Specification of Cryptography

AUTOSAR AP R22-11

4
Description: Processe the final part of message (that may be not aligned to the block-size boundary). If (Is
BytewiseMode() == false) then it must be: bs = GetBlockSize(), out.size() >= (((in.size() + bs *
((CryptoTransform::kEncrypt == GetTransformation().Value()) ? 2 : 1)
1) / bs) * bs) If (IsBytewiseMode() == true) then it must be: out.size() >= in.size() The input and
output buffers must not intersect! Usage of this method is mandatory for processing of the last
data chunk in block-wise modes! This method may be used for processing of a whole message
in a single call (in any mode)! in an input data buffer an output data buffer CryptoError
Domain::kInsufficientCapacity if capacity of the output buffer is not enough CryptoError
Domain::kInOutBuffersIntersect if the input and output buffers intersect CryptoErrorDomain::k
ProcessingNotStarted if data processing was not started by a call ofthe Start() method

c(RS_CRYPTO_02302)
[SWS_CRYPT_23619]{DRAFT} d
Kind: function
Symbol: FinishBytes(ReadOnlyMemRegion in)
Scope: class ara::crypto::cryp::StreamCipherCtx
Syntax: template <typename Alloc = <implementation-defined>>
ara::core::Result<ByteVector<Alloc> > ara::crypto::cryp::StreamCipher
Ctx::FinishBytes (ReadOnlyMemRegion in) noexcept;
Template param: Alloc a custom allocator type of the output container
Parameters (in): in an input data buffer The input buffer must not point
inside the output container!
Return value: ara::core::Result< ByteVector< Alloc > a managed container for output data
>
Exception Safety: noexcept
Thread Safety: Thread-safe
Errors: CryptoErrorDomain::kInsufficient if capacity of the output container is not enough
Capacity
CryptoErrorDomain::kInOutBuffers if the input and output buffers intersect
Intersect
CryptoErrorDomain::kProcessingNot if data processing was not started by a call of the
Started Start() method
Header file: #include "ara/crypto/cryp/stream_cipher_ctx.h"
Description: Processe the final part of message (that may be not aligned to the block-size boundary). This
method sets the size of the output container according to actually saved value. If (IsBytewise
Mode() == false) then it must be: bs = GetBlockSize(), out.capacity() >= (((in.size() + bs *
((CryptoTransform::kEncrypt == GetTransformation.Value()) ? 2 : 1) - 1) / bs) * bs) If (Is
BytewiseMode() == true) then it must be: out.capacity() >= in.size() Usage of this method is
mandatory for processing of the last data chunk in block-wise modes! This method may be
used for processing of a whole message in a single call (in any mode)!

c(RS_CRYPTO_02302)
[SWS_CRYPT_23602]{DRAFT} d
Kind: function
Symbol: GetBlockService()
Scope: class ara::crypto::cryp::StreamCipherCtx
Syntax: virtual BlockService::Uptr ara::crypto::cryp::StreamCipherCtx::Get
BlockService () const noexcept=0;
Return value: BlockService::Uptr –
5

211 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

4
Exception Safety: noexcept
Header file: #include "ara/crypto/cryp/stream_cipher_ctx.h"
Description: Get BlockService instance.

c(RS_CRYPTO_02006)
[SWS_CRYPT_23611]{DRAFT} d
Kind: function
Symbol: IsBytewiseMode()
Scope: class ara::crypto::cryp::StreamCipherCtx
Syntax: virtual bool ara::crypto::cryp::StreamCipherCtx::IsBytewiseMode ()
const noexcept=0;
Return value: bool true if the mode can process messages the
byte-by-byte (without padding up to the block
boundary) and false if only the block-by-block (only
full blocks can be processed, the padding is
mandatory)
Exception Safety: noexcept
Thread Safety: Thread-safe
Header file: #include "ara/crypto/cryp/stream_cipher_ctx.h"
Description: Check the operation mode for the bytewise property.

c(RS_CRYPTO_02309)
[SWS_CRYPT_23624]{DRAFT} d
Kind: function
Symbol: GetTransformation()
Scope: class ara::crypto::cryp::StreamCipherCtx
Syntax: virtual ara::core::Result<CryptoTransform> ara::crypto::cryp::Stream
CipherCtx::GetTransformation () const noexcept=0;
Return value: ara::core::Result< CryptoTransform > CryptoTransform
Exception Safety: noexcept
Thread Safety: Thread-safe
Errors: CryptoErrorDomain::kUninitialized if the transformation direction of this context is
Context configurable during an initialization, but the context
was not initialized yet
Header file: #include "ara/crypto/cryp/stream_cipher_ctx.h"
Description: Get the kind of transformation configured for this context: kEncrypt or kDecrypt.

c(RS_CRYPTO_02309)
[SWS_CRYPT_23612]{DRAFT} d
Kind: function
Symbol: IsSeekableMode()
Scope: class ara::crypto::cryp::StreamCipherCtx
5

212 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

4
Syntax: virtual bool ara::crypto::cryp::StreamCipherCtx::IsSeekableMode ()
const noexcept=0;
Return value: bool true the seek operation is supported in the current
mode and false otherwise
Exception Safety: noexcept
Thread Safety: Thread-safe
Header file: #include "ara/crypto/cryp/stream_cipher_ctx.h"
Description: Check if the seek operation is supported in the current mode.

c(RS_CRYPTO_02309)
[SWS_CRYPT_23614]{DRAFT} d
Kind: function
Symbol: ProcessBlocks(ReadOnlyMemRegion in)
Scope: class ara::crypto::cryp::StreamCipherCtx
Syntax: virtual ara::core::Result<ara::core::Vector<ara::core::Byte> >
ara::crypto::cryp::StreamCipherCtx::ProcessBlocks (ReadOnlyMemRegion
in) noexcept=0;
Parameters (in): in an input data buffer
Return value: ara::core::Result< ara::core::Vector< an output data buffer
ara::core::Byte > >
Exception Safety: noexcept
Thread Safety: Thread-safe
Errors: CryptoErrorDomain::kIncompatible if sizes of the input and output buffers are not equal
Arguments
CryptoErrorDomain::kInvalidInputSize if size of the input buffer is not divisible by the block
size (see GetBlockSize())
CryptoErrorDomain::kInOutBuffers if the input and output buffers partially intersect
Intersect
CryptoErrorDomain::kInvalidUsage if this method is called after processing of
Order non-aligned data (to the block-size boundary)
CryptoErrorDomain::kProcessingNot if the data processing was not started by a call of the
Started Start() method
Header file: #include "ara/crypto/cryp/stream_cipher_ctx.h"
Description: Processe initial parts of message aligned to the block-size boundary. It is a copy-optimized
method that doesn’t use the internal cache buffer! It can be used only before processing of any
non-aligned to the block-size boundary data. Pointers to the input and output buffers must be
aligned to the block-size boundary! The input and output buffers may completely coincide, but
they must not partially intersect!

c(RS_CRYPTO_02302)
[SWS_CRYPT_23615]{DRAFT} d
Kind: function
Symbol: ProcessBlocks(ReadWriteMemRegion inOut)
Scope: class ara::crypto::cryp::StreamCipherCtx
Syntax: virtual ara::core::Result<void> ara::crypto::cryp::StreamCipher
Ctx::ProcessBlocks (ReadWriteMemRegion inOut) noexcept=0;
5

213 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

4
Parameters (inout): inOut an input and output data buffer, i.e. the whole buffer
should be updated
Return value: ara::core::Result< void > –
Exception Safety: noexcept
Thread Safety: Thread-safe
Errors: CryptoErrorDomain::kInvalidInputSize if size of the inOut buffer is not divisible by the block
size (see GetBlockSize())
CryptoErrorDomain::kInvalidUsage if this method is called after processing of
Order non-aligned data (to the block-size boundary)
CryptoErrorDomain::kProcessingNot if the data processing was not started by a call of the
Started Start() method
Header file: #include "ara/crypto/cryp/stream_cipher_ctx.h"
Description: Processe initial parts of message aligned to the block-size boundary. It is a copy-optimized
method that doesn’t use internal cache buffer! It can be used up to first non-block aligned data
processing. Pointer to the input-output buffer must be aligned to the block-size boundary!

c(RS_CRYPTO_02302)
[SWS_CRYPT_23616]{DRAFT} d
Kind: function
Symbol: ProcessBytes(ReadOnlyMemRegion in)
Scope: class ara::crypto::cryp::StreamCipherCtx
Syntax: virtual ara::core::Result<ara::core::Vector<ara::core::Byte> >
ara::crypto::cryp::StreamCipherCtx::ProcessBytes (ReadOnlyMemRegion
in) noexcept=0;
Parameters (in): in an input data buffer
Return value: ara::core::Result< ara::core::Vector< an output data buffer
ara::core::Byte > >
Exception Safety: noexcept
Thread Safety: Thread-safe
Errors: CryptoErrorDomain::kInsufficient if the output buffer has capacity insufficient for
Capacity placing of the transformation result
CryptoErrorDomain::kInOutBuffers if the input and output buffers intersect
Intersect
CryptoErrorDomain::kProcessingNot if data processing was not started by a call of the
Started Start() method
Header file: #include "ara/crypto/cryp/stream_cipher_ctx.h"
Description: Processe a non-final part of message (that is not aligned to the block-size boundary). If (Is
BytewiseMode() == false) then it must be: bs = GetBlockSize(), out.size() >= (((in.size() + bs -
1) / bs) * bs) If (IsBytewiseMode() == true) then it must be: out.size() >= in.size() The input and
output buffers must not intersect! This method is "copy inefficient", therefore it should be used
only in conditions when an application cannot control the chunking of the original message!

c(RS_CRYPTO_02302)
[SWS_CRYPT_23617]{DRAFT} d
Kind: function
Symbol: ProcessBytes(ReadOnlyMemRegion in)
Scope: class ara::crypto::cryp::StreamCipherCtx
5

214 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

4
Syntax: template <typename Alloc = <implementation-defined>>
ara::core::Result<ByteVector<Alloc> > ara::crypto::cryp::StreamCipher
Ctx::ProcessBytes (ReadOnlyMemRegion in) noexcept;
Template param: Alloc a custom allocator type of the output container
Parameters (in): in an input data buffer
Return value: ara::core::Result< ByteVector< Alloc > a managed container for the output data
>
Exception Safety: noexcept
Thread Safety: Thread-safe
Errors: CryptoErrorDomain::kInsufficient if capacity of the output container is not enough
Capacity
CryptoErrorDomain::kInOutBuffers if the input buffer points inside of the preallocated
Intersect output container
: CryptoErrorDomain::kProcessingNotStarted if data
processing was not started by a call of the Start()
method
Header file: #include "ara/crypto/cryp/stream_cipher_ctx.h"
Description: Processes a non-final part of message (that is not aligned to the block-size boundary). This
method sets size of the output container according to actually saved value. If (IsBytewiseMode()
== false) then it must be: bs = GetBlockSize(), out.capacity() >= (((in.size() + bs - 1) / bs) * bs) If
(IsBytewiseMode() == true) then it must be: out.capacity() >= in.size() This method is "copy
inefficient", therefore it should be used only in conditions when an application cannot control the
chunking of the original message! The input buffer must not point inside the output container!

c(RS_CRYPTO_02302)
[SWS_CRYPT_23627]{DRAFT} d
Kind: function
Symbol: Reset()
Scope: class ara::crypto::cryp::StreamCipherCtx
Syntax: virtual ara::core::Result<void> ara::crypto::cryp::StreamCipher
Ctx::Reset () noexcept=0;
Return value: ara::core::Result< void > –
Exception Safety: noexcept
Thread Safety: Thread-safe
Header file: #include "ara/crypto/cryp/stream_cipher_ctx.h"
Description: Clear the crypto context.

c(RS_CRYPTO_02108)
[SWS_CRYPT_23613]{DRAFT} d
Kind: function
Symbol: Seek(std::int64_t offset, bool fromBegin=true)
Scope: class ara::crypto::cryp::StreamCipherCtx
Syntax: virtual ara::core::Result<void> ara::crypto::cryp::StreamCipher
Ctx::Seek (std::int64_t offset, bool fromBegin=true) noexcept=0;
Parameters (in): offset the offset value in bytes, relative to begin or current
position in the gamma stream
fromBegin the starting point for positioning within the stream:
from begin (if true) or from current position (if false)
5

215 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

4
Return value: ara::core::Result< void > –
Exception Safety: noexcept
Thread Safety: Thread-safe
Errors: CryptoErrorDomain::kUnsupported if the seek operation is not supported by the current
mode
CryptoErrorDomain::kProcessingNot if the data processing was not started by a call of the
Started Start() method
CryptoErrorDomain::kBelowBoundary if the offset value is incorrect (in context of the the
fromBegin argument), i.e. it points before begin of
the stream (note: it is an optional error condition)
CryptoErrorDomain::kInvalidArgument if the offset is not aligned to the required boundary
(see IsBytewiseMode())
Header file: #include "ara/crypto/cryp/stream_cipher_ctx.h"
Description: Set the position of the next byte within the stream of the encryption/decryption gamma.

c(RS_CRYPTO_02304)
[SWS_CRYPT_23623]{DRAFT} d
Kind: function
Symbol: SetKey(const SymmetricKey &key, CryptoTransform transform=CryptoTransform::kEncrypt)
Scope: class ara::crypto::cryp::StreamCipherCtx
Syntax: virtual ara::core::Result<void> ara::crypto::cryp::StreamCipher
Ctx::SetKey (const SymmetricKey &key, CryptoTransform transform=Crypto
Transform::kEncrypt) noexcept=0;
Parameters (in): key the source key object
transform the "direction" indicator: deploy the key for direct
transformation (if true) or for reverse one (if false)
Return value: ara::core::Result< void > –
Exception Safety: noexcept
Thread Safety: Thread-safe
Errors: CryptoErrorDomain::kIncompatible if the provided key object is incompatible with this
Object symmetric key context
CryptoErrorDomain::kUsageViolation if the transformation type associated with this
context (taking into account the direction specified
by transform) is prohibited by the "allowed usage"
restrictions of provided key object
Header file: #include "ara/crypto/cryp/stream_cipher_ctx.h"
Description: Set (deploy) a key to the stream chiper algorithm context.

c(RS_CRYPTO_02001, RS_CRYPTO_02003)
[SWS_CRYPT_23625]{DRAFT} d
Kind: function
Symbol: Start(ReadOnlyMemRegion iv=ReadOnlyMemRegion())
Scope: class ara::crypto::cryp::StreamCipherCtx
Syntax: virtual ara::core::Result<void> ara::crypto::cryp::StreamCipher
Ctx::Start (ReadOnlyMemRegion iv=ReadOnlyMemRegion()) noexcept=0;
Parameters (in): iv an optional Initialization Vector (IV) or "nonce" value
5

216 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

4
Return value: ara::core::Result< void > –
Exception Safety: noexcept
Thread Safety: Thread-safe
Errors: CryptoErrorDomain::kUninitialized if the context was not initialized by deploying a key
Context
CryptoErrorDomain::kInvalidInputSize if the size of provided IV is not supported (i.e. if it is
not enough for the initialization)
CryptoErrorDomain::kUnsupported if the base algorithm (or its current implementation)
principally doesn’t support the IV variation, but
provided IV value is not empty, i.e. if (iv.empty() ==
false)
Header file: #include "ara/crypto/cryp/stream_cipher_ctx.h"
Description: Initialize the context for a new data stream processing or generation (depending from the
primitive). If IV size is greater than maximally supported by the algorithm then an
implementation may use the leading bytes only from the sequence.

c(RS_CRYPTO_02302)
[SWS_CRYPT_23626]{DRAFT} d
Kind: function
Symbol: Start(const SecretSeed &iv)
Scope: class ara::crypto::cryp::StreamCipherCtx
Syntax: virtual ara::core::Result<void> ara::crypto::cryp::StreamCipher
Ctx::Start (const SecretSeed &iv) noexcept=0;
Parameters (in): iv the Initialization Vector (IV) or "nonce" object
Return value: ara::core::Result< void > –
Exception Safety: noexcept
Thread Safety: Thread-safe
Errors: CryptoErrorDomain::kUninitialized if the context was not initialized by deploying a key
Context
CryptoErrorDomain::kInvalidInputSize if the size of provided IV is not supported (i.e. if it is
not enough for the initialization)
CryptoErrorDomain::kUnsupported if the base algorithm (or its current implementation)
principally doesn’t support the IV variation
CryptoErrorDomain::kUsageViolation if this transformation type is prohibited by the
"allowed usage" restrictions of the provided Secret
Seed object
Header file: #include "ara/crypto/cryp/stream_cipher_ctx.h"
Description: Initialize the context for a new data stream processing or generation (depending from the
primitive). If IV size is greater than maximally supported by the algorithm then an
implementation may use the leading bytes only from the sequence.

c(RS_CRYPTO_02302)
[SWS_CRYPT_23702]{DRAFT} d
Kind: function
Symbol: GetCryptoService()
Scope: class ara::crypto::cryp::SymmetricBlockCipherCtx
Syntax: virtual CryptoService::Uptr ara::crypto::cryp::SymmetricBlockCipher
Ctx::GetCryptoService () const noexcept=0;
5

217 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

4
Return value: CryptoService::Uptr –
Exception Safety: noexcept
Header file: #include "ara/crypto/cryp/symmetric_block_cipher_ctx.h"
Description: Get CryptoService instance.

c(RS_CRYPTO_02006)
[SWS_CRYPT_23711]{DRAFT} d
Kind: function
Symbol: GetTransformation()
Scope: class ara::crypto::cryp::SymmetricBlockCipherCtx
Syntax: virtual ara::core::Result<CryptoTransform>
ara::crypto::cryp::SymmetricBlockCipherCtx::GetTransformation () const
noexcept=0;
Return value: ara::core::Result< CryptoTransform > CryptoTransform
Exception Safety: noexcept
Thread Safety: Thread-safe
Errors: CryptoErrorDomain::kUninitialized if SetKey() has not been called yet.
Context,
Header file: #include "ara/crypto/cryp/symmetric_block_cipher_ctx.h"
Description: Get the kind of transformation configured for this context: kEncrypt or kDecrypt.

c(RS_CRYPTO_02309)
[SWS_CRYPT_23716]{DRAFT} d
Kind: function
Symbol: ProcessBlock(ReadOnlyMemRegion in, bool suppressPadding=false)
Scope: class ara::crypto::cryp::SymmetricBlockCipherCtx
Syntax: virtual ara::core::Result<ara::core::Vector<ara::core::Byte> >
ara::crypto::cryp::SymmetricBlockCipherCtx::ProcessBlock (ReadOnlyMem
Region in, bool suppressPadding=false) const noexcept=0;
Parameters (in): in the input data block
suppressPadding if true then this method doesn’t apply padding,
hence the input buffer be of the same size as the
block-size, i.e. either the data to be processed
exactly fits the block-size or the user must apply
padding to the same effect.
Return value: ara::core::Result< ara::core::Vector< the output buffer containing the transformation result
ara::core::Byte > >
Exception Safety: noexcept
Thread Safety: Thread-safe
Errors: : CryptoErrorDomain::kInvalidInputSize if the boolean
parameter \ARApiRef{suppressPadding} was set to
TRUE and the provided input buffer does not match
the block-size.
CryptoErrorDomain::kUninitialized if the context was not initialized by calling SetKey()
Context
Header file: #include "ara/crypto/cryp/symmetric_block_cipher_ctx.h"
Description: Process (encrypt / decrypt) an input block according to the configuration.

c(RS_CRYPTO_02201)

218 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

[SWS_CRYPT_23717]{DRAFT} d
Kind: function
Symbol: ProcessBlock(ReadOnlyMemRegion in, bool suppressPadding=false)
Scope: class ara::crypto::cryp::SymmetricBlockCipherCtx
Syntax: template <typename Alloc = <implementation-defined>>
ara::core::Result<ByteVector<Alloc> > ara::crypto::cryp::Symmetric
BlockCipherCtx::ProcessBlock (ReadOnlyMemRegion in, bool suppress
Padding=false) const noexcept;
Template param: Alloc a custom allocator type of the output container
Parameters (in): in the input data block
suppressPadding if true then the method doesn’t apply the padding,
but the payload should fill the whole block of the
plain data
Return value: ara::core::Result< ByteVector< Alloc > the managed container for output block
>
Exception Safety: noexcept
Thread Safety: Thread-safe
Errors: CryptoErrorDomain::kIncorrectInput if the mentioned above rules about the input size is
Size violated
CryptoErrorDomain::kInsufficient if the out.size() is not enough to store the
Capacity transformation result
CryptoErrorDomain::kUninitialized if the context was not initialized by a key value
Context
Header file: #include "ara/crypto/cryp/symmetric_block_cipher_ctx.h"
Description: Process (encrypt / decrypt) an input block according to the configuration.

c(RS_CRYPTO_02201)
[SWS_CRYPT_23715]{DRAFT} d
Kind: function
Symbol: ProcessBlocks(ReadOnlyMemRegion in)
Scope: class ara::crypto::cryp::SymmetricBlockCipherCtx
Syntax: virtual ara::core::Result<ara::core::Vector<ara::core::Byte> >
ara::crypto::cryp::SymmetricBlockCipherCtx::ProcessBlocks (ReadOnlyMem
Region in) const noexcept=0;
Parameters (in): in an input data buffer
Return value: ara::core::Result< ara::core::Vector< an output data buffer
ara::core::Byte > >
Exception Safety: noexcept
Thread Safety: Thread-safe
Errors: CryptoErrorDomain::kUninitialized if the context was not initialized by a key value
Context
CryptoErrorDomain::kInvalidInputSize if size of the input buffer is not divisible by the block
size (see GetBlockSize())
Header file: #include "ara/crypto/cryp/symmetric_block_cipher_ctx.h"
Description: Process (encrypt / decrypt) an input block according to the configuration. The in must have a
size that is divisible by the block size (see GetBlockSize()). The pointer to the input buffer must
be aligned to the block-size boundary!

c(RS_CRYPTO_02302)

219 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

[SWS_CRYPT_23712]{DRAFT} d
Kind: function
Symbol: Reset()
Scope: class ara::crypto::cryp::SymmetricBlockCipherCtx
Syntax: virtual ara::core::Result<void> ara::crypto::cryp::SymmetricBlock
CipherCtx::Reset () noexcept=0;
Return value: ara::core::Result< void > true if the transformation requires the maximum size
of input data and false otherwise
Exception Safety: noexcept
Thread Safety: Thread-safe
Errors: CryptoErrorDomain::kUninitialized if the transformation direction of this context is
Context configurable during an initialization, but the context
was not initialized yet
Header file: #include "ara/crypto/cryp/symmetric_block_cipher_ctx.h"
Description: Indicate that the currently configured transformation accepts only complete blocks of input data.
Clear the crypto context.

c(RS_CRYPTO_02309, RS_CRYPTO_02108)
[SWS_CRYPT_23710]{DRAFT} d
Kind: function
Symbol: SetKey(const SymmetricKey &key, CryptoTransform transform=CryptoTransform::kEncrypt)
Scope: class ara::crypto::cryp::SymmetricBlockCipherCtx
Syntax: virtual ara::core::Result<void> ara::crypto::cryp::SymmetricBlock
CipherCtx::SetKey (const SymmetricKey &key, CryptoTransform
transform=CryptoTransform::kEncrypt) noexcept=0;
Parameters (in): key the source key object
transform the "direction" indicator: deploy the key for direct
transformation (if true) or for reverse one (if false)
Return value: ara::core::Result< void > –
Exception Safety: noexcept
Thread Safety: Thread-safe
Errors: CryptoErrorDomain::kIncompatible if the provided key object belongs to a different
Object CryptoProvider instance
CryptoErrorDomain::kUsageViolation if the transformation type associated with this
context (taking into account the direction specified
by transform) is prohibited by the "allowed usage"
restrictions of provided key object
Header file: #include "ara/crypto/cryp/symmetric_block_cipher_ctx.h"
Description: Set (deploy) a key to the symmetric algorithm context.

c(RS_CRYPTO_02001, RS_CRYPTO_02003)
[SWS_CRYPT_24013]{DRAFT} d
Kind: function
Symbol: CalculateWrappedKeySize(std::size_t keyLength)
Scope: class ara::crypto::cryp::SymmetricKeyWrapperCtx
Syntax: virtual std::size_t ara::crypto::cryp::SymmetricKeyWrapper
Ctx::CalculateWrappedKeySize (std::size_t keyLength) const noexcept=0;
5

220 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

4
Parameters (in): keyLength original key length in bits
Return value: std::size_t size of the wrapped key in bytes
Exception Safety: noexcept
Thread Safety: Thread-safe
Header file: #include "ara/crypto/cryp/symmetric_key_wrapper_ctx.h"
Description: Calculate size of the wrapped key in bytes from original key length in bits. This method can be
useful for some implementations different from RFC3394 / RFC5649.

c(RS_CRYPTO_02201)
[SWS_CRYPT_24002]{DRAFT} d
Kind: function
Symbol: GetExtensionService()
Scope: class ara::crypto::cryp::SymmetricKeyWrapperCtx
Syntax: virtual ExtensionService::Uptr ara::crypto::cryp::SymmetricKeyWrapper
Ctx::GetExtensionService () const noexcept=0;
Return value: ExtensionService::Uptr –
Exception Safety: noexcept
Header file: #include "ara/crypto/cryp/symmetric_key_wrapper_ctx.h"
Description: Get ExtensionService instance.

c(RS_CRYPTO_02006)
[SWS_CRYPT_24012]{DRAFT} d
Kind: function
Symbol: GetMaxTargetKeyLength()
Scope: class ara::crypto::cryp::SymmetricKeyWrapperCtx
Syntax: virtual std::size_t ara::crypto::cryp::SymmetricKeyWrapperCtx::GetMax
TargetKeyLength () const noexcept=0;
Return value: std::size_t maximum length of the target key in bits
Exception Safety: noexcept
Thread Safety: Thread-safe
Header file: #include "ara/crypto/cryp/symmetric_key_wrapper_ctx.h"
Description: Get maximum length of the target key supported by the implementation. This method can be
useful for some implementations different from RFC3394 / RFC5649.

c(RS_CRYPTO_02201)
[SWS_CRYPT_24011]{DRAFT} d
Kind: function
Symbol: GetTargetKeyGranularity()
Scope: class ara::crypto::cryp::SymmetricKeyWrapperCtx
Syntax: virtual std::size_t ara::crypto::cryp::SymmetricKeyWrapperCtx::Get
TargetKeyGranularity () const noexcept=0;
Return value: std::size_t size of the block in bytes
Exception Safety: noexcept
5

221 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

4
Thread Safety: Thread-safe
Header file: #include "ara/crypto/cryp/symmetric_key_wrapper_ctx.h"
Description: Get expected granularity of the target key (block size). If the class implements RFC3394 (KW
without padding) then this method should return 8 (i.e. 8 octets = 64 bits). If the class
implements RFC5649 (KW with padding) then this method should return 1 (i.e. 1 octet = 8 bits).

c(RS_CRYPTO_02201)
[SWS_CRYPT_24019]{DRAFT} d
Kind: function
Symbol: Reset()
Scope: class ara::crypto::cryp::SymmetricKeyWrapperCtx
Syntax: virtual ara::core::Result<void> ara::crypto::cryp::SymmetricKeyWrapper
Ctx::Reset () noexcept=0;
Return value: ara::core::Result< void > –
Exception Safety: noexcept
Thread Safety: Thread-safe
Header file: #include "ara/crypto/cryp/symmetric_key_wrapper_ctx.h"
Description: Clear the crypto context.

c(RS_CRYPTO_02108)
[SWS_CRYPT_24018]{DRAFT} d
Kind: function
Symbol: SetKey(const SymmetricKey &key, CryptoTransform transform)
Scope: class ara::crypto::cryp::SymmetricKeyWrapperCtx
Syntax: virtual ara::core::Result<void> ara::crypto::cryp::SymmetricKeyWrapper
Ctx::SetKey (const SymmetricKey &key, CryptoTransform transform)
noexcept=0;
Parameters (in): key the source key object
transform the "direction" indicator: deploy the key for direct
transformation (if true) or for reverse one (if false)
Return value: ara::core::Result< void > –
Exception Safety: noexcept
Thread Safety: Thread-safe
Errors: CryptoErrorDomain::kIncompatible if the provided key object is incompatible with this
Object symmetric key context
CryptoErrorDomain::kUsageViolation if the transformation type associated with this
context (taking into account the direction specified
by transform) is prohibited by the "allowed usage"
restrictions of provided key object
Header file: #include "ara/crypto/cryp/symmetric_key_wrapper_ctx.h"
Description: Set (deploy) a key to the symmetric key wrapper algorithm context.

c(RS_CRYPTO_02001, RS_CRYPTO_02003)

222 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

[SWS_CRYPT_24017]{DRAFT} d
Kind: function
Symbol: UnwrapConcreteKey(ReadOnlyMemRegion wrappedKey, AlgId algId, AllowedUsageFlags
allowedUsage)
Scope: class ara::crypto::cryp::SymmetricKeyWrapperCtx
Syntax: template <typename ExpectedKey>
ara::core::Result<typename ExpectedKey::Uptrc>
ara::crypto::cryp::SymmetricKeyWrapperCtx::UnwrapConcreteKey (ReadOnly
MemRegion wrappedKey, AlgId algId, AllowedUsageFlags allowedUsage)
noexcept;
Template param: ExpectedKey the expected type of concrete key
Parameters (in): wrappedKey a memory region that contains wrapped key
algId an identifier of the target symmetric crypto algorithm
allowedUsage bit-flags that define a list of allowed transformations’
types in which the target key can be used
Return value: ara::core::Result< typename Expected unique smart pointer to ExpectedKey object, which
Key::Uptrc > keeps unwrapped key material
Exception Safety: noexcept
Errors: CryptoErrorDomain::kInvalidInputSize if the size of provided wrapped key is unsupported
CryptoErrorDomain::kUninitialized if the context was not initialized by a key value
Context
Header file: #include "ara/crypto/cryp/symmetric_key_wrapper_ctx.h"
Description: Execute the "key unwrap" operation for provided BLOB and produce a Key object of expected
type. For additional details see UnwrapKey()

c(RS_CRYPTO_02115)
[SWS_CRYPT_24016]{DRAFT} d
Kind: function
Symbol: UnwrapKey(ReadOnlyMemRegion wrappedKey, AlgId algId, AllowedUsageFlags allowed
Usage)
Scope: class ara::crypto::cryp::SymmetricKeyWrapperCtx
Syntax: virtual ara::core::Result<RestrictedUseObject::Uptrc>
ara::crypto::cryp::SymmetricKeyWrapperCtx::UnwrapKey (ReadOnlyMem
Region wrappedKey, AlgId algId, AllowedUsageFlags allowedUsage) const
noexcept=0;
Parameters (in): wrappedKey a memory region that contains wrapped key
algId an identifier of the target symmetric crypto algorithm
allowedUsage bit-flags that define a list of allowed transformations’
types in which the target key can be used
Return value: ara::core::Result< RestrictedUse unique smart pointer to Key object, which keeps
Object::Uptrc > unwrapped key material
Exception Safety: noexcept
Thread Safety: Thread-safe
Errors: CryptoErrorDomain::kInvalidInputSize if the size of provided wrapped key is unsupported
CryptoErrorDomain::kUninitialized if the context was not initialized by a key value
Context
Header file: #include "ara/crypto/cryp/symmetric_key_wrapper_ctx.h"
5

223 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

4
Description: Execute the "key unwrap" operation for provided BLOB and produce Key object. This method
should be compliant to RFC3394 or RFC5649, if implementation is based on the AES block
cipher and applied to an AES key. The created Key object has following attributes: session and
non-exportable (because it was imported without meta-information)! SymmetricKey may be
unwrapped in following way: SymmetricKey::Uptrc key = SymmetricKey::Cast(Unwrap
Key(wrappedKey, ...)); PrivateKey may be unwrapped in following way: PrivateKey::Uptrc key =
PrivateKey::Cast(UnwrapKey(wrappedKey, ...)); In both examples the Cast() method may
additionally throw the BadObjectTypeException if an actual type of the unwrapped key differs
from the target one!

c(RS_CRYPTO_02115)
[SWS_CRYPT_24015]{DRAFT} d
Kind: function
Symbol: UnwrapSeed(ReadOnlyMemRegion wrappedSeed, AlgId targetAlgId, SecretSeed::Usage
allowedUsage)
Scope: class ara::crypto::cryp::SymmetricKeyWrapperCtx
Syntax: virtual ara::core::Result<SecretSeed::Uptrc>
ara::crypto::cryp::SymmetricKeyWrapperCtx::UnwrapSeed (ReadOnlyMem
Region wrappedSeed, AlgId targetAlgId, SecretSeed::Usage allowedUsage)
const noexcept=0;
Parameters (in): wrappedSeed a memory region that contains wrapped seed
targetAlgId the target symmetric algorithm identifier (also
defines a target seed-length)
allowedUsage allowed usage scope of the target seed
Return value: ara::core::Result< SecretSeed::Uptrc > unique smart pointer to SecretSeed object, which
keeps unwrapped key material
Exception Safety: noexcept
Thread Safety: Thread-safe
Errors: CryptoErrorDomain::kInvalidInputSize if the size of provided wrapped seed is unsupported
CryptoErrorDomain::kUninitialized if the context was not initialized by a key value
Context
Header file: #include "ara/crypto/cryp/symmetric_key_wrapper_ctx.h"
Description: Execute the "key unwrap" operation for provided BLOB and produce SecretSeed object. This
method should be compliant to RFC3394 or RFC5649, if implementation is based on the AES
block cipher and applied to an AES key material. The created SecretSeed object has following
attributes: session and non-exportable (because it was imported without meta-information).

c(RS_CRYPTO_02007)
[SWS_CRYPT_24014]{DRAFT} d
Kind: function
Symbol: WrapKeyMaterial(const RestrictedUseObject &key)
Scope: class ara::crypto::cryp::SymmetricKeyWrapperCtx
Syntax: virtual ara::core::Result<ara::core::Vector<ara::core::Byte> >
ara::crypto::cryp::SymmetricKeyWrapperCtx::WrapKeyMaterial (const
RestrictedUseObject &key) const noexcept=0;
Parameters (in): key a key that should be wrapped
Return value: ara::core::Result< ara::core::Vector< –
ara::core::Byte > >
Exception Safety: noexcept
5

224 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

4
Thread Safety: Thread-safe
Errors: CryptoErrorDomain::kInsufficient if the size of the wrapped buffer is not enough for
Capacity storing the result
CryptoErrorDomain::kInvalidInputSize if the key object has an unsupported length
CryptoErrorDomain::kUninitialized if the context was not initialized by a key value
Context
Header file: #include "ara/crypto/cryp/symmetric_key_wrapper_ctx.h"
Description: Execute the "key wrap" operation for the provided key material. This method should be
compliant to RFC3394 or RFC5649, if an implementation is based on the AES block cipher and
applied to an AES key. Method CalculateWrappedKeySize() can be used for size calculation of
the required output buffer.

c(RS_CRYPTO_02201)
[SWS_CRYPT_24102]{DRAFT} d
Kind: function
Symbol: GetSignatureService()
Scope: class ara::crypto::cryp::VerifierPublicCtx
Syntax: virtual SignatureService::Uptr ara::crypto::cryp::VerifierPublic
Ctx::GetSignatureService () const noexcept=0;
Return value: SignatureService::Uptr –
Exception Safety: noexcept
Header file: #include "ara/crypto/cryp/verifier_public_ctx.h"
Description: Extension service member class.

c(RS_CRYPTO_02006)
[SWS_CRYPT_24116]{DRAFT} d
Kind: function
Symbol: Reset()
Scope: class ara::crypto::cryp::VerifierPublicCtx
Syntax: virtual ara::core::Result<void> ara::crypto::cryp::VerifierPublic
Ctx::Reset () noexcept=0;
Return value: ara::core::Result< void > –
Exception Safety: noexcept
Thread Safety: Thread-safe
Header file: #include "ara/crypto/cryp/verifier_public_ctx.h"
Description: Clear the crypto context.

c(RS_CRYPTO_02108)
[SWS_CRYPT_24115]{DRAFT} d
Kind: function
Symbol: SetKey(const PublicKey &key)
Scope: class ara::crypto::cryp::VerifierPublicCtx
Syntax: virtual ara::core::Result<void> ara::crypto::cryp::VerifierPublic
Ctx::SetKey (const PublicKey &key) noexcept=0;
5

225 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

4
Parameters (in): key the source key object
Return value: ara::core::Result< void > –
Exception Safety: noexcept
Thread Safety: Thread-safe
Errors: CryptoErrc::kIncompatibleObject if the provided key object is incompatible with this
symmetric key context
CryptoErrc::kUsageViolation if the transformation type associated with this
context is prohibited by the "allowed usage"
restrictions of provided key object
Header file: #include "ara/crypto/cryp/verifier_public_ctx.h"
Description: Set (deploy) a key to the verifier public algorithm context.

c(RS_CRYPTO_02001, RS_CRYPTO_02003)
[SWS_CRYPT_24111]{DRAFT} d
Kind: function
Symbol: VerifyPrehashed(CryptoAlgId hashAlgId, ReadOnlyMemRegion hashValue, const Signature
&signature, ReadOnlyMemRegion context=ReadOnlyMemRegion())
Scope: class ara::crypto::cryp::VerifierPublicCtx
Syntax: virtual ara::core::Result<bool> ara::crypto::cryp::VerifierPublic
Ctx::VerifyPrehashed (CryptoAlgId hashAlgId, ReadOnlyMemRegion hash
Value, const Signature &signature, ReadOnlyMemRegion context=ReadOnly
MemRegion()) const noexcept=0;
Parameters (in): hashAlgId hash function algorithm ID
hashValue hash function value (resulting digest without any
truncations)
signature the signature object for verification
context an optional user supplied "context" (its support
depends from concrete algorithm)
Return value: ara::core::Result< bool > true if the signature was verified successfully and
false otherwise
Exception Safety: noexcept
Thread Safety: Thread-safe
Errors: CryptoErrc::kProcessingNotFinished if the method hashFn.Finish() was not called before
this method call
CryptoErrc::kInvalidArgument if the CryptoAlgId of hashFn differs from the Crypto
AlgId of this context
CryptoErrc::kInvalidInputSize if the size of the supplied context is incompatible
with the configured signature algorithm.
Header file: #include "ara/crypto/cryp/verifier_public_ctx.h"
Description: Verify signature by a digest value stored in the hash-function context. This is a pass-through
interface to SWS_CRYPT_24113 for developer convenience, i.e. it adds additional input checks
amd then calls the verify() interface from SWS_CRYPT_24113.

c(RS_CRYPTO_02204)

226 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

[SWS_CRYPT_24112]{DRAFT} d
Kind: function
Symbol: Verify(ReadOnlyMemRegion value, ReadOnlyMemRegion signature, ReadOnlyMemRegion
context=ReadOnlyMemRegion())
Scope: class ara::crypto::cryp::VerifierPublicCtx
Syntax: virtual ara::core::Result<bool> ara::crypto::cryp::VerifierPublic
Ctx::Verify (ReadOnlyMemRegion value, ReadOnlyMemRegion signature,
ReadOnlyMemRegion context=ReadOnlyMemRegion()) const noexcept=0;
Parameters (in): value the (pre-)hashed or direct message value that
should be verified
signature the signature BLOB for the verification (the BLOB
contains a plain sequence of the digital signature
components located in fixed/maximum length fields
defined by the algorithm specification, and each
component is presented by a raw bytes sequence
padded by zeroes to full length of the field; e.g. in
case of (EC)DSA-256 (i.e. length of the q module is
256 bits) the signature BLOB must have two
fixed-size fields: 32 + 32 bytes, for R and S
components respectively, i.e. total BLOB size is 64
bytes)
context an optional user supplied "context" (its support
depends from concrete algorithm)
Return value: ara::core::Result< bool > true if the signature was verified successfully and
false otherwise
Exception Safety: noexcept
Thread Safety: Thread-safe
Errors: CryptoErrc::kUninitializedContext if the context was not initialized by a key value
CryptoErrc::kInvalidInputSize if the context argument has unsupported size
Header file: #include "ara/crypto/cryp/verifier_public_ctx.h"
Description: Verify signature BLOB by a directly provided hash or message value. This method can be used
for implementation of the "multiple passes" signature algorithms that process a message
directly, i.e. without "pre-hashing" (like Ed25519ctx). But also this method is suitable for
implementation of the traditional signature schemes with pre-hashing (like Ed25519ph,
Ed448ph, ECDSA). If the target algorithm doesn’t support the context argument then the empty
(default) value must be supplied! The user supplied context may be used for such algorithms
as: Ed25519ctx, Ed25519ph, Ed448ph.

c(RS_CRYPTO_02204)
[SWS_CRYPT_24113]{DRAFT} d
Kind: function
Symbol: VerifyPrehashed(const HashFunctionCtx &hashFn, const Signature &signature, ReadOnlyMem
Region context=ReadOnlyMemRegion())
Scope: class ara::crypto::cryp::VerifierPublicCtx
Syntax: virtual ara::core::Result<bool> ara::crypto::cryp::VerifierPublic
Ctx::VerifyPrehashed (const HashFunctionCtx &hashFn, const Signature
&signature, ReadOnlyMemRegion context=ReadOnlyMemRegion()) const
noexcept=0;
Parameters (in): hashFn hash function to be used for hashing
signature the signature object for the verification
context an optional user supplied "context" (its support
depends from concrete algorithm)
5

227 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

4
Return value: ara::core::Result< bool > true if the signature was verified successfully and
false otherwise
Exception Safety: noexcept
Thread Safety: Thread-safe
Errors: CryptoErrc::kIncompatibleObject if the CryptoAlgId of this context does not match the
CryptoAlgId of signature; or the required CryptoAlg
Id of the hash is not kAlgIdDefault and the required
hash CryptoAlgId of this context does not match
hashAlgId or the hash CryptoAlgId of signature
CryptoErrc::kIncompatibleArguments if the provided hashAlgId is not kAlgIdDefault and
the CryptoAlgId of the provided signature object
does not match the provided hashAlgId
CryptoErrc::kBadObjectReference if the provided signature object does not reference
the public key loaded to the context, i.e. if the
COUID of the public key in the context is not equal
to the COUID referenced from the signature object.
CryptoErrc::kInvalidInputSize if the size of the supplied context or hashValue is
incompatible with the configured signature
algorithm.
Header file: #include "ara/crypto/cryp/verifier_public_ctx.h"
Description: Verify signature by a digest value stored in the hash-function context. This is a pass-through
interface to SWS_CRYPT_24112 for developer convenience, i.e. it adds additional input checks
amd then calls the default verify() interface.

c(RS_CRYPTO_02204)
[SWS_CRYPT_24114]{DRAFT} d
Kind: function
Symbol: VerifyPrehashed(const HashFunctionCtx &hashFn, ReadOnlyMemRegion signature, ReadOnly
MemRegion context=ReadOnlyMemRegion())
Scope: class ara::crypto::cryp::VerifierPublicCtx
Syntax: virtual ara::core::Result<bool> ara::crypto::cryp::VerifierPublic
Ctx::VerifyPrehashed (const HashFunctionCtx &hashFn, ReadOnlyMemRegion
signature, ReadOnlyMemRegion context=ReadOnlyMemRegion()) const
noexcept=0;
Parameters (in): hashFn hash function to be used for hashing
signature the data BLOB to be verified
context an optional user supplied "context" (its support
depends from concrete algorithm)
Return value: ara::core::Result< bool > true if the signature was verified successfully and
false otherwise
Exception Safety: noexcept
Thread Safety: Thread-safe
Errors: CryptoErrc::kProcessingNotFinished if the method hashFn.Finish() was not called before
this method call
CryptoErrc::kInvalidArgument if the CryptoAlgId of hashFn differs from the Crypto
AlgId of this context
CryptoErrc::kInvalidInputSize if the size of the supplied context or signature is
incompatible with the configured signature
algorithm.
Header file: #include "ara/crypto/cryp/verifier_public_ctx.h"
5

228 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

4
Description: Verify signature by a digest value stored in the hash-function context. This is a pass-through
interface to SWS_CRYPT_24112 for developer convenience, i.e. it adds additional input checks
amd then calls the default verify() interface.

c(RS_CRYPTO_02204)
[SWS_CRYPT_24101]{DRAFT} d
Kind: type alias
Symbol: Uptr
Scope: class ara::crypto::cryp::VerifierPublicCtx
Derived from: std::unique_ptr<VerifierPublicCtx>
Syntax: using ara::crypto::cryp::VerifierPublicCtx::Uptr = std::unique_
ptr<VerifierPublicCtx>;
Header file: #include "ara/crypto/cryp/verifier_public_ctx.h"
Description: Unique smart pointer of the interface.

c(RS_CRYPTO_02204)
[SWS_CRYPT_20101]{DRAFT} d
Kind: type alias
Symbol: Uptr
Scope: class ara::crypto::cryp::AuthCipherCtx
Derived from: std::unique_ptr<AuthCipherCtx>
Syntax: using ara::crypto::cryp::AuthCipherCtx::Uptr = std::unique_ptr<Auth
CipherCtx>;
Header file: #include "ara/crypto/cryp/auth_cipher_ctx.h"
Description: Unique smart pointer of the interface.

c(RS_CRYPTO_02207)
[SWS_CRYPT_24802]{DRAFT} d
Kind: type alias
Symbol: Uptrc
Scope: class ara::crypto::cryp::RestrictedUseObject
Derived from: std::unique_ptr<const RestrictedUseObject>
Syntax: using ara::crypto::cryp::RestrictedUseObject::Uptrc = std::unique_
ptr<const RestrictedUseObject>;
Header file: #include "ara/crypto/cryp/cryobj/restricted_use_object.h"
Description: Unique smart pointer of the interface.

c(RS_CRYPTO_02403)

229 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

[SWS_CRYPT_29031]{DRAFT} d
Kind: type alias
Symbol: Uptr
Scope: class ara::crypto::cryp::BlockService
Derived from: std::unique_ptr<BlockService>
Syntax: using ara::crypto::cryp::BlockService::Uptr = std::unique_ptr<Block
Service>;
Header file: #include "ara/crypto/cryp/block_service.h"
Description: Unique smart pointer of the interface.

c(RS_CRYPTO_02309)
[SWS_CRYPT_20402]{DRAFT} d
Kind: type alias
Symbol: AlgId
Scope: class ara::crypto::cryp::CryptoContext
Derived from: CryptoAlgId
Syntax: using ara::crypto::cryp::CryptoContext::AlgId = CryptoAlgId;
Header file: #include "ara/crypto/cryp/crypto_context.h"
Description: Type definition of vendor specific binary Crypto Primitive ID.

c(RS_CRYPTO_02008)
[SWS_CRYPT_20504]{DRAFT} d
Kind: struct
Symbol: COIdentifier
Scope: class ara::crypto::cryp::CryptoObject
Syntax: struct ara::crypto::cryp::CryptoObject::COIdentifier {...};
Header file: #include "ara/crypto/cryp/cryobj/crypto_object.h"
Description: Unique identifier of this CryptoObject.

c(RS_CRYPTO_02005)
[SWS_CRYPT_20502]{DRAFT} d
Kind: type alias
Symbol: Uptrc
Scope: class ara::crypto::cryp::CryptoObject
Derived from: std::unique_ptr<const CryptoObject>
Syntax: using ara::crypto::cryp::CryptoObject::Uptrc = std::unique_ptr<const
CryptoObject>;
Header file: #include "ara/crypto/cryp/cryobj/crypto_object.h"
Description: Unique smart pointer of the constant interface.

c(RS_CRYPTO_02005)

230 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

[SWS_CRYPT_20501]{DRAFT} d
Kind: type alias
Symbol: Uptr
Scope: class ara::crypto::cryp::CryptoObject
Derived from: std::unique_ptr<CryptoObject>
Syntax: using ara::crypto::cryp::CryptoObject::Uptr = std::unique_ptr<Crypto
Object>;
Header file: #include "ara/crypto/cryp/cryobj/crypto_object.h"
Description: Unique smart pointer of the interface.

c(RS_CRYPTO_02005)
[SWS_CRYPT_20641]{DRAFT} d
Kind: type alias
Symbol: AlgId
Scope: class ara::crypto::cryp::CryptoPrimitiveId
Derived from: CryptoAlgId
Syntax: using ara::crypto::cryp::CryptoPrimitiveId::AlgId = CryptoAlgId;
Header file: #include "ara/crypto/cryp/cryobj/crypto_primitive_id.h"
Description: Type definition of vendor specific binary Crypto Primitive ID.

c(RS_CRYPTO_02005)
[SWS_CRYPT_20644]{DRAFT} d
Kind: type alias
Symbol: Uptrc
Scope: class ara::crypto::cryp::CryptoPrimitiveId
Derived from: std::unique_ptr<const CryptoPrimitiveId>
Syntax: using ara::crypto::cryp::CryptoPrimitiveId::Uptrc = std::unique_
ptr<const CryptoPrimitiveId>;
Header file: #include "ara/crypto/cryp/cryobj/crypto_primitive_id.h"
Description: type definition pointer

c(RS_CRYPTO_02005)
[SWS_CRYPT_20643]{DRAFT} d
Kind: type alias
Symbol: Uptr
Scope: class ara::crypto::cryp::CryptoPrimitiveId
Derived from: std::unique_ptr<CryptoPrimitiveId>
Syntax: using ara::crypto::cryp::CryptoPrimitiveId::Uptr = std::unique_
ptr<CryptoPrimitiveId>;
Header file: #include "ara/crypto/cryp/cryobj/crypto_primitive_id.h"
Description: type definition pointer to const

c(RS_CRYPTO_02005)

231 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

[SWS_CRYPT_20703]{DRAFT} d
Kind: type alias
Symbol: AlgId
Scope: class ara::crypto::cryp::CryptoProvider
Derived from: CryptoPrimitiveId::AlgId
Syntax: using ara::crypto::cryp::CryptoProvider::AlgId = CryptoPrimitive
Id::AlgId;
Header file: #include "ara/crypto/cryp/crypto_provider.h"
Description: A short alias for Algorithm ID type definition.

c(RS_CRYPTO_02005, RS_CRYPTO_02006)
[SWS_CRYPT_20701]{DRAFT} d
Kind: type alias
Symbol: Uptr
Scope: class ara::crypto::cryp::CryptoProvider
Derived from: std::unique_ptr<CryptoProvider>
Syntax: using ara::crypto::cryp::CryptoProvider::Uptr = std::unique_ptr<Crypto
Provider>;
Header file: #include "ara/crypto/cryp/crypto_provider.h"
Description: Shared smart pointer of the interface.

c(RS_CRYPTO_02109)
[SWS_CRYPT_29024]{DRAFT} d
Kind: type alias
Symbol: Uptr
Scope: class ara::crypto::cryp::CryptoService
Derived from: std::unique_ptr<CryptoService>
Syntax: using ara::crypto::cryp::CryptoService::Uptr = std::unique_ptr<Crypto
Service>;
Header file: #include "ara/crypto/cryp/crypto_service.h"
Description: Unique smart pointer of the interface.

c(RS_CRYPTO_02309)
[SWS_CRYPT_20801]{DRAFT} d
Kind: type alias
Symbol: Uptr
Scope: class ara::crypto::cryp::DecryptorPrivateCtx
Derived from: std::unique_ptr<DecryptorPrivateCtx>
Syntax: using ara::crypto::cryp::DecryptorPrivateCtx::Uptr = std::unique_
ptr<DecryptorPrivateCtx>;
Header file: #include "ara/crypto/cryp/decryptor_private_ctx.h"
Description: Unique smart pointer of the interface.

c(RS_CRYPTO_02202)

232 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

[SWS_CRYPT_29011]{DRAFT} d
Kind: type alias
Symbol: Uptr
Scope: class ara::crypto::cryp::DigestService
Derived from: std::unique_ptr<DigestService>
Syntax: using ara::crypto::cryp::DigestService::Uptr = std::unique_ptr<Digest
Service>;
Header file: #include "ara/crypto/cryp/digest_service.h"
Description: Unique smart pointer of the interface.

c(RS_CRYPTO_02309)
[SWS_CRYPT_21001]{DRAFT} d
Kind: type alias
Symbol: Uptr
Scope: class ara::crypto::cryp::EncryptorPublicCtx
Derived from: std::unique_ptr<EncryptorPublicCtx>
Syntax: using ara::crypto::cryp::EncryptorPublicCtx::Uptr = std::unique_
ptr<EncryptorPublicCtx>;
Header file: #include "ara/crypto/cryp/encryptor_public_ctx.h"
Description: Unique smart pointer of the interface.

c(RS_CRYPTO_02202)
[SWS_CRYPT_29042]{DRAFT} d
Kind: type alias
Symbol: Uptr
Scope: class ara::crypto::cryp::ExtensionService
Derived from: std::unique_ptr<ExtensionService>
Syntax: using ara::crypto::cryp::ExtensionService::Uptr = std::unique_
ptr<ExtensionService>;
Header file: #include "ara/crypto/cryp/extension_service.h"
Description: Unique smart pointer of the interface.

c(RS_CRYPTO_02309)
[SWS_CRYPT_21101]{DRAFT} d
Kind: type alias
Symbol: Uptr
Scope: class ara::crypto::cryp::HashFunctionCtx
Derived from: std::unique_ptr<HashFunctionCtx>
Syntax: using ara::crypto::cryp::HashFunctionCtx::Uptr = std::unique_ptr<Hash
FunctionCtx>;
Header file: #include "ara/crypto/cryp/hash_function_ctx.h"
Description: Unique smart pointer of the interface.

c(RS_CRYPTO_02205)

233 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

[SWS_CRYPT_21301]{DRAFT} d
Kind: type alias
Symbol: Uptr
Scope: class ara::crypto::cryp::KeyAgreementPrivateCtx
Derived from: std::unique_ptr<KeyAgreementPrivateCtx>
Syntax: using ara::crypto::cryp::KeyAgreementPrivateCtx::Uptr = std::unique_
ptr<KeyAgreementPrivateCtx>;
Header file: #include "ara/crypto/cryp/key_agreement_private_ctx.h"
Description: Unique smart pointer of this interface.

c(RS_CRYPTO_02104)
[SWS_CRYPT_21401]{DRAFT} d
Kind: type alias
Symbol: Uptr
Scope: class ara::crypto::cryp::KeyDecapsulatorPrivateCtx
Derived from: std::unique_ptr<KeyDecapsulatorPrivateCtx>
Syntax: using ara::crypto::cryp::KeyDecapsulatorPrivateCtx::Uptr =
std::unique_ptr<KeyDecapsulatorPrivateCtx>;
Header file: #include "ara/crypto/cryp/key_decapsulator_private_ctx.h"
Description: Unique smart pointer of the interface.

c(RS_CRYPTO_02104)
[SWS_CRYPT_21501]{DRAFT} d
Kind: type alias
Symbol: Uptr
Scope: class ara::crypto::cryp::KeyDerivationFunctionCtx
Derived from: std::unique_ptr<KeyDerivationFunctionCtx>
Syntax: using ara::crypto::cryp::KeyDerivationFunctionCtx::Uptr = std::unique_
ptr<KeyDerivationFunctionCtx>;
Header file: #include "ara/crypto/cryp/key_derivation_function_ctx.h"
Description: Unique smart pointer of the interface.

c(RS_CRYPTO_02103)
[SWS_CRYPT_21801]{DRAFT} d
Kind: type alias
Symbol: Uptr
Scope: class ara::crypto::cryp::KeyEncapsulatorPublicCtx
Derived from: std::unique_ptr<KeyEncapsulatorPublicCtx>
Syntax: using ara::crypto::cryp::KeyEncapsulatorPublicCtx::Uptr = std::unique_
ptr<KeyEncapsulatorPublicCtx>;
Header file: #include "ara/crypto/cryp/key_encapsulator_public_ctx.h"
Description: Unique smart pointer of the interface.

c(RS_CRYPTO_02209)

234 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

[SWS_CRYPT_22101]{DRAFT} d
Kind: type alias
Symbol: Uptr
Scope: class ara::crypto::cryp::MessageAuthnCodeCtx
Derived from: std::unique_ptr<MessageAuthnCodeCtx>
Syntax: using ara::crypto::cryp::MessageAuthnCodeCtx::Uptr = std::unique_
ptr<MessageAuthnCodeCtx>;
Header file: #include "ara/crypto/cryp/message_authn_code_ctx.h"
Description: Unique smart pointer of the interface.

c(RS_CRYPTO_02203)
[SWS_CRYPT_22201]{DRAFT} d
Kind: type alias
Symbol: Uptr
Scope: class ara::crypto::cryp::MsgRecoveryPublicCtx
Derived from: std::unique_ptr<MsgRecoveryPublicCtx>
Syntax: using ara::crypto::cryp::MsgRecoveryPublicCtx::Uptr = std::unique_
ptr<MsgRecoveryPublicCtx>;
Header file: #include "ara/crypto/cryp/msg_recovery_public_ctx.h"
Description: Unique smart pointer of the interface.

c(RS_CRYPTO_02204)
[SWS_CRYPT_22501]{DRAFT} d
Kind: type alias
Symbol: Uptrc
Scope: class ara::crypto::cryp::PrivateKey
Derived from: std::unique_ptr<const PrivateKey>
Syntax: using ara::crypto::cryp::PrivateKey::Uptrc = std::unique_ptr<const
PrivateKey>;
Header file: #include "ara/crypto/cryp/cryobj/private_key.h"
Description: Unique smart pointer of the interface.

c(RS_CRYPTO_02306)
[SWS_CRYPT_22701]{DRAFT} d
Kind: type alias
Symbol: Uptrc
Scope: class ara::crypto::cryp::PublicKey
Derived from: std::unique_ptr<const PublicKey>
Syntax: using ara::crypto::cryp::PublicKey::Uptrc = std::unique_ptr<const
PublicKey>;
Header file: #include "ara/crypto/cryp/cryobj/public_key.h"
Description: Unique smart pointer of the interface.

c(RS_CRYPTO_02202)

235 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

[SWS_CRYPT_22901]{DRAFT} d
Kind: type alias
Symbol: Uptr
Scope: class ara::crypto::cryp::RandomGeneratorCtx
Derived from: std::unique_ptr<RandomGeneratorCtx>
Syntax: using ara::crypto::cryp::RandomGeneratorCtx::Uptr = std::unique_
ptr<RandomGeneratorCtx>;
Header file: #include "ara/crypto/cryp/random_generator_ctx.h"
Description: Shared smart pointer of the interface.

c(RS_CRYPTO_02206)
[SWS_CRYPT_24801]{DRAFT} d
Kind: type alias
Symbol: Usage
Scope: class ara::crypto::cryp::RestrictedUseObject
Derived from: AllowedUsageFlags
Syntax: using ara::crypto::cryp::RestrictedUseObject::Usage = AllowedUsage
Flags;
Header file: #include "ara/crypto/cryp/cryobj/restricted_use_object.h"
Description: Alias to the container type for bit-flags of allowed usages of the object.

c(RS_CRYPTO_02008)
[SWS_CRYPT_23001]{DRAFT} d
Kind: type alias
Symbol: Uptrc
Scope: class ara::crypto::cryp::SecretSeed
Derived from: std::unique_ptr<const SecretSeed>
Syntax: using ara::crypto::cryp::SecretSeed::Uptrc = std::unique_ptr<const
SecretSeed>;
Header file: #include "ara/crypto/cryp/cryobj/secret_seed.h"
Description: Unique smart pointer of a constant interface instance.

c(RS_CRYPTO_02007)
[SWS_CRYPT_23002]{DRAFT} d
Kind: type alias
Symbol: Uptr
Scope: class ara::crypto::cryp::SecretSeed
Derived from: std::unique_ptr<SecretSeed>
Syntax: using ara::crypto::cryp::SecretSeed::Uptr = std::unique_ptr<Secret
Seed>;
Header file: #include "ara/crypto/cryp/cryobj/secret_seed.h"
Description: Unique smart pointer of a volatile interface instance.

c(RS_CRYPTO_02007)

236 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

[SWS_CRYPT_23201]{DRAFT} d
Kind: type alias
Symbol: Uptr
Scope: class ara::crypto::cryp::SigEncodePrivateCtx
Derived from: std::unique_ptr<SigEncodePrivateCtx>
Syntax: using ara::crypto::cryp::SigEncodePrivateCtx::Uptr = std::unique_
ptr<SigEncodePrivateCtx>;
Header file: #include "ara/crypto/cryp/sig_encode_private_ctx.h"
Description: Unique smart pointer of the interface.

c(RS_CRYPTO_02204, RS_CRYPTO_02202)
[SWS_CRYPT_29001]{DRAFT} d
Kind: type alias
Symbol: Uptr
Scope: class ara::crypto::cryp::SignatureService
Derived from: std::unique_ptr<SignatureService>
Syntax: using ara::crypto::cryp::SignatureService::Uptr = std::unique_
ptr<SignatureService>;
Header file: #include "ara/crypto/cryp/signature_service.h"
Description: Unique smart pointer of the interface.

c(RS_CRYPTO_02309)
[SWS_CRYPT_23301]{DRAFT} d
Kind: type alias
Symbol: Uptrc
Scope: class ara::crypto::cryp::Signature
Derived from: std::unique_ptr<const Signature>
Syntax: using ara::crypto::cryp::Signature::Uptrc = std::unique_ptr<const
Signature>;
Header file: #include "ara/crypto/cryp/cryobj/signature.h"
Description: Unique smart pointer of the interface.

c(RS_CRYPTO_02204, RS_CRYPTO_02203, RS_CRYPTO_02205)

[SWS_CRYPT_23501]{DRAFT} d
Kind: type alias
Symbol: Uptr
Scope: class ara::crypto::cryp::SignerPrivateCtx
Derived from: std::unique_ptr<SignerPrivateCtx>
Syntax: using ara::crypto::cryp::SignerPrivateCtx::Uptr = std::unique_
ptr<SignerPrivateCtx>;
Header file: #include "ara/crypto/cryp/signer_private_ctx.h"
Description: Unique smart pointer of the interface.

c(RS_CRYPTO_02204)

237 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

[SWS_CRYPT_23601]{DRAFT} d
Kind: type alias
Symbol: Uptr
Scope: class ara::crypto::cryp::StreamCipherCtx
Derived from: std::unique_ptr<StreamCipherCtx>
Syntax: using ara::crypto::cryp::StreamCipherCtx::Uptr = std::unique_
ptr<StreamCipherCtx>;
Header file: #include "ara/crypto/cryp/stream_cipher_ctx.h"
Description: Unique smart pointer of the interface.

c(RS_CRYPTO_02201)
[SWS_CRYPT_23701]{DRAFT} d
Kind: type alias
Symbol: Uptr
Scope: class ara::crypto::cryp::SymmetricBlockCipherCtx
Derived from: std::unique_ptr<SymmetricBlockCipherCtx>
Syntax: using ara::crypto::cryp::SymmetricBlockCipherCtx::Uptr = std::unique_
ptr<SymmetricBlockCipherCtx>;
Header file: #include "ara/crypto/cryp/symmetric_block_cipher_ctx.h"
Description: Unique smart pointer of the interface.

c(RS_CRYPTO_02201)
[SWS_CRYPT_23801]{DRAFT} d
Kind: type alias
Symbol: Uptrc
Scope: class ara::crypto::cryp::SymmetricKey
Derived from: std::unique_ptr<const SymmetricKey>
Syntax: using ara::crypto::cryp::SymmetricKey::Uptrc = std::unique_ptr<const
SymmetricKey>;
Header file: #include "ara/crypto/cryp/cryobj/symmetric_key.h"
Description: Unique smart pointer of the interface.

c(RS_CRYPTO_02201)
[SWS_CRYPT_24001]{DRAFT} d
Kind: type alias
Symbol: Uptr
Scope: class ara::crypto::cryp::SymmetricKeyWrapperCtx
Derived from: std::unique_ptr<SymmetricKeyWrapperCtx>
Syntax: using ara::crypto::cryp::SymmetricKeyWrapperCtx::Uptr = std::unique_
ptr<SymmetricKeyWrapperCtx>;
Header file: #include "ara/crypto/cryp/symmetric_key_wrapper_ctx.h"
Description: Unique smart pointer of the interface.

c(RS_CRYPTO_02201)

238 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

[SWS_CRYPT_20506]{DRAFT} d
Kind: variable
Symbol: mCOType
Scope: struct ara::crypto::cryp::CryptoObject::COIdentifier
Type: CryptoObjectType
Syntax: CryptoObjectType ara::crypto::cryp::CryptoObject::COIdentifier::m
COType;
Header file: #include "ara/crypto/cryp/cryobj/crypto_object.h"
Description: type of objext

c(RS_CRYPTO_02005)
[SWS_CRYPT_20507]{DRAFT} d
Kind: variable
Symbol: mCouid
Scope: struct ara::crypto::cryp::CryptoObject::COIdentifier
Type: CryptoObjectUid
Syntax: CryptoObjectUid ara::crypto::cryp::CryptoObject::COIdentifier::mCouid;
Header file: #include "ara/crypto/cryp/cryobj/crypto_object.h"
Description: object identifier

c(RS_CRYPTO_02005)
[SWS_CRYPT_22503]{DRAFT} d
Kind: variable
Symbol: kObjectType
Scope: class ara::crypto::cryp::PrivateKey
Type: const CryptoObjectType
Syntax: static const CryptoObjectType ara::crypto::cryp::PrivateKey::kObject
Type = CryptoObjectType::kPrivateKey;
Header file: #include "ara/crypto/cryp/cryobj/private_key.h"
Description: Static mapping of this interface to specific value of CryptoObjectType enumeration.

c(RS_CRYPTO_02306)
[SWS_CRYPT_22702]{DRAFT} d
Kind: variable
Symbol: kObjectType
Scope: class ara::crypto::cryp::PublicKey
Type: const CryptoObjectType
Syntax: static const CryptoObjectType ara::crypto::cryp::PublicKey::kObject
Type = CryptoObjectType::kPublicKey;
Header file: #include "ara/crypto/cryp/cryobj/public_key.h"
Description: const object type

c(RS_CRYPTO_02202)

239 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

[SWS_CRYPT_23003]{DRAFT} d
Kind: variable
Symbol: kObjectType
Scope: class ara::crypto::cryp::SecretSeed
Type: const CryptoObjectType
Syntax: static const CryptoObjectType ara::crypto::cryp::SecretSeed::kObject
Type = CryptoObjectType::kSecretSeed;
Header file: #include "ara/crypto/cryp/cryobj/secret_seed.h"
Description: Static mapping of this interface to specific value of CryptoObjectType enumeration.

c(RS_CRYPTO_02007)
[SWS_CRYPT_23302]{DRAFT} d
Kind: variable
Symbol: kObjectType
Scope: class ara::crypto::cryp::Signature
Type: const CryptoObjectType
Syntax: static const CryptoObjectType ara::crypto::cryp::Signature::kObject
Type = CryptoObjectType::kSignature;
Header file: #include "ara/crypto/cryp/cryobj/signature.h"
Description: Signature object initialized.

c(RS_CRYPTO_02204, RS_CRYPTO_02203, RS_CRYPTO_02205)

[SWS_CRYPT_23802]{DRAFT} d
Kind: variable
Symbol: kObjectType
Scope: class ara::crypto::cryp::SymmetricKey
Type: const CryptoObjectType
Syntax: static const CryptoObjectType ara::crypto::cryp::SymmetricKey::kObject
Type = CryptoObjectType::kSymmetricKey;
Header file: #include "ara/crypto/cryp/cryobj/symmetric_key.h"
Description: const object type

c(RS_CRYPTO_02201)
[SWS_CRYPT_10101]{DRAFT} d
Kind: variable
Symbol: mGeneratorUid
Scope: struct ara::crypto::CryptoObjectUid
Type: Uuid
Syntax: Uuid ara::crypto::CryptoObjectUid::mGeneratorUid;
Header file: #include "ara/crypto/common/crypto_object_uid.h"
Description: UUID of a generator that has produced this COUID. This UUID can be associated with HSM,
physical host/ECU or VM.

c(RS_CRYPTO_02006)

240 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

8.2 C++ language binding Key Storage Provider

[SWS_CRYPT_30400]{DRAFT} d
Kind: class
Symbol: KeySlot
Scope: namespace ara::crypto::keys
Syntax: class ara::crypto::keys::KeySlot {...};
Header file: #include "ara/crypto/keys/keyslot.h"
Description: Key slot port-prototype interface. This class enables access to a physicl key-slot.

c(RS_CRYPTO_02405)
[SWS_CRYPT_30100]{DRAFT} d
Kind: class
Symbol: KeyStorageProvider
Scope: namespace ara::crypto::keys
Syntax: class ara::crypto::keys::KeyStorageProvider {...};
Header file: #include "ara/crypto/keys/key_storage_provider.h"
Description: Key Storage Provider interface. Any object is uniquely identified by the combination of its UUID
and type. HSMs/TPMs implementing the concept of "non-extractable keys" should use own
copies of externally supplied crypto objects. A few software Crypto Providers can share single
key slot if they support same format.

c(RS_CRYPTO_02109, RS_CRYPTO_02305, RS_CRYPTO_02401)

[SWS_CRYPT_30200]{DRAFT} d
Kind: class
Symbol: UpdatesObserver
Scope: namespace ara::crypto::keys
Syntax: class ara::crypto::keys::UpdatesObserver {...};
Header file: #include "ara/crypto/keys/updates_observer.h"
Description: Definition of an "updates observer" interface.
The "updates observer" interface should be implemented by a consumer application, if a
software developer would like to get notifications about the slots’ content update events.

c(RS_CRYPTO_02004)
[SWS_CRYPT_30405]{DRAFT} d
Kind: function
Symbol: Clear()
Scope: class ara::crypto::keys::KeySlot
Syntax: virtual ara::core::Result<void> ara::crypto::keys::KeySlot::Clear ()
noexcept=0;
Return value: ara::core::Result< void > –
Exception Safety: noexcept
Thread Safety: Thread-safe
5

241 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

4
Errors: CryptoErrorDomain::kUnreserved if the target slot is not opened writeable.
Resource
Header file: #include "ara/crypto/keys/keyslot.h"
Description: Clear the content of this key-slot. This method must perform a secure cleanup without the
ability to restore the object data! This method may be used for atomic update of a key slot
scoped to some transaction. In such case the the slot will be updated only after correspondent
call of CommitTransaction().

c(RS_CRYPTO_02009)
[SWS_CRYPT_30510]{DRAFT} d
Kind: function
Symbol: KeySlotContentProps()
Scope: struct ara::crypto::keys::KeySlotContentProps
Syntax: ara::crypto::keys::KeySlotContentProps::KeySlotContentProps
()=default;
Header file: #include "ara/crypto/keys/key_slot_content_props.h"
Description: set content properties

c(RS_CRYPTO_02111)
[SWS_CRYPT_30401]{DRAFT} d
Kind: function
Symbol: ~KeySlot()
Scope: class ara::crypto::keys::KeySlot
Syntax: virtual ara::crypto::keys::KeySlot::~KeySlot () noexcept=default;
Exception Safety: noexcept
Header file: #include "ara/crypto/keys/keyslot.h"
Description: Destructor.

c(RS_CRYPTO_02405)
[SWS_CRYPT_30408]{DRAFT} d
Kind: function
Symbol: GetContentProps()
Scope: class ara::crypto::keys::KeySlot
Syntax: virtual ara::core::Result<KeySlotContentProps> ara::crypto::keys::Key
Slot::GetContentProps () const noexcept=0;
Return value: ara::core::Result< KeySlotContent –
Props >
Exception Safety: noexcept
Thread Safety: Thread-safe
Errors: CryptoErrorDomain::kEmptyContainer if the slot is empty
CryptoErrorDomain::kAccessViolation if this method is called by an Actor, which has no
any ("Owner" or "User") access rights to the key slot
Header file: #include "ara/crypto/keys/keyslot.h"
Description: Get an actual properties of a content in the key slot. If this method called by a "User" Actor then
always: props.exportability == false.

242 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

c(RS_CRYPTO_02004)
[SWS_CRYPT_30403]{DRAFT} d
Kind: function
Symbol: MyProvider()
Scope: class ara::crypto::keys::KeySlot
Syntax: virtual ara::core::Result<cryp::CryptoProvider::Uptr>
ara::crypto::keys::KeySlot::MyProvider () const noexcept=0;
Return value: ara::core::Result< cryp::Crypto a unique_pointer to the CryptoProvider to be used
Provider::Uptr > with this KeySlot
Exception Safety: noexcept
Thread Safety: Thread-safe
Header file: #include "ara/crypto/keys/keyslot.h"
Description: Retrieve an instance of the CryptoProvider that owns this KeySlot. Any key slot always has an
associated default Crypto Provider that can serve this key slot. In the simplest case all key slots
can be served by a single Crypto Provider installed on the Adaptive Platform. But in a more
complicated case a few different Crypto Providers may coexist in the system, for example if
ECU has one or a few HSMs and software cryptography implementation too, and each of them
has own physical key storage. In such case different dedicated Crypto Providers may serve
mentioned HSMs and the software implementation. .

c(RS_CRYPTO_02401)
[SWS_CRYPT_30407]{DRAFT} d
Kind: function
Symbol: GetPrototypedProps()
Scope: class ara::crypto::keys::KeySlot
Syntax: virtual ara::core::Result<KeySlotPrototypeProps>
ara::crypto::keys::KeySlot::GetPrototypedProps () const noexcept=0;
Return value: ara::core::Result< KeySlotPrototype –
Props >
Exception Safety: noexcept
Thread Safety: Thread-safe
Header file: #include "ara/crypto/keys/keyslot.h"
Description: Get the prototyped properties of the key slot.

c(RS_CRYPTO_02110)
[SWS_CRYPT_30404]{DRAFT} d
Kind: function
Symbol: IsEmpty()
Scope: class ara::crypto::keys::KeySlot
Syntax: virtual bool ara::crypto::keys::KeySlot::IsEmpty () const noexcept=0;
Return value: bool true if the slot is empty or false otherwise
Exception Safety: noexcept
Thread Safety: Thread-safe
Header file: #include "ara/crypto/keys/keyslot.h"
Description: Check the slot for emptiness.

c(RS_CRYPTO_02004)

243 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

[SWS_CRYPT_30409]{DRAFT} d
Kind: function
Symbol: Open(bool subscribeForUpdates=false, bool writeable=false)
Scope: class ara::crypto::keys::KeySlot
Syntax: virtual ara::core::Result<IOInterface::Uptr> ara::crypto::keys::Key
Slot::Open (bool subscribeForUpdates=false, bool writeable=false)
const noexcept=0;
Parameters (in): subscribeForUpdates if this flag is true then the UpdatesObserver instance
(previously registered by a call of the method
RegisterObserver()) will be subscribed for updates
of the opened key slot
writeable indicates whether the key-slot shall be opened
read-only (default) or with write access
Return value: ara::core::Result< IOInterface::Uptr > an unique smart pointer to the IOInterface
associated with the slot content
Exception Safety: noexcept
Thread Safety: Thread-safe
Errors: CryptoErrorDomain::kInvalidUsage if (true == subscribeForUpdates), but there is no
Order registered instance of the UpdatesObserver in the
Key Storage Provider context
CryptoErrorDomain::kBusyResource if the specified slot is busy because writeable ==
true but (a) the keyslot is already opened writable,
and/or (b) the keyslot is in scope of another ongoing
transaction
CryptoErrorDomain::kModified if the specified slot has been modified after the Key
Resource Slot has been opened
Header file: #include "ara/crypto/keys/keyslot.h"
Description: Open this key slot and return an IOInterface to its content. If the UpdatesObserver interface
was provided to the call of RegisterObserver() then the UpdatesObserver::OnUpdate() method
should be called by Key Storage engine (in a dedicated thread) every time when this slot is
updated (and become visible for "Users"). Monitoring of the opened key slot will be continued
even after destruction of the returned TrustedContainer, because content of the slot may be
loaded to volatile memory (as a CryptoObject or to a CryptoContext of a crypto primitive), but
the TrustedContainer may be destroyed after this. Therefore if you need to terminate monitoring
of the key slot then you should directly call method UnsubscribeObserver(SlotNumber).

c(RS_CRYPTO_02004)
[SWS_CRYPT_30301]{DRAFT} d
Kind: function
Symbol: KeySlotPrototypeProps()
Scope: struct ara::crypto::keys::KeySlotPrototypeProps
Syntax: ara::crypto::keys::KeySlotPrototypeProps::KeySlotPrototypeProps
()=default;
Header file: #include "ara/crypto/keys/key_slot_prototype_props.h"

c(RS_CRYPTO_02110)

244 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

[SWS_CRYPT_30406]{DRAFT} d
Kind: function
Symbol: SaveCopy(const IOInterface &container)
Scope: class ara::crypto::keys::KeySlot
Syntax: virtual ara::core::Result<void> ara::crypto::keys::KeySlot::SaveCopy
(const IOInterface &container) noexcept=0;
Parameters (in): container the source IOInterface
Return value: ara::core::Result< void > true if successfully saved
Exception Safety: noexcept
Thread Safety: Thread-safe
Errors: CryptoErrorDomain::kIncompatible if the source object has property "session" or if the
Object source IOInterface references a KeySlot from a
different CryptoProvider
CryptoErrorDomain::kEmptyContainer if the source IOInterface is empty
CryptoErrorDomain::kContent if the source object doesn’t satisfy the slot
Restrictions restrictions (including version control)
CryptoErrorDomain::kUnreserved if the target slot is not opened writeable.
Resource
Header file: #include "ara/crypto/keys/keyslot.h"
Description: Save the content of a provided source IOInterface to this key-slot. The source container may
represent a volatile trusted container or another KeySlot This method may be used for atomic
update of a key slot scoped to some transaction. In such case the the slot will be updated only
after correspondent call of CommitTransaction().

c(RS_CRYPTO_02004)
[SWS_CRYPT_30220]{DRAFT} d
Kind: function
Symbol: operator=(const KeySlot &other)
Scope: class ara::crypto::keys::KeySlot
Syntax: KeySlot& ara::crypto::keys::KeySlot::operator= (const KeySlot
&other)=default;
Parameters (in): other the other instance
Return value: KeySlot & *this, containing the contents of other
Header file: #include "ara/crypto/keys/keyslot.h"
Description: Copy-assign another KeySlot to this instance.

c(RS_CRYPTO_02004)
[SWS_CRYPT_30221]{DRAFT} d
Kind: function
Symbol: operator=(KeySlot &&other)
Scope: class ara::crypto::keys::KeySlot
Syntax: KeySlot& ara::crypto::keys::KeySlot::operator= (KeySlot
&&other)=default;
Parameters (in): other the other instance
Return value: KeySlot & *this, containing the contents of other
Header file: #include "ara/crypto/keys/keyslot.h"
Description: Move-assign another KeySlot to this instance.

245 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

c(RS_CRYPTO_02004)
[SWS_CRYPT_30123]{DRAFT} d
Kind: function
Symbol: BeginTransaction(const TransactionScope &targetSlots)
Scope: class ara::crypto::keys::KeyStorageProvider
Syntax: virtual ara::core::Result<TransactionId> ara::crypto::keys::KeyStorage
Provider::BeginTransaction (const TransactionScope &targetSlots)
noexcept=0;
Parameters (in): targetSlots a list of KeySlots that should be updated during this
transaction.
Return value: ara::core::Result< TransactionId > a unique ID assigned to this transaction
Exception Safety: noexcept
Thread Safety: Thread-safe
Errors: CryptoErrorDomain::kUnreserved if targetSlots list has a slot that has not been
Resource configured with the reserveSpareSlot parameter in
the manifest
CryptoErrorDomain::kBusyResource if targetSlots list has key slots that are already
involved to another pending transaction or opened in
writing mode
Header file: #include "ara/crypto/keys/key_storage_provider.h"
Description: Begin new transaction for key slots update. In order for a keyslot to be part of a transaction
scope, the reserveSpareSlot model parameter of the keyslot has to be set to true. A transaction
is dedicated for updating related key slots simultaneously (in an atomic, all-or-nothing, way). All
key slots that should be updated by the transaction have to be opened and provided to this
function. Any changes to the slots in scope are executed by calling commit().

c(RS_CRYPTO_02004)
[SWS_CRYPT_30124]{DRAFT} d
Kind: function
Symbol: CommitTransaction(TransactionId id)
Scope: class ara::crypto::keys::KeyStorageProvider
Syntax: virtual ara::core::Result<void> ara::crypto::keys::KeyStorage
Provider::CommitTransaction (TransactionId id) noexcept=0;
Parameters (in): id an ID of a transaction that should be commited
Return value: ara::core::Result< void > –
Exception Safety: noexcept
Thread Safety: Thread-safe
Errors: CryptoErrorDomain::kInvalidArgument if provided id is invalid, i.e. this ID is unknown or
correspondent transaction already was finished
(commited or rolled back)
Header file: #include "ara/crypto/keys/key_storage_provider.h"
Description: Commit changes of the transaction to Key Storage. Any changes of key slots made during a
transaction are invisible up to the commit execution. The commit command permanently saves
all changes made during the transaction in Key Storage.

c(RS_CRYPTO_02004)

246 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

[SWS_CRYPT_30110]{DRAFT} d
Kind: function
Symbol: ~KeyStorageProvider()
Scope: class ara::crypto::keys::KeyStorageProvider
Syntax: virtual ara::crypto::keys::KeyStorageProvider::~KeyStorageProvider ()
noexcept=default;
Exception Safety: noexcept
Header file: #include "ara/crypto/keys/key_storage_provider.h"
Description: Destructor.

c(RS_CRYPTO_02004)
[SWS_CRYPT_30131]{DRAFT} d
Kind: function
Symbol: GetRegisteredObserver()
Scope: class ara::crypto::keys::KeyStorageProvider
Syntax: virtual UpdatesObserver::Uptr ara::crypto::keys::KeyStorage
Provider::GetRegisteredObserver () const noexcept=0;
Return value: UpdatesObserver::Uptr unique pointer to the registered Updates Observer
interface (copy of an internal unique pointer is
returned, i.e. the Key Storage provider continues to
keep the ownership)
Exception Safety: noexcept
Thread Safety: Thread-safe
Header file: #include "ara/crypto/keys/key_storage_provider.h"
Description: Get pointer of registered Updates Observer. The method returns nullptr if no observers have
been registered yet!

c(RS_CRYPTO_02401)
[SWS_CRYPT_30115]{DRAFT} d
Kind: function
Symbol: LoadKeySlot(ara::core::InstanceSpecifier &iSpecify)
Scope: class ara::crypto::keys::KeyStorageProvider
Syntax: virtual ara::core::Result<KeySlot::Uptr> ara::crypto::keys::KeyStorage
Provider::LoadKeySlot (ara::core::InstanceSpecifier &iSpecify)
noexcept=0;
Parameters (in): iSpecify the target key-slot instance specifier
Return value: ara::core::Result< KeySlot::Uptr > an unique smart pointer to allocated key slot
Exception Safety: noexcept
Thread Safety: Thread-safe
Errors: CryptoErrorDomain::kUnreserved if the InstanceSpecifier is incorrect (the slot is not
Resource allocated)
Header file: #include "ara/crypto/keys/key_storage_provider.h"
Description: Load a key slot. The functions loads the information associated with a KeySlot into a KeySlot
object.

c(RS_CRYPTO_02004)

247 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

[SWS_CRYPT_30130]{DRAFT} d
Kind: function
Symbol: RegisterObserver(UpdatesObserver::Uptr observer=nullptr)
Scope: class ara::crypto::keys::KeyStorageProvider
Syntax: virtual UpdatesObserver::Uptr ara::crypto::keys::KeyStorage
Provider::RegisterObserver (UpdatesObserver::Uptr observer=nullptr)
noexcept=0;
Parameters (in): observer optional pointer to a client-supplied Updates
Observer instance that should be registered inside
Key Storage implementation and called every time,
when an opened for usage/loading key slot is
updated externally (by its "Owner" application)
Return value: UpdatesObserver::Uptr unique pointer to previously registered Updates
Observer interface (the pointer ownership is "moved
out" to the caller code)
Exception Safety: noexcept
Thread Safety: Thread-safe
Header file: #include "ara/crypto/keys/key_storage_provider.h"
Description: Register consumer Updates Observer. Only one instance of the UpdatesObserver may be
registered by an application process, therefore this method always unregister previous observer
and return its unique pointer. If (nullptr == observer) then the method only unregister the
previous observer! The method returns nullptr if no observers have been registered yet!

c(RS_CRYPTO_02401)
[SWS_CRYPT_30125]{DRAFT} d
Kind: function
Symbol: RollbackTransaction(TransactionId id)
Scope: class ara::crypto::keys::KeyStorageProvider
Syntax: virtual ara::core::Result<void> ara::crypto::keys::KeyStorage
Provider::RollbackTransaction (TransactionId id) noexcept=0;
Parameters (in): id an ID of a transaction that should be rolled back
Return value: ara::core::Result< void > –
Exception Safety: noexcept
Thread Safety: Thread-safe
Errors: CryptoErrorDomain::kInvalidArgument if provided id is invalid, i.e. this ID is unknown or
correspondent transaction already was finished
(commited or rolled back)
Header file: #include "ara/crypto/keys/key_storage_provider.h"
Description: Rollback all changes executed during the transaction in Key Storage. The rollback command
permanently cancels all changes made during the transaction in Key Storage. A rolled back
transaction is completely invisible for all applications.

c(RS_CRYPTO_02004)
[SWS_CRYPT_30126]{DRAFT} d
Kind: function
Symbol: UnsubscribeObserver(KeySlot &slot)
Scope: class ara::crypto::keys::KeyStorageProvider
5

248 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

4
Syntax: virtual ara::core::Result<void> ara::crypto::keys::KeyStorage
Provider::UnsubscribeObserver (KeySlot &slot) noexcept=0;
Parameters (in): slot number of a slot that should be unsubscribed from
the updates observing
Return value: ara::core::Result< void > –
Exception Safety: noexcept
Thread Safety: Thread-safe
Errors: CryptoErrorDomain::kInvalidArgument if the specified slot is not monitored now (i.e. if it
was not successfully opened via OpenAsUser() or it
was already unsubscribed by this method)
Header file: #include "ara/crypto/keys/key_storage_provider.h"
Description: Unsubscribe the Update Observer from changes monitoring of the specified slot.

c(RS_CRYPTO_02004)
[SWS_CRYPT_30222]{DRAFT} d
Kind: function
Symbol: operator=(const KeyStorageProvider &other)
Scope: class ara::crypto::keys::KeyStorageProvider
Syntax: KeyStorageProvider& ara::crypto::keys::KeyStorageProvider::operator=
(const KeyStorageProvider &other)=default;
Parameters (in): other the other instance
Return value: KeyStorageProvider & *this, containing the contents of other
Header file: #include "ara/crypto/keys/key_storage_provider.h"
Description: Copy-assign another KeyStorageProvider to this instance.

c(RS_CRYPTO_02004)
[SWS_CRYPT_30223]{DRAFT} d
Kind: function
Symbol: operator=(KeyStorageProvider &&other)
Scope: class ara::crypto::keys::KeyStorageProvider
Syntax: KeyStorageProvider& ara::crypto::keys::KeyStorageProvider::operator= (
KeyStorageProvider &&other)=default;
Parameters (in): other the other instance
Return value: KeyStorageProvider & *this, containing the contents of other
Header file: #include "ara/crypto/keys/key_storage_provider.h"
Description: Move-assign another KeyStorageProvider to this instance.

c(RS_CRYPTO_02004)
[SWS_CRYPT_30350]{DRAFT} d
Kind: function
Symbol: operator==(const KeySlotPrototypeProps &lhs, const KeySlotPrototypeProps &rhs)
Scope: namespace ara::crypto::keys
5

249 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

4
Syntax: constexpr bool ara::crypto::keys::operator== (const KeySlotPrototype
Props &lhs, const KeySlotPrototypeProps &rhs) noexcept;
Parameters (in): lhs left-hand side operand
rhs right-hand side operand
Return value: bool true if all members’ values of lhs is equal to rhs, and
false otherwise
Exception Safety: noexcept
Thread Safety: Thread-safe
Header file: #include "ara/crypto/keys/key_slot_prototype_props.h"
Description: Comparison operator "equal" for KeySlotPrototypeProps operands.

c(RS_CRYPTO_02110)
[SWS_CRYPT_30351]{DRAFT} d
Kind: function
Symbol: operator!=(const KeySlotPrototypeProps &lhs, const KeySlotPrototypeProps &rhs)
Scope: namespace ara::crypto::keys
Syntax: constexpr bool ara::crypto::keys::operator!= (const KeySlotPrototype
Props &lhs, const KeySlotPrototypeProps &rhs) noexcept;
Parameters (in): lhs left-hand side operand
rhs right-hand side operand
Return value: bool true if at least one member of lhs has a value not
equal to correspondent member of rhs, and false
otherwise
Exception Safety: noexcept
Thread Safety: Thread-safe
Header file: #include "ara/crypto/keys/key_slot_prototype_props.h"
Description: Comparison operator "not equal" for KeySlotPrototypeProps operands.

c(RS_CRYPTO_02110)
[SWS_CRYPT_30550]{DRAFT} d
Kind: function
Symbol: operator==(const KeySlotContentProps &lhs, const KeySlotContentProps &rhs)
Scope: namespace ara::crypto::keys
Syntax: constexpr bool ara::crypto::keys::operator== (const KeySlotContent
Props &lhs, const KeySlotContentProps &rhs) noexcept;
Parameters (in): lhs left-hand side operand
rhs right-hand side operand
Return value: bool true if all members’ values of lhs is equal to rhs, and
false otherwise
Exception Safety: noexcept
Thread Safety: Thread-safe
Header file: #include "ara/crypto/keys/key_slot_content_props.h"
Description: Comparison operator "equal" for KeySlotContentProps operands.

c(RS_CRYPTO_02111)

250 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

[SWS_CRYPT_30551]{DRAFT} d
Kind: function
Symbol: operator!=(const KeySlotContentProps &lhs, const KeySlotContentProps &rhs)
Scope: namespace ara::crypto::keys
Syntax: constexpr bool ara::crypto::keys::operator!= (const KeySlotContent
Props &lhs, const KeySlotContentProps &rhs) noexcept;
Parameters (in): lhs left-hand side operand
rhs right-hand side operand
Return value: bool true if at least one member of lhs has a value not
equal to correspondent member of rhs, and false
otherwise
Exception Safety: noexcept
Thread Safety: Thread-safe
Header file: #include "ara/crypto/keys/key_slot_content_props.h"
Description: Comparison operator "not equal" for KeySlotContentProps operands.

c(RS_CRYPTO_02111)
[SWS_CRYPT_30210]{DRAFT} d
Kind: function
Symbol: ~UpdatesObserver()
Scope: class ara::crypto::keys::UpdatesObserver
Syntax: virtual ara::crypto::keys::UpdatesObserver::~UpdatesObserver ()
noexcept=default;
Exception Safety: noexcept
Header file: #include "ara/crypto/keys/updates_observer.h"
Description: Destructor.

c(RS_CRYPTO_02004)
[SWS_CRYPT_30211]{DRAFT} d
Kind: function
Symbol: OnUpdate(const TransactionScope &updatedSlots)
Scope: class ara::crypto::keys::UpdatesObserver
Syntax: virtual void ara::crypto::keys::UpdatesObserver::OnUpdate (const
TransactionScope &updatedSlots) noexcept=0;
Parameters (in): updatedSlots List of monitored slots that were updated after
opening (for reading)
Return value: None
Exception Safety: noexcept
Thread Safety: Thread-safe
Header file: #include "ara/crypto/keys/updates_observer.h"
Description: Notification method that should be called if content of specified slots was changed. Key Storage
engine should call this method in a dedicated thread. The provided list may include only slots
subscribed for observing (during openning with the "User" permissions, i.e. for "reading" via a
call of the method OpenAsUser()). Each slot number may present in the provided list only one
time!

c(RS_CRYPTO_02004)

251 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

[SWS_CRYPT_30224]{DRAFT} d
Kind: function
Symbol: operator=(const UpdatesObserver &other)
Scope: class ara::crypto::keys::UpdatesObserver
Syntax: UpdatesObserver& ara::crypto::keys::UpdatesObserver::operator= (const
UpdatesObserver &other)=default;
Parameters (in): other the other instance
Return value: UpdatesObserver & *this, containing the contents of other
Header file: #include "ara/crypto/keys/updates_observer.h"
Description: Copy-assign another UpdatesObserver to this instance.

c(RS_CRYPTO_02004)
[SWS_CRYPT_30225]{DRAFT} d
Kind: function
Symbol: operator=(UpdatesObserver &&other)
Scope: class ara::crypto::keys::UpdatesObserver
Syntax: UpdatesObserver& ara::crypto::keys::UpdatesObserver::operator= (
UpdatesObserver &&other)=default;
Parameters (in): other the other instance
Return value: UpdatesObserver & *this, containing the contents of other
Header file: #include "ara/crypto/keys/updates_observer.h"
Description: Move-assign another UpdatesObserver to this instance.

c(RS_CRYPTO_02004)
[SWS_CRYPT_30500]{DRAFT} d
Kind: struct
Symbol: KeySlotContentProps
Scope: namespace ara::crypto::keys
Syntax: struct ara::crypto::keys::KeySlotContentProps {...};
Header file: #include "ara/crypto/keys/key_slot_content_props.h"
Description: Properties of current Key Slot Content, i.e. of a current instance stored to the Key Slot. A value
of the mAllowedUsage field is bitwise AND of the common usage flags defined at run-time and
the usage flags defined by the UserPermissions prototype for current "Actor".

c(RS_CRYPTO_02005, RS_CRYPTO_02111)
[SWS_CRYPT_30511]{DRAFT} d
Kind: type alias
Symbol: Uptr
Scope: struct ara::crypto::keys::KeySlotContentProps
Derived from: std::unique_ptr<KeySlotContentProps>
Syntax: using ara::crypto::keys::KeySlotContentProps::Uptr = std::unique_
ptr<KeySlotContentProps>;
Header file: #include "ara/crypto/keys/key_slot_content_props.h"
Description: shared pointer of interface

252 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

c(RS_CRYPTO_02111)
[SWS_CRYPT_30300]{DRAFT} d
Kind: struct
Symbol: KeySlotPrototypeProps
Scope: namespace ara::crypto::keys
Syntax: struct ara::crypto::keys::KeySlotPrototypeProps {...};
Header file: #include "ara/crypto/keys/key_slot_prototype_props.h"
Description: Prototyped Properties of a Key Slot.

c(RS_CRYPTO_02009, RS_CRYPTO_02110, RS_CRYPTO_02116)

[SWS_CRYPT_30302]{DRAFT} d
Kind: type alias
Symbol: Uptr
Scope: struct ara::crypto::keys::KeySlotPrototypeProps
Derived from: std::unique_ptr<KeySlotPrototypeProps>
Syntax: using ara::crypto::keys::KeySlotPrototypeProps::Uptr = std::unique_
ptr<KeySlotPrototypeProps>;
Header file: #include "ara/crypto/keys/key_slot_prototype_props.h"

c(RS_CRYPTO_02110)
[SWS_CRYPT_30402]{DRAFT} d
Kind: type alias
Symbol: Uptr
Scope: class ara::crypto::keys::KeySlot
Derived from: std::unique_ptr<KeySlot>
Syntax: using ara::crypto::keys::KeySlot::Uptr = std::unique_ptr<KeySlot>;
Header file: #include "ara/crypto/keys/keyslot.h"
Description: Unique smart pointer of the interface.

c(RS_CRYPTO_02405)
[SWS_CRYPT_30101]{DRAFT} d
Kind: type alias
Symbol: Uptr
Scope: class ara::crypto::keys::KeyStorageProvider
Derived from: std::unique_ptr<KeyStorageProvider>
Syntax: using ara::crypto::keys::KeyStorageProvider::Uptr = std::unique_
ptr<KeyStorageProvider>;
Header file: #include "ara/crypto/keys/key_storage_provider.h"

c(RS_CRYPTO_02004)

253 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

[SWS_CRYPT_30010]{DRAFT} d
Kind: type alias
Symbol: TransactionId
Scope: namespace ara::crypto::keys
Derived from: std::uint64_t
Syntax: using ara::crypto::keys::TransactionId = std::uint64_t;
Header file: #include "ara/crypto/keys/elementary_types.h"
Description: Definition of a transaction identifier type. The zero value should be reserved for especial cases.

c(RS_CRYPTO_02004)
[SWS_CRYPT_30011]{DRAFT} d
Kind: type alias
Symbol: TransactionScope
Scope: namespace ara::crypto::keys
Derived from: ara::core::Vector<KeySlot>
Syntax: using ara::crypto::keys::TransactionScope = ara::core::Vector<Key
Slot>;
Header file: #include "ara/crypto/keys/elementary_types.h"
Description: Definition of a "transaction scope" type. The "transaction scope" defines a list of key slots that
are target for update in a transaction.

c(RS_CRYPTO_02004)
[SWS_CRYPT_30201]{DRAFT} d
Kind: type alias
Symbol: Uptr
Scope: class ara::crypto::keys::UpdatesObserver
Derived from: std::unique_ptr<UpdatesObserver>
Syntax: using ara::crypto::keys::UpdatesObserver::Uptr = std::unique_
ptr<UpdatesObserver>;
Header file: #include "ara/crypto/keys/updates_observer.h"
Description: Shared smart pointer of the interface.

c(RS_CRYPTO_02004)
[SWS_CRYPT_30503]{DRAFT} d
Kind: variable
Symbol: mAlgId
Scope: struct ara::crypto::keys::KeySlotContentProps
Type: CryptoAlgId
Syntax: CryptoAlgId ara::crypto::keys::KeySlotContentProps::mAlgId;
Header file: #include "ara/crypto/keys/key_slot_content_props.h"
Description: Cryptoalgorithm of actual object stored to the slot.

c(RS_CRYPTO_02111)

254 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

[SWS_CRYPT_30505]{DRAFT} d
Kind: variable
Symbol: mObjectSize
Scope: struct ara::crypto::keys::KeySlotContentProps
Type: std::size_t
Syntax: std::size_t ara::crypto::keys::KeySlotContentProps::mObjectSize;
Header file: #include "ara/crypto/keys/key_slot_content_props.h"
Description: Actual size of an object currently stored to the slot.

c(RS_CRYPTO_02111)
[SWS_CRYPT_30508]{DRAFT} d
Kind: variable
Symbol: mObjectType
Scope: struct ara::crypto::keys::KeySlotContentProps
Type: CryptoObjectType
Syntax: CryptoObjectType ara::crypto::keys::KeySlotContentProps::mObjectType;
Header file: #include "ara/crypto/keys/key_slot_content_props.h"
Description: Actual type of an object stored to the slot.

c(RS_CRYPTO_02111)
[SWS_CRYPT_30501]{DRAFT} d
Kind: variable
Symbol: mObjectUid
Scope: struct ara::crypto::keys::KeySlotContentProps
Type: CryptoObjectUid
Syntax: CryptoObjectUid ara::crypto::keys::KeySlotContentProps::mObjectUid;
Header file: #include "ara/crypto/keys/key_slot_content_props.h"
Description: UID of a Crypto Object stored to the slot.

c(RS_CRYPTO_02111)
[SWS_CRYPT_30506]{DRAFT} d
Kind: variable
Symbol: mContentAllowedUsage
Scope: struct ara::crypto::keys::KeySlotContentProps
Type: AllowedUsageFlags
Syntax: AllowedUsageFlags ara::crypto::keys::KeySlotContentProps::mContent
AllowedUsage;
Header file: #include "ara/crypto/keys/key_slot_content_props.h"
Description: Actual usage restriction flags of an object stored to the slot for the current "Actor".

c(RS_CRYPTO_02111)

255 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

[SWS_CRYPT_30306]{DRAFT} d
Kind: variable
Symbol: mAlgId
Scope: struct ara::crypto::keys::KeySlotPrototypeProps
Type: CryptoAlgId
Syntax: CryptoAlgId ara::crypto::keys::KeySlotPrototypeProps::mAlgId;
Header file: #include "ara/crypto/keys/key_slot_prototype_props.h"
Description: Cryptoalgorithm restriction (kAlgIdAny means without restriction). The algorithm can be
specified partially: family & length, mode, padding.

c(RS_CRYPTO_02110)
[SWS_CRYPT_30309]{DRAFT} d
Kind: variable
Symbol: mAllocateSpareSlot
Scope: struct ara::crypto::keys::KeySlotPrototypeProps
Type: bool
Syntax: bool ara::crypto::keys::KeySlotPrototypeProps::mAllocateSpareSlot;
Header file: #include "ara/crypto/keys/key_slot_prototype_props.h"
Description: Indicates whether FC Crypto shall allocate sufficient storage space for a shadow copy of this
KeySlot.

c(RS_CRYPTO_02110)
[SWS_CRYPT_30310]{DRAFT} d
Kind: variable
Symbol: mAllowContentTypeChange
Scope: struct ara::crypto::keys::KeySlotPrototypeProps
Type: bool
Syntax: bool ara::crypto::keys::KeySlotPrototypeProps::mAllowContentType
Change;
Header file: #include "ara/crypto/keys/key_slot_prototype_props.h"
Description: Indicates whether the content of this key-slot may be changed, e.g. from storing a symmetric
key to storing an RSA key If this is set to false, then the mObjectType of this KeySlotPrototype
Props must be a) valid and b) cannot be changed ( i.e. only objects of mObjectType may be
stored in this key-slot).

c(RS_CRYPTO_02110)
[SWS_CRYPT_30313]{DRAFT} d
Kind: variable
Symbol: mContentAllowedUsage
Scope: struct ara::crypto::keys::KeySlotPrototypeProps
Type: AllowedUsageFlags
Syntax: AllowedUsageFlags ara::crypto::keys::KeySlotPrototypeProps::mContent
AllowedUsage;
Header file: #include "ara/crypto/keys/key_slot_prototype_props.h"
5

256 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

4
Description: Indicates how the content may be used. The following use cases of this attribute are
considered:
the object to be stored in this key-slot has it’s AllowedUsageFlags set to kAllowPrototypedOnly.
In this case this attribute must be observed when loading the content into a runtime instance
(e.g. the AllowedUsageFlags of a SymmetricKey object should be set according to this
attribute) mMaxUpdatesAllowed==0, in this case the content is provided during production
while the AllowedUsageFlags is modeled using this attribute when this key-slot is flexibly
updated the runtime object’s AllowedUsageFlags override this attribute upon a later loading
from this key-slot

c(RS_CRYPTO_02110)
[SWS_CRYPT_30312]{DRAFT} d
Kind: variable
Symbol: mExportAllowed
Scope: struct ara::crypto::keys::KeySlotPrototypeProps
Type: bool
Syntax: bool ara::crypto::keys::KeySlotPrototypeProps::mExportAllowed;
Header file: #include "ara/crypto/keys/key_slot_prototype_props.h"
Description: Indicates whether the key-slot content may be exported.

c(RS_CRYPTO_02110)
[SWS_CRYPT_30311]{DRAFT} d
Kind: variable
Symbol: mMaxUpdateAllowed
Scope: struct ara::crypto::keys::KeySlotPrototypeProps
Type: std::int32_t
Syntax: std::int32_t ara::crypto::keys::KeySlotPrototypeProps::mMaxUpdate
Allowed;
Header file: #include "ara/crypto/keys/key_slot_prototype_props.h"
Description: Specifies how many times this key-slot may be updated, e.g.:
a value of 0 means the key-slot content will be pre-set during production a value of 1 means the
key-slot content can be updated only once ("OTP") a negative value means the key-slot content
can be updated inifinitely

c(RS_CRYPTO_02110)
[SWS_CRYPT_30305]{DRAFT} d
Kind: variable
Symbol: mSlotType
Scope: struct ara::crypto::keys::KeySlotPrototypeProps
Type: KeySlotType
Syntax: KeySlotType ara::crypto::keys::KeySlotPrototypeProps::mSlotType;
Header file: #include "ara/crypto/keys/key_slot_prototype_props.h"
5

257 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

4
Description: Key-slot type configuration: all key-slots used by the adaptive machine to provide serives such
as secure communication, diagnostics, updates, secure storage etc. shall use the type k
Machine. All key-slots that will be used by the adaptive user application must use kApplication.
A key-manager user application may define kMachine key-slots as well; in this case the
integrator must match a corresponding machine key-slot to be managed.

c(RS_CRYPTO_02110)
[SWS_CRYPT_30307]{DRAFT} d
Kind: variable
Symbol: mSlotCapacity
Scope: struct ara::crypto::keys::KeySlotPrototypeProps
Type: std::size_t
Syntax: std::size_t ara::crypto::keys::KeySlotPrototypeProps::mSlotCapacity;
Header file: #include "ara/crypto/keys/key_slot_prototype_props.h"
Description: Capacity of the slot in bytes.

c(RS_CRYPTO_02110)
[SWS_CRYPT_30308]{DRAFT} d
Kind: variable
Symbol: mObjectType
Scope: struct ara::crypto::keys::KeySlotPrototypeProps
Type: CryptoObjectType
Syntax: CryptoObjectType ara::crypto::keys::KeySlotPrototypeProps::mObject
Type;
Header file: #include "ara/crypto/keys/key_slot_prototype_props.h"
Description: Restriction of an object type that can be stored the slot. If this field contains CryptoObject
Type::kUnknown then without restriction of the type.

c(RS_CRYPTO_02110)

8.3 C++ language binding X509 Certificate Management Provider

[SWS_CRYPT_40100]{DRAFT} d
Kind: class
Symbol: BasicCertInfo
Scope: namespace ara::crypto::x509
Base class: X509Object
Syntax: class ara::crypto::x509::BasicCertInfo : public X509Object {...};
Header file: #include "ara/crypto/x509/basic_cert_info.h"
Description: Basic Certificate Information interface.

c(RS_CRYPTO_02306)

258 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

[SWS_CRYPT_40200]{DRAFT} d
Kind: class
Symbol: Certificate
Scope: namespace ara::crypto::x509
Base class: BasicCertInfo
Syntax: class ara::crypto::x509::Certificate : public BasicCertInfo {...};
Header file: #include "ara/crypto/x509/certificate.h"
Description: X.509 Certificate interface.

c(RS_CRYPTO_02306)
[SWS_CRYPT_40300]{DRAFT} d
Kind: class
Symbol: CertSignRequest
Scope: namespace ara::crypto::x509
Base class: BasicCertInfo
Syntax: class ara::crypto::x509::CertSignRequest : public BasicCertInfo
{...};
Header file: #include "ara/crypto/x509/cert_sign_request.h"
Description: Certificate Signing Request (CSR) object interface This interface is dedicated for complete
parsing of the request content.

c(RS_CRYPTO_02306)
[SWS_CRYPT_40700]{DRAFT} d
Kind: class
Symbol: OcspRequest
Scope: namespace ara::crypto::x509
Base class: X509Object
Syntax: class ara::crypto::x509::OcspRequest : public X509Object {...};
Header file: #include "ara/crypto/x509/ocsp_request.h"
Description: On-line Certificate Status Protocol Request.

c(RS_CRYPTO_02306)
[SWS_CRYPT_40800]{DRAFT} d
Kind: class
Symbol: OcspResponse
Scope: namespace ara::crypto::x509
Base class: X509Object
Syntax: class ara::crypto::x509::OcspResponse : public X509Object {...};
Header file: #include "ara/crypto/x509/ocsp_response.h"
Description: On-line Certificate Status Protocol Response.

c(RS_CRYPTO_02306)

259 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

[SWS_CRYPT_24400]{DRAFT} d
Kind: class
Symbol: X509PublicKeyInfo
Scope: namespace ara::crypto::x509
Base class: ara::crypto::Serializable
Syntax: class ara::crypto::x509::X509PublicKeyInfo : public
ara::crypto::Serializable {...};
Header file: #include "ara/crypto/x509/x509_public_key_info.h"
Description: X.509 Public Key Information interface.

c(RS_CRYPTO_02307)
[SWS_CRYPT_40400]{DRAFT} d
Kind: class
Symbol: X509DN
Scope: namespace ara::crypto::x509
Base class: X509Object
Syntax: class ara::crypto::x509::X509DN : public X509Object {...};
Header file: #include "ara/crypto/x509/x509_dn.h"
Description: Interface of X.509 Distinguished Name (DN).

c(RS_CRYPTO_02306)
[SWS_CRYPT_40500]{DRAFT} d
Kind: class
Symbol: X509Extensions
Scope: namespace ara::crypto::x509
Base class: X509Object
Syntax: class ara::crypto::x509::X509Extensions : public X509Object {...};
Header file: #include "ara/crypto/x509/x509_extensions.h"
Description: Interface of X.509 Extensions.

c(RS_CRYPTO_02306)
[SWS_CRYPT_40900]{DRAFT} d
Kind: class
Symbol: X509Object
Scope: namespace ara::crypto::x509
Base class: ara::crypto::Serializable
Syntax: class ara::crypto::x509::X509Object : public
ara::crypto::Serializable {...};
Header file: #include "ara/crypto/x509/x509_object.h"
Description: Common interface of all objects created by X.509 Provider.

c(RS_CRYPTO_02306)

260 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

[SWS_CRYPT_40600]{DRAFT} d
Kind: class
Symbol: X509Provider
Scope: namespace ara::crypto::x509
Syntax: class ara::crypto::x509::X509Provider {...};
Header file: #include "ara/crypto/x509/x509_provider.h"
Description: X.509 Provider interface. The X.509 Provider supports two internal storages: volatile (or
session) and persistent. All X.509 objects created by the provider should have an actual
reference to their parent X.509 Provider. The X.509 Provider can be destroyed only after
destroying of all its daughterly objects. Each method of this interface that creates a X.509
object is non-constant, because any such creation increases a references counter of the X.509
Provider.

c(RS_CRYPTO_02306)
[SWS_CRYPT_40932]{DRAFT} d
Kind: class
Symbol: X509CustomExtensionsParser
Scope: namespace ara::crypto::x509
Syntax: class ara::crypto::x509::X509CustomExtensionsParser {...};
Header file: #include "ara/crypto/x509/x509_custom_extension_parser.h"
Description: X.509 custom extensions parser Callback class to be implemented by user. Implemented
functions get called by X509Provider::ParseCustomCertExtensions when parsing a certificate.
If any function of this class returns an error, the parsing will stop.

c(RS_CRYPTO_02306)
[SWS_CRYPT_24414]{DRAFT} d
Kind: function
Symbol: GetPublicKey()
Scope: class ara::crypto::x509::X509PublicKeyInfo
Syntax: virtual ara::core::Result<ara::crypto::cryp::PublicKey::Uptrc>
ara::crypto::x509::X509PublicKeyInfo::GetPublicKey () const
noexcept=0;
Return value: ara::core::Result< unique smart pointer to the created public key of the
ara::crypto::cryp::PublicKey::Uptrc > subject
Exception Safety: noexcept
Thread Safety: Thread-safe
Header file: #include "ara/crypto/x509/x509_public_key_info.h"
Description: Get public key object of the subject. Created PublicKey object is session and non-exportable,
because generic X.509 certificate or certificate signing request (CSR) doesn’t have COUID of
the public key, therefore it should be saved or transmitted only as a part of correspondent
certificate or CSR.

c(RS_CRYPTO_02108, RS_CRYPTO_02306)

261 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

[SWS_CRYPT_24412]{DRAFT} d
Kind: function
Symbol: GetRequiredHashAlgId()
Scope: class ara::crypto::x509::X509PublicKeyInfo
Syntax: virtual CryptoAlgId ara::crypto::x509::X509PublicKeyInfo::GetRequired
HashAlgId () const noexcept=0;
Return value: CryptoAlgId required hash algorithm ID or kAlgIdAny if the
signature algorithm specification does not include a
concrete hash function
Exception Safety: noexcept
Thread Safety: Thread-safe
Header file: #include "ara/crypto/x509/x509_public_key_info.h"
Description: Get an ID of hash algorithm required by current signature algorithm.

c(RS_CRYPTO_02309)
[SWS_CRYPT_24411]{DRAFT} d
Kind: function
Symbol: GetRequiredHashSize()
Scope: class ara::crypto::x509::X509PublicKeyInfo
Syntax: virtual std::size_t ara::crypto::x509::X509PublicKeyInfo::GetRequired
HashSize () const noexcept=0;
Return value: std::size_t required hash size in bytes
Exception Safety: noexcept
Header file: #include "ara/crypto/x509/x509_public_key_info.h"
Description: Get the hash size required by current signature algorithm.

c(RS_CRYPTO_02309)
[SWS_CRYPT_24413]{DRAFT} d
Kind: function
Symbol: GetSignatureSize()
Scope: class ara::crypto::x509::X509PublicKeyInfo
Syntax: virtual std::size_t ara::crypto::x509::X509PublicKeyInfo::GetSignature
Size () const noexcept=0;
Return value: std::size_t size of the signature value in bytes
Exception Safety: noexcept
Thread Safety: Thread-safe
Header file: #include "ara/crypto/x509/x509_public_key_info.h"
Description: Get size of the signature value produced and required by the current algorithm.

c(RS_CRYPTO_02309)

262 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

[SWS_CRYPT_24410]{DRAFT} d
Kind: function
Symbol: GetAlgorithmId()
Scope: class ara::crypto::x509::X509PublicKeyInfo
Syntax: virtual ara::crypto::cryp::CryptoPrimitiveId::Uptrc
ara::crypto::x509::X509PublicKeyInfo::GetAlgorithmId ()=0;
Return value: ara::crypto::cryp::CryptoPrimitive –
Id::Uptrc
Header file: #include "ara/crypto/x509/x509_public_key_info.h"
Description: Get the CryptoPrimitiveId instance of this class.

c(RS_CRYPTO_02307)
[SWS_CRYPT_24415]{DRAFT} d
Kind: function
Symbol: IsSameKey(const ara::crypto::cryp::PublicKey &publicKey)
Scope: class ara::crypto::x509::X509PublicKeyInfo
Syntax: virtual bool ara::crypto::x509::X509PublicKeyInfo::IsSameKey (const
ara::crypto::cryp::PublicKey &publicKey) const noexcept=0;
Parameters (in): publicKey the public key object for comparison
Return value: bool true if values of the stored public key and object
provided by the argument are identical and false
otherwise
Exception Safety: noexcept
Thread Safety: Thread-safe
Header file: #include "ara/crypto/x509/x509_public_key_info.h"
Description: Verify the sameness of the provided and kept public keys. This method compare the public key
values only.

c(RS_CRYPTO_02306)
[SWS_CRYPT_40115]{DRAFT} d
Kind: function
Symbol: GetConstraints()
Scope: class ara::crypto::x509::BasicCertInfo
Syntax: virtual KeyConstraints ara::crypto::x509::BasicCertInfo::Get
Constraints () const noexcept=0;
Return value: KeyConstraints key constraints
Exception Safety: noexcept
Thread Safety: Thread-safe
Header file: #include "ara/crypto/x509/basic_cert_info.h"
Description: Get the key constraints for the key associated with this PKCS#10 object.

c(RS_CRYPTO_02306)

263 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

[SWS_CRYPT_40114]{DRAFT} d
Kind: function
Symbol: GetPathLimit()
Scope: class ara::crypto::x509::BasicCertInfo
Syntax: virtual std::uint32_t ara::crypto::x509::BasicCertInfo::GetPathLimit
() const noexcept=0;
Return value: std::uint32_t certification path length limit
Exception Safety: noexcept
Thread Safety: Thread-safe
Header file: #include "ara/crypto/x509/basic_cert_info.h"
Description: Get the constraint on the path length defined in the Basic Constraints extension.

c(RS_CRYPTO_02306)
[SWS_CRYPT_40113]{DRAFT} d
Kind: function
Symbol: IsCa()
Scope: class ara::crypto::x509::BasicCertInfo
Syntax: virtual bool ara::crypto::x509::BasicCertInfo::IsCa () const
noexcept=0;
Return value: bool true if it is a CA request and false otherwise
Exception Safety: noexcept
Thread Safety: Thread-safe
Header file: #include "ara/crypto/x509/basic_cert_info.h"
Description: Check whether the CA attribute of X509v3 Basic Constraints is true (i.e. pathlen=0).

c(RS_CRYPTO_02306)
[SWS_CRYPT_40112]{DRAFT} d
Kind: function
Symbol: SubjectDn()
Scope: class ara::crypto::x509::BasicCertInfo
Syntax: virtual const X509DN& ara::crypto::x509::BasicCertInfo::SubjectDn ()
const noexcept=0;
Return value: const X509DN & subject DN
Exception Safety: noexcept
Thread Safety: Thread-safe
Header file: #include "ara/crypto/x509/basic_cert_info.h"
Description: Get the subject DN.

c(RS_CRYPTO_02306)

264 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

[SWS_CRYPT_40111]{DRAFT} d
Kind: function
Symbol: SubjectPubKey(cryp::CryptoProvider::Uptr cryptoProvider=nullptr)
Scope: class ara::crypto::x509::BasicCertInfo
Syntax: virtual const X509PublicKeyInfo& ara::crypto::x509::BasicCert
Info::SubjectPubKey (cryp::CryptoProvider::Uptr crypto
Provider=nullptr) const noexcept=0;
Parameters (in): cryptoProvider unique pointer of a target Crypto Provider, where the
public key will be used
Return value: const X509PublicKeyInfo & constant reference of the subject public key interface
Exception Safety: noexcept
Thread Safety: Thread-safe
Header file: #include "ara/crypto/x509/basic_cert_info.h"
Description: Load the subject public key information object to realm of specified crypto provider. If (crypto
Provider == nullptr) then X509PublicKeyInfo object will be loaded in realm of the Stack-default
Crypto Provider.

c(RS_CRYPTO_02306)
[SWS_CRYPT_40217]{DRAFT} d
Kind: function
Symbol: AuthorityKeyId()
Scope: class ara::crypto::x509::Certificate
Syntax: virtual ara::core::Result<ara::core::Vector<ara::core::Byte> >
ara::crypto::x509::Certificate::AuthorityKeyId () const noexcept=0;
Return value: ara::core::Result< ara::core::Vector< size of the DER encoded AuthorityKeyIdentifier in
ara::core::Byte > > bytes
Exception Safety: noexcept
Thread Safety: Thread-safe
Errors: CryptoErrorDomain::kInsufficient if (id.empty() == false), but its size is not enough for
Capacity storing the output value
Header file: #include "ara/crypto/x509/certificate.h"
Description: Get the DER encoded AuthorityKeyIdentifier of this certificate. If (id.empty() == true) then this
method only returns required size of the output buffer.

c(RS_CRYPTO_02306)
[SWS_CRYPT_40215]{DRAFT} d
Kind: function
Symbol: EndTime()
Scope: class ara::crypto::x509::Certificate
Syntax: virtual time_t ara::crypto::x509::Certificate::EndTime () const
noexcept=0;
Return value: time_t "Not After" of the certificate
Exception Safety: noexcept
Thread Safety: Thread-safe
Header file: #include "ara/crypto/x509/certificate.h"
Description: Get the "Not After" of the certificate.

c(RS_CRYPTO_02306)

265 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

[SWS_CRYPT_40220]{DRAFT} d
Kind: function
Symbol: GetFingerprint(ReadWriteMemRegion fingerprint, cryp::HashFunctionCtx &hashCtx)
Scope: class ara::crypto::x509::Certificate
Syntax: virtual ara::core::Result<std::size_t>
ara::crypto::x509::Certificate::GetFingerprint (ReadWriteMemRegion
fingerprint, cryp::HashFunctionCtx &hashCtx) const noexcept=0;
Parameters (in): hashCtx an initialized hash function context
Parameters (out): fingerprint output buffer for the fingerprint storage
Return value: ara::core::Result< std::size_t > number of bytes actually saved to the output buffer
Exception Safety: noexcept
Thread Safety: Thread-safe
Errors: CryptoErrorDomain::kIncompleteArg if the hashCtx context is not initialized
State
Header file: #include "ara/crypto/x509/certificate.h"
Description: Calculate a fingerprint from the whole certificate. The produced fingerprint value saved to the
output buffer starting from leading bytes of the hash value. If the capacity of the output buffer is
less than the digest size then the digest will be truncated and only leading bytes will be saved.
If the capacity of the output buffer is higher than the digest size then only leading bytes of the
buffer will be updated.

c(RS_CRYPTO_02306)
[SWS_CRYPT_40221]{DRAFT} d
Kind: function
Symbol: GetStatus()
Scope: class ara::crypto::x509::Certificate
Syntax: virtual Status ara::crypto::x509::Certificate::GetStatus () const
noexcept=0;
Return value: Status the certificate verification status
Exception Safety: noexcept
Thread Safety: Thread-safe
Header file: #include "ara/crypto/x509/certificate.h"
Description: Return last verification status of the certificate.

c(RS_CRYPTO_02306)
[SWS_CRYPT_40212]{DRAFT} d
Kind: function
Symbol: IsRoot()
Scope: class ara::crypto::x509::Certificate
Syntax: virtual bool ara::crypto::x509::Certificate::IsRoot () const
noexcept=0;
Return value: bool true if the TrustMaster has set this certificate as root
Exception Safety: noexcept
Thread Safety: Thread-safe
Header file: #include "ara/crypto/x509/certificate.h"
Description: Check whether this certificate belongs to a root CA.

c(RS_CRYPTO_02306)

266 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

[SWS_CRYPT_40213]{DRAFT} d
Kind: function
Symbol: IssuerDn()
Scope: class ara::crypto::x509::Certificate
Syntax: virtual const X509DN& ara::crypto::x509::Certificate::IssuerDn ()
const =0;
Return value: const X509DN & Issuer DN of this certificate
Thread Safety: Thread-safe
Header file: #include "ara/crypto/x509/certificate.h"
Description: Get the issuer certificate DN.

c(RS_CRYPTO_02306)
[SWS_CRYPT_40216]{DRAFT} d
Kind: function
Symbol: SerialNumber()
Scope: class ara::crypto::x509::Certificate
Syntax: virtual ara::core::Result<ara::core::Vector<ara::core::Byte> >
ara::crypto::x509::Certificate::SerialNumber () const noexcept=0;
Return value: ara::core::Result< ara::core::Vector< size of the certificate serial number in bytes
ara::core::Byte > >
Exception Safety: noexcept
Thread Safety: Thread-safe
Errors: CryptoErrorDomain::kInsufficient if (sn.empty() == false), but its size is not enough for
Capacity storing the output value
Header file: #include "ara/crypto/x509/certificate.h"
Description: Get the serial number of this certificate. If (sn.empty() == true) then this method only returns
required size of the output buffer.

c(RS_CRYPTO_02306)
[SWS_CRYPT_40214]{DRAFT} d
Kind: function
Symbol: StartTime()
Scope: class ara::crypto::x509::Certificate
Syntax: virtual time_t ara::crypto::x509::Certificate::StartTime () const
noexcept=0;
Return value: time_t "Not Before" of the certificate
Exception Safety: noexcept
Thread Safety: Thread-safe
Header file: #include "ara/crypto/x509/certificate.h"
Description: Get the "Not Before" of the certificate.

c(RS_CRYPTO_02306)

267 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

[SWS_CRYPT_40218]{DRAFT} d
Kind: function
Symbol: SubjectKeyId()
Scope: class ara::crypto::x509::Certificate
Syntax: virtual ara::core::Result<ara::core::Vector<ara::core::Byte> >
ara::crypto::x509::Certificate::SubjectKeyId () const noexcept=0;
Return value: ara::core::Result< ara::core::Vector< size of the DER encoded SubjectKeyIdentifier in
ara::core::Byte > > bytes
Exception Safety: noexcept
Thread Safety: Thread-safe
Errors: CryptoErrorDomain::kInsufficient if (id.empty() == false), but its size is not enough for
Capacity storing the output value
Header file: #include "ara/crypto/x509/certificate.h"
Description: Get the DER encoded SubjectKeyIdentifier of this certificate. If (id.empty() == true) then this
method only returns required size of the output buffer.

c(RS_CRYPTO_02306)
[SWS_CRYPT_40219]{DRAFT} d
Kind: function
Symbol: VerifyMe(ara::core::Optional< const Certificate::Uptr > caCert)
Scope: class ara::crypto::x509::Certificate
Syntax: virtual bool ara::crypto::x509::Certificate::VerifyMe (
ara::core::Optional< const Certificate::Uptr > caCert) const
noexcept=0;
Parameters (in): caCert the optional pointer to a Certification Authority
certificate used for signature of the current one
Return value: bool true if this certificate was verified successfully and
false otherwise
Exception Safety: noexcept
Thread Safety: Thread-safe
Header file: #include "ara/crypto/x509/certificate.h"
Description: Verify signature of the certificate. Call with (caCert == nullptr) is applicable only if this is a
certificate of a root CA.

c(RS_CRYPTO_02306)
[SWS_CRYPT_40211]{DRAFT} d
Kind: function
Symbol: X509Version()
Scope: class ara::crypto::x509::Certificate
Syntax: virtual std::uint32_t ara::crypto::x509::Certificate::X509Version ()
const noexcept=0;
Return value: std::uint32_t X.509 version
Exception Safety: noexcept
Thread Safety: Thread-safe
Header file: #include "ara/crypto/x509/certificate.h"
Description: Get the X.509 version of this certificate object.

c(RS_CRYPTO_02306)

268 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

[SWS_CRYPT_40311]{DRAFT} d
Kind: function
Symbol: Verify()
Scope: class ara::crypto::x509::CertSignRequest
Syntax: virtual bool ara::crypto::x509::CertSignRequest::Verify () const
noexcept=0;
Return value: bool true if the signature is correct
Exception Safety: noexcept
Thread Safety: Thread-safe
Header file: #include "ara/crypto/x509/cert_sign_request.h"
Description: Verifies self-signed signature of the certificate request.

c(RS_CRYPTO_02306)
[SWS_CRYPT_40313]{DRAFT} d
Kind: function
Symbol: ExportASN1CertSignRequest()
Scope: class ara::crypto::x509::CertSignRequest
Syntax: virtual ara::core::Result<ara::core::Vector<ara::core::Byte> >
ara::crypto::x509::CertSignRequest::ExportASN1CertSignRequest ()
noexcept=0;
Return value: ara::core::Result< ara::core::Vector< a buffer with the formatted CSR
ara::core::Byte > >
Exception Safety: noexcept
Thread Safety: Thread-safe
Errors: CryptoErrorDomain::kInvalidUsage this error will be returned in case not all required
Order information has been provided
Header file: #include "ara/crypto/x509/cert_sign_request.h"
Description: Export this certificate signing request in DER encoded ASN1 format. Note: this is the CSR that
can be sent to the CA for obtaining the certificate.

c(RS_CRYPTO_02306)
[SWS_CRYPT_40315]{DRAFT} d
Kind: function
Symbol: GetSignature()
Scope: class ara::crypto::x509::CertSignRequest
Syntax: virtual const ara::crypto::cryp::Signature& ara::crypto::x509::Cert
SignRequest::GetSignature () const noexcept=0;
Return value: const ara::crypto::cryp::Signature & signature object of the request
Exception Safety: noexcept
Thread Safety: Thread-safe
Header file: #include "ara/crypto/x509/cert_sign_request.h"
Description: Return signature object of the request.

c(RS_CRYPTO_02306)

269 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

[SWS_CRYPT_40314]{DRAFT} d
Kind: function
Symbol: Version()
Scope: class ara::crypto::x509::CertSignRequest
Syntax: virtual unsigned ara::crypto::x509::CertSignRequest::Version () const
noexcept=0;
Return value: unsigned format version of the certificate request
Exception Safety: noexcept
Thread Safety: Thread-safe
Header file: #include "ara/crypto/x509/cert_sign_request.h"
Description: Return format version of the certificate request.

c(RS_CRYPTO_02306)
[SWS_CRYPT_40711]{DRAFT} d
Kind: function
Symbol: Version()
Scope: class ara::crypto::x509::OcspRequest
Syntax: virtual std::uint32_t ara::crypto::x509::OcspRequest::Version () const
noexcept=0;
Return value: std::uint32_t OCSP request format version
Exception Safety: noexcept
Thread Safety: Thread-safe
Header file: #include "ara/crypto/x509/ocsp_request.h"
Description: Get version of the OCSP request format.

c(RS_CRYPTO_02306)
[SWS_CRYPT_40811]{DRAFT} d
Kind: function
Symbol: Version()
Scope: class ara::crypto::x509::OcspResponse
Syntax: virtual std::uint32_t ara::crypto::x509::OcspResponse::Version ()
const noexcept=0;
Return value: std::uint32_t OCSP response format version
Exception Safety: noexcept
Thread Safety: Thread-safe
Header file: #include "ara/crypto/x509/ocsp_response.h"
Description: Get version of the OCSP response format.

c(RS_CRYPTO_02306)

270 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

[SWS_CRYPT_40413]{DRAFT} d
Kind: function
Symbol: GetAttribute(AttributeId id)
Scope: class ara::crypto::x509::X509DN
Syntax: virtual ara::core::Result<ara::core::String>
ara::crypto::x509::X509DN::GetAttribute (AttributeId id) const
noexcept=0;
Parameters (in): id the identifier of required attribute
Return value: ara::core::Result< ara::core::String > String of the attribute
Exception Safety: noexcept
Thread Safety: Thread-safe
Errors: CryptoErrorDomain::kUnknown if the id argument has unsupported value
Identifier
CryptoErrorDomain::kInsufficient if (attribute != nullptr), but attribute->capacity() is
Capacity less than required for storing of the output
Header file: #include "ara/crypto/x509/x509_dn.h"
Description: Get DN attribute by its ID (this method is applicale to all attributes except kOrgUnit and k
DomainComponent). Capacity of the output string must be enough for storing the output value!
If (attribute == nullptr) then method only returns required buffer capacity.

c(RS_CRYPTO_02306)
[SWS_CRYPT_40415]{DRAFT} d
Kind: function
Symbol: GetAttribute(AttributeId id, unsigned index)
Scope: class ara::crypto::x509::X509DN
Syntax: virtual ara::core::Result<ara::core::String>
ara::crypto::x509::X509DN::GetAttribute (AttributeId id, unsigned
index) const noexcept=0;
Parameters (in): id the identifier of required attribute
index the zero-based index of required component of the
attribute
Return value: ara::core::Result< ara::core::String > String of the attribute
Exception Safety: noexcept
Thread Safety: Thread-safe
Errors: CryptoErrorDomain::kUnknown if the id argument has unsupported value
Identifier
CryptoErrorDomain::kInsufficient if (attribute != nullptr), but attribute->capacity() is
Capacity less than required for storing of the output
CryptoErrorDomain::kInvalidArgument if (id != kOrgUnit) && (id != kDomainComponent) &&
(index > 0)
CryptoErrorDomain::kAboveBoundary if ((id == kOrgUnit) || (id == kDomainComponent))
and the index value is greater than or equal to the
actual number of components in the specified
attribute
Header file: #include "ara/crypto/x509/x509_dn.h"
Description: Return DN attribute by its ID and sequential index (this method is applicale to attributes kOrg
Unit and kDomainComponent). Capacity of the output string must be enough for storing the
output value! If (attribute == nullptr) then method only returns required buffer capacity.

c(RS_CRYPTO_02306)

271 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

[SWS_CRYPT_40411]{DRAFT} d
Kind: function
Symbol: GetDnString()
Scope: class ara::crypto::x509::X509DN
Syntax: virtual ara::core::Result<ara::core::String>
ara::crypto::x509::X509DN::GetDnString () const noexcept=0;
Return value: ara::core::Result< ara::core::String > String of the whole DN string
Exception Safety: noexcept
Thread Safety: Thread-safe
Errors: CryptoErrorDomain::kInsufficient if (dn != nullptr), but dn->capacity() is less than
Capacity required for the output value storing
Header file: #include "ara/crypto/x509/x509_dn.h"
Description: Get the whole Distinguished Name (DN) as a single string. Capacity of the output string must
be enough for storing the output value! If (dn == nullptr) then method only returns required
buffer capacity.

c(RS_CRYPTO_02306)
[SWS_CRYPT_40417]{DRAFT} d
Kind: function
Symbol: operator==(const X509DN &other)
Scope: class ara::crypto::x509::X509DN
Syntax: virtual bool ara::crypto::x509::X509DN::operator== (const X509DN
&other) const noexcept=0;
Parameters (in): other another instance of DN for comparison
Return value: bool true if the provided DN is identical to this one and
false otherwise
Exception Safety: noexcept
Thread Safety: Thread-safe
Header file: #include "ara/crypto/x509/x509_dn.h"
Description: Check for equality of this and another Distinguished Name (DN) objects.

c(RS_CRYPTO_02306)
[SWS_CRYPT_40418]{DRAFT} d
Kind: function
Symbol: operator!=(const X509DN &other)
Scope: class ara::crypto::x509::X509DN
Syntax: bool ara::crypto::x509::X509DN::operator!= (const X509DN &other) const
noexcept;
Parameters (in): other another instance of DN for comparison
Return value: bool true if the provided DN is not identical to this one
and false otherwise
Exception Safety: noexcept
Thread Safety: Thread-safe
Header file: #include "ara/crypto/x509/x509_dn.h"
Description: Check for inequality of this and another Distinguished Name (DN) objects.

c(RS_CRYPTO_02306)

272 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

[SWS_CRYPT_40414]{DRAFT} d
Kind: function
Symbol: SetAttribute(AttributeId id, ara::core::StringView attribute)
Scope: class ara::crypto::x509::X509DN
Syntax: virtual ara::core::Result<void> ara::crypto::x509::X509DN::Set
Attribute (AttributeId id, ara::core::StringView attribute)
noexcept=0;
Parameters (in): id the identifier of required attributet
attribute the attribute value
Return value: ara::core::Result< void > –
Exception Safety: noexcept
Thread Safety: Thread-safe
Errors: CryptoErrorDomain::kUnknown if the id argument has unsupported value
Identifier
CryptoErrorDomain::kUnexpected if the attribute string contains incorrect characters or
Value it has unsupported length
Header file: #include "ara/crypto/x509/x509_dn.h"
Description: Set DN attribute by its ID (this method is applicale to all attributes except kOrgUnit and k
DomainComponent).

c(RS_CRYPTO_02306)
[SWS_CRYPT_40416]{DRAFT} d
Kind: function
Symbol: SetAttribute(AttributeId id, unsigned index, ara::core::StringView attribute)
Scope: class ara::crypto::x509::X509DN
Syntax: virtual ara::core::Result<void> ara::crypto::x509::X509DN::Set
Attribute (AttributeId id, unsigned index, ara::core::StringView
attribute) noexcept=0;
Parameters (in): id the identifier of required attribute
index the zero-based index of required component of the
attribute
attribute the attribute value
Return value: ara::core::Result< void > –
Exception Safety: noexcept
Thread Safety: Thread-safe
Errors: CryptoErrorDomain::kUnknown if the id argument has unsupported value
Identifier
CryptoErrorDomain::kUnexpected if the attribute string contains incorrect characters or
Value it has unsupported length
CryptoErrorDomain::kInvalidArgument if (id != kOrgUnit) && (id != kDomainComponent) &&
(index > 0)
CryptoErrorDomain::kAboveBoundary if ((id == kOrgUnit) || (id == kDomainComponent))
and the index value is greater than the current
number of components in the specified attribute
Header file: #include "ara/crypto/x509/x509_dn.h"
Description: Set DN attribute by its ID and sequential index (this method is applicale to attributes kOrgUnit
and kDomainComponent).

c(RS_CRYPTO_02306)

273 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

[SWS_CRYPT_40412]{DRAFT} d
Kind: function
Symbol: SetDn(ara::core::StringView dn)
Scope: class ara::crypto::x509::X509DN
Syntax: virtual ara::core::Result<void> ara::crypto::x509::X509DN::SetDn (
ara::core::StringView dn) noexcept=0;
Parameters (in): dn the single string containing the whole DN value in
text format
Return value: ara::core::Result< void > –
Exception Safety: noexcept
Thread Safety: Thread-safe
Header file: #include "ara/crypto/x509/x509_dn.h"
Description: Set whole Distinguished Name (DN) from a single string. [Error]: CryptoErrorDomain::k
UnexpectedValue if the dn string has incorrect syntax.

c(RS_CRYPTO_02306)
[SWS_CRYPT_40511]{DRAFT} d
Kind: function
Symbol: Count()
Scope: class ara::crypto::x509::X509Extensions
Syntax: virtual std::size_t ara::crypto::x509::X509Extensions::Count () const
noexcept=0;
Return value: std::size_t number of elements in the sequence
Exception Safety: noexcept
Thread Safety: Thread-safe
Header file: #include "ara/crypto/x509/x509_extensions.h"
Description: Count number of elements in the sequence.

c(RS_CRYPTO_02306)
[SWS_CRYPT_40911]{DRAFT} d
Kind: function
Symbol: MyProvider()
Scope: class ara::crypto::x509::X509Object
Syntax: virtual X509Provider& ara::crypto::x509::X509Object::MyProvider ()
const noexcept=0;
Return value: X509Provider & a reference to X.509 Provider instance that provides
this object
Exception Safety: noexcept
Thread Safety: Thread-safe
Header file: #include "ara/crypto/x509/x509_object.h"
Description: Get a reference to X.509 Provider of this object.

c(RS_CRYPTO_02401)

274 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

[SWS_CRYPT_40612]{DRAFT} d
Kind: function
Symbol: BuildDn(ara::core::StringView dn)
Scope: class ara::crypto::x509::X509Provider
Syntax: virtual ara::core::Result<X509DN::Uptrc>
ara::crypto::x509::X509Provider::BuildDn (ara::core::StringView dn)
noexcept=0;
Parameters (in): dn string representation of the Distinguished Name
Return value: ara::core::Result< X509DN::Uptrc > unique smart pointer for the created X509DN object
Exception Safety: noexcept
Thread Safety: Thread-safe
Errors: CryptoErrorDomain::kInvalidArgument if the dn argument has incorrect format
CryptoErrorDomain::kInvalidInputSize if the dn argument has unsupported length (too
large)
Header file: #include "ara/crypto/x509/x509_provider.h"
Description: Create completed X.500 Distinguished Name structure from the provided string representation.

c(RS_CRYPTO_02306)
[SWS_CRYPT_40629]{DRAFT} d
Kind: function
Symbol: CheckCertStatus(Certificate &cert, const OcspResponse &ocspResponse)
Scope: class ara::crypto::x509::X509Provider
Syntax: virtual ara::core::Result<bool> ara::crypto::x509::X509Provider::Check
CertStatus (Certificate &cert, const OcspResponse &ocspResponse) const
noexcept=0;
Parameters (in): cert a certificate that should be verified
ocspResponse an OCSP response
Return value: ara::core::Result< bool > true if the certificate is verified successfully and
false otherwise
Exception Safety: noexcept
Thread Safety: Thread-safe
Errors: CryptoErrorDomain::kInvalidArgument if the cert is invalid
CryptoErrorDomain::kRuntimeFault if the ocspResponse is invalid
Header file: #include "ara/crypto/x509/x509_provider.h"
Description: Check certificate status by directly provided OCSP response. This method may be used for
implementation of the "OCSP stapling". This method updates the Certificate::Status associated
with the certificate.

c(RS_CRYPTO_02306)
[SWS_CRYPT_40630]{DRAFT} d
Kind: function
Symbol: CheckCertStatus(const ara::core::Vector< Certificate * > &certList, const OcspResponse &ocsp
Response)
Scope: class ara::crypto::x509::X509Provider
5

275 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

4
Syntax: virtual ara::core::Result<bool> ara::crypto::x509::X509Provider::Check
CertStatus (const ara::core::Vector< Certificate * > &certList, const
OcspResponse &ocspResponse) const noexcept=0;
Parameters (in): certList a certificates list that should be verified
ocspResponse an OCSP response
Return value: ara::core::Result< bool > true if the certificates list is verified successfully and
false otherwise
Exception Safety: noexcept
Thread Safety: Thread-safe
Errors: CryptoErrorDomain::kInvalidArgument if the provided certificates are invalid
CryptoErrorDomain::kRuntimeFault if the ocspResponse is invalid
Header file: #include "ara/crypto/x509/x509_provider.h"
Description: Check status of a certificates list by directly provided OCSP response. This method may be
used for implementation of the "OCSP stapling". This method updates the Certificate::Status
associated with the certificates in the list.

c(RS_CRYPTO_02306)
[SWS_CRYPT_40639]{DRAFT} d
Kind: function
Symbol: CheckCertStatusOnline(Certificate &cert)
Scope: class ara::crypto::x509::X509Provider
Syntax: virtual ara::core::Result<Certificate::Status>
ara::crypto::x509::X509Provider::CheckCertStatusOnline (Certificate
&cert) noexcept=0;
Parameters (in): cert a certificate that should be verified
Return value: ara::core::Result< Certificate::Status > certificate status This method updates the
Certificate::Status associated with the certificate.
Exception Safety: noexcept
Thread Safety: Thread-safe
Errors: CryptoErrorDomain::kInvalidArgument if the provided certificate is invalid
CryptoErrorDomain::kNoConnection if a connection to the OCSP responder cannot be
established
Header file: #include "ara/crypto/x509/x509_provider.h"
Description: Check certificate status via On-line Certificate Status Protocol (OCSP).

c(RS_CRYPTO_02306)
[SWS_CRYPT_40635]{DRAFT} d
Kind: function
Symbol: CleanupVolatileStorage()
Scope: class ara::crypto::x509::X509Provider
Syntax: virtual void ara::crypto::x509::X509Provider::CleanupVolatileStorage
() noexcept=0;
Return value: None
Exception Safety: noexcept
Thread Safety: Thread-safe
Header file: #include "ara/crypto/x509/x509_provider.h"
5

276 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

4
Description: Cleanup the volatile certificates storage. After execution of this command the certificates
previously imported to the volatile storage cannot be found by a search, but it doesn’t influence
to already loaded Certificate instances! .

c(RS_CRYPTO_02306)
[SWS_CRYPT_40640]{DRAFT} d
Kind: function
Symbol: CreateCertSignRequest(cryp::SignerPrivateCtx::Uptr signerCtx, ReadOnlyMemRegion der
SubjectDN, ReadOnlyMemRegion x509Extensions=ReadOnlyMemRegion(), unsigned
version=1)
Scope: class ara::crypto::x509::X509Provider
Syntax: virtual ara::core::Result<CertSignRequest::Uptrc>
ara::crypto::x509::X509Provider::CreateCertSignRequest (cryp::Signer
PrivateCtx::Uptr signerCtx, ReadOnlyMemRegion derSubjectDN, ReadOnly
MemRegion x509Extensions=ReadOnlyMemRegion(), unsigned version=1)
const noexcept=0;
Parameters (in): signerCtx the fully-configured SignerPrivateCtx to be used for
signing this certificate request
derSubjectDN the DER-encoded subject distinguished name (DN)
of the private key owner
x509Extensions the DER-encoded X.509 Extensions that should be
included to the certification request
version the format version of the target certification request
Return value: ara::core::Result< CertSign unique smart pointer to created certification request
Request::Uptrc >
Exception Safety: noexcept
Thread Safety: Thread-safe
Errors: CryptoErrorDomain::kUnexpected if any of arguments has incorrect/unsupported value
Value
Header file: #include "ara/crypto/x509/x509_provider.h"
Description: Create certification request for a private key loaded to the context.

c(RS_CRYPTO_02306)
[SWS_CRYPT_40615]{DRAFT} d
Kind: function
Symbol: CountCertsInChain(ReadOnlyMemRegion certChain, Serializable::FormatId format
Id=Serializable::kFormatDefault)
Scope: class ara::crypto::x509::X509Provider
Syntax: virtual ara::core::Result<std::size_t>
ara::crypto::x509::X509Provider::CountCertsInChain (ReadOnlyMemRegion
certChain, Serializable::FormatId formatId=Serializable::kFormat
Default) const noexcept=0;
Parameters (in): certChain DER/PEM-encoded certificate chain (in form of a
single BLOB)
formatId input format identifier (kFormatDefault means
auto-detect)
Return value: ara::core::Result< std::size_t > number of certificates in the chain
Exception Safety: noexcept
5

277 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

4
Thread Safety: Thread-safe
Errors: CryptoErrorDomain::kInvalidArgument if the certChain argument cannot be pre-parsed
CryptoErrorDomain::kUnknown if the formatId argument has unknown value
Identifier
Header file: #include "ara/crypto/x509/x509_provider.h"
Description: Count number of certificates in a serialized certificate chain represented by a single BLOB.

c(RS_CRYPTO_02306)
[SWS_CRYPT_40611]{DRAFT} d
Kind: function
Symbol: CreateEmptyDn(std::size_t capacity=0)
Scope: class ara::crypto::x509::X509Provider
Syntax: virtual ara::core::Result<X509DN::Uptr>
ara::crypto::x509::X509Provider::CreateEmptyDn (std::size_t
capacity=0) noexcept=0;
Parameters (in): capacity number of bytes that should be reserved for the
content of the target X509DN object
Return value: ara::core::Result< X509DN::Uptr > Unique smart pointer to created empty X509DN
object
Exception Safety: noexcept
Thread Safety: Thread-safe
Header file: #include "ara/crypto/x509/x509_provider.h"
Description: Create an empty X.500 Distinguished Name (DN) structure. If (0 == capacity) then a maximally
supported (by the implementation) capacity must be reserved.

c(RS_CRYPTO_02306)
[SWS_CRYPT_40636]{DRAFT} d
Kind: function
Symbol: CreateEmptyExtensions(std::size_t capacity=0)
Scope: class ara::crypto::x509::X509Provider
Syntax: virtual ara::core::Result<X509Extensions::Uptr>
ara::crypto::x509::X509Provider::CreateEmptyExtensions (std::size_t
capacity=0) noexcept=0;
Parameters (in): capacity number of bytes that should be reserved for the
content of the target X509Extensions object
Return value: ara::core::Result< Shared smart pointer to created empty
X509Extensions::Uptr > X509X509Extensions object
Exception Safety: noexcept
Thread Safety: Thread-safe
Header file: #include "ara/crypto/x509/x509_provider.h"
Description: Create an empty X.509 Extensions structure. If (0 == capacity) then a maximally supported (by
the implementation) capacity must be reserved.

c(RS_CRYPTO_02306)

278 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

[SWS_CRYPT_40626]{DRAFT} d
Kind: function
Symbol: CreateOcspRequest(const Certificate &cert, ara::core::Optional< const cryp::SignerPrivate
Ctx::Uptr > signer)
Scope: class ara::crypto::x509::X509Provider
Syntax: virtual ara::core::Result<OcspRequest::Uptrc>
ara::crypto::x509::X509Provider::CreateOcspRequest (const Certificate
&cert, ara::core::Optional< const cryp::SignerPrivateCtx::Uptr >
signer) noexcept=0;
Parameters (in): cert a certificate that should be verified
signer an optional pointer to initialized signer context (if the
request should be signed)
Return value: ara::core::Result< OcspRequest::Uptrc unique smart pointer to the created OCSP request
>
Exception Safety: noexcept
Thread Safety: Thread-safe
Errors: CryptoErrorDomain::kInvalidArgument if the provided certificate is invalid
CryptoErrorDomain::kIncompleteArg if the signer context is not initialized by a key
State
Header file: #include "ara/crypto/x509/x509_provider.h"
Description: Create OCSP request for specified certificate. This method may be used for implementation of
the "OCSP stapling".

c(RS_CRYPTO_02306)
[SWS_CRYPT_40627]{DRAFT} d
Kind: function
Symbol: CreateOcspRequest(const ara::core::Vector< const Certificate * > &certList,
ara::core::Optional< const cryp::SignerPrivateCtx::Uptr > signer)
Scope: class ara::crypto::x509::X509Provider
Syntax: virtual ara::core::Result<OcspRequest::Uptrc>
ara::crypto::x509::X509Provider::CreateOcspRequest (const
ara::core::Vector< const Certificate * > &certList,
ara::core::Optional< const cryp::SignerPrivateCtx::Uptr > signer)
noexcept=0;
Parameters (in): certList a certificates’ list that should be verified
signer an optional pointer to initialized signer context (if the
request should be signed)
Return value: ara::core::Result< OcspRequest::Uptrc unique smart pointer to the created OCSP request
>
Exception Safety: noexcept
Thread Safety: Thread-safe
Errors: CryptoErrorDomain::kInvalidArgument if the provided certificates are invalid
CryptoErrorDomain::kIncompleteArg if the signer context is not initialized by a key
State
Header file: #include "ara/crypto/x509/x509_provider.h"
Description: Create OCSP request for specified list of certificates. This method may be used for
implementation of the "OCSP stapling".

c(RS_CRYPTO_02306)

279 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

[SWS_CRYPT_40613]{DRAFT} d
Kind: function
Symbol: DecodeDn(ReadOnlyMemRegion dn, Serializable::FormatId formatId=Serializable::kFormat
Default)
Scope: class ara::crypto::x509::X509Provider
Syntax: virtual ara::core::Result<X509DN::Uptrc>
ara::crypto::x509::X509Provider::DecodeDn (ReadOnlyMemRegion dn,
Serializable::FormatId formatId=Serializable::kFormatDefault)
noexcept=0;
Parameters (in): dn DER/PEM-encoded representation of the
Distinguished Name
formatId input format identifier (kFormatDefault means
auto-detect)
Return value: ara::core::Result< X509DN::Uptrc > unique smart pointer for the created X509DN object
Exception Safety: noexcept
Thread Safety: Thread-safe
Errors: CryptoErrorDomain::kInvalidArgument if the dn argument cannot be parsed
CryptoErrorDomain::kUnknown if the formatId argument has unknown value
Identifier
Header file: #include "ara/crypto/x509/x509_provider.h"
Description: Decode X.500 Distinguished Name structure from the provided serialized format.

c(RS_CRYPTO_02306)
[SWS_CRYPT_40631]{DRAFT} d
Kind: function
Symbol: FindCertByDn(const X509DN &subjectDn, const X509DN &issuerDn, time_t validityTimePoint)
Scope: class ara::crypto::x509::X509Provider
Syntax: virtual ara::core::Vector<Certificate::Uptrc>
ara::crypto::x509::X509Provider::FindCertByDn (const X509DN &subject
Dn, const X509DN &issuerDn, time_t validityTimePoint) noexcept=0;
Parameters (in): subjectDn subject DN of the target certificate
issuerDn issuer DN of the target certificate
validityTimePoint a time point when the target certificate should be
valid
Return value: ara::core::Vector< Certificate::Uptrc > a vector of unique smart pointers to found
certificates; the vector is empty, if nothing is found
Exception Safety: noexcept
Thread Safety: Thread-safe
Header file: #include "ara/crypto/x509/x509_provider.h"
Description: Find a certificate by the subject and issuer Distinguished Names (DN).

c(RS_CRYPTO_02306)
[SWS_CRYPT_40632]{DRAFT} d
Kind: function
Symbol: FindCertByKeyIds(ReadOnlyMemRegion subjectKeyId, ara::core::Optional< ReadOnlyMem
Region > authorityKeyId)
5

280 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

4
Scope: class ara::crypto::x509::X509Provider
Syntax: virtual ara::core::Vector<Certificate::Uptrc>
ara::crypto::x509::X509Provider::FindCertByKeyIds (ReadOnlyMemRegion
subjectKeyId, ara::core::Optional< ReadOnlyMemRegion > authorityKeyId)
noexcept=0;
Parameters (in): subjectKeyId subject key identifier (SKID)
authorityKeyId optional authority key identifier (AKID)
Return value: ara::core::Vector< Certificate::Uptrc > a vector of unique smart pointers to found
certificates; the vector is empty, if nothing is found k
UnknownIdentifier
Exception Safety: noexcept
Thread Safety: Thread-safe
Header file: #include "ara/crypto/x509/x509_provider.h"
Description: Find a certificate by its SKID & AKID.

c(RS_CRYPTO_02306)
[SWS_CRYPT_40633]{DRAFT} d
Kind: function
Symbol: FindCertBySn(ReadOnlyMemRegion sn, const X509DN &issuerDn)
Scope: class ara::crypto::x509::X509Provider
Syntax: virtual ara::core::Result<Certificate::Uptrc>
ara::crypto::x509::X509Provider::FindCertBySn (ReadOnlyMemRegion sn,
const X509DN &issuerDn) noexcept=0;
Parameters (in): sn serial number of the target certificate
issuerDn authority’s Distinguished Names (DN)
Return value: ara::core::Result< Certificate::Uptrc > the specified certificate or an error, if the certificate
cannot be found
Exception Safety: noexcept
Thread Safety: Thread-safe
Errors: CryptoErrorDomain::kUnknown if the specified certificate could not be found
Identifier
Header file: #include "ara/crypto/x509/x509_provider.h"
Description: Find a certificate by its serial number and issue DN.

c(RS_CRYPTO_02306)
[SWS_CRYPT_40634]{DRAFT} d
Kind: function
Symbol: ParseCertSignRequest(ReadOnlyMemRegion csr, bool withMetaData=true)
Scope: class ara::crypto::x509::X509Provider
Syntax: virtual ara::core::Result<CertSignRequest::Uptrc>
ara::crypto::x509::X509Provider::ParseCertSignRequest (ReadOnlyMem
Region csr, bool withMetaData=true) noexcept=0;
Parameters (in): csr the buffer containing a certificate signing request
5

281 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

4
withMetaData specifies the format of the buffer content: TRUE
means the object has been previously serialized by
using the Serializable interface; FALSE means the
CSR was exported using the CertSign
Request::ExportASN1CertSignRequest() interface
Return value: ara::core::Result< CertSign unique smart pointer to the certificate signing
Request::Uptrc > request
Exception Safety: noexcept
Thread Safety: Thread-safe
Errors: CryptoErrorDomain::kUnsupported is returned in case the provided buffer does not
Format contain the expected format
Header file: #include "ara/crypto/x509/x509_provider.h"
Description: Parse a certificate signing request (CSR) provided by the user.

c(RS_CRYPTO_02306)
[SWS_CRYPT_40620]{DRAFT} d
Kind: function
Symbol: ImportCrl(ReadOnlyMemRegion crl)
Scope: class ara::crypto::x509::X509Provider
Syntax: virtual ara::core::Result<bool>
ara::crypto::x509::X509Provider::ImportCrl (ReadOnlyMemRegion crl)
noexcept=0;
Parameters (in): crl serialized CRL or Delta CRL (in form of a BLOB)
Return value: ara::core::Result< bool > true if the CRL is valid and false if it is already
expired
Exception Safety: noexcept
Thread Safety: Thread-safe
Errors: CryptoErrorDomain::kUnexpected if the provided BLOB is not a CRL/DeltaCRL
Value
CryptoErrorDomain::kRuntimeFault if the CRL validation has failed
Header file: #include "ara/crypto/x509/x509_provider.h"
Description: Import Certificate Revocation List (CRL) or Delta CRL from a memory BLOB. If the imported
CRL lists some certificates kept in the persistent or volatile storages then their status must be
automatically updated to Status::kInvalid. If some of these certificates were already openned
during this operation, then this status change becomes available immediately (via method call
Certificate::GetStatus())! All certificates with the status kInvalid should be automatically
removed from correspondent storages (immediately if a certificate not in use now or just after
its closing otherwise).

c(RS_CRYPTO_02306)
[SWS_CRYPT_40621]{DRAFT} d
Kind: function
Symbol: Import(const Certificate &cert, ara::core::Optional< ara::core::InstanceSpecifier > iSpecify)
Scope: class ara::crypto::x509::X509Provider
Syntax: virtual ara::core::Result<void>
ara::crypto::x509::X509Provider::Import (const Certificate &cert,
ara::core::Optional< ara::core::InstanceSpecifier > iSpecify)
noexcept=0;
5

282 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

4
Parameters (in): cert a valid certificate that should be imported
iSpecify optionally a valid InstanceSpecifier can be provided
that points to a CertificateSlot for persistent storage
of the certificate, otherwise the certificate shall be
stored in volatile (session) storage
Return value: ara::core::Result< void > –
Exception Safety: noexcept
Thread Safety: Thread-safe
Errors: CryptoErrorDomain::kInvalidArgument if the provided certificate is invalid
CryptoErrorDomain::kIncompatible if provided certificate has partial collision with a
Object matched CSR in the storage
CryptoErrorDomain::kContent if the provided certificate already exists in the
Duplication storage
CryptoErrorDomain::kAccessViolation if the InstanceSpecifier points to a CertificateSlot,
which the application may only read
Header file: #include "ara/crypto/x509/x509_provider.h"
Description: Import the certificate to volatile or persistent storage. Only imported certificate may be found by
a search and applied for automatic verifications! A certificate can be imported to only one of
storage: volatile or persistent. Therefore if you import a certificate already kept in the persistent
storage to the volatile one then nothing changes. But if you import a certificate already kept in
the volatile storage to the persistent one then it is "moved" to the persistent realm. If an
application successfully imports a certificate that correspond to a CSR existing in the storage
then this CSR should be removed.

c(RS_CRYPTO_02306)
[SWS_CRYPT_40641]{DRAFT} d
Kind: function
Symbol: LoadCertificate(ara::core::InstanceSpecifier &iSpecify)
Scope: class ara::crypto::x509::X509Provider
Syntax: virtual ara::core::Result<Certificate::Uptr>
ara::crypto::x509::X509Provider::LoadCertificate (ara::core::Instance
Specifier &iSpecify) noexcept=0;
Parameters (in): iSpecify the target certificate instance specifier
Return value: ara::core::Result< Certificate::Uptr > an unique smart pointer to the instantiated certificate
Exception Safety: noexcept
Thread Safety: Thread-safe
Errors: CryptoErrorDomain::kUnreserved if the InstanceSpecifier is incorrect (the certificate
Resource cannot be found)
Header file: #include "ara/crypto/x509/x509_provider.h"
Description: Load a certificate from the persistent certificate storage.

c(RS_CRYPTO_02306)
[SWS_CRYPT_40616]{DRAFT} d
Kind: function
Symbol: ParseCertChain(ara::core::Vector< Certificate::Uptr > &outcome, ReadOnlyMemRegion cert
Chain, Serializable::FormatId formatId=Serializable::kFormatDefault)
Scope: class ara::crypto::x509::X509Provider
5

283 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

4
Syntax: virtual ara::core::Result<void> ara::crypto::x509::X509Provider::Parse
CertChain (ara::core::Vector< Certificate::Uptr > &outcome, ReadOnly
MemRegion certChain, Serializable::FormatId formatId=Serializable::k
FormatDefault) noexcept=0;
Parameters (in): certChain DER/PEM-encoded certificate chain (in form of a
single BLOB)
formatId input format identifier (kFormatDefault means
auto-detect)
Parameters (out): outcome an output vector for imported certificates
Return value: ara::core::Result< void > –
Exception Safety: noexcept
Thread Safety: Thread-safe
Errors: CryptoErrorDomain::kInsufficient if the capacity of outcome vector is less than actual
Capacity number of certificates in the chain
CryptoErrorDomain::kInvalidArgument if the certChain argument cannot be parsed
CryptoErrorDomain::kUnknown if the formatId argument has unknown value
Identifier
Header file: #include "ara/crypto/x509/x509_provider.h"
Description: Parse a serialized representation of the certificate chain and create their instances. Off-line
validation of the parsed certification chain may be done via call VerifyCertChainByCrl(). After
validation the certificates may be saved to the session or persistent storage for following search
and usage. If the certificates are not imported then they will be lost after destroy of the returned
instances! Only imported certificates may be found by a search and applied for automatic
verifications! Certificates in the outcome vector will be placed from the root CA certificate (zero
index) to the final end-entity certificate (last used index of the vector).

c(RS_CRYPTO_02306)
[SWS_CRYPT_40617]{DRAFT} d
Kind: function
Symbol: ParseCertChain(ara::core::Vector< Certificate::Uptr > &outcome, const ara::core::Vector< Read
OnlyMemRegion > &certChain, Serializable::FormatId formatId=Serializable::kFormatDefault)
Scope: class ara::crypto::x509::X509Provider
Syntax: virtual ara::core::Result<void> ara::crypto::x509::X509Provider::Parse
CertChain (ara::core::Vector< Certificate::Uptr > &outcome, const
ara::core::Vector< ReadOnlyMemRegion > &certChain,
Serializable::FormatId formatId=Serializable::kFormatDefault)
noexcept=0;
Parameters (in): certChain DER/PEM-encoded certificates chain (each
certificate is presented by a separate BLOB in the
input vector)
formatId input format identifier (kFormatDefault means
auto-detect)
Parameters (out): outcome output vector of imported certificates
Return value: ara::core::Result< void > –
Exception Safety: noexcept
Thread Safety: Thread-safe
Errors: CryptoErrorDomain::kInsufficient if capacity of the outcome vector is less than number
Capacity of elements in the certChain
CryptoErrorDomain::kInvalidArgument if an element of certChain argument cannot be
parsed
CryptoErrorDomain::kUnknown if the formatId argument has unknown value
Identifier
5

284 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

4
Header file: #include "ara/crypto/x509/x509_provider.h"
Description: Parse a serialized representation of the certificate chain and create their instances. Off-line
validation of the parsed certification chain may be done via call VerifyCertChainByCrl(). After
validation the certificates may be imported to the session or persistent storage for following
search and usage. Capacity of the outcome vector must be equal to the size of the certChain
vector. If the certificates are not imported then they will be lost after destroy of the returned
instances! Only imported certificates may be found by a search and applied for automatic
verifications! Certificates in the outcome vector will be placed from the root CA certificate (zero
index) to the final end-entity certificate (last used index of the vector).

c(RS_CRYPTO_02306)
[SWS_CRYPT_40614]{DRAFT} d
Kind: function
Symbol: ParseCert(ReadOnlyMemRegion cert, Serializable::FormatId formatId=Serializable::kFormat
Default)
Scope: class ara::crypto::x509::X509Provider
Syntax: virtual ara::core::Result<Certificate::Uptr>
ara::crypto::x509::X509Provider::ParseCert (ReadOnlyMemRegion cert,
Serializable::FormatId formatId=Serializable::kFormatDefault)
noexcept=0;
Parameters (in): cert DER/PEM-encoded certificate
formatId input format identifier (kFormatDefault means
auto-detect)
Return value: ara::core::Result< Certificate::Uptr > unique smart pointer to created certificate
Exception Safety: noexcept
Thread Safety: Thread-safe
Errors: CryptoErrorDomain::kInvalidArgument if the cert argument cannot be parsed
CryptoErrorDomain::kUnknown if the formatId argument has unknown value
Identifier
Header file: #include "ara/crypto/x509/x509_provider.h"
Description: Parse a serialized representation of the certificate and create its instance. Off-line validation of
the parsed certificate may be done via call VerifyCertByCrl(). After validation the certificate may
be imported to the session or persistent storage for following search and usage. If the parsed
certificate is not imported then it will be lost after destroy of the returned instance! Only
imported certificate may be found by a search and applied for automatic verifications!

c(RS_CRYPTO_02306)
[SWS_CRYPT_40628]{DRAFT} d
Kind: function
Symbol: ParseOcspResponse(ReadOnlyMemRegion response)
Scope: class ara::crypto::x509::X509Provider
Syntax: virtual OcspResponse::Uptrc ara::crypto::x509::X509Provider::ParseOcsp
Response (ReadOnlyMemRegion response) const noexcept=0;
Parameters (in): response a serialized OCSP response
Return value: OcspResponse::Uptrc unique smart pointer to the created OCSP response
instance
Exception Safety: noexcept
Thread Safety: Thread-safe
5

285 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

4
Errors: CryptoErrorDomain::kUnexpected if the provided BLOB response doesn’t keep an
Value OCSP response
Header file: #include "ara/crypto/x509/x509_provider.h"
Description: Parse serialized OCSP response and create correspondent interface instance. This method
may be used for implementation of the "OCSP stapling".

c(RS_CRYPTO_02306)
[SWS_CRYPT_40622]{DRAFT} d
Kind: function
Symbol: Remove(Certificate::Uptrc &&cert)
Scope: class ara::crypto::x509::X509Provider
Syntax: virtual bool ara::crypto::x509::X509Provider::Remove (
Certificate::Uptrc &&cert) noexcept=0;
Parameters (in): cert a unique smart pointer to a certificate that should be
removed
Return value: bool true if the certificate was found and removed from
the storage, false if it was not found
Exception Safety: noexcept
Thread Safety: Thread-safe
Header file: #include "ara/crypto/x509/x509_provider.h"
Description: Remove specified certificate from the storage (volatile or persistent) and destroy it.

c(RS_CRYPTO_02306)
[SWS_CRYPT_40638]{DRAFT} d
Kind: function
Symbol: SendRequest(const CertSignRequest &request, bool toVolatile=true)
Scope: class ara::crypto::x509::X509Provider
Syntax: virtual ara::core::Result<void> ara::crypto::x509::X509Provider::Send
Request (const CertSignRequest &request, bool toVolatile=true)
noexcept=0;
Parameters (in): request a valid certificate request that should be send to CA
toVolatile if this flag true then the request should be saved to
the volatile (session) storage, otherwise to the
persistent storage
Return value: ara::core::Result< void > –
Exception Safety: noexcept
Thread Safety: Thread-safe
Errors: CryptoErrorDomain::kInvalidArgument if the provided certification request is invalid
CryptoErrorDomain::kNoConnection if connection to the CA cannot be established
Header file: #include "ara/crypto/x509/x509_provider.h"
Description: Send prepared certificate request to CA and save it to volatile or persistent storage.

c(RS_CRYPTO_02306)

286 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

[SWS_CRYPT_40625]{DRAFT} d
Kind: function
Symbol: SetAsRootOfTrust(const Certificate &caCert)
Scope: class ara::crypto::x509::X509Provider
Syntax: virtual ara::core::Result<void> ara::crypto::x509::X509Provider::SetAs
RootOfTrust (const Certificate &caCert) noexcept=0;
Parameters (in): caCert a valid CA certificate that should be trusted
Return value: ara::core::Result< void > –
Exception Safety: noexcept
Thread Safety: Thread-safe
Errors: CryptoErrorDomain::kInvalidArgument if the provided certificate is invalid
CryptoErrorDomain::kIncompatible if provided certificate doesn’t belong to a CA
Object
CryptoErrorDomain::kAccessViolation if the method called by an application without the
"Trust Master" permission
Header file: #include "ara/crypto/x509/x509_provider.h"
Description: Set specified CA certificate as a "root of trust". Only a certificate saved to the volatile or
persistent storage may be marked as the "root of trust"! Only CA certificate can be a "root of
trust"! Multiple certificates on an ECU may be marked as the "root of trust". Only an application
with permissions "Trust Master" has the right to call this method!

c(RS_CRYPTO_02306)
[SWS_CRYPT_40624]{DRAFT} d
Kind: function
Symbol: SetPendingStatus(const CertSignRequest &request)
Scope: class ara::crypto::x509::X509Provider
Syntax: virtual ara::core::Result<void> ara::crypto::x509::X509Provider::Set
PendingStatus (const CertSignRequest &request) noexcept=0;
Parameters (in): request certificate signing request that should be marked as
"pending"
Return value: ara::core::Result< void > –
Exception Safety: noexcept
Thread Safety: Thread-safe
Errors: CryptoErrorDomain::kAccessViolation if the method called by an application without the
"CA Connector" permission
Header file: #include "ara/crypto/x509/x509_provider.h"
Description: Set the "pending" status associated to the CSR that means that the CSR already sent to CA.
This method do nothing if the CSR already marked as "pending". Only an application with
permissions "CA Connector" has the right to call this method!

c(RS_CRYPTO_02306)
[SWS_CRYPT_40637]{DRAFT} d
Kind: function
Symbol: UpdateCrlOnline(const Certificate &caCert)
Scope: class ara::crypto::x509::X509Provider
5

287 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

4
Syntax: virtual ara::core::Result<bool>
ara::crypto::x509::X509Provider::UpdateCrlOnline (const Certificate
&caCert) noexcept=0;
Parameters (in): caCert valid CA certificate
Return value: ara::core::Result< bool > true if the CRL was updated succesfully and false if
there is no fresh updates
Exception Safety: noexcept
Thread Safety: Thread-safe
Errors: CryptoErrorDomain::kInvalidArgument if the provided certificate is invalid
CryptoErrorDomain::kNoConnection if the connection cannot be established
Header file: #include "ara/crypto/x509/x509_provider.h"
Description: Get Certificate Revocation List (CRL) or Delta CRL via on-line connection. CRL Distribution
Point (CRL DP) should be extracted from the provided CA certificate.

c(RS_CRYPTO_02306)
[SWS_CRYPT_40618]{DRAFT} d
Kind: function
Symbol: VerifyCert(Certificate &cert, Certificate::Uptr myRoot=nullptr)
Scope: class ara::crypto::x509::X509Provider
Syntax: virtual Certificate::Status ara::crypto::x509::X509Provider::Verify
Cert (Certificate &cert, Certificate::Uptr myRoot=nullptr) noexcept=0;
Parameters (in): cert target certificate for verification
myRoot root certificate to be used for verification - if this is
nullptr, use machine root certificates
Return value: Certificate::Status verification status of the provided certificate
Exception Safety: noexcept
Thread Safety: Thread-safe
Header file: #include "ara/crypto/x509/x509_provider.h"
Description: Verify status of the provided certificate by locally stored CA certificates and CRLs only. This
method updates the Certificate::Status associated with the certificate.

c(RS_CRYPTO_02306)
[SWS_CRYPT_40619]{DRAFT} d
Kind: function
Symbol: VerifyCertChain(ara::core::Span< const Certificate::Uptr > chain, Certificate::Uptr my
Root=nullptr)
Scope: class ara::crypto::x509::X509Provider
Syntax: virtual Certificate::Status ara::crypto::x509::X509Provider::Verify
CertChain (ara::core::Span< const Certificate::Uptr > chain,
Certificate::Uptr myRoot=nullptr) const noexcept=0;
Parameters (in): chain target certificate chain for verification
myRoot root certificate to be used for verification - if this is
nullptr, use machine root certificates
Return value: Certificate::Status verification status of the provided certificate chain
Exception Safety: noexcept
Thread Safety: Thread-safe
5

288 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

4
Header file: #include "ara/crypto/x509/x509_provider.h"
Description: Verify status of the provided certification chain by locally stored CA certificates and CRLs only.
Verification status of the certificate chain is Certificate::Status::kValid only if all certificates in
the chain have such status! Certificates in the chain (presented by container vector) must be
placed from the root CA certificate (zero index) to the target end-entity certificate (last used
index of the vector). Verification is executed in same order. If the chain verification is failed then
status of the first failed certificate is returned. This method updates the Certificate::Status
associated with the certificates in the chain.

c(RS_CRYPTO_02306)
[SWS_CRYPT_40914]{DRAFT} d
Kind: function
Symbol: ParseCustomCertExtensions(const Certificate &cert, std::unique_ptr< X509CustomExtensions
Parser > customExtensionsParser)
Scope: class ara::crypto::x509::X509Provider
Syntax: virtual ara::core::Result<void> ara::crypto::x509::X509Provider::Parse
CustomCertExtensions (const Certificate &cert, std::unique_ptr<
X509CustomExtensionsParser > customExtensionsParser) const noexcept=0;
Parameters (in): cert Certificate object to be parsed
customExtensionsParser Custom extensions parser that implements the
callbacks
Return value: ara::core::Result< void > –
Exception Safety: noexcept
Thread Safety: Thread-safe
Errors: CryptoErrorDomain::kRuntimeFault If parsing the extensions fails or calling one of the
callback returns an error.
Header file: #include "ara/crypto/x509/x509_provider.h"
Description: Parse the custom X.509 extensions This method parses the extensions of the provided
certificate and calls the corresponding callbacks of the provided customExtensionsParser for
each parsed ASN.1 element. If any call to one of the callbacks returns an error, the parsing
stops and returns kRuntimeFault. Parsing starts at the first extension of the certificate and
parses all extensions of the certificate.

c(RS_CRYPTO_02306)
[SWS_CRYPT_40915]{DRAFT} d
Kind: function
Symbol: ParseCustomCertExtensions(const Certificate &cert, std::unique_ptr< X509CustomExtensions
Parser > customExtensionsParser, X509CustomExtensionsParser::Oid oid)
Scope: class ara::crypto::x509::X509Provider
Syntax: virtual ara::core::Result<void> ara::crypto::x509::X509Provider::Parse
CustomCertExtensions (const Certificate &cert, std::unique_ptr<
X509CustomExtensionsParser > customExtensionsParser, X509Custom
ExtensionsParser::Oid oid) const noexcept=0;
Parameters (in): cert Certificate object to be parsed
customExtensionsParser Custom extensions parser that implements the
callbacks
oid extension object identifier
Return value: ara::core::Result< void > –
Exception Safety: noexcept
5

289 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

4
Thread Safety: Thread-safe
Errors: CryptoErrorDomain::kRuntimeFault If parsing the extensions fails or calling one of the
callback returns an error.
CryptoErrorDomain::kUnexpected If the certificate doesn’t contain an extension with
Value the provided Oid.
Header file: #include "ara/crypto/x509/x509_provider.h"
Description: Parse the custom X.509 extensions This method parses the extension identified by the
provided oid of the provided certificate and calls the corresponding callbacks of the provided
customExtensionsParser for each parsed ASN.1 element. If any call to one of the callbacks
returns an error, the parsing stops and returns kRuntimeFault. Only the sequence of the
extension identified by the oid is parsed.

c(RS_CRYPTO_02306)
[SWS_CRYPT_40604]{DRAFT} d
Kind: function
Symbol: ~X509Provider()
Scope: class ara::crypto::x509::X509Provider
Syntax: virtual ara::crypto::x509::X509Provider::~X509Provider ()
noexcept=default;
Exception Safety: noexcept
Header file: #include "ara/crypto/x509/x509_provider.h"
Description: Destructor.

c(RS_CRYPTO_02306)
[SWS_CRYPT_30226]{DRAFT} d
Kind: function
Symbol: operator=(const X509Provider &other)
Scope: class ara::crypto::x509::X509Provider
Syntax: X509Provider& ara::crypto::x509::X509Provider::operator= (const
X509Provider &other)=default;
Parameters (in): other the other instance
Return value: X509Provider & *this, containing the contents of other
Header file: #include "ara/crypto/x509/x509_provider.h"
Description: Copy-assign another X509Provider to this instance.

c(RS_CRYPTO_02004)
[SWS_CRYPT_30227]{DRAFT} d
Kind: function
Symbol: operator=(X509Provider &&other)
Scope: class ara::crypto::x509::X509Provider
Syntax: X509Provider& ara::crypto::x509::X509Provider::operator= (X509Provider
&&other)=default;
Parameters (in): other the other instance
Return value: X509Provider & *this, containing the contents of other
5

290 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

4
Header file: #include "ara/crypto/x509/x509_provider.h"
Description: Move-assign another X509Provider to this instance.

c(RS_CRYPTO_02004)
[SWS_CRYPT_40922]{DRAFT} d
Kind: function
Symbol: OnBitString(BitString parsed_bit_string)
Scope: class ara::crypto::x509::X509CustomExtensionsParser
Syntax: virtual ara::core::Result<void> ara::crypto::x509::X509Custom
ExtensionsParser::OnBitString (BitString parsed_bit_string)
noexcept=0;
Parameters (in): parsed_bit_string Parsed bit string value
Return value: ara::core::Result< void > –
Exception Safety: noexcept
Errors: CryptoErrorDomain::kRuntimeFault Indicates an error to the parser to stop parsing
Header file: #include "ara/crypto/x509/x509_custom_extension_parser.h"
Description: Called when a bit string is encountered.

c(RS_CRYPTO_02306)
[SWS_CRYPT_40920]{DRAFT} d
Kind: function
Symbol: OnBool(bool parsed_bool)
Scope: class ara::crypto::x509::X509CustomExtensionsParser
Syntax: virtual ara::core::Result<void> ara::crypto::x509::X509Custom
ExtensionsParser::OnBool (bool parsed_bool) noexcept=0;
Parameters (in): parsed_bool Parsed boolean value
Return value: ara::core::Result< void > –
Exception Safety: noexcept
Errors: CryptoErrorDomain::kRuntimeFault Indicates an error to the parser to stop parsing
Header file: #include "ara/crypto/x509/x509_custom_extension_parser.h"
Description: Called when a boolean is encountered.

c(RS_CRYPTO_02306)
[SWS_CRYPT_40929]{DRAFT} d
Kind: function
Symbol: OnGeneralizedTime(GeneralizedTime parsed_generalized_time)
Scope: class ara::crypto::x509::X509CustomExtensionsParser
Syntax: virtual ara::core::Result<void> ara::crypto::x509::X509Custom
ExtensionsParser::OnGeneralizedTime (GeneralizedTime parsed_
generalized_time) noexcept=0;
Parameters (in): parsed_generalized_time Parsed generalized time value
Return value: ara::core::Result< void > –
Exception Safety: noexcept
5

291 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

4
Errors: CryptoErrorDomain::kRuntimeFault Indicates an error to the parser to stop parsing
Header file: #include "ara/crypto/x509/x509_custom_extension_parser.h"
Description: Called when a generalized time is encountered.

c(RS_CRYPTO_02306)
[SWS_CRYPT_40928]{DRAFT} d
Kind: function
Symbol: OnIa5String(Ia5String parsed_ia5_string)
Scope: class ara::crypto::x509::X509CustomExtensionsParser
Syntax: virtual ara::core::Result<void> ara::crypto::x509::X509Custom
ExtensionsParser::OnIa5String (Ia5String parsed_ia5_string)
noexcept=0;
Parameters (in): parsed_ia5_string Parsed IA5 string value
Return value: ara::core::Result< void > –
Exception Safety: noexcept
Errors: CryptoErrorDomain::kRuntimeFault Indicates an error to the parser to stop parsing
Header file: #include "ara/crypto/x509/x509_custom_extension_parser.h"
Description: Called when an IA5 string is encountered.

c(RS_CRYPTO_02306)
[SWS_CRYPT_40921]{DRAFT} d
Kind: function
Symbol: OnInteger(Integer parsed_integer)
Scope: class ara::crypto::x509::X509CustomExtensionsParser
Syntax: virtual ara::core::Result<void> ara::crypto::x509::X509Custom
ExtensionsParser::OnInteger (Integer parsed_integer) noexcept=0;
Parameters (in): parsed_integer Parsed integer value
Return value: ara::core::Result< void > –
Exception Safety: noexcept
Errors: CryptoErrorDomain::kRuntimeFault Indicates an error to the parser to stop parsing
Header file: #include "ara/crypto/x509/x509_custom_extension_parser.h"
Description: Called when an integer is encountered.

c(RS_CRYPTO_02306)
[SWS_CRYPT_40924]{DRAFT} d
Kind: function
Symbol: OnNull()
Scope: class ara::crypto::x509::X509CustomExtensionsParser
Syntax: virtual ara::core::Result<void> ara::crypto::x509::X509Custom
ExtensionsParser::OnNull () noexcept=0;
Return value: ara::core::Result< void > –
Exception Safety: noexcept
Errors: CryptoErrorDomain::kRuntimeFault Indicates an error to the parser to stop parsing
5

292 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

4
Header file: #include "ara/crypto/x509/x509_custom_extension_parser.h"
Description: Called when a NULL is encountered.

c(RS_CRYPTO_02306)
[SWS_CRYPT_40923]{DRAFT} d
Kind: function
Symbol: OnOctetString(OctetString parsed_octet_string)
Scope: class ara::crypto::x509::X509CustomExtensionsParser
Syntax: virtual ara::core::Result<void> ara::crypto::x509::X509Custom
ExtensionsParser::OnOctetString (OctetString parsed_octet_string)
noexcept=0;
Parameters (in): parsed_octet_string Parsed octet string value
Return value: ara::core::Result< void > –
Exception Safety: noexcept
Errors: CryptoErrorDomain::kRuntimeFault Indicates an error to the parser to stop parsing
Header file: #include "ara/crypto/x509/x509_custom_extension_parser.h"
Description: Called when an octet string is encountered.

c(RS_CRYPTO_02306)
[SWS_CRYPT_40925]{DRAFT} d
Kind: function
Symbol: OnOid(Oid parsed_oid)
Scope: class ara::crypto::x509::X509CustomExtensionsParser
Syntax: virtual ara::core::Result<void> ara::crypto::x509::X509Custom
ExtensionsParser::OnOid (Oid parsed_oid) noexcept=0;
Parameters (in): parsed_oid Parsed oid value
Return value: ara::core::Result< void > –
Exception Safety: noexcept
Errors: CryptoErrorDomain::kRuntimeFault Indicates an error to the parser to stop parsing
Header file: #include "ara/crypto/x509/x509_custom_extension_parser.h"
Description: Called when an oid is encountered.

c(RS_CRYPTO_02306)
[SWS_CRYPT_40931]{DRAFT} d
Kind: function
Symbol: OnParsingEnd()
Scope: class ara::crypto::x509::X509CustomExtensionsParser
Syntax: virtual ara::core::Result<void> ara::crypto::x509::X509Custom
ExtensionsParser::OnParsingEnd () noexcept=0;
Return value: ara::core::Result< void > –
Exception Safety: noexcept
Errors: CryptoErrorDomain::kRuntimeFault Indicates an error to the parser to stop parsing
Header file: #include "ara/crypto/x509/x509_custom_extension_parser.h"
Description: Called when the parsing is completed.

293 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

c(RS_CRYPTO_02306)
[SWS_CRYPT_40927]{DRAFT} d
Kind: function
Symbol: OnPrintableString(PrintableString parsed_printable_string)
Scope: class ara::crypto::x509::X509CustomExtensionsParser
Syntax: virtual ara::core::Result<void> ara::crypto::x509::X509Custom
ExtensionsParser::OnPrintableString (PrintableString parsed_printable_
string) noexcept=0;
Parameters (in): parsed_printable_string Parsed printable string value
Return value: ara::core::Result< void > –
Exception Safety: noexcept
Errors: CryptoErrorDomain::kRuntimeFault Indicates an error to the parser to stop parsing
Header file: #include "ara/crypto/x509/x509_custom_extension_parser.h"
Description: Called when a printable string is encountered.

c(RS_CRYPTO_02306)
[SWS_CRYPT_40917]{DRAFT} d
Kind: function
Symbol: OnSequenceEnd()
Scope: class ara::crypto::x509::X509CustomExtensionsParser
Syntax: virtual ara::core::Result<void> ara::crypto::x509::X509Custom
ExtensionsParser::OnSequenceEnd () noexcept=0;
Return value: ara::core::Result< void > –
Exception Safety: noexcept
Errors: CryptoErrorDomain::kRuntimeFault Indicates an error to the parser to stop parsing
Header file: #include "ara/crypto/x509/x509_custom_extension_parser.h"
Description: Called when a sequence ends.

c(RS_CRYPTO_02306)
[SWS_CRYPT_40916]{DRAFT} d
Kind: function
Symbol: OnSequenceStart()
Scope: class ara::crypto::x509::X509CustomExtensionsParser
Syntax: virtual ara::core::Result<void> ara::crypto::x509::X509Custom
ExtensionsParser::OnSequenceStart () noexcept=0;
Return value: ara::core::Result< void > –
Exception Safety: noexcept
Errors: CryptoErrorDomain::kRuntimeFault Indicates an error to the parser to stop parsing
Header file: #include "ara/crypto/x509/x509_custom_extension_parser.h"
Description: Called when a sequence starts.

c(RS_CRYPTO_02306)

294 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

[SWS_CRYPT_40919]{DRAFT} d
Kind: function
Symbol: OnSetEnd()
Scope: class ara::crypto::x509::X509CustomExtensionsParser
Syntax: virtual ara::core::Result<void> ara::crypto::x509::X509Custom
ExtensionsParser::OnSetEnd () noexcept=0;
Return value: ara::core::Result< void > –
Exception Safety: noexcept
Errors: CryptoErrorDomain::kRuntimeFault Indicates an error to the parser to stop parsing
Header file: #include "ara/crypto/x509/x509_custom_extension_parser.h"
Description: Called when a set ends.

c(RS_CRYPTO_02306)
[SWS_CRYPT_40918]{DRAFT} d
Kind: function
Symbol: OnSetStart()
Scope: class ara::crypto::x509::X509CustomExtensionsParser
Syntax: virtual ara::core::Result<void> ara::crypto::x509::X509Custom
ExtensionsParser::OnSetStart () noexcept=0;
Return value: ara::core::Result< void > –
Exception Safety: noexcept
Errors: CryptoErrorDomain::kRuntimeFault Indicates an error to the parser to stop parsing
Header file: #include "ara/crypto/x509/x509_custom_extension_parser.h"
Description: Called when a set starts.

c(RS_CRYPTO_02306)
[SWS_CRYPT_40930]{DRAFT} d
Kind: function
Symbol: OnUtcTime(UtcTime parsed_utc_time)
Scope: class ara::crypto::x509::X509CustomExtensionsParser
Syntax: virtual ara::core::Result<void> ara::crypto::x509::X509Custom
ExtensionsParser::OnUtcTime (UtcTime parsed_utc_time) noexcept=0;
Parameters (in): parsed_utc_time Parsed UTC time value
Return value: ara::core::Result< void > –
Exception Safety: noexcept
Errors: CryptoErrorDomain::kRuntimeFault Indicates an error to the parser to stop parsing
Header file: #include "ara/crypto/x509/x509_custom_extension_parser.h"
Description: Called when a UTC time is encountered.

c(RS_CRYPTO_02306)

295 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

[SWS_CRYPT_40926]{DRAFT} d
Kind: function
Symbol: OnUtf8String(Utf8String parsed_utf8_string)
Scope: class ara::crypto::x509::X509CustomExtensionsParser
Syntax: virtual ara::core::Result<void> ara::crypto::x509::X509Custom
ExtensionsParser::OnUtf8String (Utf8String parsed_utf8_string)
noexcept=0;
Parameters (in): parsed_utf8_string Parsed UTF8 string value
Return value: ara::core::Result< void > –
Exception Safety: noexcept
Errors: CryptoErrorDomain::kRuntimeFault Indicates an error to the parser to stop parsing
Header file: #include "ara/crypto/x509/x509_custom_extension_parser.h"
Description: Called when an UTF8 string is encountered.

c(RS_CRYPTO_02306)
[SWS_CRYPT_40981]{DRAFT} d
Kind: function
Symbol: ~X509CustomExtensionsParser()
Scope: class ara::crypto::x509::X509CustomExtensionsParser
Syntax: virtual ara::crypto::x509::X509CustomExtensionsParser::~X509Custom
ExtensionsParser () noexcept=default;
Exception Safety: noexcept
Header file: #include "ara/crypto/x509/x509_custom_extension_parser.h"
Description: Destructor.

c(RS_CRYPTO_02306)
[SWS_CRYPT_40101]{DRAFT} d
Kind: type alias
Symbol: KeyConstraints
Scope: class ara::crypto::x509::BasicCertInfo
Derived from: std::uint32_t
Syntax: using ara::crypto::x509::BasicCertInfo::KeyConstraints = std::uint32_
t;
Header file: #include "ara/crypto/x509/basic_cert_info.h"
Description: X.509 v3 Key Constraints type definition.

c(RS_CRYPTO_02306)
[SWS_CRYPT_40203]{DRAFT} d
Kind: enumeration
Symbol: Status
Scope: class ara::crypto::x509::Certificate
Underlying type: std::uint32_t
Syntax: enum class Status : std::uint32_t {...};
5

296 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

4
Values: kValid= 0 The certificate is valid.
kInvalid= 1 The certificate is invalid.
kUnknown= 2 Status of the certificate is unknown yet.
kNoTrust= 3 The certificate has correct signature, but the ECU
has no a root of trust for this certificate.
kExpired= 4 The certificate has correct signature, but it is already
expired (its validity period has ended)
kFuture= 5 The certificate has correct signature, but its validity
period is not started yet.
Header file: #include "ara/crypto/x509/certificate.h"
Description: Certificate verification status.

c(RS_CRYPTO_02306)
[SWS_CRYPT_40202]{DRAFT} d
Kind: type alias
Symbol: Uptrc
Scope: class ara::crypto::x509::Certificate
Derived from: std::unique_ptr<const Certificate>
Syntax: using ara::crypto::x509::Certificate::Uptrc = std::unique_ptr<const
Certificate>;
Header file: #include "ara/crypto/x509/certificate.h"
Description: Unique smart pointer of the interface.

c(RS_CRYPTO_02306)
[SWS_CRYPT_40201]{DRAFT} d
Kind: type alias
Symbol: Uptr
Scope: class ara::crypto::x509::Certificate
Derived from: std::unique_ptr<Certificate>
Syntax: using ara::crypto::x509::Certificate::Uptr = std::unique_
ptr<Certificate>;
Header file: #include "ara/crypto/x509/certificate.h"
Description: Unique smart pointer of the interface.

c(RS_CRYPTO_02306)
[SWS_CRYPT_40301]{DRAFT} d
Kind: type alias
Symbol: Uptrc
Scope: class ara::crypto::x509::CertSignRequest
Derived from: std::unique_ptr<const CertSignRequest>
Syntax: using ara::crypto::x509::CertSignRequest::Uptrc = std::unique_
ptr<const CertSignRequest>;
Header file: #include "ara/crypto/x509/cert_sign_request.h"
Description: Unique smart pointer of the constant interface.

297 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

c(RS_CRYPTO_02306)
[SWS_CRYPT_40302]{DRAFT} d
Kind: type alias
Symbol: Uptr
Scope: class ara::crypto::x509::CertSignRequest
Derived from: std::unique_ptr<CertSignRequest>
Syntax: using ara::crypto::x509::CertSignRequest::Uptr = std::unique_ptr<Cert
SignRequest>;
Header file: #include "ara/crypto/x509/cert_sign_request.h"
Description: Unique smart pointer of the interface.

c(RS_CRYPTO_02306)
[SWS_CRYPT_40002]{DRAFT} d
Kind: enumeration
Symbol: OcspCertStatus
Scope: namespace ara::crypto::x509
Underlying type: std::uint32_t
Syntax: enum class OcspCertStatus : std::uint32_t {...};
Values: kGood= 0 The certificate is not revoked.
kRevoked= 1 The certificate has been revoked (either
permanantly or temporarily (on hold))
kUnknown= 2 The responder doesn’t know about the certificate
being requested.
Header file: #include "ara/crypto/x509/ocsp_response.h"
Description: On-line Certificate Status Protocol (OCSP) Certificate Status.

c(RS_CRYPTO_02306)
[SWS_CRYPT_40702]{DRAFT} d
Kind: type alias
Symbol: Uptrc
Scope: class ara::crypto::x509::OcspRequest
Derived from: std::unique_ptr<const OcspRequest>
Syntax: using ara::crypto::x509::OcspRequest::Uptrc = std::unique_ptr<const
OcspRequest>;
Header file: #include "ara/crypto/x509/ocsp_request.h"
Description: Shared smart pointer of the interface.

c(RS_CRYPTO_02306)
[SWS_CRYPT_40701]{DRAFT} d
Kind: type alias
Symbol: Uptr
Scope: class ara::crypto::x509::OcspRequest
5

298 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

4
Derived from: std::unique_ptr<OcspRequest>
Syntax: using ara::crypto::x509::OcspRequest::Uptr = std::unique_ptr<Ocsp
Request>;
Header file: #include "ara/crypto/x509/ocsp_request.h"
Description: Shared smart pointer of the interface.

c(RS_CRYPTO_02306)
[SWS_CRYPT_40001]{DRAFT} d
Kind: enumeration
Symbol: OcspResponseStatus
Scope: namespace ara::crypto::x509
Underlying type: std::uint32_t
Syntax: enum class OcspResponseStatus : std::uint32_t {...};

Values: kSuccessful= 0 Response has valid confirmations.

kMalformedRequest= 1 Illegal confirmation request.
kInternalError= 2 Internal error in issuer.
kTryLater= 3 Try again later.
kSigRequired= 5 Must sign the request.
kUnauthorized= 6 Request unauthorized.
Header file: #include "ara/crypto/x509/ocsp_response.h"
Description: On-line Certificate Status Protocol (OCSP) Response Status.

c(RS_CRYPTO_02306)
[SWS_CRYPT_40802]{DRAFT} d
Kind: type alias
Symbol: Uptrc
Scope: class ara::crypto::x509::OcspResponse
Derived from: std::unique_ptr<const OcspResponse>
Syntax: using ara::crypto::x509::OcspResponse::Uptrc = std::unique_ptr<const
OcspResponse>;
Header file: #include "ara/crypto/x509/ocsp_response.h"
Description: Shared smart pointer of the interface.

c(RS_CRYPTO_02306)
[SWS_CRYPT_40801]{DRAFT} d
Kind: type alias
Symbol: Uptr
Scope: class ara::crypto::x509::OcspResponse
Derived from: std::unique_ptr<OcspResponse>
Syntax: using ara::crypto::x509::OcspResponse::Uptr = std::unique_ptr<Ocsp
Response>;
5

299 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

4
Header file: #include "ara/crypto/x509/ocsp_response.h"
Description: Shared smart pointer of the interface.

c(RS_CRYPTO_02306)
[SWS_CRYPT_40403]{DRAFT} d
Kind: enumeration
Symbol: AttributeId
Scope: class ara::crypto::x509::X509DN
Underlying type: std::uint32_t
Syntax: enum class AttributeId : std::uint32_t {...};
kCommonName= 0 Common Name.
Values: kCountry= 1 Country.
kState= 2 State.
kLocality= 3 Locality.
kOrganization= 4 Organization.
kOrgUnit= 5 Organization Unit.
kStreet= 6 Street.
kPostalCode= 7 Postal Code.
kTitle= 8 Title.
kSurname= 9 Surname.
kGivenName= 10 Given Name.
kInitials= 11 Initials.
kPseudonym= 12 Pseudonym.
kGenerationQualifier= 13 Generation Qualifier.
kDomainComponent= 14 Domain Component.
kDnQualifier= 15 Distinguished Name Qualifier.
kEmail= 16 E-mail.
kUri= 17 URI.
kDns= 18 DNS.
kHostName= 19 Host Name (UNSTRUCTUREDNAME)
kIpAddress= 20 IP Address (UNSTRUCTUREDADDRESS)
kSerialNumbers= 21 Serial Numbers.
kUserId= 22 User ID.
Header file: #include "ara/crypto/x509/x509_dn.h"
Description: Enumeration of DN attributes’ identifiers.

c(RS_CRYPTO_02306)
[SWS_CRYPT_40402]{DRAFT} d
Kind: type alias
Symbol: Uptrc
Scope: class ara::crypto::x509::X509DN
Derived from: std::unique_ptr<const X509DN>
5

300 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

4
Syntax: using ara::crypto::x509::X509DN::Uptrc = std::unique_ptr<const
X509DN>;
Header file: #include "ara/crypto/x509/x509_dn.h"
Description: Unique smart pointer of the constant interface.

c(RS_CRYPTO_02306)
[SWS_CRYPT_40401]{DRAFT} d
Kind: type alias
Symbol: Uptr
Scope: class ara::crypto::x509::X509DN
Derived from: std::unique_ptr<X509DN>
Syntax: using ara::crypto::x509::X509DN::Uptr = std::unique_ptr<X509DN>;
Header file: #include "ara/crypto/x509/x509_dn.h"
Description: Unique smart pointer of the interface.

c(RS_CRYPTO_02306)
[SWS_CRYPT_40501]{DRAFT} d
Kind: type alias
Symbol: Uptr
Scope: class ara::crypto::x509::X509Extensions
Derived from: std::unique_ptr<X509Extensions>
Syntax: using ara::crypto::x509::X509Extensions::Uptr = std::unique_
ptr<X509Extensions>;
Header file: #include "ara/crypto/x509/x509_extensions.h"
Description: Shared smart pointer of the interface.

c(RS_CRYPTO_02306)
[SWS_CRYPT_24401]{DRAFT} d
Kind: type alias
Symbol: Uptrc
Scope: class ara::crypto::x509::X509PublicKeyInfo
Derived from: std::unique_ptr<const X509PublicKeyInfo>
Syntax: using ara::crypto::x509::X509PublicKeyInfo::Uptrc = std::unique_
ptr<const X509PublicKeyInfo>;
Header file: #include "ara/crypto/x509/x509_public_key_info.h"
Description: Unique smart pointer of the interface.

c(RS_CRYPTO_02307)

301 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

[SWS_CRYPT_40601]{DRAFT} d
Kind: type alias
Symbol: Uptr
Scope: class ara::crypto::x509::X509Provider
Derived from: std::unique_ptr<X509Provider>
Syntax: using ara::crypto::x509::X509Provider::Uptr = std::unique_
ptr<X509Provider>;
Header file: #include "ara/crypto/x509/x509_provider.h"
Description: Shared smart pointer of the interface.

c(RS_CRYPTO_02306)
[SWS_CRYPT_40602]{DRAFT} d
Kind: type alias
Symbol: StorageIndex
Scope: class ara::crypto::x509::X509Provider
Derived from: std::size_t
Syntax: using ara::crypto::x509::X509Provider::StorageIndex = std::size_t;
Header file: #include "ara/crypto/x509/x509_provider.h"
Description: Type of an internal index inside the certificate storage.

c(RS_CRYPTO_02306)
[SWS_CRYPT_40935]{DRAFT} d
Kind: type alias
Symbol: BitString
Scope: class ara::crypto::x509::X509CustomExtensionsParser
Derived from: std::pair<ara::crypto::ReadOnlyMemRegion, NumberOfUnusedBits>
Syntax: using ara::crypto::x509::X509CustomExtensionsParser::BitString =
std::pair<ara::crypto::ReadOnlyMemRegion, NumberOfUnusedBits>;
Header file: #include "ara/crypto/x509/x509_custom_extension_parser.h"
Description: Type alias.

c(RS_CRYPTO_02306)
[SWS_CRYPT_40941]{DRAFT} d
Kind: type alias
Symbol: GeneralizedTime
Scope: class ara::crypto::x509::X509CustomExtensionsParser
Derived from: ara::core::StringView
Syntax: using ara::crypto::x509::X509CustomExtensionsParser::GeneralizedTime =
ara::core::StringView;
Header file: #include "ara/crypto/x509/x509_custom_extension_parser.h"
Description: Type alias.

c(RS_CRYPTO_02306)

302 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

[SWS_CRYPT_40940]{DRAFT} d
Kind: type alias
Symbol: Ia5String
Scope: class ara::crypto::x509::X509CustomExtensionsParser
Derived from: ara::core::StringView
Syntax: using ara::crypto::x509::X509CustomExtensionsParser::Ia5String =
ara::core::StringView;
Header file: #include "ara/crypto/x509/x509_custom_extension_parser.h"
Description: Type alias.

c(RS_CRYPTO_02306)
[SWS_CRYPT_40933]{DRAFT} d
Kind: type alias
Symbol: Integer
Scope: class ara::crypto::x509::X509CustomExtensionsParser
Derived from: ara::crypto::ReadOnlyMemRegion
Syntax: using ara::crypto::x509::X509CustomExtensionsParser::Integer =
ara::crypto::ReadOnlyMemRegion;
Header file: #include "ara/crypto/x509/x509_custom_extension_parser.h"
Description: Type alias.

c(RS_CRYPTO_02306)
[SWS_CRYPT_40934]{DRAFT} d
Kind: type alias
Symbol: NumberOfUnusedBits
Scope: class ara::crypto::x509::X509CustomExtensionsParser
Derived from: std::uint8_t
Syntax: using ara::crypto::x509::X509CustomExtensionsParser::NumberOfUnused
Bits = std::uint8_t;
Header file: #include "ara/crypto/x509/x509_custom_extension_parser.h"
Description: Type alias.

c(RS_CRYPTO_02306)
[SWS_CRYPT_40936]{DRAFT} d
Kind: type alias
Symbol: OctetString
Scope: class ara::crypto::x509::X509CustomExtensionsParser
Derived from: ara::crypto::ReadOnlyMemRegion
Syntax: using ara::crypto::x509::X509CustomExtensionsParser::OctetString =
ara::crypto::ReadOnlyMemRegion;
Header file: #include "ara/crypto/x509/x509_custom_extension_parser.h"
Description: Type alias.

c(RS_CRYPTO_02306)

303 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

[SWS_CRYPT_40937]{DRAFT} d
Kind: type alias
Symbol: Oid
Scope: class ara::crypto::x509::X509CustomExtensionsParser
Derived from: ara::core::StringView
Syntax: using ara::crypto::x509::X509CustomExtensionsParser::Oid =
ara::core::StringView;
Header file: #include "ara/crypto/x509/x509_custom_extension_parser.h"
Description: Type alias.

c(RS_CRYPTO_02306)
[SWS_CRYPT_40939]{DRAFT} d
Kind: type alias
Symbol: PrintableString
Scope: class ara::crypto::x509::X509CustomExtensionsParser
Derived from: ara::core::StringView
Syntax: using ara::crypto::x509::X509CustomExtensionsParser::PrintableString =
ara::core::StringView;
Header file: #include "ara/crypto/x509/x509_custom_extension_parser.h"
Description: Type alias.

c(RS_CRYPTO_02306)
[SWS_CRYPT_40942]{DRAFT} d
Kind: type alias
Symbol: UtcTime
Scope: class ara::crypto::x509::X509CustomExtensionsParser
Derived from: ara::core::StringView
Syntax: using ara::crypto::x509::X509CustomExtensionsParser::UtcTime =
ara::core::StringView;
Header file: #include "ara/crypto/x509/x509_custom_extension_parser.h"
Description: Type alias.

c(RS_CRYPTO_02306)
[SWS_CRYPT_40938]{DRAFT} d
Kind: type alias
Symbol: Utf8String
Scope: class ara::crypto::x509::X509CustomExtensionsParser
Derived from: ara::crypto::ReadOnlyMemRegion
Syntax: using ara::crypto::x509::X509CustomExtensionsParser::Utf8String =
ara::crypto::ReadOnlyMemRegion;
Header file: #include "ara/crypto/x509/x509_custom_extension_parser.h"
Description: Type alias.

c(RS_CRYPTO_02306)

304 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

[SWS_CRYPT_40157]{DRAFT} d
Kind: variable
Symbol: kConstrCrlSign
Scope: class ara::crypto::x509::BasicCertInfo
Type: const KeyConstraints
Syntax: static const KeyConstraints ara::crypto::x509::BasicCertInfo::kConstr
CrlSign = 0x0200;
Header file: #include "ara/crypto/x509/basic_cert_info.h"
Description: The key can be used for Certificates Revokation Lists (CRL) signing.

c(RS_CRYPTO_02306)
[SWS_CRYPT_40154]{DRAFT} d
Kind: variable
Symbol: kConstrDataEncipherment
Scope: class ara::crypto::x509::BasicCertInfo
Type: const KeyConstraints
Syntax: static const KeyConstraints ara::crypto::x509::BasicCertInfo::kConstr
DataEncipherment = 0x1000;
Header file: #include "ara/crypto/x509/basic_cert_info.h"
Description: The key can be used for data encipherment.

c(RS_CRYPTO_02306)
[SWS_CRYPT_40159]{DRAFT} d
Kind: variable
Symbol: kConstrDecipherOnly
Scope: class ara::crypto::x509::BasicCertInfo
Type: const KeyConstraints
Syntax: static const KeyConstraints ara::crypto::x509::BasicCertInfo::kConstr
DecipherOnly = 0x0080;
Header file: #include "ara/crypto/x509/basic_cert_info.h"
Description: The enciphermet key can be used for deciphering only.

c(RS_CRYPTO_02306)
[SWS_CRYPT_40151]{DRAFT} d
Kind: variable
Symbol: kConstrDigitalSignature
Scope: class ara::crypto::x509::BasicCertInfo
Type: const KeyConstraints
Syntax: static const KeyConstraints ara::crypto::x509::BasicCertInfo::kConstr
DigitalSignature = 0x8000;
Header file: #include "ara/crypto/x509/basic_cert_info.h"
Description: The key can be used for digital signature production.

c(RS_CRYPTO_02306)

305 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

[SWS_CRYPT_40158]{DRAFT} d
Kind: variable
Symbol: kConstrEncipherOnly
Scope: class ara::crypto::x509::BasicCertInfo
Type: const KeyConstraints
Syntax: static const KeyConstraints ara::crypto::x509::BasicCertInfo::kConstr
EncipherOnly = 0x0100;
Header file: #include "ara/crypto/x509/basic_cert_info.h"
Description: The enciphermet key can be used for enciphering only.

c(RS_CRYPTO_02306)
[SWS_CRYPT_40155]{DRAFT} d
Kind: variable
Symbol: kConstrKeyAgreement
Scope: class ara::crypto::x509::BasicCertInfo
Type: const KeyConstraints
Syntax: static const KeyConstraints ara::crypto::x509::BasicCertInfo::kConstr
KeyAgreement = 0x0800;
Header file: #include "ara/crypto/x509/basic_cert_info.h"
Description: The key can be used for a key agreement protocol execution.

c(RS_CRYPTO_02306)
[SWS_CRYPT_40156]{DRAFT} d
Kind: variable
Symbol: kConstrKeyCertSign
Scope: class ara::crypto::x509::BasicCertInfo
Type: const KeyConstraints
Syntax: static const KeyConstraints ara::crypto::x509::BasicCertInfo::kConstr
KeyCertSign = 0x0400;
Header file: #include "ara/crypto/x509/basic_cert_info.h"
Description: The key can be used for certificates signing.

c(RS_CRYPTO_02306)
[SWS_CRYPT_40153]{DRAFT} d
Kind: variable
Symbol: kConstrKeyEncipherment
Scope: class ara::crypto::x509::BasicCertInfo
Type: const KeyConstraints
Syntax: static const KeyConstraints ara::crypto::x509::BasicCertInfo::kConstr
KeyEncipherment = 0x2000;
Header file: #include "ara/crypto/x509/basic_cert_info.h"
Description: The key can be used for key encipherment.

c(RS_CRYPTO_02306)

306 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

[SWS_CRYPT_40152]{DRAFT} d
Kind: variable
Symbol: kConstrNonRepudiation
Scope: class ara::crypto::x509::BasicCertInfo
Type: const KeyConstraints
Syntax: static const KeyConstraints ara::crypto::x509::BasicCertInfo::kConstr
NonRepudiation = 0x4000;
Header file: #include "ara/crypto/x509/basic_cert_info.h"
Description: The key can be used in cases requiring the "non-repudiation" guarantee.

c(RS_CRYPTO_02306)
[SWS_CRYPT_40150]{DRAFT} d
Kind: variable
Symbol: kConstrNone
Scope: class ara::crypto::x509::BasicCertInfo
Type: const KeyConstraints
Syntax: static const KeyConstraints ara::crypto::x509::BasicCertInfo::kConstr
None = 0;
Header file: #include "ara/crypto/x509/basic_cert_info.h"
Description: No key constraints.

c(RS_CRYPTO_02306)
[SWS_CRYPT_40603]{DRAFT} d
Kind: variable
Symbol: kInvalidIndex
Scope: class ara::crypto::x509::X509Provider
Type: const StorageIndex
Syntax: static const StorageIndex ara::crypto::x509::X509Provider::kInvalid
Index = static_cast<std::size_t>(-1LL);
Header file: #include "ara/crypto/x509/x509_provider.h"
Description: Reserved "invalid index" value for navigation inside the certificate storage.

c(RS_CRYPTO_02306)

8.4 API Common Data Types

[SWS_CRYPT_10015]{DRAFT} d
Kind: type alias
Symbol: AllowedUsageFlags
Scope: namespace ara::crypto
Derived from: std::uint32_t
5

307 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

4
Syntax: using ara::crypto::AllowedUsageFlags = std::uint32_t;
Header file: #include "ara/crypto/common/base_id_types.h"
Description: A container type and constant bit-flags of allowed usages of a key or a secret seed object. Only
directly specified usages of a key are allowed, all other are prohibited! Similar set of flags are
defined for the usage restrictions of original key/seed and for a symmetric key or seed that
potentially can be derived from the original one. A symmetric key or secret seed can be derived
from the original one, only if it supports kAllowKeyAgreement or kAllowKeyDiversify or kAllow
KeyDerivation!

c(RS_CRYPTO_02111)
[SWS_CRYPT_10042]{DRAFT} d
Kind: type alias
Symbol: ByteVector
Scope: namespace ara::crypto
Derived from: ara::core::Vector<std::uint8_t, Alloc>
Syntax: using ara::crypto::ByteVector = ara::core::Vector<std::uint8_t,
Alloc>;
Template param: Alloc custom allocator of bytes sequences
Header file: #include "ara/crypto/common/base_id_types.h"
Description: Alias of a bytes’ vector template with customizable allocator.

c(RS_CRYPTO_02201, RS_CRYPTO_02202, RS_CRYPTO_02203, RS_CRYPTO_-

02204, RS_CRYPTO_02205, RS_CRYPTO_02206, RS_CRYPTO_02207, RS_-
CRYPTO_02208, RS_CRYPTO_02209)
[SWS_CRYPT_10014]{DRAFT} d
Kind: type alias
Symbol: CryptoAlgId
Scope: namespace ara::crypto
Derived from: std::uint64_t
Syntax: using ara::crypto::CryptoAlgId = std::uint64_t;
Header file: #include "ara/crypto/common/base_id_types.h"
Description: Container type of the Crypto Algorithm Identifier.

c(RS_CRYPTO_02102, RS_CRYPTO_02107)
[SWS_CRYPT_10016]{DRAFT} d
Kind: enumeration
Symbol: CryptoObjectType
Scope: namespace ara::crypto
Underlying type: std::uint32_t
Syntax: enum class CryptoObjectType : std::uint32_t {...};
Values: kUndefined= 0 Object type is currently not defined (empty
container)
kSymmetricKey= 1 cryp::SymmetricKey object
5

308 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

4
kPrivateKey= 2 cryp::PrivateKey object
kPublicKey= 3 cryp::PublicKey object
kSignature= 4 cryp::Signature object (asymmetric digital signature
or symmetric MAC/HMAC or hash digest)
kSecretSeed= 5 cryp::SecretSeed object. Note: the seed cannot
have an associated crypto algorithm!
Header file: #include "ara/crypto/common/base_id_types.h"
Description: Enumeration of all types of crypto objects, i.e. types of content that can be stored to a key slot.

c(RS_CRYPTO_02004)
[SWS_CRYPT_10100]{DRAFT} d
Kind: struct
Symbol: CryptoObjectUid
Scope: namespace ara::crypto
Syntax: struct ara::crypto::CryptoObjectUid {...};
Header file: #include "ara/crypto/common/crypto_object_uid.h"
Description: Definition of Crypto Object Unique Identifier (COUID) type.

c(RS_CRYPTO_02005, RS_CRYPTO_02006)
[SWS_CRYPT_10017]{DRAFT} d
Kind: enumeration
Symbol: ProviderType
Scope: namespace ara::crypto
Underlying type: std::uint32_t
Syntax: enum class ProviderType : std::uint32_t {...};
Values: kUndefinedProvider= 0 Undefined/Unknown Provider type (or applicable for
the whole Crypto Stack)
kCryptoProvider= 1 Cryptography Provider.
kKeyStorageProvider= 2 Key Storage Provider.
kX509Provider= 3 X.509 Provider.
Header file: #include "ara/crypto/common/base_id_types.h"
Description: Enumeration of all known Provider types.

c(RS_CRYPTO_02401, RS_CRYPTO_02109)
[SWS_CRYPT_10033]{DRAFT} d
Kind: type alias
Symbol: ReadOnlyMemRegion
Scope: namespace ara::crypto
Derived from: ara::core::Span<const std::uint8_t>
Syntax: using ara::crypto::ReadOnlyMemRegion = ara::core::Span<const
std::uint8_t>;
Header file: #include "ara/crypto/common/mem_region.h"
Description: Read-Only Memory Region (intended for [in] arguments)

309 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

c(RS_CRYPTO_02004)
[SWS_CRYPT_10031]{DRAFT} d
Kind: type alias
Symbol: ReadWriteMemRegion
Scope: namespace ara::crypto
Derived from: ara::core::Span<std::uint8_t>
Syntax: using ara::crypto::ReadWriteMemRegion = ara::core::Span<std::uint8_t>;
Header file: #include "ara/crypto/common/mem_region.h"
Description: Read-Write Memory Region (intended for [in/out] arguments)

c(RS_CRYPTO_02004)
[SWS_CRYPT_10099]{DRAFT} d
Kind: enumeration
Symbol: CryptoErrc
Scope: namespace ara::crypto
Underlying type: ara::core::ErrorDomain::CodeType
Syntax: enum class CryptoErrc : ara::core::ErrorDomain::CodeType {...};
kErrorClass= 0x1000000 Reserved (a multiplier of error class IDs)
Values:
kErrorSubClass= 0x10000 Reserved (a multiplier of error sub-class IDs)
kErrorSubSubClass= 0x100 Reserved (a multiplier of error sub-sub-class IDs)
kResourceFault= 1 * kErrorClass ResourceException: Generic resource fault!
kBusyResource= kResourceFault + 1 ResourceException: Specified resource is busy!
kInsufficientResource= kResourceFault ResourceException: Insufficient capacity of
+2 specified resource!
kUnreservedResource= kResource ResourceException: Specified resource was not
Fault + 3 reserved!
kModifiedResource= kResourceFault + ResourceException: Specified resource has been
4 modified!
kLogicFault= 2 * kErrorClass LogicException: Generic logic fault!
kInvalidArgument= kLogicFault + 1 * k InvalidArgumentException: An invalid argument
ErrorSubClass value is provided!
kUnknownIdentifier= kInvalidArgument InvalidArgumentException: Unknown identifier is
+1 provided!
kInsufficientCapacity= kInvalid InvalidArgumentException: Insufficient capacity of
Argument + 2 the output buffer!
kInvalidInputSize= kInvalidArgument + InvalidArgumentException: Invalid size of an input
3 buffer!
kIncompatibleArguments= kInvalid InvalidArgumentException: Provided values of
Argument + 4 arguments are incompatible!
kInOutBuffersIntersect= kInvalid InvalidArgumentException: Input and output buffers
Argument + 5 are intersect!
kBelowBoundary= kInvalidArgument + InvalidArgumentException: Provided value is below
6 the lower boundary!
kAboveBoundary= kInvalidArgument + InvalidArgumentException: Provided value is above
7 the upper boundary!
kAuthTagNotValid= kInvalidArgument + AuthTagNotValidException: Provided
8 authentication-tag cannot be verified!
5

310 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

4
kUnsupported= kInvalidArgument + 1 *
kErrorSubSubClass
kInvalidUsageOrder= kLogicFault + 2 *
kErrorSubClass
kUninitializedContext= kInvalidUsage
Order + 1
kProcessingNotStarted= kInvalidUsage
Order + 2
kProcessingNotFinished= kInvalid
UsageOrder + 3
kRuntimeFault= 3 * kErrorClass
kUnsupportedFormat= kRuntimeFault
+1
kBruteForceRisk= kRuntimeFault + 2
kContentRestrictions= kRuntimeFault +
3 restrictions of the target container!
kBadObjectReference= kRuntimeFault
+4
kContentDuplication= kRuntimeFault +
6 in the target storage!
kUnexpectedValue= kRuntimeFault + 1
* kErrorSubClass
kIncompatibleObject= kUnexpected
Value + 1
kIncompleteArgState= kUnexpected
Value + 2
kEmptyContainer= kUnexpectedValue
+3
kMissingArgument= kUnexpectedValue
+4
kBadObjectType= kUnexpectedValue +
1 * kErrorSubSubClass
kUsageViolation= kRuntimeFault + 2 *
kErrorSubClass
kAccessViolation= kRuntimeFault + 3 *
kErrorSubClass
Header file: #include "ara/crypto/common/crypto_error_domain.h"
Description: Enumeration of all Crypto Error Code values that may be reported by ara::crypto.
UnsupportedException: Unsupported request (due
to limitations of the implementation)!
InvalidUsageOrderException: Invalid usage order of
the interface!
InvalidUsageOrderException: Context of the
interface was not initialized!
InvalidUsageOrderException: Data processing was
not started yet!
InvalidUsageOrderException: Data processing was
not finished yet!
RuntimeException: Generic runtime fault!
RuntimeException: Unsupported serialization
format for this object type!
RuntimeException: Operation is prohibitted due to a
risk of a brute force attack!
RuntimeException: The operation violates content
RuntimeException: Incorrect reference between
objects!
RuntimeException: Provided content already exists
UnexpectedValueException: Unexpected value of
an argument is provided!
UnexpectedValueException: The provided object is
incompatible with requested operation or its
configuration!
UnexpectedValueException: Incomplete state of an
argument!
UnexpectedValueException: Specified container is
empty!
kMissingArgumentException: Expected argument,
but none provided!
BadObjectTypeException: Provided object has
unexpected type!
UsageViolationException: Violation of allowed
usage for the object!
AccessViolationException: Access rights violation!

c(RS_CRYPTO_02310)
[SWS_CRYPT_30001]{DRAFT} d
Kind: struct
Symbol: SecureCounter
Scope: namespace ara::crypto
Syntax: struct ara::crypto::SecureCounter {...};
Header file: #include "ara/crypto/common/entry_point.h"
Description: 128 bit secure counter made up of most significant and least significant quad-word of the
hardware counter.

c(RS_CRYPTO_02401)

311 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

[SWS_CRYPT_10701]{DRAFT} d
Kind: type alias
Symbol: FormatId
Scope: class ara::crypto::Serializable
Derived from: std::uint32_t
Syntax: using ara::crypto::Serializable::FormatId = std::uint32_t;
Header file: #include "ara/crypto/common/serializable.h"
Description: A container type for the encoding format identifiers.

c(RS_CRYPTO_02004, RS_CRYPTO_02302)
[SWS_CRYPT_10019]{DRAFT} d
Kind: enumeration
Symbol: CryptoTransform
Scope: namespace ara::crypto
Underlying type: std::uint32_t
Syntax: enum class CryptoTransform : std::uint32_t {...};

Values: kEncrypt= 1 encryption

kDecrypt= 2 decryption
kMacVerify= 3 MAC verification.
kMacGenerate= 4 MAC generation.
kWrap= 5 key wrapping
kUnwrap= 6 key unwrapping
kSigVerify= 7 signature verification
kSigGenerate= 8 signature generation
Header file: #include "ara/crypto/common/base_id_types.h"
Description: Enumeration of cryptographic transformations.

c(RS_CRYPTO_02004)
[SWS_CRYPT_10852]{DRAFT} d
Kind: type alias
Symbol: Uptr
Scope: class ara::crypto::VolatileTrustedContainer
Derived from: std::unique_ptr<VolatileTrustedContainer>
Syntax: using ara::crypto::VolatileTrustedContainer::Uptr = std::unique_
ptr<VolatileTrustedContainer>;
Header file: #include "ara/crypto/common/volatile_trusted_container.h"
Description: Unique smart pointer of the interface.

c(RS_CRYPTO_02004)

312 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

[SWS_CRYPT_10400]{DRAFT} d
Kind: struct
Symbol: Uuid
Scope: namespace ara::crypto
Syntax: struct ara::crypto::Uuid {...};
Header file: #include "ara/crypto/common/uuid.h"
Description: Definition of Universally Unique Identifier (UUID) type. Independently from internal definition
details of this structure, it’s size must be 16 bytes and entropy of this ID should be close to 128
bit!

c(RS_CRYPTO_02005)
[SWS_CRYPT_10801]{DRAFT} d
Kind: type alias
Symbol: Uptr
Scope: class ara::crypto::IOInterface
Derived from: std::unique_ptr<IOInterface>
Syntax: using ara::crypto::IOInterface::Uptr = std::unique_ptr<IOInterface>;
Header file: #include "ara/crypto/common/io_interface.h"
Description: Unique smart pointer of the interface.

c(RS_CRYPTO_02109)
[SWS_CRYPT_10802]{DRAFT} d
Kind: type alias
Symbol: Uptrc
Scope: class ara::crypto::IOInterface
Derived from: std::unique_ptr<const IOInterface>
Syntax: using ara::crypto::IOInterface::Uptrc = std::unique_ptr<const
IOInterface>;
Header file: #include "ara/crypto/common/io_interface.h"
Description: Unique smart pointer of the constant interface.

c(RS_CRYPTO_02109)
[SWS_CRYPT_19903]{DRAFT} d
Kind: type alias
Symbol: Errc
Scope: class ara::crypto::CryptoErrorDomain
Derived from: CryptoErrc
Syntax: using ara::crypto::CryptoErrorDomain::Errc = CryptoErrc;
Header file: #include "ara/crypto/common/crypto_error_domain.h"
Description: crypto error

c(RS_CRYPTO_02310)

313 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

[SWS_CRYPT_19904]{DRAFT} d
Kind: type alias
Symbol: Exception
Scope: class ara::crypto::CryptoErrorDomain
Derived from: CryptoException
Syntax: using ara::crypto::CryptoErrorDomain::Exception = CryptoException;
Header file: #include "ara/crypto/common/crypto_error_domain.h"
Description: Alias for the exception base class.

c(RS_CRYPTO_02310)
[SWS_CRYPT_10018]{DRAFT} d
Kind: enumeration
Symbol: KeySlotType
Scope: namespace ara::crypto
Underlying type: std::uint32_t
Syntax: enum class KeySlotType : std::uint32_t {...};
Values: kMachine= 1 machine type key-slot - can be managed by
application
kApplication= 2 application exclusive type key-slot
Header file: #include "ara/crypto/common/base_id_types.h"
Description: Enumeration of key-slot types; currently only machine and applicaiton key-slots are defined.

c(RS_CRYPTO_02004)

8.5 API Reference

[SWS_CRYPT_10800]{DRAFT} d
Kind: class
Symbol: IOInterface
Scope: namespace ara::crypto
Syntax: class ara::crypto::IOInterface {...};
Header file: #include "ara/crypto/common/io_interface.h"
Description: Formal interface of an IOInterface is used for saving and loading of security objects. Actual
saving and loading should be implemented by internal methods known to a trusted pair of
Crypto Provider and Storage Provider. Each object should be uniquely identified by its type and
Crypto Object Unique Identifier (COUID). This interface suppose that objects in the container
are compressed i.e. have a minimal size optimized for.

c(RS_CRYPTO_02004)

314 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

[SWS_CRYPT_10700]{DRAFT} d
Kind: class
Symbol: Serializable
Scope: namespace ara::crypto
Syntax: class ara::crypto::Serializable {...};
Header file: #include "ara/crypto/common/serializable.h"
Description: Serializable object interface.

c(RS_CRYPTO_02105)
[SWS_CRYPT_10850]{DRAFT} d
Kind: class
Symbol: VolatileTrustedContainer
Scope: namespace ara::crypto
Syntax: class ara::crypto::VolatileTrustedContainer {...};
Header file: #include "ara/crypto/common/volatile_trusted_container.h"
Description: This explicit interface of a volatile Trusted Container is used for buffering CryptoAPI objects in
RAM. This class represents a "smart buffer" in that it provides access to the IOInterface, which
can be used for querying meta-data of the buffer content.

c(RS_CRYPTO_02004)
[SWS_CRYPT_19905]{DRAFT} d
Kind: class
Symbol: CryptoException
Scope: namespace ara::crypto
Base class: ara::core::Exception
Syntax: class ara::crypto::CryptoException : public ara::core::Exception
{...};
Header file: #include "ara/crypto/common/crypto_error_domain.h"
Description: Exception type thrown for CRYPTO errors.

c(RS_CRYPTO_02310)
[SWS_CRYPT_19900]{DRAFT} d
Kind: class
Symbol: CryptoErrorDomain
Scope: namespace ara::crypto
Base class: ara::core::ErrorDomain
Syntax: class ara::crypto::CryptoErrorDomain final : public ara::core::Error
Domain {...};
Unique ID: 0x8000’0000’0000’0801
Header file: #include "ara/crypto/common/crypto_error_domain.h"
5

315 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

4
Description: Crypto Error Domain class that provides interfaces as defined by ara::core::ErrorDomain such
as a name of the Crypto Error Domain or messages for each error code. This class represents
an error domain responsible for all errors that may be reported by public APIs in ara::crypto
namespace. .

c(RS_AP_00130)
[SWS_CRYPT_19951]{DRAFT} d
Kind: function
Symbol: MakeErrorCode(CryptoErrorDomain::Errc code, ara::core::ErrorDomain::SupportDataType
data)
Scope: namespace ara::crypto
Syntax: constexpr ara::core::ErrorCode ara::crypto::MakeErrorCode (CryptoError
Domain::Errc code, ara::core::ErrorDomain::SupportDataType data)
noexcept;
Parameters (in): code an error code identifier from the CryptoErrc
enumeration
data supplementary data for the error description
Return value: ara::core::ErrorCode an instance of ErrorCode created according the
arguments
Exception Safety: noexcept
Header file: #include "ara/crypto/common/crypto_error_domain.h"
Description: Makes Error Code instances from the Crypto Error Domain. The returned ErrorCode instance
always references to CryptoErrorDomain.

c(RS_CRYPTO_02310)
[SWS_CRYPT_20099]{DRAFT} d
Kind: function
Symbol: LoadCryptoProvider(const ara::core::InstanceSpecifier &iSpecify)
Scope: namespace ara::crypto
Syntax: ara::crypto::cryp::CryptoProvider::Uptr ara::crypto::LoadCrypto
Provider (const ara::core::InstanceSpecifier &iSpecify) noexcept;
Parameters (in): iSpecify the globally unique identifier of required Crypto
Provider
Return value: ara::crypto::cryp::CryptoProvider::Uptr unique smart pointer to loaded Crypto Provider
Exception Safety: noexcept
Thread Safety: Thread-safe
Header file: #include "ara/crypto/common/entry_point.h"
Description: Factory that creates or return existing single instance of specific Crypto Provider. If (providerUid
== nullptr) then platform default provider should be loaded.

c(RS_CRYPTO_02401, RS_CRYPTO_02301)
[SWS_CRYPT_30099]{DRAFT} d
Kind: function
Symbol: LoadKeyStorageProvider()
Scope: namespace ara::crypto
5

316 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

4
Syntax: ara::crypto::keys::KeyStorageProvider::Uptr ara::crypto::LoadKey
StorageProvider () noexcept;
Return value: ara::crypto::keys::KeyStorage unique smart pointer to loaded Key Storage Provider
Provider::Uptr
Exception Safety: noexcept
Thread Safety: Thread-safe
Errors: CryptoErrorDomain::kRuntimeFault if the Key Storage Provider instance cannot be
created
Header file: #include "ara/crypto/common/entry_point.h"
Description: Factory that creates or return existing single instance of the Key Storage Provider.

c(RS_CRYPTO_02109, RS_CRYPTO_02401, RS_CRYPTO_02301)

[SWS_CRYPT_40099]{DRAFT} d
Kind: function
Symbol: LoadX509Provider()
Scope: namespace ara::crypto
Syntax: ara::crypto::x509::X509Provider::Uptr ara::crypto::LoadX509Provider ()
noexcept;
Return value: ara::crypto::x509::X509Provider::Uptr unique smart pointer to loaded X.509 Provider
Exception Safety: noexcept
Thread Safety: Thread-safe
Errors: CryptoErrorDomain::kRuntimeFault if the X.509 Provider cannot be loaded
Header file: #include "ara/crypto/common/entry_point.h"
Description: Factory that creates or return existing single instance of the X.509 Provider. X.509 Provider
should use the default Crypto Provider for hashing and signature verification! Therefore when
you load the X.509 Provider, in background it loads the default Crypto Provider too.

c(RS_CRYPTO_02306, RS_CRYPTO_02301)
[SWS_CRYPT_30098]{DRAFT} d
Kind: function
Symbol: GenerateRandomData(std::uint32_t count)
Scope: namespace ara::crypto
Syntax: ara::core::Result<ara::core::Vector<ara::core::Byte> >
ara::crypto::GenerateRandomData (std::uint32_t count) noexcept;
Parameters (in): count number of random bytes to generate
Return value: ara::core::Result< ara::core::Vector< a buffer filled with the generated random sequence
ara::core::Byte > >
Exception Safety: noexcept
Thread Safety: Thread-safe
Errors: CryptoErrorDomain::kBusyResource if the used RNG is currently out-of-entropy and
therefore cannot provide the requested number of
random bytes
Header file: #include "ara/crypto/common/entry_point.h"
Description: Return an allocated buffer with a generated random sequence of the requested size.

c(RS_CRYPTO_02206)

317 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

[SWS_CRYPT_20098]{DRAFT} d
Kind: function
Symbol: GetSecureCounter()
Scope: namespace ara::crypto
Syntax: ara::core::Result<SecureCounter> ara::crypto::GetSecureCounter ()
noexcept;
Return value: ara::core::Result< SecureCounter > a SecureCounter struct made up of the two
unsigned 64 bit values (LSQW and MSQW)
Exception Safety: noexcept
Thread Safety: Thread-safe
Errors: CryptoErrorDomain::kUnsupported if the Secure Counter is unsupported by the Crypto
Stack implementation on this Platform
CryptoErrorDomain::kAccessViolation if current Actor has no permission to call this routine
Header file: #include "ara/crypto/common/entry_point.h"
Description: Get current value of 128 bit Secure Counter supported by the Crypto Stack. Secure Counter is
a non-rollover monotonic counter that ensures incrementation of its value for each following
call. The Secure Counter is presented by two 64 bit components: Most Significant Quadword
(MSQW) and Least Significant Quadword (LSQW). During normal operation of the Crypto
Stack, the MSQW value is fixed (unchangeable) and only LSQW should be incremented. The
LSQW counter can be implemented in the "low-power" (always-powered-up) domain of the
main CPU, but the MSQW in the Flash/EEPROM storage. But the MSQW must be incremented
if the LSQW reaches the maximum value of all ones. Also the MSQW must be incremented
during reinitialisation of the whole Crypto Stack (e.g. if the "low-power" supply was interrupted
by some reason). Permission to execute this routine is subject of Identity and Access
Management control and may be restricted by application manifest!

c(RS_CRYPTO_02401)
[SWS_CRYPT_10112]{DRAFT} d
Kind: function
Symbol: HasEarlierVersionThan(const CryptoObjectUid &anotherId)
Scope: struct ara::crypto::CryptoObjectUid
Syntax: constexpr bool ara::crypto::CryptoObjectUid::HasEarlierVersionThan
(const CryptoObjectUid &anotherId) const noexcept;
Parameters (in): anotherId another identifier for the comparison
Return value: bool true if this identifier was generated earlier than the
anotherId
Exception Safety: noexcept
Thread Safety: Reentrant
Header file: #include "ara/crypto/common/crypto_object_uid.h"
Description: Check whether this identifier was generated earlier than the one provided by the argument.

c(RS_CRYPTO_02006)
[SWS_CRYPT_10113]{DRAFT} d
Kind: function
Symbol: HasLaterVersionThan(const CryptoObjectUid &anotherId)
Scope: struct ara::crypto::CryptoObjectUid
5

318 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

4
Syntax: constexpr bool ara::crypto::CryptoObjectUid::HasLaterVersionThan
(const CryptoObjectUid &anotherId) const noexcept;
Parameters (in): anotherId another identifier for the comparison
Return value: bool true if this identifier was generated later than the
anotherId
Exception Safety: noexcept
Thread Safety: Reentrant
Header file: #include "ara/crypto/common/crypto_object_uid.h"
Description: Check whether this identifier was generated later than the one provided by the argument.

c(RS_CRYPTO_02006)
[SWS_CRYPT_10111]{DRAFT} d
Kind: function
Symbol: HasSameSourceAs(const CryptoObjectUid &anotherId)
Scope: struct ara::crypto::CryptoObjectUid
Syntax: constexpr bool ara::crypto::CryptoObjectUid::HasSameSourceAs (const
CryptoObjectUid &anotherId) const noexcept;
Parameters (in): anotherId another identifier for the comparison
Return value: bool true if both identifiers has common source (identical
value of the mGeneratorUid field)
Exception Safety: noexcept
Thread Safety: Reentrant
Header file: #include "ara/crypto/common/crypto_object_uid.h"
Description: Check whether this identifier has a common source with the one provided by the argument.

c(RS_CRYPTO_02006)
[SWS_CRYPT_10114]{DRAFT} d
Kind: function
Symbol: IsNil()
Scope: struct ara::crypto::CryptoObjectUid
Syntax: bool ara::crypto::CryptoObjectUid::IsNil () const noexcept;
Return value: bool true if this identifier is "Nil" and false otherwise
Exception Safety: noexcept
Thread Safety: Reentrant
Header file: #include "ara/crypto/common/crypto_object_uid.h"
Description: Check whether this identifier is "Nil".

c(RS_CRYPTO_02006)
[SWS_CRYPT_10115]{DRAFT} d
Kind: function
Symbol: SourceIsNil()
Scope: struct ara::crypto::CryptoObjectUid
5

319 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

4
Syntax: bool ara::crypto::CryptoObjectUid::SourceIsNil () const noexcept;
Return value: bool true if this identifier is "Nil" and false otherwise
Exception Safety: noexcept
Thread Safety: Reentrant
Header file: #include "ara/crypto/common/crypto_object_uid.h"
Description: Check whether this object’s generator identifier is "Nil".

c(RS_CRYPTO_02006)
[SWS_CRYPT_10810]{DRAFT} d
Kind: function
Symbol: ~IOInterface()
Scope: class ara::crypto::IOInterface
Syntax: virtual ara::crypto::IOInterface::~IOInterface () noexcept=default;
Exception Safety: noexcept
Header file: #include "ara/crypto/common/io_interface.h"
Description: Destructor.

c(RS_CRYPTO_02004)
[SWS_CRYPT_10819]{DRAFT} d
Kind: function
Symbol: GetAllowedUsage()
Scope: class ara::crypto::IOInterface
Syntax: virtual AllowedUsageFlags ara::crypto::IOInterface::GetAllowedUsage ()
const noexcept=0;
Return value: AllowedUsageFlags allowed key/seed usage flags
Exception Safety: noexcept
Thread Safety: Thread-safe
Header file: #include "ara/crypto/common/io_interface.h"
Description: Return actual allowed key/seed usage flags defined by the key slot prototype for this "Actor"
and current content of the container. Volatile containers don’t have any prototyped restrictions,
but can have restrictions defined at run-time for a current instance of object. A value returned
by this method is bitwise AND of the common usage flags defined at run-time and the usage
flags defined by the UserPermissions prototype for current "Actor". This method is especially
useful for empty permanent prototyped containers.

c(RS_CRYPTO_02008)
[SWS_CRYPT_10813]{DRAFT} d
Kind: function
Symbol: GetCapacity()
Scope: class ara::crypto::IOInterface
Syntax: virtual std::size_t ara::crypto::IOInterface::GetCapacity () const
noexcept=0;
Return value: std::size_t capacity of the underlying buffer of this IOInterface
(in bytes)
5

320 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

4
Exception Safety: noexcept
Thread Safety: Thread-safe
Header file: #include "ara/crypto/common/io_interface.h"
Description: Return capacity of the underlying resource.

c(RS_CRYPTO_02110)
[SWS_CRYPT_10812]{DRAFT} d
Kind: function
Symbol: GetCryptoObjectType()
Scope: class ara::crypto::IOInterface
Syntax: virtual CryptoObjectType ara::crypto::IOInterface::GetCryptoObjectType
() const noexcept=0;
Return value: CryptoObjectType the CryptoObjectType stored inside the referenced
resource
Exception Safety: noexcept
Thread Safety: Thread-safe
Header file: #include "ara/crypto/common/io_interface.h"
Description: Return the CryptoObjectType of the object referenced by this IOInterface.

c(RS_CRYPTO_02110)
[SWS_CRYPT_10811]{DRAFT} d
Kind: function
Symbol: GetObjectId()
Scope: class ara::crypto::IOInterface
Syntax: virtual CryptoObjectUid ara::crypto::IOInterface::GetObjectId () const
noexcept=0;
Return value: CryptoObjectUid type of the content stored in the container
Exception Safety: noexcept
Thread Safety: Thread-safe
Header file: #include "ara/crypto/common/io_interface.h"
Description: Return COUID of an object stored to this IOInterface. If the container is empty then this method
returns CryptoObjectType::KUndefined. Unambiguous identification of a crypto object requires
both components: CryptoObjectUid and CryptoObjectType.

c(RS_CRYPTO_02004)
[SWS_CRYPT_10817]{DRAFT} d
Kind: function
Symbol: GetPayloadSize()
Scope: class ara::crypto::IOInterface
Syntax: virtual std::size_t ara::crypto::IOInterface::GetPayloadSize () const
noexcept=0;
Return value: std::size_t size of an object payload stored in the underlying
buffer of this IOInterface (in bytes)
5

321 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

4
Exception Safety: noexcept
Thread Safety: Thread-safe
Header file: #include "ara/crypto/common/io_interface.h"
Description: Return size of an object payload stored in the underlying buffer of this IOInterface. If the
container is empty then this method returns 0. Returned value does not take into account the
object’s meta-information properties, but their size is fixed and common for all crypto objects
independently from their actual type. space for an object’s meta-information automatically,
according to their implementation details.

c(RS_CRYPTO_02109)
[SWS_CRYPT_10822]{DRAFT} d
Kind: function
Symbol: GetPrimitiveId()
Scope: class ara::crypto::IOInterface
Syntax: virtual CryptoAlgId ara::crypto::IOInterface::GetPrimitiveId () const
noexcept=0;
Return value: CryptoAlgId the binary Crypto Primitive ID
Exception Safety: noexcept
Thread Safety: Thread-safe
Header file: #include "ara/crypto/common/io_interface.h"
Description: Get vendor specific ID of the primitive.

c(RS_CRYPTO_02004)
[SWS_CRYPT_10818]{DRAFT} d
Kind: function
Symbol: GetTypeRestriction()
Scope: class ara::crypto::IOInterface
Syntax: virtual CryptoObjectType ara::crypto::IOInterface::GetTypeRestriction
() const noexcept=0;
Return value: CryptoObjectType an object type of allowed content (CryptoObject
Type::kUndefined means without restriction)
Exception Safety: noexcept
Thread Safety: Thread-safe
Header file: #include "ara/crypto/common/io_interface.h"
Description: Return content type restriction of this IOInterface. If KeySlotPrototypeProps::mAllowContent
TypeChange==TRUE, then kUndefined shall be returned. If a container has a type restriction
different from CryptoObjectType::kUndefined then only objects of the mentioned type can be
saved to this container. Volatile containers don’t have any content type restrictions.

c(RS_CRYPTO_02004, RS_CRYPTO_02110)
[SWS_CRYPT_10816]{DRAFT} d
Kind: function
Symbol: IsObjectExportable()
Scope: class ara::crypto::IOInterface
5

322 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

4
Syntax: virtual bool ara::crypto::IOInterface::IsObjectExportable () const
noexcept=0;
Return value: bool true if an object stored to the container has set the
"exportable" attribute
Exception Safety: noexcept
Thread Safety: Thread-safe
Header file: #include "ara/crypto/common/io_interface.h"
Description: Return the "exportable" attribute of an object stored to the container. The exportability of an
object doesn’t depend from the volatility of its container.

c(RS_CRYPTO_02109)
[SWS_CRYPT_10815]{DRAFT} d
Kind: function
Symbol: IsObjectSession()
Scope: class ara::crypto::IOInterface
Syntax: virtual bool ara::crypto::IOInterface::IsObjectSession () const
noexcept=0;
Return value: bool true if the object referenced by this IOInterface has
set the "session" attribute
Exception Safety: noexcept
Thread Safety: Thread-safe
Header file: #include "ara/crypto/common/io_interface.h"
Description: Return the "session" (or "temporary") attribute of an object as set e.g. by KeyDerivation
FunctionCtx::DeriveKey(). A "session" object can be stored to a VolatileTrustedContainer only!
If this IOInterface is linked to a KeySlot this returns always false.

c(RS_CRYPTO_02109)
[SWS_CRYPT_10814]{DRAFT} d
Kind: function
Symbol: IsVolatile()
Scope: class ara::crypto::IOInterface
Syntax: virtual bool ara::crypto::IOInterface::IsVolatile () const noexcept=0;
Return value: bool true if the container has a volatile nature (i.e.
"temporary" or "in RAM") or false otherwise
Exception Safety: noexcept
Thread Safety: Thread-safe
Header file: #include "ara/crypto/common/io_interface.h"
Description: Return volatility of the the underlying buffer of this IOInterface. A "session" object can be stored
to a "volatile" container only. A content of a "volatile" container will be destroyed together with
the interface instance.

c(RS_CRYPTO_02109)

323 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

[SWS_CRYPT_10823]{DRAFT} d
Kind: function
Symbol: IsValid()
Scope: class ara::crypto::IOInterface
Syntax: virtual bool ara::crypto::IOInterface::IsValid () const noexcept=0;
Return value: bool true if the underlying resource can be valid, false
otherwise
Exception Safety: noexcept
Thread Safety: Thread-safe
Header file: #include "ara/crypto/common/io_interface.h"
Description: Get whether the underlying KeySlot is valid. An IOInterface is invalidated if the underlying
resource has been modified after the IOInterface has been opened.

c(RS_CRYPTO_02004)
[SWS_CRYPT_10821]{DRAFT} d
Kind: function
Symbol: IsWritable()
Scope: class ara::crypto::IOInterface
Syntax: virtual bool ara::crypto::IOInterface::IsWritable () const noexcept=0;
Return value: bool true if the underlying resource can be written
Exception Safety: noexcept
Thread Safety: Thread-safe
Header file: #include "ara/crypto/common/io_interface.h"
Description: Get whether the underlying KeySlot is writable - if this IOInterface is linked to a VolatileTrusted
Container always return true.

c(RS_CRYPTO_02004)
[SWS_CRYPT_30202]{DRAFT} d
Kind: function
Symbol: operator=(const IOInterface &other)
Scope: class ara::crypto::IOInterface
Syntax: IOInterface& ara::crypto::IOInterface::operator= (const IOInterface
&other)=default;
Parameters (in): other the other instance
Return value: IOInterface & *this, containing the contents of other
Header file: #include "ara/crypto/common/io_interface.h"
Description: Copy-assign another IOInterface to this instance.

c(RS_CRYPTO_02004)
[SWS_CRYPT_30203]{DRAFT} d
Kind: function
Symbol: operator=(IOInterface &&other)
Scope: class ara::crypto::IOInterface
5

324 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

4
Syntax: IOInterface& ara::crypto::IOInterface::operator= (IOInterface
&&other)=default;
Parameters (in): other the other instance
Return value: IOInterface & *this, containing the contents of other
Header file: #include "ara/crypto/common/io_interface.h"
Description: Move-assign another IOInterface to this instance.

c(RS_CRYPTO_02004)
[SWS_CRYPT_10150]{DRAFT} d
Kind: function
Symbol: operator==(const CryptoObjectUid &lhs, const CryptoObjectUid &rhs)
Scope: namespace ara::crypto
Syntax: constexpr bool ara::crypto::operator== (const CryptoObjectUid &lhs,
const CryptoObjectUid &rhs) noexcept;
Parameters (in): lhs left-hand side operand
rhs right-hand side operand
Return value: bool true if all members’ values of lhs is equal to rhs, and
false otherwise
Exception Safety: noexcept
Thread Safety: Thread-safe
Header file: #include "ara/crypto/common/crypto_object_uid.h"
Description: Comparison operator "equal" for CryptoObjectUid operands.

c(RS_CRYPTO_02005)
[SWS_CRYPT_10151]{DRAFT} d
Kind: function
Symbol: operator<(const CryptoObjectUid &lhs, const CryptoObjectUid &rhs)
Scope: namespace ara::crypto
Syntax: constexpr bool ara::crypto::operator< (const CryptoObjectUid &lhs,
const CryptoObjectUid &rhs) noexcept;
Parameters (in): lhs left-hand side operand
rhs right-hand side operand
Return value: bool true if a binary representation of lhs is less than rhs,
and false otherwise
Exception Safety: noexcept
Thread Safety: Thread-safe
Header file: #include "ara/crypto/common/crypto_object_uid.h"
Description: Comparison operator "less than" for CryptoObjectUid operands.

c(RS_CRYPTO_02005)

325 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

[SWS_CRYPT_10152]{DRAFT} d
Kind: function
Symbol: operator>(const CryptoObjectUid &lhs, const CryptoObjectUid &rhs)
Scope: namespace ara::crypto
Syntax: constexpr bool ara::crypto::operator> (const CryptoObjectUid &lhs,
const CryptoObjectUid &rhs) noexcept;
Parameters (in): lhs left-hand side operand
rhs right-hand side operand
Return value: bool true if a binary representation of lhs is greater than
rhs, and false otherwise
Exception Safety: noexcept
Thread Safety: Thread-safe
Header file: #include "ara/crypto/common/crypto_object_uid.h"
Description: Comparison operator "greater than" for CryptoObjectUid operands.

c(RS_CRYPTO_02005)
[SWS_CRYPT_10153]{DRAFT} d
Kind: function
Symbol: operator!=(const CryptoObjectUid &lhs, const CryptoObjectUid &rhs)
Scope: namespace ara::crypto
Syntax: constexpr bool ara::crypto::operator!= (const CryptoObjectUid &lhs,
const CryptoObjectUid &rhs) noexcept;
Parameters (in): lhs left-hand side operand
rhs right-hand side operand
Return value: bool true if at least one member of lhs has a value not
equal to correspondent member of rhs, and false
otherwise
Exception Safety: noexcept
Thread Safety: Thread-safe
Header file: #include "ara/crypto/common/crypto_object_uid.h"
Description: Comparison operator "not equal" for CryptoObjectUid operands.

c(RS_CRYPTO_02005)
[SWS_CRYPT_10154]{DRAFT} d
Kind: function
Symbol: operator<=(const CryptoObjectUid &lhs, const CryptoObjectUid &rhs)
Scope: namespace ara::crypto
Syntax: constexpr bool ara::crypto::operator<= (const CryptoObjectUid &lhs,
const CryptoObjectUid &rhs) noexcept;
Parameters (in): lhs left-hand side operand
rhs right-hand side operand
Return value: bool true if a binary representation of lhs is less than or
equal to rhs, and false otherwise
Exception Safety: noexcept
Thread Safety: Thread-safe
5

326 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

4
Header file: #include "ara/crypto/common/crypto_object_uid.h"
Description: Comparison operator "less than or equal" for CryptoObjectUid operands.

c(RS_CRYPTO_02005)
[SWS_CRYPT_10155]{DRAFT} d
Kind: function
Symbol: operator>=(const CryptoObjectUid &lhs, const CryptoObjectUid &rhs)
Scope: namespace ara::crypto
Syntax: constexpr bool ara::crypto::operator>= (const CryptoObjectUid &lhs,
const CryptoObjectUid &rhs) noexcept;
Parameters (in): lhs left-hand side operand
rhs right-hand side operand
Return value: bool true if a binary representation of lhs is greater than
or equal to rhs, and false otherwise
Exception Safety: noexcept
Thread Safety: Thread-safe
Header file: #include "ara/crypto/common/crypto_object_uid.h"
Description: Comparison operator "greater than or equal" for CryptoObjectUid operands.

c(RS_CRYPTO_02005)
[SWS_CRYPT_10451]{DRAFT} d
Kind: function
Symbol: operator==(const Uuid &lhs, const Uuid &rhs)
Scope: namespace ara::crypto
Syntax: constexpr bool ara::crypto::operator== (const Uuid &lhs, const Uuid
&rhs) noexcept;
Parameters (in): lhs left-hand side operand
rhs right-hand side operand
Return value: bool true if a binary representation of lhs is equal to rhs,
and false otherwise
Exception Safety: noexcept
Thread Safety: Thread-safe
Header file: #include "ara/crypto/common/uuid.h"
Description: Comparison operator "equal" for Uuid operands.

c(RS_CRYPTO_02112)
[SWS_CRYPT_10452]{DRAFT} d
Kind: function
Symbol: operator<(const Uuid &lhs, const Uuid &rhs)
Scope: namespace ara::crypto
Syntax: constexpr bool ara::crypto::operator< (const Uuid &lhs, const Uuid
&rhs) noexcept;
Parameters (in): lhs left-hand side operand
5

327 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

4
rhs right-hand side operand
Return value: bool true if a binary representation of lhs is less than rhs,
and false otherwise
Exception Safety: noexcept
Thread Safety: Thread-safe
Header file: #include "ara/crypto/common/uuid.h"
Description: Comparison operator "less than" for Uuid operands.

c(RS_CRYPTO_02112)
[SWS_CRYPT_10453]{DRAFT} d
Kind: function
Symbol: operator>(const Uuid &lhs, const Uuid &rhs)
Scope: namespace ara::crypto
Syntax: constexpr bool ara::crypto::operator> (const Uuid &lhs, const Uuid
&rhs) noexcept;
Parameters (in): lhs left-hand side operand
rhs right-hand side operand
Return value: bool true if a binary representation of lhs is greater than
rhs, and false otherwise
Exception Safety: noexcept
Thread Safety: Thread-safe
Header file: #include "ara/crypto/common/uuid.h"
Description: Comparison operator "greater than" for Uuid operands.

c(RS_CRYPTO_02112)
[SWS_CRYPT_10454]{DRAFT} d
Kind: function
Symbol: operator!=(const Uuid &lhs, const Uuid &rhs)
Scope: namespace ara::crypto
Syntax: constexpr bool ara::crypto::operator!= (const Uuid &lhs, const Uuid
&rhs) noexcept;
Parameters (in): lhs left-hand side operand
rhs right-hand side operand
Return value: bool true if a binary representation of lhs is not equal to
rhs, and false otherwise
Exception Safety: noexcept
Thread Safety: Thread-safe
Header file: #include "ara/crypto/common/uuid.h"
Description: Comparison operator "not equal" for Uuid operands.

c(RS_CRYPTO_02112)

328 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

[SWS_CRYPT_10455]{DRAFT} d
Kind: function
Symbol: operator<=(const Uuid &lhs, const Uuid &rhs)
Scope: namespace ara::crypto
Syntax: constexpr bool ara::crypto::operator<= (const Uuid &lhs, const Uuid
&rhs) noexcept;
Parameters (in): lhs left-hand side operand
rhs right-hand side operand
Return value: bool true if a binary representation of lhs is less than or
equal to rhs, and false otherwise
Exception Safety: noexcept
Thread Safety: Thread-safe
Header file: #include "ara/crypto/common/uuid.h"
Description: Comparison operator "less than or equal" for Uuid operands.

c(RS_CRYPTO_02112)
[SWS_CRYPT_10456]{DRAFT} d
Kind: function
Symbol: operator>=(const Uuid &lhs, const Uuid &rhs)
Scope: namespace ara::crypto
Syntax: constexpr bool ara::crypto::operator>= (const Uuid &lhs, const Uuid
&rhs) noexcept;
Parameters (in): lhs left-hand side operand
rhs right-hand side operand
Return value: bool true if a binary representation of lhs is greater than
or equal to rhs, and false otherwise
Exception Safety: noexcept
Thread Safety: Thread-safe
Header file: #include "ara/crypto/common/uuid.h"
Description: Comparison operator "greater than or equal" for Uuid operands.

c(RS_CRYPTO_02112)
[SWS_CRYPT_19954]{DRAFT} d
Kind: function
Symbol: ThrowAsException(const ara::core::ErrorCode &errorCode)
Scope: class ara::crypto::CryptoErrorDomain
Syntax: void ara::crypto::CryptoErrorDomain::ThrowAsException (const
ara::core::ErrorCode &errorCode) const override;
Parameters (in): errorCode an error code identifier from the CryptoErrc
enumeration
Return value: None
Header file: #include "ara/crypto/common/crypto_error_domain.h"
Description: throws exception of error code

c(RS_CRYPTO_02310)

329 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

[SWS_CRYPT_19902]{DRAFT} d
Kind: function
Symbol: CryptoErrorDomain()
Scope: class ara::crypto::CryptoErrorDomain
Syntax: constexpr ara::crypto::CryptoErrorDomain::CryptoErrorDomain ()
noexcept;
Exception Safety: noexcept
Header file: #include "ara/crypto/common/crypto_error_domain.h"
Description: Ctor of the CryptoErrorDomain.

c(RS_CRYPTO_02310)
[SWS_CRYPT_19950]{DRAFT} d
Kind: function
Symbol: Name()
Scope: class ara::crypto::CryptoErrorDomain
Syntax: const char* ara::crypto::CryptoErrorDomain::Name () const noexcept
override;
Return value: const char * "Crypto" text
Exception Safety: noexcept
Header file: #include "ara/crypto/common/crypto_error_domain.h"
Description: returns Text "Crypto"

c(RS_CRYPTO_02310)
[SWS_CRYPT_19953]{DRAFT} d
Kind: function
Symbol: Message(ara::core::ErrorDomain::CodeType errorCode)
Scope: class ara::crypto::CryptoErrorDomain
Syntax: const char* ara::crypto::CryptoErrorDomain::Message (ara::core::Error
Domain::CodeType errorCode) const noexcept override;
Parameters (in): errorCode an error code identifier from the CryptoErrc
enumeration
Return value: const char * message text of error code
Exception Safety: noexcept
Header file: #include "ara/crypto/common/crypto_error_domain.h"
Description: Translate an error code value into a text message.

c(RS_CRYPTO_02310)
[SWS_CRYPT_10710]{DRAFT} d
Kind: function
Symbol: ~Serializable()
Scope: class ara::crypto::Serializable
Syntax: virtual ara::crypto::Serializable::~Serializable () noexcept=default;
Exception Safety: noexcept
5

330 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

4
Header file: #include "ara/crypto/common/serializable.h"
Description: Destructor.

c(RS_CRYPTO_02004, RS_CRYPTO_02302)
[SWS_CRYPT_10711]{DRAFT} d
Kind: function
Symbol: ExportPublicly(FormatId formatId=kFormatDefault)
Scope: class ara::crypto::Serializable
Syntax: virtual ara::core::Result<ara::core::Vector<ara::core::Byte> >
ara::crypto::Serializable::ExportPublicly (FormatId formatId=kFormat
Default) const noexcept=0;
Parameters (in): formatId the Crypto Provider specific identifier of the output
format
Return value: ara::core::Result< ara::core::Vector< a buffer with the serialized object
ara::core::Byte > >
Exception Safety: noexcept
Thread Safety: Thread-safe
Errors: CryptoErrorDomain::kInsufficient if (output.empty() == false), but it’s capacity is less
Capacity than required
CryptoErrorDomain::kUnknown if an unknown format ID was specified
Identifier
CryptoErrorDomain::kUnsupported if the specified format ID is not supported for this
Format object type
Header file: #include "ara/crypto/common/serializable.h"
Description: Serialize itself publicly.

c(RS_CRYPTO_02112)
[SWS_CRYPT_10712]{DRAFT} d
Kind: function
Symbol: ExportPublicly(FormatId formatId=kFormatDefault)
Scope: class ara::crypto::Serializable
Syntax: template <typename Alloc = <implementation-defined>>
ara::core::Result<ByteVector<Alloc> >
ara::crypto::Serializable::ExportPublicly (FormatId formatId=kFormat
Default) const noexcept;
Template param: Alloc custom allocator type of the output container
Parameters (in): formatId the Crypto Provider specific identifier of the output
format
Return value: ara::core::Result< ByteVector< Alloc > pre-reserved managed container for the serialization
> output
Exception Safety: noexcept
Thread Safety: Thread-safe
Errors: CryptoErrorDomain::kInsufficient if capacity of the output buffer is less than required
Capacity
CryptoErrorDomain::kUnknown if an unknown format ID was specified
Identifier
5

331 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

4
CryptoErrorDomain::kUnsupported if the specified format ID is not supported for this
Format object type
Header file: #include "ara/crypto/common/serializable.h"
Description: Serialize itself publicly. This method sets the size of the output container according to actually
saved value!

c(RS_CRYPTO_02112)
[SWS_CRYPT_30204]{DRAFT} d
Kind: function
Symbol: operator=(const Serializable &other)
Scope: class ara::crypto::Serializable
Syntax: Serializable& ara::crypto::Serializable::operator= (const Serializable
&other)=default;
Parameters (in): other the other instance
Return value: Serializable & *this, containing the contents of other
Header file: #include "ara/crypto/common/serializable.h"
Description: Copy-assign another Serializable to this instance.

c(RS_CRYPTO_02004)
[SWS_CRYPT_30205]{DRAFT} d
Kind: function
Symbol: operator=(Serializable &&other)
Scope: class ara::crypto::Serializable
Syntax: Serializable& ara::crypto::Serializable::operator= (Serializable
&&other)=default;
Parameters (in): other the other instance
Return value: Serializable & *this, containing the contents of other
Header file: #include "ara/crypto/common/serializable.h"
Description: Move-assign another Serializable to this instance.

c(RS_CRYPTO_02004)
[SWS_CRYPT_10851]{DRAFT} d
Kind: function
Symbol: ~VolatileTrustedContainer()
Scope: class ara::crypto::VolatileTrustedContainer
Syntax: virtual ara::crypto::VolatileTrustedContainer::~VolatileTrusted
Container () noexcept=default;
Exception Safety: noexcept
Header file: #include "ara/crypto/common/volatile_trusted_container.h"
Description: Destructor.

c(RS_CRYPTO_02004)

332 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

[SWS_CRYPT_10853]{DRAFT} d
Kind: function
Symbol: GetIOInterface()
Scope: class ara::crypto::VolatileTrustedContainer
Syntax: virtual IOInterface& ara::crypto::VolatileTrustedContainer::Get
IOInterface () const noexcept=0;
Return value: IOInterface & a reference to the IOInterface of this container
Exception Safety: noexcept
Header file: #include "ara/crypto/common/volatile_trusted_container.h"
Description: Retrieve the IOInterface used for importing/exporting objects into this container.

c(RS_CRYPTO_02004)
[SWS_CRYPT_30206]{DRAFT} d
Kind: function
Symbol: operator=(const VolatileTrustedContainer &other)
Scope: class ara::crypto::VolatileTrustedContainer
Syntax: VolatileTrustedContainer& ara::crypto::VolatileTrusted
Container::operator= (const VolatileTrustedContainer &other)=default;
Parameters (in): other the other instance
Return value: VolatileTrustedContainer & *this, containing the contents of other
Header file: #include "ara/crypto/common/volatile_trusted_container.h"
Description: Copy-assign another VolatileTrustedContainer to this instance.

c(RS_CRYPTO_02004)
[SWS_CRYPT_30207]{DRAFT} d
Kind: function
Symbol: operator=(VolatileTrustedContainer &&other)
Scope: class ara::crypto::VolatileTrustedContainer
Syntax: VolatileTrustedContainer& ara::crypto::VolatileTrusted
Container::operator= (VolatileTrustedContainer &&other)=default;
Parameters (in): other the other instance
Return value: VolatileTrustedContainer & *this, containing the contents of other
Header file: #include "ara/crypto/common/volatile_trusted_container.h"
Description: Move-assign another VolatileTrustedContainer to this instance.

c(RS_CRYPTO_02004)
[SWS_CRYPT_10411]{DRAFT} d
Kind: function
Symbol: IsNil()
Scope: struct ara::crypto::Uuid
Syntax: bool ara::crypto::Uuid::IsNil () const noexcept;
Return value: bool true if this identifier is "Nil" and false otherwise
Exception Safety: noexcept
5

333 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

4
Thread Safety: Thread-safe
Header file: #include "ara/crypto/common/uuid.h"
Description: Check whether this identifier is the "Nil UUID" (according to RFC4122).

c(RS_CRYPTO_02005)
[SWS_CRYPT_13000]{DRAFT} d
Kind: variable
Symbol: kAlgIdUndefined
Scope: namespace ara::crypto
Type: const CryptoAlgId
Syntax: const CryptoAlgId ara::crypto::kAlgIdUndefined = 0u;
Header file: #include "ara/crypto/common/base_id_types.h"
Description: Algorithm ID is undefined. Also this value may be used in meanings: Any or Default algorithm,
None of algorithms.
Effective values of Crypto Algorithm IDs are specific for concrete Crypto Stack implementation.
But the zero value is reserved for especial purposes, that can differ depending from a usage
context. This group defines a few constant names of the single zero value, but semantically
they have different meaning specific for concrete application of the constant.

c(RS_CRYPTO_02107)
[SWS_CRYPT_13001]{DRAFT} d
Kind: variable
Symbol: kAlgIdAny
Scope: namespace ara::crypto
Type: const CryptoAlgId
Syntax: const CryptoAlgId ara::crypto::kAlgIdAny = kAlgIdUndefined;
Header file: #include "ara/crypto/common/base_id_types.h"
Description: Any Algorithm ID is allowed.

c(RS_CRYPTO_02107)
[SWS_CRYPT_13002]{DRAFT} d
Kind: variable
Symbol: kAlgIdDefault
Scope: namespace ara::crypto
Type: const CryptoAlgId
Syntax: const CryptoAlgId ara::crypto::kAlgIdDefault = kAlgIdUndefined;
Header file: #include "ara/crypto/common/base_id_types.h"
Description: Default Algorithm ID (in current context/primitive).

c(RS_CRYPTO_02107)

334 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

[SWS_CRYPT_13003]{DRAFT} d
Kind: variable
Symbol: kAlgIdNone
Scope: namespace ara::crypto
Type: const CryptoAlgId
Syntax: const CryptoAlgId ara::crypto::kAlgIdNone = kAlgIdUndefined;
Header file: #include "ara/crypto/common/base_id_types.h"
Description: None of Algorithm ID (i.e. an algorithm definition is not applicable).

c(RS_CRYPTO_02107)
[SWS_CRYPT_13102]{DRAFT} d
Kind: variable
Symbol: kAllowDataDecryption
Scope: namespace ara::crypto
Type: const AllowedUsageFlags
Syntax: const AllowedUsageFlags ara::crypto::kAllowDataDecryption = 0x0002;
Header file: #include "ara/crypto/common/base_id_types.h"
Description: The key/seed can be used for data decryption initialization (applicable to symmetric and
asymmetric algorithms).

c(RS_CRYPTO_02111)
[SWS_CRYPT_13101]{DRAFT} d
Kind: variable
Symbol: kAllowDataEncryption
Scope: namespace ara::crypto
Type: const AllowedUsageFlags
Syntax: const AllowedUsageFlags ara::crypto::kAllowDataEncryption = 0x0001;
Header file: #include "ara/crypto/common/base_id_types.h"
Description: The key/seed can be used for data encryption initialization (applicable to symmetric and
asymmetric algorithms).

c(RS_CRYPTO_02111)
[SWS_CRYPT_13113]{DRAFT} d
Kind: variable
Symbol: kAllowDerivedDataDecryption
Scope: namespace ara::crypto
Type: const AllowedUsageFlags
Syntax: const AllowedUsageFlags ara::crypto::kAllowDerivedDataDecryption = k
AllowDataDecryption << 16;
Header file: #include "ara/crypto/common/base_id_types.h"
Description: A derived seed or symmetric key can be used for data decryption.

c(RS_CRYPTO_02111)

335 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

[SWS_CRYPT_13112]{DRAFT} d
Kind: variable
Symbol: kAllowDerivedDataEncryption
Scope: namespace ara::crypto
Type: const AllowedUsageFlags
Syntax: const AllowedUsageFlags ara::crypto::kAllowDerivedDataEncryption = k
AllowDataEncryption << 16;
Header file: #include "ara/crypto/common/base_id_types.h"
Description: A derived seed or symmetric key can be used for data encryption.

c(RS_CRYPTO_02111)
[SWS_CRYPT_13117]{DRAFT} d
Kind: variable
Symbol: kAllowDerivedRngInit
Scope: namespace ara::crypto
Type: const AllowedUsageFlags
Syntax: const AllowedUsageFlags ara::crypto::kAllowDerivedRngInit = kAllowRng
Init << 16;
Header file: #include "ara/crypto/common/base_id_types.h"
Description: A derived seed or symmetric key can be used for seeding of a RandomGeneratorContext.

c(RS_CRYPTO_02111)
[SWS_CRYPT_13121]{DRAFT} d
Kind: variable
Symbol: kAllowDerivedExactModeOnly
Scope: namespace ara::crypto
Type: const AllowedUsageFlags
Syntax: const AllowedUsageFlags ara::crypto::kAllowDerivedExactModeOnly = k
AllowExactModeOnly << 16;
Header file: #include "ara/crypto/common/base_id_types.h"
Description: Restrict usage of derived objects to specified operation mode only. A derived seed or
symmetric key can be used only for the mode directly specified by Key::AlgId.

c(RS_CRYPTO_02111)
[SWS_CRYPT_13118]{DRAFT} d
Kind: variable
Symbol: kAllowDerivedKdfMaterial
Scope: namespace ara::crypto
Type: const AllowedUsageFlags
Syntax: const AllowedUsageFlags ara::crypto::kAllowDerivedKdfMaterial = kAllow
KdfMaterial << 16;
Header file: #include "ara/crypto/common/base_id_types.h"
Description: A derived seed or symmetric key can be used as a RestrictedUseObject for slave-keys
derivation via a Key Derivation Function (KDF).

c(RS_CRYPTO_02111)

336 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

[SWS_CRYPT_13122]{DRAFT} d
Kind: variable
Symbol: kAllowKdfMaterialAnyUsage
Scope: namespace ara::crypto
Type: const AllowedUsageFlags
Syntax: const AllowedUsageFlags ara::crypto::kAllowKdfMaterialAnyUsage = k
AllowKdfMaterial | kAllowDerivedDataEncryption | kAllowDerivedData
Decryption | kAllowDerivedSignature | kAllowDerivedVerification | k
AllowDerivedKeyDiversify | kAllowDerivedRngInit | kAllowDerivedKdf
Material | kAllowDerivedKeyExporting | kAllowDerivedKeyImporting;
Header file: #include "ara/crypto/common/base_id_types.h"
Description: Allow usage of the object as a key material for KDF and any usage of derived objects. The
seed or symmetric key can be used as a RestrictedUseObject for a Key Derivation Function
(KDF) and the derived "slave" keys can be used without limitations.

c(RS_CRYPTO_02111)
[SWS_CRYPT_13116]{DRAFT} d
Kind: variable
Symbol: kAllowDerivedKeyDiversify
Scope: namespace ara::crypto
Type: const AllowedUsageFlags
Syntax: const AllowedUsageFlags ara::crypto::kAllowDerivedKeyDiversify = k
AllowKeyDiversify << 16;
Header file: #include "ara/crypto/common/base_id_types.h"
Description: A derived seed or symmetric key can be used for slave-keys diversification.

c(RS_CRYPTO_02111)
[SWS_CRYPT_13119]{DRAFT} d
Kind: variable
Symbol: kAllowDerivedKeyExporting
Scope: namespace ara::crypto
Type: const AllowedUsageFlags
Syntax: const AllowedUsageFlags ara::crypto::kAllowDerivedKeyExporting = k
AllowKeyExporting << 16;
Header file: #include "ara/crypto/common/base_id_types.h"
Description: A derived seed or symmetric key can be used as a "transport" one for Key-Wrap transformation.

c(RS_CRYPTO_02111)
[SWS_CRYPT_13120]{DRAFT} d
Kind: variable
Symbol: kAllowDerivedKeyImporting
Scope: namespace ara::crypto
Type: const AllowedUsageFlags
5

337 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

4
Syntax: const AllowedUsageFlags ara::crypto::kAllowDerivedKeyImporting = k
AllowKeyImporting << 16;
Header file: #include "ara/crypto/common/base_id_types.h"
Description: A derived seed or symmetric key can be used as a "transport" one for Key-Unwrap
transformation.

c(RS_CRYPTO_02111)
[SWS_CRYPT_13114]{DRAFT} d
Kind: variable
Symbol: kAllowDerivedSignature
Scope: namespace ara::crypto
Type: const AllowedUsageFlags
Syntax: const AllowedUsageFlags ara::crypto::kAllowDerivedSignature = kAllow
Signature << 16;
Header file: #include "ara/crypto/common/base_id_types.h"
Description: A derived seed or symmetric key can be used for MAC/HMAC production.

c(RS_CRYPTO_02111)
[SWS_CRYPT_13115]{DRAFT} d
Kind: variable
Symbol: kAllowDerivedVerification
Scope: namespace ara::crypto
Type: const AllowedUsageFlags
Syntax: const AllowedUsageFlags ara::crypto::kAllowDerivedVerification = k
AllowVerification << 16;
Header file: #include "ara/crypto/common/base_id_types.h"
Description: A derived seed or symmetric key can be used for MAC/HMAC verification.

c(RS_CRYPTO_02111)
[SWS_CRYPT_13111]{DRAFT} d
Kind: variable
Symbol: kAllowExactModeOnly
Scope: namespace ara::crypto
Type: const AllowedUsageFlags
Syntax: const AllowedUsageFlags ara::crypto::kAllowExactModeOnly = 0x8000;
Header file: #include "ara/crypto/common/base_id_types.h"
Description: The key can be used only for the mode directly specified by Key::AlgId.

c(RS_CRYPTO_02111)

338 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

[SWS_CRYPT_13108]{DRAFT} d
Kind: variable
Symbol: kAllowKdfMaterial
Scope: namespace ara::crypto
Type: const AllowedUsageFlags
Syntax: const AllowedUsageFlags ara::crypto::kAllowKdfMaterial = 0x0080;
Header file: #include "ara/crypto/common/base_id_types.h"
Description: The object can be used as an input key material to KDF. The seed or symmetric key can be
used as a RestrictedUseObject for slave-keys derivation via a Key Derivation Function (KDF).

c(RS_CRYPTO_02111)
[SWS_CRYPT_13105]{DRAFT} d
Kind: variable
Symbol: kAllowKeyAgreement
Scope: namespace ara::crypto
Type: const AllowedUsageFlags
Syntax: const AllowedUsageFlags ara::crypto::kAllowKeyAgreement = 0x0010;
Header file: #include "ara/crypto/common/base_id_types.h"
Description: The seed or asymmetric key can be used for key-agreement protocol execution.

c(RS_CRYPTO_02111)
[SWS_CRYPT_13106]{DRAFT} d
Kind: variable
Symbol: kAllowKeyDiversify
Scope: namespace ara::crypto
Type: const AllowedUsageFlags
Syntax: const AllowedUsageFlags ara::crypto::kAllowKeyDiversify = 0x0020;
Header file: #include "ara/crypto/common/base_id_types.h"
Description: The seed or symmetric key can be used for slave-keys diversification.

c(RS_CRYPTO_02111)
[SWS_CRYPT_13109]{DRAFT} d
Kind: variable
Symbol: kAllowKeyExporting
Scope: namespace ara::crypto
Type: const AllowedUsageFlags
Syntax: const AllowedUsageFlags ara::crypto::kAllowKeyExporting = 0x0100;
Header file: #include "ara/crypto/common/base_id_types.h"
Description: The key can be used as "transport" one for Key-Wrap or Encapsulate transformations
(applicable to symmetric and asymmetric keys).

c(RS_CRYPTO_02111)

339 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

[SWS_CRYPT_13110]{DRAFT} d
Kind: variable
Symbol: kAllowKeyImporting
Scope: namespace ara::crypto
Type: const AllowedUsageFlags
Syntax: const AllowedUsageFlags ara::crypto::kAllowKeyImporting = 0x0200;
Header file: #include "ara/crypto/common/base_id_types.h"
Description: The key can be used as "transport" one for Key-Unwrap or Decapsulate transformations
(applicable to symmetric and asymmetric keys).

c(RS_CRYPTO_02111)
[SWS_CRYPT_13100]{DRAFT} d
Kind: variable
Symbol: kAllowPrototypedOnly
Scope: namespace ara::crypto
Type: const AllowedUsageFlags
Syntax: const AllowedUsageFlags ara::crypto::kAllowPrototypedOnly = 0;
Header file: #include "ara/crypto/common/base_id_types.h"
Description: This group contains list of constant 1-bit values predefined for Allowed Usage flags.
The key/seed usage will be fully specified by a key slot prototype (the object can be used only
after reloading from the slot).

c(RS_CRYPTO_02111)
[SWS_CRYPT_13107]{DRAFT} d
Kind: variable
Symbol: kAllowRngInit
Scope: namespace ara::crypto
Type: const AllowedUsageFlags
Syntax: const AllowedUsageFlags ara::crypto::kAllowRngInit = 0x0040;
Header file: #include "ara/crypto/common/base_id_types.h"
Description: The seed or symmetric key can be used for seeding of a RandomGeneratorCtx.

c(RS_CRYPTO_02111)
[SWS_CRYPT_13103]{DRAFT} d
Kind: variable
Symbol: kAllowSignature
Scope: namespace ara::crypto
Type: const AllowedUsageFlags
Syntax: const AllowedUsageFlags ara::crypto::kAllowSignature = 0x0004;
Header file: #include "ara/crypto/common/base_id_types.h"
Description: The key/seed can be used for digital signature or MAC/HMAC production (applicable to
symmetric and asymmetric algorithms).

c(RS_CRYPTO_02111)

340 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

[SWS_CRYPT_13104]{DRAFT} d
Kind: variable
Symbol: kAllowVerification
Scope: namespace ara::crypto
Type: const AllowedUsageFlags
Syntax: const AllowedUsageFlags ara::crypto::kAllowVerification = 0x0008;
Header file: #include "ara/crypto/common/base_id_types.h"
Description: The key/seed can be used for digital signature or MAC/HMAC verification (applicable to
symmetric and asymmetric algorithms).

c(RS_CRYPTO_02111)
[SWS_CRYPT_10102]{DRAFT} d
Kind: variable
Symbol: mVersionStamp
Scope: struct ara::crypto::CryptoObjectUid
Type: std::uint64_t
Syntax: std::uint64_t ara::crypto::CryptoObjectUid::mVersionStamp = 0u;
Header file: #include "ara/crypto/common/crypto_object_uid.h"
Description: Sequential value of a steady timer or simple counter, representing version of correspondent
Crypto Object.

c(RS_CRYPTO_02006)
[SWS_CRYPT_30002]{DRAFT} d
Kind: variable
Symbol: mLSQW
Scope: struct ara::crypto::SecureCounter
Type: std::uint64_t
Syntax: std::uint64_t ara::crypto::SecureCounter::mLSQW;
Header file: #include "ara/crypto/common/entry_point.h"
Description: least significant 64 bits

c(RS_CRYPTO_02401)
[SWS_CRYPT_30003]{DRAFT} d
Kind: variable
Symbol: mMSQW
Scope: struct ara::crypto::SecureCounter
Type: std::uint64_t
Syntax: std::uint64_t ara::crypto::SecureCounter::mMSQW;
Header file: #include "ara/crypto/common/entry_point.h"
Description: most significant 64 bits

c(RS_CRYPTO_02401)

341 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

[SWS_CRYPT_10750]{DRAFT} d
Kind: variable
Symbol: kFormatDefault
Scope: class ara::crypto::Serializable
Type: const FormatId
Syntax: static const FormatId ara::crypto::Serializable::kFormatDefault = 0;
Header file: #include "ara/crypto/common/serializable.h"
Description: Default serialization format.

c(RS_CRYPTO_02004, RS_CRYPTO_02302)
[SWS_CRYPT_10752]{DRAFT} d
Kind: variable
Symbol: kFormatDerEncoded
Scope: class ara::crypto::Serializable
Type: const FormatId
Syntax: static const FormatId ara::crypto::Serializable::kFormatDerEncoded =
2;
Header file: #include "ara/crypto/common/serializable.h"
Description: Export DER-encoded value of an object.

c(RS_CRYPTO_02004, RS_CRYPTO_02302)
[SWS_CRYPT_10753]{DRAFT} d
Kind: variable
Symbol: kFormatPemEncoded
Scope: class ara::crypto::Serializable
Type: const FormatId
Syntax: static const FormatId ara::crypto::Serializable::kFormatPemEncoded =
3;
Header file: #include "ara/crypto/common/serializable.h"
Description: Export PEM-encoded value of an object.

c(RS_CRYPTO_02004, RS_CRYPTO_02302)
[SWS_CRYPT_10751]{DRAFT} d
Kind: variable
Symbol: kFormatRawValueOnly
Scope: class ara::crypto::Serializable
Type: const FormatId
Syntax: static const FormatId ara::crypto::Serializable::kFormatRawValueOnly =
1;
Header file: #include "ara/crypto/common/serializable.h"
Description: Export only raw value of an object.

c(RS_CRYPTO_02004, RS_CRYPTO_02302)

342 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

[SWS_CRYPT_10412]{DRAFT} d
Kind: variable
Symbol: mQwordLs
Scope: struct ara::crypto::Uuid
Type: std::uint64_t
Syntax: std::uint64_t ara::crypto::Uuid::mQwordLs = 0u;
Header file: #include "ara/crypto/common/uuid.h"
Description: Less significant QWORD.

c(RS_CRYPTO_02005)
[SWS_CRYPT_10413]{DRAFT} d
Kind: variable
Symbol: mQwordMs
Scope: struct ara::crypto::Uuid
Type: std::uint64_t
Syntax: std::uint64_t ara::crypto::Uuid::mQwordMs = 0u;
Header file: #include "ara/crypto/common/uuid.h"
Description: Most significant QWORD.

c(RS_CRYPTO_02005)

343 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

9 Service Interfaces
No content defined.

9.1 Type definitions

No types are defined for service interfaces.

9.2 Provided Service Interfaces

No service interfaces are provided.

9.3 Required Service Interfaces

No service interfaces are required.

9.4 Application Errors

No application errors are defined.

344 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

A Mentioned Manifest Elements

For the sake of completeness, this chapter contains a set of class tables representing
meta-classes mentioned in the context of this document but which are not contained
directly in the scope of describing specific meta-model semantics.
Chapter is generated.
Class AdaptiveApplicationSwComponentType
Package M2::AUTOSARTemplates::AdaptivePlatform::ApplicationDesign::ApplicationStructure
Note This meta-class represents the ability to support the formal modeling of application software on the
AUTOSAR adaptive platform. Consequently, it shall only be used on the AUTOSAR adaptive platform.
Tags:atp.recommendedPackage=AdaptiveApplicationSwComponentTypes
Base ARElement, ARObject, AtpBlueprint, AtpBlueprintable, AtpClassifier , AtpType, CollectableElement,
Identifiable, MultilanguageReferrable, PackageableElement, Referrable, SwComponentType
Aggregated by ARPackage.element
Attribute Type Mult. Kind Note
internalBehavior AdaptiveSwcInternal 0..1 aggr This aggregation represents the internal behavior of the
Behavior AdaptiveApplicationSwComponentType for the AUTOSAR
adaptive platform.
Stereotypes: atpSplitable; atpVariation
Tags:
atp.Splitkey=internalBehavior.shortName, internal
Behavior.variationPoint.shortLabel
vh.latestBindingTime=preCompileTime

Table A.1: AdaptiveApplicationSwComponentType

Class CryptoCertificate
Package M2::AUTOSARTemplates::AdaptivePlatform::PlatformModuleDeployment::CryptoDeployment
Note This meta-class represents the ability to model a cryptographic certificate.
Base ARObject, Identifiable, MultilanguageReferrable, Referrable
Aggregated by CryptoModuleInstantiation.cryptoCertificate
Attribute Type Mult. Kind Note
isPrivate Boolean 0..1 attr This attribute controls the possibility to access the content
of the CryptoCertificateSlot by Find() interfaces of the
X509 Provider.

Table A.2: CryptoCertificate

Class CryptoCertificateInterface
Package M2::AUTOSARTemplates::AdaptivePlatform::ApplicationDesign::CryptoDesign
Note This meta-class provides the ability to define a PortInterface for a CryptoCertificate.
Tags:
atp.Status=candidate
atp.recommendedPackage=CryptoInterfaces
Base ARElement, ARObject, AtpBlueprint, AtpBlueprintable, AtpClassifier , AtpType, CollectableElement,
CryptoInterface, Identifiable, MultilanguageReferrable, PackageableElement, PortInterface, Referrable
Aggregated by ARPackage.element
Attribute Type Mult. Kind Note
5

345 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

4
Class CryptoCertificateInterface
isPrivate Boolean 0..1 attr This attribute controls the possibility to access the content
of the CryptoCertificateSlot by Find() interfaces of the
X509 Provider.
Tags:atp.Status=candidate
writeAccess Boolean 0..1 attr This attribute defines whether the application has
write-access to the CryptoCertificate (True) or only
read-access (False).
Tags:atp.Status=candidate

Table A.3: CryptoCertificateInterface

Class CryptoCertificateToCryptoKeySlotMapping
Package M2::AUTOSARTemplates::AdaptivePlatform::PlatformModuleDeployment::CryptoDeployment
Note This meta-class represents the ability to define a mapping between a CryptoKeySlot and a Crypto
Certificate.
Base ARObject
Aggregated by CryptoModuleInstantiation.certificateToKeySlotMapping
Attribute Type Mult. Kind Note
crypto CryptoCertificate 0..1 ref This reference represents the mapped cryptoCertificate.
Certificate
cryptoKeySlot CryptoKeySlot 0..2 ref This reference represents the mapped cryptoKeySlot.

Table A.4: CryptoCertificateToCryptoKeySlotMapping

Class CryptoKeySlot
Package M2::AUTOSARTemplates::AdaptivePlatform::PlatformModuleDeployment::CryptoDeployment
Note This meta-class represents the ability to define a concrete key to be used for a crypto operation.
Tags:atp.ManifestKind=MachineManifest
Base ARObject, Identifiable, MultilanguageReferrable, Referrable
Aggregated by CryptoProvider.keySlot
Attribute Type Mult. Kind Note
allocateShadow Boolean 0..1 attr This attribute defines whether a shadow copy of this Key
Copy Slot shall be allocated to enable rollback of a failed Key
Slot update campaign (see interface BeginTransaction).
cryptoAlgId String 0..1 attr This attribute defines a crypto algorithm restriction (kAlgId
Any means without restriction). The algorithm can be
specified partially: family & length, mode, padding.
Future Crypto Providers can support some crypto
algorithms that are not well known/ standardized today,
therefore AUTOSAR doesn’t provide a concrete list of
crypto algorithms’ identifiers and doesn’t suppose usage
of numerical identifiers. Instead of this a provider supplier
should provide string names of supported algorithms in
accompanying documentation. The name of a crypto
algorithm shall follow the rules defined in the specification
of cryptography for Adaptive Platform.
cryptoObject CryptoObjectTypeEnum 0..1 attr Object type that can be stored in the slot. If this field
Type contains "Undefined" then mSlotCapacity must be
provided and larger then 0.
Tags:atp.Status=candidate
5

346 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

4
Class CryptoKeySlot
keySlotAllowed CryptoKeySlotAllowed 0..1 aggr Restricts how this keySlot may be used
Modification Modification
Tags:atp.Status=candidate
keySlotContent CryptoKeySlotContent * aggr Restriction of allowed usage of a key stored to the slot.
AllowedUsage AllowedUsage
Tags:atp.Status=candidate
slotCapacity PositiveInteger 0..1 attr Capacity of the slot in bytes to be reserved by the stack
vendor. One use case is to define this value in case that
the cryptoObjectType is undefined and the slot size can
not be deduced from cryptoObjectType and cryptoAlgId.
"0" means slot size can be deduced from cryptoObject
Type and cryptoAlgId.
slotType CryptoKeySlotType 0..1 attr This attribute defines whether the keySlot is exclusively
Enum used by the Application; or whether it is used by Stack
Services and managed by a Key Manager Application.
Tags:atp.Status=candidate

Table A.5: CryptoKeySlot

Class CryptoKeySlotInterface
Package M2::AUTOSARTemplates::AdaptivePlatform::ApplicationDesign::CryptoDesign
Note This meta-class provides the ability to define a PortInterface for Crypto Key Slots.
Tags:
atp.Status=candidate
atp.recommendedPackage=CryptoInterfaces
Base ARElement, ARObject, AtpBlueprint, AtpBlueprintable, AtpClassifier , AtpType, CollectableElement,
CryptoInterface, Identifiable, MultilanguageReferrable, PackageableElement, PortInterface, Referrable
Aggregated by ARPackage.element
Attribute Type Mult. Kind Note
allocateShadow Boolean 0..1 attr This attribute defines whether a shadow copy of this Key
Copy Slot shall be allocated to enable rollback of a failed Key
Slot update campaign (see interface BeginTransaction).
Tags:atp.Status=candidate
cryptoAlgId String 0..1 attr This attribute defines a crypto algorithm restriction (kAlgId
Any means without restriction). The algorithm can be
specified partially: family & length, mode, padding.
Future Crypto Providers can support some crypto
algorithms that are not well known/ standardized today,
therefore AUTOSAR doesn’t provide a concrete list of
crypto algorithms’ identifiers and doesn’t suppose usage
of numerical identifiers. Instead of this a provider supplier
should provide string names of supported algorithms in
accompanying documentation. The name of a crypto
algorithm shall follow the rules defined in the specification
of cryptography for Adaptive Platform.
Tags:atp.Status=candidate
cryptoObject CryptoObjectTypeEnum 0..1 attr Object type that can be stored in the slot. If this field
Type contains "Undefined" then mSlotCapacity must be
provided and larger then 0
Tags:atp.Status=candidate
keySlotAllowed CryptoKeySlotAllowed 0..1 aggr Restricts how this keySlot may be used
Modification Modification
Tags:atp.Status=candidate
5

347 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

4
Class CryptoKeySlotInterface
keySlotContent CryptoKeySlotContent * aggr Restriction of allowed usage of a key stored to the slot.
AllowedUsage AllowedUsage
Tags:atp.Status=candidate
slotCapacity PositiveInteger 0..1 attr Capacity of the slot in bytes to be reserved by the stack
vendor. One use case is to define this value in case that
the cryptoObjectType is undefined and the slot size can
not be deduced from cryptoObjectType and cryptoAlgId.
"0" means slot size can be deduced from cryptoObject
Type and cryptoAlgId.
Tags:atp.Status=candidate
slotType CryptoKeySlotType 0..1 attr This attribute defines whether the keySlot is exclusively
Enum used by the Application; or whether it is used by Stack
Services and managed by a Key Manager Application.
Tags:atp.Status=candidate

Table A.6: CryptoKeySlotInterface

Class CryptoKeySlotToPortPrototypeMapping
Package M2::AUTOSARTemplates::AdaptivePlatform::PlatformModuleDeployment::CryptoDeployment
Note This meta-class represents the ability to define a mapping between a CryptoKeySlot on deployment level
to a given PortPrototype that is typed by a CryptoKeySlotInterface.
Tags:atp.recommendedPackage=CryptoKeySlotToPortPrototypeMappings
Base ARElement, ARObject, CollectableElement, Identifiable, MultilanguageReferrable, Packageable
Element, Referrable, UploadablePackageElement
Aggregated by ARPackage.element
Attribute Type Mult. Kind Note
keySlot CryptoKeySlot 0..1 ref This reference represents the mapped CryptoKeySlot.
portPrototype RPortPrototype 0..1 iref This reference represents the mapped PortPrototype.
InstanceRef implemented by:RPortPrototypeIn
ExecutableInstanceRef
process Process 0..1 ref This reference represents the process required as context
for the mapping.

Table A.7: CryptoKeySlotToPortPrototypeMapping

Class CryptoProvider
Package M2::AUTOSARTemplates::AdaptivePlatform::PlatformModuleDeployment::CryptoDeployment
Note CryptoProvider implements cryptographic primitives (algorithms) supported by the stack. Implementation
of this component may be software or hardware based (HSM/TPM).
Base ARObject, Identifiable, MultilanguageReferrable, Referrable
Aggregated by CryptoModuleInstantiation.cryptoProvider
Attribute Type Mult. Kind Note
cryptoProvider Documentation 0..1 ref Documentation of the CryptoProvider that describes the
Documentation implemented cryptographic primitives.
keySlot CryptoKeySlot * aggr This aggregation represents the key slots that are
allocated by the CryptoProvider.
Stereotypes: atpSplitable
Tags:atp.Splitkey=keySlot.shortName

Table A.8: CryptoProvider

348 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

Class CryptoProviderInterface
Package M2::AUTOSARTemplates::AdaptivePlatform::ApplicationDesign::CryptoDesign
Note This meta-class provides the ability to define a PortInterface for a CryptoProvider.
Tags:
atp.Status=candidate
atp.recommendedPackage=CryptoInterfaces
Base ARElement, ARObject, AtpBlueprint, AtpBlueprintable, AtpClassifier , AtpType, CollectableElement,
CryptoInterface, Identifiable, MultilanguageReferrable, PackageableElement, PortInterface, Referrable
Aggregated by ARPackage.element
Attribute Type Mult. Kind Note
– – – – –
Table A.9: CryptoProviderInterface

Class CryptoProviderToPortPrototypeMapping
Package M2::AUTOSARTemplates::AdaptivePlatform::PlatformModuleDeployment::CryptoDeployment
Note This meta-class represents the ability to define a mapping between a CryptoProvider on deployment level
to a given PortPrototype that is typed by a CryptoProviderInterface.
Tags:atp.recommendedPackage=CryptoProviderToPortPrototypeMappings
Base ARElement, ARObject, CollectableElement, Identifiable, MultilanguageReferrable, Packageable
Element, Referrable, UploadablePackageElement
Aggregated by ARPackage.element
Attribute Type Mult. Kind Note
cryptoProvider CryptoProvider 0..1 ref This reference represents the mapped cryptoProvider.
portPrototype RPortPrototype 0..1 iref This reference represents the mapped PortPrototype.
InstanceRef implemented by:RPortPrototypeIn
ExecutableInstanceRef
process Process 0..1 ref This reference represents the process required as context
for the mapping.

Table A.10: CryptoProviderToPortPrototypeMapping

Class CryptoServiceCertificate
Package M2::AUTOSARTemplates::SystemTemplate::SecureCommunication
Note This meta-class represents the ability to model a cryptographic certificate.
Tags:atp.recommendedPackage=CryptoServiceCertificates
Base ARElement, ARObject, CollectableElement, Identifiable, MultilanguageReferrable, Packageable
Element, Referrable
Aggregated by ARPackage.element
Attribute Type Mult. Kind Note
algorithmFamily CryptoCertificate 0..1 attr This attribute represents a description of the family of
AlgorithmFamilyEnum crypto algorithm used to generate public key and
signature of the cryptographic certificate.
format CryptoCertificateFormat 0..1 attr This attribute can be used to provide information about
Enum the format used to create the certificate
maximum PositiveInteger 0..1 attr This attribute represents the ability to define the
Length maximum length of the certificate in bytes.
nextHigher CryptoService 0..1 ref The reference identifies the next higher certificate in the
Certificate Certificate certificate chain.
5

349 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

4
Class CryptoServiceCertificate
serverName String 0..1 attr Server Name Indication (SNI) is needed if the IP address
Identification hosts multiple servers (on the same port), each of them
using a different certificate.
If the client sends the SNI to the Server in the client hello,
the server looks the SNI up in its certificate list and uses
the certificate identified by the SNI.

Table A.11: CryptoServiceCertificate

Class PortInterface (abstract)

Package M2::AUTOSARTemplates::SWComponentTemplate::PortInterface
Note Abstract base class for an interface that is either provided or required by a port of a software component.
Base ARElement, ARObject, AtpBlueprint, AtpBlueprintable, AtpClassifier , AtpType, CollectableElement,
Identifiable, MultilanguageReferrable, PackageableElement, Referrable
Subclasses AbstractRawDataStreamInterface, AbstractSynchronizedTimeBaseInterface, ClientServerInterface,
CryptoInterface, DataInterface, DiagnosticPortInterface, FirewallStateSwitchInterface, LogAndTrace
Interface, ModeSwitchInterface, PersistencyInterface, PlatformHealthManagementInterface, Security
EventReportInterface, ServiceInterface, StateManagementPortInterface, TriggerInterface
Aggregated by ARPackage.element
Attribute Type Mult. Kind Note
namespace SymbolProps * aggr This represents the SymbolProps used for the definition
(ordered) of a hierarchical namespace applicable for the generation
of code artifacts out of the definition of a ServiceInterface.
Stereotypes: atpSplitable
Tags:
atp.Splitkey=namespace.shortName
atp.Status=draft

Table A.12: PortInterface

Class Process
Package M2::AUTOSARTemplates::AdaptivePlatform::ExecutionManifest
Note This meta-class provides information required to execute the referenced executable.
Tags:atp.recommendedPackage=Processes
Base ARElement, ARObject, AbstractExecutionContext, AtpClassifier , CollectableElement, Identifiable,
MultilanguageReferrable, PackageableElement, Referrable, UploadablePackageElement
Aggregated by ARPackage.element
Attribute Type Mult. Kind Note
design ProcessDesign 0..1 ref This reference represents the identification of the
design-time representation for the Process that owns the
reference.
executable Executable * ref Reference to executable that is executed in the process.
Stereotypes: atpUriDef
functionCluster String 0..1 attr This attribute specifies which functional cluster the
Affiliation process is affiliated with.
numberOf PositiveInteger 0..1 attr This attribute defines how often a process shall be
RestartAttempts restarted if the start fails.
numberOfRestartAttempts = "0" OR Attribute not existing,
start once
numberOfRestartAttempts = "1", start a second time
5

350 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

4
Class Process
preMapping Boolean 0..1 attr This attribute describes whether the executable is
preloaded into the memory.
processState ModeDeclarationGroup 0..1 aggr Set of Process States that are defined for the process.
Machine Prototype
securityEvent SecurityEventDefinition * ref The reference identifies the collection of SecurityEvents
that can be reported by the enclosing SoftwareCluster.
Stereotypes: atpSplitable; atpUriDef
Tags:
atp.Splitkey=securityEvent
atp.Status=candidate
stateDependent StateDependentStartup * aggr Applicable startup configurations.
StartupConfig Config

Table A.13: Process

Class RPortPrototype
Package M2::AUTOSARTemplates::SWComponentTemplate::Components
Note Component port requiring a certain port interface.
Base ARObject, AbstractRequiredPortPrototype, AtpBlueprintable, AtpFeature, AtpPrototype, Identifiable,
MultilanguageReferrable, PortPrototype, Referrable
Aggregated by AtpClassifier .atpFeature, SwComponentType.port
Attribute Type Mult. Kind Note
required PortInterface 0..1 tref The interface that this port requires.
Interface
Stereotypes: isOfType

Table A.14: RPortPrototype

351 of 352 Document ID 883: AUTOSAR_SWS_Cryptography

 Specification of Cryptography
AUTOSAR AP R22-11

B Interfaces to other Functional Clusters (informative)

B.1 Overview
AUTOSAR decided not to standardize interfaces which are exclusively used between
Functional Clusters (on platform-level only), to allow efficient implementations,
which might depend e.g. on the used Operating System.
This chapter provides informative guidelines how the interaction between Functional
Clusters looks like, by clustering the relevant requirements of this document to de-
scribe Inter-Functional Cluster (IFC) interfaces. In addition, the standardized public
interfaces which are accessible by user space applications (see chapters 8 and 9) can
also be used for interaction between Functional Clusters.
The goal is to provide a clear understanding of Functional Cluster boundaries
and interaction, without specifying syntactical details. This ensures compatibility be-
tween documents specifying different Functional Clusters and supports parallel
implementation of different Functional Clusters. Details of the interfaces are up
to the platform provider. Additional interfaces, parameters and return values can be
added.

B.2 Interface Tables

No content defined.

352 of 352 Document ID 883: AUTOSAR_SWS_Cryptography