Skip to content
GitLab
Commits (7)
Hide whitespace changes
Inline Side-by-side
ItsPki_TestCases.ttcn
View file @ c148ec09
...@@ -86,13 +86,13 @@ module ItsPki_TestCases { ...@@ -86,13 +86,13 @@ module ItsPki_TestCases {
* @desc 5.2 ITS-S behaviour * @desc 5.2 ITS-S behaviour
*/ */
group itss_behavior { group itss_behavior {
group itss_states { group itss_states {
const charstring c_stInitial := "initial"; const charstring c_stInitial := "initial";
const charstring c_stEnrolled := "enrolled"; const charstring c_stEnrolled := "enrolled";
const charstring c_stAuthorized := "authorized"; const charstring c_stAuthorized := "authorized";
} }
   
group itss_helpers { group itss_helpers {
   
/** /**
...@@ -188,6 +188,7 @@ module ItsPki_TestCases { ...@@ -188,6 +188,7 @@ module ItsPki_TestCases {
p_result := -4; p_result := -4;
goto L_Done; goto L_Done;
} }
// TODO Check ValidityPeriod // TODO Check ValidityPeriod
   
// Send OK message // Send OK message
...@@ -225,9 +226,12 @@ module ItsPki_TestCases { ...@@ -225,9 +226,12 @@ module ItsPki_TestCases {
log("f_verify_http_ec_request_from_iut_itss: Succeed but force error code ", p_force_response_code); log("f_verify_http_ec_request_from_iut_itss: Succeed but force error code ", p_force_response_code);
f_http_build_inner_ec_response(p_inner_ec_request, p_force_response_code, v_request_hash, vc_eaPrivateKey, vc_eaWholeHash, v_aes_enc_key, v_ec_certificate, v_ec_certificate_hashed_id8, p_inner_ec_response, v_ieee1609dot2_signed_and_encrypted_data); f_http_build_inner_ec_response(p_inner_ec_request, p_force_response_code, v_request_hash, vc_eaPrivateKey, vc_eaWholeHash, v_aes_enc_key, v_ec_certificate, v_ec_certificate_hashed_id8, p_inner_ec_response, v_ieee1609dot2_signed_and_encrypted_data);
} }
label L_Done; label L_Done;
v_response := m_http_response(m_http_response_ok(m_http_message_body_binary(m_binary_body_ieee1609dot2_data(v_ieee1609dot2_signed_and_encrypted_data)), p_headers)); v_response := m_http_response(m_http_response_ok(m_http_message_body_binary(m_binary_body_ieee1609dot2_data(v_ieee1609dot2_signed_and_encrypted_data)), p_headers));
   
// Set verdict
p_result := 0;
p_response := valueof(v_response); p_response := valueof(v_response);
log("<<< f_verify_http_ec_request_from_iut_itss: p_response: ", p_response); log("<<< f_verify_http_ec_request_from_iut_itss: p_response: ", p_response);
log("<<< f_verify_http_ec_request_from_iut_itss: p_result: ", p_result); log("<<< f_verify_http_ec_request_from_iut_itss: p_result: ", p_result);
...@@ -249,11 +253,9 @@ module ItsPki_TestCases { ...@@ -249,11 +253,9 @@ module ItsPki_TestCases {
in AuthorizationResponseCode p_force_response_code := ok in AuthorizationResponseCode p_force_response_code := ok
) runs on ItsPkiHttp { ) runs on ItsPkiHttp {
// Local variables // Local variables
var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
var Ieee1609Dot2Data v_ieee1609dot2_data; var Ieee1609Dot2Data v_ieee1609dot2_data;
var EtsiTs102941Data v_etsi_ts_102941_data; var EtsiTs102941Data v_etsi_ts_102941_data;
var Oct16 v_request_hash; var Oct16 v_request_hash;
var HashedId8 v_bfk_hashed_id8;
var Oct16 v_aes_enc_key; var Oct16 v_aes_enc_key;
var template (value) HttpMessage v_response; var template (value) HttpMessage v_response;
var octetstring v_msg; var octetstring v_msg;
...@@ -398,6 +400,7 @@ module ItsPki_TestCases { ...@@ -398,6 +400,7 @@ module ItsPki_TestCases {
* @desc The purpose of this function is verify the AT request and extract InnerAtRequest , verify ecSignature and build the InnerAtResponse for the HTTP response * @desc The purpose of this function is verify the AT request and extract InnerAtRequest , verify ecSignature and build the InnerAtResponse for the HTTP response
* Note: This function accepts additional parameters to alter the response * Note: This function accepts additional parameters to alter the response
*/ */
function f_verify_http_at_request_from_iut_itss_for_ecSignature( function f_verify_http_at_request_from_iut_itss_for_ecSignature(
in Request p_request, in Request p_request,
in Headers p_headers, in Headers p_headers,
...@@ -411,7 +414,7 @@ module ItsPki_TestCases { ...@@ -411,7 +414,7 @@ module ItsPki_TestCases {
in AuthorizationResponseCode p_force_response_code := ok in AuthorizationResponseCode p_force_response_code := ok
) runs on ItsPkiHttp { ) runs on ItsPkiHttp {
// Local variables // Local variables
var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data; var Ieee1609Dot2Data v_ieee1609dot2_data;
var EtsiTs102941Data v_etsi_ts_102941_data; var EtsiTs102941Data v_etsi_ts_102941_data;
var Ieee1609Dot2Data v_ieee1609dot2_signed_data; //new variable var Ieee1609Dot2Data v_ieee1609dot2_signed_data; //new variable
var HashedId8 v_ec_certificate_hashed_id8 //new variable var HashedId8 v_ec_certificate_hashed_id8 //new variable
...@@ -420,22 +423,51 @@ module ItsPki_TestCases { ...@@ -420,22 +423,51 @@ module ItsPki_TestCases {
var HashedId8 v_bfk_hashed_id8; var HashedId8 v_bfk_hashed_id8;
var Oct16 v_aes_enc_key; var Oct16 v_aes_enc_key;
var template (value) HttpMessage v_response; var template (value) HttpMessage v_response;
var octetstring v_msg;
   
log(">>> f_verify_http_at_request_from_iut_itss_for_ecSignature:", p_request); log(">>> f_verify_http_at_request_from_iut_itss_for_ecSignature:", p_request);
   
p_result := 0; p_result := 0;
   
// Do not verify the signature now because ATRequest is required to verify the POP signature ==> false // 1. Calculate the request Hash
if (f_verify_pki_request_message(vc_aaPrivateEncKey, vc_aaWholeHash/*salt*/, ''O, omit, p_request.body.binary_body.ieee1609dot2_data, false, v_request_hash, v_bfk_hashed_id8, v_etsi_ts_102941_data, v_aes_enc_key) == false) { // Only decryption v_msg := bit2oct(encvalue(p_request.body.binary_body.ieee1609dot2_data));
// Send error message, unable to decrypt it log(">>> f_verify_http_at_request_from_iut_itss: Encoded request: ", v_msg);
v_response := m_http_response(m_http_response_ko_no_body(p_headers, 400, "Bad request")); // Initialize v_response with an error message v_request_hash := substr(f_hashWithSha256(v_msg), 0, 16);
log(">>> f_verify_http_at_request_from_iut_itss: p_request_hash= ", v_request_hash);
// 2. Decrypt the InnerAtRequest
if (false == f_decrypt(vc_aaPrivateEncKey, // AA private encryption key
p_request.body.binary_body.ieee1609dot2_data , // data to be decrypted
vc_aaWholeHash, // salt
v_ieee1609dot2_data, // decrypted message
v_aes_enc_key)) {
log("f_verify_http_at_request_from_iut_itss: Failed to decrypt message");
// Send error message, unable to decypt it
p_response := valueof(m_http_response(m_http_response_ko_no_body(p_headers, 400, "Bad request"))); // Initialize v_reponse with an error message
// Set verdict // Set verdict
p_result := -1; p_result := -1;
return;
}
// check if signed
var bitstring v_msg_bit;
if(ispresent(v_ieee1609dot2_data.content.signedData)){
if(not ispresent(v_ieee1609dot2_data.content.signedData.tbsData.payload.data)
or not ispresent(v_ieee1609dot2_data.content.signedData.tbsData.payload.data.content.unsecuredData))
{
log("f_verify_http_at_request_from_iut_itss: Invalid message payload");
p_response := valueof(m_http_response(m_http_response_ko_no_body(p_headers, 400, "Bad request")));
p_result := -1;
return;
}
log("f_verify_http_at_request_from_iut_itss: v_ieee1609dot2_data.content.signedData.tbsData.payload.data.content.unsecuredData= ", v_ieee1609dot2_data.content.signedData.tbsData.payload.data.content.unsecuredData);
v_msg_bit := oct2bit(v_ieee1609dot2_data.content.signedData.tbsData.payload.data.content.unsecuredData);
} else { } else {
log("f_verify_http_at_request_from_iut_itss_for_ecSignature: matching: ", match(v_etsi_ts_102941_data.content, mw_authorizationRequest(mw_innerAtRequest))); // to get the unmatching in log log("f_verify_http_at_request_from_iut_itss_for_ecSignature: matching: ", match(v_etsi_ts_102941_data.content, mw_authorizationRequest(mw_innerAtRequest))); // to get the unmatching in log
if (match(v_etsi_ts_102941_data.content, mw_authorizationRequest(mw_innerAtRequest)) == false) { if (match(v_etsi_ts_102941_data.content, mw_authorizationRequest(mw_innerAtRequest)) == false) {
// Send error message // Send error message
f_http_build_authorization_response(-, its_aa_cantparse, v_request_hash, -, -, v_aes_enc_key, p_inner_at_response, v_ieee1609dot2_signed_and_encrypted_data); f_http_build_authorization_response(-, its_aa_cantparse, v_request_hash, vc_aaPrivateKey, vc_aaWholeHash, v_aes_enc_key, p_inner_at_response, v_ieee1609dot2_data);
// Set verdict // Set verdict
p_result := -2; p_result := -2;
} else { } else {
...@@ -444,8 +476,8 @@ module ItsPki_TestCases { ...@@ -444,8 +476,8 @@ module ItsPki_TestCases {
log("f_verify_http_at_request_from_iut_itss_for_ecSignature: match ", match(v_inner_at_request, mw_innerAtRequest(mw_publicKeys, -, mw_shared_at_request, mw_ec_signature))); // to get the unmatching in log log("f_verify_http_at_request_from_iut_itss_for_ecSignature: match ", match(v_inner_at_request, mw_innerAtRequest(mw_publicKeys, -, mw_shared_at_request, mw_ec_signature))); // to get the unmatching in log
if (match(v_inner_at_request, mw_innerAtRequest(mw_publicKeys, -, mw_shared_at_request, mw_ec_signature)) == false) { // TODO To be refined if (match(v_inner_at_request, mw_innerAtRequest(mw_publicKeys, -, mw_shared_at_request, mw_ec_signature)) == false) { // TODO To be refined
// Send error message: No authorization request // Send error message: No authorization request
f_http_build_authorization_response(p_inner_at_request, its_aa_badcontenttype, v_request_hash, -, -, v_aes_enc_key, p_inner_at_response, v_ieee1609dot2_signed_and_encrypted_data); f_http_build_authorization_response(p_inner_at_request, its_aa_badcontenttype, v_request_hash, -, -, v_aes_enc_key, p_inner_at_response, v_ieee1609dot2_data);
v_response := m_http_response(m_http_response_ok(m_http_message_body_binary(m_binary_body_ieee1609dot2_data(v_ieee1609dot2_signed_and_encrypted_data)), p_headers)); v_response := m_http_response(m_http_response_ok(m_http_message_body_binary(m_binary_body_ieee1609dot2_data(v_ieee1609dot2_data)), p_headers));
// Set verdict // Set verdict
p_result := -3; p_result := -3;
} else { } else {
...@@ -453,8 +485,8 @@ module ItsPki_TestCases { ...@@ -453,8 +485,8 @@ module ItsPki_TestCases {
// Check ecSignature // Check ecSignature
if (ispresent(v_inner_at_request.ecSignature.ecSignature) == false) { if (ispresent(v_inner_at_request.ecSignature.ecSignature) == false) {
// Send error message: No signed external payload present // Send error message: No signed external payload present
f_http_build_authorization_response(p_inner_at_request, its_aa_badcontenttype, v_request_hash, -, -, v_aes_enc_key, p_inner_at_response, v_ieee1609dot2_signed_and_encrypted_data); f_http_build_authorization_response(p_inner_at_request, its_aa_badcontenttype, v_request_hash, -, -, v_aes_enc_key, p_inner_at_response, v_ieee1609dot2_data);
v_response := m_http_response(m_http_response_ok(m_http_message_body_binary(m_binary_body_ieee1609dot2_data(v_ieee1609dot2_signed_and_encrypted_data)), p_headers)); v_response := m_http_response(m_http_response_ok(m_http_message_body_binary(m_binary_body_ieee1609dot2_data(v_ieee1609dot2_data)), p_headers));
// Set verdict // Set verdict
p_result := -4; p_result := -4;
// Verify ecSignature of mw_ec_signature (encrypted) // Verify ecSignature of mw_ec_signature (encrypted)
...@@ -465,8 +497,8 @@ module ItsPki_TestCases { ...@@ -465,8 +497,8 @@ module ItsPki_TestCases {
log("f_verify_http_at_request_from_iut_itss_for_ecSignature: match ", match(v_inner_at_request.ecSignature,mw_ec_signature_ext_payload)) log("f_verify_http_at_request_from_iut_itss_for_ecSignature: match ", match(v_inner_at_request.ecSignature,mw_ec_signature_ext_payload))
if (match(v_inner_at_request.ecSignature, mw_ec_signature_ext_payload) == false) { if (match(v_inner_at_request.ecSignature, mw_ec_signature_ext_payload) == false) {
// Send error message: Present signed external payload doesnot match mw_ec_signature_ext_payload template // Send error message: Present signed external payload doesnot match mw_ec_signature_ext_payload template
f_http_build_authorization_response(p_inner_at_request, its_aa_badcontenttype, v_request_hash, -, -, v_aes_enc_key, p_inner_at_response, v_ieee1609dot2_signed_and_encrypted_data); f_http_build_authorization_response(p_inner_at_request, its_aa_badcontenttype, v_request_hash, -, -, v_aes_enc_key, p_inner_at_response, v_ieee1609dot2_data);
v_response := m_http_response(m_http_response_ok(m_http_message_body_binary(m_binary_body_ieee1609dot2_data(v_ieee1609dot2_signed_and_encrypted_data)), p_headers)); v_response := m_http_response(m_http_response_ok(m_http_message_body_binary(m_binary_body_ieee1609dot2_data(v_ieee1609dot2_data)), p_headers));
// Set verdict // Set verdict
p_result := -5; p_result := -5;
} else { } else {
...@@ -490,8 +522,8 @@ module ItsPki_TestCases { ...@@ -490,8 +522,8 @@ module ItsPki_TestCases {
   
if (match(v_ec_hashed_id8, v_digest) == false) { if (match(v_ec_hashed_id8, v_digest) == false) {
// Send error message: Signer not contains HashedId8 of the CERT_EC certificate // Send error message: Signer not contains HashedId8 of the CERT_EC certificate
f_http_build_authorization_response(p_inner_at_request, its_aa_badcontenttype, v_request_hash, -, -, v_aes_enc_key, p_inner_at_response, v_ieee1609dot2_signed_and_encrypted_data); f_http_build_authorization_response(p_inner_at_request, its_aa_badcontenttype, v_request_hash, -, -, v_aes_enc_key, p_inner_at_response, v_ieee1609dot2_data);
v_response := m_http_response(m_http_response_ok(m_http_message_body_binary(m_binary_body_ieee1609dot2_data(v_ieee1609dot2_signed_and_encrypted_data)), p_headers)); v_response := m_http_response(m_http_response_ok(m_http_message_body_binary(m_binary_body_ieee1609dot2_data(v_ieee1609dot2_data)), p_headers));
// Set verdict // Set verdict
p_result := -6; p_result := -6;
} else { } else {
...@@ -508,20 +540,20 @@ module ItsPki_TestCases { ...@@ -508,20 +540,20 @@ module ItsPki_TestCases {
v_issuer := f_hashWithSha256(v_enc); v_issuer := f_hashWithSha256(v_enc);
if (f_verifyEcdsa(v_encoded_tbsData,v_issuer,v_ieee1609dot2_signed_data.content.signedData.signature_,v_certificate.toBeSigned.verifyKeyIndicator.verificationKey) == false) { if (f_verifyEcdsa(v_encoded_tbsData,v_issuer,v_ieee1609dot2_signed_data.content.signedData.signature_,v_certificate.toBeSigned.verifyKeyIndicator.verificationKey) == false) {
// Send error message: Unable to verfy signature using EC's verification public key // Send error message: Unable to verfy signature using EC's verification public key
f_http_build_authorization_response(p_inner_at_request, invalidsignature, v_request_hash, -, -, v_aes_enc_key, p_inner_at_response, v_ieee1609dot2_signed_and_encrypted_data); f_http_build_authorization_response(p_inner_at_request, invalidsignature, v_request_hash, -, -, v_aes_enc_key, p_inner_at_response, v_ieee1609dot2_data);
v_response := m_http_response(m_http_response_ok(m_http_message_body_binary(m_binary_body_ieee1609dot2_data(v_ieee1609dot2_signed_and_encrypted_data)), p_headers)); v_response := m_http_response(m_http_response_ok(m_http_message_body_binary(m_binary_body_ieee1609dot2_data(v_ieee1609dot2_data)), p_headers));
// Set verdict // Set verdict
p_result := -7; p_result := -7;
} else { } else {
// Send OK message // Send OK message
log("f_verify_http_at_request_from_iut_itss_for_ecSignature: Receive ", p_inner_at_request); log("f_verify_http_at_request_from_iut_itss_for_ecSignature: Receive ", p_inner_at_request);
if (p_force_response_code == ok) { if (p_force_response_code == ok) {
f_http_build_authorization_response(p_inner_at_request, ok, v_request_hash, vc_eaPrivateKey, vc_eaWholeHash, v_aes_enc_key, p_inner_at_response, v_ieee1609dot2_signed_and_encrypted_data); f_http_build_authorization_response(p_inner_at_request, ok, v_request_hash, vc_eaPrivateKey, vc_eaWholeHash, v_aes_enc_key, p_inner_at_response, v_ieee1609dot2_data);
} else { } else {
log("f_verify_http_at_request_from_iut_itss_for_ecSignature: Succeed built force error code ", p_force_response_code); log("f_verify_http_at_request_from_iut_itss_for_ecSignature: Succeed built force error code ", p_force_response_code);
f_http_build_authorization_response(p_inner_at_request, p_force_response_code, v_request_hash, -, -, v_aes_enc_key, p_inner_at_response, v_ieee1609dot2_signed_and_encrypted_data); f_http_build_authorization_response(p_inner_at_request, p_force_response_code, v_request_hash, -, -, v_aes_enc_key, p_inner_at_response, v_ieee1609dot2_data);
} }
v_response := m_http_response(m_http_response_ok(m_http_message_body_binary(m_binary_body_ieee1609dot2_data(v_ieee1609dot2_signed_and_encrypted_data)), p_headers)); v_response := m_http_response(m_http_response_ok(m_http_message_body_binary(m_binary_body_ieee1609dot2_data(v_ieee1609dot2_data)), p_headers));
} }
} }
} }
...@@ -791,7 +823,7 @@ module ItsPki_TestCases { ...@@ -791,7 +823,7 @@ module ItsPki_TestCases {
alt { alt {
[] utPort.receive(UtPkiTriggerInd: { state := 1 }) { [] utPort.receive(UtPkiTriggerInd: { state := 1 }) {
tc_ac.stop; tc_ac.stop;
log("*** " & testcasename() & ": INFO: IUT is in enrolment state ***"); log("*** " & testcasename() & "itss: INFO: IUT is in enrolment state ***");
} }
[] tc_ac.timeout { [] tc_ac.timeout {
log("*** " & testcasename() & ": DBG: IUT state update not recieved ***"); log("*** " & testcasename() & ": DBG: IUT state update not recieved ***");
...@@ -898,7 +930,7 @@ module ItsPki_TestCases { ...@@ -898,7 +930,7 @@ module ItsPki_TestCases {
* } * }
* </pre> * </pre>
* *
* @see ETSI TS 103 525-2 v2.0.1 SECPKI_ITSS_ENR_02_BV * @see ETSI TS 103 525-2 v1.2.1 SECPKI_ITSS_ENR_02_BV
* @reference ETSI TS 102 941, clause 6.1.3 * @reference ETSI TS 102 941, clause 6.1.3
*/ */
testcase TC_SECPKI_ITSS_ENR_02_BV() runs on ItsMtc system ItsPkiItssSystem { testcase TC_SECPKI_ITSS_ENR_02_BV() runs on ItsMtc system ItsPkiItssSystem {
...@@ -929,7 +961,6 @@ module ItsPki_TestCases { ...@@ -929,7 +961,6 @@ module ItsPki_TestCases {
} // End of testcase TC_SECPKI_ITSS_ENR_02_BV } // End of testcase TC_SECPKI_ITSS_ENR_02_BV
   
group f_TC_SECPKI_ITSS_ENR_02_BV { group f_TC_SECPKI_ITSS_ENR_02_BV {
function f_TC_SECPKI_ITSS_ENR_02_BV_pki() runs on ItsPkiHttp system ItsPkiItssSystem { function f_TC_SECPKI_ITSS_ENR_02_BV_pki() runs on ItsPkiHttp system ItsPkiItssSystem {
// Local variable // Local variable
var Headers v_headers; var Headers v_headers;
...@@ -958,18 +989,27 @@ module ItsPki_TestCases { ...@@ -958,18 +989,27 @@ module ItsPki_TestCases {
var PublicVerificationKey v_canonical_key; var PublicVerificationKey v_canonical_key;
tc_ac.stop; tc_ac.stop;
   
f_send_500_Internal_Error(v_headers); // we don't care about response if( not f_read_ec_request_from_iut_itss(v_request.request.body.binary_body.ieee1609dot2_data,
if (not(f_read_ec_request_from_iut_itss(v_request.request.body.binary_body.ieee1609dot2_data,
v_request_hash, v_aes_enc_key, v_request_hash, v_aes_enc_key,
v_decrypted_message, v_decrypted_message,
v_pki_request, v_pki_request,
v_inner_ec_request))) { v_inner_ec_request))
{
log("*** " & testcasename() & ": FAIL: Can't parse enrolment request***"); log("*** " & testcasename() & ": FAIL: Can't parse enrolment request***");
f_send_500_Internal_Error(v_headers);
f_selfOrClientSyncAndVerdict(c_tbDone, e_error); f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
} }
   
if (not(isvalue(v_inner_ec_request))) { if(not f_http_build_error_ec_response(unknownits, v_request_hash, vc_eaPrivateKey,
vc_eaWholeHash, v_aes_enc_key, v_response_message))
{
log("*** " & testcasename() & ": INCOMC: Can't generate enrolment response***");
f_send_500_Internal_Error(v_headers);
f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout);
}
f_http_send( v_headers, m_http_response( m_http_response_ok( m_http_message_body_binary( m_binary_body_ieee1609dot2_data( v_response_message)),
v_headers)));
if( not isvalue(v_inner_ec_request) ){
log("*** " & testcasename() & ": FAIL: Can't parse enrolment request***"); log("*** " & testcasename() & ": FAIL: Can't parse enrolment request***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_error); f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
} }
...@@ -979,21 +1019,22 @@ module ItsPki_TestCases { ...@@ -979,21 +1019,22 @@ module ItsPki_TestCases {
log("*** " & testcasename() & ": FAIL: ", match(v_inner_ec_request.itsId, LibItsPki_Pics.PICS_ITS_S_CANONICAL_ID)); log("*** " & testcasename() & ": FAIL: ", match(v_inner_ec_request.itsId, LibItsPki_Pics.PICS_ITS_S_CANONICAL_ID));
f_selfOrClientSyncAndVerdict(c_tbDone, e_error); f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
} }
if (not(ischosen(v_decrypted_message.content.signedData))) { if (not ischosen(v_decrypted_message.content.signedData)) {
log("*** " & testcasename() & ": FAIL: EC request shall contain signed message ***"); log("*** " & testcasename() & ": FAIL: EC request shall contain signed message ***");
log("*** " & testcasename() & ": FAIL: inner data content=", v_decrypted_message.content); log("*** " & testcasename() & ": FAIL: inner data content=", v_decrypted_message.content);
f_selfOrClientSyncAndVerdict(c_tbDone, e_error); f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
} }
if (not(ischosen(v_decrypted_message.content.signedData.signer.self_))) { if (not ischosen(v_decrypted_message.content.signedData.signer.self_)) {
log("*** " & testcasename() & ": FAIL: EC request shall be self-signed by cannonical key ***"); log("*** " & testcasename() & ": FAIL: EC request shall be self-signed by cannonical key ***");
log("*** " & testcasename() & ": FAIL: signerInfo=", v_decrypted_message.content.signedData.signer); log("*** " & testcasename() & ": FAIL: signerInfo=", v_decrypted_message.content.signedData.signer);
f_selfOrClientSyncAndVerdict(c_tbDone, e_error); f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
} }
   
if(false == f_get_canonical_itss_key(v_canonical_key)){ if (not f_get_canonical_itss_key(v_canonical_key)){
log("*** " & testcasename() & ": INCONC: Unknown ITS-S canonical public key ***"); log("*** " & testcasename() & ": INCONC: Unknown ITS-S canonical public key ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout); // emulate inconc f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout); // emulate inconc
} }
if (not(f_verifyEcdsa(bit2oct(encvalue(v_decrypted_message.content.signedData.tbsData)), if (not(f_verifyEcdsa(bit2oct(encvalue(v_decrypted_message.content.signedData.tbsData)),
int2oct(0, 32), // issuer is emtpy string int2oct(0, 32), // issuer is emtpy string
v_decrypted_message.content.signedData.signature_, v_decrypted_message.content.signedData.signature_,
...@@ -1047,7 +1088,7 @@ module ItsPki_TestCases { ...@@ -1047,7 +1088,7 @@ module ItsPki_TestCases {
* } * }
* </pre> * </pre>
* *
* @see ETSI TS 103 525-2 v2.0.1 SECPKI_ITSS_ENR_03_BV * @see ETSI TS 103 525-2 v1.2.1 SECPKI_ITSS_ENR_03_BV
* @reference ETSI TS 102 941, clause 6.1.3 * @reference ETSI TS 102 941, clause 6.1.3
*/ */
testcase TC_SECPKI_ITSS_ENR_03_BV() runs on ItsMtc system ItsPkiItssSystem { testcase TC_SECPKI_ITSS_ENR_03_BV() runs on ItsMtc system ItsPkiItssSystem {
...@@ -1081,12 +1122,9 @@ module ItsPki_TestCases { ...@@ -1081,12 +1122,9 @@ module ItsPki_TestCases {
   
function f_TC_SECPKI_ITSS_ENR_03_BV_itss( function f_TC_SECPKI_ITSS_ENR_03_BV_itss(
in float p_delay := 0.0 in float p_delay := 0.0
) runs on ItsPkiItss system ItsPkiItssSystem { ) runs on ItsPkiItss system ItsPkiItssSystem {
// Local variables
var HashedId8 v_certificate_digest;
var EtsiTs103097Certificate v_certificate;
// Test component configuration // Test component configuration
// vc_hashedId8ToBeUsed := PX_IUT_DEFAULT_CERTIFICATE;
vc_hashedId8ToBeUsed := ""; vc_hashedId8ToBeUsed := "";
f_cfUp_itss(); f_cfUp_itss();
   
...@@ -1160,8 +1198,6 @@ module ItsPki_TestCases { ...@@ -1160,8 +1198,6 @@ module ItsPki_TestCases {
log("*** " & testcasename() & ": v_request := ", v_request); log("*** " & testcasename() & ": v_request := ", v_request);
f_selfOrClientSyncAndVerdict(c_prDone, e_error); f_selfOrClientSyncAndVerdict(c_prDone, e_error);
} }
log("*** " & testcasename() & ": INFO: First InnerEcRequest received ***");
log(">>>>> v_inner_ec_response=", v_inner_ec_response);
var HashAlgorithm ha := f_getHashAlgorithmOfVerificationKeyIndicator(v_inner_ec_response.certificate.toBeSigned.verifyKeyIndicator); var HashAlgorithm ha := f_getHashAlgorithmOfVerificationKeyIndicator(v_inner_ec_response.certificate.toBeSigned.verifyKeyIndicator);
if (ha == sha256) { if (ha == sha256) {
...@@ -1175,6 +1211,8 @@ module ItsPki_TestCases { ...@@ -1175,6 +1211,8 @@ module ItsPki_TestCases {
v_ec_cert_digest := substr(v_ec_cert_hash, lengthof(v_ec_cert_hash) - 8, 8); v_ec_cert_digest := substr(v_ec_cert_hash, lengthof(v_ec_cert_hash) - 8, 8);
   
log("*** " & testcasename() & ": INFO: First InnerEcRequest received ***"); log("*** " & testcasename() & ": INFO: First InnerEcRequest received ***");
log(">>>>> v_inner_ec_response=", v_inner_ec_response);
log(">>>>> v_ec_cert_hash=", v_ec_cert_hash);
f_selfOrClientSyncAndVerdict(c_prDone, e_success); f_selfOrClientSyncAndVerdict(c_prDone, e_success);
   
// Test Body // Test Body
...@@ -1182,13 +1220,13 @@ module ItsPki_TestCases { ...@@ -1182,13 +1220,13 @@ module ItsPki_TestCases {
alt { alt {
[] a_await_ec_http_request_from_iut(mw_http_ec_request_generic, v_request) { [] a_await_ec_http_request_from_iut(mw_http_ec_request_generic, v_request) {
var integer v_result; var integer v_result;
var HttpMessage v_response;
var Oct16 v_request_hash, v_aes_enc_key; var Oct16 v_request_hash, v_aes_enc_key;
var Ieee1609Dot2Data v_decrypted_message; var Ieee1609Dot2Data v_decrypted_message;
var EtsiTs102941Data v_etsi_ts_102941_data; var EtsiTs102941Data v_etsi_ts_102941_data;
var InnerEcResponse v_inner_ec_response2;
var Ieee1609Dot2Data v_response_message;
   
tc_ac.stop; tc_ac.stop;
f_send_500_Internal_Error(v_headers); // we don't care about response
   
// Verify IUT response // Verify IUT response
if (not(f_read_ec_request_from_iut_itss( if (not(f_read_ec_request_from_iut_itss(
...@@ -1197,11 +1235,26 @@ module ItsPki_TestCases { ...@@ -1197,11 +1235,26 @@ module ItsPki_TestCases {
v_decrypted_message, v_decrypted_message,
v_etsi_ts_102941_data, v_etsi_ts_102941_data,
v_inner_ec_request))) { v_inner_ec_request))) {
f_send_500_Internal_Error(v_headers);
log("*** " & testcasename() & ": FAIL: Can't parse enrolment request ***"); log("*** " & testcasename() & ": FAIL: Can't parse enrolment request ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_error); f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
} }
if (not(isvalue(v_inner_ec_request))) { // send error response to prevent enrolment repetition
if( not f_http_build_error_ec_response(unknownits, v_request_hash,
vc_eaPrivateKey, vc_eaWholeHash, v_aes_enc_key,
v_response_message) ) {
f_send_500_Internal_Error(v_headers);
log("*** " & testcasename() & ": FAIL: Can't build enrolment response ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
}
f_http_send(v_headers, m_http_response(
m_http_response_ok(
m_http_message_body_binary(
m_binary_body_ieee1609dot2_data(v_response_message)
), v_headers)));
if( not isvalue(v_inner_ec_request) ){
log("*** " & testcasename() & ": FAIL: Can't parse enrolment request ***"); log("*** " & testcasename() & ": FAIL: Can't parse enrolment request ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_error); f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
} }
...@@ -1211,16 +1264,19 @@ module ItsPki_TestCases { ...@@ -1211,16 +1264,19 @@ module ItsPki_TestCases {
log("*** " & testcasename() & ": FAIL: ", match(v_inner_ec_request.itsId, v_ec_cert_digest)); log("*** " & testcasename() & ": FAIL: ", match(v_inner_ec_request.itsId, v_ec_cert_digest));
f_selfOrClientSyncAndVerdict(c_tbDone, e_error); f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
} }
if (not(ischosen(v_decrypted_message.content.signedData))) { if (not(ischosen(v_decrypted_message.content.signedData))) {
log("*** " & testcasename() & ": FAIL: EC request shall contain signed message ***"); log("*** " & testcasename() & ": FAIL: EC request shall contain signed message ***");
log("*** " & testcasename() & ": FAIL: inner data content=", v_decrypted_message.content); log("*** " & testcasename() & ": FAIL: inner data content=", v_decrypted_message.content);
f_selfOrClientSyncAndVerdict(c_tbDone, e_error); f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
} }
if (not(ischosen(v_decrypted_message.content.signedData.signer.digest))) { if (not(ischosen(v_decrypted_message.content.signedData.signer.digest))) {
log("*** " & testcasename() & ": FAIL: re-keying EC request shall be signed by the previous EC certificate digest***"); log("*** " & testcasename() & ": FAIL: re-keying EC request shall be signed by the previous EC certificate digest***");
log("*** " & testcasename() & ": FAIL: signerInfo=", v_decrypted_message.content.signedData.signer); log("*** " & testcasename() & ": FAIL: signerInfo=", v_decrypted_message.content.signedData.signer);
f_selfOrClientSyncAndVerdict(c_tbDone, e_error); f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
} }
if (not(f_verifyEcdsa(bit2oct(encvalue(v_decrypted_message.content.signedData.tbsData)), if (not(f_verifyEcdsa(bit2oct(encvalue(v_decrypted_message.content.signedData.tbsData)),
v_ec_cert_hash, v_ec_cert_hash,
v_decrypted_message.content.signedData.signature_, v_decrypted_message.content.signedData.signature_,
...@@ -1251,21 +1307,15 @@ module ItsPki_TestCases { ...@@ -1251,21 +1307,15 @@ module ItsPki_TestCases {
* Expected behaviour: * Expected behaviour:
* ensure that { * ensure that {
* when { * when {
* the IUT is requested to send an EnrollmentRequestMessage * the IUT is informed about a revocation of its EC
* } * }
* then { * then {
* the IUT sends an EtsiTs103097Data-Encrypted * the IUT returns to the "initialized" state
* containing an encrypted EtsiTs103097Data-Signed
* containing EtsiTs102941Data
* containing InnerECRequestSignedForPOP
* containing InnerEcRequest
* containing itsId
* indicating the canonical identifier of the ITS-S
* } * }
* } * }
* </pre> * </pre>
* *
* @see ETSI TS 103 525-2 v2.0.1 SECPKI_ITSS_ENR_04_BV * @see ETSI TS 103 525-2 v1.2.1 SECPKI_ITSS_ENR_04_BV
* @reference ETSI TS 102 941, clause 6.1.3, 6.2.3.2.1 * @reference ETSI TS 102 941, clause 6.1.3, 6.2.3.2.1
*/ */
testcase TC_SECPKI_ITSS_ENR_04_BV() runs on ItsMtc system ItsPkiItssSystem { testcase TC_SECPKI_ITSS_ENR_04_BV() runs on ItsMtc system ItsPkiItssSystem {
...@@ -1292,11 +1342,13 @@ module ItsPki_TestCases { ...@@ -1292,11 +1342,13 @@ module ItsPki_TestCases {
* <pre> * <pre>
* Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT * Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT
* Expected behaviour: * Expected behaviour:
* ensure that { * with
* when { * the IUT being in the 'enrolled' state
* and the EC of the IUT expires
* ensure that
* when
* the IUT is requested to send an EnrollmentRequestMessage * the IUT is requested to send an EnrollmentRequestMessage
* } * then
* then {
* the IUT sends an EtsiTs103097Data-Encrypted * the IUT sends an EtsiTs103097Data-Encrypted
* containing an encrypted EtsiTs103097Data-Signed * containing an encrypted EtsiTs103097Data-Signed
* containing EtsiTs102941Data * containing EtsiTs102941Data
...@@ -1304,11 +1356,9 @@ module ItsPki_TestCases { ...@@ -1304,11 +1356,9 @@ module ItsPki_TestCases {
* containing InnerEcRequest * containing InnerEcRequest
* containing itsId * containing itsId
* indicating the canonical identifier of the ITS-S * indicating the canonical identifier of the ITS-S
* }
* }
* </pre> * </pre>
* *
* @see ETSI TS 103 525-2 v2.0.1 SECPKI_ITSS_ENR_05_BV * @see ETSI TS 103 525-2 v1.2.1 SECPKI_ITSS_ENR_05_BV
* @reference ETSI TS 102 941, clause 6.1.3, 6.2.3.2.1 * @reference ETSI TS 102 941, clause 6.1.3, 6.2.3.2.1
*/ */
testcase TC_SECPKI_ITSS_ENR_05_BV() runs on ItsMtc system ItsPkiItssSystem { testcase TC_SECPKI_ITSS_ENR_05_BV() runs on ItsMtc system ItsPkiItssSystem {
...@@ -1411,7 +1461,7 @@ module ItsPki_TestCases { ...@@ -1411,7 +1461,7 @@ module ItsPki_TestCases {
m_certificateSubjectAttributes_id_omit( m_certificateSubjectAttributes_id_omit(
-, -,
valueof(m_validityPeriod(f_getCurrentTime() / 1000, valueof(m_validityPeriod(f_getCurrentTime() / 1000,
m_duration_in_seconds(float2int(PX_CERT_EXPIRATION_DELAY)))) m_duration_in_seconds(float2int(PX_CERT_EXPIRATION_DELAY))))
)))) { )))) {
log("*** " & testcasename() & ": FAIL: First InnerEcRequest failed ***"); log("*** " & testcasename() & ": FAIL: First InnerEcRequest failed ***");
log("*** " & testcasename() & ": v_request := ", v_request); log("*** " & testcasename() & ": v_request := ", v_request);
...@@ -1489,7 +1539,7 @@ module ItsPki_TestCases { ...@@ -1489,7 +1539,7 @@ module ItsPki_TestCases {
* } * }
* </pre> * </pre>
* *
* @see ETSI TS 103 525-2 v2.0.1 SECPKI_ITSS_ENR_06_BV * @see ETSI TS 103 525-2 v1.2.1 SECPKI_ITSS_ENR_06_BV
* @reference ETSI TS 102 941, clause 6.1.3 * @reference ETSI TS 102 941, clause 6.1.3
*/ */
const charstring c_nextTry := "nextTry"; const charstring c_nextTry := "nextTry";
...@@ -1657,7 +1707,7 @@ module ItsPki_TestCases { ...@@ -1657,7 +1707,7 @@ module ItsPki_TestCases {
* } * }
* </pre> * </pre>
* *
* @see ETSI TS 103 525-2 v2.0.1 SECPKI_ITSS_ENR_07_BV * @see ETSI TS 103 525-2 v1.2.1 SECPKI_ITSS_ENR_07_BV
* @reference ETSI TS 102 941, clause 6.2.3.2.1 * @reference ETSI TS 102 941, clause 6.2.3.2.1
*/ */
testcase TC_SECPKI_ITSS_ENR_07_BV() runs on ItsMtc system ItsPkiItssSystem { testcase TC_SECPKI_ITSS_ENR_07_BV() runs on ItsMtc system ItsPkiItssSystem {
...@@ -1721,18 +1771,33 @@ module ItsPki_TestCases { ...@@ -1721,18 +1771,33 @@ module ItsPki_TestCases {
var PublicVerificationKey v_canonical_key; var PublicVerificationKey v_canonical_key;
tc_ac.stop; tc_ac.stop;
   
f_send_500_Internal_Error(v_headers); // we don't care about response if( not f_read_ec_request_from_iut_itss(v_request.request.body.binary_body.ieee1609dot2_data,
if ((not f_read_ec_request_from_iut_itss(v_request.request.body.binary_body.ieee1609dot2_data,
v_request_hash, v_aes_enc_key, v_request_hash, v_aes_enc_key,
v_decrypted_message, v_decrypted_message,
v_pki_request, v_pki_request,
v_inner_ec_request))) { v_inner_ec_request)) {
f_send_500_Internal_Error(v_headers);
log("*** " & testcasename() & ": FAIL: Can't parse enrolment request***"); log("*** " & testcasename() & ": FAIL: Can't parse enrolment request***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_error); f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
} }
   
if ((not isvalue(v_inner_ec_request))) { // send any response to prevent enrolment repetition
// negative is simpler
if( not f_http_build_error_ec_response ( unknownits,v_request_hash,
vc_eaPrivateKey, vc_eaWholeHash, v_aes_enc_key,
v_response_message) )
{
f_send_500_Internal_Error(v_headers);
log("*** " & testcasename() & ": FAIL: Can't build enrolment response ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
}
f_http_send(v_headers, m_http_response(
m_http_response_ok(
m_http_message_body_binary(
m_binary_body_ieee1609dot2_data(v_response_message)
), v_headers)));
if (not isvalue(v_inner_ec_request)) {
log("*** " & testcasename() & ": FAIL: Can't parse enrolment request***"); log("*** " & testcasename() & ": FAIL: Can't parse enrolment request***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_error); f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
} }
...@@ -1785,7 +1850,7 @@ module ItsPki_TestCases { ...@@ -1785,7 +1850,7 @@ module ItsPki_TestCases {
* } * }
* </pre> * </pre>
* *
* @see ETSI TS 103 525-2 v2.0.1 SECPKI_ITSS_ENR_08_BV * @see ETSI TS 103 525-2 v1.2.1 SECPKI_ITSS_ENR_08_BV
* @reference ETSI TS 102 941, clause 6.2.3.2.1 * @reference ETSI TS 102 941, clause 6.2.3.2.1
*/ */
testcase TC_SECPKI_ITSS_ENR_08_BV_1() runs on ItsMtc system ItsPkiItssSystem { testcase TC_SECPKI_ITSS_ENR_08_BV_1() runs on ItsMtc system ItsPkiItssSystem {
...@@ -1866,8 +1931,6 @@ module ItsPki_TestCases { ...@@ -1866,8 +1931,6 @@ module ItsPki_TestCases {
var EtsiTs102941Data v_pki_request; var EtsiTs102941Data v_pki_request;
tc_ac.stop; tc_ac.stop;
   
f_send_500_Internal_Error(v_headers); // we dont care about response
f_read_ec_request_from_iut_itss(v_request.request.body.binary_body.ieee1609dot2_data, f_read_ec_request_from_iut_itss(v_request.request.body.binary_body.ieee1609dot2_data,
v_request_hash, v_aes_enc_key, v_request_hash, v_aes_enc_key,
v_decrypted_message, v_decrypted_message,
...@@ -1878,7 +1941,24 @@ module ItsPki_TestCases { ...@@ -1878,7 +1941,24 @@ module ItsPki_TestCases {
log("*** " & testcasename() & ": FAIL: Can't parse enrolment request ***"); log("*** " & testcasename() & ": FAIL: Can't parse enrolment request ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_error); f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
} }
if (not(ischosen(v_pki_request.content.enrolmentRequest))) {
// send any response to prevent enrolment repetition
// negative is simpler
if( not f_http_build_error_ec_response ( unknownits,v_request_hash,
vc_eaPrivateKey, vc_eaWholeHash, v_aes_enc_key,
v_response_message) )
{
f_send_500_Internal_Error(v_headers);
log("*** " & testcasename() & ": FAIL: Can't build enrolment response ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
}
f_http_send(v_headers, m_http_response(
m_http_response_ok(
m_http_message_body_binary(
m_binary_body_ieee1609dot2_data(v_response_message)
), v_headers)));
if( not ischosen(v_pki_request.content.enrolmentRequest)) {
log("*** " & testcasename() & ": FAIL: Not an enrolment request ***"); log("*** " & testcasename() & ": FAIL: Not an enrolment request ***");
log("*** " & testcasename() & ": EtsiTs102941Data.content=", v_pki_request.content); log("*** " & testcasename() & ": EtsiTs102941Data.content=", v_pki_request.content);
f_selfOrClientSyncAndVerdict(c_tbDone, e_error); f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
...@@ -1915,6 +1995,7 @@ module ItsPki_TestCases { ...@@ -1915,6 +1995,7 @@ module ItsPki_TestCases {
   
} // End of group f_SECPKI_ITSS_ENR_08 } // End of group f_SECPKI_ITSS_ENR_08
   
/** /**
* @desc In the headerInfo of the tbsData of the outer EtsiTs102941Data-Signed all other components * @desc In the headerInfo of the tbsData of the outer EtsiTs102941Data-Signed all other components
* of the component tbsdata.headerInfo except generationTime and psid are not used and absent. * of the component tbsdata.headerInfo except generationTime and psid are not used and absent.
...@@ -1942,7 +2023,7 @@ module ItsPki_TestCases { ...@@ -1942,7 +2023,7 @@ module ItsPki_TestCases {
* } * }
* </pre> * </pre>
* *
* @see ETSI TS 103 525-2 v2.0.1 SECPKI_ITSS_ENR_09_BV * @see ETSI TS 103 525-2 v1.2.1 SECPKI_ITSS_ENR_09_BV
* @reference ETSI TS 102 941, clause 6.2.3.2.1 * @reference ETSI TS 102 941, clause 6.2.3.2.1
*/ */
testcase TC_SECPKI_ITSS_ENR_09_BV_1() runs on ItsMtc system ItsPkiItssSystem { testcase TC_SECPKI_ITSS_ENR_09_BV_1() runs on ItsMtc system ItsPkiItssSystem {
...@@ -2024,18 +2105,33 @@ module ItsPki_TestCases { ...@@ -2024,18 +2105,33 @@ module ItsPki_TestCases {
   
tc_ac.stop; tc_ac.stop;
   
f_send_500_Internal_Error(v_headers); // we don't care about response
if (not(f_read_ec_request_from_iut_itss(v_request.request.body.binary_body.ieee1609dot2_data, if (not(f_read_ec_request_from_iut_itss(v_request.request.body.binary_body.ieee1609dot2_data,
v_request_hash, v_aes_enc_key, v_request_hash, v_aes_enc_key,
v_decrypted_message, v_decrypted_message,
v_pki_request, v_pki_request,
v_inner_ec_request))) { v_inner_ec_request))) {
f_send_500_Internal_Error(v_headers);
log("*** " & testcasename() & ": FAIL: Can't parse enrolment request***"); log("*** " & testcasename() & ": FAIL: Can't parse enrolment request***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_error); f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
} }
   
if (not(match(v_decrypted_message, // send error response to prevent enrolment repetition
if( not f_http_build_error_ec_response ( unknownits,v_request_hash,
vc_eaPrivateKey, vc_eaWholeHash, v_aes_enc_key,
v_response_message) )
{
f_send_500_Internal_Error(v_headers);
log("*** " & testcasename() & ": FAIL: Can't build enrolment response ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
}
f_http_send(v_headers, m_http_response(
m_http_response_ok(
m_http_message_body_binary(
m_binary_body_ieee1609dot2_data(v_response_message)
), v_headers)));
// check signed message structure
if ( not ( match( v_decrypted_message,
mw_etsiTs103097Data_signed( mw_etsiTs103097Data_signed(
mw_signedData( mw_signedData(
-, -,
...@@ -2043,7 +2139,7 @@ module ItsPki_TestCases { ...@@ -2043,7 +2139,7 @@ module ItsPki_TestCases {
-, -,
mw_headerInfo_outer_pki_request mw_headerInfo_outer_pki_request
)))))) { )))))) {
log("*** " & testcasename() & ": FAIL: Invalid outer signed structure in EC request ***"); log("*** " & testcasename() & ": FAIL: Invalid outer signed structure in EC request ***");
log("*** " & testcasename() & ": ", log("*** " & testcasename() & ": ",
match(v_decrypted_message,m_etsiTs103097Data_signed(mw_signedData(-,mw_toBeSignedData(-,mw_headerInfo_outer_pki_request())))) match(v_decrypted_message,m_etsiTs103097Data_signed(mw_signedData(-,mw_toBeSignedData(-,mw_headerInfo_outer_pki_request()))))
...@@ -2096,7 +2192,7 @@ module ItsPki_TestCases { ...@@ -2096,7 +2192,7 @@ module ItsPki_TestCases {
* } * }
* </pre> * </pre>
* *
* @see ETSI TS 103 525-2 v2.0.1 SECPKI_ITSS_ENR_10_BV * @see ETSI TS 103 525-2 v1.2.1 SECPKI_ITSS_ENR_10_BV
* @reference ETSI TS 102 941, clause 6.2.3.2.1 * @reference ETSI TS 102 941, clause 6.2.3.2.1
*/ */
testcase TC_SECPKI_ITSS_ENR_10_BV_1() runs on ItsMtc system ItsPkiItssSystem { testcase TC_SECPKI_ITSS_ENR_10_BV_1() runs on ItsMtc system ItsPkiItssSystem {
...@@ -2191,8 +2287,6 @@ module ItsPki_TestCases { ...@@ -2191,8 +2287,6 @@ module ItsPki_TestCases {
var PublicVerificationKey v_canonical_key; var PublicVerificationKey v_canonical_key;
tc_ac.stop; tc_ac.stop;
   
f_send_500_Internal_Error(v_headers); // we don't care about response
log("*** " & testcasename() & ": PASS: EC request sent to proper EA recipient ***"); log("*** " & testcasename() & ": PASS: EC request sent to proper EA recipient ***");
   
if (not(f_read_ec_request_from_iut_itss(v_request.request.body.binary_body.ieee1609dot2_data, if (not(f_read_ec_request_from_iut_itss(v_request.request.body.binary_body.ieee1609dot2_data,
...@@ -2200,10 +2294,27 @@ module ItsPki_TestCases { ...@@ -2200,10 +2294,27 @@ module ItsPki_TestCases {
v_decrypted_message, v_decrypted_message,
v_pki_request, v_pki_request,
v_inner_ec_request))) { v_inner_ec_request))) {
f_send_500_Internal_Error(v_headers);
log("*** " & testcasename() & ": FAIL: Can't parse enrolment request***"); log("*** " & testcasename() & ": FAIL: Can't parse enrolment request***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_error); f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
} }
   
// send any response to prevent enrolment repetition
// negative is just simpler
if( not f_http_build_error_ec_response ( unknownits,v_request_hash,
vc_eaPrivateKey, vc_eaWholeHash, v_aes_enc_key,
v_response_message) )
{
f_send_500_Internal_Error(v_headers);
log("*** " & testcasename() & ": FAIL: Can't build enrolment response ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
}
f_http_send(v_headers, m_http_response(
m_http_response_ok(
m_http_message_body_binary(
m_binary_body_ieee1609dot2_data(v_response_message)
), v_headers)));
// Set verdict // Set verdict
log("*** " & testcasename() & ": PASS: EC request can be decrypted ***"); log("*** " & testcasename() & ": PASS: EC request can be decrypted ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_success); f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
...@@ -2272,7 +2383,7 @@ module ItsPki_TestCases { ...@@ -2272,7 +2383,7 @@ module ItsPki_TestCases {
   
// Start components // Start components
v_itss.start(f_TC_SECPKI_ITSS_ENR_01_BV_itss()); v_itss.start(f_TC_SECPKI_ITSS_ENR_01_BV_itss());
v_ea.start(f_TC_SECPKI_ITSS_ENR_01_BV_pki()); v_ea.start(f_TC_SECPKI_ITSS_ENR_11_BV_pki());
   
// Synchronization // Synchronization
f_serverSync2ClientsAndStop({c_prDone, c_tbDone}); f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
...@@ -2280,6 +2391,93 @@ module ItsPki_TestCases { ...@@ -2280,6 +2391,93 @@ module ItsPki_TestCases {
// Cleanup // Cleanup
f_cfMtcDown01(v_itss, v_ea); f_cfMtcDown01(v_itss, v_ea);
} // End of TC_SECPKI_ITSS_ENR_11_BV } // End of TC_SECPKI_ITSS_ENR_11_BV
group f_TC_SECPKI_ITSS_ENR_11_BV {
function f_TC_SECPKI_ITSS_ENR_11_BV_pki ( ) runs on ItsPkiHttp system ItsPkiItssSystem {
// Local variable
var Headers v_headers;
var HttpMessage v_request;
// Test component configuration
f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);
// Test adapter configuration
// Preamble
f_init_default_headers_list(-, "inner_ec_response", v_headers);
f_selfOrClientSyncAndVerdict(c_prDone, e_success);
// Test Body
tc_ac.start;
alt {
[] a_await_ec_http_request_from_iut(mw_http_ec_request_generic, v_request)
{
var Ieee1609Dot2Data v_decrypted_message;
var InnerEcRequest v_inner_ec_request;
var InnerEcResponse v_inner_ec_response;
var Ieee1609Dot2Data v_response_message;
var EtsiTs102941Data v_pki_request;
var Oct16 v_request_hash, v_aes_enc_key;
var PublicVerificationKey v_canonical_key;
tc_ac.stop;
if (not f_read_ec_request_from_iut_itss(v_request.request.body.binary_body.ieee1609dot2_data,
v_request_hash, v_aes_enc_key,
v_decrypted_message,
v_pki_request,
v_inner_ec_request))
{
f_send_500_Internal_Error(v_headers);
log("*** " & testcasename() & ": FAIL: Can't parse enrolment request***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
}
// send any response to prevent enrolment repetition
// negative is easier
if( not f_http_build_error_ec_response ( unknownits,v_request_hash,
vc_eaPrivateKey, vc_eaWholeHash, v_aes_enc_key,
v_response_message) ) {
f_send_500_Internal_Error(v_headers);
log("*** " & testcasename() & ": FAIL: Can't build enrolment response ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
}
f_http_send(v_headers, m_http_response(
m_http_response_ok(
m_http_message_body_binary(
m_binary_body_ieee1609dot2_data(v_response_message)
), v_headers)));
if (not isbound(v_inner_ec_request))
{
log("*** " & testcasename() & ": FAIL: Can't parse enrolment request***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
}
if (not f_verifyEcdsa(bit2oct(encvalue(v_pki_request.content.enrolmentRequest.content.signedData.tbsData)),
int2oct(0, 32),
v_pki_request.content.enrolmentRequest.content.signedData.signature_,
v_inner_ec_request.publicKeys.verificationKey))
{
log("*** " & testcasename() & ": FAIL: EC request signature verification failed ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
}
// Set verdict
log("*** " & testcasename() & ": PASS: EC request can be decrypted ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_cfHttpDown();
} // End of function f_TC_SECPKI_ITSS_ENR_11_BV_pki
} // End of group g_TC_SECPKI_ITSS_ENR_11_BV
   
/** /**
* @desc Check that signing of Enrolment HttpRequest message is permitted by the EC certificate. * @desc Check that signing of Enrolment HttpRequest message is permitted by the EC certificate.
...@@ -2288,6 +2486,7 @@ module ItsPki_TestCases { ...@@ -2288,6 +2486,7 @@ module ItsPki_TestCases {
* Expected behaviour: * Expected behaviour:
* ensure that { * ensure that {
* when { * when {
* the IUT is in enrolled state
* the IUT is requested to send an EnrolmentRequestMessage * the IUT is requested to send an EnrolmentRequestMessage
* } * }
* then { * then {
...@@ -2579,7 +2778,7 @@ module ItsPki_TestCases { ...@@ -2579,7 +2778,7 @@ module ItsPki_TestCases {
var boolean v_iut_state_ok := false; var boolean v_iut_state_ok := false;
   
// Test component configuration // Test component configuration
vc_hashedId8ToBeUsed := PX_IUT_DEFAULT_CERTIFICATE; vc_hashedId8ToBeUsed := ""; // No certificates //PX_IUT_DEFAULT_CERTIFICATE
f_cfUp_itss(); f_cfUp_itss();
   
// Test adapter configuration // Test adapter configuration
...@@ -2727,34 +2926,34 @@ module ItsPki_TestCases { ...@@ -2727,34 +2926,34 @@ module ItsPki_TestCases {
* @see ETSI TS 103 525-2 TP SECPKI_ITSS_ENR_REP_01_BV * @see ETSI TS 103 525-2 TP SECPKI_ITSS_ENR_REP_01_BV
* @reference ETSI TS 103 601, clause 5.1.2 * @reference ETSI TS 103 601, clause 5.1.2
*/ */
testcase TC_SECPKI_ITSS_ENR_REP_01_BV() runs on ItsMtc system ItsPkiItssSystem { group g_TC_SECPKI_ITSS_ENR_REP_01_BV {
// Local variables
var ItsPkiItss v_itss;
var ItsPkiHttp v_ea;
   
// Test control testcase TC_SECPKI_ITSS_ENR_REP_01_BV() runs on ItsMtc system ItsPkiItssSystem {
if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_ENROLMENT or not PICS_SECPKI_ENROLLMENT_RETRY) { // Local variables
log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT or PICS_SECPKI_ENROLLMENT_RETRY required for executing the TC ***"); var ItsPkiItss v_itss;
setverdict(inconc); var ItsPkiHttp v_ea;
stop;
}
   
// Test component configuration // Test control
f_cfMtcUp01(v_itss, v_ea); if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_ENROLMENT or not PICS_SECPKI_ENROLLMENT_RETRY) {
log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT or PICS_SECPKI_ENROLLMENT_RETRY required for executing the TC ***");
setverdict(inconc);
stop;
}
   
// Start component // Test component configuration
v_itss.start(f_TC_SECPKI_ITSS_ENR_01_BV_itss()); // reuse from ENR group f_cfMtcUp01(v_itss, v_ea);
v_ea.start(f_TC_SECPKI_ITSS_ENR_REP_01_BV_pki());
   
// Synchronization // Start component
f_serverSync2ClientsAndStop({c_prDone, c_tbDone}); v_itss.start(f_TC_SECPKI_ITSS_ENR_01_BV_itss()); // reuse from ENR group
v_ea.start(f_TC_SECPKI_ITSS_ENR_REP_01_BV_pki());
   
// Cleanup // Synchronization
f_cfMtcDown01(v_itss, v_ea); f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
   
} // End of testcase TC_SECPKI_ITSS_ENR_REP_01_BV // Cleanup
f_cfMtcDown01(v_itss, v_ea);
   
group f_TC_SECPKI_ITSS_ENR_REP_01_BV { } // End of testcase TC_SECPKI_ITSS_ENR_REP_01_BV
   
function f_TC_SECPKI_ITSS_ENR_REP_01_BV_pki() runs on ItsPkiHttp system ItsPkiItssSystem { function f_TC_SECPKI_ITSS_ENR_REP_01_BV_pki() runs on ItsPkiHttp system ItsPkiItssSystem {
// Local variable // Local variable
...@@ -2826,40 +3025,39 @@ module ItsPki_TestCases { ...@@ -2826,40 +3025,39 @@ module ItsPki_TestCases {
* @see ETSI TS 103 525-2 TP SECPKI_ITSS_ENR_REP_02_BV * @see ETSI TS 103 525-2 TP SECPKI_ITSS_ENR_REP_02_BV
* @reference ETSI TS 103 601, clause 5.1.2 * @reference ETSI TS 103 601, clause 5.1.2
*/ */
testcase TC_SECPKI_ITSS_ENR_REP_02_BV() runs on ItsMtc system ItsPkiItssSystem {
// Local variables
var ItsPkiItss v_itss;
var ItsPkiHttp v_ea;
// Test control
if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_ENROLMENT or not PICS_SECPKI_ENROLLMENT_RETRY) {
log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT or PICS_SECPKI_ENROLLMENT_RETRY required for executing the TC ***");
setverdict(inconc);
stop;
}
// Test component configuration
f_cfMtcUp01(v_itss, v_ea);
// Start component
v_itss.start(f_TC_SECPKI_ITSS_ENR_01_BV_itss()); // reused from ENR group
v_ea.start(f_TC_SECPKI_ITSS_ENR_REP_02_BV_pki());
// Synchronization
f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
// Cleanup
f_cfMtcDown01(v_itss, v_ea);
} // End of testcase TC_SECPKI_ITSS_ENR_REP_02_BV
group f_TC_SECPKI_ITSS_ENR_REP_02_BV { group f_TC_SECPKI_ITSS_ENR_REP_02_BV {
testcase TC_SECPKI_ITSS_ENR_REP_02_BV() runs on ItsMtc system ItsPkiItssSystem {
// Local variables
var ItsPkiItss v_itss;
var ItsPkiHttp v_ea;
// Test control
if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_ENROLMENT or not PICS_SECPKI_ENROLLMENT_RETRY) {
log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT or PICS_SECPKI_ENROLLMENT_RETRY required for executing the TC ***");
setverdict(inconc);
stop;
}
// Test component configuration
f_cfMtcUp01(v_itss, v_ea);
// Start component
v_itss.start(f_TC_SECPKI_ITSS_ENR_01_BV_itss());
v_ea.start(f_TC_SECPKI_ITSS_ENR_REP_02_BV_pki());
// Synchronization
f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
// Cleanup
f_cfMtcDown01(v_itss, v_ea);
} // End of testcase TC_SECPKI_ITSS_ENR_REP_02_BV
function f_TC_SECPKI_ITSS_ENR_REP_02_BV_pki() runs on ItsPkiHttp system ItsPkiItssSystem { function f_TC_SECPKI_ITSS_ENR_REP_02_BV_pki() runs on ItsPkiHttp system ItsPkiItssSystem {
// Local variable // Local variable
var Headers v_headers; var Headers v_headers;
var HttpMessage v_initial_request; var HttpMessage v_request1;
var HttpMessage v_request; var HttpMessage v_request2;
   
// Test component configuration // Test component configuration
f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID); f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);
...@@ -2868,10 +3066,9 @@ module ItsPki_TestCases { ...@@ -2868,10 +3066,9 @@ module ItsPki_TestCases {
   
// Preamble // Preamble
f_init_default_headers_list(-, "inner_ec_response", v_headers); f_init_default_headers_list(-, "inner_ec_response", v_headers);
tc_ac.start; tc_ac.start;
alt { alt {
[] a_await_ec_http_request_from_iut(mw_http_ec_request_generic, v_initial_request) { [] a_await_ec_http_request_from_iut(mw_http_ec_request_generic, v_request1) {
log("*** " & testcasename() & ": INFO: First enrolment request received ***"); log("*** " & testcasename() & ": INFO: First enrolment request received ***");
tc_ac.stop; tc_ac.stop;
f_http_restart("inner_ec_request"); f_http_restart("inner_ec_request");
...@@ -2881,29 +3078,38 @@ module ItsPki_TestCases { ...@@ -2881,29 +3078,38 @@ module ItsPki_TestCases {
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
} }
} // End of 'alt' statement } // End of 'alt' statement
f_selfOrClientSyncAndVerdict(c_prDone, e_success);
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
// Test Body
tc_ac.start; tc_ac.start;
alt { alt {
[] a_await_ec_http_request_from_iut(mw_http_ec_request_generic, v_request) { [] a_await_ec_http_request_from_iut(
log("*** " & testcasename() & "EC repetition has been received ***"); mw_http_request(
mw_http_request_post(
PICS_HTTP_POST_URI_EC,
-,
v_request1.request.body)),
v_request2)
{
tc_ac.stop; tc_ac.stop;
// Check if both requests are same log("*** " & testcasename() & ": PASS: Same enrolment request received ***");
if (match(v_request, v_initial_request)) { // send error respond to prevent future requests
log("*** " & testcasename() & ": PASS: Repetition request is same ***"); f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_success);
f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
} else {
log("*** " & testcasename() & ": FAIL: Repetition request is different ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_error)
}
} }
[] tc_wait.timeout { [] a_await_ec_http_request_from_iut(mw_http_ec_request_generic, v_request2) {
log("*** " & testcasename() & ": FAIL: EC repetition was not received ***"); tc_ac.stop;
f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout); log("*** " & testcasename() & ": FAIL: 2nd enrolment request is not identical ***");
f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_error);
} }
} [] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: First enrolment request not received ***");
f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
}
} // End of 'alt' statement
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Postamble // Postamble
f_cfHttpDown(); f_cfHttpDown();
} // End of function f_TC_SECPKI_ITSS_ENR_REP_02_BV_pki } // End of function f_TC_SECPKI_ITSS_ENR_REP_02_BV_pki
...@@ -2994,7 +3200,7 @@ module ItsPki_TestCases { ...@@ -2994,7 +3200,7 @@ module ItsPki_TestCases {
tc_ac.start; tc_ac.start;
alt { alt {
[] a_await_ec_http_request_from_iut(mw_http_ec_request_generic, v_request) { [] a_await_ec_http_request_from_iut(mw_http_ec_request_generic, v_request) {
log("*** " & testcasename() & ": PASS: EC repetition has been received ***"); log("*** " & testcasename() & ": EC repetition has been received ***");
var HttpMessage v_response; var HttpMessage v_response;
var integer v_result; var integer v_result;
var InnerEcRequest v_inner_ec_request; var InnerEcRequest v_inner_ec_request;
...@@ -3112,15 +3318,16 @@ module ItsPki_TestCases { ...@@ -3112,15 +3318,16 @@ module ItsPki_TestCases {
} }
[] a_await_ec_http_request_from_iut(mw_http_ec_request_generic, v_initial_request){ [] a_await_ec_http_request_from_iut(mw_http_ec_request_generic, v_initial_request){
// count exceed // count exceed
log("*** " & testcasename() & ": FAIL: Too many repetitions of Enrolment requests received ***");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_error); f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_error);
} }
[] tc_ac.timeout{ [] tc_ac.timeout{
if(v_count > PX_ENR_MAX_N1){ if(v_count > PX_ENR_MAX_N1){
log("*** " & testcasename() & ": PASS: Maximum number of Enrollment request messages received ***"); log("*** " & testcasename() & ": PASS: Maximum number of Enrollment request repetitions received ***");
f_selfOrClientSyncAndVerdict(c_prDone, e_success); f_selfOrClientSyncAndVerdict(c_prDone, e_success);
} else { } else {
log("*** " & testcasename() & ": INCONC: Expected message not received ***"); log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout); f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout);
} }
} }
} }
...@@ -3185,8 +3392,8 @@ module ItsPki_TestCases { ...@@ -3185,8 +3392,8 @@ module ItsPki_TestCases {
function f_TC_SECPKI_ITSS_ENR_REP_05_BV_pki() runs on ItsPkiHttp system ItsPkiItssSystem { function f_TC_SECPKI_ITSS_ENR_REP_05_BV_pki() runs on ItsPkiHttp system ItsPkiItssSystem {
// Local variable // Local variable
var Headers v_headers; var Headers v_headers;
var HttpMessage v_initial_request;
var HttpMessage v_request; var HttpMessage v_request;
var HttpMessage v_initial_request;
   
// Test component configuration // Test component configuration
f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID); f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);
...@@ -5881,7 +6088,7 @@ module ItsPki_TestCases { ...@@ -5881,7 +6088,7 @@ module ItsPki_TestCases {
   
} // End of group f_TC_SECPKI_ITSS_AUTH_REP_05_BV } // End of group f_TC_SECPKI_ITSS_AUTH_REP_05_BV
   
} // End of group itss_authorization_request_repetition } // End of group itss_authorization_request_repetition
   
// ETSI TS 103 525-2 V2.0.2 (2023-07) Clause 5.2.3.4 Authorization using butterfly key expansion mechanism // ETSI TS 103 525-2 V2.0.2 (2023-07) Clause 5.2.3.4 Authorization using butterfly key expansion mechanism
group itss_authorization_request_bfk { group itss_authorization_request_bfk {
...@@ -6020,8 +6227,8 @@ module ItsPki_TestCases { ...@@ -6020,8 +6227,8 @@ module ItsPki_TestCases {
// Local variable // Local variable
var Headers v_headers; var Headers v_headers;
var HttpMessage v_request; var HttpMessage v_request;
var InnerEcRequest v_inner_ec_request;
var InnerEcResponse v_inner_ec_response; var InnerEcResponse v_inner_ec_response;
var InnerEcRequest v_inner_ec_request;
   
// Test component configuration // Test component configuration
f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID); f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);
...@@ -6371,8 +6578,8 @@ module ItsPki_TestCases { ...@@ -6371,8 +6578,8 @@ module ItsPki_TestCases {
// Local variable // Local variable
var Headers v_headers; var Headers v_headers;
var HttpMessage v_request; var HttpMessage v_request;
var InnerEcRequest v_inner_ec_request;
var InnerEcResponse v_inner_ec_response; var InnerEcResponse v_inner_ec_response;
var InnerEcRequest v_inner_ec_request;
   
// Test component configuration // Test component configuration
f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID); f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);
asn1 @ 7e4ea27e
Compare 021805f1...7e4ea27e
Subproject commit 021805f17253f5b0baf80b13bca8151a05342655 Subproject commit 7e4ea27e7e0d752587aa48051f880607c29ef8ca
lib_system/LibItsPki_Functions.ttcn
View file @ c148ec09
...@@ -1343,6 +1343,49 @@ module LibItsPki_Functions { ...@@ -1343,6 +1343,49 @@ module LibItsPki_Functions {
return p_result; return p_result;
} // End of function f_http_build_inner_ec_response } // End of function f_http_build_inner_ec_response
function f_http_build_error_ec_response(
in EnrolmentResponseCode p_responseCode := ok,
in Oct16 p_request_hash,
in octetstring p_private_key := ''O,
in octetstring p_digest := ''O,
in Oct16 p_aes_sym_key,
out Ieee1609Dot2Data p_ieee1609dot2_signed_and_encrypted_data
) return boolean {
// Local variables
var octetstring v_msg;
var Oct12 v_nonce;
var Ieee1609Dot2Data v_ieee1609dot2_signed_data;
var boolean p_result := false;
var InnerEcResponse v_inner_ec_response;
// Check expectred response
if (p_responseCode == ok) {
return false;
}
v_inner_ec_response := valueof(
m_innerEcResponse_ko(
p_request_hash,
p_responseCode
)
);
// Secure the response
log("f_http_build_error_ec_response: p_inner_ec_response= ", v_inner_ec_response);
v_msg := bit2oct(encvalue(m_etsiTs102941Data_inner_ec_response(v_inner_ec_response)));
v_nonce := substr(f_hashWithSha256(int2oct((f_getCurrentTimeUtc() * 1000), 16)), 0, 12); // Random value
// TODO Consider Sha384: m_signerIdentifier_digest(f_hashedId8FromSha384(p_digest))
if (f_build_pki_secured_response_message(p_private_key,
valueof(m_signerIdentifier_digest(f_hashedId8FromSha256(p_digest))),// in SignerIdentifier p_signer_identifier,
v_msg,
p_aes_sym_key,
v_nonce,
p_ieee1609dot2_signed_and_encrypted_data
) == false) {
log("f_http_build_inner_ec_response: Failed to generate the certificate");
return false;
}
return true;
} // End of function f_http_build_error_ec_response
function f_http_build_authorization_request( function f_http_build_authorization_request(
in Certificate p_ec_certificate, // Enrolment credentials certificate in Certificate p_ec_certificate, // Enrolment credentials certificate
in octetstring p_ec_private_key, in octetstring p_ec_private_key,
...@@ -5319,7 +5362,7 @@ module LibItsPki_Functions { ...@@ -5319,7 +5362,7 @@ module LibItsPki_Functions {
mw_enrolmentRequestMessage( mw_enrolmentRequestMessage(
mw_encryptedData() mw_encryptedData()
))))); )))));
} // End of template mw_http_ec_request_generic } // End of predefined requests
function f_await_ec_request_send_response( function f_await_ec_request_send_response(
out InnerEcRequest p_inner_ec_request, out InnerEcRequest p_inner_ec_request,
...@@ -5340,41 +5383,39 @@ module LibItsPki_Functions { ...@@ -5340,41 +5383,39 @@ module LibItsPki_Functions {
[] a_await_ec_http_request_from_iut(mw_http_ec_request_generic, p_request) { [] a_await_ec_http_request_from_iut(mw_http_ec_request_generic, p_request) {
var Ieee1609Dot2Data v_decrypted_message; var Ieee1609Dot2Data v_decrypted_message;
var EtsiTs102941Data v_etsi_ts_102941_data; var EtsiTs102941Data v_etsi_ts_102941_data;
var Oct16 v_request_hash;
var Oct16 v_aes_enc_key;
var InnerEcRequest v_inner_ec_request;
var template (value) HttpMessage v_response; var template (value) HttpMessage v_response;
var Oct16 v_request_hash, v_aes_enc_key;
tc_ac.stop; tc_ac.stop;
if(f_read_ec_request_from_iut_itss(p_request.request.body.binary_body.ieee1609dot2_data, if(f_read_ec_request_from_iut_itss( p_request.request.body.binary_body.ieee1609dot2_data,
v_request_hash, v_aes_enc_key, v_request_hash, v_aes_enc_key,
v_decrypted_message, v_decrypted_message,
v_etsi_ts_102941_data, v_etsi_ts_102941_data,
p_inner_ec_request)) { p_inner_ec_request
var EtsiTs103097Certificate v_ec_certificate; )){
var HashedId8 v_ec_certificate_hashed_id8; var EtsiTs103097Certificate v_ec_certificate;
var HashedId8 v_ec_certificate_hashed_id8;
var Ieee1609Dot2Data v_response_message; var Ieee1609Dot2Data v_response_message;
log(">>>>>> f_await_ec_request_send_response v_inner_ec_request=", p_inner_ec_request); log(">>>>>> f_await_ec_request_send_response v_inner_ec_request=", p_inner_ec_request);
if(ispresent(p_attributes)) { if(ispresent(p_attributes)){
if(isvalue(p_attributes.id)) { if(isvalue(p_attributes.id)){
p_inner_ec_request.requestedSubjectAttributes.id := valueof(p_attributes.id); p_inner_ec_request.requestedSubjectAttributes.id := valueof(p_attributes.id);
} }
if(isvalue(p_attributes.validityPeriod)) { if(isvalue(p_attributes.validityPeriod)){
p_inner_ec_request.requestedSubjectAttributes.validityPeriod := valueof(p_attributes.validityPeriod); p_inner_ec_request.requestedSubjectAttributes.validityPeriod := valueof(p_attributes.validityPeriod);
} }
if(isvalue(p_attributes.region)) { if(isvalue(p_attributes.region)){
p_inner_ec_request.requestedSubjectAttributes.region := valueof(p_attributes.region); p_inner_ec_request.requestedSubjectAttributes.region := valueof(p_attributes.region);
} }
if(isvalue(p_attributes.assuranceLevel)) { if(isvalue(p_attributes.assuranceLevel)){
p_inner_ec_request.requestedSubjectAttributes.assuranceLevel := valueof(p_attributes.assuranceLevel); p_inner_ec_request.requestedSubjectAttributes.assuranceLevel := valueof(p_attributes.assuranceLevel);
} }
if(isvalue(p_attributes.appPermissions)) { if(isvalue(p_attributes.appPermissions)){
p_inner_ec_request.requestedSubjectAttributes.appPermissions := valueof(p_attributes.appPermissions); p_inner_ec_request.requestedSubjectAttributes.appPermissions := valueof(p_attributes.appPermissions);
} }
if(isvalue(p_attributes.certIssuePermissions)) { if(isvalue(p_attributes.certIssuePermissions)){
p_inner_ec_request.requestedSubjectAttributes.certIssuePermissions := valueof(p_attributes.certIssuePermissions); p_inner_ec_request.requestedSubjectAttributes.certIssuePermissions := valueof(p_attributes.certIssuePermissions);
} }
} }
...@@ -5389,11 +5430,13 @@ module LibItsPki_Functions { ...@@ -5389,11 +5430,13 @@ module LibItsPki_Functions {
), v_headers)); ), v_headers));
} else { } else {
v_response := m_http_response(m_http_response_500_internal_error(v_headers)); v_response := m_http_response(m_http_response_500_internal_error(v_headers));
}
f_http_send(v_headers, v_response);
v_result := true;
} }
f_http_send(v_headers, v_response);
}
[] a_await_ec_http_request_from_iut( mw_http_request(), v_wrong_request) { [] a_await_ec_http_request_from_iut( mw_http_request(), v_wrong_request) {
log("f_await_ec_request_send_response: Wrong message received ", v_wrong_request); log(">>>>>> f_await_ec_request_send_response: Wrong message received ", v_wrong_request);
log(" ", match(v_wrong_request, mw_http_request())); log(" ", match(v_wrong_request, mw_http_request()));
f_http_send(v_headers, m_http_response(m_http_response_500_internal_error(v_headers))); f_http_send(v_headers, m_http_response(m_http_response_500_internal_error(v_headers)));
repeat; repeat;
...@@ -5409,8 +5452,6 @@ module LibItsPki_Functions { ...@@ -5409,8 +5452,6 @@ module LibItsPki_Functions {
function f_await_ec_request_send_no_response( function f_await_ec_request_send_no_response(
out HttpMessage p_request out HttpMessage p_request
) runs on ItsPkiHttp { ) runs on ItsPkiHttp {
var boolean v_result := false;
log(">>> f_await_ec_request_send_no_response"); log(">>> f_await_ec_request_send_no_response");
tc_ac.start; tc_ac.start;
...@@ -5933,10 +5974,9 @@ module LibItsPki_Functions { ...@@ -5933,10 +5974,9 @@ module LibItsPki_Functions {
var octetstring v_tbs_signed; var octetstring v_tbs_signed;
var template (value) Ieee1609Dot2Data v_ieee1609dot2_signed_data; var template (value) Ieee1609Dot2Data v_ieee1609dot2_signed_data;
var octetstring v_encoded_inner_ec_response; var octetstring v_encoded_inner_ec_response;
var octetstring v_symkeyidentifier;
var HashedId8 v_recipientId; var HashedId8 v_recipientId;
var octetstring v_encrypted_inner_ec_response; var octetstring v_encrypted_inner_ec_response;
var octetstring v_symkeyidentifier;
// Signed the encoded PKI message // Signed the encoded PKI message
v_tbs := m_toBeSignedData( v_tbs := m_toBeSignedData(
m_signedDataPayload( m_signedDataPayload(
...@@ -5950,6 +5990,8 @@ module LibItsPki_Functions { ...@@ -5950,6 +5990,8 @@ module LibItsPki_Functions {
var charstring v_certificate_id; var charstring v_certificate_id;
var Oct32 v_hash; var Oct32 v_hash;
fx_readCertificateFromDigest(p_signer_identifier.digest, v_certificate_id); // TODO Add a wrapper function fx_readCertificateFromDigest(p_signer_identifier.digest, v_certificate_id); // TODO Add a wrapper function
log(">>>>> f_build_pki_secured_response_message: use ", v_certificate_id, " for signing response");
log(">>>>> f_build_pki_secured_response_message: use ", p_private_key, " as private key");
f_getCertificateHash(v_certificate_id, v_hash); f_getCertificateHash(v_certificate_id, v_hash);
v_tbs_signed := f_signWithEcdsaNistp256WithSha256(bit2oct(encvalue(v_tbs)), v_hash, p_private_key); v_tbs_signed := f_signWithEcdsaNistp256WithSha256(bit2oct(encvalue(v_tbs)), v_hash, p_private_key);
} }
...@@ -6000,52 +6042,54 @@ module LibItsPki_Functions { ...@@ -6000,52 +6042,54 @@ module LibItsPki_Functions {
} // End of function f_build_pki_secured_response_message } // End of function f_build_pki_secured_response_message
function f_read_pki_request_message( function f_read_pki_request_message(
in Ieee1609Dot2Data p_encrypted_message, in Ieee1609Dot2Data p_encrypted_message,
in Oct32 p_private_enc_key, in Oct32 p_private_enc_key,
in Oct32 p_salt, in Oct32 p_salt,
out Oct16 p_request_hash, out Oct16 p_request_hash,
out Oct16 p_aes_enc_key, out Oct16 p_aes_enc_key,
out Ieee1609Dot2Data p_decrypted_message, out Ieee1609Dot2Data p_decrypted_message,
out EtsiTs102941Data p_etsi_ts_102941_data out EtsiTs102941Data p_etsi_ts_102941_data
) return boolean { ) return boolean {
var octetstring v_msg; var octetstring v_msg;
var boolean v_return_code := true; var boolean ret := true;
// 1. Calculate the request Hash // 1. Calculate the request Hash
v_msg := bit2oct(encvalue(p_encrypted_message)); v_msg := bit2oct(encvalue(p_encrypted_message));
log("f_read_pki_request_message: Encoded request: ", v_msg); log("f_parse_pki_request: Encoded request: ", v_msg);
p_request_hash := substr(f_hashWithSha256(v_msg), 0, 16); p_request_hash := substr(f_hashWithSha256(v_msg), 0, 16);
log("f_read_pki_request_message: p_request_hash= ", p_request_hash); log("f_parse_pki_request: p_request_hash= ", p_request_hash);
// 2. Decrypt message // 2. Decrypt message
log("f_read_pki_request_message: p_private_enc_key= ", p_private_enc_key); log("f_parse_pki_request: p_private_enc_key= ", p_private_enc_key);
if (false == f_decrypt(p_private_enc_key, p_encrypted_message, p_salt, p_decrypted_message, p_aes_enc_key)) { if (false == f_decrypt(p_private_enc_key, p_encrypted_message, p_salt, p_decrypted_message, p_aes_enc_key)) {
log("f_read_pki_request_message: Failed to decrypt message"); log("f_parse_pki_request: Failed to decrypt message");
return false; return false;
} }
log("f_read_pki_request_message: v_ieee1609dot2_signed_data= ", p_decrypted_message); log("f_parse_pki_request: v_ieee1609dot2_signed_data= ", p_decrypted_message);
log("f_read_pki_request_message: p_aes_enc_key= ", p_aes_enc_key); log("f_parse_pki_request: p_aes_enc_key= ", p_aes_enc_key);
// 3. get TS 102 941 data // 3. get TS 102 941 data
select(p_decrypted_message) { select(p_decrypted_message){
case (mw_etsiTs103097Data_signed( case( mw_etsiTs103097Data_signed(
mw_signedData( mw_signedData(
-, -,
mw_toBeSignedData( mw_toBeSignedData(
mw_signedDataPayload mw_signedDataPayload
)))) { )
var bitstring v_msg_bit; )
v_msg_bit := oct2bit(p_decrypted_message.content.signedData.tbsData.payload.data.content.unsecuredData); )
if (decvalue(v_msg_bit, p_etsi_ts_102941_data) != 0) { ) {
v_return_code := false; var bitstring v_msg_bit;
} v_msg_bit := oct2bit(p_decrypted_message.content.signedData.tbsData.payload.data.content.unsecuredData);
} if (decvalue(v_msg_bit, p_etsi_ts_102941_data) != 0) {
ret := false;
}
}
case else { case else {
v_return_code := false; ret := false;
} }
} // End of 'select' statement }
return ret;
return v_return_code;
} // End of function f_read_pki_request_message } // End of function f_read_pki_request_message
function f_read_ec_request_from_iut_itss( function f_read_ec_request_from_iut_itss(
...@@ -6061,11 +6105,17 @@ module LibItsPki_Functions { ...@@ -6061,11 +6105,17 @@ module LibItsPki_Functions {
var EtsiTs103097Certificate v_ec_certificate; var EtsiTs103097Certificate v_ec_certificate;
var HashedId8 v_ec_certificate_hashed_id8; var HashedId8 v_ec_certificate_hashed_id8;
var InnerEcResponse v_inner_ec_response; var InnerEcResponse v_inner_ec_response;
/*
if (f_read_pki_request_message(p_encrypted_message, vc_eaPrivateEncKey, vc_eaWholeHash/*salt*/, if(false == f_get_canonical_itss_key(v_canonical_key)){
p_request_hash, p_aes_enc_key, log(">>> f_read_ec_request_from_iut_itss: error getting canonical key");
p_decrypted_message, return false;
p_etsi_ts_102941_data)) { }
*/
if( f_read_pki_request_message( p_encrypted_message, vc_eaPrivateEncKey, vc_eaWholeHash/*salt*/,
p_request_hash, p_aes_enc_key,
p_decrypted_message,
p_etsi_ts_102941_data
)) {
// decode InnerEcRequest // decode InnerEcRequest
var bitstring v_msg_bit := oct2bit(p_etsi_ts_102941_data.content.enrolmentRequest.content.signedData.tbsData.payload.data.content.unsecuredData); var bitstring v_msg_bit := oct2bit(p_etsi_ts_102941_data.content.enrolmentRequest.content.signedData.tbsData.payload.data.content.unsecuredData);
if (decvalue(v_msg_bit, p_inner_ec_request) != 0) { if (decvalue(v_msg_bit, p_inner_ec_request) != 0) {
...@@ -6076,6 +6126,7 @@ module LibItsPki_Functions { ...@@ -6076,6 +6126,7 @@ module LibItsPki_Functions {
return false; return false;
} // End of function f_read_ec_request_from_iut_itss } // End of function f_read_ec_request_from_iut_itss
/** /**
* @desc Verify the protocol element of the Pki message. * @desc Verify the protocol element of the Pki message.
* If p_check_security is set to false, only decryption and decoding of the outer message are verified. * If p_check_security is set to false, only decryption and decoding of the outer message are verified.
...@@ -6154,29 +6205,29 @@ module LibItsPki_Functions { ...@@ -6154,29 +6205,29 @@ module LibItsPki_Functions {
// 4. Verifiy signature // 4. Verifiy signature
log("f_verify_pki_request_message: v_ieee1609dot2_signed_data.content.signedData.tbsData= ", v_ieee1609dot2_signed_data.content.signedData.tbsData); log("f_verify_pki_request_message: v_ieee1609dot2_signed_data.content.signedData.tbsData= ", v_ieee1609dot2_signed_data.content.signedData.tbsData);
v_msg := bit2oct(encvalue(v_ieee1609dot2_signed_data.content.signedData.tbsData)); v_msg := bit2oct(encvalue(v_ieee1609dot2_signed_data.content.signedData.tbsData));
log("f_verify_pki_request_message: v_msg= ", v_msg); if (not ispresent(p_verification_key)){
if (not ispresent(p_verification_key)) {
var EtsiTs103097Certificate v_cert; var EtsiTs103097Certificate v_cert;
var charstring v_cert_id; var charstring v_cert_id;
if (ischosen(v_ieee1609dot2_signed_data.content.signedData.signer.digest)) { if (ischosen(v_ieee1609dot2_signed_data.content.signedData.signer.digest)){
if (not f_getCertificateFromDigest(v_ieee1609dot2_signed_data.content.signedData.signer.digest, v_cert, v_cert_id)){ if (not f_getCertificateFromDigest(v_ieee1609dot2_signed_data.content.signedData.signer.digest, v_cert, v_cert_id)){
if (p_check_security == true) { if (p_check_security == true) {
return false; return false;
} }
} }
} }
if (ischosen(v_ieee1609dot2_signed_data.content.signedData.signer.certificate)) { if (ischosen(v_ieee1609dot2_signed_data.content.signedData.signer.certificate)){
if(lengthof(v_ieee1609dot2_signed_data.content.signedData.signer.certificate) > 0) { if(lengthof(v_ieee1609dot2_signed_data.content.signedData.signer.certificate) > 0){
v_cert := v_ieee1609dot2_signed_data.content.signedData.signer.certificate[0]; v_cert := v_ieee1609dot2_signed_data.content.signedData.signer.certificate[0];
} }
} }
if (isbound(v_cert)) { if (isbound(v_cert)){
if(ischosen(v_cert.toBeSigned.verifyKeyIndicator.verificationKey)){ if(ischosen(v_cert.toBeSigned.verifyKeyIndicator.verificationKey)){
p_verification_key := v_cert.toBeSigned.verifyKeyIndicator.verificationKey; p_verification_key := v_cert.toBeSigned.verifyKeyIndicator.verificationKey;
} }
} }
} }
if (ispresent(p_verification_key)) { if (ispresent(p_verification_key)){
log("f_verify_pki_request_message: v_msg= ", v_msg);
if (false == f_verifyEcdsa(v_msg, int2oct(0, 32), v_ieee1609dot2_signed_data.content.signedData.signature_, valueof(p_verification_key))) { if (false == f_verifyEcdsa(v_msg, int2oct(0, 32), v_ieee1609dot2_signed_data.content.signedData.signature_, valueof(p_verification_key))) {
if (p_check_security == true) { if (p_check_security == true) {
return false; return false;
......