Validated TC01-TC22 (64608aea) · Commits · ITS - Intelligent Transport Systems / ttcn / SEC TS 103 096-3

ItsSecurity_TestCases.ttcn

+116 −55

Original line number	Diff line number	Diff line
		@@ -2544,12 +2544,12 @@ module ItsSecurity_TestCases {
		* containing inlineP2pcdRequest
		* containing HashedId3 value
		* indicating last 3 octets of the digest of CERT_IUT_A_AA
		* at TIME_2 (TIME_1 < TIME_2 < TIME_1 + 0.9sec)
		* at TIME_2 (TIME_1 + 0.9sec < TIME_2 < TIME_1 + 1sec)
		* }
		* ensure that {
		* when {
		* the IUT is requested to send a secured CAM
		* at TIME_3 (TIME_1 < TIME_2 < TIME_3 < TIME_1 + 1sec)
		* at TIME_3 (TIME_2 < TIME_3 < TIME_1 + 1sec)
		* } then {
		* the IUT sends a SecuredMessage of type EtsiTs103097Data
		* containing signer
		@@ -2569,11 +2569,13 @@ module ItsSecurity_TestCases {
		// Local variables
		const float c_certificateGenerationTime := 0.8;

		timer t_maxTransInterval := c_certificateGenerationTime * 0.9;
		timer t_maxTransInterval := 2.0;
		timer t_sendRequest := 0.1; // send the AA request each 100msec
		var GeoNetworkingInd v_geoNwInd;
		var ItsCam v_component;
		var Certificate v_aa_certificate;
		var HashedId8 v_hashedId8;
		var HashedId8 v_aa_hashedId8;
		var boolean v_aa_certificateReceived := false;

		// Test control
		if (not(PICS_GN_SECURITY) or not(PICS_SEC_P2P_AA_DISTRIBUTION)) {
		@@ -2588,11 +2590,6 @@ module ItsSecurity_TestCases {

		// Preamble
		f_prNeighbour();
		f_readCertificate(cc_taCert_AA, v_aa_certificate);
		f_getCertificateDigest(
		cc_taCert_AA,
		v_hashedId8
		);
		geoNetworkingPort.clear;
		v_component := f_setCamFrequencyGreatherThan1Hz();
		tc_ac.start;
		@@ -2611,39 +2608,73 @@ module ItsSecurity_TestCases {
		)
		),
		mw_geoNwShbPacket
		))) {
		))) -> value v_geoNwInd {
		var SignerIdentifier v_signerIdentifier;
		var EtsiTs103097Certificate v_certificate;
		var integer v_certificatesLength;
		var charstring v_aa_certificate_id;
		tc_ac.stop;
		t_maxTransInterval.start;

		log("* " & testcasename() & ": INFO: Initial conditions: First CA message with certificate received *");

		// Send secured message with request for the currently used AT certificate
		// get HashedId8 currently used AA certificate
		f_getMsgSignerIdentifier(v_geoNwInd.msgIn.gnPacket.securedMsg, v_signerIdentifier);
		v_certificatesLength := lengthof(v_signerIdentifier.certificate);
		if(v_certificatesLength < 1) {
		log("* " & testcasename() & ": INCONC: Empty certificate chain length *");
		f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_error);
		}
		v_certificate := v_signerIdentifier.certificate[v_certificatesLength-1];
		if( ispresent( v_certificate.issuer.sha256AndDigest )){
		v_aa_hashedId8 := v_certificate.issuer.sha256AndDigest;
		}else if( ispresent( v_certificate.issuer.sha384AndDigest )){
		v_aa_hashedId8 := v_certificate.issuer.sha384AndDigest;
		}else{
		log("* " & testcasename() & ": ERROR: Self-signed certificate should not be used *");
		f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_error);
		}

		// send 1st message signed by certificate
		f_sendSecuredCam(
		cc_taCert_A,
		valueof(
		m_headerInfo_cam(
		-,
		(f_getCurrentTime() * 1000)/us/,
		-,
		{ f_hashedId3FromHashedId8(v_hashedId8) }
		(f_getCurrentTime() * 1000)/us/
		)),
		valueof(
		m_signerIdentifier_digest(
		v_hashedId8
		)
		m_signerIdentifier_certificate(vc_atCertificate)
		)
		);
		f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
		}
		[] tc_ac.timeout {
		log("* " & testcasename() & ": INCONC: Initial conditions: CA message with certificate not received *");
		f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
		}
		} // End of 'alt' statement
		}

		// Test Body
		tc_ac.start;
		t_maxTransInterval.start;
		t_sendRequest.start;

		alt {
		[] t_sendRequest.timeout {
		log("* " & testcasename() & ": INFO: Send AA certificate request *");
		t_sendRequest.start;
		f_sendSecuredCam(
		cc_taCert_A,
		valueof(
		m_headerInfo_cam(
		-,
		(f_getCurrentTime() * 1000)/us/,
		-,
		{ f_hashedId3FromHashedId8(v_aa_hashedId8) }
		)),
		valueof(
		m_signerIdentifier_digest
		)
		);
		repeat;
		}
		[] geoNetworkingPort.receive(
		mw_geoNwInd(
		mw_geoNwSecPdu(
		@@ -2652,17 +2683,15 @@ module ItsSecurity_TestCases {
		-,
		mw_toBeSignedData(
		mw_signedDataPayload,
		mw_headerInfo_cam // Not containing requestedCertificate
		mw_headerInfo_cam(-,-,-,?) // containing requestedCertificate
		),
		mw_signerIdentifier_certificate // containing certificate
		)
		),
		mw_geoNwShbPacket
		))) -> value v_geoNwInd {
		tc_ac.stop;
		t_maxTransInterval.stop;
		log("* " & testcasename() & ": PASS: Generation of CAM messages including certificate *");
		f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
		))) {
		log("* " & testcasename() & ": FAIL: The requested certificate is sent within the certificate-signed message *");
		f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
		}
		[] geoNetworkingPort.receive(
		mw_geoNwInd(
		@@ -2672,26 +2701,26 @@ module ItsSecurity_TestCases {
		-,
		mw_toBeSignedData(
		mw_signedDataPayload,
		mw_headerInfo_cam // Not containing requestedCertificate
		),
		mw_signerIdentifier_digest // containing digest
		mw_headerInfo_cam(-,-,-,?) // containing requestedCertificate
		)
		)
		),
		mw_geoNwShbPacket
		))) {
		log("* " & testcasename() & ": INFO: CA message retransmission w/o certificate *");
		log("* " & testcasename() & ": INFO: Requested AA certificate received *");
		v_aa_certificateReceived := true;
		repeat;
		}
		[] t_maxTransInterval.timeout {
		tc_ac.stop;
		log("* " & testcasename() & ": FAIL: The certificate chain has not been received during 1 sec *");
		f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
		}

		[] tc_ac.timeout {
		log("* " & testcasename() & ": INCONC: Expected CA message not received *");
		t_sendRequest.stop;
		if(v_aa_certificateReceived){
		log("* " & testcasename() & ": PASS: The requested certificate was sent with digests only *");
		f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
		}else{
		log("* " & testcasename() & ": INCONC: The requested certificate was never been received *");
		f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
		}
		}
		} // End of 'alt' statement

		// Postamble
		@@ -2907,6 +2936,8 @@ module ItsSecurity_TestCases {
		// Preamble
		f_prNeighbour();
		geoNetworkingPort.clear;
		/* We do not need to wait for the 1st certificate here.
		Preambule is not needed
		tc_ac.start;
		alt {
		[] geoNetworkingPort.receive(
		@@ -2933,6 +2964,8 @@ module ItsSecurity_TestCases {
		f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
		}
		} // End of 'alt' statement
		*/
		f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);

		// Test Body
		tc_ac.start;
		@@ -2967,19 +3000,47 @@ module ItsSecurity_TestCases {
		f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
		} else {
		// Check certificate validity period
		var Time64 v_startTime, v_endTime;
		f_getMsgSignerIdentifier (f_getSecuredMessage(v_geoNwInd.msgIn), v_signerIdentifier);
		log("v_signerIdentifier.certificate[0].toBeSigned.validityPeriod.start_ (s)=", v_signerIdentifier.certificate[0].toBeSigned.validityPeriod.start_);
		log("c_timeLimit (s)=", c_timeLimit / 1000000);
		log("v_curTime (s)=", v_curTime / 1000000);
		log("valid interval=", Time32:((v_curTime - c_timeLimit) / 1000000, (v_curTime + c_timeLimit) / 1000000));
		if (v_signerIdentifier.certificate[0].toBeSigned.validityPeriod.start_ > (v_curTime + c_timeLimit) / 1000000) {
		log("*** " & testcasename() & ": FAIL: CA message certificate validity period is not in 5 min range");
		v_startTime := v_signerIdentifier.certificate[0].toBeSigned.validityPeriod.start_;
		v_startTime := v_startTime * 1000000;
		log("v_signerIdentifier.certificate[0].toBeSigned.validityPeriod.start_=", v_startTime);
		log("v_curTime=", v_curTime);
		if (v_startTime > v_curTime + c_timeLimit) {
		log("*** " & testcasename() & ": FAIL: certificate validity period is in the future");
		f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
		} else {
		// TODO Check duration
		log("* " & testcasename() & ": PASS: Generation of CAM messages including certificate was successful *");
		f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
		}
		if (v_startTime > v_generationTime) {
		log("*** " & testcasename() & ": FAIL: generation time is before the certificate validity period");
		f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
		}
		if(ischosen(v_signerIdentifier.certificate[0].toBeSigned.validityPeriod.duration.microseconds)){
		v_endTime := v_startTime + v_signerIdentifier.certificate[0].toBeSigned.validityPeriod.duration.microseconds;
		}else if (ischosen(v_signerIdentifier.certificate[0].toBeSigned.validityPeriod.duration.milliseconds)){
		var Time64 t := v_signerIdentifier.certificate[0].toBeSigned.validityPeriod.duration.milliseconds;
		v_endTime := t * 1000;
		}else if (ischosen(v_signerIdentifier.certificate[0].toBeSigned.validityPeriod.duration.seconds)){
		var Time64 t := v_signerIdentifier.certificate[0].toBeSigned.validityPeriod.duration.seconds;
		v_endTime := v_startTime + t * 1000000;
		}else if (ischosen(v_signerIdentifier.certificate[0].toBeSigned.validityPeriod.duration.minutes)){
		var Time64 t := v_signerIdentifier.certificate[0].toBeSigned.validityPeriod.duration.minutes;
		v_endTime := v_startTime + t * 60 * 1000000;
		}else if (ischosen(v_signerIdentifier.certificate[0].toBeSigned.validityPeriod.duration.hours)){
		var Time64 t := v_signerIdentifier.certificate[0].toBeSigned.validityPeriod.duration.hours;
		v_endTime := v_startTime + t * 3600 * 1000000;
		}else if (ischosen(v_signerIdentifier.certificate[0].toBeSigned.validityPeriod.duration.sixtyHours)){
		var Time64 t := v_signerIdentifier.certificate[0].toBeSigned.validityPeriod.duration.sixtyHours;
		v_endTime := v_startTime + t * 3600 * 60 * 1000000;
		}else if (ischosen(v_signerIdentifier.certificate[0].toBeSigned.validityPeriod.duration.years)){
		var Time64 t := v_signerIdentifier.certificate[0].toBeSigned.validityPeriod.duration.years;
		v_endTime := v_startTime + t * 365 * 24 * 3600 * 1000000;
		}
		if (not match(v_generationTime, Time64:(v_startTime .. v_endTime))) {
		log("* " & testcasename() & ": FAIL: CA message generation time is NOT inside the certificate validity period *");
		f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
		}
		log("* " & testcasename() & ": PASS: CA message generation time is inside the certificate validity period *");
		f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
		}
		}
		[] geoNetworkingPort.receive(