Add BrainpoolP256r1 encryption support in AtsPki (f3d805a9) · Commits · ITS - Intelligent Transport Systems / ITS

ccsrc/Externals/LibItsSecurity_externals.cc

+79 −23

Original line number	Diff line number	Diff line
		@@ -853,57 +853,113 @@ namespace LibItsSecurity__Functions
		return message;
		}

		OCTETSTRING fx__encryptWithEciesBrainpoolp256WithSha256(const OCTETSTRING& p__toBeEncryptedSecuredMessage, const OCTETSTRING& p__recipientsPublicKeyCompressed, const INTEGER& p__compressedMode, OCTETSTRING& p__publicEphemeralKeyCompressed, INTEGER& p__ephemeralCompressedMode, OCTETSTRING& p__aes__sym__key, OCTETSTRING& p__encrypted__sym__key, OCTETSTRING& p__authentication__vector, OCTETSTRING& p__nonce) {
		OCTETSTRING fx__encryptWithEciesBrainpoolp256WithSha256(const OCTETSTRING& p__toBeEncryptedSecuredMessage, const OCTETSTRING& p__recipientsPublicKeyCompressed, const INTEGER& p__compressedMode, const OCTETSTRING& p__salt, OCTETSTRING& p__publicEphemeralKeyCompressed, INTEGER& p__ephemeralCompressedMode,OCTETSTRING& p__aes__sym__key, OCTETSTRING& p__encrypted__sym__key, OCTETSTRING& p__authentication__vector, OCTETSTRING& p__nonce, const BOOLEAN& p__use__hardcoded__values) {
		loggers::get_instance().log_msg(">>> fx__encryptWithEciesBrainpoolp256WithSha256: p__toBeEncryptedSecuredMessage: ", p__toBeEncryptedSecuredMessage);
		loggers::get_instance().log_msg(">>> fx__encryptWithEciesBrainpoolp256WithSha256: p__recipientsPublicKeyCompressed: ", p__recipientsPublicKeyCompressed);
		loggers::get_instance().log(">>> fx__encryptWithEciesBrainpoolp256WithSha256: p__compressedMode: %d", static_cast<int>(p__compressedMode));
		loggers::get_instance().log_msg(">>> fx__encryptWithEciesBrainpoolp256WithSha256: p__salt: ", p__salt);
		loggers::get_instance().log(">>> fx__encryptWithEciesBrainpoolp256WithSha256: p__use__hardcoded__values: %x", static_cast<const boolean>(p__use__hardcoded__values));

		// 1. Generate new ephemeral Private/Public keys
		security_ecc ec(ec_elliptic_curves::brainpool_p_256_r1);
		if (ec.generate() == -1) {
		loggers::get_instance().warning(": Failed to generate ephemeral keys");
		// 1. Generate new Private/Public Ephemeral key
		std::unique_ptr<security_ecc> ec;
		if (!static_cast<const boolean>(p__use__hardcoded__values)) {
		ec.reset(new security_ecc(ec_elliptic_curves::brainpool_p_256_r1));
		if (ec->generate() == -1) {
		loggers::get_instance().warning("fx__encryptWithEciesBrainpoolp256WithSha256: Failed to generate ephemeral keys");
		return OCTETSTRING(0, nullptr);
		}
		// 2. Generate and derive shared secret
		} else {
		ec.reset(new security_ecc(ec_elliptic_curves::brainpool_p_256_r1, str2oct("0722B39ABC7B6C5301CA0408F454F81553D7FE59F492DBF385B6B6D1F81E0F68"))); // Hardcoded private key
		}
		// 2. Generate and derive shared secret based on recipient's private keys
		security_ecc ec_comp(ec_elliptic_curves::brainpool_p_256_r1, p__recipientsPublicKeyCompressed, (static_cast<int>(p__compressedMode) == 0) ? ecc_compressed_mode::compressed_y_0 : ecc_compressed_mode::compressed_y_1);
		if (ec.generate_and_derive_ephemeral_key(encryption_algotithm::aes_128_ccm, ec_comp.public_key_x(), ec_comp.public_key_y(), OCTETSTRING(0, nullptr)) == -1) {
		if (static_cast<const boolean>(p__use__hardcoded__values)) { // Set AES encryption key to an harcoded value
		ec->symmetric_encryption_key(str2oct("5A4E63B247C714644E85CAC49BD26C81"));
		}
		if (ec->generate_and_derive_ephemeral_key(encryption_algotithm::aes_128_ccm, ec_comp.public_key_x(), ec_comp.public_key_y(), p__salt) == -1) {
		loggers::get_instance().warning("fx__encryptWithEciesBrainpoolp256WithSha256: Failed to generate and derive secret key");
		return OCTETSTRING(0, nullptr);
		}

		// Set the AES symmetric key
		loggers::get_instance().log_msg("fx__encryptWithEciesBrainpoolp256WithSha256: AES symmetric key: ", ec.symmetric_encryption_key());
		p__aes__sym__key = ec.symmetric_encryption_key();
		loggers::get_instance().log_msg("fx__encryptWithEciesBrainpoolp256WithSha256: AES symmetric key: ", ec->symmetric_encryption_key());
		p__aes__sym__key = ec->symmetric_encryption_key();
		loggers::get_instance().log_msg("fx__encryptWithEciesBrainpoolp256WithSha256: p__aes__sym__key: ", p__aes__sym__key);
		// Set the encrypted symmetric key
		loggers::get_instance().log_msg("fx__encryptWithEciesBrainpoolp256WithSha256: Symmetric encryption key: ", ec.symmetric_encryption_key());
		p__encrypted__sym__key = ec.encrypted_symmetric_key();
		loggers::get_instance().log_msg("fx__encryptWithEciesNistp256WithSha256: p__encrypted__sym__key: ", p__encrypted__sym__key);
		loggers::get_instance().log_msg("fx__encryptWithEciesBrainpoolp256WithSha256: Encrypted symmetric key: ", ec->encrypted_symmetric_key());
		p__encrypted__sym__key = ec->encrypted_symmetric_key();
		loggers::get_instance().log_msg("fx__encryptWithEciesBrainpoolp256WithSha256: p__encrypted__sym__key: ", p__encrypted__sym__key);
		// Set the tag of the symmetric key encryption
		p__authentication__vector = ec.tag();
		p__authentication__vector = ec->tag();
		loggers::get_instance().log_msg("fx__encryptWithEciesBrainpoolp256WithSha256: p__authentication__vector: ", p__authentication__vector);
		// Set ephemeral public keys
		p__publicEphemeralKeyCompressed = ec.public_key_compressed();
		p__publicEphemeralKeyCompressed = ec->public_key_compressed();
		loggers::get_instance().log_msg("fx__encryptWithEciesBrainpoolp256WithSha256: Ephemeral public compressed key: ", p__publicEphemeralKeyCompressed);
		p__ephemeralCompressedMode = (ec.public_key_compressed_mode() == ecc_compressed_mode::compressed_y_0) ? 0 : 1;
		p__ephemeralCompressedMode = (ec->public_key_compressed_mode() == ecc_compressed_mode::compressed_y_0) ? 0 : 1;
		loggers::get_instance().log("fx__encryptWithEciesBrainpoolp256WithSha256: Ephemeral public compressed mode: %d: ", p__ephemeralCompressedMode);
		// 3. Retrieve AES 128 parameters
		p__nonce = ec.nonce();
		p__nonce = ec->nonce();
		loggers::get_instance().log_msg("fx__encryptWithEciesBrainpoolp256WithSha256: p__nonce: ", p__nonce);
		OCTETSTRING enc_symm_key = ec.symmetric_encryption_key();
		loggers::get_instance().log_msg(": enc_symm_key: ", enc_symm_key);
		// 4. Encrypt the data using AES-128 CCM
		OCTETSTRING enc_message;
		if (ec.encrypt(encryption_algotithm::aes_128_ccm, ec.symmetric_encryption_key(), ec.nonce(), p__toBeEncryptedSecuredMessage, enc_message) == -1) {
		if (ec->encrypt(encryption_algotithm::aes_128_ccm, ec->symmetric_encryption_key(), ec->nonce(), p__toBeEncryptedSecuredMessage, enc_message) == -1) {
		loggers::get_instance().warning("fx__encryptWithEciesBrainpoolp256WithSha256: Failed to encrypt message");
		return OCTETSTRING(0, nullptr);
		}
		enc_message += ec.tag();
		enc_message += ec->tag();
		loggers::get_instance().log_to_hexa("fx__encryptWithEciesBrainpoolp256WithSha256: enc message\|\|Tag: ", enc_message);

		return enc_message;
		}

		/**
		* @desc Test function for ECIES BRAINPOOL P-256r1 Encryption with SHA-256
		* @remark For the purpose of testing, the content of p__toBeEncryptedSecuredMessage is the AES 128 symmetric key to be encrypted
		*/
		OCTETSTRING fx__test__encryptWithEciesBrainpoolp256WithSha256(const OCTETSTRING& p__toBeEncryptedSecuredMessage, const OCTETSTRING& p__privateEphemeralKey, const OCTETSTRING& p__recipientPublicKeyX, const OCTETSTRING& p__recipientPublicKeyY, const OCTETSTRING& p__salt, OCTETSTRING& p__publicEphemeralKeyX, OCTETSTRING& p__publicEphemeralKeyY, OCTETSTRING& p__aes__sym__key, OCTETSTRING& p__encrypted__sym__key, OCTETSTRING& p__authentication__vector, OCTETSTRING& p__nonce) {

		// 1. Generate new ephemeral Private/Public keys
		security_ecc ec(ec_elliptic_curves::brainpool_p_256_r1, p__privateEphemeralKey);
		p__publicEphemeralKeyX = ec.public_key_x();
		p__publicEphemeralKeyY = ec.public_key_y();
		loggers::get_instance().log_msg("fx__test__encryptWithEciesBrainpoolp256WithSha256: Vx=", p__publicEphemeralKeyX);
		loggers::get_instance().log_msg("fx__test__encryptWithEciesBrainpoolp256WithSha256: Vy=", p__publicEphemeralKeyY);

		// 2. Generate and derive shared secret
		security_ecc ec_comp(ec_elliptic_curves::brainpool_p_256_r1, p__recipientPublicKeyX, p__recipientPublicKeyY);
		ec.symmetric_encryption_key(p__toBeEncryptedSecuredMessage);
		loggers::get_instance().log_msg("fx__test__encryptWithEciesBrainpoolp256WithSha256: ", ec.encrypted_symmetric_key());
		if (ec.generate_and_derive_ephemeral_key(encryption_algotithm::aes_128_ccm, ec_comp.public_key_x(), ec_comp.public_key_y(), p__salt) == -1) {
		loggers::get_instance().warning("fx__test__encryptWithEciesBrainpoolp256WithSha256: Failed to generate and derive secret key");
		return OCTETSTRING(0, nullptr);
		}

		// Set the AES symmetric key
		loggers::get_instance().log_msg("fx__test__encryptWithEciesBrainpoolp256WithSha256: AES symmetric key: ", ec.symmetric_encryption_key());
		p__aes__sym__key = ec.symmetric_encryption_key();
		loggers::get_instance().log_msg("fx__test__encryptWithEciesBrainpoolp256WithSha256: p__aes__sym__key: ", p__aes__sym__key);
		// Set the encrypted symmetric key
		loggers::get_instance().log_msg("fx__test__encryptWithEciesBrainpoolp256WithSha256: Encrypted symmetric key: ", ec.encrypted_symmetric_key());
		p__encrypted__sym__key = ec.encrypted_symmetric_key();
		loggers::get_instance().log_msg("fx__test__encryptWithEciesBrainpoolp256WithSha256: p__encrypted__sym__key: ", p__encrypted__sym__key);
		// Set the tag of the symmetric key encryption
		p__authentication__vector = ec.tag();
		loggers::get_instance().log_msg("fx__test__encryptWithEciesBrainpoolp256WithSha256: p__authentication__vector: ", p__authentication__vector);
		// 3. Retrieve AES 128 parameters
		p__nonce = ec.nonce();
		loggers::get_instance().log_msg("fx__test__encryptWithEciesBrainpoolp256WithSha256: p__nonce: ", p__nonce);
		// 4. Encrypt the data using AES-128 CCM
		OCTETSTRING enc_message;
		if (ec.encrypt(encryption_algotithm::aes_128_ccm, ec.symmetric_encryption_key(), ec.nonce(), p__toBeEncryptedSecuredMessage, enc_message) == -1) {
		loggers::get_instance().warning("fx__test__encryptWithEciesBrainpoolp256WithSha256: Failed to encrypt message");
		return OCTETSTRING(0, nullptr);
		}
		enc_message += ec.tag();
		loggers::get_instance().log_to_hexa("fx__test__encryptWithEciesBrainpoolp256WithSha256: enc message\|\|Tag: ", enc_message);

		return enc_message;
		}

		OCTETSTRING fx__decryptWithEciesBrainpoolp256WithSha256(const OCTETSTRING& p__encryptedSecuredMessage, const OCTETSTRING& p__privateEncKey, const OCTETSTRING& p__publicEphemeralKeyCompressed, const INTEGER& p__ephemeralCompressedMode, const OCTETSTRING& p__encrypted__sym__key, const OCTETSTRING& p__authentication__vector, const OCTETSTRING& p__nonce) {
		loggers::get_instance().log_msg(">>> fx__decryptWithEciesBrainpoolp256WithSha256: p__toBeEncryptedSecuredMessage: ", p__encryptedSecuredMessage);
		loggers::get_instance().log_msg(">>> fx__decryptWithEciesBrainpoolp256WithSha256: p__privateEncKey: ", p__privateEncKey);

etc/AtsPki/AtsPki_Escrypt.cfg_

0 → 100644

+159 −0

Original line number	Diff line number	Diff line
		[MODULE_PARAMETERS]
		# This section shall contain the values of all parameters that are defined in your TTCN-3 modules.

		# The GeoNetworking address of the IUT.
		LibItsGeoNetworking_Pics.PICS_GN_LOCAL_GN_ADDR := { typeOfAddress := e_manual,
		stationType := e_passengerCar,
		stationCountryCode := 0,
		mid := '000000000001'O
		# typeOfAddress := e_initial,
		# stationType := e_unknown, #e_roadSideUnit,
		# stationCountryCode := 0, #33,
		# mid := '4C5E0C14D2EA'O
		}

		LibItsGeoNetworking_Pixits.PX_GN_UPPER_LAYER := e_btpB
		LibItsGeoNetworking_Pixits.PX_NEIGHBOUR_DISCOVERY_DELAY := 2.0

		LibItsHttp_Pics.PICS_HEADER_CONTENT_TYPE := "application/x-its-request"

		LibItsHttp_Pics.PICS_HEADER_HOST := "etsi.ea.msi-dev.acloud.gemalto.com"
		LibItsPki_Pics.PICS_HTTP_POST_URI := "/"

		LibItsPki_Pics.PICS_HTTP_POST_URI := "/its"
		#LibItsSecurity_Pics.PICS_SEC_FIXED_KEYS := true # Seed

		# Enable Security support
		LibItsGeoNetworking_Pics.PICS_GN_SECURITY := true
		# Root path to access certificate stored in files, identified by certficate ID
		LibItsSecurity_Pixits.PX_CERTIFICATE_POOL_PATH := "/home/vagrant/tmp"
		# Configuration sub-directory to access certificate stored in files
		LibItsSecurity_Pixits.PX_IUT_SEC_CONFIG_NAME := "asn1c_cert"

		LibItsPki_Pics.PICS_ITS_S_SIGN_NITSP256_PRIVATE_KEY := '5C25F97607DFC62972A147FAD8B7A7C939569F0F95ECD4C641724A68B51836E5'O
		LibItsPki_Pics.PICS_ITS_S_SIGN_NISTP256_PUBLIC_KEY := '020144E5174B0AFDA86BDB8B643B68D40030F5BDB9A9F090C64852CC3C20C9D5AD'O
		LibItsPki_Pics.PICS_ITS_S_ENC_NITSP256_PRIVATE_KEY := 'EDEBEADCAA9514CD4B30256126FB7DF958B911C6EB58CCF702983C3DCD3DECBD'O
		LibItsPki_Pics.PICS_ITS_S_ENC_NISTP256_PUBLIC_KEY := '023A4ADDCDD5EE66DAB2116B0C3AB47CCEDAE92CD9ACE98A84B10EB63A9DCA798C'O
		LibItsPki_Pics.PICS_ITS_S_ENC_BRAINPOOLP256r1_PRIVATE_KEY := '9F155D40B6C920BA45D8027093C8ADADAF3AA6F9F71F0CC0F8279FF0146A8A48'O
		LibItsPki_Pics.PICS_ITS_S_ENC_BRAINPOOLP256r1_PUBLIC_KEY := '038602F468BD334EA4D2BA416295E204D58BD1F42C85FB9BE57237C74544F6A69A'O
		LibItsPki_Pics.PICS_ITS_S_SIGN_BRAINPOOLP256r1_PRIVATE_KEY := '6D585B716D06F75EC2B8A8ADEBFCE6ED35B0640C2AFBFF25FE48FC81A6732D4F'O
		LibItsPki_Pics.PICS_ITS_S_SIGN_BRAINPOOLP256r1_PUBLIC_KEY := '02A92BA3B770B040B8D958D5BD2CC9B537212D6963F50EA3E4784FEFA5D0454C12'O
		LibItsPki_Pics.PICS_ITS_S_ENC_BRAINPOOLP384r1_PRIVATE_KEY := '6B4B4392511B252C904801466F5DA0A7F28E038E6656800CBB0CDCB3D32F862CA4D59CBDC1A19E98E9191582AF1DB3D7'O
		LibItsPki_Pics.PICS_ITS_S_SIGN_BRAINPOOLP384r1_PRIVATE_KEY := '3CD977195A579787C84D5900F4CB6341E0C3D2750B140C5380E6F03CE3FBA0022F7541DEABDCED4790D313ED8F56ACA8'O
		LibItsPki_Pics.PICS_ITS_S_SIGN_BRAINPOOLP384r1_PUBLIC_KEY := '0243FF5C96984C2C3F5FD5C5F6551C90F5FAEE1E5E8301763E4AF1E9D627F3474E554B82EE98EC4B49808DFF61B35F8313'O
		LibItsPki_Pics.PICS_ITS_S_CANONICAL_ID := '1B4CA1210123AE900BBE6C3EBAE7E87DA20DBDAB1E7B2EC0691C51C1021900AA'O

		[LOGGING]
		# In this section you can specify the name of the log file and the classes of events
		# you want to log into the file or display on console (standard error).

		LogFile := "../logs/%e.%h-%r.%s"
		FileMask := LOG_ALL \| USER \| DEBUG \| MATCHING
		ConsoleMask := LOG_ALL \| USER \| DEBUG \| MATCHING
		#FileMask := ERROR \| WARNING \| USER \| MATCHING \| EXECUTOR_RUNTIME \| VERDICTOP
		#ConsoleMask := ERROR \| WARNING \| USER \| MATCHING \| EXECUTOR_RUNTIME \| VERDICTOP
		LogSourceInfo := Stack
		LogEntityName:= Yes
		LogEventTypes:= Yes
		#TimeStampFormat := DateTime

		[TESTPORT_PARAMETERS]
		# In this section you can specify parameters that are passed to Test Ports.
		# CAM Layer
		# next_header : btpA\|btpB (overwrite BTP.type)
		# header_type : tsb\|gbc
		# header_sub_type : sh (single hop)
		# DENM Layer
		# next_header : btpA\|btpB (overwrite BTP.type)
		# header_type : tsb\|gbc
		# BTP Layer
		# type : btpA\|btpB
		# destination port: dst_port
		# source port : src_port
		# device_mode : Set to 1 if the layer shall encapsulate upper layer PDU
		# device_mode : Set to 1 if the layer shall encapsulate upper layer PDU
		# GN Layer
		# ll_address : GeoNetworking address of the Test System
		# latitude : latitude of the Test System
		# longitude : longitude of the Test System
		# beaconing : Set to 1 if GnLayer shall start beaconing
		# Beaconing timer expiry: expiry (ms)
		# device_mode : Set to 1 if the layer shall encapsulate upper layer PDU
		# secured_mode : Set to 1 if message exchanges shall be signed
		# encrypted_mode : Set to 1 if message exchanges shall be encrypted
		# NOTE: For signed & encrypted message exchanges, both secured_mode and encrypted_mode shall be set to 1
		# sec_db_path : Path to the certificates and keys storage location
		# hash : Hash algorithm to be used when secured mode is set
		# Authorized values are SHA-256 or SHA-384
		# Default: SHA-256
		# signature : Signature algorithm to be used when secured mode is set
		# Authorized values are NISTP-256, NISTP-384, BP-256 and BP-384
		# Default: NISTP-256
		# cypher : Cyphering algorithm to be used when secured mode is set
		# Authorized values are NISTP-256, BP-256 and BP-384
		# Default: NISTP-256
		# Pki layer
		# certificate : Certificate to be used by the Test System for signature and encryption. Default: CERT_TS_A_AT
		# peer_certificate : Certificate to be used by the IUT for signature and encryption. Default: CERT_IUT_A_AT
		# Ethernet layer
		# mac_src :Source MAC address
		# mac_bc :Broadcast address
		# eth_type : Ethernet type
		# Commsignia layer
		# mac_src : Device MAC address, used to discard packets
		# To indicate no filering, use the value 000000000000
		# mac_bc : Broadcast address
		# eth_type : Ethernet type, used to discard packets
		# target_host : Device address
		# target_port : Device port
		# source_port : Test System port
		# interface_id: Interface id, used to discard packets
		# tx_power : TX power (dB)
		# UDP layer (IP/UDP based on Pcap)
		# dst_ip : destination IPv4 address (aa.bb.cc.dd)
		# dst_port: destination port
		# src_ip : source IPv4 address (aa.bb.cc.dd)
		# src_port: source port
		# Pcap layer
		# mac_src : Source MAC address, used to exclude from capture the acket sent by the Test System
		# filter : Pcap filter (compliant with tcpdump syntax)
		# Online mode:
		# nic: Local NIC
		# If set, online mode is used
		# Offline mode (nic is present but not set):
		# file : File to read
		# frame_offset: Frame offset, used to skip packets with frame number < frame_offset
		# time_offset : Time offset, used to skip packets with time offset < time_offset
		# save_mode : 1 to save sent packet, 0 otherwise

		# Single GeoNetworking component port
		system.httpPort.params := "HTTP(codecs=http_its:http_etsi_ieee1609dot2_codec)/TCP(server=etsi.ea.msi-dev.acloud.gemalto.com,port=80,use_ssl=0)"

		# GeoNetworking UpperTester port based on UDP
		system.utPort.params := "UT_PKI/UDP(dst_ip=172.23.0.1,dst_port=8000)"

		[EXECUTE]
		#ItsPki_TestCases.TC_SEC_PKI_ITSS_ENR_BV_01
		#ItsPki_TestCases.TC_SEC_PKI_ITSS_ENR_BV_02
		#ItsPki_TestCases.TC_SEC_PKI_SND_EA_BV_01
		#ItsPki_TestCases.TC_SEC_PKI_SND_EA_BV_02
		#ItsPki_TestCases.TC_SEC_PKI_SND_EA_BV_03
		#ItsPki_TestCases.TC_SEC_PKI_SND_EA_BV_04
		#ItsPki_TestCases.TC_SEC_PKI_SND_EA_BV_05
		#ItsPki_TestCases.TC_SEC_PKI_SND_EA_BV_06
		#ItsPki_TestCases.TC_SEC_PKI_SND_EA_BV_07
		#ItsPki_TestCases.TC_SEC_PKI_SND_EA_BV_08
		#ItsPki_TestCases.TC_SEC_PKI_SND_EA_BV_09
		#ItsPki_TestCases.TC_SEC_PKI_SND_EA_BV_10
		#ItsPki_TestCases.TC_SEC_PKI_SND_EA_BV_11
		#ItsPki_TestCases.TC_SEC_PKI_SND_EA_BV_12
		#ItsPki_TestCases.TC_SEC_PKI_SND_EA_AA_BV_01
		#ItsPki_TestCases.TC_SEC_PKI_SND_AA_BV_01

		[MAIN_CONTROLLER]
		# The options herein control the behavior of MC.
		KillTimer := 10.0
		LocalAddress := 127.0.0.1
		TCPPort := 12000
		NumHCs := 1

etc/AtsPki/AtsPki_Gemalto.cfg_

0 → 100644

+168 −0

File added.

Preview size limit exceeded, changes collapsed.

etc/AtsPki/AtsPki_Simu.cfg_

0 → 100644

+159 −0

File added.

Preview size limit exceeded, changes collapsed.

etc/AtsSecurity/AtsSecurity.cfg

+7 −7

Original line number	Diff line number	Diff line
		@@ -23,9 +23,9 @@ LibItsBtp_Pixits.PX_DESTINATION_PORT_INFO := 2001
		# Enable Security support
		LibItsGeoNetworking_Pics.PICS_GN_SECURITY := true
		# Root path to access certificate stored in files, identified by certficate ID
		LibItsSecurity_Pixits.PX_CERTIFICATE_POOL_PATH := "/home/vagrant/tmp"
		LibItsSecurity_Pixits.PX_CERTIFICATE_POOL_PATH := "/home/vagrant/tmp/gentcert/v3" #"/home/vagrant/tmp"
		# Configuration sub-directory to access certificate stored in files
		LibItsSecurity_Pixits.PX_IUT_SEC_CONFIG_NAME := "asn1c_cert"
		LibItsSecurity_Pixits.PX_IUT_SEC_CONFIG_NAME := "certificates"#"asn1c_cert"

		[LOGGING]
		# In this section you can specify the name of the log file and the classes of events
		@@ -109,7 +109,7 @@ LogEventTypes:= Yes

		# Single GeoNetworking component port
		# its_aid = 36
		system.geoNetworkingPort.params := "GN(ll_address=4C5E0C14D2EB,latitude=43551050,longitude=10298730,distanceA=1500,distanceB=1500,angle=0,device_mode=0,secured_mode=1,its_aid=36,certificate=CERT_TS_A_AT,sec_db_path=/home/vagrant/tmp/asn1c_cert)/ETH(mac_src=e2b7b30429eb)/PCAP(mac_src=e2b7b30429eb,nic=eth1,filter=and ether proto 0x8947)" # Nordsys
		system.geoNetworkingPort.params := "GN(ll_address=4C5E0C14D2EB,latitude=43551050,longitude=10298730,distanceA=1500,distanceB=1500,angle=0,device_mode=0,secured_mode=1,its_aid=36,certificate=CERT_TS_A_AT,sec_db_path=/home/vagrant/tmp/gentcert/v3/certificates)/ETH(mac_src=e2b7b30429eb)/PCAP(mac_src=e2b7b30429eb,nic=eth2,filter=and ether proto 0x8947)"

		#system.geoNetworkingPort.params := "
		# GN(ll_address=4C5E0C14D2EC,latitude=43551050,longitude=10298730,beaconing=0,expiry=1000)/
		@@ -123,8 +123,8 @@ system.geoNetworkingPort.params := "GN(ll_address=4C5E0C14D2EB,latitude=43551050
		#system.camUtPort.params := "UT_CAM(loopback=1)"
		#system.utPort.params := "UT_CAM/UDP(dst_ip=172.23.0.1,dst_port=8000)" # Nordsys
		#system.camUtPort.params := "UT_CAM/UDP(dst_ip=172.23.0.1,dst_port=8000)" # Nordsys
		system.utPort.params := "UT_CAM/UDP(dst_ip=192.168.56.101)" # Simu
		system.camUtPort.params := "UT_CAM/UDP(dst_ip=192.168.56.101)" # Simu
		system.utPort.params := "UT_CAM/UDP(dst_ip=172.28.128.4)" # Simulator Siemens
		system.camUtPort.params := "UT_CAM/UDP(dst_ip=172.28.128.4)" # Simulator Siemens

		[EXECUTE]
		#Check that ITS-S sends a Ieee1609Dot2Data containing protocol version set to 3
		@@ -132,14 +132,14 @@ system.camUtPort.params := "UT_CAM/UDP(dst_ip=192.168.56.101)" # Simu

		# ------------------------- CAM ---------------------------
		# Check that IUT sends the secured CAM using SignedData container.
		ItsSecurity_TestCases.TC_SEC_ITSS_SND_CAM_01_BV
		#ItsSecurity_TestCases.TC_SEC_ITSS_SND_CAM_01_BV

		# Check that IUT sends the secured CAM containing the HeaderInfo field psid set to 'AID_CAM'.
		#ItsSecurity_TestCases.TC_SEC_ITSS_SND_CAM_02_BV

		# Check that IUT sends the secured CAM with the HeaderInfo containing generationTime
		# and doesn't containing expiryTime, generationLocation, encryptionKey, p2pcdLearningRequest, missingCrlIdentifier.
		#ItsSecurity_TestCases.TC_SEC_ITSS_SND_CAM_03_BV
		ItsSecurity_TestCases.TC_SEC_ITSS_SND_CAM_03_BV

		# Check that IUT sends the secured CAM containing signer containing either certificate or digest;
		# Check that signing certificate has permissions to sign CAM messages.

Admin message