Newer
Older
mw_binary_body_ieee1609dot2_data(
mw_authorizationRequestMessage(
mw_encryptedData(
{ *, mw_recipientInfo_certRecipInfo(mw_pKRecipientInfo(vc_eaHashedId8)), * },
mw_symmetricCiphertext_aes128ccm
)))))),
v_request
) {
tc_noac.stop;
log("*** " & testcasename() & ": FAIL: IUT shall not process the AtV request ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
}
[] tc_noac.timeout {
log("*** " & testcasename() & ": PASS: IUT has discarded the request ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
}
} // End of 'alt' statement
// Postamble
f_cfHttpDown();
} // End of testcase TC_SECPKI_AA_AUTH_RCV_05_BI
8024
8025
8026
8027
8028
8029
8030
8031
8032
8033
8034
8035
8036
8037
8038
8039
8040
8041
8042
8043
8044
8045
8046
8047
8048
8049
8050
8051
8052
8053
8054
8055
8056
8057
8058
8059
8060
8061
8062
/**
* @desc Check that the AA rejects the AuthorizationRequest message if it unable to verify the POP signature
* <pre>
* Pics Selection: PICS_IUT_AA_ROLE
* Initial conditions:
* with {
* the EA/AA in "operational state"
* authorized with the certificate CERT_AA
* containing encryptionKey (AA_ENC_PUB_KEY)
* }
* Expected behaviour:
* ensure that {
* when {
* the IUT is received the EtsiTs103097Data message
* containing content.encryptedData.cyphertext
* containing encrypted representation of the EtsiTs103097Data-Signed (SIGNED_DATA)
* containing content.signedData
* containing tbsData
* containing payload
* containing EtsiTs102941Data
* containing content.authorizationRequest
* containing publicKeys.verificationKey (V_KEY)
* and containing signature (SIGNATURE)
* indicating value calculated with OTHER key than private key correspondent to V_KEY
* }
* then {
* the IUT does not send the AuthorizationValidationRequest message
* and the IUT sends to the TS the AuthorizationResponse message
* containing authorizationResponse
* containing requestHash
* indicating the leftmost 16 bits of the SHA256 value
* calculated over the SIGNED_DATA
* and containing responseCode
* indicating the value NOT EQUAL to 0
* and not containing certificate
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v2.0.1 SECPKI_AA_AUTH_RCV_06_BI
8064
8065
8066
8067
8068
8069
8070
8071
8072
8073
8074
8075
8076
8077
8078
8079
8080
8081
8082
8083
8084
8085
* @reference ETSI TS 102 941, clause 6.2.3.3.1
*/
testcase TC_SECPKI_AA_AUTH_RCV_06_BI() runs on ItsPkiHttp system ItsPkiHttpSystem {
var Oct32 v_private_key_ec;
var Oct32 v_public_compressed_key_ec;
var integer v_compressed_key_mode_ec;
var InnerEcResponse v_inner_ec_response;
var Oct32 v_private_key_at;
var Oct32 v_public_compressed_key_at;
var integer p_compressed_mode_at;
var Oct32 v_private_enc_key_at;
var Oct32 v_public_compressed_enc_key_at;
var integer v_compressed_enc_mode_at;
var Oct32 v_request_hash;
var Oct16 v_encrypted_sym_key;
var Oct16 v_aes_sym_key;
var HashedId8 v_aes_sym_key_hashed_id8;
var Oct16 v_authentication_vector;
var Oct12 v_nonce;
var octetstring v_salt;
var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
var Headers v_headers;
var HttpMessage v_response;
var EtsiTs102941Data v_etsi_ts_102941_data;
var InnerEcRequest v_inner_ec_request;
var EtsiTs103097Certificate v_ec_certificate;
var HashedId8 v_ec_certificate_hashed_id8;
// Test control
if (not PICS_IUT_AA_ROLE or not PICS_PKI_AUTH_POP) {
log("*** " & testcasename() & ": PICS_IUT_AA_ROLE and PICS_PKI_AUTH_POP required for executing the TC ***");
setverdict(inconc);
stop;
}
// Test component configuration
f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_IUT_AA_CERTIFICATE_ID);
f_generate_inner_ec_request(v_private_key_ec, v_public_compressed_key_ec, v_compressed_key_mode_ec, v_inner_ec_request);
f_generate_ec_certificate_for_inner_ec_response(v_inner_ec_request, v_private_key_ec, vc_eaWholeHash, v_ec_certificate, v_ec_certificate_hashed_id8);
log("*** " & testcasename() & ": DEBUG: v_ec_certificate= ", v_ec_certificate);
log("*** " & testcasename() & ": DEBUG: v_private_key_ec= ", v_private_key_ec);
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
f_http_build_authorization_request_with_wrong_parameters(v_ec_certificate, v_private_key_ec, true, -, -, -, -, -, -, -, -, v_private_key_at, v_public_compressed_key_at, p_compressed_mode_at, v_private_enc_key_at, v_public_compressed_enc_key_at, v_compressed_enc_mode_at, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
8115
8116
8117
8118
8119
8120
8121
8122
8123
8124
8125
8126
8127
8128
8129
8130
8131
8132
8133
8134
8135
8136
v_aes_sym_key_hashed_id8 := f_hashedId8FromSha256(f_hashWithSha256('80'O & v_aes_sym_key)); // Used to match the response
f_init_default_headers_list(-, "inner_at_request", v_headers);
f_http_send(
v_headers,
m_http_request(
m_http_request_post(
PICS_HTTP_POST_URI_AT,
v_headers,
m_http_message_body_binary(
m_binary_body_ieee1609dot2_data(
v_ieee1609dot2_signed_and_encrypted_data
)))));
tc_ac.start;
alt {
[] a_await_at_http_response_from_iut(
mw_http_response(
mw_http_response_ok(
mw_http_message_body_binary(
mw_binary_body_ieee1609dot2_data(
mw_authorizationResponseMessage(
mw_encryptedData(
{ *, mw_recipientInfo_pskRecipInfo(v_aes_sym_key_hashed_id8), * },
mw_symmetricCiphertext_aes128ccm
)))))),
v_response
) {
var integer v_result;
var InnerAtResponse v_authorization_validation_response;
f_verify_http_at_response_from_iut_aa(v_response.response, v_private_key_at, v_aes_sym_key, v_authentication_vector, v_request_hash, v_authorization_validation_response, v_result);
log("*** " & testcasename() & ": INFO: AuthorizationValidationResponse= ", v_authorization_validation_response, " ***");
// Set verdict
if (v_result == -3) {
log("*** " & testcasename() & ": PASS: IUT has rejected the request ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
} else {
log("*** " & testcasename() & ": FAIL: IUT shall not process the request ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
}
}
[] a_await_at_http_response_from_iut(mw_http_response(mw_http_response_ko), v_response) {
tc_ac.stop;
log("*** " & testcasename() & ": FAIL: IUT shall not respond with HTTP error ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
}
[] a_await_atv_http_request_from_iut(
mw_http_request(
mw_http_request_post(
"/Auth", //FIXME: Use another PIXIT than PICS_HTTP_POST_URI_ATV,
-,
mw_http_message_body_binary(
mw_binary_body_ieee1609dot2_data(
mw_authorizationRequestMessage(
mw_encryptedData(
{ *, mw_recipientInfo_certRecipInfo(mw_pKRecipientInfo(vc_eaHashedId8)), * },
mw_symmetricCiphertext_aes128ccm
)))))),
v_request
) {
tc_ac.stop;
log("*** " & testcasename() & ": FAIL: IUT shall not process the AtV request ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": FAIL: No response received from the IUT ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_cfHttpDown();
} // End of testcase TC_SECPKI_AA_AUTH_RCV_06_BI
8192
8193
8194
8195
8196
8197
8198
8199
8200
8201
8202
8203
8204
8205
8206
8207
8208
8209
8210
8211
8212
8213
8214
8215
8216
8217
8218
8219
8220
8221
8222
8223
8224
8225
8226
/**
* @desc Check that the AA rejects the AuthorizationRequest message if it unable to verify the integrity of the request using hmacKey
* <pre>
* Pics Selection: PICS_IUT_AA_ROLE
* Initial conditions:
* with {
* the EA/AA in "operational state"
* authorized with the certificate CERT_AA
* containing encryptionKey (AA_ENC_PUB_KEY)
* }
* Expected behaviour:
* ensure that {
* when {
* the IUT is received the EtsiTs103097Data message
* containing EtsiTs102941Data
* containing content.authorizationRequest
* containing hmacKey (HMAC)
* and containing sharedAtRequest
* containing keyTag (KEY_TAG)
* indicating wrong value
* }
* then {
* the IUT does not send the AuthorizationValidationRequest message
* and the IUT sends to the TS the AuthorizationResponse message
* containing authorizationResponse
* containing requestHash
* indicating the leftmost 16 bits of the SHA256 value
* calculated over the X_HASH_STRUCTURE
* and containing responseCode
* indicating the value NOT EQUAL to 0
* and not containing certificate
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v2.0.1 SECPKI_AA_AUTH_RCV_07_BI
8228
8229
8230
8231
8232
8233
8234
8235
8236
8237
8238
8239
8240
8241
8242
8243
8244
8245
8246
8247
8248
8249
* @reference ETSI TS 102 941, clause 6.2.3.3.1
*/
testcase TC_SECPKI_AA_AUTH_RCV_07_BI() runs on ItsPkiHttp system ItsPkiHttpSystem {
var Oct32 v_private_key_ec;
var Oct32 v_public_compressed_key_ec;
var integer v_compressed_key_mode_ec;
var InnerEcResponse v_inner_ec_response;
var Oct32 v_private_key_at;
var Oct32 v_public_compressed_key_at;
var integer p_compressed_mode_at;
var Oct32 v_private_enc_key_at;
var Oct32 v_public_compressed_enc_key_at;
var integer v_compressed_enc_mode_at;
var Oct32 v_request_hash;
var Oct16 v_encrypted_sym_key;
var Oct16 v_aes_sym_key;
var HashedId8 v_aes_sym_key_hashed_id8;
var Oct16 v_authentication_vector;
var Oct12 v_nonce;
var octetstring v_salt;
var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
var Headers v_headers;
var HttpMessage v_response;
var EtsiTs102941Data v_etsi_ts_102941_data;
var InnerEcRequest v_inner_ec_request;
var EtsiTs103097Certificate v_ec_certificate;
var HashedId8 v_ec_certificate_hashed_id8;
// Test control
if (not PICS_IUT_AA_ROLE) {
log("*** " & testcasename() & ": PICS_IUT_AA_ROLE required for executing the TC ***");
setverdict(inconc);
stop;
}
// Test component configuration
f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_IUT_AA_CERTIFICATE_ID);
f_generate_inner_ec_request(v_private_key_ec, v_public_compressed_key_ec, v_compressed_key_mode_ec, v_inner_ec_request);
f_generate_ec_certificate_for_inner_ec_response(v_inner_ec_request, v_private_key_ec, vc_eaWholeHash, v_ec_certificate, v_ec_certificate_hashed_id8);
log("*** " & testcasename() & ": DEBUG: v_ec_certificate= ", v_ec_certificate);
log("*** " & testcasename() & ": DEBUG: v_private_key_ec= ", v_private_key_ec);
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
f_http_build_authorization_request_with_wrong_parameters(v_ec_certificate, v_private_key_ec, -, true, -, -, -, -, -, -, -, v_private_key_at, v_public_compressed_key_at, p_compressed_mode_at, v_private_enc_key_at, v_public_compressed_enc_key_at, v_compressed_enc_mode_at, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
8279
8280
8281
8282
8283
8284
8285
8286
8287
8288
8289
8290
8291
8292
8293
8294
8295
8296
8297
8298
8299
8300
v_aes_sym_key_hashed_id8 := f_hashedId8FromSha256(f_hashWithSha256('80'O & v_aes_sym_key)); // Used to match the response
f_init_default_headers_list(-, "inner_at_request", v_headers);
f_http_send(
v_headers,
m_http_request(
m_http_request_post(
PICS_HTTP_POST_URI_AT,
v_headers,
m_http_message_body_binary(
m_binary_body_ieee1609dot2_data(
v_ieee1609dot2_signed_and_encrypted_data
)))));
tc_ac.start;
alt {
[] a_await_at_http_response_from_iut(
mw_http_response(
mw_http_response_ok(
mw_http_message_body_binary(
mw_binary_body_ieee1609dot2_data(
mw_authorizationResponseMessage(
mw_encryptedData(
{ *, mw_recipientInfo_pskRecipInfo(v_aes_sym_key_hashed_id8), * },
mw_symmetricCiphertext_aes128ccm
)))))),
v_response
) {
var integer v_result;
var InnerAtResponse v_authorization_validation_response;
f_verify_http_at_response_from_iut_aa(v_response.response, v_private_key_at, v_aes_sym_key, v_authentication_vector, v_request_hash, v_authorization_validation_response, v_result);
log("*** " & testcasename() & ": INFO: AuthorizationValidationResponse= ", v_authorization_validation_response, " ***");
// Set verdict
if (v_result == -3) {
log("*** " & testcasename() & ": PASS: IUT has rejected the request ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
} else {
log("*** " & testcasename() & ": FAIL: IUT shall not process the request ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
}
}
[] a_await_at_http_response_from_iut(mw_http_response(mw_http_response_ko), v_response) {
tc_ac.stop;
log("*** " & testcasename() & ": FAIL: IUT shall not respond with HTTP error ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
}
[] a_await_atv_http_request_from_iut(
mw_http_request(
mw_http_request_post(
"/Auth", //FIXME: Use another PIXIT than PICS_HTTP_POST_URI_ATV,
-,
mw_http_message_body_binary(
mw_binary_body_ieee1609dot2_data(
mw_authorizationRequestMessage(
mw_encryptedData(
{ *, mw_recipientInfo_certRecipInfo(mw_pKRecipientInfo(vc_eaHashedId8)), * },
mw_symmetricCiphertext_aes128ccm
)))))),
v_request
) {
tc_ac.stop;
log("*** " & testcasename() & ": FAIL: IUT shall not process the AtV request ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": FAIL: No response received from the IUT ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout);
}
} // End of 'alt' statement
8352
8353
8354
8355
8356
8357
8358
8359
8360
8361
8362
8363
8364
8365
8366
8367
8368
8369
8370
8371
8372
8373
8374
8375
8376
8377
8378
// Postamble
f_cfHttpDown();
} // End of testcase TC_SECPKI_AA_AUTH_RCV_07_BI
/**
* @desc Send a correctly encoded AT request, but the ITS-Station is not enrolled at the EA
*/
testcase TC_SECPKI_AA_AUTH_RCV_08_BI() runs on ItsPkiHttp system ItsPkiHttpSystem {
var Oct32 v_private_key_ec;
var Oct32 v_public_compressed_key_ec;
var integer v_compressed_key_mode_ec;
var InnerEcResponse v_inner_ec_response;
var Oct32 v_private_key_at;
var Oct32 v_public_compressed_key_at;
var integer p_compressed_mode_at;
var Oct32 v_private_enc_key_at;
var Oct32 v_public_compressed_enc_key_at;
var integer v_compressed_enc_mode_at;
var Oct32 v_request_hash;
var Oct16 v_encrypted_sym_key;
var Oct16 v_aes_sym_key;
var HashedId8 v_aes_sym_key_hashed_id8;
var Oct16 v_authentication_vector;
var Oct12 v_nonce;
var octetstring v_salt;
var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
var Headers v_headers;
var HttpMessage v_response;
var EtsiTs102941Data v_etsi_ts_102941_data;
var InnerEcRequest v_inner_ec_request;
var EtsiTs103097Certificate v_ec_certificate;
var HashedId8 v_ec_certificate_hashed_id8;
// Test control
if (not PICS_IUT_AA_ROLE) {
log("*** " & testcasename() & ": PICS_IUT_AA_ROLE required for executing the TC ***");
setverdict(inconc);
stop;
}
// Test component configuration
f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_IUT_AA_CERTIFICATE_ID);
f_generate_inner_ec_request_with_wrong_parameters(
{ valueof(m_appPermissions(c_its_aid_SCR, { bitmapSsp := PX_INNER_EC_CERTFICATE_BITMAP_SSP_SCR })) },
PICS_INVALID_ITS_S_CANONICAL_ID,
f_getCurrentTime() / 1000,
valueof(m_duration_in_hours(PX_GENERATED_CERTIFICATE_DURATION)),
-,
v_private_key_ec, v_public_compressed_key_ec, v_compressed_key_mode_ec, v_inner_ec_request
);
f_generate_ec_certificate_for_inner_ec_response(v_inner_ec_request, v_private_key_ec, vc_eaWholeHash, v_ec_certificate, v_ec_certificate_hashed_id8);
log("*** " & testcasename() & ": DEBUG: v_ec_certificate= ", v_ec_certificate);
log("*** " & testcasename() & ": DEBUG: v_private_key_ec= ", v_private_key_ec);
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
f_http_build_authorization_request_with_wrong_parameters(v_ec_certificate, v_private_key_ec, -, -, true, -, -, -, -, -, -, v_private_key_at, v_public_compressed_key_at, p_compressed_mode_at, v_private_enc_key_at, v_public_compressed_enc_key_at, v_compressed_enc_mode_at, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
8415
8416
8417
8418
8419
8420
8421
8422
8423
8424
8425
8426
8427
8428
8429
8430
8431
8432
8433
8434
8435
8436
v_aes_sym_key_hashed_id8 := f_hashedId8FromSha256(f_hashWithSha256('80'O & v_aes_sym_key)); // Used to match the response
f_init_default_headers_list(-, "inner_at_request", v_headers);
f_http_send(
v_headers,
m_http_request(
m_http_request_post(
PICS_HTTP_POST_URI_AT,
v_headers,
m_http_message_body_binary(
m_binary_body_ieee1609dot2_data(
v_ieee1609dot2_signed_and_encrypted_data
)))));
tc_ac.start;
alt {
[] a_await_at_http_response_from_iut(
mw_http_response(
mw_http_response_ok(
mw_http_message_body_binary(
mw_binary_body_ieee1609dot2_data(
mw_authorizationResponseMessage(
mw_encryptedData(
{ *, mw_recipientInfo_pskRecipInfo(v_aes_sym_key_hashed_id8), * },
mw_symmetricCiphertext_aes128ccm
)))))),
v_response
) {
var integer v_result;
var InnerAtResponse v_authorization_validation_response;
f_verify_http_at_response_from_iut_aa(v_response.response, v_private_key_at, v_aes_sym_key, v_authentication_vector, v_request_hash, v_authorization_validation_response, v_result);
log("*** " & testcasename() & ": INFO: AuthorizationValidationResponse= ", v_authorization_validation_response, " ***");
// Set verdict
if (v_result == -3) {
log("*** " & testcasename() & ": INFO: IUT has rejected the request ***");
if (match(v_authorization_validation_response, mw_innerAtResponse_ko(-, unknownits)) == true) {
log("*** " & testcasename() & ": PASS: Error code is unknownits ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
} else {
log("*** " & testcasename() & ": FAIL: Expected error code should be unknownits ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
}
} else {
log("*** " & testcasename() & ": FAIL: IUT shall not process the request ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
}
}
[] a_await_at_http_response_from_iut(mw_http_response(mw_http_response_ko), v_response) {
tc_ac.stop;
log("*** " & testcasename() & ": FAIL: IUT shall not respond with HTTP error ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
}
[] a_await_atv_http_request_from_iut(
mw_http_request(
mw_http_request_post(
"/Auth", //FIXME: Use another PIXIT than PICS_HTTP_POST_URI_ATV,
-,
mw_http_message_body_binary(
mw_binary_body_ieee1609dot2_data(
mw_authorizationRequestMessage(
mw_encryptedData(
{ *, mw_recipientInfo_certRecipInfo(mw_pKRecipientInfo(vc_eaHashedId8)), * },
mw_symmetricCiphertext_aes128ccm
)))))),
v_request
) {
tc_ac.stop;
log("*** " & testcasename() & ": FAIL: IUT shall not process the AtV request ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": FAIL: No response received from the IUT ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_cfHttpDown();
} // End of testcase TC_SECPKI_AA_AUTH_RCV_08_BI
8498
8499
8500
8501
8502
8503
8504
8505
8506
8507
8508
8509
8510
8511
8512
8513
8514
8515
8516
8517
8518
8519
8520
/**
* @desc Send an AT request, but the inner signer (valid EC) is not issued by the EA which is known / trusted by the AA. The AA trusts only EAs listet on the RCA-CTL.
*/
testcase TC_SECPKI_AA_AUTH_RCV_09_BI() runs on ItsPkiHttp system ItsPkiHttpSystem {
var Oct32 v_private_key_ec;
var Oct32 v_public_compressed_key_ec;
var integer v_compressed_key_mode_ec;
var InnerEcResponse v_inner_ec_response;
var Oct32 v_private_key_at;
var Oct32 v_public_compressed_key_at;
var integer p_compressed_mode_at;
var Oct32 v_private_enc_key_at;
var Oct32 v_public_compressed_enc_key_at;
var integer v_compressed_enc_mode_at;
var Oct32 v_request_hash;
var Oct16 v_encrypted_sym_key;
var Oct16 v_aes_sym_key;
var HashedId8 v_aes_sym_key_hashed_id8;
var Oct16 v_authentication_vector;
var Oct12 v_nonce;
var octetstring v_salt;
var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
var Headers v_headers;
var HttpMessage v_response;
var EtsiTs102941Data v_etsi_ts_102941_data;
var InnerEcRequest v_inner_ec_request;
var EtsiTs103097Certificate v_ec_certificate;
var HashedId8 v_ec_certificate_hashed_id8;
// Test control
if (not PICS_IUT_AA_ROLE) {
log("*** " & testcasename() & ": PICS_IUT_AA_ROLE required for executing the TC ***");
setverdict(inconc);
stop;
}
// Test component configuration
f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_IUT_AA_CERTIFICATE_ID);
f_generate_inner_ec_request(v_private_key_ec, v_public_compressed_key_ec, v_compressed_key_mode_ec, v_inner_ec_request);
f_generate_ec_certificate_for_inner_ec_response(v_inner_ec_request, v_private_key_ec, vc_eaWholeHash, v_ec_certificate, v_ec_certificate_hashed_id8);
log("*** " & testcasename() & ": DEBUG: v_ec_certificate= ", v_ec_certificate);
log("*** " & testcasename() & ": DEBUG: v_private_key_ec= ", v_private_key_ec);
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
f_http_build_authorization_request_with_wrong_parameters(v_ec_certificate, v_private_key_ec, -, -, -, -, -, true, -, -, -, v_private_key_at, v_public_compressed_key_at, p_compressed_mode_at, v_private_enc_key_at, v_public_compressed_enc_key_at, v_compressed_enc_mode_at, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
8550
8551
8552
8553
8554
8555
8556
8557
8558
8559
8560
8561
8562
8563
8564
8565
8566
8567
8568
8569
8570
8571
v_aes_sym_key_hashed_id8 := f_hashedId8FromSha256(f_hashWithSha256('80'O & v_aes_sym_key)); // Used to match the response
f_init_default_headers_list(-, "inner_at_request", v_headers);
f_http_send(
v_headers,
m_http_request(
m_http_request_post(
PICS_HTTP_POST_URI_AT,
v_headers,
m_http_message_body_binary(
m_binary_body_ieee1609dot2_data(
v_ieee1609dot2_signed_and_encrypted_data
)))));
tc_ac.start;
alt {
[] a_await_at_http_response_from_iut(
mw_http_response(
mw_http_response_ok(
mw_http_message_body_binary(
mw_binary_body_ieee1609dot2_data(
mw_authorizationResponseMessage(
mw_encryptedData(
{ *, mw_recipientInfo_pskRecipInfo(v_aes_sym_key_hashed_id8), * },
mw_symmetricCiphertext_aes128ccm
)))))),
v_response
) {
var integer v_result;
var InnerAtResponse v_authorization_validation_response;
f_verify_http_at_response_from_iut_aa(v_response.response, v_private_key_at, v_aes_sym_key, v_authentication_vector, v_request_hash, v_authorization_validation_response, v_result);
log("*** " & testcasename() & ": INFO: AuthorizationValidationResponse= ", v_authorization_validation_response, " ***");
// Set verdict
if (v_result == -3) {
log("*** " & testcasename() & ": INFO: IUT has rejected the request ***");
if (match(v_authorization_validation_response, mw_innerAtResponse_ko(-, its_aa_unknownea)) == true) {
log("*** " & testcasename() & ": PASS: Error code is its_aa_unknownea ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
} else {
log("*** " & testcasename() & ": FAIL: Expected error code should be its_aa_unknownea ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
}
} else {
log("*** " & testcasename() & ": FAIL: IUT shall not process the request ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
}
}
[] a_await_at_http_response_from_iut(mw_http_response(mw_http_response_ko), v_response) {
tc_ac.stop;
log("*** " & testcasename() & ": FAIL: IUT shall not respond with HTTP error ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
}
[] a_await_atv_http_request_from_iut(
mw_http_request(
mw_http_request_post(
"/Auth", //FIXME: Use another PIXIT than PICS_HTTP_POST_URI_ATV,
-,
mw_http_message_body_binary(
mw_binary_body_ieee1609dot2_data(
mw_authorizationRequestMessage(
mw_encryptedData(
{ *, mw_recipientInfo_certRecipInfo(mw_pKRecipientInfo(vc_eaHashedId8)), * },
mw_symmetricCiphertext_aes128ccm
)))))),
v_request
) {
tc_ac.stop;
log("*** " & testcasename() & ": FAIL: IUT shall not process the AtV request ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": FAIL: No response received from the IUT ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_cfHttpDown();
} // End of testcase TC_SECPKI_AA_AUTH_RCV_09_BI
/**
* @desc Send an AT request, but the generation time of the CSR is in the past.
*/
testcase TC_SECPKI_AA_AUTH_RCV_10_BI() runs on ItsPkiHttp system ItsPkiHttpSystem {
var Oct32 v_private_key_ec;
var Oct32 v_public_compressed_key_ec;
var integer v_compressed_key_mode_ec;
var InnerEcResponse v_inner_ec_response;
var Oct32 v_private_key_at;
var Oct32 v_public_compressed_key_at;
var integer p_compressed_mode_at;
var Oct32 v_private_enc_key_at;
var Oct32 v_public_compressed_enc_key_at;
var integer v_compressed_enc_mode_at;
var Oct32 v_request_hash;
var Oct16 v_encrypted_sym_key;
var Oct16 v_aes_sym_key;
var HashedId8 v_aes_sym_key_hashed_id8;
var Oct16 v_authentication_vector;
var Oct12 v_nonce;
var octetstring v_salt;
var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
var Headers v_headers;
var HttpMessage v_response;
var EtsiTs102941Data v_etsi_ts_102941_data;
var InnerEcRequest v_inner_ec_request;
var EtsiTs103097Certificate v_ec_certificate;
var HashedId8 v_ec_certificate_hashed_id8;
// Test control
if (not PICS_IUT_AA_ROLE) {
log("*** " & testcasename() & ": PICS_IUT_AA_ROLE required for executing the TC ***");
setverdict(inconc);
stop;
}
// Test component configuration
f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_IUT_AA_CERTIFICATE_ID);
// Preamble
if (PICS_SIMULATE_EA_ENTITY) {
f_generate_inner_ec_request(v_private_key_ec, v_public_compressed_key_ec, v_compressed_key_mode_ec, v_inner_ec_request);
f_generate_ec_certificate_for_inner_ec_response(v_inner_ec_request, v_private_key_ec, vc_eaWholeHash, v_ec_certificate, v_ec_certificate_hashed_id8);
log("*** " & testcasename() & ": DEBUG: v_ec_certificate= ", v_ec_certificate);
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
} else {
if (f_await_http_inner_ec_request_response(v_private_key_ec, v_public_compressed_key_ec, v_compressed_key_mode_ec, v_ec_cert_hash_256, v_inner_ec_response) == false) {
log("*** " & testcasename() & ": INCONC: Enrolment failed ***");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
} else {
log("*** " & testcasename() & ": INFO: Enrolment succeed ***");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
}
v_ec_certificate := v_inner_ec_response.certificate;
log("*** " & testcasename() & ": DEBUG: v_inner_ec_response= ", v_inner_ec_response);
log("*** " & testcasename() & ": DEBUG: v_private_key_ec= ", v_private_key_ec);
}
8695
8696
8697
8698
8699
8700
8701
8702
8703
8704
8705
8706
8707
8708
8709
8710
8711
8712
8713
8714
8715
8716
8717
8718
// Test Body
f_http_build_authorization_request_with_wrong_parameters(v_inner_ec_response.certificate, v_private_key_ec, -, -, -, -, -, -, -, -, f_getCurrentTime() / 2, v_private_key_at, v_public_compressed_key_at, p_compressed_mode_at, v_private_enc_key_at, v_public_compressed_enc_key_at, v_compressed_enc_mode_at, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
v_aes_sym_key_hashed_id8 := f_hashedId8FromSha256(f_hashWithSha256('80'O & v_aes_sym_key)); // Used to match the response
f_init_default_headers_list(-, "inner_at_request", v_headers);
f_http_send(
v_headers,
m_http_request(
m_http_request_post(
PICS_HTTP_POST_URI_AT,
v_headers,
m_http_message_body_binary(
m_binary_body_ieee1609dot2_data(
v_ieee1609dot2_signed_and_encrypted_data
)))));
tc_ac.start;
alt {
[] a_await_at_http_response_from_iut(
mw_http_response(
mw_http_response_ok(
mw_http_message_body_binary(
mw_binary_body_ieee1609dot2_data(
mw_authorizationResponseMessage(
mw_encryptedData(
{ *, mw_recipientInfo_pskRecipInfo(v_aes_sym_key_hashed_id8), * },
mw_symmetricCiphertext_aes128ccm
)))))),
v_response
) {
var integer v_result;
var InnerAtResponse v_authorization_validation_response;
f_verify_http_at_response_from_iut_aa(v_response.response, v_private_key_at, v_aes_sym_key, v_authentication_vector, v_request_hash, v_authorization_validation_response, v_result);
log("*** " & testcasename() & ": INFO: AuthorizationValidationResponse= ", v_authorization_validation_response, " ***");
// Set verdict
if (v_result == -3) {
log("*** " & testcasename() & ": INFO: IUT has rejected the request ***");
if (match(v_authorization_validation_response, mw_innerAtResponse_ko(-, its_aa_outofsyncrequest)) == true) {
log("*** " & testcasename() & ": PASS: Error code is its_aa_unknownea ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
} else {
log("*** " & testcasename() & ": FAIL: Expected error code should be its_aa_outofsyncrequest ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
}
} else {
log("*** " & testcasename() & ": FAIL: IUT shall not process the request ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
}
}
[] a_await_at_http_response_from_iut(mw_http_response(mw_http_response_ko), v_response) {
tc_ac.stop;
log("*** " & testcasename() & ": FAIL: IUT shall not respond with HTTP error ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": FAIL: No response received from the IUT ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_cfHttpDown();
} // End of testcase TC_SECPKI_AA_AUTH_RCV_10_BI
/**
* @desc Send an AT request, but the generation time of the CSR is in the future.
*/
testcase TC_SECPKI_AA_AUTH_RCV_11_BI() runs on ItsPkiHttp system ItsPkiHttpSystem {
var Oct32 v_private_key_ec;
var Oct32 v_public_compressed_key_ec;
var integer v_compressed_key_mode_ec;
var InnerEcResponse v_inner_ec_response;
var Oct32 v_private_key_at;
var Oct32 v_public_compressed_key_at;
var integer p_compressed_mode_at;
var Oct32 v_private_enc_key_at;
var Oct32 v_public_compressed_enc_key_at;
var integer v_compressed_enc_mode_at;
var Oct32 v_request_hash;
var Oct16 v_encrypted_sym_key;
var Oct16 v_aes_sym_key;
var HashedId8 v_aes_sym_key_hashed_id8;
var Oct16 v_authentication_vector;
var Oct12 v_nonce;
var octetstring v_salt;
var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
var Headers v_headers;
var HttpMessage v_response;
var EtsiTs102941Data v_etsi_ts_102941_data;
var InnerEcRequest v_inner_ec_request;
var EtsiTs103097Certificate v_ec_certificate;
var HashedId8 v_ec_certificate_hashed_id8;
// Test control
if (not PICS_IUT_AA_ROLE) {
log("*** " & testcasename() & ": PICS_IUT_AA_ROLE required for executing the TC ***");
setverdict(inconc);
stop;
}
// Test component configuration
f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_IUT_AA_CERTIFICATE_ID);
// Preamble
if (PICS_SIMULATE_EA_ENTITY) {
f_generate_inner_ec_request(v_private_key_ec, v_public_compressed_key_ec, v_compressed_key_mode_ec, v_inner_ec_request);
f_generate_ec_certificate_for_inner_ec_response(v_inner_ec_request, v_private_key_ec, vc_eaWholeHash, v_ec_certificate, v_ec_certificate_hashed_id8);
log("*** " & testcasename() & ": DEBUG: v_ec_certificate= ", v_ec_certificate);
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
} else {
if (f_await_http_inner_ec_request_response(v_private_key_ec, v_public_compressed_key_ec, v_compressed_key_mode_ec, v_ec_cert_hash_256, v_inner_ec_response) == false) {
log("*** " & testcasename() & ": INCONC: Enrolment failed ***");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
} else {
log("*** " & testcasename() & ": INFO: Enrolment succeed ***");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
}
v_ec_certificate := v_inner_ec_response.certificate;
log("*** " & testcasename() & ": DEBUG: v_inner_ec_response= ", v_inner_ec_response);
log("*** " & testcasename() & ": DEBUG: v_private_key_ec= ", v_private_key_ec);
}
8823
8824
8825
8826
8827
8828
8829
8830
8831
8832
8833
8834
8835
8836
8837
8838
8839
8840
8841
8842
8843
8844
8845
8846
// Test Body
f_http_build_authorization_request_with_wrong_parameters(v_inner_ec_response.certificate, v_private_key_ec, -, -, -, -, -, -, -, -, f_getCurrentTime() * 2, v_private_key_at, v_public_compressed_key_at, p_compressed_mode_at, v_private_enc_key_at, v_public_compressed_enc_key_at, v_compressed_enc_mode_at, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
v_aes_sym_key_hashed_id8 := f_hashedId8FromSha256(f_hashWithSha256('80'O & v_aes_sym_key)); // Used to match the response
f_init_default_headers_list(-, "inner_at_request", v_headers);
f_http_send(
v_headers,
m_http_request(
m_http_request_post(
PICS_HTTP_POST_URI_AT,
v_headers,
m_http_message_body_binary(
m_binary_body_ieee1609dot2_data(
v_ieee1609dot2_signed_and_encrypted_data
)))));
tc_ac.start;
alt {
[] a_await_at_http_response_from_iut(
mw_http_response(
mw_http_response_ok(
mw_http_message_body_binary(
mw_binary_body_ieee1609dot2_data(
mw_authorizationResponseMessage(
mw_encryptedData(
{ *, mw_recipientInfo_pskRecipInfo(v_aes_sym_key_hashed_id8), * },
mw_symmetricCiphertext_aes128ccm
)))))),
v_response
) {
var integer v_result;
var InnerAtResponse v_authorization_validation_response;
f_verify_http_at_response_from_iut_aa(v_response.response, v_private_key_at, v_aes_sym_key, v_authentication_vector, v_request_hash, v_authorization_validation_response, v_result);
log("*** " & testcasename() & ": INFO: AuthorizationValidationResponse= ", v_authorization_validation_response, " ***");
// Set verdict
if (v_result == -3) {
log("*** " & testcasename() & ": INFO: IUT has rejected the request ***");
if (match(v_authorization_validation_response, mw_innerAtResponse_ko(-, its_aa_outofsyncrequest)) == true) {
log("*** " & testcasename() & ": PASS: Error code is its_aa_unknownea ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
} else {
log("*** " & testcasename() & ": FAIL: Expected error code should be its_aa_outofsyncrequest ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
}
} else {
log("*** " & testcasename() & ": FAIL: IUT shall not process the request ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
}
}
[] a_await_at_http_response_from_iut(mw_http_response(mw_http_response_ko), v_response) {
tc_ac.stop;
log("*** " & testcasename() & ": FAIL: IUT shall not respond with HTTP error ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": FAIL: No response received from the IUT ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_cfHttpDown();
} // End of testcase TC_SECPKI_AA_AUTH_RCV_11_BI
/**
* @desc Send an AT request, but the expiry date of the CSR is before the start date of the EC.
*/
testcase TC_SECPKI_AA_AUTH_RCV_12_BI() runs on ItsPkiHttp system ItsPkiHttpSystem {
var Oct32 v_private_key_ec;
var Oct32 v_public_compressed_key_ec;
var integer v_compressed_key_mode_ec;
var InnerEcResponse v_inner_ec_response;
var Oct32 v_private_key_at;
var Oct32 v_public_compressed_key_at;
var integer p_compressed_mode_at;
var Oct32 v_private_enc_key_at;
var Oct32 v_public_compressed_enc_key_at;
var integer v_compressed_enc_mode_at;
var Oct32 v_request_hash;
var Oct16 v_encrypted_sym_key;
var Oct16 v_aes_sym_key;
var HashedId8 v_aes_sym_key_hashed_id8;
var Oct16 v_authentication_vector;
var Oct12 v_nonce;
var octetstring v_salt;
var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
var Headers v_headers;
var HttpMessage v_response;
var EtsiTs102941Data v_etsi_ts_102941_data;
var InnerEcRequest v_inner_ec_request;
var EtsiTs103097Certificate v_ec_certificate;
var HashedId8 v_ec_certificate_hashed_id8;
// Test control
if (not PICS_IUT_AA_ROLE) {
log("*** " & testcasename() & ": PICS_IUT_AA_ROLE required for executing the TC ***");
setverdict(inconc);
stop;
}
// Test component configuration
f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_IUT_AA_CERTIFICATE_ID);
// Preamble
if (PICS_SIMULATE_EA_ENTITY) {
f_generate_inner_ec_request(v_private_key_ec, v_public_compressed_key_ec, v_compressed_key_mode_ec, v_inner_ec_request);
f_generate_ec_certificate_for_inner_ec_response(v_inner_ec_request, v_private_key_ec, vc_eaWholeHash, v_ec_certificate, v_ec_certificate_hashed_id8);
log("*** " & testcasename() & ": DEBUG: v_ec_certificate= ", v_ec_certificate);
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
} else {
if (f_await_http_inner_ec_request_response(v_private_key_ec, v_public_compressed_key_ec, v_compressed_key_mode_ec, v_ec_cert_hash_256, v_inner_ec_response) == false) {
log("*** " & testcasename() & ": INCONC: Enrolment failed ***");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
} else {
log("*** " & testcasename() & ": INFO: Enrolment succeed ***");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
}
v_ec_certificate := v_inner_ec_response.certificate;
log("*** " & testcasename() & ": DEBUG: v_inner_ec_response= ", v_inner_ec_response);
log("*** " & testcasename() & ": DEBUG: v_private_key_ec= ", v_private_key_ec);
}
8951
8952
8953
8954
8955
8956
8957
8958
8959
8960
8961
8962
8963
8964
8965
8966
8967
8968
8969
8970
8971
8972
8973
8974
// Test Body
f_http_build_authorization_request_with_wrong_parameters(v_inner_ec_response.certificate, v_private_key_ec, -, -, -, -, -, -, vc_eaCertificate.toBeSigned.validityPeriod.start_ / 2, m_duration_in_hours(PX_GENERATED_CERTIFICATE_DURATION), -, v_private_key_at, v_public_compressed_key_at, p_compressed_mode_at, v_private_enc_key_at, v_public_compressed_enc_key_at, v_compressed_enc_mode_at, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
v_aes_sym_key_hashed_id8 := f_hashedId8FromSha256(f_hashWithSha256('80'O & v_aes_sym_key)); // Used to match the response
f_init_default_headers_list(-, "inner_at_request", v_headers);
f_http_send(
v_headers,
m_http_request(
m_http_request_post(
PICS_HTTP_POST_URI_AT,
v_headers,
m_http_message_body_binary(
m_binary_body_ieee1609dot2_data(
v_ieee1609dot2_signed_and_encrypted_data
)))));
tc_ac.start;
alt {
[] a_await_at_http_response_from_iut(
mw_http_response(
mw_http_response_ok(
mw_http_message_body_binary(
mw_binary_body_ieee1609dot2_data(
mw_authorizationResponseMessage(
mw_encryptedData(
{ *, mw_recipientInfo_pskRecipInfo(v_aes_sym_key_hashed_id8), * },
mw_symmetricCiphertext_aes128ccm
)))))),
v_response
) {
var integer v_result;
var InnerAtResponse v_authorization_validation_response;
f_verify_http_at_response_from_iut_aa(v_response.response, v_private_key_at, v_aes_sym_key, v_authentication_vector, v_request_hash, v_authorization_validation_response, v_result);
log("*** " & testcasename() & ": INFO: AuthorizationValidationResponse= ", v_authorization_validation_response, " ***");
// Set verdict
if (v_result == -3) {
log("*** " & testcasename() & ": INFO: IUT has rejected the request ***");
if (match(v_authorization_validation_response, mw_innerAtResponse_ko(-, deniedpermissions)) == true) {
log("*** " & testcasename() & ": PASS: Error code is its_aa_unknownea ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
} else {
log("*** " & testcasename() & ": FAIL: Expected error code should be its_aa_outofsyncrequest ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
}
} else {
log("*** " & testcasename() & ": FAIL: IUT shall not process the request ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
}
}