Update after ETSI ITS CMS-7

2d0d6b58 · YannGarcia · Yann Garcia · 005cddbf · 2d0d6b58 · 2d0d6b58
Commit 2d0d6b58 authored Nov 18, 2019 by YannGarcia Committed by Yann Garcia Nov 18, 2019
24 changed files
--- a/README.md
+++ b/README.md
@@ -106,18 +106,19 @@ NOTE The user password is vagrant.
 ### Using Docker

 Pre-requisites on your host machine:
- Install Virtualbox
+- Install Virtualbox (For Windows host only)
 - Install Docker

 Procedure for a Windows host machine:
- On your host machine, open a the Docker Quickstart Terminal
+- On your host machine, open a the Docker Quickstart Terminal and change to a working folder such as ./temp/docker_its

 Procedure for a Linux host machine:
- On your host machine, open a terminal and change to a working folder such as $HOME/temp
+- On your host machine, open a terminal and change to a working folder such as $HOME/temp/docker_its

-On your host machine, clone the following items from ETSI ITS protocols project:
- The docket folder
- The .jenkins.sh script file (hidden file)
+On your host machine, download the following items from ETSI ITS protocols project:
+- The docker folder
+- The .jenkins.sh script file (hidden file) and add the execution rights on it
+- Check the rights of the script files and the folders

 From the your current directory, execute the following commands:


--- a/ccsrc/Externals/LibItsSecurity_externals.cc
+++ b/ccsrc/Externals/LibItsSecurity_externals.cc
@@ -587,7 +587,8 @@ namespace LibItsSecurity__Functions
   * \return The HMAC value resized to 16-byte
   */
  OCTETSTRING fx__hmac__sha256(const OCTETSTRING& p__k, const OCTETSTRING& p__m) {
-    loggers::get_instance().log(">>> fx__hmac__sha256");
+    loggers::get_instance().log_msg(">>> fx__hmac__sha256: p__k=", p__k);
+    loggers::get_instance().log_msg(">>> fx__hmac__sha256: p__m=", p__m);

    hmac h(hash_algorithms::sha_256); // TODO Use ec_encryption_algorithm
    OCTETSTRING t;
@@ -595,8 +596,8 @@ namespace LibItsSecurity__Functions
      loggers::get_instance().warning("fx__hmac__sha256: Failed to generate HMAC");
      return OCTETSTRING(0, nullptr);
    }
-    loggers::get_instance().log_msg("fx__hmac__sha256: HMAC: ", t);

+    loggers::get_instance().log_msg("<<< fx__hmac__sha256: HMAC: ", t);
    return t;
  }

@@ -1183,7 +1184,7 @@ namespace LibItsSecurity__Functions
    return TRUE;
  }

-  BOOLEAN fx__store__certificate(const CHARSTRING& p__cert__id, const OCTETSTRING& p__cert, const OCTETSTRING& p__private__key, const OCTETSTRING& p__public__key__x, const OCTETSTRING& p__public__key__y, const OCTETSTRING& p__public__key__compressed, const INTEGER& p__public__key__compressed__mode, const OCTETSTRING& p__hash, const OCTETSTRING& p__hashid8, const OCTETSTRING& p__issuer, const OCTETSTRING_template& p__private__enc__key, const OCTETSTRING_template& p__public__enc__key__x, const OCTETSTRING_template& p__public__enc__key__y, const OCTETSTRING_template& p__public__enc__compressed__key, const INTEGER_template& p__public__enc__key__compressed__mode) {
+  BOOLEAN fx__store__certificate(const CHARSTRING& p__cert__id, const OCTETSTRING& p__cert, const OCTETSTRING& p__private__key, const OCTETSTRING& p__public__key__x, const OCTETSTRING& p__public__key__y, const OCTETSTRING& p__public__key__compressed, const INTEGER& p__public__key__compressed__mode, const OCTETSTRING& p__hash, const OCTETSTRING& p__hash__256, const OCTETSTRING& p__hashid8, const OCTETSTRING& p__issuer, const OCTETSTRING_template& p__private__enc__key, const OCTETSTRING_template& p__public__enc__key__x, const OCTETSTRING_template& p__public__enc__key__y, const OCTETSTRING_template& p__public__enc__compressed__key, const INTEGER_template& p__public__enc__key__compressed__mode) {
    loggers::get_instance().log(">>> fx__store__certificate: '%s'", static_cast<const char*>(p__cert__id));

    int result;
@@ -1191,9 +1192,9 @@ namespace LibItsSecurity__Functions
      const OCTETSTRING private_enc_key = p__private__enc__key.valueof();
      const OCTETSTRING public_enc_key_x = p__public__enc__key__x.valueof();
      const OCTETSTRING public_enc_key_y = p__public__enc__key__y.valueof();
-      result = security_services::get_instance().store_certificate(p__cert__id, p__cert, p__private__key, p__public__key__x, p__public__key__y, p__public__key__compressed, p__public__key__compressed__mode, p__hash, p__hashid8, p__issuer, p__private__enc__key.valueof(), p__public__enc__key__x.valueof(), p__public__enc__key__y.valueof(), p__public__enc__compressed__key.valueof(), p__public__enc__key__compressed__mode.valueof());
+      result = security_services::get_instance().store_certificate(p__cert__id, p__cert, p__private__key, p__public__key__x, p__public__key__y, p__public__key__compressed, p__public__key__compressed__mode, p__hash, p__hash__256, p__hashid8, p__issuer, p__private__enc__key.valueof(), p__public__enc__key__x.valueof(), p__public__enc__key__y.valueof(), p__public__enc__compressed__key.valueof(), p__public__enc__key__compressed__mode.valueof());
    } else {
-      result = security_services::get_instance().store_certificate(p__cert__id, p__cert, p__private__key, p__public__key__x, p__public__key__y, p__public__key__compressed, p__public__key__compressed__mode, p__hash, p__hashid8, p__issuer, OCTETSTRING(0, nullptr), OCTETSTRING(0, nullptr), OCTETSTRING(0, nullptr), OCTETSTRING(0, nullptr), INTEGER(-1));
+      result = security_services::get_instance().store_certificate(p__cert__id, p__cert, p__private__key, p__public__key__x, p__public__key__y, p__public__key__compressed, p__public__key__compressed__mode, p__hash, p__hash__256, p__hashid8, p__issuer, OCTETSTRING(0, nullptr), OCTETSTRING(0, nullptr), OCTETSTRING(0, nullptr), OCTETSTRING(0, nullptr), INTEGER(-1));
    }
    
    return (result == 0);
@@ -1293,6 +1294,25 @@ namespace LibItsSecurity__Functions
    return TRUE;
  }

+  /**
+   * \brief   Read the whole-hash of the certificate using SHA 256
+   * \param   p_certificate_id the certificate identifier
+   * \param   p_hash   the expected certificate
+   * \return  true on success, false otherwise
+   */
+  BOOLEAN fx__readCertificateHash256(
+                                     const CHARSTRING& p__certificateId,
+                                     OCTETSTRING& p__hash
+                                     ) {
+    loggers::get_instance().log(">>> fx__readCertificateHash256: '%s'", static_cast<const char*>(p__certificateId));
+
+    if (security_services::get_instance().read_certificate_hash_sha_256(p__certificateId, p__hash) == -1) {
+      return FALSE;
+    }
+
+    return TRUE;
+  }
+
  /**
   * \brief    Read the private keys for the specified certificate
   * \param   p_certificate_id     the keys identifier

--- a/ccsrc/Protocols/Security/certificates_loader.cc
+++ b/ccsrc/Protocols/Security/certificates_loader.cc
@@ -240,41 +240,51 @@ int certificates_loader::build_certificates_cache(std::set<std::experimental::fi
        public_enc_comp_key = OCTETSTRING(0, nullptr);
      }
      
+      OCTETSTRING hash_sha_256; // Whole-certificate hash using SHA-256
+      sha256 sha;
+      sha.generate(certificate, hash_sha_256);
+      loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: Whole-certificate SHA-256 hash for encryption: ", hash_sha_256);
+      
      OCTETSTRING hash; // Whole-certificate hash
      OCTETSTRING hashed_id; // Whole-certificate hashedid-8
      OCTETSTRING issuer; // Certificate issuer
-      if (decoded_certificate.issuer().ischosen(IEEE1609dot2::IssuerIdentifier::ALT_sha256AndDigest)) {
-        sha256 sha;
-        sha.generate(certificate, hash);
+      if (public_key_x.lengthof() == 32) {
+        hash = hash_sha_256;
        loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: Whole-certificate SHA-256 hash: ", hash);
        hashed_id = OCTETSTRING(8, static_cast<const unsigned char*>(hash) + hash.lengthof() - 8);
-        issuer = decoded_certificate.issuer().sha256AndDigest();
-      } else if (decoded_certificate.issuer().ischosen(IEEE1609dot2::IssuerIdentifier::ALT_sha384AndDigest)) {
+      } else if (public_key_x.lengthof() == 48) {
        sha384 sha;
        sha.generate(certificate, hash);
        loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: Whole-certificate SHA-384 hash: ", hash);
        hashed_id = OCTETSTRING(8, static_cast<const unsigned char*>(hash) + hash.lengthof() - 8);
+      } else {
+        hash = OCTETSTRING(0, nullptr);
+        hash_sha_256 = OCTETSTRING(0, nullptr);
+        hashed_id = int2oct(0, 8);
+      }
+      loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: hash: ", hash);
+      loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: hashed_id: ", hashed_id);
+      
+      if (decoded_certificate.issuer().ischosen(IEEE1609dot2::IssuerIdentifier::ALT_sha256AndDigest)) {
+        issuer = decoded_certificate.issuer().sha256AndDigest();
+      } else if (decoded_certificate.issuer().ischosen(IEEE1609dot2::IssuerIdentifier::ALT_sha384AndDigest)) {
        issuer = decoded_certificate.issuer().sha384AndDigest();
      } else if (decoded_certificate.issuer().ischosen(IEEE1609dot2::IssuerIdentifier::ALT_self__)) {
+        OCTETSTRING h;
        if (decoded_certificate.issuer().self__() == IEEE1609dot2BaseTypes::HashAlgorithm::sha256) {
          sha256 sha;
-          sha.generate(certificate, hash);
+          sha.generate(certificate, h);
          //loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: Whole-certificate SHA-256 hash: ", hash);
        } else {
          sha384 sha;
-          sha.generate(certificate, hash);
+          sha.generate(certificate, h);
          //loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: Whole-certificate SHA-384 hash: ", hash);
        }
-        hashed_id = OCTETSTRING(8, static_cast<const unsigned char*>(hash) + hash.lengthof() - 8);
-        issuer = hashed_id;
+        issuer = OCTETSTRING(8, static_cast<const unsigned char*>(h) + h.lengthof() - 8);
      } else {
-        hash = OCTETSTRING(0, nullptr);
-        hashed_id = int2oct(0, 8);
        issuer = int2oct(0, 8);
      }
-      //loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: hash: ", hash);
-      //loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: hashed_id: ", hashed_id);
-      //loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: issuer: ", issuer);
+      loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: issuer: ", issuer);
      
      // Create new record
      security_db_record* p = new security_db_record(
@@ -283,6 +293,7 @@ int certificates_loader::build_certificates_cache(std::set<std::experimental::fi
                                                     decoded_certificate,
                                                     issuer, // Hashed ID fo the issuer
                                                     hash,
+                                                     hash_sha_256,
                                                     hashed_id, // Hashed ID
                                                     private_key, // Private key
                                                     public_key_x, // public keys X-coordinate

--- a/ccsrc/Protocols/Security/hmac.cc
+++ b/ccsrc/Protocols/Security/hmac.cc
@@ -12,6 +12,8 @@

 #include "hmac.hh"

+#include "loggers.hh"
+
 int hmac::generate(const OCTETSTRING p_buffer, const OCTETSTRING p_secret_key, OCTETSTRING& p_hmac) {
  // Sanity check
  if (p_buffer.lengthof() == 0) {
@@ -40,6 +42,7 @@ int hmac::generate(const unsigned char* p_buffer, const size_t p_buffer_length,
  ::HMAC_Update(_ctx, p_buffer, p_buffer_length);
  unsigned int length = p_hmac.lengthof();
  ::HMAC_Final(_ctx, (unsigned char*)static_cast<const unsigned char*>(p_hmac), &length);
+  loggers::get_instance().log_to_hexa("hmac::generate: ", (unsigned char*)static_cast<const unsigned char*>(p_hmac), length);
  // Resize the hmac
  if (_hash_algorithms == hash_algorithms::sha_256) {
    p_hmac = OCTETSTRING(16, static_cast<const unsigned char*>(p_hmac));

--- a/ccsrc/Protocols/Security/security_cache.cc
+++ b/ccsrc/Protocols/Security/security_cache.cc
@@ -200,6 +200,19 @@ int security_cache::get_hash(const std::string& p_certificate_id, OCTETSTRING& p
  return 0;
 }

+int security_cache::get_hash_sha_256(const std::string& p_certificate_id, OCTETSTRING& p_hash) const {
+  loggers::get_instance().log(">>> security_cache::get_hash_sha_256: '%s'", p_certificate_id.c_str());
+
+  std::map<std::string, std::unique_ptr<security_db_record> >::const_iterator it = _certificates.find(p_certificate_id);
+  if (it == _certificates.cend()) {
+    loggers::get_instance().warning("security_cache::get_hash_sha_256: record not found");
+    return -1;
+  }
+  p_hash = it->second.get()->hash_sha_256();
+
+  return 0;
+}
+
 int security_cache::get_private_key(const std::string& p_certificate_id, OCTETSTRING& p_private_key) const {
  loggers::get_instance().log(">>> security_cache::get_private_key: '%s'", p_certificate_id.c_str());

@@ -293,11 +306,11 @@ bool security_cache::fill_vector(OCTETSTRING& p_vector, const OCTETSTRING& p_org
  return false;
 }

-int security_cache::store_certificate(const CHARSTRING& p_cert_id, const OCTETSTRING& p_cert, const OCTETSTRING& p_private_key, const OCTETSTRING& p_public_key_x, const OCTETSTRING& p_public_key_y, const OCTETSTRING& p_public_compressed_key, const INTEGER& p_public_compressed_key_mode, const OCTETSTRING& p_hash, const OCTETSTRING& p_hashed_id8, const OCTETSTRING& p_issuer, const OCTETSTRING& p_private_enc_key, const OCTETSTRING& p_public_enc_key_x, const OCTETSTRING& p_public_enc_key_y, const OCTETSTRING& p_public_enc_compressed_key, const INTEGER& p_public_enc_compressed_key_mode) {
+int security_cache::store_certificate(const CHARSTRING& p_cert_id, const OCTETSTRING& p_cert, const OCTETSTRING& p_private_key, const OCTETSTRING& p_public_key_x, const OCTETSTRING& p_public_key_y, const OCTETSTRING& p_public_compressed_key, const INTEGER& p_public_compressed_key_mode, const OCTETSTRING& p_hash, const OCTETSTRING& p_hash_sha_256, const OCTETSTRING& p_hashed_id8, const OCTETSTRING& p_issuer, const OCTETSTRING& p_private_enc_key, const OCTETSTRING& p_public_enc_key_x, const OCTETSTRING& p_public_enc_key_y, const OCTETSTRING& p_public_enc_compressed_key, const INTEGER& p_public_enc_compressed_key_mode) {
  loggers::get_instance().log_msg(">>> security_cache::store_certificate: ", p_cert_id);

  std::string key(static_cast<const char*>(p_cert_id));
-  OCTETSTRING cert, private_key, public_key_x, public_key_y, public_comp_key, hash, hashed_id8, issuer;
+  OCTETSTRING cert, private_key, public_key_x, public_key_y, public_comp_key, hash, hash_sha_256, hashed_id8, issuer;
  OCTETSTRING private_enc_key, public_enc_key_x, public_enc_key_y, public_enc_comp_key;

  security_cache::fill_vector(cert, p_cert);
@@ -311,6 +324,7 @@ int security_cache::store_certificate(const CHARSTRING& p_cert_id, const OCTETST
  }

  security_cache::fill_vector(hash, p_hash);
+  security_cache::fill_vector(hash_sha_256, p_hash_sha_256);
  security_cache::fill_vector(hashed_id8, p_hashed_id8);
  security_cache::fill_vector(issuer, p_issuer);
  
@@ -332,6 +346,7 @@ int security_cache::store_certificate(const CHARSTRING& p_cert_id, const OCTETST
                                                 decoded_certificate,
                                                 issuer,             // Hashed ID for the issuer
                                                 hash,               // Whole-certificate hash
+                                                 hash_sha_256,       // Whole-certificate hash using SHA-256
                                                 hashed_id8,         // Whole-certificate hashed ID
                                                 private_key,        // Private key
                                                 public_key_x,       // Public key X-coordinate
@@ -379,6 +394,7 @@ void security_cache::dump() const {
    loggers::get_instance().log_msg("security_cache::dump: issuer = ", p->issuer());
    loggers::get_instance().log_msg("security_cache::dump: hashed_id = ", p->hashed_id());
    loggers::get_instance().log_msg("security_cache::dump: hash = ", p->hash());
+    loggers::get_instance().log_msg("security_cache::dump: hash_sha_256 = ", p->hash_sha_256());
    loggers::get_instance().log_msg("security_cache::dump: private_key = ", p->private_key());
    loggers::get_instance().log_msg("security_cache::dump: public_key_x = ", p->public_key_x());
    loggers::get_instance().log_msg("security_cache::dump: public_key_y = ", p->public_key_y());

--- a/ccsrc/Protocols/Security/security_cache.hh
+++ b/ccsrc/Protocols/Security/security_cache.hh
@@ -57,6 +57,7 @@ public: /*! \publicsection */
  int get_issuer(const std::string& p_certificate_id, OCTETSTRING& p_hashed_id_issuer) const;
  int get_hashed_id(const std::string& p_certificate_id, OCTETSTRING& p_hashed_id) const;
  int get_hash(const std::string& p_certificate_id, OCTETSTRING& p_hash) const;
+  int get_hash_sha_256(const std::string& p_certificate_id, OCTETSTRING& p_hash) const;
  int get_private_key(const std::string& p_certificate_id, OCTETSTRING& p_private_key) const;
  int get_public_keys(const std::string& p_certificate_id, OCTETSTRING& p_public_key_x, OCTETSTRING& p_public_key_y) const;
  int get_public_comp_key(const std::string& p_certificate_id, OCTETSTRING& p_public_comp_key, INTEGER& p_comp_mode) const;
@@ -64,7 +65,7 @@ public: /*! \publicsection */
  int get_public_enc_keys(const std::string& p_certificate_id, OCTETSTRING& p_public_enc_key_x, OCTETSTRING& p_public_enc_key_y) const;
  int get_public_enc_comp_key(const std::string& p_certificate_id, OCTETSTRING& p_public_enc_comp_key, INTEGER& p_enc_comp_mode) const;

-  virtual int store_certificate(const CHARSTRING& p_cert_id, const OCTETSTRING& p_cert, const OCTETSTRING& p_private_key, const OCTETSTRING& p_public_key_x, const OCTETSTRING& p_public_key_y, const OCTETSTRING& p_public_compressed_key, const INTEGER& p_public_compressed_key_mode, const OCTETSTRING& p_hash, const OCTETSTRING& p_hashid8, const OCTETSTRING& p_issuer, const OCTETSTRING& p_private_enc_key, const OCTETSTRING& p_public_enc_key_x, const OCTETSTRING& p_public_enc_key_y, const OCTETSTRING& p_public_enc_compressed_key, const INTEGER& p_public_enc_compressed_key_mode);
+  virtual int store_certificate(const CHARSTRING& p_cert_id, const OCTETSTRING& p_cert, const OCTETSTRING& p_private_key, const OCTETSTRING& p_public_key_x, const OCTETSTRING& p_public_key_y, const OCTETSTRING& p_public_compressed_key, const INTEGER& p_public_compressed_key_mode, const OCTETSTRING& p_hash, const OCTETSTRING& p_hash_sha_256, const OCTETSTRING& p_hashid8, const OCTETSTRING& p_issuer, const OCTETSTRING& p_private_enc_key, const OCTETSTRING& p_public_enc_key_x, const OCTETSTRING& p_public_enc_key_y, const OCTETSTRING& p_public_enc_compressed_key, const INTEGER& p_public_enc_compressed_key_mode);

  virtual int clear();
  

--- a/ccsrc/Protocols/Security/security_db.cc
+++ b/ccsrc/Protocols/Security/security_db.cc
@@ -40,10 +40,10 @@ int security_db::load_from_files(const std::string& p_db_path) {
  return 0;
 }

-int security_db::store_certificate(const CHARSTRING& p_cert_id, const OCTETSTRING& p_cert, const OCTETSTRING& p_private_key, const OCTETSTRING& p_public_key_x, const OCTETSTRING& p_public_key_y, const OCTETSTRING& p_public_compressed_key, const INTEGER& p_public_compressed_key_mode, const OCTETSTRING& p_hash, const OCTETSTRING& p_hashed_id8, const OCTETSTRING& p_issuer, const OCTETSTRING& p_private_enc_key, const OCTETSTRING& p_public_enc_key_x, const OCTETSTRING& p_public_enc_key_y, const OCTETSTRING& p_public_enc_compressd_key, const INTEGER& p_public_enc_compressed_key_mode) {
+int security_db::store_certificate(const CHARSTRING& p_cert_id, const OCTETSTRING& p_cert, const OCTETSTRING& p_private_key, const OCTETSTRING& p_public_key_x, const OCTETSTRING& p_public_key_y, const OCTETSTRING& p_public_compressed_key, const INTEGER& p_public_compressed_key_mode, const OCTETSTRING& p_hash, const OCTETSTRING& p_hash_sha_256, const OCTETSTRING& p_hashed_id8, const OCTETSTRING& p_issuer, const OCTETSTRING& p_private_enc_key, const OCTETSTRING& p_public_enc_key_x, const OCTETSTRING& p_public_enc_key_y, const OCTETSTRING& p_public_enc_compressd_key, const INTEGER& p_public_enc_compressed_key_mode) {
  loggers::get_instance().log_msg(">>> security_db::store_certificate: ", p_cert_id);

-  if (security_cache::store_certificate(p_cert_id, p_cert, p_private_key, p_public_key_x, p_public_key_y, p_public_compressed_key, p_public_compressed_key_mode, p_hash, p_hashed_id8, p_issuer, p_private_enc_key, p_public_enc_key_x, p_public_enc_key_y, p_public_enc_compressd_key, p_public_enc_compressed_key_mode) != 0) {
+  if (security_cache::store_certificate(p_cert_id, p_cert, p_private_key, p_public_key_x, p_public_key_y, p_public_compressed_key, p_public_compressed_key_mode, p_hash, p_hash_sha_256, p_hashed_id8, p_issuer, p_private_enc_key, p_public_enc_key_x, p_public_enc_key_y, p_public_enc_compressd_key, p_public_enc_compressed_key_mode) != 0) {
    return -1;
  }


--- a/ccsrc/Protocols/Security/security_db.hh
+++ b/ccsrc/Protocols/Security/security_db.hh
@@ -38,7 +38,7 @@ public: /*! \publicsection */
   * \param[in] p_cert_id The certificate identifier
   * \return 0 on success, -1 otherwise
   */
-  int store_certificate(const CHARSTRING& p_cert_id, const OCTETSTRING& p_cert, const OCTETSTRING& p_private_key, const OCTETSTRING& p_public_key_x, const OCTETSTRING& p_public_key_y, const OCTETSTRING& p_public_compressed_key, const INTEGER& p_public_compressed_key_mode, const OCTETSTRING& p_hash, const OCTETSTRING& p_hashid8, const OCTETSTRING& p_issuer, const OCTETSTRING& p_private_enc_key, const OCTETSTRING& p_public_enc_key_x, const OCTETSTRING& p_public_enc_key_y, const OCTETSTRING& p_public_enc_compressed_key, const INTEGER& p_public_enc_compressed_key_mode);
+  int store_certificate(const CHARSTRING& p_cert_id, const OCTETSTRING& p_cert, const OCTETSTRING& p_private_key, const OCTETSTRING& p_public_key_x, const OCTETSTRING& p_public_key_y, const OCTETSTRING& p_public_compressed_key, const INTEGER& p_public_compressed_key_mode, const OCTETSTRING& p_hash, const OCTETSTRING& p_hash_sha_256, const OCTETSTRING& p_hashid8, const OCTETSTRING& p_issuer, const OCTETSTRING& p_private_enc_key, const OCTETSTRING& p_public_enc_key_x, const OCTETSTRING& p_public_enc_key_y, const OCTETSTRING& p_public_enc_compressed_key, const INTEGER& p_public_enc_compressed_key_mode);

 private: /*! \privatesection */
  /*!

--- a/ccsrc/Protocols/Security/security_db_record.cc
+++ b/ccsrc/Protocols/Security/security_db_record.cc
@@ -20,6 +20,7 @@ security_db_record::security_db_record(
                                       const IEEE1609dot2::CertificateBase& p_decoded_certificate,
                                       const OCTETSTRING& p_hashed_id_issuer,
                                       const OCTETSTRING& p_hash,
+                                       const OCTETSTRING& p_hash_sha_256,
                                       const OCTETSTRING& p_hashed_id,
                                       const OCTETSTRING& p_pr_key,
                                       const OCTETSTRING& p_pu_key_x,
@@ -30,7 +31,7 @@ security_db_record::security_db_record(
                                       const OCTETSTRING& p_pu_enc_key_y,
                                       const OCTETSTRING& p_pu_enc_comp_key,
                                       const bool p_to_be_saved
-                                       ): _algorithm{ec_elliptic_curves::nist_p_256}, _certificate_id(p_certificate_id), _certificate(p_certificate), _hashed_id_issuer(p_hashed_id_issuer), _hash(p_hash), _hashed_id(p_hashed_id), _pr_key(p_pr_key), _pu_key_x(p_pu_key_x), _pu_key_y(p_pu_key_y), _pu_comp_key(p_pu_comp_key), _pr_enc_key(p_pr_enc_key), _pu_enc_key_x(p_pu_enc_key_x), _pu_enc_key_y(p_pu_enc_key_y), _pu_enc_comp_key(p_pu_enc_comp_key), _to_be_saved(p_to_be_saved), _decoded_certificate(static_cast<IEEE1609dot2::CertificateBase*>(p_decoded_certificate.clone())) {
+                                       ): _algorithm{ec_elliptic_curves::nist_p_256}, _certificate_id(p_certificate_id), _certificate(p_certificate), _hashed_id_issuer(p_hashed_id_issuer), _hash(p_hash), _hash_sha_256(p_hash_sha_256), _hashed_id(p_hashed_id), _pr_key(p_pr_key), _pu_key_x(p_pu_key_x), _pu_key_y(p_pu_key_y), _pu_comp_key(p_pu_comp_key), _pr_enc_key(p_pr_enc_key), _pu_enc_key_x(p_pu_enc_key_x), _pu_enc_key_y(p_pu_enc_key_y), _pu_enc_comp_key(p_pu_enc_comp_key), _to_be_saved(p_to_be_saved), _decoded_certificate(static_cast<IEEE1609dot2::CertificateBase*>(p_decoded_certificate.clone())) {
 }

 security_db_record::~security_db_record() {

--- a/ccsrc/Protocols/Security/security_db_record.hh
+++ b/ccsrc/Protocols/Security/security_db_record.hh
@@ -30,7 +30,8 @@ class security_db_record {
  std::string _certificate_id;     /*!< Certificate storage*/
  OCTETSTRING _certificate;        /*!< COER storage */
  OCTETSTRING _hashed_id_issuer;   /*!< Hash id 8 of the issuer certificate */
-  OCTETSTRING _hash;               /*!< Certificate hash storage */ // TODO Check if it's usefull, otherwise remove it
+  OCTETSTRING _hash;               /*!< Certificate hash storage */
+  OCTETSTRING _hash_sha_256;       /*!< Certificate hash SHA 256 storage, for encryption (IEEE 1609.2 Clause 5.3.5 Public key encryption algorithms: ECIES */
  OCTETSTRING _hashed_id;          /*!< Certificate hash id 8 storage */
  OCTETSTRING _pr_key;             /*!< Private key storage */
  OCTETSTRING _pu_key_x;           /*!< Public key X-coordinate storage */
@@ -47,7 +48,7 @@ public: /*! \publicsection */
  /*!
   * \brief Default ctor
   */
-  explicit security_db_record(): _algorithm{ec_elliptic_curves::nist_p_256}, _certificate_id(), _certificate(), _hashed_id_issuer(), _hash(), _hashed_id(), _pr_key(), _pu_key_x(), _pu_key_y(), _pu_comp_key(), _pr_enc_key(), _pu_enc_key_x(), _pu_enc_key_y(), _pu_enc_comp_key(), _to_be_saved(false), _decoded_certificate(nullptr) { };
+  explicit security_db_record(): _algorithm{ec_elliptic_curves::nist_p_256}, _certificate_id(), _certificate(), _hashed_id_issuer(), _hash(), _hash_sha_256(), _hashed_id(), _pr_key(), _pu_key_x(), _pu_key_y(), _pu_comp_key(), _pr_enc_key(), _pu_enc_key_x(), _pu_enc_key_y(), _pu_enc_comp_key(), _to_be_saved(false), _decoded_certificate(nullptr) { };
  /*!
   * \brief Specialised ctor
   * \param[in] p_certificate_id The certificate identifier
@@ -55,6 +56,7 @@ public: /*! \publicsection */
   * \param[in] p_decoded_certificate The decoded certificate
   * \param[in] p_hashed_id_issuer The HashedId of the certificate issuer
   * \param[in] p_hash The whole-certificate hash
+   * \param[in] p_hash_sha_256 The whole-certificate hash using SHA-256
   * \param[in] p_hashed_id The whole-certificate hashed id
   * \param[in] p_pr_key The private signature key
   * \param[in] p_pu_key_x The public X-coordinate signature key
@@ -66,7 +68,7 @@ public: /*! \publicsection */
   * \param[in] p_pu_enc_comp_key_y The public compressed coordinate encryption key
   * \param[in] p_to_be_saved Set to true to save on disk this certificate.Default: true
   */
-  security_db_record(const std::string& p_certificate_id, const OCTETSTRING& p_certificate, const IEEE1609dot2::CertificateBase& p_decoded_certificate, const OCTETSTRING& p_hashed_id_issuer, const OCTETSTRING& p_hash, const OCTETSTRING& p_hashed_id, const OCTETSTRING& p_pr_key, const OCTETSTRING& p_pu_key_x, const OCTETSTRING& p_pu_key_y, const OCTETSTRING& p_pu_comp_key, const OCTETSTRING& p_pr_enc_key, const OCTETSTRING& p_pu_enc_key_x, const OCTETSTRING& p_pu_enc_key_y, const OCTETSTRING& p_pu_enc_comp_key_y, const bool p_to_be_saved = true);
+  security_db_record(const std::string& p_certificate_id, const OCTETSTRING& p_certificate, const IEEE1609dot2::CertificateBase& p_decoded_certificate, const OCTETSTRING& p_hashed_id_issuer, const OCTETSTRING& p_hash, const OCTETSTRING& p_hash_sha_256, const OCTETSTRING& p_hashed_id, const OCTETSTRING& p_pr_key, const OCTETSTRING& p_pu_key_x, const OCTETSTRING& p_pu_key_y, const OCTETSTRING& p_pu_comp_key, const OCTETSTRING& p_pr_enc_key, const OCTETSTRING& p_pu_enc_key_x, const OCTETSTRING& p_pu_enc_key_y, const OCTETSTRING& p_pu_enc_comp_key_y, const bool p_to_be_saved = true);
  
  /*!
   * \brief Default dtor
@@ -108,6 +110,13 @@ public: /*! \publicsection */
   * \return The whole-certificate hashed id
   */
  inline const OCTETSTRING& hash() const { return _hash; };
+  /*!
+   * \inline
+   * \fn const OCTETSTRING& hash_sha_256() const;
+   * \brief Retrieve the whole-certificate hashed id
+   * \return The whole-certificate hashed id
+   */
+  inline const OCTETSTRING& hash_sha_256() const { return _hash_sha_256; };
  inline const OCTETSTRING& issuer() const { return _hashed_id_issuer; };
  inline const OCTETSTRING& private_key() const { return _pr_key; };
  inline const OCTETSTRING& public_key_x() const { return _pu_key_x; };

--- a/ccsrc/Protocols/Security/security_services.cc
+++ b/ccsrc/Protocols/Security/security_services.cc
@@ -68,7 +68,7 @@ int security_services::setup(params& p_params) { // FIXME Rename this method
  return 0;
 }

-int security_services::store_certificate(const CHARSTRING& p_cert_id, const OCTETSTRING& p_cert, const OCTETSTRING& p_private_key, const OCTETSTRING& p_public_key_x, const OCTETSTRING& p_public_key_y, const OCTETSTRING& p_public_comp_key, const INTEGER& p_public_comp_key_mode, const OCTETSTRING& p_hash, const OCTETSTRING& p_hashid8, const OCTETSTRING& p_issuer, const OCTETSTRING& p_private_enc_key, const OCTETSTRING& p_public_enc_key_x, const OCTETSTRING& p_public_enc_key_y, const OCTETSTRING& p_public_enc_compressed_key, const INTEGER& p_public_enc_key_compressed_mode) {
+int security_services::store_certificate(const CHARSTRING& p_cert_id, const OCTETSTRING& p_cert, const OCTETSTRING& p_private_key, const OCTETSTRING& p_public_key_x, const OCTETSTRING& p_public_key_y, const OCTETSTRING& p_public_comp_key, const INTEGER& p_public_comp_key_mode, const OCTETSTRING& p_hash, const OCTETSTRING& p_hash_sha_256, const OCTETSTRING& p_hashid8, const OCTETSTRING& p_issuer, const OCTETSTRING& p_private_enc_key, const OCTETSTRING& p_public_enc_key_x, const OCTETSTRING& p_public_enc_key_y, const OCTETSTRING& p_public_enc_compressed_key, const INTEGER& p_public_enc_key_compressed_mode) {
  loggers::get_instance().log_msg(">>> security_services::store_certificate: ", p_cert_id);

  // Sanity checks
@@ -76,7 +76,7 @@ int security_services::store_certificate(const CHARSTRING& p_cert_id, const OCTE
    loggers::get_instance().warning("security_services::store_certificate: Not initialised");
    return -1;
  }
-  return _security_db.get()->store_certificate(p_cert_id, p_cert, p_private_key, p_public_key_x, p_public_key_y, p_public_comp_key, p_public_comp_key_mode, p_hash, p_hashid8, p_issuer, p_private_enc_key, p_public_enc_key_x, p_public_enc_key_y, p_public_enc_compressed_key, p_public_enc_key_compressed_mode);
+  return _security_db.get()->store_certificate(p_cert_id, p_cert, p_private_key, p_public_key_x, p_public_key_y, p_public_comp_key, p_public_comp_key_mode, p_hash, p_hash_sha_256, p_hashid8, p_issuer, p_private_enc_key, p_public_enc_key_x, p_public_enc_key_y, p_public_enc_compressed_key, p_public_enc_key_compressed_mode);
 }

 int security_services::verify_and_extract_gn_payload(const OCTETSTRING& p_secured_gn_payload, const bool p_verify, IEEE1609dot2::Ieee1609Dot2Data& p_ieee_1609dot2_data, OCTETSTRING& p_unsecured_gn_payload, params& p_params) {
@@ -1234,11 +1234,13 @@ int security_services::extract_encryption_keys(const IEEE1609dot2::CertificateBa
    return -1;
  }
  loggers::get_instance().log_msg("security_services::extract_and_store_certificate: Encoded certificate=", enc_cert);
+  OCTETSTRING hash_cert_sha_256;
+  hash_sha256(enc_cert, hash_cert_sha_256);
+  loggers::get_instance().log_msg("security_services::extract_and_store_certificate: hash_cert_sha_256= ", hash_cert_sha_256);
  int result = -1;
  if (p_certificate.issuer().ischosen(IEEE1609dot2::IssuerIdentifier::ALT_sha256AndDigest)) {
    // Calculate the hash according to the hashId
-    OCTETSTRING hash_cert;
-    hash_sha256(enc_cert, hash_cert);
+    OCTETSTRING hash_cert(hash_cert_sha_256);
    loggers::get_instance().log_msg("security_services::extract_and_store_certificate: hash_cert= ", hash_cert);
    const OCTETSTRING hashed_id8 = substr(hash_cert, hash_cert.lengthof() - 8, 8);
    // Retrieve the certificate identifier from digest
@@ -1274,6 +1276,7 @@ int security_services::extract_encryption_keys(const IEEE1609dot2::CertificateBa
                                                 public_comp_key,
                                                 public_comp_key_mode,
                                                 hash_cert,
+                                                 hash_cert_sha_256,
                                                 hashed_id8,
                                                 p_certificate.issuer().sha256AndDigest(),
                                                 OCTETSTRING(0, nullptr), // Encryption private not used
@@ -1323,6 +1326,7 @@ int security_services::extract_encryption_keys(const IEEE1609dot2::CertificateBa
                                                 public_comp_key,
                                                 public_comp_key_mode,
                                                 hash_cert,
+                                                 hash_cert_sha_256,
                                                 hashed_id8,
                                                 p_certificate.issuer().sha384AndDigest(),
                                                 OCTETSTRING(0, nullptr), // Encryption private not used
@@ -1353,6 +1357,10 @@ int security_services::read_certificate_hash(const CHARSTRING& p_certificate_id,
  return _security_db.get()->get_hash(std::string(static_cast<const char*>(p_certificate_id)), p_hash);
 }

+int security_services::read_certificate_hash_sha_256(const CHARSTRING& p_certificate_id, OCTETSTRING& p_hash) const {
+  return _security_db.get()->get_hash_sha_256(std::string(static_cast<const char*>(p_certificate_id)), p_hash);
+}
+
 int security_services::read_certificate_from_digest(const OCTETSTRING& p_digest, CHARSTRING& p_certificate_id) const {
  std::string certificate_id;
  if (_security_db.get()->get_certificate_id(p_digest, certificate_id) != -1) {

--- a/ccsrc/Protocols/Security/security_services.hh
+++ b/ccsrc/Protocols/Security/security_services.hh
@@ -102,13 +102,14 @@ public: /*! \publicsection */
  
  int setup(params &p_params);
  
-  int store_certificate(const CHARSTRING& p_cert_id, const OCTETSTRING& p_cert, const OCTETSTRING& p_private_key, const OCTETSTRING& p_public_key_x, const OCTETSTRING& p_public_key_y, const OCTETSTRING& p_public_comp_key, const INTEGER& p_public_comp_key_mode, const OCTETSTRING& p_hash, const OCTETSTRING& p_hashid8, const OCTETSTRING& p_issuer, const OCTETSTRING& p_private_enc_key, const OCTETSTRING& p_public_enc_key_x, const OCTETSTRING& p_public_enc_key_y, const OCTETSTRING& p_public_enc_compressed_key, const INTEGER& p_public_enc_key_compressed_mode);
+  int store_certificate(const CHARSTRING& p_cert_id, const OCTETSTRING& p_cert, const OCTETSTRING& p_private_key, const OCTETSTRING& p_public_key_x, const OCTETSTRING& p_public_key_y, const OCTETSTRING& p_public_comp_key, const INTEGER& p_public_comp_key_mode, const OCTETSTRING& p_hash, const OCTETSTRING& p_hash_sha_256, const OCTETSTRING& p_hashid8, const OCTETSTRING& p_issuer, const OCTETSTRING& p_private_enc_key, const OCTETSTRING& p_public_enc_key_x, const OCTETSTRING& p_public_enc_key_y, const OCTETSTRING& p_public_enc_compressed_key, const INTEGER& p_public_enc_key_compressed_mode);

  inline void set_position(const int p_latitude, const int p_longitude, const int p_elevation = 0) { _latitude = p_latitude; _longitude = p_longitude; _elevation = p_elevation; };
  
  int read_certificate(const CHARSTRING& p_certificate_id, OCTETSTRING& p_certificate) const;
  int read_certificate_digest(const CHARSTRING& p_certificate_id, OCTETSTRING& p_digest) const;
  int read_certificate_hash(const CHARSTRING& p_certificate_id, OCTETSTRING& p_hash) const;
+  int read_certificate_hash_sha_256(const CHARSTRING& p_certificate_id, OCTETSTRING& p_hash) const;
  int read_certificate_from_digest(const OCTETSTRING& p_digest, CHARSTRING& p_certificate_id) const;
  int read_certificate_from_hashed_id3(const OCTETSTRING& p_digest, CHARSTRING& p_certificate_id) const;
  int read_private_key(const CHARSTRING& p_certificate_id, OCTETSTRING& p_private_key) const;

--- a/etc/AtsPki/AtsPki_Cnit.cfg_
+++ b/etc/AtsPki/AtsPki_Cnit.cfg_
--- a/etc/AtsPki/AtsPki_Idnomic.cfg_
+++ b/etc/AtsPki/AtsPki_Idnomic.cfg_
--- a/etc/AtsPki/AtsPki_Iss.cfg_
+++ b/etc/AtsPki/AtsPki_Iss.cfg_
+[MODULE_PARAMETERS]
+# This section shall contain the values of all parameters that are defined in your TTCN-3 modules.
+
+# Enable Security support
+LibItsGeoNetworking_Pics.PICS_GN_SECURITY := true
+# Root path to access certificate stored in files, identified by certficate ID
+LibItsSecurity_Pixits.PX_CERTIFICATE_POOL_PATH := "/home/vagrant/tmp"
+# Configuration sub-directory to access certificate stored in files
+LibItsSecurity_Pixits.PX_IUT_SEC_CONFIG_NAME := "asn1c_cert"
+
+LibItsHttp_Pics.PICS_HEADER_CONTENT_TYPE  := "application/x-its-request"
+
+LibItsPki_Pics.PICS_MULTIPLE_END_POINT := true
+LibItsPki_Pics.PICS_HEADER_HOST_EC     := "ea.dev.au.c2x.isscms.com"
+LibItsPki_Pics.PICS_HEADER_HOST_ATV    := "ea.dev.au.c2x.isscms.com"
+LibItsPki_Pics.PICS_HEADER_HOST_AT     := "aa.dev.au.c2x.isscms.com"
+
+LibItsPki_Pics.PICS_HTTP_POST_URI_EC                 := "/"
+LibItsPki_Pics.PICS_HTTP_POST_URI_AT                 := "/"
+LibItsPki_Pics.PICS_HTTP_POST_URI_ATV                := "/"
+LibItsPki_Pics.PICS_ITS_S_SIGN_NITSP256_PRIVATE_KEY  := '5C25F97607DFC62972A147FAD8B7A7C939569F0F95ECD4C641724A68B51836E5'O
+LibItsPki_Pics.PICS_ITS_S_SIGN_NISTP256_PUBLIC_KEY   := '020144E5174B0AFDA86BDB8B643B68D40030F5BDB9A9F090C64852CC3C20C9D5AD'O
+LibItsPki_Pics.PICS_ITS_S_CANONICAL_ID               := '455453492D4954532D303031'O
+
+LibItsPki_Pics.PICS_TS_EA_CERTIFICATE_ID             := "CERT_ISS_EA"
+LibItsPki_Pics.PICS_TS_AA_CERTIFICATE_ID             := "CERT_TS_A_AA"
+LibItsPki_Pics.PICS_IUT_AA_CERTIFICATE_ID            := "CERT_ISS_AA"
+LibItsPki_Pics.PICS_TS_CA_CERTIFICATE_ID             := "CERT_ISS_RCA"
+
+#LibItsPki_Pics.PICS_PKI_AUTH_POP                     := false # Do not use Signed for PoP in Authorization requet
+                                                               # Required for SECPKI_AA_AUTH_RCV_02_BV
+#LibItsPki_Pics.PICS_SECPKI_REENROLMENT := false # Check in logs the pattern '==> EC ' to find the required information for re-enrolment
+
+#LibItsPki_Pixits.PX_INCLUDE_ENCRYPTION_KEYS := false # No encryption key in Authorization request
+
+#LibItsPki_Pixits.PX_VE_ALG        := e_nist_p256 # e_brainpool_p256_r1 or e_brainpool_p384_r1
+#LibItsPki_Pixits.PX_EC_ALG_FOR_EC := e_brainpool_p256_r1 # e_nist_p256, e_brainpool_p256_r1
+#LibItsPki_Pixits.PX_EC_ALG_FOR_AT := e_brainpool_p256_r1 # e_nist_p256, e_brainpool_p256_r1
+
+#LibItsPki_Pixits.PX_EC_PRIVATE_KEY     := '170D1EA638C300BD16F0025768C0F1FAA6BE23963E46AD10F79103914265D294'O
+#LibItsPki_Pixits.PX_EC_HASH            := 'DFEFC2A74C8ADD0C8B74B958EE072229D25DEAAAE30D134193D091890E8F3C2C'O
+#LibItsPki_Pixits.PX_EC_HASHED_ID8      := '93D091890E8F3C2C'O
+
+[LOGGING]
+# In this section you can specify the name of the log file and the classes of events
+# you want to log into the file or display on console (standard error).
+
+LogFile := "../logs/%e.%h-%r.%s"
+FileMask := LOG_ALL | USER | DEBUG | MATCHING
+ConsoleMask := LOG_ALL | USER | DEBUG | MATCHING
+#FileMask := ERROR | WARNING | USER | MATCHING | EXECUTOR_RUNTIME | VERDICTOP
+#ConsoleMask := ERROR | WARNING | USER | MATCHING | EXECUTOR_RUNTIME | VERDICTOP
+LogSourceInfo := Stack
+LogEntityName:= Yes
+LogEventTypes:= Yes
+#TimeStampFormat := DateTime
+
+[TESTPORT_PARAMETERS]
+# Multiple HTTP component ports
+system.httpEcPort.params := "HTTP(codecs=http_its:http_etsi_ieee1609dot2_codec)/TCP(server=ea.dev.au.c2x.isscms.com)"
+system.httpAtVPort.params := "HTTP(codecs=http_its:http_etsi_ieee1609dot2_codec)/TCP(server=ea.dev.au.c2x.isscms.com)"
+#system.httpAtVPort.params := "HTTP(codecs=http_its:http_etsi_ieee1609dot2_codec)/TCP(debug=1,server_mode=1,server=192.168.1.41,local_port=80)" # Multiple HTTP component ports specific to TC_SECPKI_AA_AUTHVAL_xx
+system.httpAtPort.params := "HTTP(codecs=http_its:http_etsi_ieee1609dot2_codec)/TCP(server=aa.dev.au.c2x.isscms.com)"
+
+
+[EXECUTE]
+# The EnrolmentResponse message shall be sent by the EA to the ITS-S across the interface at reference point S3 in response to a received EnrolmentRequest message
+ItsPki_TestCases.TC_SECPKI_EA_ENR_RCV_01_BV
+# Check that EA doesn't accept Enrolment rekeying request when enrolment is not permitted by signing certificate
+#ItsPki_TestCases.TC_SECPKI_EA_ENR_RCV_02_BI
+#ItsPki_TestCases.TC_SECPKI_EA_ENR_RCV_05_BI
+#ItsPki_TestCases.TC_SECPKI_EA_ENR_RCV_06_BI
+#ItsPki_TestCases.TC_SECPKI_EA_ENR_RCV_07_BI
+#ItsPki_TestCases.TC_SECPKI_EA_ENR_RCV_08_BI
+#ItsPki_TestCases.TC_SECPKI_EA_ENR_RCV_08_BI
+#ItsPki_TestCases.TC_SECPKI_EA_ENR_RCV_09_BI
+#ItsPki_TestCases.TC_SECPKI_EA_ENR_RCV_10_BI
+#ItsPki_TestCases.TC_SECPKI_EA_ENR_RCV_11_BI
+#ItsPki_TestCases.TC_SECPKI_EA_ENR_RCV_12_BI
+#ItsPki_TestCases.TC_SECPKI_EA_ENR_RCV_13_BI
+
+# The EnrolmentResponse message shall be encrypted using an ETSI TS 103 097 approved algorithm and the encryption shall be done with the same AES key as the one used by the ITS-S requestor for the encryption of the EnrolmentRequest message.
+#ItsPki_TestCases.TC_SECPKI_EA_ENR_01_BV
+#ItsPki_TestCases.TC_SECPKI_EA_ENR_02_BV
+#ItsPki_TestCases.TC_SECPKI_EA_ENR_03_BV
+#ItsPki_TestCases.TC_SECPKI_EA_ENR_04_BV
+#ItsPki_TestCases.TC_SECPKI_EA_ENR_05_BV
+#ItsPki_TestCases.TC_SECPKI_EA_ENR_06_BV
+#ItsPki_TestCases.TC_SECPKI_EA_ENR_07_BV
+#ItsPki_TestCases.TC_SECPKI_EA_ENR_08_BV
+#ItsPki_TestCases.TC_SECPKI_EA_ENR_09_BV
+#ItsPki_TestCases.TC_SECPKI_EA_ENR_10_BV
+#ItsPki_TestCases.TC_SECPKI_EA_ENR_11_BV
+#ItsPki_TestCases.TC_SECPKI_EA_ENR_12_BV
+
+#
+#ItsPki_TestCases.TC_SECPKI_EA_AUTHVAL_RCV_01_BV
+#ItsPki_TestCases.TC_SECPKI_EA_AUTHVAL_RCV_02_BI
+
+#
+#ItsPki_TestCases.TC_SECPKI_EA_AUTHVAL_01_BV
+#ItsPki_TestCases.TC_SECPKI_EA_AUTHVAL_02_BV
+#ItsPki_TestCases.TC_SECPKI_EA_AUTHVAL_03_BV
+#ItsPki_TestCases.TC_SECPKI_EA_AUTHVAL_04_BV
+#ItsPki_TestCases.TC_SECPKI_EA_AUTHVAL_05_BV
+#ItsPki_TestCases.TC_SECPKI_EA_AUTHVAL_06_BV
+#ItsPki_TestCases.TC_SECPKI_EA_AUTHVAL_07_BV
+
+#
+#ItsPki_TestCases.TC_SECPKI_AA_AUTH_RCV_01_BV
+#ItsPki_TestCases.TC_SECPKI_AA_AUTH_RCV_02_BV
+#ItsPki_TestCases.TC_SECPKI_AA_AUTH_RCV_03_BI
+#ItsPki_TestCases.TC_SECPKI_AA_AUTH_RCV_04_BI
+#ItsPki_TestCases.TC_SECPKI_AA_AUTH_RCV_05_BI
+#ItsPki_TestCases.TC_SECPKI_AA_AUTH_RCV_06_BI
+#ItsPki_TestCases.TC_SECPKI_AA_AUTH_RCV_07_BI
+#ItsPki_TestCases.TC_SECPKI_AA_AUTH_RCV_08_BI
+#ItsPki_TestCases.TC_SECPKI_AA_AUTH_RCV_09_BI
+#ItsPki_TestCases.TC_SECPKI_AA_AUTH_RCV_10_BI
+#ItsPki_TestCases.TC_SECPKI_AA_AUTH_RCV_11_BI
+#ItsPki_TestCases.TC_SECPKI_AA_AUTH_RCV_12_BI
+#ItsPki_TestCases.TC_SECPKI_AA_AUTH_RCV_13_BI
+#ItsPki_TestCases.TC_SECPKI_AA_AUTH_RCV_14_BI
+
+#
+#ItsPki_TestCases.TC_SECPKI_AA_AUTHVAL_01_BV
+
+[MAIN_CONTROLLER]
+# The options herein control the behavior of MC.
+KillTimer := 10.0
+LocalAddress := 127.0.0.1
+TCPPort := 12000
+NumHCs := 1
+
--- a/etc/AtsPki/AtsPki_Microsec.cfg_
+++ b/etc/AtsPki/AtsPki_Microsec.cfg_
--- a/etc/AtsPki/AtsPki_Siemens.cfg_
+++ b/etc/AtsPki/AtsPki_Siemens.cfg_
@@ -23,7 +23,7 @@ LibItsSecurity_Pixits.PX_IUT_SEC_CONFIG_NAME := "asn1c_cert"
 #LibItsSecurity_Pics.PICS_SEC_FIXED_KEYS := true # Seed

 LibItsHttp_Pics.PICS_HEADER_CONTENT_TYPE := "application/x-its-request"
-LibItsHttp_Pics.PICS_HEADER_HOST := "192.168.42.4"
+LibItsHttp_Pics.PICS_HEADER_HOST := "172.14.5.253"

 LibItsPki_Pics.PICS_HTTP_POST_URI_EC := "/ea/enrolment"
 LibItsPki_Pics.PICS_HTTP_POST_URI_AT := "/aa/authorization"
@@ -136,18 +136,18 @@ LogEventTypes:= Yes
 # Single GeoNetworking component port
 # its_aid = 36 CAM
 # its_aid = 37 DENM
-system.geoNetworkingPort.params := "GN(ll_address=4C5E0C14D2EB,latitude=43551050,longitude=10298730,distanceA=1500,distanceB=1500,angle=0,device_mode=0,secured_mode=1,its_aid=36,certificate=CERT_TS_A_AT,sec_db_path=/home/vagrant/tmp/asn1c_cert)/ETH(mac_src=e2b7b30429eb)/PCAP(mac_src=e2b7b30429eb,nic=eth1,filter=and ether proto 0x8947)"
+system.geoNetworkingPort.params := "GN(ll_address=4C5E0C14D2EB,latitude=43551050,longitude=10298730,distanceA=1500,distanceB=1500,angle=0,device_mode=0,secured_mode=1,its_aid=36,certificate=CERT_TS_A_AT,sec_db_path=/home/vagrant/tmp/test/certificates/asn1c_cert)/ETH(mac_src=080027d5428a)/PCAP(mac_src=080027d5428a,nic=eth2,filter=and ether proto 0x8947)"

 # Single HTTP component port
-system.httpPort.params := "HTTP(codecs=http_its:http_etsi_ieee1609dot2_codec)/TCP(debug=1,server_mode=1,server=192.168.42.4,port=80,local_port=80,use_ssl=0)"
+system.httpPort.params := "HTTP(codecs=http_its:http_etsi_ieee1609dot2_codec)/TCP(debug=1,server_mode=1,server=172.24.5.252,port=80,local_port=80,use_ssl=0)"

 # GeoNetworking UpperTester port based on UDP
-system.utPort.params := "UT_PKI/UDP(dst_ip=192.168.42.2,src_port=12345)"
+system.utPort.params := "UT_PKI/UDP(dst_ip=172.24.5.253)"

 [EXECUTE]

 # Check that IUT sends an enrolment request when triggered.
-#ItsPki_TestCases.TC_SECPKI_ITSS_ENR_01_BV
+ItsPki_TestCases.TC_SECPKI_ITSS_ENR_01_BV
 # If the enrolment request of the IUT is an initial enrolment request, the itsId (contained in the InnerECRequest) shall be set to the canonical identifier, the signer (contained in the outer EtsiTs1030971Data-Signed) shall be set to self and the outer signature shall be computed using the canonical private key.
 #ItsPki_TestCases.TC_SECPKI_ITSS_ENR_02_BV
 # In presence of a valid EC, the enrolment request of the IUT is a rekeying enrolment request with the itsId (contained in the InnerECRequest) and the SignerIdentifier (contained in the outer EtsiTs1030971Data-Signed) both declared as digest containing the HashedId8 of the EC and the outer signature computed using the current valid EC private key corresponding to the verification public key.
@@ -155,7 +155,7 @@ system.utPort.params := "UT_PKI/UDP(dst_ip=192.168.42.2,src_port=12345)"
 #ItsPki_TestCases.TC_SECPKI_ITSS_ENR_06_BV
 #ItsPki_TestCases.TC_SECPKI_ITSS_ENR_07_BV

-ItsPki_TestCases.TC_SECPKI_ITSS_AUTH_01_BV
+#ItsPki_TestCases.TC_SECPKI_ITSS_AUTH_01_BV

 [MAIN_CONTROLLER]
 # The options herein control the behavior of MC.

--- a/etc/AtsSecurity/AtsSecurity_codha.cf_
+++ b/etc/AtsSecurity/AtsSecurity_codha.cf_
--- a/ttcn/AtsPki/ItsPki_TestCases.ttcn
+++ b/ttcn/AtsPki/ItsPki_TestCases.ttcn
--- a/ttcn/AtsRSUsSimulator/ItsRSUsSimulator_Functions.ttcn
+++ b/ttcn/AtsRSUsSimulator/ItsRSUsSimulator_Functions.ttcn
@@ -1031,7 +1031,7 @@ module ItsRSUsSimulator_Functions {
        }
        [vc_cam == true] cfPort.receive(UtCamTrigger: { changeCurvature := ? }) -> value v_utCamTrigger {
          log("v_utCamTrigger = ", v_utCamTrigger);
-          if (ispresent(vc_rsuMessagesValueList[vc_rsu_id].cam.cam.camParameters.highFrequencyContainer.basicVehicleContainerHighFrequency)) {
+          if (ischosen(vc_rsuMessagesValueList[vc_rsu_id].cam.cam.camParameters.highFrequencyContainer.basicVehicleContainerHighFrequency)) {
            cfPort.send(UtCamResults: { utCamTriggerResult := true } );
            vc_rsuMessagesValueList[vc_rsu_id].cam.cam.camParameters.highFrequencyContainer.basicVehicleContainerHighFrequency.curvature.curvatureValue := v_utCamTrigger.changeCurvature;
          } else {
@@ -1041,7 +1041,7 @@ module ItsRSUsSimulator_Functions {
        }
        [vc_cam == true] cfPort.receive(UtCamTrigger: { changeHeading := ? }) -> value v_utCamTrigger {
          log("v_utCamTrigger = ", v_utCamTrigger);
-          if (ispresent(vc_rsuMessagesValueList[vc_rsu_id].cam.cam.camParameters.highFrequencyContainer.basicVehicleContainerHighFrequency)) {
+          if (ischosen(vc_rsuMessagesValueList[vc_rsu_id].cam.cam.camParameters.highFrequencyContainer.basicVehicleContainerHighFrequency)) {
            cfPort.send(UtCamResults: { utCamTriggerResult := true } );
            vc_rsuMessagesValueList[vc_rsu_id].cam.cam.camParameters.highFrequencyContainer.basicVehicleContainerHighFrequency.heading.headingValue := valueof(vc_rsuMessagesValueList[vc_rsu_id].cam.cam.camParameters.highFrequencyContainer.basicVehicleContainerHighFrequency.heading.headingValue) + v_utCamTrigger.changeHeading;
          } else {

--- a/ttcn/AtsRSUsSimulator/ItsRSUsSimulator_Templates.ttcn
+++ b/ttcn/AtsRSUsSimulator/ItsRSUsSimulator_Templates.ttcn
@@ -11,13 +11,11 @@ module ItsRSUsSimulator_Templates {
    import from SPATEM_PDU_Descriptions language "ASN.1:1997" all;
    import from IVIM_PDU_Descriptions language "ASN.1:1997" all;
    import from IVI language "ASN.1:1997" all;
-    //import from EVCSN_PDU_Descriptions language "ASN.1:1997" all;
    import from SSEM_PDU_Descriptions language "ASN.1:1997" all;
    import from DSRC language "ASN.1:1997" all;
    
    // LibItsCommon
    import from LibItsCommon_ASN1_NamedNumbers all;
-    //    import from LibItsCommon_ASN1_ISDSRC_NamedNumbers all;
    import from LibItsCommon_Functions all;
    import from LibCommon_DataStrings all;
    

--- a/ttcn/AtsSecurity/ItsSecurity_Functions.ttcn
+++ b/ttcn/AtsSecurity/ItsSecurity_Functions.ttcn
@@ -73,7 +73,7 @@ module ItsSecurity_Functions {
            // Local variables
            var GnNonSecuredPacket v_gnNonSecuredPacket;
            var octetstring v_gnPayload;
-            var EtsiTs103097Data v_securedMessage := {};
+            var EtsiTs103097Data v_securedMessage;
            
            log(">>> f_prepareSecuredCam");
            
@@ -162,7 +162,7 @@ module ItsSecurity_Functions {
            // Local variables
            var GnNonSecuredPacket v_gnNonSecuredPacket;
            var octetstring v_gnPayload;
-            var template (value) Ieee1609Dot2Data v_securedMessage := {};
+            var template (value) Ieee1609Dot2Data v_securedMessage;
            
            // Build signed Ieee1609Dot2Data
            v_gnNonSecuredPacket := valueof(m_geoNwShbPacket(
@@ -265,7 +265,7 @@ module ItsSecurity_Functions {
        ) runs on ItsGeoNetworking return GeoNetworkingPdu {
            
            // Local variables
-            var GeoNetworkingPdu v_securedGnPdu := {};//f_prepareSecuredCam_Bo(p_configId, p_protocolVersion, p_trailerStatus, p_headerFields, p_issuerIdentifier);
+            var GeoNetworkingPdu v_securedGnPdu;//f_prepareSecuredCam_Bo(p_configId, p_protocolVersion, p_trailerStatus, p_headerFields, p_issuerIdentifier);
            
 //            log("v_securedGnPdu = ", v_securedGnPdu);
            f_sendGeoNetMessage(valueof(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu)));
@@ -296,7 +296,7 @@ module ItsSecurity_Functions {
            var GnNonSecuredPacket v_gnNonSecuredPacket;
            var octetstring v_gnPayload;
            var LongPosVector v_longPosVectorNodeB := f_getPosition(c_compNodeB); // Use NodeB
-            var template (value) Ieee1609Dot2Data v_securedMessage := {};
+            var template (value) Ieee1609Dot2Data v_securedMessage;