AUTOSAR-Module-KeyM
──────── for more from the author, visit github.com/hazemanwer2000. ────────
Table of Contents
Specification
Function(s)
Scheduled
`KeyM_MainFunction`
`KeyM_MainBackgroundFunction`
API(s)
`KeyM_Init`
`KeyM_SetCertificate`
`KeyM_VerifyCertificate`
`KeyM_VerifyCertificateChain`
`KeyM_VerifyCertificates`
`KeyM_CertGetStatus`
`KeyM_GetCertificate`
`KeyM_CertElementGet`
`KeyM_Deinit`
Configuration
Content
AUTOSAR specifies a Basic Software (BSW) Key Manager (KeyM) module, which resides in
the Service layer, in functionality, API and configuration.
The KeyM module can be divided into two sub-modules: crypto-key sub-module, and
certificate sub-module.
Note: The crypto-key sub-module is not discussed within this document.
Specification
The following figure illustrates the references between different configured certificate(s) in
the KeyM, and associated job(s) and key(s) in the Csm.
To install a certificate:
KeyM_SetCertificate is called, to set and trigger parsing of certificate.
Before this call, the status of the certificate is KEYM_CERTIFICATE_NOT_AVAILABLE
(unless it was previously set, or read from permanent storage).
After this call, the status of the certificate is KEYM_CERTIFICATE_NOT_PARSED .
If parsing completes successfully, which executes in the background, the status
becomes KEYM_CERTIFICATE_PARSED_NOT_VALIDATED .
KeyM_Verify<...> is called, to verify certificate asynchronously.
If successful, the status of the certificate becomes KEYM_CERTIFICATE_VALID .
Note: More than one certificate can be verified at once, if they are all set, are part of the a
chain, and verification is requested on the lowest hierarchal certificate.
Function(s)
Scheduled
KeyM_MainFunction
Name: 'KeyM_MainFunction'
Description: Handles cyclic activities.
KeyM_MainBackgroundFunction
Name: 'KeyM_MainBackgroundFunction'
Description: Handles cyclic activities, that should execute in a background
task.
API(s)
KeyM_Init
Name: 'KeyM_Init'
Description: Initializes module, including loading of permanently-stored
certificates.
Sync/Async: Sync.
Re-entrant: Not re-entrant.
Parameters (in):
[1] Pointer to cfg.
KeyM_SetCertificate
Name: 'KeyM_SetCertificate'
Description: Sets certificate, triggers parsing of certificate.
Sync/Async: Sync.
Re-entrant: Not re-entrant.
Parameters (in):
[1] Cert. ID
[2] Cert. {length, buffer} Pointer
KeyM_VerifyCertificate
Name: 'KeyM_VerifyCertificate'
Description: Triggers verification of certificate, with
'KeyM_SetCertificate' called previously.
Any unverified certificate in its chain is
also verified, top-to-bottom.
If configured, a callback is called upon
conclusion.
Sync/Async: Async.
Re-entrant: Not re-entrant.
Parameters (in):
[1] Cert. ID
KeyM_VerifyCertificateChain
Name: 'KeyM_VerifyCertificateChain'
Description: Similar to 'KeyM_VerifyCertificate', but allows for the
verification of unconfigured, intermediate certificates, as part of the
chain.
Sync/Async: Async.
Re-entrant: Not re-entrant.
Parameters (in):
[1] Cert. ID
[2] Pointer to additional certificate(s)
[3] No. of additional certificate(s)
KeyM_VerifyCertificates
Name: 'KeyM_VerifyCertificates'
Description: Verifies one certificate against another, irrelevant of the
configured hierarchy.
If the upper cert. is not verified already,
an error is returned.
If configured, a callback is called upon
conclusion.
Sync/Async: Async.
Re-entrant: Not re-entrant.
Parameters (in):
[1] Cert. ID
[1] Upper Cert. ID
KeyM_CertGetStatus
Name: 'KeyM_CertGetStatus'
Description: Returns the status of a specific cert.
Sync/Async: Sync.
Re-entrant: Not re-entrant.
Parameters (in):
[1] Cert. ID
KeyM_GetCertificate
Name: 'KeyM_GetCertificate'
Description: Gets a certificate.
Sync/Async: Sync.
Re-entrant: Not re-entrant.
Parameters (in):
[1] Cert. ID
Parameters (in-out):
[1] Cert. {length, buffer} Pointer
KeyM_CertElementGet
Name: 'KeyM_CertElementGet'
Description: Gets a certificate element.
Sync/Async: Sync.
Re-entrant: Not re-entrant.
Parameters (in):
[1] Cert. ID
[2] Cert. element ID
Parameters (in-out):
[1] Pointer to cert. element length
Parameters (out):
[1] Pointer to cert. element buffer
KeyM_Deinit
Name: 'KeyM_Deinit'
Description: De-initializes module, including the active destruction of all
data in RAM.
Sync/Async: Sync.
Re-entrant: Not re-entrant.
Configuration
KeyMGeneral [C, 1]
KeyMCertificateChainMaxDepth [P]
KeyMCertificateManagerEnabled [P]
KeyMCryptoKeyManagerEnabled [P]
KeyMCertificate [C, 0..*]
KeyMCertAlgorithmType [P]
KeyMCertFormatType [P]
KeyMCertificateId [P]
KeyMCertificateMaxLength [P]
KeyMCertificateName [P]
KeyMCertificateStorage [P]
KeyMCertCsmSignatureGenerateJobRef [R, 0..1]
KeyMCertCsmSignatureVerifyJobRef [R, 1]
KeyMCertCsmSignatureVerifyKeyRef [R, 1]
KeyMCertificateCsmKeyTargetRef [R, 0..1]
KeyMCertificateNvmBlockRef [R, 0..1]
KeyMCertUpperHierarchicalCertRef [R, 1]
KeyMCertificateElement [C, 0..*]
KeyMCertificateElementOfStructure [P]
KeyMCertificateElementObjectId [P, 0..1]
KeyMCertificateElementMaxLength [P]
KeyMCertificateElementId [P]
KeyMCertificate
Path: KeyMCertificate/KeyMCertificateStorage
Description: Specifies storage location of certificate.
Possible value(s):
KEYM_STORAGE_IN_CSM
KEYM_STORAGE_IN_NVM
KEYM_STORAGE_IN_RAM
Path: KeyMCertificate/KeyMCertificateCsmKeyTargetRef
Description: References 'CsmKey' where certificate is stored, if
'KeyMCertificateStorage' is set to 'KEYM_STORAGE_IN_CSM'.
KeyMCertificateElement
Path:
KeyMCertificate/KeyMCertificateElement/KeyMCertificateElementOfStructure
Description: Specifies certificate element to search within.
Possible value(s):
CertificateIssuerName
CertificateSubjectName
CertificateSerialNumber
CertificateSignatureAlgorithm
...
References
[1] Specification of Key Manager, AUTOSAR Classic Platform, R20-11