Bug fixed in AtsSecurity

5a2f8d34 · Yann Garcia · 49f0336f · 5a2f8d34 · 5a2f8d34 · 5a2f8d34
Commit 5a2f8d34 authored Feb 12, 2019 by Yann Garcia
--- a/ccsrc/Externals/LibItsSecurity_externals.cc
+++ b/ccsrc/Externals/LibItsSecurity_externals.cc
@@ -818,7 +818,7 @@ namespace LibItsSecurity__Functions
   * \see http://digital.csic.es/bitstream/10261/32671/1/V2-I2-P7-13.pdf
   */
  // TODO Use common function for both fx__encryptWithEciesxxx and fx__decryptWithEciesxxx function
-  OCTETSTRING fx__decryptWithEciesNistp256WithSha256(const OCTETSTRING& p__encryptedSecuredMessage, const OCTETSTRING& p__privateEncKey, const OCTETSTRING& p__publicEphemeralKeyCompressed, const INTEGER& p__ephemeralCompressedMode, const OCTETSTRING& p__encrypted__sym__key, const OCTETSTRING& p__authentication__vector, const OCTETSTRING& p__nonce, const OCTETSTRING& p__salt) {
+  OCTETSTRING fx__decryptWithEciesNistp256WithSha256(const OCTETSTRING& p__encryptedSecuredMessage, const OCTETSTRING& p__privateEncKey, const OCTETSTRING& p__publicEphemeralKeyCompressed, const INTEGER& p__ephemeralCompressedMode, const OCTETSTRING& p__encrypted__sym__key, const OCTETSTRING& p__authentication__vector, const OCTETSTRING& p__nonce, const OCTETSTRING& p__salt, OCTETSTRING& p__aes__sym__enc__key) {
    loggers::get_instance().log_msg(">>> fx__decryptWithEciesNistp256WithSha256: p__toBeEncryptedSecuredMessage: ", p__encryptedSecuredMessage);
    loggers::get_instance().log_msg(">>> fx__decryptWithEciesNistp256WithSha256: p__privateEncKey: ", p__privateEncKey);
    loggers::get_instance().log_msg(">>> fx__decryptWithEciesNistp256WithSha256: p__publicEphemeralKeyCompressed: ", p__publicEphemeralKeyCompressed);
@@ -849,6 +849,8 @@ namespace LibItsSecurity__Functions
      return OCTETSTRING(0, nullptr);
    }
    loggers::get_instance().log_msg("fx__decryptWithEciesNistp256WithSha256: dec message: ", message);
+    p__aes__sym__enc__key = ec.symmetric_encryption_key();
+    loggers::get_instance().log_msg("fx__decryptWithEciesNistp256WithSha256: AES 128 encryption key: ", p__aes__sym__enc__key);
    
    return message;
  }
@@ -960,7 +962,7 @@ namespace LibItsSecurity__Functions
    return enc_message;
  }
  
-  OCTETSTRING fx__decryptWithEciesBrainpoolp256WithSha256(const OCTETSTRING& p__encryptedSecuredMessage, const OCTETSTRING& p__privateEncKey, const OCTETSTRING& p__publicEphemeralKeyCompressed, const INTEGER& p__ephemeralCompressedMode, const OCTETSTRING& p__encrypted__sym__key, const OCTETSTRING& p__authentication__vector, const OCTETSTRING& p__nonce) {
+  OCTETSTRING fx__decryptWithEciesBrainpoolp256WithSha256(const OCTETSTRING& p__encryptedSecuredMessage, const OCTETSTRING& p__privateEncKey, const OCTETSTRING& p__publicEphemeralKeyCompressed, const INTEGER& p__ephemeralCompressedMode, const OCTETSTRING& p__encrypted__sym__key, const OCTETSTRING& p__authentication__vector, const OCTETSTRING& p__nonce, const OCTETSTRING& p__salt, OCTETSTRING& p__aes__sym__enc__key) {
    loggers::get_instance().log_msg(">>> fx__decryptWithEciesBrainpoolp256WithSha256: p__toBeEncryptedSecuredMessage: ", p__encryptedSecuredMessage);
    loggers::get_instance().log_msg(">>> fx__decryptWithEciesBrainpoolp256WithSha256: p__privateEncKey: ", p__privateEncKey);
    loggers::get_instance().log_msg(">>> fx__decryptWithEciesBrainpoolp256WithSha256: p__publicEphemeralKeyCompressed: ", p__publicEphemeralKeyCompressed);
@@ -968,6 +970,7 @@ namespace LibItsSecurity__Functions
    loggers::get_instance().log_msg(">>> fx__decryptWithEciesBrainpoolp256WithSha256: p__nonce: ", p__nonce);
    loggers::get_instance().log_msg(">>> fx__decryptWithEciesBrainpoolp256WithSha256: p__authentication__vector: ", p__authentication__vector);
    loggers::get_instance().log_msg(">>> fx__decryptWithEciesBrainpoolp256WithSha256: p__encrypted__sym__key: ", p__encrypted__sym__key);
+    loggers::get_instance().log_msg(">>> fx__decryptWithEciesBrainpoolp256WithSha256: p__salt", p__salt);

    // 1. Create security_ecc instance based on public ephemeral keys
    security_ecc ec(ec_elliptic_curves::brainpool_p_256_r1, p__privateEncKey);
@@ -990,6 +993,8 @@ namespace LibItsSecurity__Functions
      return OCTETSTRING(0, nullptr);
    }
    loggers::get_instance().log_msg("fx__decryptWithEciesBrainpoolp256WithSha256: dec message: ", message);
+    p__aes__sym__enc__key = ec.symmetric_encryption_key();
+    loggers::get_instance().log_msg("fx__decryptWithEciesBrainpoolp256WithSha256: AES 128 encryption key: ", p__aes__sym__enc__key);

    return message;
  }

--- a/ccsrc/Framework/src/params.cc
+++ b/ccsrc/Framework/src/params.cc
@@ -80,9 +80,9 @@ const std::string& params::uri = std::string("uri");
 const std::string& params::host = std::string("host");
 const std::string& params::content_type = std::string("content_type");

-const std::string& params::sip_url = std::string("sip_url");
-const std::string& params::sip_version = std::string("sip_version");
-const std::string& params::payload = std::string("payload");
+//const std::string& params::sip_url = std::string("sip_url");
+//const std::string& params::sip_version = std::string("sip_version");
+//const std::string& params::payload = std::string("payload");

 const std::string& params::codecs = std::string("codecs");


--- a/ccsrc/Protocols/Commsignia/commsignia_layer.cc
+++ b/ccsrc/Protocols/Commsignia/commsignia_layer.cc
@@ -91,25 +91,25 @@ void commsignia_layer::receive_data(OCTETSTRING& data, params& params) {
  
  const unsigned char* p = static_cast<const unsigned char *>(data);

-  const commsignia_layer::c2p_recv* r = (const commsignia_layer::c2p_recv*)p;
-  loggers::get_instance().log("commsignia_layer::receive_data: version=%02x", r->version);
-  loggers::get_instance().log("commsignia_layer::receive_data: timestamp1=%08x", ntohl(r->timestamp_sec));
-  loggers::get_instance().log("commsignia_layer::receive_data: timestamp2=%08x", ntohl(r->timestamp_msec));
-  loggers::get_instance().log("commsignia_layer::receive_data: timestamp2=%08x", ntohl(r->timestamp_msec));
-  loggers::get_instance().log("commsignia_layer::receive_data: antenna=%02x", r->antenna);
-  loggers::get_instance().log("commsignia_layer::receive_data: rssi_ant2=%02x", r->rssi_ant2);
-  loggers::get_instance().log("commsignia_layer::receive_data: noise_ant1=%02x", r->noise_ant1);
-  loggers::get_instance().log("commsignia_layer::receive_data: noise_ant2=%02x", r->noise_ant2);
+  const commsignia_layer::c2p_s_v1_tx_t* r = (const commsignia_layer::c2p_s_v1_tx_t*)p;
+  loggers::get_instance().log("commsignia_layer::receive_data: version=%02x", r->s_header.u8_ver_type);
+  loggers::get_instance().log("commsignia_layer::receive_data: timestamp1=%08x", ntohl(r->s_header.u32_tst_sec));
+  loggers::get_instance().log("commsignia_layer::receive_data: timestamp2=%08x", ntohl(r->s_header.u32_tst_msec));
+  loggers::get_instance().log("commsignia_layer::receive_data: primary_channel=%08x", ntohl(r->u8_primary_channel));
+  loggers::get_instance().log("commsignia_layer::receive_data: secondary_channel=%08x", ntohl(r->u8_secondary_channel));
+  loggers::get_instance().log("commsignia_layer::receive_data: antenna=%02x", r->u8_antenna);
+  loggers::get_instance().log("commsignia_layer::receive_data: s8_tssi_ant_1=%d", r->s8_tssi_ant_1);
+  loggers::get_instance().log("commsignia_layer::receive_data: s8_tssi_ant_2=%d", r->s8_tssi_ant_2);
  // Filtering on antenna index
-  loggers::get_instance().log("commsignia_layer::receive_data: compare %02x with %02x", r->antenna, static_cast<unsigned char>(std::strtoul(_params[params::interface_id].c_str(), NULL, 10)));
-  if (r->antenna != static_cast<unsigned char>(std::strtoul(_params[params::interface_id].c_str(), NULL, 10))) {
+  loggers::get_instance().log("commsignia_layer::receive_data: compare %02x with %02x", r->u8_antenna, static_cast<unsigned char>(std::stoi(_params[params::interface_id])));
+  if (r->u8_antenna != std::stoi(_params[params::interface_id])) {
    // Discard packet
    loggers::get_instance().warning("commsignia_layer::receive_data: Discard packet due to wrong antenna id");
    return;
  } // else, continue

-  const commsignia_layer::c2p_802_11p_hdr* h = (const commsignia_layer::c2p_802_11p_hdr*)(p + sizeof(commsignia_layer::c2p_recv));
-  //loggers::get_instance().log("commsignia_layer::receive_data: frame_ctrl=%04x", ntohs(h->frame_ctrl));
+  const commsignia_layer::c2p_802_11p_hdr* h = (const commsignia_layer::c2p_802_11p_hdr*)(p + sizeof(commsignia_layer::c2p_s_v1_tx_t));
+  loggers::get_instance().log("commsignia_layer::receive_data: frame_ctrl=%04x", ntohs(h->frame_ctrl));
  OCTETSTRING dst = OCTETSTRING(6, (const unsigned char*)&h->dst_addr);
  loggers::get_instance().log_msg("commsignia_layer::receive_data: dst: ", dst);
  OCTETSTRING src = OCTETSTRING(6, (const unsigned char*)&h->src_addr);
@@ -124,15 +124,16 @@ void commsignia_layer::receive_data(OCTETSTRING& data, params& params) {
  const commsignia_layer::c2p_llc_hdr* l;
  int length;
  if ((ntohs(h->frame_ctrl) & 0xf000) == 0x8000) {
-    l = (const commsignia_layer::c2p_llc_hdr*)(p + sizeof(commsignia_layer::c2p_recv) + sizeof(commsignia_layer::c2p_802_11p_hdr) + sizeof(commsignia_layer::c2p_qos_ctrl));
-    length = sizeof(commsignia_layer::c2p_recv) + sizeof(commsignia_layer::c2p_802_11p_hdr) + sizeof(commsignia_layer::c2p_qos_ctrl) + sizeof(commsignia_layer::c2p_llc_hdr);
+    l = (const commsignia_layer::c2p_llc_hdr*)(p + sizeof(commsignia_layer::c2p_s_v1_tx_t) + sizeof(commsignia_layer::c2p_802_11p_hdr) + sizeof(commsignia_layer::c2p_qos_ctrl));
+    length = sizeof(commsignia_layer::c2p_s_v1_tx_t) + sizeof(commsignia_layer::c2p_802_11p_hdr) + sizeof(commsignia_layer::c2p_qos_ctrl) + sizeof(commsignia_layer::c2p_llc_hdr);
  } else {
-    l = (const commsignia_layer::c2p_llc_hdr*)(p + sizeof(commsignia_layer::c2p_recv) + sizeof(commsignia_layer::c2p_802_11p_hdr));
-    length = sizeof(commsignia_layer::c2p_recv) + sizeof(commsignia_layer::c2p_802_11p_hdr) + sizeof(commsignia_layer::c2p_llc_hdr);
+    l = (const commsignia_layer::c2p_llc_hdr*)(p + sizeof(commsignia_layer::c2p_s_v1_tx_t) + sizeof(commsignia_layer::c2p_802_11p_hdr));
+    length = sizeof(commsignia_layer::c2p_s_v1_tx_t) + sizeof(commsignia_layer::c2p_802_11p_hdr) + sizeof(commsignia_layer::c2p_llc_hdr);
  }
  loggers::get_instance().log("commsignia_layer::receive_data: dsap=%02x", l->dsap);
  loggers::get_instance().log("commsignia_layer::receive_data: ssap=%02x", l->ssap);
  loggers::get_instance().log("commsignia_layer::receive_data: type=%04x", l->type);
+
  // Check ether type
  if ((_eth_type[1] == (unsigned char)((l->type & 0xff00) >> 8)) && (_eth_type[0] == (unsigned char)(l->type & 0xff))) { // Warning: Network ordered bytes
    // Extract payload

--- a/ccsrc/Protocols/Commsignia/commsignia_layer.hh
+++ b/ccsrc/Protocols/Commsignia/commsignia_layer.hh
@@ -24,28 +24,28 @@ class commsignia_layer : public layer {
  static constexpr unsigned char LL_ORG_CODE_LENGTH = 3;
  
  /**
-   * \struct C2P packet description: Version 1, packet type: RX
+   * \struct C2P packet description
   */
  typedef struct {
-    unsigned char version;
-    unsigned int timestamp_sec;
-    unsigned int timestamp_msec;
-    unsigned char primary_channel;
-    unsigned char secondary_channel;
-    unsigned char used_iface;
-    unsigned char data_rate;
-    unsigned char antenna;
-    unsigned int latitude;
-    unsigned int longitude;
-    unsigned short speed;
-    unsigned short heading;
-    unsigned char rssi_ant1;
-    unsigned char rssi_ant2;
-    unsigned char noise_ant1;
-    unsigned char noise_ant2;
-    unsigned short cbr_ant1;
-    unsigned short cbr_ant2;
-  } __attribute__((__packed__)) c2p_recv;
+    unsigned char u8_ver_type;
+    unsigned int u32_tst_sec;
+    unsigned int u32_tst_msec;
+  } c2p_s_header_t;
+  typedef struct {
+    c2p_s_header_t s_header;
+    unsigned char u8_primary_channel;
+    unsigned char u8_secondary_channel;
+    unsigned char u8_used_interface;
+    unsigned char u8_data_rate;
+    unsigned char u8_antenna;
+    int s32_latitude;
+    int s32_longitude;
+    unsigned short u16_speed;
+    unsigned short u16_heading;
+    signed char s8_txp;
+    signed char s8_tssi_ant_1;
+    signed char s8_tssi_ant_2;
+  } c2p_s_v1_tx_t;

  /**
   * \struct Injected data header
@@ -73,7 +73,7 @@ class commsignia_layer : public layer {
  } __attribute__((__packed__)) c2p_llc_hdr;

  params _params;                       //! Layer parameters
-  c2p_recv _c2p_recv;                   //! \todo
+  c2p_s_v1_tx_t _c2p_recv;              //! \todo
  c2p_802_11p_hdr _802_11p_hdr;         //! \todo
  c2p_llc_hdr _c2p_llc_hdr;             //! \todo
  std::vector<unsigned char> _mac_src;  //! Used to optimize filtering on source mac address in \see commsignia_layer::receive_data method

--- a/ccsrc/Protocols/Security/certificates_loader.cc
+++ b/ccsrc/Protocols/Security/certificates_loader.cc
@@ -17,11 +17,11 @@
 certificates_loader * certificates_loader::instance = nullptr;

 certificates_loader::certificates_loader(): _certificateExt{".oer"}, _privateKeyExt{".vkey"}, _privateEncKeyExt{".ekey"}, _full_path(), _is_cache_initialized{false}, _directory_filter{".svn", "._.DS_Store", ".DS_Store"} {
-  loggers::get_instance().log(">>> certificates_loader::certificates_loader");
+  //loggers::get_instance().log(">>> certificates_loader::certificates_loader");
 } // End of ctor

 int certificates_loader::build_path(const std::string& p_root_directory) {
-  loggers::get_instance().log(">>> certificates_loader::build_path: '%s'", p_root_directory.c_str());
+  //loggers::get_instance().log(">>> certificates_loader::build_path: '%s'", p_root_directory.c_str());

  // Build full path
  if (!p_root_directory.empty()) {
@@ -38,7 +38,7 @@ int certificates_loader::build_path(const std::string& p_root_directory) {
    _full_path = "./";
  }
  std::experimental::filesystem::canonical(_full_path);
-  loggers::get_instance().log("certificates_loader::build_path: full path: %s", _full_path.string().c_str());
+  //loggers::get_instance().log("certificates_loader::build_path: full path: %s", _full_path.string().c_str());
  if (!std::experimental::filesystem::exists(_full_path)) {
    loggers::get_instance().warning("certificates_loader::build_path: Invalid path");
    _full_path.clear();
@@ -49,7 +49,7 @@ int certificates_loader::build_path(const std::string& p_root_directory) {
 } // End of method build_path

 int certificates_loader::load_certificates(std::map<std::string, std::unique_ptr<security_db_record> >& p_certificates, std::map<OCTETSTRING/*std::vector<unsigned char>*/, std::string, security_cache_comp>& p_hashed_id8s) {
-  loggers::get_instance().log(">>> certificates_loader::load_certificates");
+  //loggers::get_instance().log(">>> certificates_loader::load_certificates");

  // Sanity check
  if (_is_cache_initialized) {
@@ -74,7 +74,7 @@ int certificates_loader::load_certificates(std::map<std::string, std::unique_ptr
 } // End of method load_certificates

 int certificates_loader::retrieve_certificates_list(std::set<std::experimental::filesystem::path>& p_files) {
-  loggers::get_instance().log(">>> certificates_loader::retrieve_certificates_list");
+  //loggers::get_instance().log(">>> certificates_loader::retrieve_certificates_list");

  // Walk through directories
  std::set<std::experimental::filesystem::path> folders;
@@ -104,13 +104,13 @@ int certificates_loader::retrieve_certificates_list(std::set<std::experimental::
      if (std::experimental::filesystem::is_regular_file(it)) {
        //loggers::get_instance().log("certificates_loader::retrieve_certificates_list: Check extension '%s'", it.path().extension().string().c_str());
        if (it.path().extension().string().compare(_certificateExt) == 0) {
-          loggers::get_instance().log("certificates_loader::retrieve_certificates_list: Add file '%s'", it.path().filename().string().c_str());
+          //loggers::get_instance().log("certificates_loader::retrieve_certificates_list: Add file '%s'", it.path().filename().string().c_str());
          p_files.insert(it);
        }
      }
    } // End of 'for' statement
  } // End of 'for' statement
-  loggers::get_instance().log("certificates_loader::retrieve_certificates_list: # of files to cache: %d", p_files.size());
+  //loggers::get_instance().log("certificates_loader::retrieve_certificates_list: # of files to cache: %d", p_files.size());
  if (p_files.size() == 0) {
    loggers::get_instance().warning("certificates_loader::retrieve_certificates_list: No certificate found");
    return -1;
@@ -120,7 +120,7 @@ int certificates_loader::retrieve_certificates_list(std::set<std::experimental::
 } // End of method retrieve_certificates_list

 int certificates_loader::build_certificates_cache(std::set<std::experimental::filesystem::path>& p_files, std::map<std::string, std::unique_ptr<security_db_record> >& p_certificates, std::map<OCTETSTRING/*std::vector<unsigned char>*/, std::string, security_cache_comp>& p_hashed_id8s) {
-  loggers::get_instance().log(">>> certificates_loader::build_certificates_cache");
+  //loggers::get_instance().log(">>> certificates_loader::build_certificates_cache");

  std::set<std::experimental::filesystem::path>::const_iterator it = p_files.cbegin();
  std::pair<std::map<std::string, std::unique_ptr<security_db_record> >::iterator, bool> result;
@@ -128,7 +128,7 @@ int certificates_loader::build_certificates_cache(std::set<std::experimental::fi
    loggers::get_instance().log("certificates_loader::build_certificates_cache: Caching '%s'", it->string().c_str());
    std::experimental::filesystem::path p = *it;
    const std::string& key = p.stem();
-    loggers::get_instance().log("certificates_loader::build_certificates_cache: Key = '%s'", key.c_str());
+    //loggers::get_instance().log("certificates_loader::build_certificates_cache: Key = '%s'", key.c_str());

    // Load certificate file
    it = p_files.find(p.replace_extension(_certificateExt));
@@ -136,7 +136,7 @@ int certificates_loader::build_certificates_cache(std::set<std::experimental::fi
      loggers::get_instance().warning("certificates_loader::build_certificates_cache: Certificate file not found for '%s'", key.c_str());
      return -1;
    }
-    loggers::get_instance().log("certificates_loader::build_certificates_cache: Caching certificate '%s'", it->string().c_str());
+    //loggers::get_instance().log("certificates_loader::build_certificates_cache: Caching certificate '%s'", it->string().c_str());
    std::ifstream is(it->string(), ios::in | ios::binary);
    if (!is.is_open()) {
      loggers::get_instance().warning("certificates_loader::build_certificates_cache: Failed to open certificate file");
@@ -151,7 +151,7 @@ int certificates_loader::build_certificates_cache(std::set<std::experimental::fi
    // Load private key file
    OCTETSTRING private_key;
    p = p.replace_extension(_privateKeyExt);
-    loggers::get_instance().log("certificates_loader::build_certificates_cache: Caching private keys '%s'", p.string().c_str());
+    //loggers::get_instance().log("certificates_loader::build_certificates_cache: Caching private keys '%s'", p.string().c_str());
    is.open(p, ios::in | ios::binary);
    if (!is.is_open()) {
      loggers::get_instance().warning("certificates_loader::build_certificates_cache: Failed to open Private key");
@@ -170,7 +170,7 @@ int certificates_loader::build_certificates_cache(std::set<std::experimental::fi
    // Load private encryption key file if present
    OCTETSTRING private_enc_key;
    p = p.replace_extension(_privateEncKeyExt);
-    loggers::get_instance().log("certificates_loader::build_certificates_cache: Caching private encryption key '%s'", p.string().c_str());
+    //loggers::get_instance().log("certificates_loader::build_certificates_cache: Caching private encryption key '%s'", p.string().c_str());
    is.open(p, ios::in | ios::binary);
    if (!is.is_open()) {
      loggers::get_instance().warning("certificates_loader::build_certificates_cache: Failed to open Private encryption key file");
@@ -194,7 +194,7 @@ int certificates_loader::build_certificates_cache(std::set<std::experimental::fi
      loggers::get_instance().warning("certificates_loader::build_certificates_cache: Failed to decode certificate for '%s'", key.c_str());
      return -1;
    } else {
-      loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: Decoded certificate: ", decoded_certificate);
+      //loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: Decoded certificate: ", decoded_certificate);
      // Prepare all fields
      if (!decoded_certificate.toBeSigned().verifyKeyIndicator().ischosen(IEEE1609dot2::VerificationKeyIndicator::ALT_verificationKey)) {
        loggers::get_instance().warning("certificates_loader::build_certificates_cache: Wrong VerificationKeyIndicator variant for '%s'", key.c_str());
@@ -214,9 +214,9 @@ int certificates_loader::build_certificates_cache(std::set<std::experimental::fi
        IEEE1609dot2BaseTypes::EccP384CurvePoint& p = b.ecdsaBrainpoolP384r1();
        fill_public_key_vectors(ec_elliptic_curves::brainpool_p_384_r1, p, public_comp_key, public_key_x, public_key_y);
      }
-      loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: public_key_x: ", public_key_x);
-      loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: public_key_y: ", public_key_y);
-      loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: public_comp_key: ", public_comp_key);
+      //loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: public_key_x: ", public_key_x);
+      //loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: public_key_y: ", public_key_y);
+      //loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: public_comp_key: ", public_comp_key);
      
      OCTETSTRING public_enc_key_x;
      OCTETSTRING public_enc_key_y;
@@ -231,9 +231,9 @@ int certificates_loader::build_certificates_cache(std::set<std::experimental::fi
          IEEE1609dot2BaseTypes::EccP256CurvePoint& p = v.publicKey().eciesBrainpoolP256r1();
          fill_public_key_vectors(ec_elliptic_curves::brainpool_p_256_r1, p, public_enc_comp_key, public_enc_key_x, public_enc_key_y);
        }
-        loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: public_enc_key_x: ", public_enc_key_x);
-        loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: public_enc_key_y: ", public_enc_key_y);
-        loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: public_enc_comp_key: ", public_enc_comp_key);
+        //loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: public_enc_key_x: ", public_enc_key_x);
+        //loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: public_enc_key_y: ", public_enc_key_y);
+        //loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: public_enc_comp_key: ", public_enc_comp_key);
      } else {
        public_enc_key_x = OCTETSTRING(0, nullptr);
        public_enc_key_y = OCTETSTRING(0, nullptr);
@@ -259,11 +259,11 @@ int certificates_loader::build_certificates_cache(std::set<std::experimental::fi
        if (decoded_certificate.issuer().self__() == IEEE1609dot2BaseTypes::HashAlgorithm::sha256) {
          sha256 sha;
          sha.generate(certificate, hash);
-          loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: Whole-certificate SHA-256 hash: ", hash);
+          //loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: Whole-certificate SHA-256 hash: ", hash);
        } else {
          sha384 sha;
          sha.generate(certificate, hash);
-          loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: Whole-certificate SHA-384 hash: ", hash);
+          //loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: Whole-certificate SHA-384 hash: ", hash);
        }
        hashed_id = OCTETSTRING(8, static_cast<const unsigned char*>(hash) + hash.lengthof() - 8);
        issuer = hashed_id;
@@ -272,9 +272,9 @@ int certificates_loader::build_certificates_cache(std::set<std::experimental::fi
        hashed_id = int2oct(0, 8);
        issuer = int2oct(0, 8);
      }
-      loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: hash: ", hash);
-      loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: hashed_id: ", hashed_id);
-      loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: issuer: ", issuer);
+      //loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: hash: ", hash);
+      //loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: hashed_id: ", hashed_id);
+      //loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: issuer: ", issuer);
      
      // Create new record
      security_db_record* p = new security_db_record(
@@ -299,8 +299,8 @@ int certificates_loader::build_certificates_cache(std::set<std::experimental::fi
        delete p;
        return -1;
      }
-      loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: add key: ", result.first->second.get()->hashed_id());
-      loggers::get_instance().log("certificates_loader::build_certificates_cache: for : %s", result.first->first.c_str());
+      //loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: add key: ", result.first->second.get()->hashed_id());
+      //loggers::get_instance().log("certificates_loader::build_certificates_cache: for : %s", result.first->first.c_str());
      p_hashed_id8s.insert(std::pair<OCTETSTRING, std::string>(result.first->second.get()->hashed_id(), result.first->first));
      /*std::vector<unsigned char> v(static_cast<const unsigned char*>(result.first->second.get()->hashed_id()), result.first->second.get()->hashed_id().lengthof() + static_cast<const unsigned char*>(result.first->second.get()->hashed_id()));
      loggers::get_instance().log_to_hexa("security_cache::store_certificate: Converted hashed_id8: ", v.data(), v.size());
@@ -387,7 +387,7 @@ void certificates_loader::fill_public_key_vectors(const ec_elliptic_curves p_ell
  }
 }
 void certificates_loader::fill_public_key_vectors(const ec_elliptic_curves p_elliptic_curve, const IEEE1609dot2BaseTypes::EccP384CurvePoint& p_ecc_point, OCTETSTRING& p_public_comp_key, OCTETSTRING& p_public_key_x, OCTETSTRING& p_public_key_y) {
-  loggers::get_instance().log_msg(">>> certificates_loader::fill_public_key_vectors: ", p_ecc_point);
+  //loggers::get_instance().log_msg(">>> certificates_loader::fill_public_key_vectors: ", p_ecc_point);

  if (p_ecc_point.ischosen(IEEE1609dot2BaseTypes::EccP384CurvePoint::ALT_compressed__y__0)) {
    p_public_comp_key = int2oct(2, 1) + p_ecc_point.compressed__y__0();

--- a/ccsrc/Protocols/Tcp/tcp_layer.cc
+++ b/ccsrc/Protocols/Tcp/tcp_layer.cc
@@ -31,36 +31,36 @@ tcp_layer::tcp_layer(const std::string & p_type, const std::string & param) : la
    _params.insert(std::pair<std::string, std::string>(std::string("server"), "127.0.0.1")); // TODO Try using params::server instead of std::string("server")
  }
  if (!parameter_set(params::server.c_str(), _params[params::server].c_str())) {
-    loggers::get_instance().warning("tcp_layer::set_parameter: Unprocessed parameter: %s", params::server.c_str());
+    loggers::get_instance().warning("tcp_layer::tcp_layer: Unprocessed parameter: %s", params::server.c_str());
  }
  set_ssl_use_ssl(false);
  it = _params.find(params::use_ssl);
  if (it == _params.cend()) {
-    _params.insert(std::pair<std::string, std::string>(std::string("use_ssl"), "0"));
+    _params.insert(std::pair<std::string, std::string>(params::use_ssl, "0"));
  } else if (it->second.compare("1") == 0) {
    set_ssl_use_ssl(true);
  }
  it = _params.find(params::port);
  if (it == _params.cend()) {
    if (_params[params::use_ssl].compare("0") == 0) { // Use standard HTTP port
-      _params.insert(std::pair<std::string, std::string>(std::string("port"), "80"));
+      _params.insert(std::pair<std::string, std::string>(params::port, "80"));
    } else { // Use standard HTTPS port
-      _params.insert(std::pair<std::string, std::string>(std::string("port"), "443"));
+      _params.insert(std::pair<std::string, std::string>(params::port, "443"));
    }
  }
  if (!parameter_set(params::port.c_str(), _params[params::port].c_str())) {
-    loggers::get_instance().warning("tcp_layer::set_parameter: Unprocessed parameter: %s", params::port.c_str());
+    loggers::get_instance().warning("tcp_layer::tcp_layer: Unprocessed parameter: %s", params::port.c_str());
  }
  it = _params.find(params::local_port);
  if (it == _params.cend()) {
    if (_params[params::use_ssl].compare("0") == 0) { // Use standard HTTP local_port
-      _params.insert(std::pair<std::string, std::string>(std::string("local_port"), "80"));
+      _params.insert(std::pair<std::string, std::string>(params::local_port, "80"));
    } else { // Use standard HTTPS local_port
-      _params.insert(std::pair<std::string, std::string>(std::string("local_port"), "443"));
+      _params.insert(std::pair<std::string, std::string>(params::local_port, "443"));
    }
  }
  if (!parameter_set(params::local_port.c_str(), _params[params::local_port].c_str())) {
-    loggers::get_instance().warning("tcp_layer::set_parameter: Unprocessed parameter: %s", params::local_port.c_str());
+    loggers::get_instance().warning("tcp_layer::tcp_layer: Unprocessed parameter: %s", params::local_port.c_str());
  }

  parameter_set(use_connection_ASPs_name(), (!server_mode) ? "yes" : "no");
@@ -75,7 +75,8 @@ tcp_layer::tcp_layer(const std::string & p_type, const std::string & param) : la

  map_user();

-  if (!_reconnect_on_send) {
+  if (!_reconnect_on_send && (server_mode == 0)) {
+    loggers::get_instance().log("tcp_layer::tcp_layer: Establish connection: %s/%s", _params[params::server].c_str(), _params[params::port].c_str());
 	  open_client_connection(_params[params::server].c_str(), _params[params::port].c_str(), NULL, NULL);
  }
                                                                                                                                                            }

--- a/etc/AtsPki/AtsPki_Simu.cfg_
+++ b/etc/AtsPki/AtsPki_Simu.cfg_
@@ -23,7 +23,7 @@ LibItsSecurity_Pixits.PX_IUT_SEC_CONFIG_NAME := "asn1c_cert"

 LibItsHttp_Pics.PICS_HEADER_CONTENT_TYPE := "application/x-its-request"
 LibItsHttp_Pics.PICS_HEADER_HOST := "192.168.0.252"
-LibItsPki_Pics.PICS_HTTP_POST_URI := "/"
+LibItsPki_Pics.PICS_HTTP_POST_URI := "/ea/enrolment"
 #LibItsSecurity_Pics.PICS_SEC_FIXED_KEYS := true # Seed

 LibItsPki_Pics.PICS_IUT_ITS_S_ROLE   := true
@@ -41,6 +41,8 @@ LibItsPki_Pics.PICS_ITS_S_ENC_BRAINPOOLP384r1_PRIVATE_KEY  := '6B4B4392511B252C9
 LibItsPki_Pics.PICS_ITS_S_SIGN_BRAINPOOLP384r1_PRIVATE_KEY := '3CD977195A579787C84D5900F4CB6341E0C3D2750B140C5380E6F03CE3FBA0022F7541DEABDCED4790D313ED8F56ACA8'O;
 LibItsPki_Pics.PICS_ITS_S_SIGN_BRAINPOOLP384r1_PUBLIC_KEY  := '0243FF5C96984C2C3F5FD5C5F6551C90F5FAEE1E5E8301763E4AF1E9D627F3474E554B82EE98EC4B49808DFF61B35F8313'O;
 LibItsPki_Pics.PICS_ITS_S_CANONICAL_ID                     := '1B4CA1210123AE900BBE6C3EBAE7E87DA20DBDAB1E7B2EC0691C51C1021900AA'O;
+LibItsPki_Pics.PICS_TS_EA_CERTIFICATE_ID                   := "CERT_ATOS_EA"
+LibItsPki_Pics.PICS_TS_AA_CERTIFICATE_ID                   := "CERT_ATOS_AA"

 [LOGGING]
 # In this section you can specify the name of the log file and the classes of events
@@ -129,8 +131,9 @@ LogEventTypes:= Yes
 # its_aid = 36 CAM
 # its_aid = 37 DENM
 system.geoNetworkingPort.params := "GN(ll_address=4C5E0C14D2EB,latitude=43551050,longitude=10298730,distanceA=1500,distanceB=1500,angle=0,device_mode=0,secured_mode=1,its_aid=36,certificate=CERT_TS_A_AT,sec_db_path=/home/vagrant/tmp/asn1c_cert)/ETH(mac_src=e2b7b30429eb)/PCAP(mac_src=e2b7b30429eb,nic=eth1,filter=and ether proto 0x8947)"
+
 # Single HTTP component port
-system.httpPort.params := "HTTP(codecs=http_its:http_etsi_ieee1609dot2_codec)/TCP(server=192.168.0.252,use_ssl=0)"
+system.httpPort.params := "HTTP(codecs=http_its:http_etsi_ieee1609dot2_codec)/TCP(debug=1,server_mode=1,server=192.168.0.252,port=80,local_port=80,use_ssl=0)"

 # GeoNetworking UpperTester port based on UDP
 system.utPort.params := "UT_PKI/UDP(dst_ip=192.168.0.250,src_port=12345)"

--- a/etc/AtsSecurity/AtsSecurity.cfg
+++ b/etc/AtsSecurity/AtsSecurity.cfg
@@ -9,13 +9,19 @@
 #  stationType := e_roadSideUnit,
 #  stationCountryCode := 0, #33,
 #  mid := '080027425e63'O
-#}
+#} # Siemens
 #LibItsGeoNetworking_Pics.PICS_GN_LOCAL_GN_ADDR := {
 #  typeOfAddress := e_initial,
 #  stationType := e_passengerCar, #e_roadSideUnit,
 #  stationCountryCode := 0, #33,
 #  mid := 'BA749705A41D'O
 #} # Nordsys
+#LibItsGeoNetworking_Pics.PICS_GN_LOCAL_GN_ADDR := {
+#  typeOfAddress := e_initial,
+#  stationType := e_passengerCar, #e_roadSideUnit,
+#  stationCountryCode := 0, #33,
+#  mid := '000000000011'O
+#} # Commsignia
 LibItsGeoNetworking_Pics.PICS_GN_LOCAL_GN_ADDR := {
  typeOfAddress := e_initial,
  stationType := e_unknown, #e_roadSideUnit,
@@ -118,7 +124,7 @@ LogEventTypes:= Yes
 # its_aid = 36 CAM
 # its_aid = 37 DENM
 system.geoNetworkingPort.params := "GN(ll_address=4C5E0C14D2EB,latitude=43551050,longitude=10298730,distanceA=1500,distanceB=1500,angle=0,device_mode=0,secured_mode=1,its_aid=36,certificate=CERT_TS_A_AT,sec_db_path=/home/vagrant/tmp/asn1c_cert)/ETH(mac_src=e2b7b30429eb)/PCAP(mac_src=e2b7b30429eb,nic=eth1,filter=and ether proto 0x8947)"
-#system.geoNetworkingPort.params := "GN(ll_address=4C5E0C14D2EB,latitude=43551050,longitude=10298730,distanceA=1500,distanceB=1500,angle=0,device_mode=0,secured_mode=1,its_aid=36,certificate=CERT_TS_A_AT,sec_db_path=/home/vagrant/tmp/asn1c_cert)/COMMSIGNIA(mac_src=000000000011,target_host=10.8.0.1)/UDP(dst_ip=10.8.0.1,dst_port=7943,src_port=39474)"
+#system.geoNetworkingPort.params := "GN(ll_address=4C5E0C14D2EB,latitude=43551050,longitude=10298730,distanceA=1500,distanceB=1500,angle=0,device_mode=0,secured_mode=1,its_aid=36,certificate=CERT_TS_A_AT,sec_db_path=/home/vagrant/tmp/asn1c_cert)/COMMSIGNIA(mac_src=000000000011,target_host=10.8.0.1)/UDP(dst_ip=10.8.0.1,src_port=7943,dst_port=7943)"
 #system.geoNetworkingPort.params := "GN(ll_address=4C5E0C14D2EB,latitude=43551050,longitude=10298730,distanceA=1500,distanceB=1500,angle=0,device_mode=0,secured_mode=1,its_aid=36,certificate=CERT_TS_A_AT,sec_db_path=/home/vagrant/tmp/asn1c_cert)/COMMSIGNIA(mac_src=000000000011,target_host=10.8.0.1)/UDP_PCAP(dst_ip=10.8.0.1,dst_port=7943,src_ip=192.168.0.154,src_port=39474)/ETH(mac_src=0800275c4959,eth_type=0800)/PCAP(mac_src=0800275c4959,nic=tap0,filter=and (udp port 39474 or udp port 7943))"

 #system.geoNetworkingPort.params := "
@@ -132,25 +138,29 @@ system.geoNetworkingPort.params := "GN(ll_address=4C5E0C14D2EB,latitude=43551050
 # CAM UpperTester port based on UDP
 #system.camUtPort.params := "UT_CAM(loopback=1)"

-#system.denmUtPort.params := "UT_DENM/UDP(dst_ip=192.168.0.250)" # Simulator
-#system.camUtPort.params  := "UT_CAM/UDP(dst_ip=192.168.0.250)"
+system.denmUtPort.params := "UT_DENM/UDP(dst_ip=192.168.0.250)" # Simulator
+system.camUtPort.params  := "UT_CAM/UDP(dst_ip=192.168.0.250)"
 system.utPort.params  := "UT_GN/UDP(dst_ip=192.168.0.250,src_port=12345)"

 #system.denmUtPort.params := "UT_DENM/UDP(dst_ip=172.23.0.1,dst_port=8000)" # Nordsys
 #system.utPort.params     := "UT_CAM/UDP(dst_ip=172.28.128.4)"  # Simulator Siemens
 #system.camUtPort.params  := "UT_CAM/UDP(dst_ip=172.28.128.4)"  # Simulator Siemens

-#system.utPort.params     := "UT_CAM/UDP(dst_ip=10.8.0.1,dst_port=56000)" # Simulator Siemens
+#system.utPort.params     := "UT_CAM/UDP(dst_ip=10.8.0.1,dst_port=56000)" # Commsignia
 #system.camUtPort.params  := "UT_CAM/UDP(dst_ip=10.8.0.1,dst_port=56000)"
 #system.denmUtPort.params := "UT_DENM/UDP(dst_ip=10.8.0.1,dst_port=56000)"

 [EXECUTE]
+
+#ItsSecurity_TestCases.TC_SEC_ITSS_SND_GENMSG_01_BV
+#ItsSecurity_TestCases.TC_SEC_ITSS_SND_GENMSG_02_BV
+
 #Check that ITS-S sends a Ieee1609Dot2Data containing protocol version set to 3
 #ItsSecurity_TestCases.TC_SEC_ITSS_SND_MSG_01_BV

 # ------------------------- CAM ---------------------------
 # Check that IUT sends the secured CAM using SignedData container.
-#ItsSecurity_TestCases.TC_SEC_ITSS_SND_CAM_01_BV
+ItsSecurity_TestCases.TC_SEC_ITSS_SND_CAM_01_BV

 # Check that IUT sends the secured CAM containing the HeaderInfo field psid set to 'AID_CAM'.
 #ItsSecurity_TestCases.TC_SEC_ITSS_SND_CAM_02_BV
@@ -239,7 +249,7 @@ system.utPort.params  := "UT_GN/UDP(dst_ip=192.168.0.250,src_port=12345)"

 # Check that the IUT sends the secured CAM signed with the certificate containing appPermisions 
 #	allowing to sign CA messages
-ItsSecurity_TestCases.TC_SEC_ITSS_SND_CAM_20_BV
+#ItsSecurity_TestCases.TC_SEC_ITSS_SND_CAM_20_BV

 # Check that IUT sends the secured CAM containing signature;
 # Check that the signature is calculated over the right fields 
@@ -258,12 +268,15 @@ ItsSecurity_TestCases.TC_SEC_ITSS_SND_CAM_20_BV
 #ItsSecurity_TestCases.TC_SEC_ITSS_SND_CAM_24_BV

 # Check that IUT doesn't send secured CAMs if all AT certificates installed on the IUT was expired.
+#ItsSecurity_Pics.PICS_CERTFICATE_ID_VARIANT := "CERT_IUT_A1_AT"
 #ItsSecurity_TestCases.TC_SEC_ITSS_SND_CAM_25_BV

 # Check that IUT doesn't send secured CAMs if all AT certificates installed on the IUT have the starting time in the future. 
+#ItsSecurity_Pics.PICS_CERTFICATE_ID_VARIANT := "CERT_IUT_A2_AT"
 #ItsSecurity_TestCases.TC_SEC_ITSS_SND_CAM_26_BV

 # Check that IUT doesn't send secured CAMs if IUT doesn't possess an AT certificate allowing sending CAM by its appPermissions. 
+#ItsSecurity_Pics.PICS_CERTFICATE_ID_VARIANT := "CERT_IUT_A3_AT"
 #ItsSecurity_TestCases.TC_SEC_ITSS_SND_CAM_27_BV

 #--------------------------------------- DENM ------------------------------------------            

--- a/etc/TestCodec/TestCodec.cfg
+++ b/etc/TestCodec/TestCodec.cfg
@@ -287,7 +287,7 @@ system.pkiPort.params := "PKI/HTTP(device_mode=1,uri=/its/inner_ec_request,host=
 # Security Functions
 #TestCodec_SecuredFuntions.tc_sha256_1
 #TestCodec_SecuredFuntions.tc_sha256_2
-TestCodec_SecuredFuntions.tc_sha256_3
+#TestCodec_SecuredFuntions.tc_sha256_3
 #TestCodec_SecuredFuntions.tc_sha384_1
 #TestCodec_SecuredFuntions.tc_f_generate_key_pair_1
 #TestCodec_SecuredFuntions.tc_f_generate_key_pair_2
@@ -353,6 +353,8 @@ TestCodec_SecuredFuntions.tc_sha256_3
 #TestCodec_SignedAndEncryptedMessages.tc_decrypted_signed_message_2
 #TestCodec_SignedAndEncryptedMessages.tc_decrypted_signed_message_3
 #TestCodec_SignedAndEncryptedMessages.tc_decrypted_signed_message_4
+TestCodec_SignedAndEncryptedMessages.tc_decrypted_signed_message_5
+
 # Pki
 #TestCodec_Pki.tc_encode_inner_ec_response_1
 #TestCodec_Pki.tc_decode_inner_ec_response_1

--- a/ttcn/AtsPki/ItsPki_TestCases.ttcn
+++ b/ttcn/AtsPki/ItsPki_TestCases.ttcn
--- a/ttcn/AtsSecurity/ItsSecurity_Pics.ttcn
+++ b/ttcn/AtsSecurity/ItsSecurity_Pics.ttcn
@@ -19,11 +19,6 @@ module ItsSecurity_Pics {
    // LibItsSecurity
    import from LibItsSecurity_TypesAndValues all;
    
-    /**
-     * @desc Certificate identifier to be used for X_CERTFICATE variant
-     */
-    modulepar charstring PICS_CERTFICATE_ID_VARIANT := "CERT_IUT_A_AT";
-    
    // TODO To be removed
    type record certificates_foi {
        charstring certificate_id,
@@ -35,10 +30,25 @@ module ItsSecurity_Pics {
    type record of certificates_foi certificates_fois;
    
    modulepar certificates_fois PICS_CERTFICATES_FOI := {
-        { cc_iutCert_A, sha256, '0000000000000000'O, '0000000000000000'O, omit }, // CERT_IUT_A_AT
-        { cc_iutCert_B, sha256, '0000000000000000'O, '0000000000000000'O, { circularRegion := { center := {0, 0}, radius := 1000 } } } // CERT_IUT_B_AT
+        { cc_iutCert_A, sha256, '132F6D7C720A5842'O, 'FDB31632AA818555'O, omit }, // CERT_IUT_A_AT
+        { cc_iutCert_B, sha256, '132F6D7C720A5842'O, '49B38C9D78F1D15F'O, { circularRegion := { center := {436169490, 70533080}, radius := 5000 } } }, // CERT_IUT_B_AT
+        { cc_iutCert_C, sha256, '132F6D7C720A5842'O, 'CD18C86AAD7DD98A'O, { rectangularRegion := { { northWest := { latitude := 436618657, longitude := 70083912 }, southEast := { latitude := 435720322, longitude := 70982247 } } } } }, // CERT_IUT_C_AT
+
+        { cc_taCert_A1, sha256, '132F6D7C720A5842'O, '0731A79117EC8EA3'O, omit }, // CERT_IUT_A1_AT
+        { cc_taCert_A2, sha256, 'EAD511CE275218DB'O, '66D15FED208987BB'O, omit }, // CERT_IUT_A2_AT
+        { cc_taCert_A3, sha256, '132F6D7C720A5842'O, '78314F0491003AE9'O, omit }, // CERT_IUT_A3_AT
+
+
+        { cc_taCert_C1, sha256, '1209FC3CA338A976'O, '3084363C0852B755'O, omit }, // CERT_IUT_C1_AT
+        { cc_taCert_CA1, sha256, '1209FC3CA338A976'O, '4CE850DAA5DA7F60'O, omit }, // CERT_IUT_CA1_AT