LibItsPki_Functions.ttcn

/**
 *  @author   ETSI / STF544
 *  @version  $Url$
 *            $Id$
 *  @desc     Module containing functions for ITS PKI ATS
 *  @copyright   ETSI Copyright Notification
 *               No part may be reproduced except as authorized by written permission.
 *               The copyright and the foregoing restriction extend to reproduction in all media.
 *               All rights reserved.
 *
 */
module LibItsPki_Functions {
    
  // LibCommon
  import from LibCommon_Time all;
  import from LibCommon_VerdictControl all;
  import from LibCommon_Sync all;
  import from LibCommon_BasicTypesAndValues all;
  import from LibCommon_DataStrings all;
  
  // LibIts
  import from Ieee1609Dot2BaseTypes language "ASN.1:1997" all;
  import from Ieee1609Dot2 language "ASN.1:1997" all;
  import from EtsiTs102941BaseTypes language "ASN.1:1997" all;
  import from EtsiTs102941TypesEnrolment language "ASN.1:1997" all;
  import from EtsiTs102941TypesAuthorization language "ASN.1:1997" all;
  import from EtsiTs102941TypesAuthorizationValidation language "ASN.1:1997" all;
  import from EtsiTs102941MessagesCa language "ASN.1:1997" all;
  import from EtsiTs102941TrustLists language "ASN.1:1997" all;
  import from EtsiTs103097Module language "ASN.1:1997" all;
  import from ITS_Container language "ASN.1:1997" all;
  import from CAM_PDU_Descriptions language "ASN.1:1997" all;
  
  // LibItsCommon
  import from LibItsCommon_TypesAndValues all;
  import from LibItsCommon_Functions all;
  import from LibItsCommon_ASN1_NamedNumbers all;
  import from LibItsCommon_Pixits all;
  
  // LibItsGeoNetworking
  import from LibItsGeoNetworking_TypesAndValues all;
  import from LibItsGeoNetworking_TestSystem all;
  import from LibItsGeoNetworking_Pixits all;
  
  // LibItsSecurity
  import from LibItsSecurity_TypesAndValues all;
  import from LibItsSecurity_Templates all;
  import from LibItsSecurity_Functions all;
  import from LibItsSecurity_Pics all;
  import from LibItsSecurity_Pixits all;
  import from LibItsSecurity_TestSystem all;
  
  // LibItsHttp
  import from LibItsHttp_TypesAndValues all;
  import from LibItsHttp_Templates all;
  import from LibItsHttp_BinaryTemplates all;
  import from LibItsHttp_Functions all;
  import from LibItsHttp_TestSystem all;
  
  // LibItsPki
  import from LibItsPki_TypesAndValues all;
  import from LibItsPki_Templates all;
  import from LibItsPki_Pics all;
  import from LibItsPki_Pixits all;
  import from LibItsPki_TestSystem all;
  
  group pkiConfigurationFunctions {

    function f_cfMtcUp01(
                         out ItsPkiItss p_itss,
                         out ItsPkiHttp p_pki
                         ) runs on ItsMtc {
      p_itss := ItsPkiItss.create("ITS-S") alive;
      p_pki := ItsPkiHttp.create("PKI") alive;
      
      connect(self:syncPort, mtc:syncPort);
      connect(p_itss:syncPort, self:syncPort);
      connect(p_pki:syncPort, self:syncPort);
      
      connect(p_pki:infoPort, p_itss:infoPort);
    } // End of function f_cfMtcUp01
    
    function f_cfMtcUp02(
                         out ItsPkiHttp p_itss,
                         out ItsPkiHttp p_ea
                         ) runs on ServerSyncComp {
      p_itss := ItsPkiItss.create("ITS-S") alive;
      p_ea := ItsPkiHttp.create("EA") alive;
      
      connect(self:syncPort, mtc:syncPort);
      connect(p_itss:syncPort, self:syncPort);
      connect(p_ea:syncPort, self:syncPort);
    } // End of function f_cfMtcUp02
    
    /**
     * @desc    Setups default configuration
     * @param   p_certificate_id The certificate identifier the TA shall use in case of secured IUT
     */
    function f_cfHttpUp(
                        in charstring p_ea_certificate_id := "CERT_TS_A_EA", // TODO Use a constant
                        in charstring p_aa_certificate_id := "CERT_TS_A_AA"
                        ) runs on ItsPkiHttp system ItsPkiHttpSystem {

      if (PICS_MULTIPLE_END_POINT == false) {
        map(self:httpPort, system:httpPort);
      } else {
        map(self:httpEcPort, system:httpEcPort);
        map(self:httpAtVPort, system:httpAtVPort);
        map(self:httpAtPort, system:httpAtPort);
      }
      f_connect4SelfOrClientSync();

      f_initialiseSecuredMode(p_ea_certificate_id, p_aa_certificate_id); // TODO To be removed???

      // TODO Duplicate code, use a function
      
      // Setup EA certificate shared with PKI EA entity
      f_readCertificate(p_ea_certificate_id, vc_eaCertificate);
      f_readSigningKey(p_ea_certificate_id, vc_eaPrivateKey); // TODO To be removed
      f_readEncryptingKey(p_ea_certificate_id, vc_eaPrivateEncKey);
      f_getCertificateDigest(p_ea_certificate_id, vc_eaHashedId8);
      f_getCertificateHash(p_ea_certificate_id, vc_eaWholeHash);
      f_getCertificateHash256(p_ea_certificate_id, vc_eaWholeHash256);
      log("f_cfHttpUp: vc_eaPrivateKey= ", vc_eaPrivateKey);
      log("f_cfHttpUp: vc_eaPrivateEncKey= ", vc_eaPrivateEncKey);
      log("f_cfHttpUp: vc_eaHashedId8= ", vc_eaHashedId8);
      log("f_cfHttpUp: vc_eaWholeHash= ", vc_eaWholeHash);
      log("f_cfHttpUp: vc_eaWholeHash256= ", vc_eaWholeHash256);
      
      // Setup AA certificate shared with PKI AA entity
      f_readCertificate(p_aa_certificate_id, vc_aaCertificate);
      f_readSigningKey(p_aa_certificate_id, vc_aaPrivateKey); // Required for AuthorizationValidation request
      f_readEncryptingKey(p_aa_certificate_id, vc_aaPrivateEncKey);
      f_getCertificateDigest(p_aa_certificate_id, vc_aaHashedId8);
      f_getCertificateHash(p_aa_certificate_id, vc_aaWholeHash);
      f_getCertificateHash256(p_aa_certificate_id, vc_aaWholeHash256);
      log("f_cfHttpUp: vc_aaPrivateKey= ", vc_aaPrivateKey);
      log("f_cfHttpUp: vc_aaPrivateEncKey= ", vc_aaPrivateEncKey);
      log("f_cfHttpUp: vc_aaHashedId8= ", vc_aaHashedId8);
      log("f_cfHttpUp: vc_aaWholeHash= ", vc_aaWholeHash);
      log("f_cfHttpUp: vc_aaWholeHash256= ", vc_aaWholeHash256);

      // Storage of enrolment keys in case of re-enrolment
      vc_ec_keys_counter := 0;
      vc_ec_private_keys := {};
      vc_ec_public_compressed_key := {};
      vc_ec_compressed_modes := {};
      vc_ec_hashed_id8 := {};
      vc_ec_certificates := {};

      if (PICS_MULTIPLE_END_POINT == false) {
        activate(a_default_pki_http());
      } else {
        activate(a_default_pki_http_ec());
        activate(a_default_pki_http_atv());
        activate(a_default_pki_http_at());
      }
    } // End of function f_cfHttpUp
    
    /**
     * @desc    Setups default configuration
     */
    function f_cfHttpUp_ca() runs on ItsPkiHttp system ItsPkiHttpSystem {

      if (PICS_MULTIPLE_END_POINT == false) {
        map(self:httpPort, system:httpPort);
      } else {
        map(self:httpCaPort, system:httpCaPort);
      }
      f_connect4SelfOrClientSync();

      f_initialiseSecuredMode();

      if (PICS_MULTIPLE_END_POINT == false) {
        activate(a_default_pki_http());
      } else {
        activate(a_default_pki_http_ca());
      }
    } // End of function f_cfHttpUp_ca
    
    /**
     * @desc    Setups default configuration
     */
    function f_cfHttpUp_tlm() runs on ItsPkiHttp system ItsPkiHttpSystem {

      if (PICS_MULTIPLE_END_POINT == false) {
        map(self:httpPort, system:httpPort);
      } else {
        map(self:httpTlmPort, system:httpTlmPort);
      }
      f_connect4SelfOrClientSync();

      f_initialiseSecuredMode();

      if (PICS_MULTIPLE_END_POINT == false) {
        activate(a_default_pki_http());
      } else {
        activate(a_default_pki_http_tlm());
      }
    } // End of function f_cfHttpUp_tlm
    
    /**
     * @desc    Setups default configuration
     * @param   p_certificate_id The certificate identifier the TA shall use in case of secured IUT
     */
    function f_cfHttpUp_itss(
                             in charstring p_ea_certificate_id := "CERT_TS_A_EA", // TODO Use a constant
                             in charstring p_aa_certificate_id := "CERT_TS_A_AA"
                             ) runs on ItsPkiHttp system ItsPkiHttpSystem {

      if (PICS_MULTIPLE_END_POINT == false) {
        map(self:httpPort, system:httpPort);
      } else {
        map(self:httpAtPort, system:httpAtPort);
      }

      f_initialiseSecuredMode(p_ea_certificate_id, p_aa_certificate_id); // TODO To be removed???

      // TODO Duplicate code, use a function
      
      // Setup EA certificate shared with PKI EA entity
      f_readCertificate(p_ea_certificate_id, vc_eaCertificate);
      f_readSigningKey(p_ea_certificate_id, vc_eaPrivateKey); // TODO To be removed
      f_readEncryptingKey(p_ea_certificate_id, vc_eaPrivateEncKey);
      f_getCertificateDigest(p_ea_certificate_id, vc_eaHashedId8);
      f_getCertificateHash(p_ea_certificate_id, vc_eaWholeHash);
      f_getCertificateHash256(p_ea_certificate_id, vc_eaWholeHash256);
      log("f_cfHttpUp_itss: vc_eaPrivateKey= ", vc_eaPrivateKey);
      log("f_cfHttpUp_itss: vc_eaPrivateEncKey= ", vc_eaPrivateEncKey);
      log("f_cfHttpUp_itss: vc_eaHashedId8= ", vc_eaHashedId8);
      log("f_cfHttpUp_itss: vc_eaWholeHash= ", vc_eaWholeHash);
      log("f_cfHttpUp: vc_eaWholeHash256= ", vc_eaWholeHash256);
      
      // Setup AA certificate shared with PKI AA entity
      f_readCertificate(p_aa_certificate_id, vc_aaCertificate);
      f_readSigningKey(p_aa_certificate_id, vc_aaPrivateKey); // Required for AuthorizationValidation request
      f_readEncryptingKey(p_aa_certificate_id, vc_aaPrivateEncKey);
      f_getCertificateDigest(p_aa_certificate_id, vc_aaHashedId8);
      f_getCertificateHash(p_aa_certificate_id, vc_aaWholeHash);
      f_getCertificateHash256(p_aa_certificate_id, vc_aaWholeHash256);
      log("f_cfHttpUp_itss: vc_aaPrivateKey= ", vc_aaPrivateKey);
      log("f_cfHttpUp_itss: vc_aaPrivateEncKey= ", vc_aaPrivateEncKey);
      log("f_cfHttpUp_itss: vc_aaHashedId8= ", vc_aaHashedId8);
      log("f_cfHttpUp_itss: vc_aaWholeHash= ", vc_aaWholeHash);
      log("f_cfHttpUp: vc_eaWholeHash256= ", vc_aaWholeHash256);

      // Storage of enrolment keys in case of re-enrolment
      vc_ec_keys_counter := 0;
      vc_ec_private_keys := {};
      vc_ec_public_compressed_key := {};
      vc_ec_compressed_modes := {};
      vc_ec_hashed_id8 := {};
      vc_ec_certificates := {};

      if (PICS_MULTIPLE_END_POINT == false) {
        activate(a_default_pki_http());
      } else {
        activate(a_default_pki_http_at());
      }
    } // End of function f_cfHttpUp_itss
    
    /**
     * @desc    Setups default configuration
     * @param   p_certificate_id The certificate identifier the TA shall use in case of secured IUT
     */
    function f_cfHttpUp_ea(
                             in charstring p_ea_certificate_id := "CERT_TS_A_EA", // TODO Use a constant
                             in charstring p_aa_certificate_id := "CERT_TS_A_AA"
                             ) runs on ItsPkiHttp system ItsPkiHttpSystem {

      if (PICS_MULTIPLE_END_POINT == false) {
        map(self:httpPort, system:httpPort);
      } else {
        map(self:httpAtVPort, system:httpAtVPort);
      }

      f_initialiseSecuredMode(p_ea_certificate_id, p_aa_certificate_id); // TODO To be removed???

      // TODO Duplicate code, use a function
      
      // Setup EA certificate shared with PKI EA entity
      f_readCertificate(p_ea_certificate_id, vc_eaCertificate);
      f_readSigningKey(p_ea_certificate_id, vc_eaPrivateKey); // TODO To be removed
      f_readEncryptingKey(p_ea_certificate_id, vc_eaPrivateEncKey);
      f_getCertificateDigest(p_ea_certificate_id, vc_eaHashedId8);
      f_getCertificateHash(p_ea_certificate_id, vc_eaWholeHash);
      f_getCertificateHash256(p_aa_certificate_id, vc_eaWholeHash256);
      log("f_cfHttpUp_ea: vc_eaPrivateKey= ", vc_eaPrivateKey);
      log("f_cfHttpUp_ea: vc_eaPrivateEncKey= ", vc_eaPrivateEncKey);
      log("f_cfHttpUp_ea: vc_eaHashedId8= ", vc_eaHashedId8);
      log("f_cfHttpUp_ea: vc_eaWholeHash= ", vc_eaWholeHash);
      log("f_cfHttpUp: vc_aaWholeHash256= ", vc_eaWholeHash256);
      
      // Setup AA certificate shared with PKI AA entity
      f_readCertificate(p_aa_certificate_id, vc_aaCertificate);
      f_readSigningKey(p_aa_certificate_id, vc_aaPrivateKey); // Required for AuthorizationValidation request
      f_readEncryptingKey(p_aa_certificate_id, vc_aaPrivateEncKey);
      f_getCertificateDigest(p_aa_certificate_id, vc_aaHashedId8);
      f_getCertificateHash(p_aa_certificate_id, vc_aaWholeHash);
      f_getCertificateHash256(p_aa_certificate_id, vc_aaWholeHash256);
      log("f_cfHttpUp_ea: vc_aaPrivateKey= ", vc_aaPrivateKey);
      log("f_cfHttpUp_ea: vc_aaPrivateEncKey= ", vc_aaPrivateEncKey);
      log("f_cfHttpUp_ea: vc_aaHashedId8= ", vc_aaHashedId8);
      log("f_cfHttpUp_ea: vc_aaWholeHash= ", vc_aaWholeHash);
      log("f_cfHttpUp: vc_aaWholeHash256= ", vc_aaWholeHash256);

      // Storage of enrolment keys in case of re-enrolment
      vc_ec_keys_counter := 0;
      vc_ec_private_keys := {};
      vc_ec_public_compressed_key := {};
      vc_ec_compressed_modes := {};
      vc_ec_hashed_id8 := {};
      vc_ec_certificates := {};

      if (PICS_MULTIPLE_END_POINT == false) {
        activate(a_default_pki_http());
      } else {
        activate(a_default_pki_http_atv());
        activate(a_default_pki_http_at());
      }
    } // End of function f_cfHttpUp_ea
    
    function f_cfUp_itss(
                         in charstring p_certificate_id := "CERT_TS_A_EA" // TODO Use a constant
                         ) runs on ItsPkiItss system ItsPkiItssSystem {
      
      map(self:geoNetworkingPort, system:geoNetworkingPort);
      map(self:utPort, system:utPort);
      //map(self:acPort, system:acPort);
      
      f_initializeState();
      
      // activate(a_default_pki()); TOTO Defualt from geoNet
    } // End of function f_cfUp_itss

    /**
     * @desc    Deletes default configuration 
     */
    function f_cfMtcDown01(
                           inout ItsPkiItss p_itss,
                           inout ItsPkiHttp p_pki
                           ) runs on ItsMtc {
      disconnect(self:syncPort, mtc:syncPort);
      disconnect(p_itss:syncPort, self:syncPort);
      disconnect(p_pki:syncPort, self:syncPort);
      
      disconnect(p_pki:infoPort, p_itss:infoPort);
      
      p_itss.done;
      p_pki.done;
    }
    
    function f_cfMtcDown02(
                           inout ItsPkiHttp p_itss,
                           inout ItsPkiHttp p_ea
                           ) runs on ServerSyncComp {
      disconnect(self:syncPort, mtc:syncPort);
      disconnect(p_itss:syncPort, self:syncPort);
      disconnect(p_ea:syncPort, self:syncPort);
      
      p_itss.done;
      p_ea.done;
    }
    
    /**
     * @desc    Deletes default configuration 
     */
    function f_cfHttpDown() runs on ItsPkiHttp {
      if (PICS_MULTIPLE_END_POINT == false) {
        unmap(self:httpPort, system:httpPort);
      } else {
        unmap(self:httpEcPort, system:httpEcPort);
        unmap(self:httpAtVPort, system:httpAtVPort);
        unmap(self:httpAtPort, system:httpAtPort);
      }
      f_disconnect4SelfOrClientSync();
      f_uninitialiseSecuredMode();
    } // End of function f_cfHttpDown
    
    /**
     * @desc    Deletes default configuration 
     */
    function f_cfHttpDown_ca() runs on ItsPkiHttp {
      if (PICS_MULTIPLE_END_POINT == false) {
        unmap(self:httpPort, system:httpPort);
      } else {
        unmap(self:httpCaPort, system:httpCaPort);
      }
      f_disconnect4SelfOrClientSync();
      f_uninitialiseSecuredMode();
    } // End of function f_cfHttpDown_ca
    
    /**
     * @desc    Deletes default configuration 
     */
    function f_cfHttpDown_tlm() runs on ItsPkiHttp {
      if (PICS_MULTIPLE_END_POINT == false) {
        unmap(self:httpPort, system:httpPort);
      } else {
        unmap(self:httpTlmPort, system:httpTlmPort);
      }
      f_disconnect4SelfOrClientSync();
      f_uninitialiseSecuredMode();
    } // End of function f_cfHttpDown_tlm
    
    /**
     * @desc    Deletes default configuration 
     */
    function f_cfHttpDown_itss() runs on ItsPkiHttp {
      if (PICS_MULTIPLE_END_POINT == false) {
        unmap(self:httpPort, system:httpPort);
      } else {
        unmap(self:httpAtPort, system:httpAtPort);
      }
      f_disconnect4SelfOrClientSync();
      f_uninitialiseSecuredMode();
    } // End of function f_cfHttpDown_itss
    
    /**
     * @desc    Deletes default configuration 
     */
    function f_cfHttpDown_ea() runs on ItsPkiHttp {
      if (PICS_MULTIPLE_END_POINT == false) {
        unmap(self:httpPort, system:httpPort);
      } else {
        unmap(self:httpAtVPort, system:httpAtVPort);
      }
      f_disconnect4SelfOrClientSync();
      f_uninitialiseSecuredMode();
    } // End of function f_cfHttpDown_ea
    
    /**
     * @desc    Deletes default configuration 
     */
    function f_cfDown_itss() runs on ItsPkiItss system ItsPkiItssSystem {
      unmap(self:geoNetworkingPort, system:geoNetworkingPort);
      unmap(self:utPort, system:utPort);
      //unmap(self:acPort, system:acPort);
      
    } // End of function f_cfDown
    
    /**
     * @desc Initialise secure mode if required
     */
    function f_initialiseSecuredMode(
                                     in charstring p_certificate_id  := "CERT_TS_A_EA", // TODO Use a constant
                                     in charstring p_peerCertificateId := "CERT_IUT_A_EA"
                                     ) runs on ItsSecurityBaseComponent {
      // Local variables
      
      // Load certificates
      if(not(f_loadCertificates(PX_IUT_SEC_CONFIG_NAME))) {
        log("*** INFO: TEST CASE NOW STOPPING ITSELF! ***");
        setverdict(inconc);
        stop;
      }
      
      //      f_prepareCertificates(p_certificate_id, vc_aaCertificate, vc_atCertificate);
    } // End of function f_initialiseSecuredMode()
    
    function f_uninitialiseSecuredMode() runs on ItsSecurityBaseComponent {
      f_unloadCertificates();
    } // End of function f_uninitialiseSecuredMode()
    
    function f_initializeState() runs on ItsPkiItss {
      var Oct8 v_hashedId8ToBeUsed;

      log(">>> f_initializeState: vc_hashedId8ToBeUsed= ", vc_hashedId8ToBeUsed);
      v_hashedId8ToBeUsed := f_setupIutCertificate(vc_hashedId8ToBeUsed);
      log("f_initializeState: v_hashedId8ToBeUsed= ", v_hashedId8ToBeUsed);

      f_utInitializeIut(UtPkiInitialize: { v_hashedId8ToBeUsed } );

      f_sleep(PX_NEIGHBOUR_DISCOVERY_DELAY);
      
      //      f_acLoadScenario(p_scenario);
      //      f_acStartScenario();
    }
    
  } // End of pkiConfigurationFunctions

  group ut_port {

    function f_utInitializeIut(template (value) UtPkiInitialize p_init) runs on ItsPkiItss {
      utPort.send(p_init);
      tc_wait.start;
      alt {
        [] utPort.receive(UtPkiResults: { utPkiInitializeResult := true }) {
          tc_wait.stop;
          log("*** f_utInitializeIut: INFO: IUT initialized ***");
        }
        [] utPort.receive {
          tc_wait.stop;
          log("*** f_utInitializeIut: INFO: IUT could not be initialized ***");
          f_selfOrClientSyncAndVerdict("error", e_error);
        }
        [] tc_wait.timeout {
          log("*** f_utInitializeIut: INFO: IUT could not be initialized in time ***");
          f_selfOrClientSyncAndVerdict("error", e_timeout);
        }
      }
      
    } // End of function f_utInitializeIut
    
    function f_sendUtTriggerEnrolmentRequestPrimitive(
                                                      in octetstring p_canonical_id := ''O,
                                                      in Oct1 p_enc_algorithm := '00'O,
                                                      in octetstring p_private_key := ''O,
                                                      in octetstring p_public_key_compressed := ''O,
                                                      in integer p_compressed_mode := 0
                                                      ) runs on ItsPkiItss {
      var TriggerEnrolmentRequest v_ut_trigger_enrolment_request;
      var octetstring v_compressed_public_key;

      if (p_compressed_mode == 2) { // TODO v_compressed_public_key := int2oct(p_compressed_mode, 1) & p_public_key_compressed?
        v_compressed_public_key := '02'O & p_public_key_compressed;
      } else {
        v_compressed_public_key := '03'O & p_public_key_compressed;
      }
      
      v_ut_trigger_enrolment_request := { p_canonical_id, p_enc_algorithm, p_private_key, v_compressed_public_key };
      utPort.send(UtPkiTrigger: { triggerEnrolmentRequest := v_ut_trigger_enrolment_request });
      tc_ac.start;
      alt {
        [] utPort.receive(UtPkiResults: { utPkiTriggerResult := true }) {
          tc_ac.stop;
        }
        [] utPort.receive(UtPkiResults: { utPkiTriggerResult := false }) {
          tc_ac.stop;
          log("*** f_sendUtTriggerEnrolmentRequestPrimitive: ERROR: Received unexpected message ***");
          f_selfOrClientSyncAndVerdict("error", e_error);
        }
        [] tc_ac.timeout {
          log("*** f_sendAcPkiPrimitive: ERROR: Timeout while waiting for adapter control event result ***");
          f_selfOrClientSyncAndVerdict("error", e_timeout);
        }
      } // End of 'alt' statement
    } // End of function f_sendUtTriggerEnrolmentRequestPrimitive
    
    function f_sendUtTriggerAuthorizationRequestPrimitive(
                                                          in octetstring p_canonical_id := ''O,
                                                          in Oct1 p_enc_algorithm := '00'O,
                                                          in octetstring p_private_key := ''O,
                                                          in octetstring p_public_key_compressed := ''O,
                                                          in integer p_compressed_mode := 0
                                                          ) runs on ItsPkiItss {
      var TriggerAuthorizationRequest v_ut_trigger_enrolment_request;
      var octetstring v_compressed_public_key;

      if (p_compressed_mode == 2) { // TODO v_compressed_public_key := int2oct(p_compressed_mode, 1) & p_public_key_compressed?
        v_compressed_public_key := '02'O & p_public_key_compressed;
      } else {
        v_compressed_public_key := '03'O & p_public_key_compressed;
      }
      
      v_ut_trigger_enrolment_request := { p_canonical_id, p_enc_algorithm, p_private_key, v_compressed_public_key };
      utPort.send(UtPkiTrigger: { triggerAuthorizationRequest := v_ut_trigger_enrolment_request });
      tc_ac.start;
      alt {
        [] utPort.receive(UtPkiResults: { utPkiTriggerResult := true }) {
          tc_ac.stop;
        }
        [] utPort.receive(UtPkiResults: { utPkiTriggerResult := false }) {
          tc_ac.stop;
          log("*** f_sendUtTriggerAuthorizationRequestPrimitive: ERROR: Received unexpected message ***");
          f_selfOrClientSyncAndVerdict("error", e_error);
        }
        [] tc_ac.timeout {
          log("*** f_sendAcPkiPrimitive: ERROR: Timeout while waiting for adapter control event result ***");
          f_selfOrClientSyncAndVerdict("error", e_timeout);
        }
      } // End of 'alt' statement
    } // End of function f_sendUtTriggerAuthorizationRequestPrimitive
    
  } // End of group ut_port

  group helpers {

    function f_generate_key_pair(
                                 out octetstring p_private_key,
                                 out octetstring p_public_key_x,
                                 out octetstring p_public_key_y,
                                 out octetstring p_public_key_compressed,
                                 out integer p_compressed_mode
                                 ) return boolean {
      log(">>> f_generate_key_pair: PX_VE_ALG=", PX_VE_ALG);
      
      if (PX_VE_ALG == e_nist_p256) {
        f_generate_key_pair_nistp256(p_private_key, p_public_key_x, p_public_key_y, p_public_key_compressed, p_compressed_mode);
      } else if (PX_VE_ALG == e_brainpool_p256_r1) {
        f_generate_key_pair_brainpoolp256r1(p_private_key, p_public_key_x, p_public_key_y, p_public_key_compressed, p_compressed_mode);
      } else if (PX_VE_ALG == e_brainpool_p384_r1) {
        f_generate_key_pair_brainpoolp384r1(p_private_key, p_public_key_x, p_public_key_y, p_public_key_compressed, p_compressed_mode);
      } else {
        // error
        return false;
      }

      log("<<< f_generate_key_pair: p_compressed_mode=", p_compressed_mode);
      return true;
    }

    function f_generate_key_pair_for_encryption(
                                                in SecurityAlg p_algorithm,
                                                out octetstring p_private_key,
                                                out octetstring p_public_key_x,
                                                out octetstring p_public_key_y,
                                                out octetstring p_public_key_compressed,
                                                out integer p_compressed_mode
                                                ) return boolean {
      if (p_algorithm == e_nist_p256) {
        f_generate_key_pair_nistp256(p_private_key, p_public_key_x, p_public_key_y, p_public_key_compressed, p_compressed_mode);
      } else if (p_algorithm == e_brainpool_p256_r1) {
        f_generate_key_pair_brainpoolp256r1(p_private_key, p_public_key_x, p_public_key_y, p_public_key_compressed, p_compressed_mode);
      } else {
        // error
        return false;
      }

      return true;
    }

    function f_signWithEcdsa(
                             in octetstring p_toBeSignedSecuredMessage,
                             in octetstring p_certificateIssuer,
                             in octetstring p_privateKey
                             ) return octetstring {
      log(">>> f_verifyEcdsa: p_toBeSignedSecuredMessage= ", p_toBeSignedSecuredMessage);
      log(">>> f_verifyEcdsa: p_certificateIssuer= ", p_certificateIssuer);
      log(">>> f_verifyEcdsa: p_privateKey= ", p_privateKey);
      log(">>> f_verifyEcdsa: PX_VE_ALG= ", PX_VE_ALG);
      
      if (PX_VE_ALG == e_nist_p256) {
        return f_signWithEcdsaNistp256WithSha256(p_toBeSignedSecuredMessage, p_certificateIssuer, p_privateKey);
      } else if (PX_VE_ALG == e_brainpool_p256_r1) {
        return f_signWithEcdsaBrainpoolp256r1WithSha256(p_toBeSignedSecuredMessage, p_certificateIssuer, p_privateKey);
      } else if (PX_VE_ALG == e_brainpool_p384_r1) {
        if (p_certificateIssuer == int2oct(0, 32)) {
          return f_signWithEcdsaBrainpoolp384r1WithSha384(p_toBeSignedSecuredMessage, int2oct(0, 48), p_privateKey);
        } else {
          return f_signWithEcdsaBrainpoolp384r1WithSha384(p_toBeSignedSecuredMessage, p_certificateIssuer, p_privateKey);
        }
      }
      
      return ''O;
    } // End of function f_signWithEcdsa

    function f_verifyEcdsa(
                           in octetstring p_tbs,
                           in octetstring p_issuer,
                           in Signature p_signature_,
                           in PublicVerificationKey p_verification_key
                           ) return boolean {
      var boolean v_ret := false;
      
      log(">>> f_verifyEcdsa: p_tbs= ", p_tbs);
      log(">>> f_verifyEcdsa: p_issuer= ", p_issuer);
      log(">>> f_verifyEcdsa: p_signature_= ", p_signature_);
      log(">>> f_verifyEcdsa: p_verification_key= ", p_verification_key);
      
      if (ischosen(p_verification_key.ecdsaNistP256)) {
        if (ischosen(p_verification_key.ecdsaNistP256.compressed_y_0)) {
          v_ret := f_verifyWithEcdsaNistp256WithSha256(
                                                       p_tbs,
                                                       p_issuer,
                                                       p_signature_.ecdsaNistP256Signature.rSig.x_only & p_signature_.ecdsaNistP256Signature.sSig,
                                                       p_verification_key.ecdsaNistP256.compressed_y_0,
                                                       0);
        } else {
          v_ret := f_verifyWithEcdsaNistp256WithSha256(
                                                       p_tbs,
                                                       p_issuer,
                                                       p_signature_.ecdsaNistP256Signature.rSig.x_only & p_signature_.ecdsaNistP256Signature.sSig,
                                                       p_verification_key.ecdsaNistP256.compressed_y_1,
                                                       1);
        }
      } else if (ischosen(p_verification_key.ecdsaBrainpoolP256r1)) {
        if (ischosen(p_verification_key.ecdsaBrainpoolP256r1.compressed_y_0)) {
          v_ret := f_verifyWithEcdsaBrainpoolp256r1WithSha256(
                                                            p_tbs,
                                                            p_issuer,
                                                            p_signature_.ecdsaBrainpoolP256r1Signature.rSig.x_only & p_signature_.ecdsaBrainpoolP256r1Signature.sSig,
                                                            p_verification_key.ecdsaBrainpoolP256r1.compressed_y_0,
                                                            0);
        } else {
          v_ret := f_verifyWithEcdsaBrainpoolp256r1WithSha256(
                                                            p_tbs,
                                                            p_issuer,
                                                            p_signature_.ecdsaBrainpoolP256r1Signature.rSig.x_only & p_signature_.ecdsaBrainpoolP256r1Signature.sSig,
                                                            p_verification_key.ecdsaBrainpoolP256r1.compressed_y_1,
                                                            1);
        }
      } else if (ischosen(p_verification_key.ecdsaBrainpoolP384r1)) {
        if (ischosen(p_verification_key.ecdsaBrainpoolP384r1.compressed_y_0)) {
          v_ret := f_verifyWithEcdsaBrainpoolp384r1WithSha384(
                                                            p_tbs,
                                                            p_issuer,
                                                            p_signature_.ecdsaBrainpoolP384r1Signature.rSig.x_only & p_signature_.ecdsaBrainpoolP384r1Signature.sSig,
                                                            p_verification_key.ecdsaBrainpoolP384r1.compressed_y_0,
                                                            0);
        } else {
          v_ret := f_verifyWithEcdsaBrainpoolp384r1WithSha384(
                                                            p_tbs,
                                                            p_issuer,
                                                            p_signature_.ecdsaBrainpoolP384r1Signature.rSig.x_only & p_signature_.ecdsaBrainpoolP384r1Signature.sSig,
                                                            p_verification_key.ecdsaBrainpoolP384r1.compressed_y_1,
                                                            1);
        }
      }
      
      return v_ret;
    } // End of function f_verifyEcdsa
    
    function f_http_send(
                         in Headers p_headers,
                         in template (value) HttpMessage p_http_message
                         ) runs on ItsPkiHttp {
      log(">>> f_http_send: ", p_http_message);
      
      if (not(PICS_MULTIPLE_END_POINT)) {
        httpPort.send(p_http_message);
      } else {
        var charstring_list v_content_text;
        
        f_get_header(p_headers, c_header_content_text, v_content_text);
        
        if (not(isvalue(v_content_text))) {
          log("f_http_send: Failed to send message: header not found: ", c_header_content_text);
          return;
        }
        if (v_content_text == { "inner_ec_request" }) {
          log("f_http_send: Send on EC end point");
          f_set_headers_list({ c_header_host }, { PICS_HEADER_HOST_EC }, p_headers);
          if (ischosen(p_http_message.request)) {
            p_http_message.request.header := p_headers;
          } else {
            p_http_message.response.header := p_headers;
          }
          httpEcPort.send(p_http_message);
        } else if (v_content_text == { "inner_atv_request" }) {
          log("f_http_send: Send on ATV end point");
          f_set_headers_list({ c_header_host }, { PICS_HEADER_HOST_ATV }, p_headers);
          if (ischosen(p_http_message.request)) {
            p_http_message.request.header := p_headers;
          } else {
            p_http_message.response.header := p_headers;
          }
          httpAtVPort.send(p_http_message);
        } else if (v_content_text == { "inner_at_request" }) {
          log("f_http_send: Send on AT end point");
          f_set_headers_list({ c_header_host }, { PICS_HEADER_HOST_AT }, p_headers);
          if (ischosen(p_http_message.request)) {
            p_http_message.request.header := p_headers;
          } else {
            p_http_message.response.header := p_headers;
          }
          httpAtPort.send(p_http_message);
        } else if (v_content_text == { "ca_request" }) {
          log("f_http_send: Send on CA end point");
          f_set_headers_list({ c_header_host }, { PICS_HEADER_HOST_CA }, p_headers);
          if (ischosen(p_http_message.request)) {
            p_http_message.request.header := p_headers;
          } else {
            p_http_message.response.header := p_headers;
          }
          httpCaPort.send(p_http_message);
        } else if (v_content_text == { "tlm_request" }) {
          log("f_http_send: Send on TLM end point");
          f_set_headers_list({ c_header_host }, { PICS_HEADER_HOST_TLM }, p_headers);
          if (ischosen(p_http_message.request)) {
            p_http_message.request.header := p_headers;
          } else {
            p_http_message.response.header := p_headers;
          }
          httpTlmPort.send(p_http_message);
        } else {
          log("f_http_send: Invalid header value: ", v_content_text);
        }
      }
    } // End of function f_http_send

    function f_generate_key_tag(
                                in octetstring p_public_key_compressed,
                                in integer p_compressed_key_mode,
                                in octetstring p_public_compressed_enc_key,
                                in integer p_compressed_enc_key_mode,
                                out octetstring p_encoded_tag
                                ) return boolean {
      // Local variables
      var PublicVerificationKey v_verification_tag;
      var PublicEncryptionKey v_encryption_tag;

      log(">>> f_generate_key_tag: p_public_key_compressed=", p_public_key_compressed);
      log(">>> f_generate_key_tag: p_public_compressed_enc_key=", p_public_compressed_enc_key);
      
      
      if (PX_VE_ALG == e_nist_p256) {
        if (p_compressed_key_mode == 0) {
          v_verification_tag.ecdsaNistP256.compressed_y_0 := p_public_key_compressed;
        } else {
          v_verification_tag.ecdsaNistP256.compressed_y_1 := p_public_key_compressed;
        }
      } else if (PX_VE_ALG == e_brainpool_p256_r1) {
        if (p_compressed_key_mode == 0) {
          v_verification_tag.ecdsaBrainpoolP256r1.compressed_y_0 := p_public_key_compressed;
        } else {
          v_verification_tag.ecdsaBrainpoolP256r1.compressed_y_1 := p_public_key_compressed;
        }
      } else if (PX_VE_ALG == e_brainpool_p384_r1) {
        if (p_compressed_key_mode == 0) {
          v_verification_tag.ecdsaBrainpoolP384r1.compressed_y_0 := p_public_key_compressed;
        } else {
          v_verification_tag.ecdsaBrainpoolP384r1.compressed_y_1 := p_public_key_compressed;
        }
      } else {
        log("f_generate_key_tag: Failed to generate HMAC tag");
        return false;
      }
      log("f_generate_key_tag: v_verification_tag= ", v_verification_tag);
      p_encoded_tag := bit2oct(encvalue(v_verification_tag));
      if (PX_INCLUDE_ENCRYPTION_KEYS) {
        v_encryption_tag.supportedSymmAlg := aes128Ccm;
        if (PX_EC_ALG_FOR_EC_SIGN == e_nist_p256) {
          if (p_compressed_enc_key_mode == 0) {
            v_encryption_tag.publicKey.eciesNistP256.compressed_y_0 := p_public_compressed_enc_key;
          } else {
            v_encryption_tag.publicKey.eciesNistP256.compressed_y_1 := p_public_compressed_enc_key;
          }
        } else if (PX_EC_ALG_FOR_EC_SIGN == e_brainpool_p256_r1) {
          if (p_compressed_enc_key_mode == 0) {
            v_encryption_tag.publicKey.eciesBrainpoolP256r1.compressed_y_0 := p_public_compressed_enc_key;
          } else {
            v_encryption_tag.publicKey.eciesBrainpoolP256r1.compressed_y_1 := p_public_compressed_enc_key;
          }
        } else {
          log("f_generate_key_tag: Failed to generate HMAC tag (enc)");
          return false;
        }
        log("f_generate_key_tag: v_encryption_tag= ", v_encryption_tag);
        p_encoded_tag := p_encoded_tag & bit2oct(encvalue(v_encryption_tag));
      }

      return true;
    } // End of function f_generate_key_tag
    
  } // End of group helpers
  
  group http { // TODO Split into EnnerEc, Authorization & AuthorizationValidation

    function f_http_build_inner_ec_request( // TODO Cleanup parameters
                                           out octetstring p_private_key,
                                           out octetstring p_public_key_compressed,
                                           out integer p_compressed_mode,
                                           out Oct16 p_aes_sym_key,
                                           out Oct16 p_encrypted_sym_key,
                                           out Oct16 p_authentication_vector,
                                           out Oct12 p_nonce,
                                           out octetstring p_salt,
                                           out Ieee1609Dot2Data p_ieee1609dot2_signed_and_encrypted_data,
                                           out Oct32 p_request_hash
                                           ) runs on ItsPkiHttp {
      var InnerEcRequest v_inner_ec_request;
      var Ieee1609Dot2Data v_inner_ec_request_signed_for_pop;
      var octetstring v_public_enc_key;
      var integer v_compressed_enc_key_mode;
      var boolean v_result;

      log(">>> f_http_build_inner_ec_request");
      if (f_generate_inner_ec_request(p_private_key, p_public_key_compressed, p_compressed_mode, v_inner_ec_request) == false) {
        log("*** f_http_build_inner_ec_request: ERROR: Failed to generate InnerEcRequest ***");
        f_selfOrClientSyncAndVerdict("error", e_error);
      }
      log ("f_http_build_inner_ec_request: ==> EC verification private key: ", p_private_key);
      log ("f_http_build_inner_ec_request: ==> EC verification public compressed key: ", p_public_key_compressed);
      log ("f_http_build_inner_ec_request: ==> EC verification public compressed mode: ", p_compressed_mode);
      // TODO Store enrolment keys for re-enrolment
      vc_ec_private_keys[vc_ec_keys_counter] := p_private_key;
      vc_ec_public_compressed_key[vc_ec_keys_counter] := p_public_key_compressed;
      vc_ec_compressed_modes[vc_ec_keys_counter] := p_compressed_mode;
      vc_ec_keys_counter := vc_ec_keys_counter + 1;
      // Generate InnerEcRequestSignedForPoP
      if (f_generate_inner_ec_request_signed_for_pop(p_private_key, v_inner_ec_request, v_inner_ec_request_signed_for_pop) == false) {
        log("*** f_http_build_inner_ec_request: ERROR: Failed to generate InnerEcRequestSignedForPop ***");
        f_selfOrClientSyncAndVerdict("error", e_error);
      }
      log("f_http_build_inner_ec_request: v_inner_ec_request_signed_for_pop= ", v_inner_ec_request_signed_for_pop);
      
      // Secure InnerEcRequestSignedForPoP message
      if (f_extract_enc_key(vc_eaCertificate, v_public_enc_key, v_compressed_enc_key_mode) == false) {
        log("*** f_http_build_inner_ec_request: ERROR: Non canonical EA certificate ***");
        f_selfOrClientSyncAndVerdict("error", e_error);
      }
      log("f_http_build_inner_ec_request: Public encryption key: ", v_public_enc_key);
      log("f_http_build_inner_ec_request: Public encryption key comp: ", v_compressed_enc_key_mode);
      p_salt := vc_eaWholeHash256; // IEEE 1609.2: If the encryption key was obtained from a certificate c, P1 is SHA-256 (c), where c is the COER encoding of the certificate, canonicalized per 6.4.3.
      if ((PICS_SECPKI_REENROLMENT == false) or (vc_ec_keys_counter == 1)) { // This is the first enrolment, we used Factory keys
        var octetstring v_private_key;
        if (PX_VE_ALG == e_nist_p256) {
          v_private_key := PICS_ITS_S_SIGN_NITSP256_PRIVATE_KEY;
        } else if (PX_VE_ALG == e_brainpool_p256_r1) {
          v_private_key := PICS_ITS_S_SIGN_BRAINPOOLP256r1_PRIVATE_KEY;
        } else {
          v_private_key := PICS_ITS_S_SIGN_BRAINPOOLP384r1_PRIVATE_KEY;
        }
        v_result := f_build_pki_secured_request_message_signed_with_pop(v_private_key, valueof(m_signerIdentifier_self), vc_eaHashedId8/*recipientId*/, v_public_enc_key, v_compressed_enc_key_mode, p_salt, bit2oct(encvalue(m_etsiTs102941Data_inner_ec_request_signed_for_pop(v_inner_ec_request_signed_for_pop))), PX_EC_ALG_FOR_EC, -, p_ieee1609dot2_signed_and_encrypted_data, p_aes_sym_key, p_encrypted_sym_key, p_authentication_vector, p_nonce, p_request_hash);
      } else { // We use last valid EC certificate
        // TODO Retrieve EC certificate from the first enrolment instead of PX
        log("f_http_build_inner_ec_request: v_ec_private_key: ", vc_ec_private_keys[vc_ec_keys_counter - 1]);
        log("f_http_build_inner_ec_request: v_ec_public_compressed_key: ", vc_ec_public_compressed_key[vc_ec_keys_counter - 1]);
        log("f_http_build_inner_ec_request: v_ec_compressed_modes: ", vc_ec_compressed_modes[vc_ec_keys_counter - 1]);
        log("f_http_build_inner_ec_request: v_ec_hashed_id8: ", PX_EC_HASHED_ID8);
        v_result := f_build_pki_secured_request_message_signed_with_pop(vc_ec_private_keys[vc_ec_keys_counter - 1], valueof(m_signerIdentifier_digest(PX_EC_HASHED_ID8)), PX_EC_HASHED_ID8/*recipientId*/, v_public_enc_key, v_compressed_enc_key_mode, p_salt, bit2oct(encvalue(m_etsiTs102941Data_inner_ec_request_signed_for_pop(v_inner_ec_request_signed_for_pop))), PX_EC_ALG_FOR_EC, -, p_ieee1609dot2_signed_and_encrypted_data, p_aes_sym_key, p_encrypted_sym_key, p_authentication_vector, p_nonce, p_request_hash);
      }
      if (v_result == false) {
        log("*** f_http_build_inner_ec_request: ERROR: Failed to generate InnerEcRequestSignedForPop ***");
        f_selfOrClientSyncAndVerdict("error", e_error);
      } else {
        log("f_http_build_inner_ec_request: p_ieee1609dot2_signed_and_encrypted_data= ", p_ieee1609dot2_signed_and_encrypted_data);
        log("f_http_build_inner_ec_request: p_request_hash= ", p_request_hash);
      }
    } // End of function f_http_build_inner_ec_request

    function f_http_build_inner_ec_request_with_wrong_parameters( // TODO Cleanup parameters
                                                                 in SequenceOfPsidSsp p_appPermissions,
                                                                 in octetstring p_canonical_id := PICS_ITS_S_CANONICAL_ID,
                                                                 in Time32 p_start,
                                                                 in Duration p_duration,
                                                                 in boolean p_alter_private_key := false,
                                                                 out octetstring p_private_key,
                                                                 out octetstring p_public_key_compressed,
                                                                 out integer p_compressed_mode,
                                                                 out Oct16 p_aes_sym_key,
                                                                 out Oct16 p_encrypted_sym_key,
                                                                 out Oct16 p_authentication_vector,
                                                                 out Oct12 p_nonce,
                                                                 out octetstring p_salt,
                                                                 out Ieee1609Dot2Data p_ieee1609dot2_signed_and_encrypted_data,
                                                                 out Oct32 p_request_hash
                                                                 ) runs on ItsPkiHttp {
      var InnerEcRequest v_inner_ec_request;
      var Ieee1609Dot2Data v_inner_ec_request_signed_for_pop;
      var octetstring v_public_enc_key;
      var integer v_compressed_enc_key_mode;
      var boolean v_result;

      log(">>> f_http_build_inner_ec_request_with_wrong_parameters");
      if (f_generate_inner_ec_request_with_wrong_parameters(p_appPermissions, p_canonical_id, p_start, p_duration, p_alter_private_key, p_private_key, p_public_key_compressed, p_compressed_mode, v_inner_ec_request) == false) {
        log("*** f_http_build_inner_ec_request_with_wrong_parameters: ERROR: Failed to generate InnerEcRequest ***");
        f_selfOrClientSyncAndVerdict("error", e_error);
      }
      log ("f_http_build_inner_ec_request_with_wrong_parameters: ==> EC verification private key: ", p_private_key);
      log ("f_http_build_inner_ec_request_with_wrong_parameters: ==> EC verification public compressed key: ", p_public_key_compressed);
      log ("f_http_build_inner_ec_request_with_wrong_parameters: ==> EC verification public compressed mode: ", p_compressed_mode);
      // Generate InnerEcRequestSignedForPoP
      if (f_generate_inner_ec_request_signed_for_pop(p_private_key, v_inner_ec_request, v_inner_ec_request_signed_for_pop) == false) {
        log("*** f_http_build_inner_ec_request_with_wrong_parameters: ERROR: Failed to generate InnerEcRequestSignedForPop ***");
        f_selfOrClientSyncAndVerdict("error", e_error);
      }
      log("f_http_build_inner_ec_request_with_wrong_parameters: v_inner_ec_request_signed_for_pop= ", v_inner_ec_request_signed_for_pop);
      
      // Secure InnerEcRequestSignedForPoP message
      if (f_extract_enc_key(vc_eaCertificate, v_public_enc_key, v_compressed_enc_key_mode) == false) {
        log("*** f_http_build_inner_ec_request_with_wrong_parameters: ERROR: Non canonical EA certificate ***");
        f_selfOrClientSyncAndVerdict("error", e_error);
      }
      log("f_http_build_inner_ec_request_with_wrong_parameters: Public encryption key: ", v_public_enc_key);
      log("f_http_build_inner_ec_request_with_wrong_parameters: Public encryption key comp: ", v_compressed_enc_key_mode);
      p_salt := vc_eaWholeHash256; // IEEE 1609.2: If the encryption key was obtained from a certificate c, P1 is SHA-256 (c), where c is the COER encoding of the certificate, canonicalized per 6.4.3.
      if (PICS_SECPKI_REENROLMENT == false) { // This is the first enrolment, we used Factory keys
        var octetstring v_private_key;
        if (PX_VE_ALG == e_nist_p256) {
          v_private_key := PICS_ITS_S_SIGN_NITSP256_PRIVATE_KEY;
        } else if (PX_VE_ALG == e_brainpool_p256_r1) {
          v_private_key := PICS_ITS_S_SIGN_BRAINPOOLP256r1_PRIVATE_KEY;
        } else {
          v_private_key := PICS_ITS_S_SIGN_BRAINPOOLP384r1_PRIVATE_KEY;
        }
        v_result := f_build_pki_secured_request_message_signed_with_pop(v_private_key, valueof(m_signerIdentifier_self), vc_eaHashedId8/*recipientId*/, v_public_enc_key, v_compressed_enc_key_mode, p_salt, bit2oct(encvalue(m_etsiTs102941Data_inner_ec_request_signed_for_pop(v_inner_ec_request_signed_for_pop))), PX_EC_ALG_FOR_EC, -, p_ieee1609dot2_signed_and_encrypted_data, p_aes_sym_key, p_encrypted_sym_key, p_authentication_vector, p_nonce, p_request_hash);
      } else { // We use last valid EC certificate
        // TODO Retrieve EC certificate from the first enrolment instead of PX
        log("f_http_build_inner_ec_request_with_wrong_parameters: v_ec_private_key: ", PX_EC_PRIVATE_KEY);
        log("f_http_build_inner_ec_request_with_wrong_parameters: v_ec_hashed_id8: ", PX_EC_HASHED_ID8);
        v_result := f_build_pki_secured_request_message_signed_with_pop(PX_EC_PRIVATE_KEY, valueof(m_signerIdentifier_digest(PX_EC_HASHED_ID8)), PX_EC_HASHED_ID8/*recipientId*/, v_public_enc_key, v_compressed_enc_key_mode, p_salt, bit2oct(encvalue(m_etsiTs102941Data_inner_ec_request_signed_for_pop(v_inner_ec_request_signed_for_pop))), PX_EC_ALG_FOR_EC, -, p_ieee1609dot2_signed_and_encrypted_data, p_aes_sym_key, p_encrypted_sym_key, p_authentication_vector, p_nonce, p_request_hash);
      }
      if (v_result == false) {
        log("*** f_http_build_inner_ec_request_with_wrong_parameters: ERROR: Failed to generate InnerEcRequestSignedForPop ***");
        f_selfOrClientSyncAndVerdict("error", e_error);
      } else {
        log("f_http_build_inner_ec_request_with_wrong_parameters: p_ieee1609dot2_signed_and_encrypted_data= ", p_ieee1609dot2_signed_and_encrypted_data);
        log("f_http_build_inner_ec_request_with_wrong_parameters: p_request_hash= ", p_request_hash);
      }
    } // End of function f_http_build_inner_ec_request_with_wrong_parameters

    function f_http_build_invalid_enrolment_request(
                                                    out octetstring p_private_key,
                                                    out octetstring p_public_key_compressed,
                                                    out integer p_compressed_mode,
                                                    out Oct16 p_aes_sym_key,
                                                    out Oct16 p_encrypted_sym_key,
                                                    out Oct16 p_authentication_vector,