Abbreviations & Definitions
Abbreviation/Definition | Meaning |
---|---|
CAL | Cryptographic Abstraction Layer |
CPL | Cryptographic Primitive Library |
BCL | BOSCH Cryptographic Library |
E2E | End to end communication protection library |
Crc | CRC Library |
SecuLibs | Security Libraries |
PAC | Package |
COMP | Component |
STCOMP | Structural Component |
I. Overview Security Features
The AUTOSAR standard defines some important security mechanisms that are used by SWCs and other modules in the vehicle system. There are three main security mechanisms are:
- CSM - Crypto Sevice Manager
- CAL - Crypto Abstraction Library
- SecOC - Secure On-board Communication
II. CSM and CAL
The AUTOSAR specifies two crypto modules.
- Crypto Sevice Manager (CSM):
- CSM is located in the service layer of the BSW and provides services for the higher-layer application.
- CSM allows different applications to use the same service to access different cryptographic primitives (cryptographic algorithms).
- Crypto Abstraction Library (CAL):
- The CAL is a static library with a very similar function as the CSM. Because CAL is a library so it isn't related to any of layer in the AUTOSAR architecture
- The CAL provides cryptographic functionality directly by bypassing the RTE.
- The CAL provides C functions that can call directly from other software modules like BSW, SWCs, CDD, etc...
- The CAL shall provide synchronous services to enable unique access to basic cryptographic functionalities for all software modules and software components. The services of CAL depend on cryptographic algorithms and are always executed as a call to a function.
III. CSM and CAL provided Cryptographic Services
1. Services for Cryptography using symmetric Keys
These services utilize symmetric keys. Even if those services are used for handling of asymmetric keys, they are collected there.
2. Services for Cryptography using asymmetric Keys
These services utilize asymmetric keys.
3. Other Cryptographic Services
These services neither utilize symmetric nor asymmetric keys.
IV. About SecuLibs
SecuLibs is within the CUBAS packages and provides currently the following security-related libraries:
- CRC: Cyclic Redundancy Check Library
- E2E: End to End Communication Protection Library
- CAL: Cryptographic Abstraction Library
- CPL: Cryptographic Primitive Library
- rba_BCL: Robert Bosch Cryptographic Library
- Private components are called from other components of PAC: SecuLibs.
- Public components are called from an user interface, other components of PAC: SecuLibs or from the RTE.
V. CAL/CPL in SecuLibs
The AUTOSAR module CAL is realized by the structural component (STCOMP) CAL and the component rba_BCL. Both are parts of the SecuLibs package providing the AUTOSAR modules for data security.
- The CUBAS Standard variant. The CUBAS Standard variant communicates with component Cpl (providing management functions for cryptographic routines) and component rba_BCL (providing cryptographic functions in a narrow sense). It is named CUBAS in the picture
- The Cal_CplBMW as an example for an external cryptographic primitive library. The Cpl_BMW communicates with the external cryptographic library Cpl which is provided by the customer and is not part of the package SecuLibs. Cal_CplBMW component is not used by the platform team its used by only BMW product line.
In our project, we use the CUBAS Standard variant with the structure as below:
From the picture here, we can see that, The structural component CAL (STCOMP: CAL) consists of the components:
- Public COMP: CAL:
- It is a public component and could not be used as a stand-alone component.
- It provides only the public and abstract interfaces for calling cryptographic functionality. To build in the actual cryptographic functions two further components are required: the private component CPL and rba_BCL.
- Private COMP: CPL:
- It is a private component and could not be used stand-alone. It provides the integration code for linking the public and abstract interfaces of COMP: CAL to the private and specific interfaces of COMP: rba_BCL.
- For detail, it maps the abstract interfaces of COMP: CAL to the specific interfaces of COMP: rba_BCL. The mapping depends on an identifier which transported via the parameter list of the abstract function of COMP: CAL. The functions of COMP: CPL are automatically called by the functions of COMP: CAL. The user does not have to interfere. The CPL functions perform the calculation, which is required to call a specific cryptographic functionality of COMP: rba_BCL.
Besides that, STCOMP: CAL and rba_BCL together realize the cryptographic functionality. The cryptographic library rba_BCL (Bosch Cryptographic Library) itself is not a part of the structural component CAL.
- Private COMP: rba_BCL:
- It is a private component and it provides specific cryptographic functions and could not be used stand-alone.
- Its functions are automatically called by the functions of COMP: CAL which are in turn automatically called by the functions of COMP: CAL.
The separation of public and abstract interfaces of COMP: CAL from the private and specific interfaces of COMP: rba_BCL and the linking via an intermediate layer, COMP: CPL, has two major advantages:
- Firstly, this system frees the user from sophisticated details of calling cryptographic functionalities.
- Secondly, the abstract interfaces guarantee a high degree of stability for the user of cryptographic functionalities. The user does not have to rework their software, when the library, which provides the specific cryptographic functions, is replaced or reworked.