Newer
Older
YannGarcia
committed
f_connect4SelfOrClientSync();
YannGarcia
committed
// Test adapter configuration
YannGarcia
committed
// Preamble
v_result := f_get_root_ca_certificate(-, -, v_root_certificate);
if (v_result == -1) {
log("*** " & testcasename() & ": INCONC: Fail to retrive the RCA ***");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
} else {
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
}
YannGarcia
committed
10014
10015
10016
10017
10018
10019
10020
10021
10022
10023
10024
10025
10026
10027
10028
10029
10030
10031
10032
10033
10034
10035
10036
10037
10038
10039
10040
10041
10042
10043
10044
10045
10046
10047
10048
10049
10050
10051
10052
10053
// Test Body
if (f_verify_rca_certificate(-, v_root_certificate, -, true, -, -, true) == false) {
log("*** " & testcasename() & ": FAIL: Failed to verify RCA message ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else {
log("*** " & testcasename() & ": PASS: ToBeSignedRcaCtl received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
// Postamble
f_disconnect4SelfOrClientSync();
} // End of testcase TC_SECPKI_CA_CERTGEN_13_BV_02
/**
* @desc Check that all PSID entries of the appPermissions component of the certificate are unique
* <pre>
* Pics Selection: PICS_IUT_CA_ROLE
* Initial conditions:
* with {
* CA is in 'operational' state
* }
* Expected behaviour:
* ensure that {
* when {
* the CA issued the certificate
* containing toBeSigned
* containing appPermissions
* }
* then {
* this certificate is of type EtsiTs103097Certificate
* containing toBeSigned
* containing appPermissions
* containing items of type PsidSsp
* containing psid
* indicating unique values in this sequence
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v2.0.1 SECPKI_CA_CERTGEN_14_BV
YannGarcia
committed
* @reference ETSI TS 103 097 [1], clauses 6.4.28, 5.1.2.4
*/
YannGarcia
committed
testcase TC_SECPKI_CA_CERTGEN_14_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
YannGarcia
committed
// Local variables
var integer v_result;
var Certificate v_root_certificate;
YannGarcia
committed
// Test control
if (not PICS_IUT_CA_ROLE) {
log("*** " & testcasename() & ": PICS_IUT_CA_ROLE required for executing the TC ***");
setverdict(inconc);
stop;
}
YannGarcia
committed
// Test component configuration
f_connect4SelfOrClientSync();
YannGarcia
committed
// Test adapter configuration
if (not f_loadCertificates(PX_IUT_SEC_CONFIG_NAME) ) {
log("*** INFO: TEST CASE NOW STOPPING ITSELF! ***");
stop;
}
YannGarcia
committed
// Preamble
v_result := f_get_root_ca_certificate(-, -, v_root_certificate);
if (v_result == -1) {
log("*** " & testcasename() & ": INCONC: Fail to retrive the RCA ***");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
} else {
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
}
YannGarcia
committed
10087
10088
10089
10090
10091
10092
10093
10094
10095
10096
10097
10098
10099
10100
10101
10102
10103
10104
10105
10106
10107
10108
10109
10110
10111
10112
10113
10114
10115
10116
10117
10118
10119
10120
10121
10122
10123
10124
10125
10126
10127
10128
10129
10130
10131
10132
10133
10134
10135
10136
10137
10138
10139
// Test Body
if (f_verify_rca_certificate(-, v_root_certificate, -, -, -, -, -, true) == false) {
log("*** " & testcasename() & ": FAIL: Failed to verify RCA message ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else {
log("*** " & testcasename() & ": PASS: ToBeSignedRcaCtl received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
// Postamble
f_disconnect4SelfOrClientSync();
} // End of testcase TC_SECPKI_CA_CERTGEN_14_BV
/**
* @desc Check that all PSID entries of the appPermissions component of the certificate are also contained in the certIssuePermissions component in the issuing certificate
* <pre>
* Pics Selection: PICS_IUT_CA_ROLE
* Initial conditions:
* with {
* CA is in 'operational' state
* }
* Expected behaviour:
* ensure that {
* when {
* the CA issued the certificate
* containing toBeSigned
* containing appPermissions
* }
* then {
* this certificate is of type EtsiTs103097Certificate
* containing issuer
* referenced to the certificate
* containing toBeSigned
* containing certIssuePermissions
* containing items of type PsidGroupPermissions
* containing eeType
* indicating app(0)
* and containing subjectPermissions
* containing explicit
* containing items of type PsidSspRange
* indicating X_PSID_RANGE_LIST
* or containing all
* and containing toBeSigned
* containing appPermissions
* containing items of type PsidSsp
* containing psid
* contained in the X_PSID_RANGE_LIST
* as a psid
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v2.0.1 SECPKI_CA_CERTGEN_15_BV
YannGarcia
committed
* @reference ETSI TS 103 097 [1], clauses 6.4.28, 5.1.2.4
*/
YannGarcia
committed
testcase TC_SECPKI_CA_CERTGEN_15_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
YannGarcia
committed
// Local variables
var integer v_result;
var Certificate v_root_certificate;
YannGarcia
committed
// Test control
if (not PICS_IUT_CA_ROLE) {
log("*** " & testcasename() & ": PICS_IUT_CA_ROLE required for executing the TC ***");
setverdict(inconc);
stop;
}
YannGarcia
committed
// Test component configuration
f_connect4SelfOrClientSync();
YannGarcia
committed
// Test adapter configuration
if (not f_loadCertificates(PX_IUT_SEC_CONFIG_NAME) ) {
log("*** INFO: TEST CASE NOW STOPPING ITSELF! ***");
stop;
}
YannGarcia
committed
// Preamble
v_result := f_get_root_ca_certificate(-, -, v_root_certificate);
if (v_result == -1) {
log("*** " & testcasename() & ": INCONC: Fail to retrive the RCA ***");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
} else {
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
}
YannGarcia
committed
10173
10174
10175
10176
10177
10178
10179
10180
10181
10182
10183
10184
10185
10186
10187
10188
10189
10190
10191
10192
10193
10194
10195
10196
10197
10198
10199
10200
10201
10202
10203
10204
10205
10206
10207
10208
10209
10210
10211
10212
10213
10214
10215
10216
// Test Body
if (f_verify_rca_certificate(-, v_root_certificate, -, -, -, -, -, true) == false) {
log("*** " & testcasename() & ": FAIL: Failed to verify RCA message ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else {
log("*** " & testcasename() & ": PASS: ToBeSignedRcaCtl received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
// Postamble
f_disconnect4SelfOrClientSync();
} // End of testcase TC_SECPKI_CA_CERTGEN_15_BV
/**
* @desc Check that all PSID entries of the certIssuePermissions component of the certificate are unique
* <pre>
* Pics Selection: PICS_IUT_CA_ROLE
* Initial conditions:
* with {
* CA is in 'operational' state
* }
* Expected behaviour:
* ensure that {
* when {
* the CA issued the certificate
* containing toBeSigned
* containing certIssuePermissions
* }
* then {
* this certificate is of type EtsiTs103097Certificate
* containing issuer
* containing toBeSigned
* containing certIssuePermissions
* containing items of type PsidGroupPermissions
* containing subjectPermissions
* containing explicit
* and containing items of type PsidSspRange
* containing psid
* indicating unique values in this sequence
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v2.0.1 SECPKI_CA_CERTGEN_16_BV
YannGarcia
committed
* @reference ETSI TS 103 097 [1], clauses 6.4.28, 5.1.2.4
*/
YannGarcia
committed
testcase TC_SECPKI_CA_CERTGEN_16_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
YannGarcia
committed
// Local variables
var integer v_result;
var Certificate v_root_certificate;
YannGarcia
committed
// Test control
if (not PICS_IUT_CA_ROLE) {
log("*** " & testcasename() & ": PICS_IUT_CA_ROLE required for executing the TC ***");
setverdict(inconc);
stop;
}
YannGarcia
committed
// Test component configuration
f_connect4SelfOrClientSync();
YannGarcia
committed
// Test adapter configuration
if (not f_loadCertificates(PX_IUT_SEC_CONFIG_NAME) ) {
log("*** INFO: TEST CASE NOW STOPPING ITSELF! ***");
stop;
}
YannGarcia
committed
// Preamble
v_result := f_get_root_ca_certificate(-, -, v_root_certificate);
if (v_result == -1) {
log("*** " & testcasename() & ": INCONC: Fail to retrive the RCA ***");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
} else {
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
}
YannGarcia
committed
10250
10251
10252
10253
10254
10255
10256
10257
10258
10259
10260
10261
10262
10263
10264
10265
10266
10267
10268
10269
10270
10271
10272
10273
10274
10275
10276
10277
10278
10279
10280
10281
10282
10283
10284
10285
10286
10287
10288
10289
10290
10291
10292
10293
10294
10295
10296
10297
10298
10299
10300
10301
10302
10303
10304
10305
10306
// Test Body
if (f_verify_rca_certificate(-, v_root_certificate, -, -, -, -, -, true) == false) {
log("*** " & testcasename() & ": FAIL: Failed to verify RCA message ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else {
log("*** " & testcasename() & ": PASS: ToBeSignedRcaCtl received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
// Postamble
f_disconnect4SelfOrClientSync();
} // End of testcase TC_SECPKI_CA_CERTGEN_16_BV
/**
* @desc Check that SSP field in each entry of the appPermissions component of the AT certificate is equal to or a subset of the SSP Range in the corresponding issuing entry
* <pre>
* Pics Selection: PICS_IUT_CA_ROLE
* Initial conditions:
* with {
* CA is in 'operational' state
* }
* Expected behaviour:
* ensure that {
* when {
* the CA issued the certificate
* containing toBeSigned
* containing certIssuePermissions
* }
* then {
* this certificate is of type EtsiTs103097Certificate
* containing issuer
* referenced to the certificate
* containing toBeSigned
* containing certIssuePermissions
* containing items of type PsidGroupPermissions
* containing eeType
* indicating app(0)
* and containing subjectPermissions
* containing explicit
* containing items of type PsidSspRange
* containing psid
* indicating X_PSID_AA
* containing sspRange
* indicating X_SSP_AA [ X_PSID_AA ]
* or containing all
* and containing toBeSigned
* containing appPermissions
* containing items of type PsidSsp
* containing psid
* indicating value equal to X_PSID_AA
* containing ssp
* indicating value permitted by X_SSP_AA [ X_PSID_AA ]
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v2.0.1 SECPKI_CA_CERTGEN_17_BV
YannGarcia
committed
* @reference ETSI TS 103 097 [1], clauses 6.4.28, 5.1.2.4
*/
YannGarcia
committed
testcase TC_SECPKI_CA_CERTGEN_17_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
YannGarcia
committed
// Local variables
var integer v_result;
var Certificate v_root_certificate;
YannGarcia
committed
// Test control
if (not PICS_IUT_CA_ROLE) {
log("*** " & testcasename() & ": PICS_IUT_CA_ROLE required for executing the TC ***");
setverdict(inconc);
stop;
}
YannGarcia
committed
// Test component configuration
f_connect4SelfOrClientSync();
YannGarcia
committed
// Test adapter configuration
if (not f_loadCertificates(PX_IUT_SEC_CONFIG_NAME) ) {
log("*** INFO: TEST CASE NOW STOPPING ITSELF! ***");
stop;
}
YannGarcia
committed
// Preamble
v_result := f_get_root_ca_certificate(-, -, v_root_certificate);
if (v_result == -1) {
log("*** " & testcasename() & ": INCONC: Fail to retrive the RCA ***");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
} else {
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
}
YannGarcia
committed
10340
10341
10342
10343
10344
10345
10346
10347
10348
10349
10350
10351
10352
10353
10354
10355
10356
10357
10358
10359
10360
10361
10362
10363
10364
10365
10366
10367
10368
10369
10370
10371
10372
10373
10374
10375
10376
10377
10378
10379
10380
10381
10382
10383
10384
10385
10386
10387
// Test Body
if (f_verify_rca_certificate(-, v_root_certificate, -, -, -, -, -, -, true) == false) {
log("*** " & testcasename() & ": FAIL: Failed to verify RCA message ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else {
log("*** " & testcasename() & ": PASS: ToBeSignedRcaCtl received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
// Postamble
f_disconnect4SelfOrClientSync();
} // End of testcase TC_SECPKI_CA_CERTGEN_17_BV
/**
* @desc Check that the validityPeriod of the subordinate certificate is inside the validityPeriod of the issuing certificate
* <pre>
* Pics Selection: PICS_IUT_CA_ROLE
* Initial conditions:
* with {
* CA is in 'operational' state
* and the CA is authorized with CA certificate
* containing toBeSigned
* containing validityPeriod
* containing start
* indicating X_START_VALIDITY_CA
* containing duration
* indicating X_DURATION_CA
* }
* Expected behaviour:
* ensure that {
* when {
* the CA issued the certificate
* containing toBeSigned
* containing certIssuePermissions
* }
* then {
* this certificate is of type EtsiTs103097Certificate
* containing toBeSigned
* containing validityPeriod
* containing start
* indicating X_START_VALIDITY ( X_START_VALIDITY >= X_START_VALIDITY_CA )
* and containing duration
* indicating value <= X_START_VALIDITY_CA + X_DURATION_CA - X_START_VALIDITY
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v2.0.1 SECPKI_CA_CERTGEN_18_BV
YannGarcia
committed
* @reference ETSI TS 103 097 [1], clauses 6.4.28, 5.1.2.4
*/
YannGarcia
committed
testcase TC_SECPKI_CA_CERTGEN_18_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
YannGarcia
committed
// Local variables
var integer v_result;
var Certificate v_root_certificate;
YannGarcia
committed
// Test control
if (not PICS_IUT_CA_ROLE) {
log("*** " & testcasename() & ": PICS_IUT_CA_ROLE required for executing the TC ***");
setverdict(inconc);
stop;
}
YannGarcia
committed
// Test component configuration
f_connect4SelfOrClientSync();
YannGarcia
committed
// Test adapter configuration
if (not f_loadCertificates(PX_IUT_SEC_CONFIG_NAME) ) {
log("*** INFO: TEST CASE NOW STOPPING ITSELF! ***");
stop;
}
YannGarcia
committed
// Preamble
v_result := f_get_root_ca_certificate(-, -, v_root_certificate);
if (v_result == -1) {
log("*** " & testcasename() & ": INCONC: Fail to retrive the RCA ***");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
} else {
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
}
YannGarcia
committed
// Test Body
if (f_verify_rca_certificate(-, v_root_certificate, -, -, -, -, -, -, -, true) == false) {
log("*** " & testcasename() & ": FAIL: Failed to verify RCA message ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else {
log("*** " & testcasename() & ": PASS: ToBeSignedRcaCtl received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
// Postamble
f_disconnect4SelfOrClientSync();
} // End of testcase TC_SECPKI_CA_CERTGEN_18_BV
} // End of group ca_behaviour
group ea_behavior {
group ea_helpers {
} // End of group ea_helpers
// ETSI TS 103 525-2 V2.0.2 (2023-07) Clause 5.4.1 Enrollment request handling
group ea_enrolment_request_handling {
10445
10446
10447
10448
10449
10450
10451
10452
10453
10454
10455
10456
10457
10458
10459
10460
10461
10462
10463
10464
10465
/**
* @desc The EnrolmentResponse message shall be sent by the EA to the ITS-S across the interface at
* reference point S3 in response to a received EnrolmentRequest message.
* <pre>
* Pics Selection: PICS_IUT_EA_ROLE
* Initial conditions:
* with {
* the IUT being in the "operational state"
* }
* Expected behaviour:
* ensure that {
* when {
* the IUT receives an EnrolmentRequestMessage across the interface at the reference point S3
* }
* then {
* the IUT answers with an EnrolmentResponseMessage across the interface at reference point S3
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v2.0.1 TP SECPKI_EA_ENR_RCV_01_BV
10467
10468
10469
10470
10471
10472
10473
10474
10475
10476
10477
10478
10479
10480
10481
10482
10483
10484
* @reference ETSI TS 102 941, clause 6.2.3.2.2
*/
testcase TC_SECPKI_EA_ENR_RCV_01_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
// Local variables
var Oct32 v_private_key;
var Oct32 v_public_compressed_key;
var integer v_compressed_mode;
var Oct32 v_request_hash;
var Oct16 v_encrypted_sym_key;
var Oct16 v_aes_sym_key;
var HashedId8 v_aes_sym_key_hashed_id8;
var Oct16 v_authentication_vector;
var Oct12 v_nonce;
var octetstring v_salt;
var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
var Headers v_headers;
var HttpMessage v_response;
var EtsiTs102941Data v_etsi_ts_102941_data;
// Test control
if (not PICS_IUT_EA_ROLE) {
log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
setverdict(inconc);
stop;
}
// Test component configuration
f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID);
// Preamble
f_http_build_inner_ec_request(v_private_key, v_public_compressed_key, v_compressed_mode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
v_aes_sym_key_hashed_id8 := f_hashedId8FromSha256(f_hashWithSha256('80'O & v_aes_sym_key)); // Used to match the response
f_init_default_headers_list(-, "inner_ec_request", v_headers);
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
10504
10505
10506
10507
10508
10509
10510
10511
10512
10513
10514
10515
10516
10517
10518
10519
10520
10521
10522
10523
10524
// Test Body
f_http_send(
v_headers,
m_http_request(
m_http_request_post(
PICS_HTTP_POST_URI_EC,
v_headers,
m_http_message_body_binary(
m_binary_body_ieee1609dot2_data(
v_ieee1609dot2_signed_and_encrypted_data
)))));
tc_ac.start;
alt {
[] a_await_ec_http_response_from_iut(
mw_http_response(
mw_http_response_ok(
mw_http_message_body_binary(
mw_binary_body_ieee1609dot2_data(
mw_enrolmentResponseMessage(
mw_encryptedData(
{ *, mw_recipientInfo_pskRecipInfo(v_aes_sym_key_hashed_id8), * },
mw_symmetricCiphertext_aes128ccm
if (f_verify_pki_response_message(v_private_key, v_aes_sym_key, v_authentication_vector, vc_eaWholeHash, v_response.response.body.binary_body.ieee1609dot2_data, true, 1, v_etsi_ts_102941_data) == false) {
log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else {
log("*** " & testcasename() & ": PASS: InnerEcResponse received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
10548
10549
10550
10551
10552
10553
10554
10555
10556
10557
10558
10559
10560
10561
10562
10563
10564
10565
10566
10567
10568
10569
10570
10571
10572
10573
10574
10575
10576
10577
10578
10579
10580
10581
10582
10583
10584
10585
10586
10587
10588
} // End of testcase TC_SECPKI_EA_ENR_RCV_01_BV
/**
* @desc Check that EA doesn't accept Enrolment rekeying request when enrolment is not permitted
* by signing certificate.
* <pre>
* Pics Selection: PICS_IUT_EA_ROLE
* Initial conditions:
* with {
* the IUT being in the "operational state"
* }
* Expected behaviour:
* ensure that {
* when {
* the IUT receives an EnrolmentRequestMessage
* containing an encrypted EtsiTs103097Data-Signed
* containing signer
* containing digest
* indicating HashedId8 of the certificate CERT
* containing appPermissions
* not containing an item of type PsidSsp
* containing psid
* indicating AID_CERT_REQ
* or containing an item of type PsidSsp
* containing psid
* indicating AID_CERT_REQ
* and containing ssp
* containing opaque[0] (version)
* indicating other value than 1
* or containing opaque[1] (value)
* indicating "Enrolment Request" (bit 1) set to 0
* }
* then {
* the IUT answers with an EnrolmentResponseMessage
* containing InnerECResponse
* containing responseCode
* indicating "deniedpermissions"
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v2.0.1 TP SECPKI_EA_ENR_RCV_02_BI
10590
10591
10592
10593
10594
10595
10596
10597
10598
10599
10600
10601
10602
10603
10604
10605
10606
* @reference ETSI TS 102 941, clause B.5
*/
testcase TC_SECPKI_EA_ENR_RCV_02_BI_01() runs on ItsPkiHttp system ItsPkiHttpSystem {
// Local variables
var Oct32 v_private_key;
var Oct32 v_public_compressed_key;
var integer v_compressed_mode;
var Oct32 v_request_hash;
var Oct16 v_encrypted_sym_key;
var Oct16 v_aes_sym_key;
var Oct16 v_authentication_vector;
var Oct12 v_nonce;
var octetstring v_salt;
var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
var Headers v_headers;
var HttpMessage v_response;
var EtsiTs102941Data v_etsi_ts_102941_data;
// Test control
if (not PICS_IUT_EA_ROLE) {
log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
setverdict(inconc);
stop;
}
// Test component configuration
f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID);
// f_cfHttpUp("CERT_TS_A_EA_AA_AUTHVAL_RCV_02_BI_01", PICS_TS_AA_CERTIFICATE_ID);
// Preamble
f_http_build_inner_ec_request_with_wrong_parameters({ valueof(m_appPermissions(c_its_aid_CAM, { bitmapSsp := PX_INNER_EC_CERTFICATE_BITMAP_SSP_SCR })) }, -, f_getCurrentTime() / 1000, valueof(m_duration_in_hours(PX_GENERATED_CERTIFICATE_DURATION)), -, v_private_key, v_public_compressed_key, v_compressed_mode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
// f_http_build_inner_ec_request(v_private_key, v_public_compressed_key, v_compressed_mode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
f_init_default_headers_list(-, "inner_ec_request", v_headers);
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
10627
10628
10629
10630
10631
10632
10633
10634
10635
10636
10637
10638
10639
10640
10641
10642
10643
10644
10645
10646
10647
// Test Body
f_http_send(
v_headers,
m_http_request(
m_http_request_post(
PICS_HTTP_POST_URI_EC,
v_headers,
m_http_message_body_binary(
m_binary_body_ieee1609dot2_data(
v_ieee1609dot2_signed_and_encrypted_data
)))));
tc_ac.start;
alt {
[] a_await_ec_http_response_from_iut(
mw_http_response(
mw_http_response_ok(
mw_http_message_body_binary(
mw_binary_body_ieee1609dot2_data(
mw_enrolmentResponseMessage(
mw_encryptedData(
-,
mw_symmetricCiphertext_aes128ccm
10654
10655
10656
10657
10658
10659
10660
10661
10662
10663
10664
10665
10666
10667
10668
10669
10670
10671
10672
if (f_verify_pki_response_message(v_private_key, v_aes_sym_key, v_authentication_vector, vc_eaWholeHash, v_response.response.body.binary_body.ieee1609dot2_data, true, 1, v_etsi_ts_102941_data) == false) {
log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else {
log(match(v_etsi_ts_102941_data, mw_etsiTs102941Data_inner_ec_response(mw_innerEcResponse_ko(substr(v_request_hash, 0, 16), deniedpermissions))));
if (match(v_etsi_ts_102941_data, mw_etsiTs102941Data_inner_ec_response(mw_innerEcResponse_ko(substr(v_request_hash, 0, 16), deniedpermissions))) == true) {
log("*** " & testcasename() & ": PASS: InnerEcResponse error code received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
} else {
log("*** " & testcasename() & ": FAIL: Invalid InnerEcResponse received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_cfHttpDown();
} // End of testcase TC_SECPKI_EA_ENR_RCV_02_BI_01
testcase TC_SECPKI_EA_ENR_RCV_02_BI_02() runs on ItsPkiHttp system ItsPkiHttpSystem {
// Local variables
var Oct32 v_private_key;
var Oct32 v_public_compressed_key;
var integer v_compressed_mode;
var Oct32 v_request_hash;
var Oct16 v_encrypted_sym_key;
var Oct16 v_aes_sym_key;
var Oct16 v_authentication_vector;
var Oct12 v_nonce;
var octetstring v_salt;
var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
var Headers v_headers;
var HttpMessage v_response;
var EtsiTs102941Data v_etsi_ts_102941_data;
// Test control
if (not PICS_IUT_EA_ROLE) {
log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
setverdict(inconc);
stop;
}
// Test component configuration
f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID);
// f_cfHttpUp("CERT_TS_A_EA_AA_AUTHVAL_RCV_02_BI_01", PICS_TS_AA_CERTIFICATE_ID);
// Preamble
f_http_build_inner_ec_request_with_wrong_parameters({ valueof(m_appPermissions(c_its_aid_SCR, { bitmapSsp := PX_INNER_EC_CERTFICATE_INCORRECT_BITMAP_SSP_SCR_WRONG_VERSION })) }, -, f_getCurrentTime() / 1000, valueof(m_duration_in_hours(PX_GENERATED_CERTIFICATE_DURATION)), -, v_private_key, v_public_compressed_key, v_compressed_mode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
// f_http_build_inner_ec_request(v_private_key, v_public_compressed_key, v_compressed_mode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
f_init_default_headers_list(-, "inner_ec_request", v_headers);
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
10714
10715
10716
10717
10718
10719
10720
10721
10722
10723
10724
10725
10726
10727
10728
10729
10730
10731
10732
10733
10734
// Test Body
f_http_send(
v_headers,
m_http_request(
m_http_request_post(
PICS_HTTP_POST_URI_EC,
v_headers,
m_http_message_body_binary(
m_binary_body_ieee1609dot2_data(
v_ieee1609dot2_signed_and_encrypted_data
)))));
tc_ac.start;
alt {
[] a_await_ec_http_response_from_iut(
mw_http_response(
mw_http_response_ok(
mw_http_message_body_binary(
mw_binary_body_ieee1609dot2_data(
mw_enrolmentResponseMessage(
mw_encryptedData(
-,
mw_symmetricCiphertext_aes128ccm
10741
10742
10743
10744
10745
10746
10747
10748
10749
10750
10751
10752
10753
10754
10755
10756
10757
10758
10759
if (f_verify_pki_response_message(v_private_key, v_aes_sym_key, v_authentication_vector, vc_eaWholeHash, v_response.response.body.binary_body.ieee1609dot2_data, true, 1, v_etsi_ts_102941_data) == false) {
log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else {
log(match(v_etsi_ts_102941_data, mw_etsiTs102941Data_inner_ec_response(mw_innerEcResponse_ko(substr(v_request_hash, 0, 16), deniedpermissions))));
if (match(v_etsi_ts_102941_data, mw_etsiTs102941Data_inner_ec_response(mw_innerEcResponse_ko(substr(v_request_hash, 0, 16), deniedpermissions))) == true) {
log("*** " & testcasename() & ": PASS: InnerEcResponse error code received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
} else {
log("*** " & testcasename() & ": FAIL: Invalid InnerEcResponse received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_cfHttpDown();
} // End of testcase TC_SECPKI_EA_ENR_RCV_02_BI_02
testcase TC_SECPKI_EA_ENR_RCV_02_BI_03() runs on ItsPkiHttp system ItsPkiHttpSystem {
// Local variables
var Oct32 v_private_key;
var Oct32 v_public_compressed_key;
var integer v_compressed_mode;
var Oct32 v_request_hash;
var Oct16 v_encrypted_sym_key;
var Oct16 v_aes_sym_key;
var Oct16 v_authentication_vector;
var Oct12 v_nonce;
var octetstring v_salt;
var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
var Headers v_headers;
var HttpMessage v_response;
var EtsiTs102941Data v_etsi_ts_102941_data;
// Test control
if (not PICS_IUT_EA_ROLE) {
log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
setverdict(inconc);
stop;
}
// Test component configuration
f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID);
// f_cfHttpUp("CERT_TS_A_EA_AA_AUTHVAL_RCV_02_BI_01", PICS_TS_AA_CERTIFICATE_ID);
// Preamble
f_http_build_inner_ec_request_with_wrong_parameters({ valueof(m_appPermissions(c_its_aid_SCR, { bitmapSsp := PX_INNER_EC_CERTFICATE_INCORRECT_BITMAP_SSP_SCR_WRONG_SSP_BIT })) }, -, f_getCurrentTime() / 1000, valueof(m_duration_in_hours(PX_GENERATED_CERTIFICATE_DURATION)), -, v_private_key, v_public_compressed_key, v_compressed_mode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
// f_http_build_inner_ec_request(v_private_key, v_public_compressed_key, v_compressed_mode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
f_init_default_headers_list(-, "inner_ec_request", v_headers);
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
10801
10802
10803
10804
10805
10806
10807
10808
10809
10810
10811
10812
10813
10814
10815
10816
10817
10818
10819
10820
10821
// Test Body
f_http_send(
v_headers,
m_http_request(
m_http_request_post(
PICS_HTTP_POST_URI_EC,
v_headers,
m_http_message_body_binary(
m_binary_body_ieee1609dot2_data(
v_ieee1609dot2_signed_and_encrypted_data
)))));
tc_ac.start;
alt {
[] a_await_ec_http_response_from_iut(
mw_http_response(
mw_http_response_ok(
mw_http_message_body_binary(
mw_binary_body_ieee1609dot2_data(
mw_enrolmentResponseMessage(
mw_encryptedData(
-,
mw_symmetricCiphertext_aes128ccm
10828
10829
10830
10831
10832
10833
10834
10835
10836
10837
10838
10839
10840
10841
10842
10843
10844
10845
10846
if (f_verify_pki_response_message(v_private_key, v_aes_sym_key, v_authentication_vector, vc_eaWholeHash, v_response.response.body.binary_body.ieee1609dot2_data, true, 1, v_etsi_ts_102941_data) == false) {
log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else {
log(match(v_etsi_ts_102941_data, mw_etsiTs102941Data_inner_ec_response(mw_innerEcResponse_ko(substr(v_request_hash, 0, 16), deniedpermissions))));
if (match(v_etsi_ts_102941_data, mw_etsiTs102941Data_inner_ec_response(mw_innerEcResponse_ko(substr(v_request_hash, 0, 16), deniedpermissions))) == true) {
log("*** " & testcasename() & ": PASS: InnerEcResponse error code received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
} else {
log("*** " & testcasename() & ": FAIL: Invalid InnerEcResponse received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_cfHttpDown();
} // End of testcase TC_SECPKI_EA_ENR_RCV_02_BI_03
10853
10854
10855
10856
10857
10858
10859
10860
10861
10862
10863
10864
10865
10866
10867
10868
10869
10870
/**
* @desc Enroll an ITS-Station, but with a canonical-ID, that is not registered.
*/
testcase TC_SECPKI_EA_ENR_RCV_05_BI() runs on ItsPkiHttp system ItsPkiHttpSystem {
// Local variables
var Oct32 v_private_key;
var Oct32 v_public_compressed_key;
var integer v_compressed_mode;
var Oct32 v_request_hash;
var Oct16 v_encrypted_sym_key;
var Oct16 v_aes_sym_key;
var Oct16 v_authentication_vector;
var Oct12 v_nonce;
var octetstring v_salt;
var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
var Headers v_headers;
var HttpMessage v_response;
var EtsiTs102941Data v_etsi_ts_102941_data;
// Test control
if (not PICS_IUT_EA_ROLE) {
log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
setverdict(inconc);
stop;
}
// Test component configuration
f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);
// Preamble
f_http_build_inner_ec_request_with_wrong_parameters({ valueof(m_appPermissions(c_its_aid_SCR, { bitmapSsp := PX_INNER_EC_CERTFICATE_BITMAP_SSP_SCR })) }, PICS_INVALID_ITS_S_CANONICAL_ID, f_getCurrentTime() / 1000, valueof(m_duration_in_hours(PX_GENERATED_CERTIFICATE_DURATION)), -, v_private_key, v_public_compressed_key, v_compressed_mode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
f_init_default_headers_list(-, "inner_ec_request", v_headers);
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
10889
10890
10891
10892
10893
10894
10895
10896
10897
10898
10899
10900
10901
10902
10903
10904
10905
10906
10907
10908
10909
// Test Body
f_http_send(
v_headers,
m_http_request(
m_http_request_post(
PICS_HTTP_POST_URI_EC,
v_headers,
m_http_message_body_binary(
m_binary_body_ieee1609dot2_data(
v_ieee1609dot2_signed_and_encrypted_data
)))));
tc_ac.start;
alt {
[] a_await_ec_http_response_from_iut(
mw_http_response(
mw_http_response_ok(
mw_http_message_body_binary(
mw_binary_body_ieee1609dot2_data(
mw_enrolmentResponseMessage(
mw_encryptedData(
-,
mw_symmetricCiphertext_aes128ccm
10916
10917
10918
10919
10920
10921
10922
10923
10924
10925
10926
10927
10928
10929
10930
10931
10932
10933
10934
if (f_verify_pki_response_message(v_private_key, v_aes_sym_key, v_authentication_vector, vc_eaWholeHash, v_response.response.body.binary_body.ieee1609dot2_data, true, 1, v_etsi_ts_102941_data) == false) {
log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else {
log(match(v_etsi_ts_102941_data, mw_etsiTs102941Data_inner_ec_response(mw_innerEcResponse_ko(substr(v_request_hash, 0, 16), unknownits))));
if (match(v_etsi_ts_102941_data, mw_etsiTs102941Data_inner_ec_response(mw_innerEcResponse_ko(substr(v_request_hash, 0, 16), unknownits))) == false) {
log("*** " & testcasename() & ": FAIL: Invalid InnerEcResponse received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else {
log("*** " & testcasename() & ": PASS: InnerEcResponse with deniedrequest received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
}
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_cfHttpDown();
} // End of testcase TC_SECPKI_EA_ENR_RCV_05_BI
10941
10942
10943
10944
10945
10946
10947
10948
10949
10950
10951
10952
10953
10954
10955
10956
10957
10958
10959
/**
* @desc Enroll the ITS-Station, but the CSR re-quests more permissions than the issuer allows,
* i.e. request for security management SSP bit which is not set in the EA SSP
*/
testcase TC_SECPKI_EA_ENR_RCV_06_BI() runs on ItsPkiHttp system ItsPkiHttpSystem {
// Local variables
var Oct32 v_private_key;
var Oct32 v_public_compressed_key;
var integer v_compressed_mode;
var Oct32 v_request_hash;
var Oct16 v_encrypted_sym_key;
var Oct16 v_aes_sym_key;
var Oct16 v_authentication_vector;
var Oct12 v_nonce;
var octetstring v_salt;
var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
var Headers v_headers;
var HttpMessage v_response;
var EtsiTs102941Data v_etsi_ts_102941_data;
// Test control
if (not PICS_IUT_EA_ROLE) {
log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
setverdict(inconc);
stop;
}
// Test component configuration
f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);
// Preamble
f_http_build_inner_ec_request_with_wrong_parameters({ valueof(m_appPermissions(c_its_aid_SCR, { bitmapSsp := PX_INNER_EC_CERTFICATE_INCORRECT_BITMAP_SSP_SCR })) }, -, f_getCurrentTime() / 1000, valueof(m_duration_in_hours(PX_GENERATED_CERTIFICATE_DURATION)), -, v_private_key, v_public_compressed_key, v_compressed_mode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
f_init_default_headers_list(-, "inner_ec_request", v_headers);
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
10978
10979
10980
10981
10982
10983
10984
10985
10986
10987
10988
10989
10990
10991
10992
10993
10994
10995
10996
10997
10998
// Test Body
f_http_send(
v_headers,
m_http_request(
m_http_request_post(
PICS_HTTP_POST_URI_EC,
v_headers,
m_http_message_body_binary(
m_binary_body_ieee1609dot2_data(
v_ieee1609dot2_signed_and_encrypted_data
)))));
tc_ac.start;
alt {
[] a_await_ec_http_response_from_iut(
mw_http_response(
mw_http_response_ok(
mw_http_message_body_binary(
mw_binary_body_ieee1609dot2_data(
mw_enrolmentResponseMessage(
mw_encryptedData(
-,
mw_symmetricCiphertext_aes128ccm