
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
        var Headers v_headers;
        var HttpMessage v_response;
        var EtsiTs102941Data v_etsi_ts_102941_data;
        
        // Test control
        if (not PICS_IUT_EA_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        //f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);
        f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, "CERT_TS_A_EA_AA_AUTHVAL_RCV_02_BI_01");
ASN.1 Documenter's avatar
ASN.1 Documenter committed
        
        // Test adapter configuration
        
        // Preamble
        // Trigger an enrolment request
        if (f_await_http_inner_ec_request_response(v_private_key_ec, v_public_compressed_key_ec, v_compressed_key_mode_ec, v_inner_ec_response) == false) {
          log("*** " & testcasename() & ": INCONC: Enrolment failed ***");
          f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
        } else {
          log("*** " & testcasename() & ": INFO: Enrolment succeed ***");
          f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
        }
        log("*** " & testcasename() & ": DEBUG: v_inner_ec_response= ", v_inner_ec_response);
        log("*** " & testcasename() & ": DEBUG: v_private_key_ec= ", v_private_key_ec);
        // Generate an InnerAtRequest
        if (f_generate_inner_at_request(vc_aaCertificate, -, vc_aaHashedId8, vc_eaCertificate, vc_eaWholeHash/*salt*/, vc_eaHashedId8, v_inner_ec_response.certificate, v_private_key_ec, v_private_key_at, v_public_compressed_key_at, v_compressed_key_mode_at, v_private_enc_key_at, v_public_compressed_enc_key_at, v_compressed_enc_mode_at, v_inner_at_request) == false) {
          log("*** " & testcasename() & ": ERROR: Failed to generate AuthorizationValidationRequest ***");
          f_selfOrClientSyncAndVerdict("error", e_error);
        }
        log("*** " & testcasename() & ": DEBUG: v_inner_at_request= ", v_inner_at_request);
        log("*** " & testcasename() & ": DEBUG: v_private_key_at= ", v_private_key_at);
        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
        
        // Test Body
        f_http_build_authorization_validation_request(v_inner_at_request, v_public_compressed_key_at, v_compressed_key_mode_at, v_private_enc_key_at, v_public_compressed_enc_key_at, v_compressed_enc_mode_at, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
        v_aes_sym_key_hashed_id8 := f_hashedId8FromSha256(f_hashWithSha256('80'O & v_aes_sym_key)); // Used to match the response
        f_init_default_headers_list(-, "inner_atv_request", v_headers);
        f_http_send(
                    v_headers,
                    m_http_request(
                                   m_http_request_post(
                                                       PICS_HTTP_POST_URI_ATV,
                                                       v_headers,
                                                       m_http_message_body_binary(
                                                                                  m_binary_body_ieee1609dot2_data(
                                                                                                                  v_ieee1609dot2_signed_and_encrypted_data
                                                                                                                  )))));
        tc_ac.start;
        alt {
          [] a_await_atv_http_response_from_iut(
                                                mw_http_response(