From c5b07ef395eb608fd2cc2a33f8a9819e8e8823c5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Est=C3=A9vez?= Date: Fri, 26 Jan 2024 11:25:00 +0100 Subject: [PATCH] add descriptions to run_test_vectors.sh This adds a description of what should happen when each test vector is run. --- utils/run_test_vectors.sh | 174 +++++++++++++++++++++++++++++++++++++- 1 file changed, 172 insertions(+), 2 deletions(-) diff --git a/utils/run_test_vectors.sh b/utils/run_test_vectors.sh index 842856d..920fcd4 100755 --- a/utils/run_test_vectors.sh +++ b/utils/run_test_vectors.sh @@ -30,7 +30,13 @@ SEC1_TO_PEM=$GALILEO_OSNMA_DIR/utils/sec1_to_pem.py PUBKEY=/tmp/pubkey.pem +echo "" echo "Test vector: Configuration 1" +echo "----------------------------" +echo "" +echo "There should be no errors in this test, and there should be successful " +echo "authentications of navigation data." +echo "" openssl x509 \ -in "${TEST_VECTOR_DIR}/cryptographic_material/Merkle_tree_1/PublicKey/OSNMA_PublicKey_20230803105952_newPKID_1.crt" \ @@ -41,7 +47,13 @@ MERKLE="$($GET_MERKLE ${TEST_VECTOR_DIR}/cryptographic_material/Merkle_tree_1/Me $CONVERT "${TEST_VECTOR_DIR}/osnma_test_vectors/configuration_1/16_AUG_2023_GST_05_00_01.csv" | \ $GALMON_OSNMA --pubkey $PUBKEY --pkid $PKID --merkle-root $MERKLE || true +echo "" echo "Test vector: Configuration 2" +echo "----------------------------" +echo "" +echo "There should be no errors in this test, and there should be successful" +echo "authentications of navigation data." +echo "" openssl x509 \ -in "${TEST_VECTOR_DIR}/cryptographic_material/Merkle_tree_2/PublicKey/OSNMA_PublicKey_20230720113300_newPKID_2.crt" \ @@ -52,7 +64,16 @@ MERKLE="$($GET_MERKLE ${TEST_VECTOR_DIR}/cryptographic_material/Merkle_tree_2/Me $CONVERT "${TEST_VECTOR_DIR}/osnma_test_vectors/configuration_2/27_JUL_2023_GST_00_00_01.csv" | \ $GALMON_OSNMA --pubkey $PUBKEY --pkid $PKID --merkle-root $MERKLE || true +echo "" echo "Test vector: Chain Renewal (all steps chained)" +echo "----------------------------------------------" +echo "" +echo "Some TESLA key validation errors are expected in step 2. These happen because" +echo "in the subframe when the chain change happens, the MACKs for some satellites are" +echo "completed and processed before the DSM is completed by collecting DSM blocks" +echo "from multiple satellites in that subframe. Obtaining the DSM-KROOT is required" +echo "to validate the new CID." +echo "" openssl x509 \ -in "${TEST_VECTOR_DIR}/cryptographic_material/Merkle_tree_2/PublicKey/OSNMA_PublicKey_20231007041500_PKID_7.crt" \ @@ -65,18 +86,36 @@ PKID=7 $CONVERT "${TEST_VECTOR_DIR}/osnma_test_vectors/eoc_step2/06_OCT_2023_GST_18_30_01.csv" ; } | \ $GALMON_OSNMA --pubkey $PUBKEY --pkid $PKID --merkle-root $MERKLE || true - +echo "" echo "Test vector: Chain Renewal (step 1 only)" +echo "----------------------------------------" +echo "" +echo "No errors are expected in this test." +echo "" $CONVERT "${TEST_VECTOR_DIR}/osnma_test_vectors/eoc_step1/06_OCT_2023_GST_16_45_01.csv" | \ $GALMON_OSNMA --pubkey $PUBKEY --pkid $PKID --merkle-root $MERKLE || true +echo "" echo "Test vector: Chain Renewal (step 2 only)" +echo "----------------------------------------" +echo "" +echo "Some TESLA key validation errors are expected in this step. These happen because" +echo "in the subframe when the chain change happens, the MACKs for some satellites are" +echo "completed and processed before the DSM is completed by collecting DSM blocks" +echo "from multiple satellites in that subframe. Obtaining the DSM-KROOT is required" +echo "to validate the new CID." +echo "" $CONVERT "${TEST_VECTOR_DIR}/osnma_test_vectors/eoc_step2/06_OCT_2023_GST_18_30_01.csv" | \ $GALMON_OSNMA --pubkey $PUBKEY --pkid $PKID --merkle-root $MERKLE || true +echo "" echo "Test vector: Chain Revocation (all steps chained)" +echo "-------------------------------------------------" +echo "" +echo "No errors are expected in this test." +echo "" { echo "Step 1" >&2 ; \ $CONVERT "${TEST_VECTOR_DIR}/osnma_test_vectors/crev_step1/06_OCT_2023_GST_21_45_01.csv" ; \ @@ -86,22 +125,41 @@ echo "Test vector: Chain Revocation (all steps chained)" $CONVERT "${TEST_VECTOR_DIR}/osnma_test_vectors/crev_step3/07_OCT_2023_GST_00_30_01.csv" ; } | \ $GALMON_OSNMA --pubkey $PUBKEY --pkid $PKID --merkle-root $MERKLE || true +echo "" echo "Test vector: Chain Revocation (step 1 only)" +echo "-------------------------------------------" +echo "" +echo "No errors are expected in this test." +echo "" $CONVERT "${TEST_VECTOR_DIR}/osnma_test_vectors/crev_step1/06_OCT_2023_GST_21_45_01.csv" | \ $GALMON_OSNMA --pubkey $PUBKEY --pkid $PKID --merkle-root $MERKLE || true +echo "" echo "Test vector: Chain Revocation (step 2 only)" +echo "-------------------------------------------" +echo "" +echo "No errors are expected in this test." +echo "" $CONVERT "${TEST_VECTOR_DIR}/osnma_test_vectors/crev_step2/06_OCT_2023_GST_23_30_01.csv" | \ $GALMON_OSNMA --pubkey $PUBKEY --pkid $PKID --merkle-root $MERKLE || true +echo "" echo "Test vector: Chain Revocation (step 3 only)" +echo "-------------------------------------------" +echo "" +echo "No errors are expected in this step." +echo "" $CONVERT "${TEST_VECTOR_DIR}/osnma_test_vectors/crev_step3/07_OCT_2023_GST_00_30_01.csv" | \ $GALMON_OSNMA --pubkey $PUBKEY --pkid $PKID --merkle-root $MERKLE || true +echo "" echo "Test vector: Public Key Renewal (all steps chained)" +echo "---------------------------------------------------" +echo "No errors should happen in this test." +echo "" { echo "Step 1" >&2 ; \ $CONVERT "${TEST_VECTOR_DIR}/osnma_test_vectors/npk_step1/07_OCT_2023_GST_02_45_01.csv" ; \ @@ -111,22 +169,38 @@ echo "Test vector: Public Key Renewal (all steps chained)" $CONVERT "${TEST_VECTOR_DIR}/osnma_test_vectors/npk_step3/07_OCT_2023_GST_04_45_01.csv" ; } | \ $GALMON_OSNMA --pubkey $PUBKEY --pkid $PKID --merkle-root $MERKLE || true +echo "" echo "Test vector: Public Key Renewal (step 1 only)" +echo "---------------------------------------------" +echo "No errors should happen in this test." +echo "" $CONVERT "${TEST_VECTOR_DIR}/osnma_test_vectors/npk_step1/07_OCT_2023_GST_02_45_01.csv" | \ $GALMON_OSNMA --pubkey $PUBKEY --pkid $PKID --merkle-root $MERKLE || true +echo "" echo "Test vector: Public Key Renewal (step 2 only)" +echo "---------------------------------------------" +echo "No errors should happen in this test." +echo "" $CONVERT "${TEST_VECTOR_DIR}/osnma_test_vectors/npk_step2/07_OCT_2023_GST_03_45_01.csv" | \ $GALMON_OSNMA --pubkey $PUBKEY --pkid $PKID --merkle-root $MERKLE || true +echo "" echo "Test vector: Public Key Renewal (step 3 only, starting with PKID 7)" +echo "-------------------------------------------------------------------" +echo "No errors should happen in this test." +echo "" $CONVERT "${TEST_VECTOR_DIR}/osnma_test_vectors/npk_step3/07_OCT_2023_GST_04_45_01.csv" | \ $GALMON_OSNMA --pubkey $PUBKEY --pkid $PKID --merkle-root $MERKLE || true +echo "" echo "Test vector: Public Key Renewal (step 3 only, starting with PKID 8)" +echo "-------------------------------------------------------------------" +echo "No errors should happen in this test." +echo "" openssl x509 \ -in "${TEST_VECTOR_DIR}/cryptographic_material/Merkle_tree_2/PublicKey/OSNMA_PublicKey_20231007081500_PKID_8.crt" \ @@ -136,7 +210,12 @@ PKID=8 $CONVERT "${TEST_VECTOR_DIR}/osnma_test_vectors/npk_step3/07_OCT_2023_GST_04_45_01.csv" | \ $GALMON_OSNMA --pubkey $PUBKEY --pkid $PKID --merkle-root $MERKLE || true +echo "" echo "Test vector: Public Key Revocation (all steps chained)" +echo "------------------------------------------------------" +echo "" +echo "No errors are expected in this test." +echo "" { echo "Step 1" >&2 ; \ $CONVERT "${TEST_VECTOR_DIR}/osnma_test_vectors/pkrev_step1/07_OCT_2023_GST_07_45_01.csv" ; \ @@ -146,22 +225,42 @@ echo "Test vector: Public Key Revocation (all steps chained)" $CONVERT "${TEST_VECTOR_DIR}/osnma_test_vectors/pkrev_step3/07_OCT_2023_GST_10_30_01.csv" ; } | \ $GALMON_OSNMA --pubkey $PUBKEY --pkid $PKID --merkle-root $MERKLE || true +echo "" echo "Test vector: Public Key Revocation (step 1 only)" +echo "------------------------------------------------" +echo "" +echo "No errors are expected in this test." +echo "" $CONVERT "${TEST_VECTOR_DIR}/osnma_test_vectors/pkrev_step1/07_OCT_2023_GST_07_45_01.csv" | \ $GALMON_OSNMA --pubkey $PUBKEY --pkid $PKID --merkle-root $MERKLE || true +echo "" echo "Test vector: Public Key Revocation (step 2 only)" +echo "------------------------------------------------" +echo "" +echo "No errors are expected in this test." +echo "" $CONVERT "${TEST_VECTOR_DIR}/osnma_test_vectors/pkrev_step2/07_OCT_2023_GST_09_30_01.csv" | \ $GALMON_OSNMA --pubkey $PUBKEY --pkid $PKID --merkle-root $MERKLE || true +echo "" echo "Test vector: Public Key Revocation (step 3 only, starting with PKID 8)" +echo "----------------------------------------------------------------------" +echo "" +echo "No errors are expected in this test." +echo "" $CONVERT "${TEST_VECTOR_DIR}/osnma_test_vectors/pkrev_step3/07_OCT_2023_GST_10_30_01.csv" | \ $GALMON_OSNMA --pubkey $PUBKEY --pkid $PKID --merkle-root $MERKLE || true +echo "" echo "Test vector: Public Key Revocation (step 3 only, starting with PKID 9)" +echo "----------------------------------------------------------------------" +echo "" +echo "No errors are expected in this test." +echo "" PUBKEY_P521="$($GET_PUBKEY ${TEST_VECTOR_DIR}/cryptographic_material/Merkle_tree_2/PublicKey/OSNMA_PublicKey_20231007141500_PKID_9.xml)" PKID=9 @@ -169,7 +268,18 @@ PKID=9 $CONVERT "${TEST_VECTOR_DIR}/osnma_test_vectors/pkrev_step3/07_OCT_2023_GST_10_30_01.csv" | \ $GALMON_OSNMA --pubkey-p521 $PUBKEY_P521 --pkid $PKID --merkle-root $MERKLE || true -echo "Test vector: New Merkle Tree (all steps chained)" +echo "" +echo "Test vector: New Merkle Tree (all steps chained, starting with Merkle tree 2 and PKID 9)" +echo "----------------------------------------------------------------------------------------" +echo "" +echo "After the CPKS changes to New Merkle Tree, public key verification errors" +echo "will appear, because the DSM-PKR now refers to a Merkle tree different from" +echo "the one that is loaded into the receiver. Additionally, DSM-KROOT verification". +echo "errors will appear in after Step 2 begins, since the DSM-KROOT starts to be" +echo "signed with the key from the new Merkle tree. However, navigation data authentication" +echo "should continue successfully throughout the test, since the TESLA chain is not" +echo "changed." +echo "" { echo "Step 1" >&2 ; \ $CONVERT "${TEST_VECTOR_DIR}/osnma_test_vectors/nmt_step1/07_OCT_2023_GST_12_45_01.csv" ; \ @@ -179,22 +289,55 @@ echo "Test vector: New Merkle Tree (all steps chained)" $CONVERT "${TEST_VECTOR_DIR}/osnma_test_vectors/nmt_step3/07_OCT_2023_GST_14_45_01.csv" ; } | \ $GALMON_OSNMA --pubkey-p521 $PUBKEY_P521 --pkid $PKID --merkle-root $MERKLE || true +echo "" echo "Test vector: New Merkle Tree (step 1 only)" +echo "------------------------------------------" +echo "" +echo "After the CPKS changes to New Merkle Tree, public key verification errors" +echo "will appear, because the DSM-PKR now refers to a Merkle tree different from" +echo "the one that is loaded into the receiver." +echo "" $CONVERT "${TEST_VECTOR_DIR}/osnma_test_vectors/nmt_step1/07_OCT_2023_GST_12_45_01.csv" | \ $GALMON_OSNMA --pubkey-p521 $PUBKEY_P521 --pkid $PKID --merkle-root $MERKLE || true +echo "" echo "Test vector: New Merkle Tree (step 2 only, starting with Merkle tree 2 and PKID 9)" +echo "----------------------------------------------------------------------------------" +echo "" +echo "In this test there will be errors regarding public key verification and KROOT" +echo "verification, since both use a Merkle tree which is different from the one" +echo "loaded in the receiver. However, navigation data authentication should continue" +echo "successfully throughout the test, since some of the DSM-KROOTs are signed with" +echo "the key from the old Merkle tree and the TESLA chain is not changed." +echo "" $CONVERT "${TEST_VECTOR_DIR}/osnma_test_vectors/nmt_step2/07_OCT_2023_GST_13_45_01.csv" | \ $GALMON_OSNMA --pubkey-p521 $PUBKEY_P521 --pkid $PKID --merkle-root $MERKLE || true +echo "" echo "Test vector: New Merkle Tree (step 3 only, starting with Merkle tree 2 and PKID 9)" +echo "----------------------------------------------------------------------------------" +echo "" +echo "In this test there will be errors regarding public key verification and KROOT" +echo "verification, since both use a Merkle tree which is different from the one" +echo "loaded in the receiver. Additionally, no navigation data authentication should" +echo "happen, since all the DSM-KROOTs transmitted in this step are signed with the" +echo "key from the new Merkle tree". +echo "" $CONVERT "${TEST_VECTOR_DIR}/osnma_test_vectors/nmt_step3/07_OCT_2023_GST_14_45_01.csv" | \ $GALMON_OSNMA --pubkey-p521 $PUBKEY_P521 --pkid $PKID --merkle-root $MERKLE || true +echo "" echo "Test vector: New Merkle Tree (step 2 only, starting with Merkle tree 3 and PKID 1)" +echo "----------------------------------------------------------------------------------" +echo "" +echo "In this test there will be some errors regarding KROOT verification, since some" +echo "of the DSM-KROOTs are signed with the public key from the old Merkle tree." +echo "Navigation data authentication should be successful, since there are also DSM-KROOTs" +echo "signed with the public key from the new Merkle tree." +echo "" # The PublicKey files for Merkle_tree_3 are wrong (they don't match the public key in the # Merkle tree XML file, nor the pubkey used in the OSNMA test vectors). @@ -208,12 +351,25 @@ MERKLE="$($GET_MERKLE ${TEST_VECTOR_DIR}/cryptographic_material/Merkle_tree_3/Me $CONVERT "${TEST_VECTOR_DIR}/osnma_test_vectors/nmt_step2/07_OCT_2023_GST_13_45_01.csv" | \ $GALMON_OSNMA --pubkey $PUBKEY --pkid $PKID --merkle-root $MERKLE || true +echo "" echo "Test vector: New Merkle Tree (step 3 only, starting with Merkle tree 3 and PKID 1)" +echo "----------------------------------------------------------------------------------" +echo "" +echo "No errors are expected in this test, since there is nothing in the signal-in-space" +echo "that refers to the old Merkle tree." +echo "" $CONVERT "${TEST_VECTOR_DIR}/osnma_test_vectors/nmt_step3/07_OCT_2023_GST_14_45_01.csv" | \ $GALMON_OSNMA --pubkey $PUBKEY --pkid $PKID --merkle-root $MERKLE || true +echo "" echo "Test vector: OSNMA Alert Message (all steps chained)" +echo "----------------------------------------------------" +echo "" +echo "Navigation data authentication should be successful until the reception of the" +echo "Alert Message. At this point all cryptographic material is deleted and" +echo "verification errors for the KROOT and the Alert Message appear." +echo "" { echo "Step 1" >&2 ; \ $CONVERT "${TEST_VECTOR_DIR}/osnma_test_vectors/oam_step1/07_OCT_2023_GST_18_45_01.csv" ; \ @@ -221,12 +377,26 @@ echo "Test vector: OSNMA Alert Message (all steps chained)" $CONVERT "${TEST_VECTOR_DIR}/osnma_test_vectors/oam_step2/07_OCT_2023_GST_19_45_01.csv" ; } | \ $GALMON_OSNMA --pubkey $PUBKEY --pkid $PKID --merkle-root $MERKLE || true +echo "" echo "Test vector: OSNMA Alert Message (step 1 only)" +echo "----------------------------------------------" +echo "" +echo "Navigation data authentication should be successful until the reception of the" +echo "Alert Message. At this point all cryptographic material is deleted and" +echo "verification errors for the KROOT and the Alert Message will appear." +echo "" $CONVERT "${TEST_VECTOR_DIR}/osnma_test_vectors/oam_step1/07_OCT_2023_GST_18_45_01.csv" | \ $GALMON_OSNMA --pubkey $PUBKEY --pkid $PKID --merkle-root $MERKLE || true +echo "" echo "Test vector: OSNMA Alert Message (step 2 only)" +echo "----------------------------------------------" +echo "" +echo "No navigation data authentication should happen, since the NMA status is always" +echo "set to don't use. When the Alert Message is received, all cryptographic material" +echo "is deleted and verification errors for the KROOT and the Alert Message appear." +echo "" $CONVERT "${TEST_VECTOR_DIR}/osnma_test_vectors/oam_step2/07_OCT_2023_GST_19_45_01.csv" | \ $GALMON_OSNMA --pubkey $PUBKEY --pkid $PKID --merkle-root $MERKLE || true