diff --git a/LibOneM2M/OneM2M_Pics.ttcn b/LibOneM2M/OneM2M_Pics.ttcn
index ddde51f09735477fe5fd97c0f8270fe723b27fcc..25df247b325a658e96e0d94d994e669b17ef42e4 100644
--- a/LibOneM2M/OneM2M_Pics.ttcn
+++ b/LibOneM2M/OneM2M_Pics.ttcn
@@ -31,10 +31,10 @@ module OneM2M_Pics {
/**
* @desc End-to-End Certificate-based Key Establishment Procedure support
- * @see oneM2M TS-0003
+ * @see oneM2M TS-0003 Clause 8.2.2.2
*/
modulepar boolean PICS_ESC_SUPPORT := true;
-
+
/**
* @desc Dynamic Authorization resource support
* @see oneM2M TS-0017 A.5.6.53
diff --git a/OneM2M_Testcases_CSE_Release_4.ttcn b/OneM2M_Testcases_CSE_Release_4.ttcn
index aa72a793aefb732e8a7f5135d7828f6139dcfe17..7581152c305032444da83292a7d60cc2c568a548 100644
--- a/OneM2M_Testcases_CSE_Release_4.ttcn
+++ b/OneM2M_Testcases_CSE_Release_4.ttcn
@@ -1,14 +1,14 @@
/**
- * Copyright Notification
- * No part of this document may be reproduced, in an electronic retrieval system or otherwise, except as authorized by written permission.
- * The copyright and the foregoing restriction extend to reproduction in all media.
- * © 2016, oneM2M Partners Type 1 (ARIB, ATIS, CCSA, ETSI, TIA, TSDSI, TTA, TTC).
- * All rights reserved.
- *
- * @author ETSI
- * @version $URL: https://oldforge.etsi.org/svn/oneM2M/branches/Release1/ttcn/OneM2M_Testcases.ttcn $
- * $Id: OneM2M_Testcases.ttcn 347 2017-08-11 08:48:20Z reinaortega $
- * @desc Module containing test cases for oneM2M
+ * Copyright Notification
+ * No part of this document may be reproduced, in an electronic retrieval system or otherwise, except as authorized by written permission.
+ * The copyright and the foregoing restriction extend to reproduction in all media.
+ * © 2016, oneM2M Partners Type 1 (ARIB, ATIS, CCSA, ETSI, TIA, TSDSI, TTA, TTC).
+ * All rights reserved.
+ *
+ * @author ETSI
+ * @version $URL: https://oldforge.etsi.org/svn/oneM2M/branches/Release1/ttcn/OneM2M_Testcases.ttcn $
+ * $Id: OneM2M_Testcases.ttcn 347 2017-08-11 08:48:20Z reinaortega $
+ * @desc Module containing test cases for oneM2M
*
*/
module OneM2M_Testcases_CSE_Release_4 {
@@ -36,12 +36,12 @@ module OneM2M_Testcases_CSE_Release_4 {
var RequestPrimitive v_request;
map(self:mcaPort, system:mcaPort) param (PX_TS_AE1.mcaPort);
- for (i:=0; i<lengthof(PX_RESOURCES_TO_BE_DELETED); i:= i+1) {
+ for (i:=0; i<lengthof(PX_RESOURCES_TO_BE_DELETED); i:= i+1) {
v_resourceAddress := f_getResourceAddress() & "/" & PX_RESOURCES_TO_BE_DELETED[i];
v_request := valueof(m_delete(v_resourceAddress, PX_SUPER_AE_ID));
-
+
f_send(e_mcaPort, m_request(v_request));
t_ac.start;
@@ -97,7 +97,7 @@ module OneM2M_Testcases_CSE_Release_4 {
group Registration {
-
+
}//end Registration
group Data_Management_and_Repository {
@@ -384,7 +384,7 @@ module OneM2M_Testcases_CSE_Release_4 {
group Update {
group g_CSE_DMR_UPD_015{
-
+
/**
* @desc Check that the IUT updates successfully the value of the optional attribute OPTIONAL_ATTRIBUTE of the RESOURCE_TYPE resource under CSEBase
*/
@@ -415,10 +415,10 @@ module OneM2M_Testcases_CSE_Release_4 {
v_primitiveContentRetrieveResource := f_getPrimitiveContentRetrievedResource(v_ae1);
//Check that the resource has been udpated correctly
- if(ischosen(v_primitiveContentRetrieveResource.node)) {
- if(v_primitiveContentRetrieveResource.node.labels != v_labels){
+ if(ischosen(v_primitiveContentRetrieveResource.node)) {
+ if(v_primitiveContentRetrieveResource.node.labels != v_labels){
setverdict(fail, __SCOPE__ & ": Error: Labels attribute not updated correctly")
- }
+ }
}
}
}
@@ -452,10 +452,10 @@ module OneM2M_Testcases_CSE_Release_4 {
v_primitiveContentRetrieveResource := f_getPrimitiveContentRetrievedResource(v_ae1);
//Check that the resource has been udpated correctly
- if(ischosen(v_primitiveContentRetrieveResource.node)) {
- if(v_primitiveContentRetrieveResource.node.accessControlPolicyIDs != valueof(v_updateRequestPrimitive.primitiveContent.node.accessControlPolicyIDs)){
+ if(ischosen(v_primitiveContentRetrieveResource.node)) {
+ if(v_primitiveContentRetrieveResource.node.accessControlPolicyIDs != valueof(v_updateRequestPrimitive.primitiveContent.node.accessControlPolicyIDs)){
setverdict(fail, __SCOPE__ & ": Error: Access Control Policy attribute not updated correctly")
- }
+ }
}
}
}
@@ -466,9 +466,9 @@ module OneM2M_Testcases_CSE_Release_4 {
}
} // end group g_CSE_DMR_UPD_015
-
+
group g_CSE_DMR_UPD_016 {
-
+
/**
* @desc Check that the IUT updates successfully the value of the attribute MANDATORY_ATTRIBUTE of the RESOURCE_TYPE resource under CSEBase
*/
@@ -498,12 +498,12 @@ module OneM2M_Testcases_CSE_Release_4 {
}
v_primitiveContentRetrieveResource := f_getPrimitiveContentRetrievedResource(v_ae1);
- //Check that the resource has been udpated correctly
- if(ischosen(v_primitiveContentRetrieveResource.node)) {
+ //Check that the resource has been udpated correctly
+ if(ischosen(v_primitiveContentRetrieveResource.node)) {
if(v_primitiveContentRetrieveResource.node.expirationTime != v_expirationTime){
- setverdict(fail, __SCOPE__ & ": Error: Expiration time attribute not updated correctly")
+ setverdict(fail, __SCOPE__ & ": Error: Expiration time attribute not updated correctly")
+ }
}
- }
}
}
@@ -535,9 +535,9 @@ module OneM2M_Testcases_CSE_Release_4 {
//Check that the resource has been udpated correctly
if(ischosen(v_primitiveContentRetrieveResource.node)) {
- if(v_primitiveContentRetrieveResource.node.nodeID != v_targetId){
+ if(v_primitiveContentRetrieveResource.node.nodeID != v_targetId){
setverdict(fail, __SCOPE__ & ": Error: NodeID attribute not updated correctly")
- }
+ }
}
}
}
@@ -575,67 +575,394 @@ module OneM2M_Testcases_CSE_Release_4 {
group Security {
- group ESPrim {
+ group authentication {
- group Notify{
-
-
- }//end group Notify
-
- }//end group ESPrim
-
- group Role_Based_Access_Control {
+ group ESPrim {
+
+ group Notify{
+
+
+ }//end group Notify
+
+ }//end group ESPrim
- group Create{
+ group Role_Based_Access_Control { // TODO To be moved to authorization group
+
+ group Create{
+
+ }//end group Create
+
+ group Retrieve {
- }//end group Create
-
- group Retrieve {
+ }// end of group Retrieve
- }// end of group Retrieve
-
- group Update {
+ group Update {
+
+ }//end group Update
- }//end group Update
-
- group Notify {
-
- }//end group Notify
-
- }//end group Role_Based_Access_Control
+ group Notify {
- group ESCertKE {
-
- group Notify {
-
- }// end of group Notify
-
- }// end of group ESCertKE
+ }//end group Notify
+
+ }//end group Role_Based_Access_Control
+
+ group ESCertKE {
+
+ group Notify {
- group Access_Control_Policy {
-
- }//end group AccessControlPolicy
-
- group Impersonation_Prevention {
+ }// end of group Notify
+
+ }// end of group ESCertKE
+
+ group Access_Control_Policy { // TODO To be moved to authorization group
+
+ }//end group AccessControlPolicy
- }//end group Impersonation_Prevention
+ } // End of group authentication
- group Dynamic_Authorization {
+ group authorization {
- }//end group Dynamic_Authorization
+ group Impersonation_Prevention {
+
+ group Create {
- group Indirect_Dynamic_Authorization {
-
- }//end group Indirect_Dynamic_Authorization
+ /**
+ * @desc Check that the IUT processes properly AE Impersonation attacks
+ */
+ testcase TC_CSE_SEC_IP_CRE_001() runs on Tester system CseSystem {
+
+ var AeSimu v_ae1 := AeSimu.create("AE1") alive;
+
+ v_ae1.start(f_CSE_SEC_IP_CRE_001());
+
+ v_ae1.done;
+
+ }
+
+ function f_CSE_SEC_IP_CRE_001() runs on AeSimu system CseSystem {
+ // Local variables
+ var integer v_aeIndex := -1;
+ var integer v_acpIndex := -1;
+ var integer v_groupIndex := -1;
+ var XSD.ID v_ae1ResourceId;
+ var template RequestPrimitive v_groupRequest := m_createGroup(1, -, omit, int2, -, -, -);
+ var template RequestPrimitive v_createRequest := valueof(m_createAcpBase);
+
+ // Test control
+ if (not PICS_ESC_SUPPORT) {
+ setverdict(inconc, __SCOPE__ & ": End-to-End Certificate-based Key Establishment Procedure support is required to run this test case");
+ stop;
+ }
+
+ // Test component configuration
+ f_cf03Up();
+
+ // Test adapter configuration
+
+ // Preamble
+ // FIXME Security association establishment may be performed using AE1, E.g. TLS using AE1_ID
+
+ v_aeIndex := f_cse_preamble_registerAe(-, -);
+
+ vc_ae1.start(f_cse_createResource(int2, m_createAe(PX_TS_AE1.appId, -, PX_TS_AE1.aeIdStem, c_defaultAe1ResourceName, omit), -1)); // AE1 is registred
+ f_aeSimu_checkComponentDoneAndGetVerdict(vc_ae1);
+
+ v_ae1ResourceId := f_getLatestResourceAddress(vc_ae1, e_nonHierarchical, e_cseRelative);
+
+ v_groupRequest.primitiveContent.group_.memberIDs := {v_ae1ResourceId};
+
+ v_groupIndex := f_cse_createResource(int9, v_groupRequest, v_aeIndex);
+
+ v_createRequest := m_createAcp(-, {f_getResourceId(vc_resourcesList[v_groupIndex].resource)} , -);
+
+ // Test Body
+ v_createRequest := f_getCreateRequestPrimitive(int1, v_createRequest, v_aeIndex);
+ // Alter the 'From' field using AE identifier different that AE1_ID
+ v_createRequest.from_ := PX_TS_AE2.appId;
+
+ f_send(e_mcaPort, m_request(valueof(v_createRequest)));
+ tc_ac.start;
+ alt {
+ [] mcaPort.receive(mw_response(mw_responsePrimitive(int4106))) -> value vc_response {
+ tc_ac.stop;
+ setverdict(pass, __SCOPE__ & ": AE impersonation attack detected");
+ }
+ [] mcaPort.receive(mw_response) -> value vc_response {
+ tc_ac.stop;
+ setverdict(fail, __SCOPE__ & ": Wrong response status code");
+ }
+ [] tc_ac.timeout {
+ setverdict(fail, __SCOPE__ & ": No answer while creating resource");
+ }
+ }
+
+ //Postamble
+ f_cse_postamble_deleteResources();
+
+ //Tear down
+ f_cf03Down();
+
+ }//end TC_CSE_SEC_IP_CRE_001
+
+ }// end of group Create
+
+ group Retrieve {
- group Json_Web_Token {
-
- }//end group Json_Web_Token
+ /**
+ * @desc Check that the IUT processes properly AE Impersonation attacks
+ */
+ testcase TC_CSE_SEC_IP_RET_001() runs on Tester system CseSystem {
+
+ var AeSimu v_ae1 := AeSimu.create("AE1") alive;
+
+ v_ae1.start(f_CSE_SEC_IP_RET_001());
+
+ v_ae1.done;
+
+ }
+
+ function f_CSE_SEC_IP_RET_001() runs on AeSimu system CseSystem {
+ // Local variables
+ var integer v_aeIndex := -1;
+ var integer v_acpIndex := -1;
+ var integer v_groupIndex := -1;
+ var XSD.ID v_parentIndex;
+ var XSD.ID v_resourceIndex;
+ var template RequestPrimitive v_request := valueof(m_retrieve);
+
+ // Test control
+ if (not PICS_ESC_SUPPORT) {
+ setverdict(inconc, __SCOPE__ & ": End-to-End Certificate-based Key Establishment Procedure support is required to run this test case");
+ stop;
+ }
+
+ // Test component configuration
+ f_cf03Up();
+
+ // Test adapter configuration
+
+ // Preamble
+ // FIXME Security association establishment may be performed using AE1, E.g. TLS using AE1_ID
+
+ f_cse_createAccessControlPolicyAux();
+
+ v_aeIndex := f_cse_createResource_withAcpAux(int2, m_createAe(vc_aeSimuDesc.appId, -, vc_aeSimuDesc.aeIdStem, c_defaultAe1ResourceName, {f_getCompletePoA(vc_aeSimuDesc.mcaPortIn, "")}), -1); // AE1 is registred
+
+ v_parentIndex := f_cse_createResource(int3, m_createContainerBase, v_aeIndex);
+
+ v_resourceIndex := f_cse_createResource(int4, m_createContainerBase, v_parentIndex);
+
+ // Test Body
+ v_request := m_retrieve(f_getResourceAddress(v_resourceIndex), f_getOriginator(v_resourceIndex));
+ // Alter the 'From' field using AE identifier different that AE1_ID
+ v_request.from_ := PX_TS_AE2.appId;
+
+ f_send(e_mcaPort, m_request(valueof(v_request)));
+ tc_ac.start;
+ alt {
+ [] mcaPort.receive(mw_response(mw_responsePrimitive(int4106))) -> value vc_response {
+ tc_ac.stop;
+ setverdict(pass, __SCOPE__ & ": AE impersonation attack detected");
+ }
+ [] mcaPort.receive(mw_response) -> value vc_response {
+ tc_ac.stop;
+ setverdict(fail, __SCOPE__ & ": Wrong response status code");
+ }
+ [] tc_ac.timeout {
+ setverdict(fail, __SCOPE__ & ": No answer while creating resource");
+ }
+ }
+
+ //Postamble
+ f_cse_postamble_deleteResources();
+
+ //Tear down
+ f_cf03Down();
+
+ }//end TC_CSE_SEC_IP_RET_001
+
+ }// end of group Retrieve
+
+ group Update {
- group Distributed_Authorization {
-
- }//end group Distributed_Authorization
+ /**
+ * @desc Check that the IUT processes properly AE Impersonation attacks
+ */
+ testcase TC_CSE_SEC_IP_UPD_001() runs on Tester system CseSystem {
+
+ var AeSimu v_ae1 := AeSimu.create("AE1") alive;
+
+ v_ae1.start(f_CSE_SEC_IP_UPD_001());
+
+ v_ae1.done;
+
+ }
+
+ function f_CSE_SEC_IP_UPD_001() runs on AeSimu system CseSystem {
+ // Local variables
+ var integer v_aeIndex := -1;
+ var integer v_acpIndex := -1;
+ var integer v_groupIndex := -1;
+ var XSD.ID v_parentIndex;
+ var XSD.ID v_resourceIndex;
+ var template RequestPrimitive v_update := valueof(m_update);
+
+ // Test control
+ if (not PICS_ESC_SUPPORT) {
+ setverdict(inconc, __SCOPE__ & ": End-to-End Certificate-based Key Establishment Procedure support is required to run this test case");
+ stop;
+ }
+
+ // Test component configuration
+ f_cf03Up();
+
+ // Test adapter configuration
+
+ // Preamble
+ // FIXME Security association establishment may be performed using AE1, E.g. TLS using AE1_ID
+
+ f_cse_createAccessControlPolicyAux();
+
+ v_aeIndex := f_cse_createResource_withAcpAux(int2, m_createAe(vc_aeSimuDesc.appId, -, vc_aeSimuDesc.aeIdStem, c_defaultAe1ResourceName, {f_getCompletePoA(vc_aeSimuDesc.mcaPortIn, "")}), -1); // AE1 is registred
+
+ v_parentIndex := f_cse_createResource(int3, m_createContainerBase, v_aeIndex);
+
+ v_resourceIndex := f_cse_createResource(int4, m_createContainerBase, v_parentIndex);
+
+ // Test Body
+ v_update := m_update(f_getResourceAddress(v_resourceIndex), f_getOriginator(v_resourceIndex));
+ // Alter the 'From' field using AE identifier different that AE1_ID
+ v_update.from_ := PX_TS_AE2.appId;
+
+ f_send(e_mcaPort, m_request(valueof(v_update)));
+ tc_ac.start;
+ alt {
+ [] mcaPort.receive(mw_response(mw_responsePrimitive(int4106))) -> value vc_response {
+ tc_ac.stop;
+ setverdict(pass, __SCOPE__ & ": AE impersonation attack detected");
+ }
+ [] mcaPort.receive(mw_response) -> value vc_response {
+ tc_ac.stop;
+ setverdict(fail, __SCOPE__ & ": Wrong response status code");
+ }
+ [] tc_ac.timeout {
+ setverdict(fail, __SCOPE__ & ": No answer while creating resource");
+ }
+ }
+
+ //Postamble
+ f_cse_postamble_deleteResources();
+
+ //Tear down
+ f_cf03Down();
+
+ }//end TC_CSE_SEC_IP_UPD_001
+
+ }// end of group Update
+
+ group Delete {
+ /**
+ * @desc Check that the IUT processes properly AE Impersonation attacks
+ */
+ testcase TC_CSE_SEC_IP_DEL_001() runs on Tester system CseSystem {
+
+ var AeSimu v_ae1 := AeSimu.create("AE1") alive;
+
+ v_ae1.start(f_CSE_SEC_IP_DEL_001());
+
+ v_ae1.done;
+
+ }
+
+ function f_CSE_SEC_IP_DEL_001() runs on AeSimu system CseSystem {
+ // Local variables
+ var integer v_aeIndex := -1;
+ var XSD.ID v_parentIndex;
+ var XSD.ID v_resourceIndex;
+ var template RequestPrimitive v_delete := valueof(m_delete);
+
+ // Test control
+ if (not PICS_ESC_SUPPORT) {
+ setverdict(inconc, __SCOPE__ & ": End-to-End Certificate-based Key Establishment Procedure support is required to run this test case");
+ stop;
+ }
+
+ // Test component configuration
+ f_cf03Up();
+
+ // Test adapter configuration
+
+ // Preamble
+ // FIXME Security association establishment may be performed using AE1, E.g. TLS using AE1_ID
+
+ f_cse_createAccessControlPolicyAux();
+
+ v_aeIndex := f_cse_createResource_withAcpAux(int2, m_createAe(vc_aeSimuDesc.appId, -, vc_aeSimuDesc.aeIdStem, c_defaultAe1ResourceName, {f_getCompletePoA(vc_aeSimuDesc.mcaPortIn, "")}), -1); // AE1 is registred
+
+ v_parentIndex := f_cse_createResource(int3, m_createContainerBase, v_aeIndex);
+
+ v_resourceIndex := f_cse_createResource(int4, m_createContainerBase, v_parentIndex);
+
+ // Test Body
+ v_delete := m_delete(f_getResourceAddress(v_resourceIndex), f_getOriginator(v_resourceIndex));
+ // Alter the 'From' field using AE identifier different that AE1_ID
+ v_delete.from_ := PX_TS_AE2.appId;
+
+ f_send(e_mcaPort, m_request(valueof(v_delete)));
+ tc_ac.start;
+ alt {
+ [] mcaPort.receive(mw_response(mw_responsePrimitive(int4106))) -> value vc_response {
+ tc_ac.stop;
+ setverdict(pass, __SCOPE__ & ": AE impersonation attack detected");
+ }
+ [] mcaPort.receive(mw_response) -> value vc_response {
+ tc_ac.stop;
+ setverdict(fail, __SCOPE__ & ": Wrong response status code");
+ }
+ [] tc_ac.timeout {
+ setverdict(fail, __SCOPE__ & ": No answer while creating resource");
+ }
+ }
+
+ //Postamble
+ f_cse_postamble_deleteResources();
+
+ //Tear down
+ f_cf03Down();
+
+ }//end TC_CSE_SEC_IP_DEL_001
+
+ }// end of group Delete
+
+ }//end group Impersonation_Prevention
+
+ group Dynamic_Authorization {
+
+ group Direct_Dynamic_Authorization {
+
+ }//end group DirectDynamic_Authorization
+
+ group Indirect_Dynamic_Authorization {
+
+ }//end group IndirectDynamic_Authorization
+
+ }//end group Dynamic_Authorization
+
+ group Indirect_Dynamic_Authorization {
+
+ }//end group Indirect_Dynamic_Authorization
+
+ group Json_Web_Token {
+
+ }//end group Json_Web_Token
+
+ group Distributed_Authorization {
+
+ }//end group Distributed_Authorization
+
+ } // End of group authorization
+
}//end group Security
group Device_Management {