siemens
diff --git a/‎resources/keywords.resource‎
Lines changed: 3 additions & 32 deletions b/‎resources/keywords.resource‎
Lines changed: 3 additions & 32 deletions
diff --git a/‎resources/setup_keywords.resource‎
Lines changed: 74 additions & 0 deletions b/‎resources/setup_keywords.resource‎
Lines changed: 74 additions & 0 deletions
diff --git a/‎tests_mock_ca/migration.robot‎
Lines changed: 2 additions & 1 deletion b/‎tests_mock_ca/migration.robot‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎tests_pq_and_hybrid/composite_sig_alg_tests.robot‎
Lines changed: 3 additions & 8 deletions b/‎tests_pq_and_hybrid/composite_sig_alg_tests.robot‎
Lines changed: 3 additions & 8 deletions
diff --git a/‎tests_pq_and_hybrid/hybrid_sig_tests.robot‎
Lines changed: 5 additions & 13 deletions b/‎tests_pq_and_hybrid/hybrid_sig_tests.robot‎
Lines changed: 5 additions & 13 deletions
diff --git a/‎tests_pq_and_hybrid/kem_tests.robot‎
Lines changed: 17 additions & 16 deletions b/‎tests_pq_and_hybrid/kem_tests.robot‎
Lines changed: 17 additions & 16 deletions
@@ -1657,34 +1657,6 @@ Get Composite Issuing URL
     ${url}=  Add URL Suffix    ${CA_BASE_URL}   ${COMPOSITE_URL_PREFIX}
     RETURN  ${url}
 
-Exchange PKIMessage PQ
-    [Documentation]    Exchange a PKIMessage with the PQ issuing endpoint.
-    ...
-    ...                Arguments:
-    ...                ---------
-    ...                - `pki_message` (PKIMessage): The PKIMessage to be exchanged.
-    ...
-    ...                Returns:
-    ...                -------
-    ...                - The response PKIMessage from the PQ issuing endpoint.
-    ...
-    ...                Examples:
-    ...                --------
-    ...                | ${response}= |    Exchange PKIMessage PQ    | ${pki_message} |
-    ...
-    [Tags]    pqc
-    [Arguments]    ${pki_message}
-    ${url}=   Get PQ Issuing URL
-    ${response}=   Exchange PKIMessage    ${pki_message}    ${url}
-    RETURN   ${response}
-
-Exchange PKIMessage PQ Stateful
-    [Documentation]    Exchange a PKIMessage with the PQ stateful issuing endpoint.
-    [Arguments]    ${pki_message}
-    ${url}=   Get PQ Stateful Issuing URL
-    ${response}=   Exchange PKIMessage    ${pki_message}    ${url}
-    RETURN   ${response}
-
 Prepare Related Cert URL
     [Documentation]    Prepare the URL for the related certificate, by adding the serial number to the URL.
     ...
@@ -1739,10 +1711,10 @@ Setup PQ Sig Cert
         ...     recipient=${RECIPIENT}   exclude_fields=sender,senderKID
         ${prot_ir}=    Default Protect PKIMessage    ${ir}
     END
-    ${response}=    Exchange PKIMessage PQ    ${prot_ir}
+    ${url}=  Get PQ Issuing URL
+    ${response}=    Exchange PKIMessage    ${prot_ir}   url=${url}
     PKIMessage Body Type Must Be    ${response}    ip
     PKIStatus Must Be    ${response}    accepted
-    ${url}=  Get PQ Issuing URL
     ${pq_cert}=   Confirm Certificate If Needed    ${response}   url=${url}   protection=${protection}
     ${cert_chain}=   Build CMP Chain From PKIMessage    ${response}  ${pq_cert}
     Write Certs To Dir    ${cert_chain}  pq_sig_chain
@@ -1769,10 +1741,9 @@ Setup Composite Sig Cert
         ...     recipient=${RECIPIENT}   exclude_fields=sender,senderKID
         ${prot_ir}=    Default Protect PKIMessage    ${ir}
     END
-    ${response}=    Exchange PKIMessage PQ    ${prot_ir}
+    ${response}=    Exchange PKIMessage    ${prot_ir}   url=${url}
     PKIMessage Body Type Must Be    ${response}    ip
     PKIStatus Must Be    ${response}    accepted
-    ${url}=  Get PQ Issuing URL
     ${comp_cert}=   Confirm Certificate If Needed    ${response}   url=${url}   protection=${protection}
     ${cert_chain}=   Build CMP Chain From PKIMessage    ${response}  ${comp_cert}
     Write Certs To Dir    ${cert_chain}  composite_sig_chain
 
@@ -0,0 +1,74 @@
+# SPDX-FileCopyrightText: Copyright 2025 Siemens AG   # robocop: off=COM04
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+*** Settings ***
+Documentation  Contain common keywords for setup the CMP tests, like overwriting variables or initializing resources.
+Resource            ../config/${environment}.robot
+Resource            ../resources/keywords.resource
+
+
+*** Variables ***
+${environment}          cloudpki
+
+
+*** Keywords ***
+Set Up PQ Sig Suite
+    [Documentation]    Initializes the test suite for PQ signature algorithm tests.
+    ...
+    ...                Executes the shared suite setup and configures the CMP URL to point to the
+    ...                PQ issuing endpoint for certificate requests using stateless PQ signature algorithms
+    ...                (e.g., ML-DSA).
+    ...
+    ...                The CA_CMP_URL suite variable is updated to the PQ-specific endpoint.
+    Set Up Test Suite
+    ${url}=   Get PQ Issuing URL
+    VAR   ${CA_CMP_URL}    ${url}   scope=SUITE   # robocop: off=VAR05
+
+Set Up PQ Stateful Sig Suite
+    [Documentation]    Initializes the test suite for PQ stateful signature algorithm tests.
+    ...
+    ...                Executes the shared suite setup and configures the CMP URL to point to the
+    ...                PQ stateful issuing endpoint for certificate requests using XMSS, XMSSMT, or HSS algorithms.
+    ...
+    ...                The CA_CMP_URL suite variable is updated to the PQ stateful-specific endpoint.
+    Set Up Test Suite
+    ${url}=   Get PQ Stateful Issuing URL
+    VAR   ${CA_CMP_URL}    ${url}   scope=SUITE   # robocop: off=VAR05
+
+Set Up PQ KEM Suite
+    [Documentation]    Initializes the test suite for PQ KEM (Key Encapsulation Mechanism) tests.
+    ...
+    ...                Executes the shared suite setup and configures the CMP URL to point to the
+    ...                PQ issuing endpoint for certificate requests using PQ KEM algorithms
+    ...                (e.g., ML-KEM).
+    ...
+    ...                The CA_CMP_URL suite variable is updated to the PQ-specific endpoint.
+    Set Up Test Suite
+    ${url}=   Get PQ Issuing URL
+    VAR   ${CA_CMP_URL}    ${url}   scope=SUITE
+
+Set Up Hybrid Sig Suite
+    [Documentation]    Initializes the test suite for hybrid/composite signature algorithm tests.
+    ...
+    ...                Executes the shared suite setup and configures the CMP URL to point to the
+    ...                composite issuing endpoint for certificate requests using hybrid signature algorithms
+    ...                (combinations of PQ and traditional algorithms).
+    ...
+    ...                The CA_CMP_URL suite variable is updated to the composite-specific endpoint.
+    Set Up Test Suite
+    ${url}=   Get Composite Issuing URL
+    VAR   ${CA_CMP_URL}    ${url}   scope=SUITE   # robocop: off=VAR05
+
+Set Up Composite Sig Suite
+    [Documentation]    Initializes the test suite for composite signature algorithm tests.
+    ...
+    ...                Executes the shared suite setup and configures the CMP URL to point to the
+    ...                composite issuing endpoint for certificate requests using composite signature algorithms
+    ...                (combinations of PQ and traditional algorithms).
+    ...
+    ...                The CA_CMP_URL suite variable is updated to the composite-specific endpoint.
+    Set Up Test Suite
+    ${url}=   Get Composite Issuing URL
+    VAR   ${CA_CMP_URL}    ${url}   scope=SUITE   # robocop: off=VAR05
@@ -1232,7 +1232,8 @@ Establish New Composite KEM SS
     [Tags]    composite-kem
     [Arguments]    ${kem_key}   ${kem_cert}
     ${genm}=   Build KEMBasedMAC General Message   ${kem_key}    ${kem_cert}
-    ${genp}=   Exchange PKIMessage PQ    ${genm}
+    ${url}=   Get PQ Issuing URL
+    ${genp}=   Exchange PKIMessage    ${genm}   ${url}
     ${ss}=   Validate Genp KEMCiphertextInfo    ${genp}    ${kem_key}
     ${tx_id}=   Get Asn1 Value As Bytes   ${genm}  header.transactionID
     RETURN  ${ss}  ${tx_id}
 
@@ -11,6 +11,7 @@ Documentation    Test cases for Composite Signature Algorithms in all flavors. S
 
 Resource            ../config/${environment}.robot
 Resource            ../resources/keywords.resource
+Resource            ../resources/setup_keywords.resource
 Library             Collections
 Library             OperatingSystem
 Library             ../resources/utils.py
@@ -25,7 +26,7 @@ Library             ../pq_logic/hybrid_prepare.py
 Library             ../pq_logic/pq_verify_logic.py
 
 Test Tags           hybrid   hybrid-sig  composite-sig  verbose-alg  verbose-tests   pre_hash
-Suite Setup    Set Up Test Suite
+Suite Setup    Set Up Composite Sig Suite
 Test Template     Request With Composite Sig
 
 
@@ -176,12 +177,6 @@ Valid COMPOSITE-SIG-13-ML-DSA-87-ECDSA-SECP521R1 Request
 
 
 *** Keywords ***
-Exchange Composite Sig Request
-    [Documentation]    Exchange a composite signature request with the CA.
-    [Arguments]    ${request}
-    ${response}=    Exchange Migration PKIMessage    ${request}  ${CA_BASE_URL}   ${COMPOSITE_URL_PREFIX}
-    RETURN    ${response}
-
 Validate BadPOP Or Cert
     [Documentation]    Validate the response for a bad POP or certificate.
     [Arguments]    ${response}   ${bad_pop}   ${alg_name}
@@ -204,5 +199,5 @@ Request With Composite Sig
     ...        use_rsa_pss=${use_rsa_pss}
     ${ir}=   Build Ir From Key    ${comp_key}   cert_request=${cert_request}  popo=${popo}
     ${protected_ir}=   Default Protect PKIMessage    ${ir}
-    ${response}=   Exchange Composite Sig Request  ${protected_ir}
+    ${response}=   Exchange PKIMessage  ${protected_ir}
     Validate BadPOP Or Cert  ${response}   ${bad_pop}   ${alg_name}
@@ -6,6 +6,7 @@
 Documentation       General tests for CMP logic, not necessarily specific to the lightweight profile
 
 Resource            ../resources/keywords.resource
+Resource            ../resources/setup_keywords.resource
 Library             Collections
 Library             OperatingSystem
 Library             ../resources/utils.py
@@ -16,7 +17,7 @@ Library             ../resources/certbuildutils.py
 Library             ../resources/protectionutils.py
 Library             ../resources/checkutils.py
 
-Suite Setup         Set Up Test Suite
+Suite Setup         Set Up Hybrid Sig Suite
 Test Tags           pqc  hybrid-sig
 
 
@@ -155,7 +156,7 @@ CA MUST Reject Composite RSA with invalid RSA key length
     ${ir}=    Build Ir From Key    ${key}  ${cm}
     ...         spki=${spki}  recipient=${RECIPIENT}  exclude_fields=sender,senderKID
     ${protected_ir}=  Default Protect PKIMessage   ${ir}
-    ${response}=       Exchange Composite Request    ${protected_ir}
+    ${response}=       Exchange PKIMessage    ${protected_ir}
     PKIMessage Body Type Must Be    ${response}    error
     PKIStatus Must Be    ${response}    rejection
     PKIStatusInfo Failinfo Bit Must Be    ${response}    badCertTemplate,badDataFormat
@@ -177,7 +178,7 @@ CA MUST Reject Composite Sig with Traditional Revoked key Due Compromise
     ...                protection=signature
     ...                private_key=${revoked_key}
     ...                cert=${revoked_cert}
-    ${response}=       Exchange Composite Request    ${protected_ir}
+    ${response}=       Exchange PKIMessage    ${protected_ir}
     PKIMessage Body Type Must Be    ${response}    error
     PKIStatus Must Be    ${response}    rejection
 
@@ -192,15 +193,6 @@ CA MUST Reject Issuing Already in use Traditional Key
     ${ir}=    Build Ir From Key    ${key}   cert_template=${cert_template}
     ...       recipient=${RECIPIENT}   exclude_fields=senderKID,sender
     ${protected_ir}=  Default Protect PKIMessage    ${ir}
-    ${response}=       Exchange Composite Request    ${protected_ir}
+    ${response}=       Exchange PKIMessage    ${protected_ir}
     PKIStatus Must Be    ${response}    rejection
     PKIStatusInfo Failinfo Bit Must Be    ${response}    badCertTemplate,badRequest
-
-
-*** Keywords ***
-Exchange Composite Request
-    [Arguments]    ${pki_message}
-    [Documentation]    Exchanges a PKIMessage for a composite algorithm with the CA and return the response.
-    ${url}=   Add URL Suffix    ${CA_BASE_URL}   ${COMPOSITE_URL_PREFIX}
-    ${response}=       Exchange PKIMessage    ${pki_message}  ${url}
-    RETURN   ${response}
@@ -6,6 +6,7 @@
 Documentation       General tests for CMP logic, not necessarily specific to the lightweight profile
 
 Resource            ../resources/keywords.resource
+Resource            ../resources/setup_keywords.resource
 Library             Collections
 Library             OperatingSystem
 Library             ../resources/utils.py
@@ -22,7 +23,7 @@ Library             ../pq_logic/pq_verify_logic.py
 
 Test Tags           kem   pqc
 
-Suite Setup          Set Up Test Suite
+Suite Setup          Set Up PQ KEM Suite
 
 
 *** Keywords ***
@@ -107,12 +108,12 @@ CA MUST support KEMBasedMAC
     ${result}=   Is Certificate And Key Set    ${KEM_CERT}   ${KEM_KEY}
     SKIP IF  not ${result}    KEM Certificate and Key not set
     ${genm}=   Build KEMBasedMAC General Message   ${KEM_KEY}    ${KEM_CERT}
-    ${genp}=   Exchange PKIMessage PQ    ${genm}
+    ${genp}=   Exchange PKIMessage    ${genm}
     ${ss}=   Validate Genp KEMCiphertextInfo    ${genp}    ${KEM_KEY}
     ${tx_id}=   Get Asn1 Value As Bytes   ${genm}  header.transactionID
     ${protected_ir}=   Build IR Request KEMBasedMac Protected
     ...       ${tx_id}   ${ss}   True
-    ${response}=   Exchange PKIMessage PQ    ${protected_ir}
+    ${response}=   Exchange PKIMessage    ${protected_ir}
     PKIStatus Must Be    ${response}   accepted
 
 CA MUST Support KEMBasedMAC Until Certificate Is Confirmed
@@ -126,17 +127,17 @@ CA MUST Support KEMBasedMAC Until Certificate Is Confirmed
     ${result}=   Is Certificate And Key Set    ${KEM_CERT}   ${KEM_KEY}
     SKIP IF  not ${result}    KEM Certificate and Key not set
     ${genm}=   Build KEMBasedMAC General Message   ${KEM_KEY}    ${KEM_CERT}
-    ${genp}=   Exchange PKIMessage PQ    ${genm}
+    ${genp}=   Exchange PKIMessage    ${genm}
     ${ss}=   Validate Genp KEMCiphertextInfo    ${genp}    ${KEM_KEY}
     ${tx_id}=   Get Asn1 Value As Bytes   ${genm}  header.transactionID
     ${protected_ir}=   Build IR Request KEMBasedMac Protected
     ...       ${tx_id}   ${ss}   True
-    ${response}=   Exchange PKIMessage PQ    ${protected_ir}
+    ${response}=   Exchange PKIMessage    ${protected_ir}
     PKIStatus Must Be    ${response}   accepted
     ${cert_conf}=  Build Cert Conf From Resp    ${response}   sender=${SENDER}
     ...            recipient=${RECIPIENT}    for_mac=True
     ${cert_conf}=  Protect PKIMessage KEMBasedMAC    ${cert_conf}    shared_secret=${ss}
-    ${response}=   Exchange PKIMessage PQ    ${cert_conf}
+    ${response}=   Exchange PKIMessage    ${cert_conf}
     PKIMessage Body Type Must Be    ${response}    pkiconf
 
 CA Should Respond with the a valid KEMBasedMAC Protected Message
@@ -149,12 +150,12 @@ CA Should Respond with the a valid KEMBasedMAC Protected Message
     ${result}=   Is Certificate And Key Set    ${KEM_CERT}   ${KEM_KEY}
     SKIP IF  not ${result}    KEM Certificate and Key not set
     ${genm}=   Build KEMBasedMAC General Message   ${KEM_KEY}    ${KEM_CERT}
-    ${genp}=   Exchange PKIMessage PQ    ${genm}
+    ${genp}=   Exchange PKIMessage    ${genm}
     ${ss}=   Validate Genp KEMCiphertextInfo    ${genp}    ${KEM_KEY}
     ${tx_id}=   Get Asn1 Value As Bytes   ${genm}  header.transactionID
     ${protected_ir}=   Build IR Request KEMBasedMac Protected
     ...       ${tx_id}   ${ss}   True
-    ${response}=   Exchange PKIMessage PQ    ${protected_ir}
+    ${response}=   Exchange PKIMessage    ${protected_ir}
     PKIStatus Must Be    ${response}   accepted
     ${prot_type}=   Get Protection Type From PKIMessage    ${response}
     IF   not '${prot_type}' == 'kem_based_mac'
@@ -173,17 +174,17 @@ CA MUST Protect pkiconf message with KEMBasedMAC
     ${result}=   Is Certificate And Key Set    ${KEM_CERT}   ${KEM_KEY}
     SKIP IF  not ${result}    KEM Certificate and Key not set
     ${genm}=   Build KEMBasedMAC General Message   ${KEM_KEY}    ${KEM_CERT}
-    ${genp}=   Exchange PKIMessage PQ    ${genm}
+    ${genp}=   Exchange PKIMessage    ${genm}
     ${ss}=   Validate Genp KEMCiphertextInfo    ${genp}    ${KEM_KEY}
     ${tx_id}=   Get Asn1 Value As Bytes   ${genm}  header.transactionID
     ${protected_ir}=   Build IR Request KEMBasedMac Protected
     ...       ${tx_id}   ${ss}   True
-    ${response}=   Exchange PKIMessage PQ    ${protected_ir}
+    ${response}=   Exchange PKIMessage    ${protected_ir}
     PKIStatus Must Be    ${response}   accepted
     ${cert_conf}=  Build Cert Conf From Resp    ${response}   sender=${SENDER}
     ...            recipient=${RECIPIENT}    for_mac=True
     ${cert_conf}=  Protect PKIMessage KEMBasedMAC    ${cert_conf}    shared_secret=${ss}
-    ${response}=   Exchange PKIMessage PQ    ${cert_conf}
+    ${response}=   Exchange PKIMessage    ${cert_conf}
     PKIMessage Body Type Must Be    ${response}    pkiconf
     ${prot_type}=   Get Protection Type From PKIMessage    ${response}
     IF   not '${prot_type}' == 'kem_based_mac'
@@ -201,12 +202,12 @@ CA Reject invalid KEMBasedMAC Protected Message
     ${result}=   Is Certificate And Key Set    ${KEM_CERT}   ${KEM_KEY}
     SKIP IF  not ${result}    KEM Certificate and Key not set
     ${genm}=   Build KEMBasedMAC General Message   ${KEM_KEY}    ${KEM_CERT}
-    ${genp}=   Exchange PKIMessage PQ    ${genm}
+    ${genp}=   Exchange PKIMessage    ${genm}
     ${ss}=   Validate Genp KEMCiphertextInfo    ${genp}    ${KEM_KEY}
     ${tx_id}=   Get Asn1 Value As Bytes   ${genm}  header.transactionID
     ${protected_ir}=   Build IR Request KEMBasedMac Protected
     ...       ${tx_id}   ${ss}   True  ${None}   True
-    ${response}=   Exchange PKIMessage PQ    ${protected_ir}
+    ${response}=   Exchange PKIMessage    ${protected_ir}
     PKIStatus Must Be    ${response}   rejection
     PKIStatusInfo Failinfo Bit Must Be    ${response}   badMessageCheck
 
@@ -222,17 +223,17 @@ CA MUST not reuse the same ss for KEMBASEDMAC
     ${url}=   Get PQ Issuing URL
     ${cm}=    Get Next Common Name
     ${genm}=   Build KEMBasedMAC General Message   ${KEM_KEY}    ${KEM_CERT}
-    ${genp}=   Exchange PKIMessage PQ    ${genm}
+    ${genp}=   Exchange PKIMessage    ${genm}
     ${ss}=   Validate Genp KEMCiphertextInfo    ${genp}    ${KEM_KEY}
     ${key}=  Generate Default Key
     ${tx_id}=   Get Asn1 Value As Bytes   ${genm}  header.transactionID
     ${protected_ir}=   Build IR Request KEMBasedMac Protected
     ...       ${tx_id}   ${ss}   True  ${None}
-    ${response}=   Exchange PKIMessage PQ    ${protected_ir}
+    ${response}=   Exchange PKIMessage    ${protected_ir}
     PKIStatus Must Be    ${response}   accepted
     ${protected_ir}=   Build IR Request KEMBasedMac Protected
     ...       ${tx_id}   ${ss}   True  ${None}
-    ${response}=   Exchange PKIMessage PQ    ${protected_ir}
+    ${response}=   Exchange PKIMessage    ${protected_ir}
     PKIStatus Must Be    ${response}   rejection
     PKIStatusInfo Failinfo Bit Must Be    ${response}   badMessageCheck,badRequest,systemFailure