Support of implicit certificates (b6a1fb3c) · Commits · ITS - Intelligent Transport Systems / ttcn / SEC TS 103 096-3

ItsSecurity_TestCases.ttcn

+392 −0

Original line number	Diff line number	Diff line
		@@ -4284,6 +4284,398 @@ module ItsSecurity_TestCases {
		*/

		} // End of group camProfile

		group implicit_certificates {

		/**
		* @desc Check that IUT supports usage of implicit certificate for signing message.
		* <pre>
		* Pics Selection: PICS_GN_SECURITY and (PICS_SEC_NIST_P256 or PICS_SEC_BRAINPOOL_P256R1)
		* Config Id: CF01
		* Initial conditions:
		* with {
		* the IUT is authorized with AT implicit certificate (X_CERTIFICATE)
		* and the IUT is configured to send more than one CAM per second
		* and the IUT having sent a secured CAM
		* containing signer
		* containing certificate
		* indicating X_CERTIFICATE
		* containing verifyKeyIndicator
		* containing reconstructionValue
		* containing R_KEY
		* }
		* ensure that {
		* when {
		* the IUT is requested to send a subsequent secured CAM
		* containing signer
		* containing digest
		* } then {
		* the IUT sends a Ieee1609Dot2Data
		* containing content
		* containing signedData
		* containing signer
		* containing digest
		* indicating last 8 bytes of the Hash value calculated using X_HASH algorithm
		* </pre>
		*
		* @see ETSI TS 103 096-2 v1.5.1 TP_SEC_ITSS_SND_IMPLICIT_CERT_01_BV
		* @reference ETSI TS 103 097 [1] Clauses 5.2 & 7.1.1
		* @reference IEEE 1609.2 [2] Clause 6.3.4
		*/
		testcase TC_SEC_ITSS_SND_IMPLICIT_CERT_01_BV() runs on ItsGeoNetworking system ItsSecSystem {

		// Local variables
		var GeoNetworkingInd v_geoNwInd;
		var ItsCam v_component;
		var EtsiTs103097Certificate v_certificate;
		var HashedId8 v_certificate_digest;

		// Test control
		if (not(PICS_GN_SECURITY and (PICS_SEC_NIST_P256 or PICS_SEC_BRAINPOOL_P256R1))) {
		log("* " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and (PICS_SEC_NIST_P256 or PICS_SEC_BRAINPOOL_P256R1)' required for executing the TC *");
		stop;
		}

		// Test component configuration
		vc_hashedId8ToBeUsed := cc_iutCert_A_IMP;
		f_cf01Up();

		// Test adapter configuration

		// Preamble
		f_prNeighbour();
		f_readCertificate(vc_hashedId8ToBeUsed, v_certificate);
		f_getCertificateDigest(vc_hashedId8ToBeUsed, v_certificate_digest);
		v_component := f_setCamFrequencyGreatherThan1Hz();
		f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);

		// Test Body
		geoNetworkingPort.clear;
		tc_ac.start;
		alt {
		[] geoNetworkingPort.receive(
		mw_geoNwInd(
		mw_geoNwSecPdu(
		mw_etsiTs103097Data_signed(
		mw_signedData(
		-,
		mw_toBeSignedData(
		mw_signedDataPayload,
		mw_headerInfo_cam
		),
		mw_signerIdentifier_certificate( // containing implicit certificate
		mw_etsiTs103097Certificate(
		?,
		mw_toBeSignedCertificate_at(
		-,
		v_certificate.toBeSigned.verifyKeyIndicator
		),
		-,
		implicit
		))
		)
		),
		mw_geoNwShbPacket
		))) {
		tc_ac.stop;
		f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
		}
		[] geoNetworkingPort.receive(
		mw_geoNwInd(
		mw_geoNwSecPdu(
		mw_etsiTs103097Data_signed(
		mw_signedData(
		-,
		mw_toBeSignedData(
		mw_signedDataPayload,
		mw_headerInfo_cam
		),
		mw_signerIdentifier_digest(
		v_certificate_digest
		))),
		mw_geoNwShbPacket
		))) {
		log("* " & testcasename() & ": INFO: CA message retransmission with digest *");
		repeat;
		}
		[] tc_ac.timeout {
		log("* " & testcasename() & ": INCONC: Expected CA message not received *");
		f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
		}
		} // End of 'alt' statement

		// Postamble
		f_terminateCam(v_component);
		f_poNeighbour();
		f_cf01Down();
		} // End of testcase TC_SEC_ITSS_SND_IMPLICIT_CERT_01_BV

		/**
		* @desc Check that IUT accepts a valid secured CAM message signed with a known implicit certificate
		* <pre>
		* Pics Selection: PICS_GN_SECURITY
		* Config Id: CF01
		* Initial conditions:
		* with {
		* the IUT being in the 'authorized' state
		* and the IUT current time (CUR_TIME) is inside the time validity period of CERT_TS_A_IMP_AT
		* }
		* Expected behaviour:
		* ensure that {
		* when {
		* the IUT is receiving a message of type EtsiTs103097Data (MSG)
		* containing protocolVersion
		* indicating 3
		* and containing content.signedData
		* containing hashId
		* indicating hash algorithm of the reconstruction key of CERT_TS_A_IMP_AT
		* and containing tbsData
		* and containing signer
		* containing certificate
		* containing 1 item of type EtsiTs103097Certificate
		* indicating CERT_TS_A_IMP_AT
		* and containing signature
		* containing ecdsaNistP256Signature
		* containing rSig.x-only
		* calculated over the MSG.content.signedData.tbsData
		* using verification key of CERT_TS_A_IMP_AT
		* } then {
		* the IUT accepts the SecuredMessage
		* }
		* }
		* </pre>
		*
		* @see ETSI TS 103 096-2 v1.5.1 TP_SEC_ITSS_RCV_IMPLICIT_CERT_01_BV
		* @reference ETSI TS 103 097 [1] Clause 7.1.1
		*/
		testcase TC_SEC_ITSS_RCV_IMPLICIT_CERT_01_BV() runs on ItsGeoNetworking system ItsSecSystem {

		// Local variables
		var integer i;
		var GeoNetworkingPdu v_securedGnPdu;
		var GnRawPayload v_sentRawPayload;

		// Test adapter configuration
		if (not(PICS_GN_SECURITY)) {
		log("* " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC *");
		stop;
		}

		// Test component configuration
		vc_hashedId8ToBeUsed := cc_iutCert_A_IMP;
		f_cf01Up();

		// Test adapter configuration

		// Preamble
		f_prNeighbour();
		f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);

		// Test Body
		v_securedGnPdu := f_sendSecuredCam(
		cc_taCert_A,
		valueof(m_headerInfo_cam(-, (f_getCurrentTime() * 1000)/us/)),
		valueof(m_signerIdentifier_certificate(vc_atCertificate)),
		f_getTsStationId()
		);

		f_sleep(PX_TNOAC);
		v_sentRawPayload := valueof(v_securedGnPdu.gnPacket.packet.payload);
		for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) {
		// Empty on purpose
		}
		if (i < lengthof(vc_utInds)) {
		log("* " & testcasename() & ": PASS: GN was transmitted to upper layer*");
		f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
		}
		else {
		log("* " & testcasename() & ": FAIL: GN was not transmitted to upper layer*");
		f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
		}

		// Postamble
		f_poNeighbour();
		f_cf01Down();
		} // End of testcase TC_SEC_ITSS_RCV_IMPLICIT_CERT_01_BV

		/**
		* @desc Check that IUT accepts a valid secured CAM message signed with an unknown implicit certificate
		* <pre>
		* Pics Selection: PICS_GN_SECURITY
		* Config Id: CF01
		* Initial conditions:
		* with {
		* the IUT being in the 'authorized' state
		* and the IUT current time (CUR_TIME) is inside the time validity period of CERT_TS_A_IMP_AT
		* }
		* Expected behaviour:
		* ensure that {
		* when {
		* the IUT is receiving a message of type EtsiTs103097Data (MSG)
		* containing protocolVersion
		* indicating 3
		* and containing content.signedData
		* containing hashId
		* indicating hash algorithm of the reconstruction key of CERT_TS_A_IMP_AT
		* and containing tbsData
		* and containing signer
		* containing certificate
		* containing 1 item of type EtsiTs103097Certificate
		* indicating CERT_TS_A_IMP_AT
		* and containing signature
		* containing ecdsaNistP256Signature
		* containing rSig.x-only
		* calculated over the MSG.content.signedData.tbsData
		* using verification key of CERT_TS_A_IMP_AT
		* } then {
		* the IUT accepts the SecuredMessage
		* }
		* }
		* </pre>
		*
		* @see ETSI TS 103 096-2 v1.5.1 TP_SEC_ITSS_RCV_IMPLICIT_CERT_02_BV
		* @reference ETSI TS 103 097 [1] Clause 7.1.1
		*/
		testcase TC_SEC_ITSS_RCV_IMPLICIT_CERT_02_BV() runs on ItsGeoNetworking system ItsSecSystem {

		// Local variables
		var integer i;
		var GeoNetworkingPdu v_securedGnPdu;
		var GnRawPayload v_sentRawPayload;

		// Test adapter configuration
		if (not(PICS_GN_SECURITY)) {
		log("* " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC *");
		stop;
		}

		// Test component configuration
		vc_hashedId8ToBeUsed := "CERT_TS_F3_AT_IMP";
		f_cf01Up();

		// Test adapter configuration

		// Preamble
		f_prNeighbour();
		f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);

		// Test Body
		v_securedGnPdu := f_sendSecuredCam(
		cc_taCert_A,
		valueof(m_headerInfo_cam(-, (f_getCurrentTime() * 1000)/us/)),
		valueof(m_signerIdentifier_certificate(vc_atCertificate)),
		f_getTsStationId()
		);

		f_sleep(PX_TNOAC);
		v_sentRawPayload := valueof(v_securedGnPdu.gnPacket.packet.payload);
		for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) {
		// Empty on purpose
		}
		if (i < lengthof(vc_utInds)) {
		log("* " & testcasename() & ": PASS: GN was transmitted to upper layer*");
		f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
		}
		else {
		log("* " & testcasename() & ": FAIL: GN was not transmitted to upper layer*");
		f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
		}

		// Postamble
		f_poNeighbour();
		f_cf01Down();
		} // End of testcase TC_SEC_ITSS_RCV_IMPLICIT_CERT_02_BV

		/**
		* @desc Check that IUT discards a valid secured CAM message signed with implicit certificate containing signature
		* <pre>
		* Pics Selection: PICS_GN_SECURITY
		* Config Id: CF01
		* Initial conditions:
		* with {
		* the IUT being in the 'authorized' state
		* and the IUT current time (CUR_TIME) is inside the time validity period of CERT_TS_A_IMP_AT_BO
		* }
		* Expected behaviour:
		* ensure that {
		* when {
		* the IUT is receiving a message of type EtsiTs103097Data (MSG)
		* containing protocolVersion
		* indicating 3
		* and containing content.signedData
		* containing hashId
		* indicating hash algorithm of the reconstruction key of CERT_TS_A_IMP_AT_BO
		* and containing tbsData
		* and containing signer
		* containing certificate
		* containing 1 item of type EtsiTs103097Certificate
		* indicating CERT_TS_A_IMP_AT_BO
		* and containing signature
		* containing ecdsaNistP256Signature
		* containing rSig.x-only
		* calculated over the MSG.content.signedData.tbsData
		* using verification key of CERT_TS_A_IMP_AT_BO
		* } then {
		* the IUT discards the SecuredMessage
		* }
		* }
		* </pre>
		*
		* @see ETSI TS 103 096-2 v1.5.1 TP_SEC_ITSS_RCV_IMPLICIT_CERT_01_BO
		* @reference ETSI TS 103 097 [1] Clause 7.1.1
		*/
		testcase TC_SEC_ITSS_RCV_IMPLICIT_CERT_01_BO() runs on ItsGeoNetworking system ItsSecSystem {

		// Local variables
		var integer i;
		var GeoNetworkingPdu v_securedGnPdu;
		var GnRawPayload v_sentRawPayload;

		// Test adapter configuration
		if (not(PICS_GN_SECURITY)) {
		log("* " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC *");
		stop;
		}

		// Test component configuration
		vc_hashedId8ToBeUsed := cc_iutCert_A_IMP_BO;
		f_cf01Up();

		// Test adapter configuration

		// Preamble
		f_prNeighbour();
		f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);

		// Test Body
		v_securedGnPdu := f_sendSecuredCam(
		cc_taCert_A,
		valueof(m_headerInfo_cam(-, (f_getCurrentTime() * 1000)/us/)),
		valueof(m_signerIdentifier_certificate(vc_atCertificate)),
		f_getTsStationId()
		);

		f_sleep(PX_TNOAC);
		v_sentRawPayload := valueof(v_securedGnPdu.gnPacket.packet.payload);
		for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) {
		// Empty on purpose
		}
		if (i < lengthof(vc_utInds)) {
		log("* " & testcasename() & ": FAIL: GN was transmitted to upper layer, it should not *");
		f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
		}
		else {
		log("* " & testcasename() & ": PASS: GN was transmitted to upper layer *");
		f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
		}

		// Postamble
		f_poNeighbour();
		f_cf01Down();
		} // End of testcase TC_SEC_ITSS_RCV_IMPLICIT_CERT_01_BO

		} // End of group implicit_certificate

		/**
		* @desc Sending behaviour test cases for DENM profile
		* @see ETSI TS 103 096-2 V1.3.32 (2018-01) Clause 5.2.5 DENM profile

lib/LibItsSecurity_Pixits.ttcn

+1 −1

Original line number	Diff line number	Diff line
		@@ -66,7 +66,7 @@ module LibItsSecurity_Pixits {
		modulepar SecLatitude PX_WGSLATITUDE := 0;

		/**
		* @desc Indicate which canonical key shall be used (Nist-P256, BP-256 or BP-384)
		* @desc Indicate which canonical key shall be used (Nist-P256, Nist-P256, BP-256, Sm2-P256 or BP-384)
		*/
		modulepar SignAlgorithm PX_VE_ALG := e_nist_p256;

lib/LibItsSecurity_Templates.ttcn

+51 −6

Original line number	Diff line number	Diff line
		@@ -1073,6 +1073,18 @@ module LibItsSecurity_Templates {
		ecdsaNistP256Signature := p_ecdsaNistP256Signature
		} // End of template mw_signature_ecdsaNistP256

		template (value) Signature m_signature_ecsigSm2P256(
		in template (value) EcsigP256Signature p_ecsigP256Signature
		) := {
		sm2Signature := p_ecsigP256Signature
		} // End of template m_signature_ecsigSm2P256

		template (present) Signature mw_signature_ecsigSm2P256(
		template (present) EcsigP256Signature p_ecsigP256Signature := ?
		) := {
		sm2Signature := p_ecsigP256Signature
		} // End of template mw_signature_ecsigSm2P256

		template (value) Signature m_signature_ecdsaBrainpoolP256r1(
		in template (value) EcdsaP256Signature p_ecdsaBrainpoolP256r1Signature
		) := {
		@@ -1085,12 +1097,6 @@ module LibItsSecurity_Templates {
		ecdsaBrainpoolP256r1Signature := p_ecdsaBrainpoolP256r1Signature
		} // End of template m_signature_ecdsaBrainpoolP256r1

		template (value) Signature m_signature_ecdsaNistP384(
		in template (value) EcdsaP384Signature p_ecdsaNistP384Signature
		) := {
		ecdsaNistP384Signature := p_ecdsaNistP384Signature
		} // End of template m_signature_ecdsaNistP384

		template (value) Signature m_signature_ecdsaBrainpoolP384r1(
		in template (value) EcdsaP384Signature p_ecdsaBrainpoolP384r1Signature
		) := {
		@@ -1103,6 +1109,18 @@ module LibItsSecurity_Templates {
		ecdsaBrainpoolP384r1Signature := p_ecdsaBrainpoolP384r1Signature
		} // End of template mw_signature_ecdsaBrainpoolP384r1

		template (value) Signature m_signature_ecdsaNistP384(
		in template (value) EcdsaP384Signature p_ecdsaNistP384Signature
		) := {
		ecdsaNistP384Signature := p_ecdsaNistP384Signature
		} // End of template m_signature_ecdsaNistP384

		template (present) Signature mw_signature_ecdsaNistP384(
		template (present) EcdsaP384Signature p_ecdsaNistP384Signature := ?
		) := {
		ecdsaNistP384Signature := p_ecdsaNistP384Signature
		} // End of template mw_signature_ecdsaNistP384

		template (value) EcdsaP256Signature m_ecdsaP256Signature(
		in template (value) EccP256CurvePoint p_rSig,
		in template (value) Oct32 p_sSig
		@@ -1119,6 +1137,22 @@ module LibItsSecurity_Templates {
		sSig := p_sSig
		} // End of template mw_ecdsaP256Signature

		template (value) EcsigP256Signature m_ecsigSm2P256Signature(
		in template (value) Oct32 p_rSig,
		in template (value) Oct32 p_sSig
		) := {
		rSig := p_rSig,
		sSig := p_sSig
		} // End of template m_ecsigSm2P256Signature

		template (present) EcsigP256Signature mw_ecsigSm2P256Signature(
		template (present) Oct32 p_rSig := ?,
		template (present) Oct32 p_sSig := ?
		) := {
		rSig := p_rSig,
		sSig := p_sSig
		} // End of template mw_ecsigSm2P256Signature

		template (value) EcdsaP384Signature m_ecdsaP384Signature(
		in template (value) EccP384CurvePoint p_rSig,
		in template (value) Oct48 p_sSig
		@@ -1750,6 +1784,17 @@ module LibItsSecurity_Templates {
		ecdsaBrainpoolP384r1 := p_ecdsaBrainpoolP384r1
		} // End of template mw_publicVerificationKey_ecdsaBrainpoolP384r1

		template (value) PublicVerificationKey m_publicVerificationKey_ecdsaNistP384(
		in template (value) EccP384CurvePoint p_ecdsaNistP384
		) := {
		ecdsaNistP384 := p_ecdsaNistP384
		} // End of template m_publicVerificationKey_ecdsaNistP384

		template (present) PublicVerificationKey mw_publicVerificationKey_ecdsaNistP384(
		template (present) EccP384CurvePoint p_ecdsaNistP384 := ?
		) := {
		ecdsaNistP384 := p_ecdsaNistP384
		} // End of template mw_publicVerificationKey_ecdsaNistP384
		} // End of group verificationKeys

		group encryptionKey {

lib/LibItsSecurity_TypesAndValues.ttcn

+31 −25

File changed.

Preview size limit exceeded, changes collapsed.

lib_system/LibItsSecurity_Functions.ttcn

+393 −60

File changed.

Preview size limit exceeded, changes collapsed.

Admin message