Enahance certificate loader

353cf4db · garciay · cab6e9e7 · 353cf4db · 353cf4db · 353cf4db
Commit 353cf4db authored Aug 14, 2018 by garciay
--- a/ccsrc/Externals/LibItsSecurity_externals.cc
+++ b/ccsrc/Externals/LibItsSecurity_externals.cc
@@ -951,7 +951,7 @@ namespace LibItsSecurity__Functions
    return TRUE;
  }

-  BOOLEAN fx__store__certificate(const CHARSTRING& p__cert__id, const OCTETSTRING& p__cert, const OCTETSTRING& p__private__key, const OCTETSTRING& p__public__key__x, const OCTETSTRING& p__public__key__y, const OCTETSTRING& p__public__key__compressed, const INTEGER& p__public__key__compressed__mode, const OCTETSTRING& p__hashid8, const OCTETSTRING& p__issuer, const OCTETSTRING_template& p__private__enc__key, const OCTETSTRING_template& p__public__enc__key__x, const OCTETSTRING_template& p__public__enc__key__y, const OCTETSTRING_template& p__public__enc__compressed__key, const INTEGER_template& p__public__enc__key__compressed__mode) {
+  BOOLEAN fx__store__certificate(const CHARSTRING& p__cert__id, const OCTETSTRING& p__cert, const OCTETSTRING& p__private__key, const OCTETSTRING& p__public__key__x, const OCTETSTRING& p__public__key__y, const OCTETSTRING& p__public__key__compressed, const INTEGER& p__public__key__compressed__mode, const OCTETSTRING& p__hash, const OCTETSTRING& p__hashid8, const OCTETSTRING& p__issuer, const OCTETSTRING_template& p__private__enc__key, const OCTETSTRING_template& p__public__enc__key__x, const OCTETSTRING_template& p__public__enc__key__y, const OCTETSTRING_template& p__public__enc__compressed__key, const INTEGER_template& p__public__enc__key__compressed__mode) {
    loggers::get_instance().log(">>> fx__store__certificate: '%s'", static_cast<const char*>(p__cert__id));

    int result;
@@ -959,9 +959,9 @@ namespace LibItsSecurity__Functions
      const OCTETSTRING private_enc_key = p__private__enc__key.valueof();
      const OCTETSTRING public_enc_key_x = p__public__enc__key__x.valueof();
      const OCTETSTRING public_enc_key_y = p__public__enc__key__y.valueof();
-      result = security_services::get_instance().store_certificate(p__cert__id, p__cert, p__private__key, p__public__key__x, p__public__key__y, p__public__key__compressed, p__public__key__compressed__mode, p__hashid8, p__issuer, p__private__enc__key.valueof(), p__public__enc__key__x.valueof(), p__public__enc__key__y.valueof(), p__public__enc__compressed__key.valueof(), p__public__enc__key__compressed__mode.valueof());
+      result = security_services::get_instance().store_certificate(p__cert__id, p__cert, p__private__key, p__public__key__x, p__public__key__y, p__public__key__compressed, p__public__key__compressed__mode, p__hash, p__hashid8, p__issuer, p__private__enc__key.valueof(), p__public__enc__key__x.valueof(), p__public__enc__key__y.valueof(), p__public__enc__compressed__key.valueof(), p__public__enc__key__compressed__mode.valueof());
    } else {
-      result = security_services::get_instance().store_certificate(p__cert__id, p__cert, p__private__key, p__public__key__x, p__public__key__y, p__public__key__compressed, p__public__key__compressed__mode, p__hashid8, p__issuer, OCTETSTRING(0, nullptr), OCTETSTRING(0, nullptr), OCTETSTRING(0, nullptr), OCTETSTRING(0, nullptr), INTEGER(-1));
+      result = security_services::get_instance().store_certificate(p__cert__id, p__cert, p__private__key, p__public__key__x, p__public__key__y, p__public__key__compressed, p__public__key__compressed__mode, p__hash, p__hashid8, p__issuer, OCTETSTRING(0, nullptr), OCTETSTRING(0, nullptr), OCTETSTRING(0, nullptr), OCTETSTRING(0, nullptr), INTEGER(-1));
    }
    
    return (result == 0);

--- a/ccsrc/Protocols/Security/certificates_loader.cc
+++ b/ccsrc/Protocols/Security/certificates_loader.cc
--- a/ccsrc/Protocols/Security/certificates_loader.hh
+++ b/ccsrc/Protocols/Security/certificates_loader.hh
@@ -19,6 +19,7 @@
 #include <experimental/filesystem>

 #include "security_db_record.hh"
+#include "security_ecc.hh"

 namespace IEEE1609dot2BaseTypes {
  class EccP256CurvePoint; //! Declare TITAN class
@@ -31,15 +32,9 @@ namespace IEEE1609dot2BaseTypes {
 * \remark Singleton pattern
 */
 class certificates_loader {
-  std::string _certificateExt;     //! COER encoding certificate extension. Default: .oer
-  std::string _privateKeyExt;      //! Private signing key extension. Default: .vkey
-  std::string _privateEncKeyExt;   //! Private cyphering key extension. Default: .ekey
-  std::string _publicKeysExt;
-  std::string _publicCompKeysExt;
-  std::string _publicEncKeysExt;
-  std::string _hashedidDigestExt;
-  std::string _issuerDigestExt;
-  std::string _publicEncCompKeysExt;
+  std::string _certificateExt;                    //! COER encoding certificate extension. Default: .oer
+  std::string _privateKeyExt;                     //! Private signing key extension. Default: .vkey
+  std::string _privateEncKeyExt;                  //! Private cyphering key extension. Default: .ekey
  std::experimental::filesystem::path _full_path; //! The full folder path to load certificates
  bool _is_cache_initialized;                     //! Set to true when certificates are successfully loaded from file system
  std::set<std::string> _directory_filter;        //! Directory filter (for local development purposes only)
@@ -80,6 +75,6 @@ private:

  int build_certificates_cache(std::set<std::experimental::filesystem::path>& p_files, std::map<std::string, std::unique_ptr<security_db_record> >& p_certificates, std::map<OCTETSTRING, std::string>& p_hashed_id8s);
  
-  void fill_public_key_vectors(const IEEE1609dot2BaseTypes::EccP256CurvePoint& p_ecc_point, OCTETSTRING& p_public_comp_key, OCTETSTRING& p_public_key_x, OCTETSTRING& p_public_key_y);
-  void fill_public_key_vectors(const IEEE1609dot2BaseTypes::EccP384CurvePoint& p_ecc_point, OCTETSTRING& p_public_comp_key, OCTETSTRING& p_public_key_x, OCTETSTRING& p_public_key_y);
+  void fill_public_key_vectors(const ec_elliptic_curves p_elliptic_curve, const IEEE1609dot2BaseTypes::EccP256CurvePoint& p_ecc_point, OCTETSTRING& p_public_comp_key, OCTETSTRING& p_public_key_x, OCTETSTRING& p_public_key_y);
+  void fill_public_key_vectors(const ec_elliptic_curves p_elliptic_curve, const IEEE1609dot2BaseTypes::EccP384CurvePoint& p_ecc_point, OCTETSTRING& p_public_comp_key, OCTETSTRING& p_public_key_x, OCTETSTRING& p_public_key_y);
 }; // End of class certificates_loader
--- a/ccsrc/Protocols/Security/security_cache.cc
+++ b/ccsrc/Protocols/Security/security_cache.cc
@@ -211,11 +211,11 @@ bool security_cache::fill_vector(OCTETSTRING& p_vector, const OCTETSTRING& p_org
  return false;
 }

-int security_cache::store_certificate(const CHARSTRING& p_cert_id, const OCTETSTRING& p_cert, const OCTETSTRING& p_private_key, const OCTETSTRING& p_public_key_x, const OCTETSTRING& p_public_key_y, const OCTETSTRING& p_public_compressed_key, const INTEGER& p_public_compressed_key_mode, const OCTETSTRING& p_hashed_id8, const OCTETSTRING& p_issuer, const OCTETSTRING& p_private_enc_key, const OCTETSTRING& p_public_enc_key_x, const OCTETSTRING& p_public_enc_key_y, const OCTETSTRING& p_public_enc_compressed_key, const INTEGER& p_public_enc_compressed_key_mode) {
+int security_cache::store_certificate(const CHARSTRING& p_cert_id, const OCTETSTRING& p_cert, const OCTETSTRING& p_private_key, const OCTETSTRING& p_public_key_x, const OCTETSTRING& p_public_key_y, const OCTETSTRING& p_public_compressed_key, const INTEGER& p_public_compressed_key_mode, const OCTETSTRING& p_hash, const OCTETSTRING& p_hashed_id8, const OCTETSTRING& p_issuer, const OCTETSTRING& p_private_enc_key, const OCTETSTRING& p_public_enc_key_x, const OCTETSTRING& p_public_enc_key_y, const OCTETSTRING& p_public_enc_compressed_key, const INTEGER& p_public_enc_compressed_key_mode) {
  loggers::get_instance().log_msg(">>> security_cache::store_certificate: ", p_cert_id);

  std::string key(static_cast<const char*>(p_cert_id));
-  OCTETSTRING cert, private_key, public_key_x, public_key_y, public_comp_key, hashed_id8, issuer;
+  OCTETSTRING cert, private_key, public_key_x, public_key_y, public_comp_key, hash, hashed_id8, issuer;
  OCTETSTRING private_enc_key, public_enc_key_x, public_enc_key_y, public_enc_comp_key;

  security_cache::fill_vector(cert, p_cert);
@@ -228,6 +228,7 @@ int security_cache::store_certificate(const CHARSTRING& p_cert_id, const OCTETST
    loggers::get_instance().log_msg("security_cache::store_certificate: public_comp_key: ", public_comp_key);
  }

+  security_cache::fill_vector(hash, p_hash);
  security_cache::fill_vector(hashed_id8, p_hashed_id8);
  security_cache::fill_vector(issuer, p_issuer);
  
@@ -248,7 +249,8 @@ int security_cache::store_certificate(const CHARSTRING& p_cert_id, const OCTETST
                                                 cert,               // Certificate
                                                 decoded_certificate,
                                                 issuer,             // Hashed ID for the issuer
-                                                 hashed_id8,         // Hashed ID
+                                                 hash,               // Whole-certificate hash
+                                                 hashed_id8,         // Whole-certificate hashed ID
                                                 private_key,        // Private key
                                                 public_key_x,       // Public key X-coordinate
                                                 public_key_y,       // Public key Y-coordinate

--- a/ccsrc/Protocols/Security/security_cache.hh
+++ b/ccsrc/Protocols/Security/security_cache.hh
@@ -56,7 +56,7 @@ public: /*! \publicsection */
  int get_public_enc_keys(const std::string& p_certificate_id, OCTETSTRING& p_public_enc_key_x, OCTETSTRING& p_public_enc_key_y) const;
  int get_public_enc_comp_key(const std::string& p_certificate_id, OCTETSTRING& p_public_enc_comp_key, INTEGER& p_enc_comp_mode) const;

-  virtual int store_certificate(const CHARSTRING& p_cert_id, const OCTETSTRING& p_cert, const OCTETSTRING& p_private_key, const OCTETSTRING& p_public_key_x, const OCTETSTRING& p_public_key_y, const OCTETSTRING& p_public_compressed_key, const INTEGER& p_public_compressed_key_mode, const OCTETSTRING& p_hashid8, const OCTETSTRING& p_issuer, const OCTETSTRING& p_private_enc_key, const OCTETSTRING& p_public_enc_key_x, const OCTETSTRING& p_public_enc_key_y, const OCTETSTRING& p_public_enc_compressed_key, const INTEGER& p_public_enc_compressed_key_mode);
+  virtual int store_certificate(const CHARSTRING& p_cert_id, const OCTETSTRING& p_cert, const OCTETSTRING& p_private_key, const OCTETSTRING& p_public_key_x, const OCTETSTRING& p_public_key_y, const OCTETSTRING& p_public_compressed_key, const INTEGER& p_public_compressed_key_mode, const OCTETSTRING& p_hash, const OCTETSTRING& p_hashid8, const OCTETSTRING& p_issuer, const OCTETSTRING& p_private_enc_key, const OCTETSTRING& p_public_enc_key_x, const OCTETSTRING& p_public_enc_key_y, const OCTETSTRING& p_public_enc_compressed_key, const INTEGER& p_public_enc_compressed_key_mode);

  virtual int clear();
  

--- a/ccsrc/Protocols/Security/security_db.cc
+++ b/ccsrc/Protocols/Security/security_db.cc
@@ -40,10 +40,10 @@ int security_db::load_from_files(const std::string& p_db_path) {
  return 0;
 }

-int security_db::store_certificate(const CHARSTRING& p_cert_id, const OCTETSTRING& p_cert, const OCTETSTRING& p_private_key, const OCTETSTRING& p_public_key_x, const OCTETSTRING& p_public_key_y, const OCTETSTRING& p_public_compressed_key, const INTEGER& p_public_compressed_key_mode, const OCTETSTRING& p_hashed_id8, const OCTETSTRING& p_issuer, const OCTETSTRING& p_private_enc_key, const OCTETSTRING& p_public_enc_key_x, const OCTETSTRING& p_public_enc_key_y, const OCTETSTRING& p_public_enc_compressd_key, const INTEGER& p_public_enc_compressed_key_mode) {
+int security_db::store_certificate(const CHARSTRING& p_cert_id, const OCTETSTRING& p_cert, const OCTETSTRING& p_private_key, const OCTETSTRING& p_public_key_x, const OCTETSTRING& p_public_key_y, const OCTETSTRING& p_public_compressed_key, const INTEGER& p_public_compressed_key_mode, const OCTETSTRING& p_hash, const OCTETSTRING& p_hashed_id8, const OCTETSTRING& p_issuer, const OCTETSTRING& p_private_enc_key, const OCTETSTRING& p_public_enc_key_x, const OCTETSTRING& p_public_enc_key_y, const OCTETSTRING& p_public_enc_compressd_key, const INTEGER& p_public_enc_compressed_key_mode) {
  loggers::get_instance().log_msg(">>> security_db::store_certificate: ", p_cert_id);

-  if (security_cache::store_certificate(p_cert_id, p_cert, p_private_key, p_public_key_x, p_public_key_y, p_public_compressed_key, p_public_compressed_key_mode, p_hashed_id8, p_issuer, p_private_enc_key, p_public_enc_key_x, p_public_enc_key_y, p_public_enc_compressd_key, p_public_enc_compressed_key_mode) != 0) {
+  if (security_cache::store_certificate(p_cert_id, p_cert, p_private_key, p_public_key_x, p_public_key_y, p_public_compressed_key, p_public_compressed_key_mode, p_hash, p_hashed_id8, p_issuer, p_private_enc_key, p_public_enc_key_x, p_public_enc_key_y, p_public_enc_compressd_key, p_public_enc_compressed_key_mode) != 0) {
    return -1;
  }


--- a/ccsrc/Protocols/Security/security_db.hh
+++ b/ccsrc/Protocols/Security/security_db.hh
@@ -38,7 +38,7 @@ public: /*! \publicsection */
   * \param[in] p_cert_id The certificate identifier
   * \return 0 on success, -1 otherwise
   */
-  int store_certificate(const CHARSTRING& p_cert_id, const OCTETSTRING& p_cert, const OCTETSTRING& p_private_key, const OCTETSTRING& p_public_key_x, const OCTETSTRING& p_public_key_y, const OCTETSTRING& p_public_compressed_key, const INTEGER& p_public_compressed_key_mode, const OCTETSTRING& p_hashid8, const OCTETSTRING& p_issuer, const OCTETSTRING& p_private_enc_key, const OCTETSTRING& p_public_enc_key_x, const OCTETSTRING& p_public_enc_key_y, const OCTETSTRING& p_public_enc_compressed_key, const INTEGER& p_public_enc_compressed_key_mode);
+  int store_certificate(const CHARSTRING& p_cert_id, const OCTETSTRING& p_cert, const OCTETSTRING& p_private_key, const OCTETSTRING& p_public_key_x, const OCTETSTRING& p_public_key_y, const OCTETSTRING& p_public_compressed_key, const INTEGER& p_public_compressed_key_mode, const OCTETSTRING& p_hash, const OCTETSTRING& p_hashid8, const OCTETSTRING& p_issuer, const OCTETSTRING& p_private_enc_key, const OCTETSTRING& p_public_enc_key_x, const OCTETSTRING& p_public_enc_key_y, const OCTETSTRING& p_public_enc_compressed_key, const INTEGER& p_public_enc_compressed_key_mode);

 private: /*! \privatesection */
  /*!

--- a/ccsrc/Protocols/Security/security_db_record.cc
+++ b/ccsrc/Protocols/Security/security_db_record.cc
@@ -19,6 +19,7 @@ security_db_record::security_db_record(
                                       const OCTETSTRING& p_certificate,
                                       const IEEE1609dot2::CertificateBase& p_decoded_certificate,
                                       const OCTETSTRING& p_hashed_id_issuer,
+                                       const OCTETSTRING& p_hash,
                                       const OCTETSTRING& p_hashed_id,
                                       const OCTETSTRING& p_pr_key,
                                       const OCTETSTRING& p_pu_key_x,
@@ -29,14 +30,7 @@ security_db_record::security_db_record(
                                       const OCTETSTRING& p_pu_enc_key_y,
                                       const OCTETSTRING& p_pu_enc_comp_key,
                                       const bool p_to_be_saved
-                                       ): _algorithm{ec_elliptic_curves::nist_p_256}, _certificate_id(p_certificate_id), _certificate(p_certificate), _hashed_id_issuer(p_hashed_id_issuer), _hash(), _hashed_id(p_hashed_id), _pr_key(p_pr_key), _pu_key_x(p_pu_key_x), _pu_key_y(p_pu_key_y), _pu_comp_key(p_pu_comp_key), _pr_enc_key(p_pr_enc_key), _pu_enc_key_x(p_pu_enc_key_x), _pu_enc_key_y(p_pu_enc_key_y), _pu_enc_comp_key(p_pu_enc_comp_key), _to_be_saved(p_to_be_saved), _decoded_certificate(static_cast<IEEE1609dot2::CertificateBase*>(p_decoded_certificate.clone())) {
-  if (p_pr_key.lengthof() == 32) {
-      sha256 sha;
-      sha.generate(_certificate, _hash);
-  } else {
-      sha384 sha;
-      sha.generate(_certificate, _hash);
-  }
+                                       ): _algorithm{ec_elliptic_curves::nist_p_256}, _certificate_id(p_certificate_id), _certificate(p_certificate), _hashed_id_issuer(p_hashed_id_issuer), _hash(p_hash), _hashed_id(p_hashed_id), _pr_key(p_pr_key), _pu_key_x(p_pu_key_x), _pu_key_y(p_pu_key_y), _pu_comp_key(p_pu_comp_key), _pr_enc_key(p_pr_enc_key), _pu_enc_key_x(p_pu_enc_key_x), _pu_enc_key_y(p_pu_enc_key_y), _pu_enc_comp_key(p_pu_enc_comp_key), _to_be_saved(p_to_be_saved), _decoded_certificate(static_cast<IEEE1609dot2::CertificateBase*>(p_decoded_certificate.clone())) {
 }

 const IEEE1609dot2::CertificateBase& security_db_record::decoded_certificate() const {

--- a/ccsrc/Protocols/Security/security_db_record.hh
+++ b/ccsrc/Protocols/Security/security_db_record.hh
@@ -30,7 +30,7 @@ class security_db_record {
  std::string _certificate_id;     /*!< Certificate storage*/
  OCTETSTRING _certificate;        /*!< COER storage */
  OCTETSTRING _hashed_id_issuer;   /*!< Hash id 8 of the issuer certificate */
-  OCTETSTRING _hash;               /*!< Certificate hash storage */
+  OCTETSTRING _hash;               /*!< Certificate hash storage */ // TODO Check if it's usefull, otherwise remove it
  OCTETSTRING _hashed_id;          /*!< Certificate hash id 8 storage */
  OCTETSTRING _pr_key;             /*!< Private key storage */
  OCTETSTRING _pu_key_x;           /*!< Public key X-coordinate storage */
@@ -54,6 +54,7 @@ public: /*! \publicsection */
   * \param[in] p_certificate The COER encoded certificate
   * \param[in] p_decoded_certificate The decoded certificate
   * \param[in] p_hashed_id_issuer The HashedId of the certificate issuer
+   * \param[in] p_hash The whole-certificate hash
   * \param[in] p_hashed_id The whole-certificate hashed id
   * \param[in] p_pr_key The private signature key
   * \param[in] p_pu_key_x The public X-coordinate signature key
@@ -65,7 +66,7 @@ public: /*! \publicsection */
   * \param[in] p_pu_enc_comp_key_y The public compressed coordinate encryption key
   * \param[in] p_to_be_saved Set to true to save on disk this certificate.Default: true
   */
-  security_db_record(const std::string& p_certificate_id, const OCTETSTRING& p_certificate, const IEEE1609dot2::CertificateBase& p_decoded_certificate, const OCTETSTRING& p_hashed_id_issuer, const OCTETSTRING& p_hashed_id, const OCTETSTRING& p_pr_key, const OCTETSTRING& p_pu_key_x, const OCTETSTRING& p_pu_key_y, const OCTETSTRING& p_pu_comp_key, const OCTETSTRING& p_pr_enc_key, const OCTETSTRING& p_pu_enc_key_x, const OCTETSTRING& p_pu_enc_key_y, const OCTETSTRING& p_pu_enc_comp_key_y, const bool p_to_be_saved = true);
+  security_db_record(const std::string& p_certificate_id, const OCTETSTRING& p_certificate, const IEEE1609dot2::CertificateBase& p_decoded_certificate, const OCTETSTRING& p_hashed_id_issuer, const OCTETSTRING& p_hash, const OCTETSTRING& p_hashed_id, const OCTETSTRING& p_pr_key, const OCTETSTRING& p_pu_key_x, const OCTETSTRING& p_pu_key_y, const OCTETSTRING& p_pu_comp_key, const OCTETSTRING& p_pr_enc_key, const OCTETSTRING& p_pu_enc_key_x, const OCTETSTRING& p_pu_enc_key_y, const OCTETSTRING& p_pu_enc_comp_key_y, const bool p_to_be_saved = true);
  
  /*!
   * \brief Default dtor

--- a/ccsrc/Protocols/Security/security_services.cc
+++ b/ccsrc/Protocols/Security/security_services.cc
@@ -68,7 +68,7 @@ int security_services::setup(params& p_params) { // FIXME Rename this method
  return 0;
 }

-int security_services::store_certificate(const CHARSTRING& p_cert_id, const OCTETSTRING& p_cert, const OCTETSTRING& p_private_key, const OCTETSTRING& p_public_key_x, const OCTETSTRING& p_public_key_y, const OCTETSTRING& p_public_comp_key, const INTEGER& p_public_comp_key_mode, const OCTETSTRING& p_hashid8, const OCTETSTRING& p_issuer, const OCTETSTRING& p_private_enc_key, const OCTETSTRING& p_public_enc_key_x, const OCTETSTRING& p_public_enc_key_y, const OCTETSTRING& p_public_enc_compressed_key, const INTEGER& p_public_enc_key_compressed_mode) {
+int security_services::store_certificate(const CHARSTRING& p_cert_id, const OCTETSTRING& p_cert, const OCTETSTRING& p_private_key, const OCTETSTRING& p_public_key_x, const OCTETSTRING& p_public_key_y, const OCTETSTRING& p_public_comp_key, const INTEGER& p_public_comp_key_mode, const OCTETSTRING& p_hash, const OCTETSTRING& p_hashid8, const OCTETSTRING& p_issuer, const OCTETSTRING& p_private_enc_key, const OCTETSTRING& p_public_enc_key_x, const OCTETSTRING& p_public_enc_key_y, const OCTETSTRING& p_public_enc_compressed_key, const INTEGER& p_public_enc_key_compressed_mode) {
  loggers::get_instance().log_msg(">>> security_services::store_certificate: ", p_cert_id);

  // Sanity checks
@@ -76,7 +76,7 @@ int security_services::store_certificate(const CHARSTRING& p_cert_id, const OCTE
    loggers::get_instance().warning("security_services::store_certificate: Not initialised");
    return -1;
  }
-  return _security_db.get()->store_certificate(p_cert_id, p_cert, p_private_key, p_public_key_x, p_public_key_y, p_public_comp_key, p_public_comp_key_mode, p_hashid8, p_issuer, p_private_enc_key, p_public_enc_key_x, p_public_enc_key_y, p_public_enc_compressed_key, p_public_enc_key_compressed_mode);
+  return _security_db.get()->store_certificate(p_cert_id, p_cert, p_private_key, p_public_key_x, p_public_key_y, p_public_comp_key, p_public_comp_key_mode, p_hash, p_hashid8, p_issuer, p_private_enc_key, p_public_enc_key_x, p_public_enc_key_y, p_public_enc_compressed_key, p_public_enc_key_compressed_mode);
 }

 int security_services::verify_and_extract_gn_payload(const OCTETSTRING& p_secured_gn_payload, const bool p_verify, IEEE1609dot2::Ieee1609Dot2Data& p_ieee_1609dot2_data, OCTETSTRING& p_unsecured_gn_payload, params& p_params) {
@@ -891,6 +891,9 @@ int security_services::extract_encryption_keys(const IEEE1609dot2::CertificateBa
    }
  } else {
    loggers::get_instance().warning("security_services::extract_encryption_keys: EncryptionKey omitted");
+    p_public_enc_key_x = OCTETSTRING(0, nullptr);
+    p_public_enc_key_y = OCTETSTRING(0, nullptr);
+    p_public_enc_comp_key = OCTETSTRING(0, nullptr);
    return 0; // Normal termination
  }

@@ -949,8 +952,9 @@ int security_services::extract_encryption_keys(const IEEE1609dot2::CertificateBa
                                                 public_comp_key,
                                                 public_comp_key_mode,
                                                 hash_cert,
+                                                 hashed_id8,
                                                 p_certificate.issuer().sha256AndDigest(),
-                                                 int2oct(0, 32), // Encryption private not used
+                                                 OCTETSTRING(0, nullptr), // Encryption private not used
                                                 public_enc_key_x,
                                                 public_enc_key_y,
                                                 public_enc_comp_key,
@@ -997,8 +1001,9 @@ int security_services::extract_encryption_keys(const IEEE1609dot2::CertificateBa
                                                 public_comp_key,
                                                 public_comp_key_mode,
                                                 hash_cert,
+                                                 hashed_id8,
                                                 p_certificate.issuer().sha384AndDigest(),
-                                                 int2oct(0,48), // Encryption private not used
+                                                 OCTETSTRING(0, nullptr), // Encryption private not used
                                                 public_enc_key_x,
                                                 public_enc_key_y,
                                                 public_enc_comp_key,

--- a/ccsrc/Protocols/Security/security_services.hh
+++ b/ccsrc/Protocols/Security/security_services.hh
@@ -101,7 +101,7 @@ public: /*! \publicsection */
  
  int setup(params &p_params);
  
-  int store_certificate(const CHARSTRING& p_cert_id, const OCTETSTRING& p_cert, const OCTETSTRING& p_private_key, const OCTETSTRING& p_public_key_x, const OCTETSTRING& p_public_key_y, const OCTETSTRING& p_public_comp_key, const INTEGER& p_public_comp_key_mode, const OCTETSTRING& p_hashid8, const OCTETSTRING& p_issuer, const OCTETSTRING& p_private_enc_key, const OCTETSTRING& p_public_enc_key_x, const OCTETSTRING& p_public_enc_key_y, const OCTETSTRING& p_public_enc_compressed_key, const INTEGER& p_public_enc_key_compressed_mode);
+  int store_certificate(const CHARSTRING& p_cert_id, const OCTETSTRING& p_cert, const OCTETSTRING& p_private_key, const OCTETSTRING& p_public_key_x, const OCTETSTRING& p_public_key_y, const OCTETSTRING& p_public_comp_key, const INTEGER& p_public_comp_key_mode, const OCTETSTRING& p_hash, const OCTETSTRING& p_hashid8, const OCTETSTRING& p_issuer, const OCTETSTRING& p_private_enc_key, const OCTETSTRING& p_public_enc_key_x, const OCTETSTRING& p_public_enc_key_y, const OCTETSTRING& p_public_enc_compressed_key, const INTEGER& p_public_enc_key_compressed_mode);

  inline void set_position(const int p_latitude, const int p_longitude, const int p_elevation = 0) { _latitude = p_latitude; _longitude = p_longitude; _elevation = p_elevation; };
  

--- a/etc/TestCodec/TestCodec.cfg
+++ b/etc/TestCodec/TestCodec.cfg
@@ -21,7 +21,7 @@ LibCommon_Time.PX_TAC := 35.0
 # Root path to access certificate stored in files, identified by certficate ID
 LibItsSecurity_Pixits.PX_CERTIFICATE_POOL_PATH := "/home/vagrant/tmp"
 # Configuration sub-directory to access certificate stored in files
-LibItsSecurity_Pixits.PX_IUT_SEC_CONFIG_NAME := "cert_asn1c" #"test_01";
+LibItsSecurity_Pixits.PX_IUT_SEC_CONFIG_NAME := "Yann" #"cert_asn1c" #"test_01";

 [LOGGING]
 # In this section you can specify the name of the log file and the classes of events
@@ -286,11 +286,6 @@ system.utPort.params := "UT_GN/UDP(dst_ip=192.168.56.1)"
 #TestCodec_SecuredFuntions.tc_f_verifyWithEcdsaBrainpoolp384WithSha384_1
 #TestCodec_SecuredFuntions.tc_f_verifyWithEcdsaBrainpoolp384WithSha384_2
 #TestCodec_SecuredFuntions.tc_f_verifyWithEcdsaBrainpoolp384WithSha384_3 # Shall failed on error: Dynamic test case error: security_ecc::security_ecc (2): Failed to get coordinates
-#TestCodec_SecuredFuntions.tc_load_certificates
-#TestCodec_SecuredFuntions.tc_read_certificate_1
-#TestCodec_SecuredFuntions.tc_read_certificate_2
-#TestCodec_SecuredFuntions.tc_read_certificate_digest
-#TestCodec_SecuredFuntions.tc_read_certificate_hash
 # Certificates
 #TestCodec_Certificates.tc_root_certificate_sha256_1
 #TestCodec_Certificates.tc_root_certificate_sha256_2
@@ -310,8 +305,13 @@ system.utPort.params := "UT_GN/UDP(dst_ip=192.168.56.1)"
 #TestCodec_SecuredMessages.tc_secured_message_signed_and_encrypted_1
 #TestCodec_SecuredMessages.tc_secured_message_signed_and_encrypted_2
 # Chain of certificates
-#TestCodec_ChainOfCertificates.tc_full_check_certificate_1
+TestCodec_ChainOfCertificates.tc_full_check_certificate_1
 #TestCodec_ChainOfCertificates.tc_full_check_certificate_2
+TestCodec_SecuredFuntions.tc_load_certificates
+TestCodec_SecuredFuntions.tc_read_certificate_1
+TestCodec_SecuredFuntions.tc_read_certificate_2
+TestCodec_SecuredFuntions.tc_read_certificate_digest
+TestCodec_SecuredFuntions.tc_read_certificate_hash
 # Encryption
 #TestCodec_SignedAndEncryptedMessages.tc_test_hmac_sha256_test1
 #TestCodec_SignedAndEncryptedMessages.tc_test_hmac_sha256_test2
@@ -319,9 +319,9 @@ system.utPort.params := "UT_GN/UDP(dst_ip=192.168.56.1)"
 #TestCodec_SignedAndEncryptedMessages.tc_test_encrypt_aes_128_ccm_test_1
 #TestCodec_SignedAndEncryptedMessages.tc_test_encrypt_aes_128_ccm_test_2
 #TestCodec_SignedAndEncryptedMessages.tc_test_encrypt_aes_128_ccm_test_3
-TestCodec_SignedAndEncryptedMessages.tc_encrypted_signed_message_1
-TestCodec_SignedAndEncryptedMessages.tc_decrypted_signed_message_2
-TestCodec_SignedAndEncryptedMessages.tc_decrypted_signed_message_3
+#TestCodec_SignedAndEncryptedMessages.tc_encrypted_signed_message_1
+#TestCodec_SignedAndEncryptedMessages.tc_decrypted_signed_message_2
+#TestCodec_SignedAndEncryptedMessages.tc_decrypted_signed_message_3
 #TestCodec_SignedAndEncryptedMessages.tc_decrypted_signed_message_4
 # Pki
 #TestCodec_Pki.tc_inner_ec_request_1

--- a/ttcn/TestCodec/TestCodec_ChainOfCertificates.ttcn
+++ b/ttcn/TestCodec/TestCodec_ChainOfCertificates.ttcn
@@ -150,9 +150,9 @@ module TestCodec_ChainOfCertificates {
    
    // Store Private key in binary format
    fx_loadCertificates("/home/vagrant/tmp/Yann", "");
-    fx_store_certificate("CERT_TEST_A_ROOT", v_chain_sec_info.ca.enc_cert, v_chain_sec_info.ca.private_key, v_chain_sec_info.ca.public_key_x, v_chain_sec_info.ca.public_key_y, v_chain_sec_info.ca.public_key_compressed, v_chain_sec_info.ca.compressed_mode, v_chain_sec_info.ca.hashedid8, v_chain_sec_info.ca.issuer, omit, omit, omit, omit, omit);
-    fx_store_certificate("CERT_TS_A_AA", v_chain_sec_info.aa.enc_cert, v_chain_sec_info.aa.private_key, v_chain_sec_info.aa.public_key_x, v_chain_sec_info.aa.public_key_y, v_chain_sec_info.aa.public_key_compressed, v_chain_sec_info.aa.compressed_mode, v_chain_sec_info.aa.hashedid8, v_chain_sec_info.aa.issuer, omit, omit, omit, omit, omit);
-    fx_store_certificate("CERT_TS_A_AT", v_chain_sec_info.at.enc_cert, v_chain_sec_info.at.private_key, v_chain_sec_info.at.public_key_x, v_chain_sec_info.at.public_key_y, v_chain_sec_info.at.public_key_compressed, v_chain_sec_info.at.compressed_mode, v_chain_sec_info.at.hashedid8, v_chain_sec_info.at.issuer, omit, omit, omit, omit, omit);
+    fx_store_certificate("CERT_IUT_A_RCA", v_chain_sec_info.ca.enc_cert, v_chain_sec_info.ca.private_key, v_chain_sec_info.ca.public_key_x, v_chain_sec_info.ca.public_key_y, v_chain_sec_info.ca.public_key_compressed, v_chain_sec_info.ca.compressed_mode, v_chain_sec_info.ca.hash, v_chain_sec_info.ca.hashedid8, v_chain_sec_info.ca.issuer, omit, omit, omit, omit, omit);
+    fx_store_certificate("CERT_IUT_A_AA", v_chain_sec_info.aa.enc_cert, v_chain_sec_info.aa.private_key, v_chain_sec_info.aa.public_key_x, v_chain_sec_info.aa.public_key_y, v_chain_sec_info.aa.public_key_compressed, v_chain_sec_info.aa.compressed_mode, v_chain_sec_info.aa.hash, v_chain_sec_info.aa.hashedid8, v_chain_sec_info.aa.issuer, omit, omit, omit, omit, omit);
+    fx_store_certificate("CERT_IUT_A_AT", v_chain_sec_info.at.enc_cert, v_chain_sec_info.at.private_key, v_chain_sec_info.at.public_key_x, v_chain_sec_info.at.public_key_y, v_chain_sec_info.at.public_key_compressed, v_chain_sec_info.at.compressed_mode, v_chain_sec_info.at.hash, v_chain_sec_info.at.hashedid8, v_chain_sec_info.at.issuer, omit, omit, omit, omit, omit);
    
    // Create a basic GeoNetworking message
  v_gnNonSecuredPacket := m_geoNwShbPacket(
@@ -300,9 +300,9 @@ module TestCodec_ChainOfCertificates {
    
    // Store Private key in binary format
    fx_loadCertificates("/home/vagrant/tmp/Yann", "");
-    fx_store_certificate("CERT_TEST_B_ROOT", v_chain_sec_info.ca.enc_cert, v_chain_sec_info.ca.private_key, v_chain_sec_info.ca.public_key_x, v_chain_sec_info.ca.public_key_y, v_chain_sec_info.ca.public_key_compressed, v_chain_sec_info.ca.compressed_mode, v_chain_sec_info.ca.hashedid8, v_chain_sec_info.ca.issuer, omit, omit, omit, omit, omit);
-    fx_store_certificate("CERT_TS_B_AA", v_chain_sec_info.aa.enc_cert, v_chain_sec_info.aa.private_key, v_chain_sec_info.aa.public_key_x, v_chain_sec_info.aa.public_key_y, v_chain_sec_info.aa.public_key_compressed, v_chain_sec_info.aa.compressed_mode, v_chain_sec_info.aa.hashedid8, v_chain_sec_info.aa.issuer, omit, omit, omit, omit, omit);
-    fx_store_certificate("CERT_TS_B_AT", v_chain_sec_info.at.enc_cert, v_chain_sec_info.at.private_key, v_chain_sec_info.at.public_key_x, v_chain_sec_info.at.public_key_y, v_chain_sec_info.at.public_key_compressed, v_chain_sec_info.at.compressed_mode, v_chain_sec_info.at.hashedid8, v_chain_sec_info.at.issuer, omit, omit, omit, omit, omit);
+    fx_store_certificate("CERT_TEST_B_ROOT", v_chain_sec_info.ca.enc_cert, v_chain_sec_info.ca.private_key, v_chain_sec_info.ca.public_key_x, v_chain_sec_info.ca.public_key_y, v_chain_sec_info.ca.public_key_compressed, v_chain_sec_info.ca.compressed_mode, v_chain_sec_info.ca.hash, v_chain_sec_info.ca.hashedid8, v_chain_sec_info.ca.issuer, omit, omit, omit, omit, omit);
+    fx_store_certificate("CERT_TS_B_AA", v_chain_sec_info.aa.enc_cert, v_chain_sec_info.aa.private_key, v_chain_sec_info.aa.public_key_x, v_chain_sec_info.aa.public_key_y, v_chain_sec_info.aa.public_key_compressed, v_chain_sec_info.aa.compressed_mode, v_chain_sec_info.aa.hash, v_chain_sec_info.aa.hashedid8, v_chain_sec_info.aa.issuer, omit, omit, omit, omit, omit);
+    fx_store_certificate("CERT_TS_B_AT", v_chain_sec_info.at.enc_cert, v_chain_sec_info.at.private_key, v_chain_sec_info.at.public_key_x, v_chain_sec_info.at.public_key_y, v_chain_sec_info.at.public_key_compressed, v_chain_sec_info.at.compressed_mode, v_chain_sec_info.at.hash, v_chain_sec_info.at.hashedid8, v_chain_sec_info.at.issuer, omit, omit, omit, omit, omit);
    
    // Create a basic GeoNetworking message
  v_gnNonSecuredPacket := m_geoNwShbPacket(

--- a/ttcn/TestCodec/TestCodec_SecuredFuntions.ttcn
+++ b/ttcn/TestCodec/TestCodec_SecuredFuntions.ttcn
@@ -66,7 +66,7 @@ module TestCodec_SecuredFuntions {
        setverdict(pass);
      }

-      if (fx_readCertificate("CERT_IUT_A_RCA", v_certificate) == false) {
+      if (fx_readCertificate("CERT_IUT_A_AA", v_certificate) == false) {
        setverdict(fail);
      } else {
        var bitstring v_oct2bit;
@@ -88,7 +88,7 @@ module TestCodec_SecuredFuntions {
        setverdict(fail);
      } else {
        var octetstring v_digest;
-        if (fx_readCertificateDigest("CERT_IUT_A_RCA", v_digest) == false) {
+        if (fx_readCertificateDigest("CERT_IUT_A_AA", v_digest) == false) {
          setverdict(fail);
        } else {
          log("v_digest = ", v_digest);
@@ -102,7 +102,7 @@ module TestCodec_SecuredFuntions {
        setverdict(fail);
      } else {
        var octetstring v_hash;
-        if (fx_readCertificateHash("CERT_IUT_A_RCA", v_hash) == false) {
+        if (fx_readCertificateHash("CERT_IUT_A_AA", v_hash) == false) {
          setverdict(fail);
        } else {
          log("v_hash = ", v_hash);