Loading ItsPki_TestCases.ttcn +90 −142 Original line number Diff line number Diff line Loading @@ -844,8 +844,6 @@ module ItsPki_TestCases { var PublicVerificationKey v_canonical_key; tc_ac.stop; f_send_500_Internal_Error(v_headers); // we don't care about response if( not f_read_ec_request_from_iut_itss(v_request.request.body.binary_body.ieee1609dot2_data, v_request_hash, v_aes_enc_key, v_decrypted_message, Loading @@ -853,9 +851,19 @@ module ItsPki_TestCases { v_inner_ec_request)) { log("*** " & testcasename() & ": FAIL: Can't parse enrolment request***"); f_send_500_Internal_Error(v_headers); f_selfOrClientSyncAndVerdict(c_tbDone, e_error); } if(not f_http_build_error_ec_response(unknownits, v_request_hash, vc_eaPrivateEncKey, vc_eaWholeHash, v_aes_enc_key, v_response_message)) { log("*** " & testcasename() & ": INCOMC: Can't generate enrolment response***"); f_send_500_Internal_Error(v_headers); f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout); } f_http_send( v_headers, m_http_response( m_http_response_ok( m_http_message_body_binary( m_binary_body_ieee1609dot2_data( v_response_message)), v_headers))); if( not isvalue(v_inner_ec_request) ){ log("*** " & testcasename() & ": FAIL: Can't parse enrolment request***"); f_selfOrClientSyncAndVerdict(c_tbDone, e_error); Loading Loading @@ -2606,6 +2614,8 @@ module ItsPki_TestCases { * @see ETSI TS 103 525-2 TP SECPKI_ITSS_ENR_REP_01_BV * @reference ETSI TS 103 601, clause 5.1.2 */ group g_TC_SECPKI_ITSS_ENR_REP_01_BV { testcase TC_SECPKI_ITSS_ENR_REP_01_BV() runs on ItsMtc system ItsPkiItssSystem { // Local variables var ItsPkiItss v_itss; Loading Loading @@ -2633,8 +2643,6 @@ module ItsPki_TestCases { } // End of testcase TC_SECPKI_ITSS_ENR_REP_01_BV group f_TC_SECPKI_ITSS_ENR_REP_01_BV { function f_TC_SECPKI_ITSS_ENR_REP_01_BV_pki() runs on ItsPkiHttp system ItsPkiItssSystem { // Local variable var Headers v_headers; Loading Loading @@ -2705,6 +2713,7 @@ module ItsPki_TestCases { * @see ETSI TS 103 525-2 TP SECPKI_ITSS_ENR_REP_02_BV * @reference ETSI TS 103 601, clause 5.1.2 */ group f_TC_SECPKI_ITSS_ENR_REP_02_BV { testcase TC_SECPKI_ITSS_ENR_REP_02_BV() runs on ItsMtc system ItsPkiItssSystem { // Local variables var ItsPkiItss v_itss; Loading @@ -2721,7 +2730,7 @@ module ItsPki_TestCases { f_cfMtcUp01(v_itss, v_ea); // Start component v_itss.start(f_TC_SECPKI_ITSS_ENR_REP_02_BV_itss()); v_itss.start(f_TC_SECPKI_ITSS_ENR_01_BV_itss()); v_ea.start(f_TC_SECPKI_ITSS_ENR_REP_02_BV_pki()); // Synchronization Loading @@ -2732,57 +2741,11 @@ module ItsPki_TestCases { } // End of testcase TC_SECPKI_ITSS_ENR_REP_02_BV group f_TC_SECPKI_ITSS_ENR_REP_02_BV { function f_TC_SECPKI_ITSS_ENR_REP_02_BV_itss() runs on ItsPkiItss system ItsPkiItssSystem { // Local variables var HashedId8 v_certificate_digest; var EtsiTs103097Certificate v_certificate; // Test component configuration vc_hashedId8ToBeUsed := PX_IUT_DEFAULT_CERTIFICATE; f_cfUp_itss(); // Test adapter configuration // Preamble // Initial state: No CAM shall be emitted geoNetworkingPort.clear; tc_noac.start; alt { [] geoNetworkingPort.receive { log("No CA message expected"); f_selfOrClientSyncAndVerdict(c_prDone, e_error); } [] tc_noac.timeout { log("*** " & testcasename() & ": INFO: No CA message received ***"); f_selfOrClientSyncAndVerdict(c_prDone, e_success); } } // End of 'alt' statement // Test Body f_sendUtTriggerEnrolmentRequestPrimitive(); tc_noac.start; alt { [] geoNetworkingPort.receive { log("No CA message expected"); f_selfOrClientSyncAndVerdict(c_tbDone, e_error); } [] tc_noac.timeout { log("*** " & testcasename() & ": PASS: Enrolment trigger sent successfully ***"); f_selfOrClientSyncAndVerdict(c_tbDone, e_success); } } // End of 'alt' statement // Postamble f_cfDown_itss(); } // End of function f_TC_SECPKI_ITSS_ENR_REP_02_BV_itss function f_TC_SECPKI_ITSS_ENR_REP_02_BV_pki() runs on ItsPkiHttp system ItsPkiItssSystem { // Local variable var Headers v_headers; var HttpMessage v_request; var HttpMessage v_initial_request; var HttpMessage v_request1; var HttpMessage v_request2; // Test component configuration f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID); Loading @@ -2791,8 +2754,18 @@ module ItsPki_TestCases { // Preamble f_init_default_headers_list(-, "inner_ec_response", v_headers); f_await_ec_request_send_error_response(v_initial_request); log("*** " & testcasename() & ": INFO: Reply with 400 Bad Request error message ***"); tc_ac.start; alt { [] a_await_ec_http_request_from_iut(mw_http_ec_request_generic, v_request1) { log("*** " & testcasename() & ": INFO: First enrolment request received ***"); tc_ac.stop; f_http_restart("inner_ec_request"); } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: First enrolment request not received ***"); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout); } } // End of 'alt' statement f_selfOrClientSyncAndVerdict(c_prDone, e_success); // Test Body Loading @@ -2803,48 +2776,23 @@ module ItsPki_TestCases { mw_http_request_post( PICS_HTTP_POST_URI_EC, -, mw_http_message_body_binary( mw_binary_body_ieee1609dot2_data( mw_enrolmentRequestMessage( mw_encryptedData( { *, mw_recipientInfo_certRecipInfo(mw_pKRecipientInfo(vc_eaHashedId8)), * }, mw_symmetricCiphertext_aes128ccm )))))), v_request ) { tc_ac.stop; v_request1.request.body)), if (f_verify_repeated_request(v_request, v_initial_request) == false) { log("*** " & testcasename() & ": FAIL: Repetition request are different ***"); f_selfOrClientSyncAndVerdict(c_tbDone, e_error); } else { // Repetition request are same var HttpMessage v_response; var integer v_result; var InnerEcRequest v_inner_ec_request; var InnerEcResponse v_inner_ec_response; // Verify IUT response f_verify_http_ec_request_from_iut_itss(v_request.request, v_headers, v_inner_ec_request, v_inner_ec_response, v_response, v_result); // Send response if (isvalue(v_response)) { httpPort.send(v_response); } else { // Send HTTP error 500 f_send_500_Internal_Error(v_headers); } // Set verdict if (v_result == 0) { log("*** " & testcasename() & ": PASS: InnerEcRequest received ***"); f_selfOrClientSyncAndVerdict(c_tbDone, e_success); } else { log("*** " & testcasename() & ": FAIL: Failed to verify EA an EnrolmentRequestMessage ***"); f_selfOrClientSyncAndVerdict(c_tbDone, e_error); } v_request2) { tc_ac.stop; log("*** " & testcasename() & ": PASS: Same enrolment request received ***"); // send error respond to prevent future requests f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_success); } [] a_await_ec_http_request_from_iut(mw_http_ec_request_generic, v_request2) { tc_ac.stop; log("*** " & testcasename() & ": FAIL: 2nd enrolment request is not identical ***"); f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_error); } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected message not received ***"); f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout); log("*** " & testcasename() & ": INCONC: First enrolment request not received ***"); f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout); } } // End of 'alt' statement Loading lib_system/LibItsPki_Functions.ttcn +43 −0 Original line number Diff line number Diff line Loading @@ -1341,6 +1341,49 @@ module LibItsPki_Functions { return p_result; } // End of function f_http_build_inner_ec_response function f_http_build_error_ec_response( in EnrolmentResponseCode p_responseCode := ok, in Oct16 p_request_hash, in octetstring p_private_key := ''O, in octetstring p_digest := ''O, in Oct16 p_aes_sym_key, out Ieee1609Dot2Data p_ieee1609dot2_signed_and_encrypted_data ) return boolean { // Local variables var octetstring v_msg; var Oct12 v_nonce; var Ieee1609Dot2Data v_ieee1609dot2_signed_data; var boolean p_result := false; var InnerEcResponse v_inner_ec_response; // Check expectred response if (p_responseCode == ok) { return false; } v_inner_ec_response := valueof( m_innerEcResponse_ko( p_request_hash, p_responseCode ) ); // Secure the response log("f_http_build_error_ec_response: p_inner_ec_response= ", v_inner_ec_response); v_msg := bit2oct(encvalue(m_etsiTs102941Data_inner_ec_response(v_inner_ec_response))); v_nonce := substr(f_hashWithSha256(int2oct((f_getCurrentTimeUtc() * 1000), 16)), 0, 12); // Random value // TODO Consider Sha384: m_signerIdentifier_digest(f_hashedId8FromSha384(p_digest)) if (f_build_pki_secured_response_message(p_private_key, valueof(m_signerIdentifier_digest(f_hashedId8FromSha256(p_digest))),// in SignerIdentifier p_signer_identifier, v_msg, p_aes_sym_key, v_nonce, p_ieee1609dot2_signed_and_encrypted_data ) == false) { log("f_http_build_inner_ec_response: Failed to generate the certificate"); return false; } return true; } // End of function f_http_build_error_ec_response function f_http_build_authorization_request( in Certificate p_ec_certificate, // Enrolment credentials certificate in octetstring p_ec_private_key, Loading Loading
ItsPki_TestCases.ttcn +90 −142 Original line number Diff line number Diff line Loading @@ -844,8 +844,6 @@ module ItsPki_TestCases { var PublicVerificationKey v_canonical_key; tc_ac.stop; f_send_500_Internal_Error(v_headers); // we don't care about response if( not f_read_ec_request_from_iut_itss(v_request.request.body.binary_body.ieee1609dot2_data, v_request_hash, v_aes_enc_key, v_decrypted_message, Loading @@ -853,9 +851,19 @@ module ItsPki_TestCases { v_inner_ec_request)) { log("*** " & testcasename() & ": FAIL: Can't parse enrolment request***"); f_send_500_Internal_Error(v_headers); f_selfOrClientSyncAndVerdict(c_tbDone, e_error); } if(not f_http_build_error_ec_response(unknownits, v_request_hash, vc_eaPrivateEncKey, vc_eaWholeHash, v_aes_enc_key, v_response_message)) { log("*** " & testcasename() & ": INCOMC: Can't generate enrolment response***"); f_send_500_Internal_Error(v_headers); f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout); } f_http_send( v_headers, m_http_response( m_http_response_ok( m_http_message_body_binary( m_binary_body_ieee1609dot2_data( v_response_message)), v_headers))); if( not isvalue(v_inner_ec_request) ){ log("*** " & testcasename() & ": FAIL: Can't parse enrolment request***"); f_selfOrClientSyncAndVerdict(c_tbDone, e_error); Loading Loading @@ -2606,6 +2614,8 @@ module ItsPki_TestCases { * @see ETSI TS 103 525-2 TP SECPKI_ITSS_ENR_REP_01_BV * @reference ETSI TS 103 601, clause 5.1.2 */ group g_TC_SECPKI_ITSS_ENR_REP_01_BV { testcase TC_SECPKI_ITSS_ENR_REP_01_BV() runs on ItsMtc system ItsPkiItssSystem { // Local variables var ItsPkiItss v_itss; Loading Loading @@ -2633,8 +2643,6 @@ module ItsPki_TestCases { } // End of testcase TC_SECPKI_ITSS_ENR_REP_01_BV group f_TC_SECPKI_ITSS_ENR_REP_01_BV { function f_TC_SECPKI_ITSS_ENR_REP_01_BV_pki() runs on ItsPkiHttp system ItsPkiItssSystem { // Local variable var Headers v_headers; Loading Loading @@ -2705,6 +2713,7 @@ module ItsPki_TestCases { * @see ETSI TS 103 525-2 TP SECPKI_ITSS_ENR_REP_02_BV * @reference ETSI TS 103 601, clause 5.1.2 */ group f_TC_SECPKI_ITSS_ENR_REP_02_BV { testcase TC_SECPKI_ITSS_ENR_REP_02_BV() runs on ItsMtc system ItsPkiItssSystem { // Local variables var ItsPkiItss v_itss; Loading @@ -2721,7 +2730,7 @@ module ItsPki_TestCases { f_cfMtcUp01(v_itss, v_ea); // Start component v_itss.start(f_TC_SECPKI_ITSS_ENR_REP_02_BV_itss()); v_itss.start(f_TC_SECPKI_ITSS_ENR_01_BV_itss()); v_ea.start(f_TC_SECPKI_ITSS_ENR_REP_02_BV_pki()); // Synchronization Loading @@ -2732,57 +2741,11 @@ module ItsPki_TestCases { } // End of testcase TC_SECPKI_ITSS_ENR_REP_02_BV group f_TC_SECPKI_ITSS_ENR_REP_02_BV { function f_TC_SECPKI_ITSS_ENR_REP_02_BV_itss() runs on ItsPkiItss system ItsPkiItssSystem { // Local variables var HashedId8 v_certificate_digest; var EtsiTs103097Certificate v_certificate; // Test component configuration vc_hashedId8ToBeUsed := PX_IUT_DEFAULT_CERTIFICATE; f_cfUp_itss(); // Test adapter configuration // Preamble // Initial state: No CAM shall be emitted geoNetworkingPort.clear; tc_noac.start; alt { [] geoNetworkingPort.receive { log("No CA message expected"); f_selfOrClientSyncAndVerdict(c_prDone, e_error); } [] tc_noac.timeout { log("*** " & testcasename() & ": INFO: No CA message received ***"); f_selfOrClientSyncAndVerdict(c_prDone, e_success); } } // End of 'alt' statement // Test Body f_sendUtTriggerEnrolmentRequestPrimitive(); tc_noac.start; alt { [] geoNetworkingPort.receive { log("No CA message expected"); f_selfOrClientSyncAndVerdict(c_tbDone, e_error); } [] tc_noac.timeout { log("*** " & testcasename() & ": PASS: Enrolment trigger sent successfully ***"); f_selfOrClientSyncAndVerdict(c_tbDone, e_success); } } // End of 'alt' statement // Postamble f_cfDown_itss(); } // End of function f_TC_SECPKI_ITSS_ENR_REP_02_BV_itss function f_TC_SECPKI_ITSS_ENR_REP_02_BV_pki() runs on ItsPkiHttp system ItsPkiItssSystem { // Local variable var Headers v_headers; var HttpMessage v_request; var HttpMessage v_initial_request; var HttpMessage v_request1; var HttpMessage v_request2; // Test component configuration f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID); Loading @@ -2791,8 +2754,18 @@ module ItsPki_TestCases { // Preamble f_init_default_headers_list(-, "inner_ec_response", v_headers); f_await_ec_request_send_error_response(v_initial_request); log("*** " & testcasename() & ": INFO: Reply with 400 Bad Request error message ***"); tc_ac.start; alt { [] a_await_ec_http_request_from_iut(mw_http_ec_request_generic, v_request1) { log("*** " & testcasename() & ": INFO: First enrolment request received ***"); tc_ac.stop; f_http_restart("inner_ec_request"); } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: First enrolment request not received ***"); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout); } } // End of 'alt' statement f_selfOrClientSyncAndVerdict(c_prDone, e_success); // Test Body Loading @@ -2803,48 +2776,23 @@ module ItsPki_TestCases { mw_http_request_post( PICS_HTTP_POST_URI_EC, -, mw_http_message_body_binary( mw_binary_body_ieee1609dot2_data( mw_enrolmentRequestMessage( mw_encryptedData( { *, mw_recipientInfo_certRecipInfo(mw_pKRecipientInfo(vc_eaHashedId8)), * }, mw_symmetricCiphertext_aes128ccm )))))), v_request ) { tc_ac.stop; v_request1.request.body)), if (f_verify_repeated_request(v_request, v_initial_request) == false) { log("*** " & testcasename() & ": FAIL: Repetition request are different ***"); f_selfOrClientSyncAndVerdict(c_tbDone, e_error); } else { // Repetition request are same var HttpMessage v_response; var integer v_result; var InnerEcRequest v_inner_ec_request; var InnerEcResponse v_inner_ec_response; // Verify IUT response f_verify_http_ec_request_from_iut_itss(v_request.request, v_headers, v_inner_ec_request, v_inner_ec_response, v_response, v_result); // Send response if (isvalue(v_response)) { httpPort.send(v_response); } else { // Send HTTP error 500 f_send_500_Internal_Error(v_headers); } // Set verdict if (v_result == 0) { log("*** " & testcasename() & ": PASS: InnerEcRequest received ***"); f_selfOrClientSyncAndVerdict(c_tbDone, e_success); } else { log("*** " & testcasename() & ": FAIL: Failed to verify EA an EnrolmentRequestMessage ***"); f_selfOrClientSyncAndVerdict(c_tbDone, e_error); } v_request2) { tc_ac.stop; log("*** " & testcasename() & ": PASS: Same enrolment request received ***"); // send error respond to prevent future requests f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_success); } [] a_await_ec_http_request_from_iut(mw_http_ec_request_generic, v_request2) { tc_ac.stop; log("*** " & testcasename() & ": FAIL: 2nd enrolment request is not identical ***"); f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_error); } [] tc_ac.timeout { log("*** " & testcasename() & ": INCONC: Expected message not received ***"); f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout); log("*** " & testcasename() & ": INCONC: First enrolment request not received ***"); f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout); } } // End of 'alt' statement Loading
lib_system/LibItsPki_Functions.ttcn +43 −0 Original line number Diff line number Diff line Loading @@ -1341,6 +1341,49 @@ module LibItsPki_Functions { return p_result; } // End of function f_http_build_inner_ec_response function f_http_build_error_ec_response( in EnrolmentResponseCode p_responseCode := ok, in Oct16 p_request_hash, in octetstring p_private_key := ''O, in octetstring p_digest := ''O, in Oct16 p_aes_sym_key, out Ieee1609Dot2Data p_ieee1609dot2_signed_and_encrypted_data ) return boolean { // Local variables var octetstring v_msg; var Oct12 v_nonce; var Ieee1609Dot2Data v_ieee1609dot2_signed_data; var boolean p_result := false; var InnerEcResponse v_inner_ec_response; // Check expectred response if (p_responseCode == ok) { return false; } v_inner_ec_response := valueof( m_innerEcResponse_ko( p_request_hash, p_responseCode ) ); // Secure the response log("f_http_build_error_ec_response: p_inner_ec_response= ", v_inner_ec_response); v_msg := bit2oct(encvalue(m_etsiTs102941Data_inner_ec_response(v_inner_ec_response))); v_nonce := substr(f_hashWithSha256(int2oct((f_getCurrentTimeUtc() * 1000), 16)), 0, 12); // Random value // TODO Consider Sha384: m_signerIdentifier_digest(f_hashedId8FromSha384(p_digest)) if (f_build_pki_secured_response_message(p_private_key, valueof(m_signerIdentifier_digest(f_hashedId8FromSha256(p_digest))),// in SignerIdentifier p_signer_identifier, v_msg, p_aes_sym_key, v_nonce, p_ieee1609dot2_signed_and_encrypted_data ) == false) { log("f_http_build_inner_ec_response: Failed to generate the certificate"); return false; } return true; } // End of function f_http_build_error_ec_response function f_http_build_authorization_request( in Certificate p_ec_certificate, // Enrolment credentials certificate in octetstring p_ec_private_key, Loading
