Specification of Crypto Service Manager

AUTOSAR CP R20-11

Document Title Specification of Crypto Service

Manager
Document Owner AUTOSAR
Document Responsibility AUTOSAR
Document Identification No 402

Document Status published

Part of AUTOSAR Standard Classic Platform
Part of Standard Release R20-11

Document Change History

Date Release Changed by Change Description
2020-11-30 R20-11 AUTOSAR  New feature: Save and Restore
Release Context for running crypto operation
Management  New feature: KeyGetStatus and
KeySetInvalid
 Updated Algorithm Families
 Support of Multicore
 Removing inconsistency in
parameter names.
 Editorial changes
2019-11-28 R19-11 AUTOSAR  Bringing return values of all services
Release and interfaces to one line
Management  added functionality and description
of elliptic curves
 Callback notification modified
 Editorial changes
 Changed Document Status from
Final to published
2018-10-31 4.4.0 AUTOSAR  Client-Server-Interfaces
Release Csm<Service>_{Config}
Management  corrected CS interfaces
 removal of references to
CryptoAbstractionLibrary
2017-12-08 4.3.1 AUTOSAR  Added definition for asymmetric key
Release formats
Management  Error fixing and consistency
improvements
 Editorial changes

1 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Document Change History

Date Release Changed by Change Description
2016-11-30 4.3.0 AUTOSAR  Introduced crypto job concept
Release  Introduced key management
Management concept
 Removed Cry_XXX functions from
the Csm and introduced two new
layers in the crypto stack: Crypto
Interface (CryIf) and Crypto Driver
(Crypto)
2015-07-31 4.2.2 AUTOSAR  Changed return type from
Release Csm_ReturnType to Std_Types in
Management all API functions
 Added detailed description of RTE
interfaces
 Debugging support marked as
obsolete
 Error fixing and consistency
improvements
2014-10-31 4.2.1 AUTOSAR  Obsolete configuration elements
Release removed
Management  Error fixing and consistency
improvements
 Editorial changes
2014-03-31 4.1.3 AUTOSAR  Error fixing and consistency
Release improvements
Management  Editorial changes
2013-10-31 4.1.2 AUTOSAR  Error fixing and consistency
Release improvements
Management  Editorial changes
 Removed chapter(s) on change
documentation

2 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Document Change History

Date Release Changed by Change Description
2013-03-15 4.1.1 AUTOSAR  Services for
Administration compression/decompression added
 Services for key update added
(Concept ‘CSM extension’)
 Services for symmetric key
generation added (Concept ‘CSM
extension’)
 Service state machine changed to
cope with terminated users by
releasing of locked resources
 Production errors restructured
2011-12-22 4.0.3 AUTOSAR  Fixed issues with AUTOSAR Port
Administration Interfaces
2010-09-30 3.1.5 AUTOSAR  Complete Configuration parameters
Administration  Complete API specifications
 Add support for secure key storage
 Integration of support for key
transport services
 Introduction of new DET error
(checking of the null pointer in
getversion info).
2010-02-02 3.1.4 AUTOSAR  Initial release
Administration

3 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Disclaimer

This work (specification and/or software implementation) and the material contained
in it, as released by AUTOSAR, is for the purpose of information only. AUTOSAR and
the companies that have contributed to it shall not be liable for any use of the work.
The material contained in this work is protected by copyright and other types of
intellectual property rights. The commercial exploitation of the material contained in
this work requires a license to such intellectual property rights.
This work may be utilized or reproduced without any modification, in any form or by
any means, for informational purposes only. For any other purpose, no part of the
work may be utilized or reproduced, in any form or by any means, without permission
in writing from the publisher.
The work has been developed for automotive applications only. It has neither been
developed, nor tested for non-automotive applications.
The word AUTOSAR and the AUTOSAR logo are registered trademarks.

4 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Table of Contents
1 Introduction and Functional Overview .................................................................. 8
2 Acronyms and Abbreviations ................................................................................ 9
2.1 Glossary of Terms ........................................................................................... 9
3 Related documentation ....................................................................................... 11
3.1 Input Documents ........................................................................................... 11
3.2 Related standards and norms....................................................................... 12
3.3 Related specification ..................................................................................... 12
4 Constraints and Assumptions ............................................................................. 13
4.1 Limitations ..................................................................................................... 13
4.2 Applicability to Car Domains ......................................................................... 13
4.3 Security Implications ..................................................................................... 13
5 Dependencies to other Modules ......................................................................... 14
6 Requirements Traceability .................................................................................. 15
7 Functional specification ...................................................................................... 18
7.1 Basic Architecture Guidelines ....................................................................... 18
7.2 General Behavior .......................................................................................... 20
7.2.1 Normal Operation .................................................................................. 21
7.2.2 Design Notes ......................................................................................... 24
7.3 Error Classification ........................................................................................ 34
7.3.1 Development Errors............................................................................... 34
7.3.2 Runtime Errors ...................................................................................... 35
7.3.3 Transient Faults ..................................................................................... 35
7.3.4 Production Errors................................................................................... 35
7.3.5 Extended Production Errors .................................................................. 35
7.4 Error Detection .............................................................................................. 35
7.5 Multicore ........................................................................................................ 36
8 API Specification ................................................................................................. 37
8.1 Imported types .............................................................................................. 37
8.2 Type Definitions ............................................................................................ 37
8.2.1 Extension to Std_ReturnType ............................................................... 37
8.2.2 Csm_ConfigType ................................................................................... 37
8.2.3 Crypto_AlgorithmFamilyType ................................................................ 38
8.2.4 Crypto_AlgorithmModeType.................................................................. 40
8.2.5 Crypto_InputOutputRedirectionConfigType .......................................... 41
8.2.6 Crypto_JobType .................................................................................... 42
8.2.7 Crypto_JobStateType ............................................................................ 43
8.2.8 Crypto_JobPrimitiveInputOutputType ................................................... 43
8.2.9 Crypto_JobPrimitiveInfoType ................................................................ 45
8.2.10 Crypto_ServiceInfoType ........................................................................ 46
8.2.11 Crypto_JobRedirectionInfoType ............................................................ 47
8.2.12 Crypto_AlgorithmInfoType..................................................................... 48
8.2.13 Crypto_ProcessingType ........................................................................ 49
8.2.14 Crypto_PrimitiveInfoType ...................................................................... 49
5 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager
 Specification of Crypto Service Manager
AUTOSAR CP R20-11

8.2.15 Csm_ConfigIdType ................................................................................ 50

8.3 Function Definitions ...................................................................................... 50
8.3.1 General Interface ................................................................................... 50
8.3.2 Hash Interface ....................................................................................... 52
8.3.3 MAC interface ........................................................................................ 53
8.3.4 Cipher Interface ..................................................................................... 55
8.3.5 Authenticated Encryption with Associated Data (AEAD) Interface ....... 57
8.3.6 Signature Interface ................................................................................ 60
8.3.7 Random Interface .................................................................................. 62
8.3.8 Key Management Interface ................................................................... 63
8.3.9 Cryptographic Primitives and Schemes ................................................ 78
8.3.10 Context Save and Restore .................................................................... 84
8.3.11 Job Cancellation Interface ..................................................................... 86
8.3.12 Callback Notifications ............................................................................ 87
8.3.13 Scheduled functions .............................................................................. 88
8.4 Expected Interfaces ...................................................................................... 89
8.4.1 Interfaces to Standard Software Modules ............................................. 89
8.4.2 Mandatory Interfaces ............................................................................. 89
8.4.3 Optional Interfaces ................................................................................ 89
8.4.4 Configurable interfaces ......................................................................... 90
8.5 Service Interface ........................................................................................... 91
8.5.1 Client-Server-Interfaces ........................................................................ 91
8.5.2 Client-Server-Interfaces (DATA_REFERENCES) .............................. 115
8.5.3 Client-Server-Interfaces (Key Management) ...................................... 132
8.5.4 Client-Server-Interface (Context Service) ........................................... 141
8.5.5 Client-Server-Interface Callbacks ....................................................... 142
8.5.6 Implementation Data Types ................................................................ 143
8.5.7 Ports .................................................................................................... 155
9 Sequence Diagrams ......................................................................................... 158
9.1 Asynchronous Calls .................................................................................... 158
9.2 Synchronous Calls ...................................................................................... 159
10 Configuration..................................................................................................... 160
10.1 How to Read this Chapter ........................................................................... 160
10.2 Containers and Configuration Parameters ................................................. 160
10.2.1 Csm...................................................................................................... 161
10.2.2 CsmGeneral......................................................................................... 162
10.2.3 CsmMainFunction................................................................................ 164
10.2.4 CsmJobs .............................................................................................. 167
10.2.5 CsmJob................................................................................................ 167
10.2.6 CsmKeys ............................................................................................. 171
10.2.7 CsmKey ............................................................................................... 171
10.2.8 CsmQueues ......................................................................................... 173
10.2.9 CsmQueue........................................................................................... 173
10.2.10 CsmInOutRedirections ........................................................................ 177
10.2.11 CsmInOutRedirection .......................................................................... 177
10.2.12 CsmPrimitives ...................................................................................... 180
10.2.13 CsmHash ............................................................................................. 182
10.2.14 CsmHashConfig .................................................................................. 183
10.2.15 CsmMacGenerate ............................................................................... 187
6 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager
 Specification of Crypto Service Manager
AUTOSAR CP R20-11

10.2.16 CsmMacGenerateConfig ..................................................................... 188

10.2.17 CsmMacVerify ..................................................................................... 193
10.2.18 CsmMacVerifyConfig ........................................................................... 193
10.2.19 CsmEncrypt ......................................................................................... 199
10.2.20 CsmEncryptConfig............................................................................... 200
10.2.21 CsmDecrypt ......................................................................................... 205
10.2.22 CsmDecryptConfig .............................................................................. 206
10.2.23 CsmAEADEncrypt ............................................................................... 211
10.2.24 CsmAEADEncryptConfig ..................................................................... 211
10.2.25 CsmAEADDecrypt ............................................................................... 217
10.2.26 CsmAEADDecryptConfig .................................................................... 217
10.2.27 CsmSignatureGenerate....................................................................... 222
10.2.28 CsmSignatureGenerateConfig ............................................................ 223
10.2.29 CsmSignatureVerify............................................................................. 228
10.2.30 CsmSignatureVerifyConfig .................................................................. 228
10.2.31 CsmRandomGenerate ........................................................................ 233
10.2.32 CsmRandomGenerateConfig .............................................................. 233
10.2.33 CsmJobKeySetValid ............................................................................ 237
10.2.34 CsmJobKeySetValidConfig ................................................................. 238
10.2.35 CsmJobKeySetInvalid ......................................................................... 241
10.2.36 CsmJobKeySetInvalidConfig ............................................................... 241
10.2.37 CsmJobRandomSeed ......................................................................... 244
10.2.38 CsmJobRandomSeedConfig ............................................................... 245
10.2.39 CsmJobKeyDerive ............................................................................... 250
10.2.40 CsmJobKeyDeriveConfig .................................................................... 250
10.2.41 CsmJobKeyGenerate .......................................................................... 254
10.2.42 CsmJobKeyGenerateConfig................................................................ 254
10.2.43 CsmJobKeyExchangeCalcPubVal ...................................................... 258
10.2.44 CsmJobKeyExchangeCalcPubValConfig ........................................... 258
10.2.45 CsmJobKeyExchangeCalcSecret ....................................................... 262
10.2.46 CsmJobKeyExchangeCalcSecretConfig ............................................. 262
10.2.47 CsmCallbacks ...................................................................................... 264
10.2.48 CsmCallback ....................................................................................... 264
10.3 Published Information ................................................................................. 265

7 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

1 Introduction and Functional Overview

This specification specifies the functionality, API and the configuration of the software
module Crypto Service Manager (CSM) to satisfy the top-level requirements
represented in the CSM Requirements Specification (SRS) [CSM_SRS].

The CSM shall provide synchronous or asynchronous services to enable a unique

access to basic cryptographic functionalities for all software modules. The CSM shall
provide an abstraction layer, which offers a standardized interface to higher software
layers to access these functionalities.
The functionality required by a software module can be different to the functionality
required by other software modules. For this reason, there shall be the possibility to
configure and initialize the services provided by the CSM individually for each
software module. This configuration comprises as well the selection of synchronous
or asynchronous processing of the CSM services.

The construction of the CSM module follows a generic approach. Wherever a

detailed specification of structures and interfaces would limit the scope of the
usability of the CSM, interfaces and structures are defined in a generic way. This
provides an opportunity for future extensions.

8 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

2 Acronyms and Abbreviations

Acronyms and abbreviations, which have a local scope and therefore are not
contained in the AUTOSAR glossary [13], are listed in this chapter.

Abbreviation / Description:
Acronym:
AEAD Authenticated Encryption with Associated Data
CDD Complex Device Driver
CSM Crypto Service Manager
CRYIF Crypto Interface
CRYPTO Crypto Driver
DET Default Error Tracer
HSM Hardware Security Module
HW Hardware
SHE Security Hardware Extension
SW Software

2.1 Glossary of Terms

Terms: Description:
Crypto Driver A Crypto Driver implements one or more Crypto Driver Objects.
Object The Crypto Driver Object can offer different crypto primitives in
hardware or software. The Crypto Driver Objects of one Crypto
Driver are independent of each other.
There is only one workspace for each Crypto Driver Object (i.e.
only one crypto primitive can be performed at the same time)
Key A Key can be referenced by a job in the Csm.
In the Crypto Driver, the key refers a specific key type.
Key Type A key type consists of refers to key elements.
The key types are typically pre-configured by the vendor of the
Crypto Driver.
Key Element Key elements are used to store data. This data can be e.g. key
material or the IV needed for AES encryption.
It can also be used to configure the behaviour oft he key
management functions.
Job A Job is a configured 'CsmJob'. Among others, it refers to a key, a
cryptographic primitive and a reference channel.
Channel A channel is the path from a Crypto Service Manager queue via the
Crypto Interface to a specific Crypto Driver Object.
Primitive A primitive is an instance of a configured cryptographic algorithm
realized in a Crypto Driver Object. Among others it refers to a
functionality provided by the CSM to the application, the concrete
underlining 'algorithmfamily' (e.g. AES, MD5, RSA, etc.), and a
'algorithmmode' (e.g. ECB, CBC, etc).

9 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Operation An operation of a crypto primitive declares what part of the crypto

primitive shall be performed. There are three different operations:
START Operation indicates a new request of a crypto primitive,
it shall cancel all previous requests perform necessary
initializations and checks if the crypto primitive can be
processed.
UPDATE Operation indicates, that the crypto primitive expect
input data. An update operation may provide
intermediate results.
FINISH Operation indicates, that after this part all data are fed
completely and the crypto primitive can finalize the
calculations. A finish operation may provide final
results.
It is also possible to perform more than one operation at once by
concatenating the corresponding bits of the operation_mode
argument.
Priority The priority of a job defines the importance of it. The higher the
priority (as well in value), the more immediate the job will be
executed. The priority of a cryptographic job is part of the
configuration.
Processing Indicates the kind of job processing.

Asynchro The job is not processed immediately when calling a

nous corresponding function. Usually, the caller is informed
via a callback function when the job has been finished.
Synchron The job is processed immediately when calling a
ous corresponding function. When the function returns, a
result will be available.
Service A service shall be understand as defined in the TR_Glossary
document: A service is a type of operation that has a published
specification of interface and behavior, involving a contract between
the provider of the capability and the potential clients.

10 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

3 Related documentation

3.1 Input Documents

[1] List of Basic Software Modules
AUTOSAR_TR_BSWModuleList.pdf

[2] Layered Software Architecture

AUTOSAR_EXP_LayeredSoftwareArchitecture.pdf

[3] General Requirements on Basic Software Modules

AUTOSAR_SRS_BSWGeneral.pdf

[4] Specification of RTE Software

AUTOSAR_SWS_RTE.pdf

[5] Specification of BSW Scheduler

AUTOSAR_SWS_Scheduler.pdf

[6] Specification of ECU Configuration

AUTOSAR_TPS_ECUConfiguration.pdf

[7] Specification of Memory Mapping

AUTOSAR_SWS_MemoryMapping.pdf

[8] Specification of Default Error Tracer

AUTOSAR_SWS_DefaultErrorTracer.doc.pdf

[9] Specification of Diagnostic Event Manager

AUTOSAR_SWS_DiagnosticEventManager.pdf

[10] Specification of ECU State Manager

AUTOSAR_SWS_ECUStateManager.pdf

[11] Specification of C Implementation Rules

AUTOSAR_TR_CImplementationRules.pdf

[12] Specification of Standard Types

AUTOSAR_SWS_StandardTypes.pdf

[13] AUTOSAR Glossary

AUTOSAR_TR_Glossary.pdf

[14] Requirements on the Crypto Stack

AUTOSAR_SRS_CryptoStack.pdf

[15] Specification of the Crypto Interface

AUTOSAR_SWS_CryptoInterface.pdf

11 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

[16] Specification of the Crypto Driver

AUTOSAR_SWS_CryptoDriver.pdf

[17] General Specification of Basic Software Modules

AUTOSAR_SWS_BSWGeneral.pdf

3.2 Related standards and norms

[18] IEC 7498-1 The Basic Model, IEC Norm, 1994

[19] IETF RFC5639 Elliptic Curve Cryptography (ECC) Brainpool Standard

Curves and Curve Generation, 2010

[20] IETF RFC6637 Elliptic Curve Cryptography (ECC) in OpenPGP, 2012

3.3 Related specification

AUTOSAR provides a General Specification on Basic Software modules (SWS BSW

General), which is also valid for Crypto Service Manager.

Thus, the specification SWS BSW General shall be considered as additional and
required specification for Crypto Service Manager.

12 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

4 Constraints and Assumptions

4.1 Limitations
Some type definitions of CSM start with the Prefix “CRYPTO_” which will violate
SRS_BSW_00305. This will be harmonized in release 4.3.1. Nevertheless due to the
constraint [constr_1050] part 1 the ports are still consider to be compatible.

4.2 Applicability to Car Domains

n.a.

4.3 Security Implications

There is no user management in place, which prevents non-authorized access on
any of CSM’s services. This means, that if any access protection is needed such
must be implemented by the application and the served (by CSM) cryptographic
library modules; access protection is not target of the CSM.

13 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

5 Dependencies to other Modules

[SWS_Csm_00001] ⌈The CSM shall be able to access the cryptographic interface
(CRYIF), which is implemented according to the cryptographic interface specification.
⌋(SRS_CryptoStack_00082)

[SWS_Csm_00506] ⌈The CSM module shall use the interfaces of the CRYIF with the
underlying Crypto Drivers (CRYPTO) to calculate the result of a cryptographic
service.
⌋(SRS_CryptoStack_00082)
The incorporated cryptographic library modules or hardware extensions of the Crypto
Driver provide the cryptographic routines, e.g. SHA-1, RSA, AES, Diffie-Hellman key-
exchange, etc.

14 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

6 Requirements Traceability

Requirement Description Satisfied by

SRS_BSW_00101 The Basic Software Module SWS_Csm_00646
shall be able to initialize
variables and hardware in a
separate initialization function
SRS_BSW_00358 The return type of init() SWS_Csm_00646
functions implemented by
AUTOSAR Basic Software
Modules shall be void
SRS_BSW_00359 All AUTOSAR Basic Software SWS_Csm_00970, SWS_Csm_00971
Modules callback functions
shall avoid return types other
than void if possible
SRS_BSW_00360 AUTOSAR Basic Software SWS_Csm_00970, SWS_Csm_00971
Modules callback functions
are allowed to have
parameters
SRS_BSW_00373 The main processing function SWS_Csm_00479
of each AUTOSAR Basic
Software Module shall be
named according the defined
convention
SRS_BSW_00407 Each BSW module shall SWS_Csm_00705
provide a function to read out
the version information of a
dedicated module
implementation
SRS_BSW_00414 Init functions shall have a SWS_Csm_00646
pointer to a configuration
structure as single parameter
SRS_BSW_00432 Modules should have SWS_Csm_00479
separate main processing
functions for read/receive and
write/transmit data path
SRS_CryptoStack_00008 The Crypto Stack shall allow SWS_Csm_00951, SWS_Csm_00953,
static configuration of keys SWS_Csm_01012, SWS_Csm_01092
used for cryptographic jobs
SRS_CryptoStack_00009 The Crypto Stack shall SWS_Csm_00022
support reentrancy for all
crypto services
SRS_CryptoStack_00010 The Crypto Stack shall SWS_Csm_00959
conceal symmetric keys from
the users of crypto services
SRS_CryptoStack_00011 The Crypto Stack shall SWS_Csm_00959
conceal asymmetric private
keys from the users of Crypto
services
SRS_CryptoStack_00019 The Crypto Stack shall identify SWS_Csm_01543
random number generation as

15 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

a cryptographic primitive
which can be requested to a
driver
SRS_CryptoStack_00020 The Crypto Stack shall identify SWS_Csm_00984, SWS_Csm_00989
symmetric
encryption/decryption as a
cryptographic primitive which
can be requested to a driver
SRS_CryptoStack_00021 The Crypto Stack shall identify SWS_Csm_00984, SWS_Csm_00989
asymmetric
encryption/decryption as a
cryptographic primitive which
can be requested to a driver
SRS_CryptoStack_00022 The Crypto Stack shall identify SWS_Csm_00982
MAC generation/verification
as a cryptographic primitive
which can be requested to a
driver
SRS_CryptoStack_00023 The Crypto Stack shall identify SWS_Csm_00992, SWS_Csm_00996
asymmetric signature
generation/verification as a
cryptographic primitive which
can be requested to a driver
SRS_CryptoStack_00024 The Crypto Stack shall identify SWS_Csm_00980
hash calculation as a
cryptographic primitive which
can be requested to a driver
SRS_CryptoStack_00026 The Crypto Stack shall SWS_Csm_00955
provide an interface for the
generation of asymmetric keys
SRS_CryptoStack_00027 The Crypto Stack shall SWS_Csm_00955
provide an interface for the
generation of symmetric keys
SRS_CryptoStack_00082 The CSM module specification SWS_Csm_00001, SWS_Csm_00032,
shall specify the interface and SWS_Csm_00506
behavior of the callback
function, if the asynchronous
job processing mode is
selected
SRS_CryptoStack_00084 The CSM module shall use SWS_Csm_01039
the streaming approach for
some selected services
SRS_CryptoStack_00086 The CSM module shall SWS_Csm_01089, SWS_Csm_91004
distinguish between error
types
SRS_CryptoStack_00087 The CSM module shall report SWS_Csm_01088, SWS_Csm_01091
detected development errors
to the Default Error Tracer
SRS_CryptoStack_00090 The CSM shall provide an SWS_Csm_00802, SWS_Csm_00803,
interface to be accessible via SWS_Csm_00902, SWS_Csm_00903,
the RTE SWS_Csm_00912, SWS_Csm_00922,
SWS_Csm_00923, SWS_Csm_00927,
SWS_Csm_00928, SWS_Csm_00930,

16 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

SWS_Csm_00934, SWS_Csm_00935,
SWS_Csm_00936, SWS_Csm_00943,
SWS_Csm_00946, SWS_Csm_01042,
SWS_Csm_01074, SWS_Csm_01075,
SWS_Csm_01077, SWS_Csm_01078,
SWS_Csm_01079, SWS_Csm_01906,
SWS_Csm_01910, SWS_Csm_01915,
SWS_Csm_01920, SWS_Csm_01921,
SWS_Csm_01922, SWS_Csm_01923,
SWS_Csm_01924, SWS_Csm_01925,
SWS_Csm_01926, SWS_Csm_01927,
SWS_Csm_01928, SWS_Csm_09000,
SWS_Csm_91023, SWS_Csm_91045,
SWS_Csm_91046, SWS_Csm_91051,
SWS_Csm_91052, SWS_Csm_91053,
SWS_Csm_91054, SWS_Csm_91055,
SWS_Csm_91056, SWS_Csm_91057,
SWS_Csm_91058, SWS_Csm_91059,
SWS_Csm_91060, SWS_Csm_91062,
SWS_Csm_91105
SRS_CryptoStack_00091 The CSM shall provide one SWS_Csm_00934, SWS_Csm_01042,
Provide--Port for each SWS_Csm_91023, SWS_Csm_91062
configuration
SRS_CryptoStack_00095 The Crypto Driver module SWS_Csm_91043, SWS_Csm_91044
shall strictly separate error
and status information
SRS_CryptoStack_00100 Synchronous Job Processing SWS_Csm_01049
SRS_CryptoStack_00101 Asynchronous Job Processing SWS_Csm_01049
SRS_CryptoStack_00103 The Crypto Stack shall SWS_Csm_00956
provide an interface for the
derivation of symmetric keys
SRS_CryptoStack_00906 - SWS_Csm_00947
SRS_CryptoStack_01076 - SWS_Csm_01083
SRS_CrytptoStack_00028 - SWS_Csm_00966, SWS_Csm_00967
SRS_CrytptoStack_00029 - SWS_Csm_00959
SRS_Csm_00066 - SWS_Csm_00691, SWS_Csm_01905
SWS_BSW_00050 Check parameters passed to SWS_Csm_00186
Initialization functions
SWS_BSW_00216 - SWS_Csm_01085

17 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

7 Functional specification

Figure 7-1 AUTOSAR Layered View with CSM

7.1 Basic Architecture Guidelines

The starting point for the description of the design of the CSM module is the
AUTOSAR Layered Software Architecture (see Figure 7-1). The description of the
CSM module architecture on the basis of the AUTOSAR layered software
architecture shall help to understand the specification of interfaces and functionalities
of the CSM module in the following sections.
The architecture of AUTOSAR consists of several layers which can be seen in Figure
7-1. The Service Layer is the highest layer of the Basic Software. Its task is to
provide basic services for application and basic software modules, i.e. it offers the
most relevant functionalities for application software and basic software modules.
CSM is a service that provides cryptography functionality, based on a crypto driver
which relies on a software library or on a hardware module. Also, mixed setups with
multiple crypto drivers are possible. The CSM accesses the different CryptoDrivers
over the CRYIF.

The CSM, as a service layer, provides the interface for SW-C or BSW for
cryptographic operations. The main task of the CSM is to schedule and prioritize
services and to call the crypto interface (CryIf) for further operation. The CryIf
schedules the requests to the crypto driver and its crypto driver object that was
statically assigned to this service.
The CSM uses a static configuration of primitives (CsmPrimitives) to define a
cryptographic operation. Such a primitive is then assigned to a job configuration
(CsmJob) that determines further attributes like priority, asynchronous or
synchronous execution and what key shall be used for the operation. It should be
18 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager
 Specification of Crypto Service Manager
AUTOSAR CP R20-11

noted that the key is always located in the crypto driver itself and the CSM uses only
a reference to it.
The separation of the keys and primitives allows to separate the API for the
cryptographic operation and the key management. This allows to let an application
concentrate on the required cryptographic operation like MAC calculation and
verification whereas a key manager provides the keys during a configuration setup.
The API of the CSM can roughly be divided into two categories: a direct API (mainly
for key management) and a job-based API (mainly for cryptographic operations) (see
Fig. x) 1. The direct API has a direct correspondence of the functions in the CryIf and
the Crypto Driver. These functions can only be called synchronously. The CSM will
pass the parameter from the application directly to the function call. The job-based
API uses a job structure, the Crypto_JobType, that contains static and dynamic
parameters and references to structures to provide all necessary information to the
crypto driver to perform that job (see Fig. x+1). Every service that uses a job will use
this structure. All necessary parameter for a service will be packed into the elements
of the structure by the CSM and will then call the CryIf and this, in turn, will call the
configured Crypto Driver.

Figure 7-2 API call tree for CSM, CryIf and Crypto. Divided into job-based API and Direct API

A job can run synchronously or asynchronously depending on the static

configuration. The parameters for crypto service info, crypto algorithm family and
mode determine the exact cryptographic algorithm that shall be performed in the
crypto driver.

1
Historically, there are a few functions with direct synchronous API and a job based API, because the
need for asynchronous execution was recognized afterwards.
19 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager
 Specification of Crypto Service Manager
AUTOSAR CP R20-11
class System

«enumeration»
Crypto_JobStateType
CRYPTO_JOBSTATE_IDLE
CRPTO_JOBSTATE_ACTIVE
«enumeration» Crypto_JobPrimitiveInputOutputType
Crypto_OperationModeType
- cryIfKeyId: uint32
Crypto_JobType CRYPTO_OPERATIONMODE_START - inputLength: uint32
CRYPTO_OPERATIONMODE_UPDATE - inputPtr: char *
- cryptoKeyId: uint32 CRYPTO_OPERATIONMODE_FINISH - mode: Crypto_OperationModeType
- jobId: uint32 CRYPTO_OPERATIONMODE_SINGLECALL - outputLengthPtr: char *
- jobInfoType: const Crypto_JobInfoType * - outputPtr: char *
- jobPrimitiveInfoType: const Crypto_JobPrimitiveInfoType * - secondaryInputLength: uint32
- jobPrimitiveInputOutput: Crypto_JobPrimitiveInputOutputType - secondaryInputPtr: char *
- jobRedirectionInfoRef: Crypto_JobRedirectionInfoType * - secondaryOutputLengthPtr: char *
- jobState: Crypto_JobStateType Crypto_JobInfoType - secondaryOutputPtr: char *
- targetCryptoKeyId: uint32 - targetCryIfKeyId: uint32
- jobId: uint32 - tertiaryInputLength: uint32
- jobPriority: uint32 - tertiaryInputPtr: char *
0..1 - verifyPtr: char *

Crypto_JobRedirectionInfoType

- inputKeyElementId: uint32 «enumeration»

- inputKeyId: uint32
- outputKeyElementId: uint32
- outputKeyId: uint32
- redirectionConfig: uint8
- secondaryInputKeyElementId: uint32
- secondaryInputKeyId: uint32
- secondaryOutputKeyElementId: uint32
- secondaryOutputKeyId: uint32
- tertiaryInputKeyElementId: uint32
- tertiaryInputKeyId: uint32
Crypto_ServiceInfoType
Crypto_JobPrimitiveInfoType
Crypto_PrimitiveInfoType
- callbackId: uint32
- cryIfKeyId: uint32 - algorithm: const Crypto_AlgorithmInfoType
- resultLength: uint32
- primitiveInfo: const Crypto_PrimitiveInfoType *
- service: const Crypto_ServiceInfoType
- processingType: Crypto_ProcessingType

Crypto_AlgorithmInfoType
«enumeration» «enumeration»
Crypto_ProcessingType Crypto_AlgorithmFamilyType - family: Crypto_AlgorithmFamilyType
- keyLength: uint32
CRYPTO_PROCESSING_ASNC - mode: CryptoAlgorithmModeType
CRYPTO_PROCESSING_SYNC - secondaryFamily: Crypto_AlgorithmFamilyType
«enumeration»
Crypto_AlgorithmModeType

Figure 7-3 Structure of Crypto_JobType (Job) and its dependencies

]
[SWS_Csm_00942] ⌈ If any of the SWS items Csm[CsmPrimitives]AlgorithmFamily,
Csm[CsmPrimitives]AlgorithmMode and/or
Csm[CsmPrimitives]SecondaryAlgorithmFamily in the container
Csm[CsmPrimitives]Config is set to CRYPTO_ALGOFAM_CUSTOM (0xFF) resp.
CRYPTO_ALGOMODE_CUSTOM (0xFF), then the value of the reference to
CryptoPrimitiveAlgorithmFamilyCustom/CryptoPrimitiveAlgorithmFamilyCustomId
and/or
CryptoPrimitiveAlgorithmModeCustom/CryptoPrimitiveAlgorithmModeCustomId
defined in the Crypto Driver shall be set to either of the fields “family”, “mode” and/or
“secondaryFamily” in Crypto_AlgorithmInfoType (instead of the “CUSTOM” value 0xff
itself).
⌋()

7.2 General Behavior

[SWS_Csm_00941] ⌈A job is an instance of a configurated cryptographic primitive.
⌋()

[SWS_Csm_00016] ⌈ For each job just one instance shall be processed by CSM at a
time.
⌋()

[SWS_Csm_00022] ⌈The CSM module shall allow parallel processing of different

jobs.
20 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager
 Specification of Crypto Service Manager
AUTOSAR CP R20-11

⌋(SRS_CryptoStack_00009)

[SWS_Csm_00017] ⌈If a service of the CSM module is requested and the

corresponding job is in "ACTIVE" state, the job request shall call
CryIf_ProcessJob() and pass on the return value.
⌋()

[SWS_Csm_00018] ⌈If a service of the CSM module is requested, and the

CSM job needs to be queued and the queue is full, the job request shall be rejected
with the return value CRYPTO_E_BUSY.
⌋()

[SWS_Csm_00019] ⌈If an asynchronous interface is configured, the CSM module

shall provide a main function Csm_MainFunction() which is called cyclically to control
processing of the jobs via a state machine.
⌋()

7.2.1 Normal Operation

[SWS_Csm_01039] ⌈To unite a single call function and the streaming approach for
the crypto services, there is the mode parameter, which determines the operation
mode. This service operation is a flag field, indicating the operation mode “START”,
“UPDATE” or “FINISH”. It declares explicitly what operation shall be performed.
These operation modes can be mixed, and execute multiple operations at once.
The diagram in SWS_Csm_00024 shows the state machine of a job of this design.
⌋(SRS_CryptoStack_00084)

Note: The actual transaction of the states is made in the layer, which works with
these states, i.e. in the Crypto Driver.

[SWS_Csm_00024] ⌈

21 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

stm Domain Obj ects

Idle

Initial

Crypto_Operationmode_Start

Activ e
Error E_OK
E_OK

EntryPoint
[successful finish]

Start Error Finish

[error] [error]

[error]
Crypto_Operationmode_Update Crypto_Operationmode_Finish

Update

Crypto_Operationmode_Update

⌋()

[SWS_Csm_01033]⌈The CSM crypto services shall support to process multiple

operation mode inputs with a single call.
⌋()

[SWS_Csm_01045]⌈If the CRYPTO_OPERATIONMODE_START and

CRYPTO_OPERATIONMODE_FINISH bits are set and the
CRYPTO_OPERATIONMODE_UPDATE is not set, the Csm_<Service>() function
shall return with E_NOT_OK.
⌋()

22 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Note: The coherent single call approach could improve the performance due to less
overhead. Instead of calling the explicit API multiple times, only one call is necessary.
This approach is intended to be used with small data input, which demand fast
processing.
While operating with the streaming approach (“Start”, “Update”, “Finish”) the
dedicated Crypto Driver Object is waiting for further input (“Update”) until the “Finish”
state has been reached. No other job could be processed on this Crypto Driver
instance meanwhile.Functional Requirements

7.2.1.1 Configuration

[SWS_Csm_91005] ⌈Each crypto primitive configuration shall be realized as a

constant structure of type Crypto_PrimitiveInfoType.
⌋()

[SWS_Csm_91006] ⌈Each job primitive configuration shall be realized as a constant

structure of type Crypto_JobPrimitiveInfoType.
⌋()

[SWS_Csm_00028] ⌈It shall be possible to create several configurations for each

cryptographic primitive.
⌋()
One configuration per job per primitive is possible.

[SWS_Csm_00029] ⌈When creating a primitive configuration, it shall be possible to

configure all available and allowed schemes from the underlying Crypto Driver
Object.
⌋()
[SWS_Csm_00032] ⌈If the asynchronous interface is chosen, each job primitive
configuration shall contain a callback function.
⌋(SRS_CryptoStack_00082)

7.2.1.2 Synchronous Job Processing

[SWS_Csm_00035] ⌈When the synchronous interface is used, the interface functions
shall immediately compute the result with the help of the underlying Crypto Stack
modules.
⌋()

[SWS_Csm_00037] ⌈ If a synchronous job is issued and the priority is greater than

the highest priority available in the queue, the CSM shall disable processing new jobs
from the queue until the next call of the main function has finished that follows after
completion of the currently processed job.
⌋()

Note:
Channels may hold jobs of both asynchronous and synchronous processing type. If

23 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

so, a synchronous job might not be accepted for processing although its job's priority
is higher than those of all asynchronous jobs.
Note:
As the underlying Crypto Driver can have its own queue, it can not always be
ensured that the highest priority job provided by the application is processed next.

[SWS_Csm_91007] ⌈ If a synchronous job is issued and the priority is less than the
highest priority available in the queue, the CSM shall return CRYPTO_E_BUSY.
⌋()

Note:
By pausing calls to the CSM main function with e.g. critical sections during calling the
synchronous jobs, it can be ensured, that synchronous jobs can be processed in a
row without having to wait for asynchronous jobs in between if they have a high
enough priority. Also consider disabling queueing in the Crypto Driver Object to
ensure fast processing of synchronous jobs.
If the loading of asynchronous jobs from the queue shall not be paused by
synchronous jobs, the priorities of the synchronous jobs have to be smaller than the
asynchronous jobs.

7.2.1.3 Asynchronous Job Processing

[SWS_Csm_00036] ⌈If the asynchronous interface is used, the interface functions
shall only hand over the necessary information to the underlying Crypto Stack
modules.
⌋()

[SWS_Csm_00039] ⌈The users of the CSM shall be notified when a requested

cryptographic service has been processed by calling the callback function from the
job primitive configuration.
⌋()

7.2.2 Design Notes

The CSM provides two services: (1) the crypto services itself and (2) key
management.

7.2.2.1 CSM module startup

The Csm_Init() request shall not be responsible to trigger the initialization of the
underlying CRYIF. It is assumed, that the underlying CRYIF will be initialized by any
appropriate entity (e.g. BswM).

Software components, which are using the CSM module, shall be responsible for
checking global error and status information resulting from the CSM module startup.

24 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

7.2.2.2 Crypto Services

7.2.2.2.1 Usage of the CSM crypto services

[SWS_Csm_00734]⌈CSM crypto services shall provide a Csm_<Service>() API.
⌋()

[SWS_Csm_00924]⌈The application shall be able to call Csm_<Service>() with

the operation mode CRYPTO_OPERATIONMODE_START to initialize cryptographic
computations.
⌋()

[SWS_Csm_00925]⌈The application shall be able to call Csm_<Service>() with the

operation mode CRYPTO_OPERATIONMODE_UPDATE arbitrary often, but at least
one time, to feed the job's crypto primitive with input data.
⌋()

[SWS_Csm_01046] ⌈The application shall be able to call Csm_<Service>() with

the operation mode CRYPTO_OPERATIONMODE_FINISH to finalize cryptographic
computations.
⌋()

[SWS_Csm_01055] ⌈ Only the service operations HASH, MACGENERATE,

MACVERIFY, ENCRYPT, DECRYPT, AEAD_ENCRYPT, AEAD_DECRYPT,
SIGNATUREGENERATE, SIGNATUREVERIFY shall support the operation mode
START, UPDATE and FINISH as specified from the API. For all other service
operations, the CSM shall set the operation mode to
CRYPTO_OPERATIONMODE_SINGLECALL, even if the API does not provide an
operation mode.
⌋()

Note:
The Csm_<Service>() will call the CryIf_ProcessJob() with a pointer to
Crypto_JobType, where all the necessary information are stored to process the job.
Part of this Crypto_JobType is a Crypto_JobPrimitiveInputOutputType, where all the
information about the input and output parameters depending of the service are
stored. A definition of the mapping from the API parameters of Csm_<Service>() to
the parameters of Crypto_JobPrimitiveInputOutputType, can be found in
[SWS_Crypto_00073] of the Crypto Driver specification.

[SWS_Csm_01093] ⌈If the CSM issues either the service CRYPTO_MACGENERATE,

CRYPTO_MACVERIFY, CRYPTO_ENCRYPT, CRYPTO_DECRYPT,
CRYPTO_AEADENCRYPT, CRYPTO_AEADDECRYPT, CRYPTO_RANDOMGENERATE,
CRYPTO_SIGNATUREGENERATE or CRYPTO_SIGNATUREVERIFY to the Crypto
Interface, it needs to make sure that the element jobPrimitiveInfo-
>cryIfKeyId in the job structure of Crypto_JobType references to the assigned
key of this job.
25 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager
 Specification of Crypto Service Manager
AUTOSAR CP R20-11

⌋()

Note: The CryIf is responsible to transform this ID to the corresponding key ID of the
respective crypto driver.

[SWS_Csm_01094] ⌈If one of the primitive services CRYPTO_KEYSETVALID,

CRYPTO_KEYSETINVALID, CRYPTO_RANDOMSEED, CRYPTO_KEYGENERATE,
CRYPTO_KEYDERIVE, CRYPTO_KEYEXCHANGECALCPUBVAL or
CRYPTO_KEYEXCHANGECALCSECRET are to be executed, the CSM shall fill in the
elements of the structure Csm_JobType->jobPrimitiveInputOutput-
>cryIfKeyId and, if applicable, Csm_JobType->jobPrimitiveInputOutput-
>targetCryIfKeyId with the corresponding CryIf key ID.
⌋()

Note: The CryIf is responsible to transform these IDs to the corresponding key IDs of
the respective crypto driver.

7.2.2.2.2 Queuing

The CSM may have several queues, where the jobs are lining up depending on their
priority, to process multiple cryptographic requests. The path from a CSM queue via
the CryIf to a Crypto Driver Object is called a channel. Each queue of the CSM is
mapped to one channel to access the crypto primitives of the Crypto Driver Object.
The size of the queue is configurable.
To optimize the hardware usage of the Crypto Driver Object, there is optionally a
queue in Crypto Driver, too.

A Crypto Driver Object represents an instance of an independent crypto “device”

(hardware or software, e.g. AES accelerator). There could be a channel for fast AES
and CMAC calculations on an HSM for jobs with high priority, which ends on a native
AES calculation service in the Crypto Driver. But it is also possible, that a Crypto
Driver Object is a piece of software, e.g. for RSA calculations where users are able to
encrypt, decrypt, sign or verify data.

26 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Figure 7-4 AUTOSAR Layered View with channels

Figure 7-4 illustrates an AUTOSAR Layered View with channels. In this example,
there is a HSM with two Crypto Driver Objects (HW-AES and HW-RSA), each of
them has an own channel. Each channel is connected to a CSM queue and a Crypto
Driver Object queue.
In this case, both Crypto Driver Objects are processing a crypto job (AES-high and
RSA) each, while the queue of the Crypto Driver Object contains one more job (AES-
low). If the HW-AES of the HSM finished the AES-high job, AES-low job will be
processed as next one.

Other scenarios with the same setup (without jobs in process or in queues) can be
derived as follows:
It will be assumed, that a new job of an application calls RSA.

 If the Crypto Driver Object of the RSA is not busy, the job will be processed
immediately.
 If the Crypto Driver Object of the RSA is busy, but the queue of the Crypto
Driver Object is not full, the job will be listed into that queue in order of its
priority. As soon as the Crypto Driver Object is free, the job with the highest
priority from the Crypto Driver Object queue will be executed.
 If the Crypto Driver Object of the RSA is busy and the queue of the Crypto
Driver Object is full, the job will be stored in the CSM queue in order of its
priority.
 If the Crypto Driver Object of the RSA is busy and the queue of the Crypto
Driver Object as well as the CSM queue are full, the CSM rejects the request.
 If the Crypto Driver Object of the RSA is active, the job is already started in the
Crypto Driver and is waiting for either more data to process or the finish
command.
27 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager
 Specification of Crypto Service Manager
AUTOSAR CP R20-11

[SWS_Csm_00940] ⌈It shall be possible to queue CSM jobs in configured

CsmQueues in the CSM.
⌋()

[SWS_Csm_00944] ⌈The CsmQueues shall sort the jobs according to the configured
job’s priority.
⌋()
The higher the job priority value, the higher the job’s priority.

[SWS_Csm_91072] ⌈ A service operation shall only be added to the queue if the

data consistency of the job structure can be guaranteed. This shall be particularly
considered when services with the same jobID are added to the queue (e.g. with
subsequent calls to Csm_SignatureVerify() and Csm_SaveContextJob()). If
this cannot be guaranteed, the service operation shall return with E_BUSY.
⌋()

[SWS_Csm_91073] ⌈ ⌈ If services with the same JobID can be added to the queue,
then the order of execution of these services shall correspond to the order if incoming
services operation requests (“First-In-First-Out”).
⌋()

[SWS_Csm_91074] ⌈The Csm_<Service>() function shall behave as shown in

diagram SWS_Csm_01041.
⌋()

28 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

[SWS_Csm_01041]⌈

⌋()

Synchronous job processing and queuing might not be useful. So, if synchronous job
processing is chosen, the queue sizes should be “0”. However, it is also possible to
use channels (including queues) with synchronous and asynchronous jobs.

The queued jobs can be passed to the CRYIF in the Csm_MainFunction().

If the job has the state “active” the CSM shall assume, that the mapped cryptographic
driver instance is currently processing this job and the caller wants to continue with
the operation (e.g. feeding more data using “update”). The plausibility check has to
be performed in the cryptographic driver instance.

29 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

7.2.2.3 Key Management

[SWS_Csm_00950] ⌈Services belonging to the key management shall provide the

Csm_<Service>() function, only.
⌋()

[SWS_Csm_00954] ⌈A key consists of one or more key elements.

⌋()
Examples of key elements are the key material itself, an initialization vector, a seed
for random number generation, or the proof of the SHE standard.

Keys, i.e. the corresponding key IDs have symbolic names given by the
configuration. The Crypto Stack API uses the following key element index definition
from the CSM module:

[SWS_Csm_01022] ⌈
Crypto Service: key element: key element Name: key element ID:

Key Material CRYPTO_KE_MAC_KEY 1

MAC Proof (SHE) CRYPTO_KE_MAC_PROOF 2

Seed CRYPTO_KE_KEYGENERATE_SEED 16

Key Material CRYPTO_KE_SIGNATURE_KEY 1

Signature
ECC curve type CRYPTO_KE_SIGNATURE_CURVETYPE 29

Seed State CRYPTO_KE_RANDOM_SEED_STATE 3

Random
Algorithm CRYPTO_KE_RANDOM_ALGORITHM 4

Key Material CRYPTO_KE_CIPHER_KEY 1

Init Vector CRYPTO_KE_CIPHER_IV 5

Cipher/AEAD
Proof (SHE) CRYPTO_KE_CIPHER_PROOF 6

2nd Key Material CRYPTO_KE_CIPHER_2NDKEY 7

Base CRYPTO_KE_KEYEXCHANGE_BASE 8

Private Key CRYPTO_KE_KEYEXCHANGE_PRIVKEY 9

Own Public Key CRYPTO_KE_KEYEXCHANGE_OWNPUBKEY 10

Key Exchange
Shared Value CRYPTO_KE_KEYEXCHANGE_SHAREDVALUE 1

Algorithm CRYPTO_KE_KEYEXCHANGE_ALGORITHM 12

ECC curve type CRYPTO_KE_KEYEXCHANGE_CURVETYPE 29

Password CRYPTO_KE_KEYDERIVATION_PASSWORD 1

Key Derivation Salt CRYPTO_KE_KEYDERIVATION_SALT 13

Iterations CRYPTO_KE_KEYDERIVATION_ITERATIONS 14

30 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Algorithm CRYPTO_KE_KEYDERIVATION_ALGORITHM 15

ECC curve type CRYPTO_KE_KEYDERIVATION_CURVETYPE 29

Key Material CRYPTO_KE_KEYGENERATE_KEY 1

Seed CRYPTO_KE_KEYGENERATE_SEED 16
Key Generate
Algorithm CRYPTO_KE_KEYGENERATE_ALGORITHM 17

ECC curve type CRYPTO_KE_KEYGENERATE_CURVETYPE 29

⌋()

The key elements indices of SWS_Csm_1022 can be extended by the vendor.

[SWS_Csm_00951] ⌈For each key element that contains cryptographic key material,
the format of the provided key shall be specified in the configuration used for data
exchange, e.g. for Csm_KeyElementGet() or Csm_KeyElementSet().The key
formats supported by a specific crypto driver are part of the pre-configuration
information that comes along with the crypto driver.
⌋(SRS_CryptoStack_00008)

[SWS_Csm_00953] ⌈The following key formats are available:

CRYPTO_KE_FORMAT_BIN_OCTET Key provided as octet value in binary form1.
CRYPTO_KE_FORMAT_BIN_SHEKEYS Combined input/output keys for SHE
operation (M1+M2+M3) and (M4+M5).
CRYPTO_KE_FORMAT_BIN_IDENT_PRIVATEKEY_ PKCS8 Private key material in ASN.1 coded form
(BER coding) with identification. The data is
provided in binary form, not, e.g. as a
BASE64 string.
CRYPTO_KE_FORMAT_BIN_IDENT_PUBLICKEY Public key material in ASN.1 coded form
(BER coding) with identification. The data is
provided in binary form, not, e.g. as a
BASE64 string.
CRYPTO_KE_FORMAT_BIN _RSA_PRIVATEKEY Private key material in ASN.1 coded form
(BER coding). The key material is provided
in binary form, not, e.g. as a BASE64 string.
CRYPTO_KE_FORMAT_BIN _RSA_PUBLICKEY Public key material in ASN.1 coded form
(BER coding). The key material is provided
in binary form, not, e.g. as a BASE64 string.
A binary Octet is the integer representation in base 256. A large value can be splitted into his factors:
x = x xLen–1 * 256xLen–1 + xxLen–2 * 256xLen–2 + … + x1 * 256 + x0. where 0 <= xi < 256.
Let the Octet Xi have the integer value xxLen-i for 1 <= i <= xLen. The octet is then
X = X1 X2 .. XxLen

Rationale: An asymmetric key can either be provided with or without identification.

The identification is used to uniquely identify the key itself that is provided, so that the
key parser can check if the key material is appropriate or not. Without identification,
the key material must correspond to the format that is specified for this key. Following
IETF standards, the identification of a key is provided as an object identifier (OID) as
part of the ASN.1 description.
⌋ (SRS_CryptoStack_00008)

[SWS_Csm_00952] ⌈Vendor specific keyElementIds should start 1000 to avoid

interferences with future extended versions of the Crypto Stack.
⌋()
31 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager
 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Note:
The key elements CRYPTO_KE_[…]_ALGORITHM are used to configure the behavior
of the key management functions, because they are independent of jobs and
therefore can not be configured like a primitive.

[SWS_Csm_01092] ⌈If a cryptographic primitive uses elliptic curve algorithm but the
concrete curve parameter cannot sufficiently specified by its algorithm families and its
algorithm mode, an additional key element of type CRYPTO_KE_xxxxx_CURVETYPE
shall be used to provide the required information. This information is set at runtime
through the key element interface. The data of the key element shall be set with its
object identifier follows the format defined in [19] and [20].
⌋(SRS_CryptoStack_00008)

Example: Definition for an ECC Brainpool 160 P1 key used for signature generation.

P2CONST(uint8, AUTOMATIC, MSN_CONST) EccKey =

{ 0x12, 0x23, 0x34, ... }
; // The required key value.

// According to RFC5639:
// {iso(1) identified-organization(3) teletrust(36)
algorithm(3) signatureAlgorithm(3) ecSign(2)
ecStdCurvesAndGeneration(8) ellipticCurve(1)}

brainpoolP160r1(1)
P2CONST(uint8, AUTOMATIC, MSN_CONST) EccType =
{ 1, 3, 36, 3, 3, 2, 8, 1, 1 }
; //OID definition of ECC Brainpool 160 P1

Csm_KeyElementSet(MyEccKeyId, CRYPTO_KE_SIGNATURE_KEY, EccKey,

sizeof(EccKey) );
Csm_KeyElementSet(MyEccKeyId, CRYPTO_KE_SIGNATURE_CURVETYPE,
EccType, sizeof(EccType) );
Csm_KeySetValid(MyEccKeyId);

7.2.2.4 Redirection of Input and/or Output of Crypto Jobs

[SWS_Csm_91013] ⌈The input and/or output data of a job can be re-directed to a

key element. Which input and output value to which key and its key element is re-
directed shall be statically configured at compile time and shall not be changed at
runtime.
⌋()

32 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

[SWS_Csm_91014] ⌈If an input or output value of a job is re-directed to a key

element (CsmInOutRedirectionRef ECUC_Csm_00262 is existing) and the
corresponding input or output length value is not set to 0, the job shall not be
processed and E_NOT_OK shall be returned.
⌋()

[SWS_Csm_91015] ⌈If input or output redirection is not used for a job element (no
CsmInOutRedirectionRef ECUC_Csm_00262 is existing),
jobRedirectionInfoRef shall be set to NULL_PTR. If redirection is used element
(CsmInOutRedirectionRef ECUC_Csm_00262 is existing) the
jobRedirectionInfoRef shall point to a structure of
Crypto_JobRedirectionInfoType.
⌋()

[SWS_Csm_91016] ⌈The structure Crypto_JobRedirectionInfoType contains

information which key elements shall be used for redirection. A bit field called
redirectionConfig is provided that indicates which input and/or output value is
redirected.
The value of redirectionConfig is a bit coded value that is used to indicate,
which of the input and output buffers are redirected. If the least significant bit (Bit #0
or 0x01) of redirectionConfig is set the primary input key and its element is
redirected and the value of inputKeyId and inputKeyElementId must indicate
the element that is used for input buffer instead of the inputPtr and its length. If Bit
#1 is set, the secondaryInputBuffer is redirected to the secondary input key is
set and the key and key elements must be set, and Bit #2 is used for the tertiary input
key. Bit #3 is reserved for future use.
If Bit #4 is set the outputPtr is redirected to the output key element of the output
key. Bit #5 indicates the redirection of the secondary output buffer to the secondary
key and its key element. If a bit is set to 0 the input or output shall not be redirected
to the associated Key Element.
Example: A value of redirectionConfig of "00110001" indicates that the input
should be gathered from the inputKeyElement of inputKeyId and that the
output buffer and secondary output buffer shall be redirected to the
outputKeyElement of outputKeyId and secondaryOutputKeyElement of
secondaryOutputKeyId.
⌋()

7.2.2.5 Job context interface

The job context interface allows to save or restore the context data of the workspace
for a specific crypto service from the crypto driver. This allows to store all dynamically
created data within a crypto driver so that it can later be restored to continue this
operation at the exact point where the context snapshot was taken.
Key element data are not affected. This means, that key elements are not part of the
context data and must be set or read by the key element interface separately if
necessary.

33 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

[SWS_Csm_91069] ⌈ In addition to the standard error detection described in chapter

7.4, on a call to Csm_SaveContextJob() or Csm_RestoreContextJob() the
CSM shall check if the related job is currently active. If so, the operation shall
continue as specified. Otherwise (the job is in IDLE state), the function shall
immediately return with E_NOT_OK.
⌋()

[SWS_Csm_91070] ⌈ On a call to Csm_SaveContextJob() or

Csm_RestoreContextJob() the CSM shall check if the related job is currently
actively processing data, means the CSM has scheduled an operation related to this
job to the driver and is waiting for a response. In this case, the function shall
immediately return with E_NOT_OK.
⌋()

[SWS_Csm_91071] ⌈ On a call to Csm_RestoreContextJob() or

Csm_SaveContextJob() the CSM shall check if the job references to either of the
CsmPrimitive CsmHash, CsmEncrypt, CsmEncryptAEAD,
CsmDecryptAEAD, CsmDecrypt, CsmMacGenerate, CsmMacVerify,
CsmSignatureGenerate or CsmSignatureVerify. If so, the operation shall
continue as specified. Otherwise, the operation shall not be performed and
CSM_E_SERVICE_TYPE shall be reported to the DET when CsmDevErrorDetect is
true.
⌋()

7.3 Error Classification

Section 7.2 "Error Handling" of the document "General Specification of Basic
Software Modules" describes the error handling of the Basic Software in detail.
Above all, it constitutes a classification scheme consisting of five error types which
may occur in BSW modules.

Based on this foundation, the following section specifies particular errors arranged in
the respective subsections below.

7.3.1 Development Errors

[SWS_Csm_91004]⌈
Error
Type of error Related error code
value

CSM_E_PARAM_
API request called with invalid parameter (Nullpointer) 0x01
POINTER

Csm Configuration ID out of range CSM_E_PARAM_HANDLE 0x04

API request called before initialization of CSM module CSM_E_UNINIT 0x05

Initialization of CSM module failed CSM_E_INIT_FAILED 0x07

34 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

CSM_E_PROCESSING_
API request called with invalid processing mode 0x08
MODE

Mismatch between the called API request and the service

CSM_E_SERVICE_TYPE 0x09
type of the job

⌋(SRS_CryptoStack_00086)

7.3.2 Runtime Errors

[SWS_Csm_01089]⌈
Type of error Related error code Error value

Queue overrun CSM_E_QUEUE_FULL 0x01

⌋(SRS_CryptoStack_00086)

7.3.3 Transient Faults

There are no transient faults.

7.3.4 Production Errors

There are no production errors.

7.3.5 Extended Production Errors

There are no extended production errors.

7.4 Error Detection

[SWS_Csm_91008] ⌈ While the CSM is not initialized and any function of the CSM
API is called, except of CSM_Init() and Csm_GetVersionInfo(), the operation
shall not be performed and CSM_E_UNINIT shall be reported to the DET when
CsmDevErrorDetect is true.
⌋()

[SWS_Csm_91009] ⌈If a pointer to null is passed to an API function and the

corresponding input or output data are not re-directed to a key element, the operation
shall not be performed and CSM_E_PARAM_POINTER shall be reported to the DET
when CsmDevErrorDetect is true.
⌋()

[SWS_Csm_91011] ⌈If a CSM API with a ID handle in its interface is called and the
ID handle is out of range, the operation shall not be performed and
35 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager
 Specification of Crypto Service Manager
AUTOSAR CP R20-11

CSM_E_PARAM_HANDLE shall be reported to the DET when CsmDevErrorDetect

is true.
⌋()

[SWS_Csm_01091] ⌈If a CSM API with a job handle (called jobId) in its interface is
called and the Crypto_ServiceInfoType of the job does not match the requested
service, the operation shall not be performed and CSM_E_SERVICE_TYPE shall be
reported to the DET when CsmDevErrorDetect is true.
⌋(SRS_CryptoStack_00087)

[SWS_Csm_01088] ⌈If a CSM job needs to be queued and the queue is full, the
runtime error CSM_E_QUEUE_FULL shall be reported to the DET.
⌋(SRS_CryptoStack_00087)

Note: The indication of a queue overrun is logged as runtime error.

7.5 Multicore

In case the Crypto-Stack is distributed across several partitions, Csm shall allow calls
of its <sevice> APIs in different partitions.

[SWS_Csm_91065] ⌈ CsmQueues shall be handled within the MainFunction, which

is referenced via CsmJobMainFunctionRef.
⌋()

Note:
In case the a CsmJob is not processed inside MainFunction context at all
(Synchronous interfacing), the MainFunction assignment (via the respective
CsmQueue) defines the partition, where the CsmJob is assigned to.

[SWS_Csm_91066] ⌈ The Csm module shall apply appropriate mechanisms to allow

calls of Csm_<Service>() API from partitions its CsmJobs are assigned to.
⌋()

36 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

8 API Specification

8.1 Imported types

[SWS_Csm_00068] ⌈Only the standard AUTOSAR types provided by Std_Types.h
shall be imported.
⌋()

8.2 Type Definitions

8.2.1 Extension to Std_ReturnType

[SWS_Csm_91043]⌈
The service request failed because the service is
CRYPTO_E_BUSY 0x02
still busy

CRYPTO_E_ENTROPY_ The service request failed because the entropy of

0x04
EXHAUSTED the random number generator is exhausted

CRYPTO_E_KEY_ The service request failed because read access

0x06
READ_FAIL was denied

CRYPTO_E_KEY_ The service request failed because the writing

0x07
WRITE_FAIL access failed

CRYPTO_E_KEY_NOT_ The service request failed because at least one

Range 0x08
AVAILABLE required key element is not available.

CRYPTO_E_KEY_NOT_ The service request failed because the key is

0x09
VALID invalid.

CRYPTO_E_KEY_SIZE_ The service request failed because the key size

0x0A
MISMATCH does not match.

CRYPTO_E_JOB_ The service request failed because the Job has

0x0C
CANCELED been canceled.

CRYPTO_E_KEY_ The service request failed because of uninitialized

0x0D
EMPTY source key element.

Description --

Available
Crypto_GeneralTypes.h
via

⌋(SRS_CryptoStack_00095)

8.2.2 Csm_ConfigType

[SWS_Csm_01085]⌈
Name Csm_ConfigType

37 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Kind Structure

implementation specific

Type --
Elements
The content of the configuration data structure is implementation
Comment
specific.

Description Configuration data structure of Csm module

Available
Csm.h
via

⌋(SWS_BSW_00216)

8.2.3 Crypto_AlgorithmFamilyType

[SWS_Csm_01047]⌈
Name Crypto_AlgorithmFamilyType

Kind Enumeration

CRYPTO_ALGOFAM_NOT_
0x00 Algorithm family is not set
SET

CRYPTO_ALGOFAM_SHA1 0x01 SHA1 hash

CRYPTO_ALGOFAM_
0x02 SHA2-224 hash
SHA2_224

CRYPTO_ALGOFAM_
0x03 SHA2-256 hash
SHA2_256

CRYPTO_ALGOFAM_
0x04 SHA2-384 hash
SHA2_384

CRYPTO_ALGOFAM_
0x05 SHA2-512 hash
SHA2_512
Range
CRYPTO_ALGOFAM_
0x06 SHA2-512/224 hash
SHA2_512_224

CRYPTO_ALGOFAM_
0x07 SHA2-512/256 hash
SHA2_512_256

CRYPTO_ALGOFAM_
0x08 SHA3-224 hash
SHA3_224

CRYPTO_ALGOFAM_
0x09 SHA3-256 hash
SHA3_256

CRYPTO_ALGOFAM_
0x0a SHA3-384 hash
SHA3_384

CRYPTO_ALGOFAM_
0x0b SHA3-512 hash
SHA3_512

38 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

CRYPTO_ALGOFAM_
0x0c SHAKE128 hash
SHAKE128

CRYPTO_ALGOFAM_
0x0d SHAKE256 hash
SHAKE256

CRYPTO_ALGOFAM_
0x0e RIPEMD hash
RIPEMD160

CRYPTO_ALGOFAM_
0x0f BLAKE-1-256 hash
BLAKE_1_256

CRYPTO_ALGOFAM_
0x10 BLAKE-1-512 hash
BLAKE_1_512

CRYPTO_ALGOFAM_
0x11 BLAKE-2s-256 hash
BLAKE_2s_256

CRYPTO_ALGOFAM_
0x12 BLAKE-2s-512 hash
BLAKE_2s_512

CRYPTO_ALGOFAM_3DES 0x13 3DES cipher

CRYPTO_ALGOFAM_AES 0x14 AES cipher

CRYPTO_ALGOFAM_
0x15 ChaCha cipher
CHACHA

CRYPTO_ALGOFAM_RSA 0x16 RSA cipher

CRYPTO_ALGOFAM_
0x17 ED22519 elliptic curve
ED25519

CRYPTO_ALGOFAM_
0x18 Brainpool elliptic curve
BRAINPOOL

CRYPTO_ALGOFAM_
0x19 NIST ECC elliptic curves
ECCNIST

CRYPTO_ALGOFAM_RNG 0x1b Random Number Generator

CRYPTO_ALGOFAM_
0x1c SipHash
SIPHASH

CRYPTO_ALGOFAM_
0x1e Elliptic curve according to ANSI X9.62
ECCANSI

CRYPTO_ALGOFAM_
0x1f Elliptic curve according to SECG
ECCSEC

Random number generator according to

CRYPTO_ALGOFAM_DRBG 0x20
NIST SP800-90A

CRYPTO_ALGOFAM_ Random number generator according to FIPS

0x21
FIPS186 186.

CRYPTO_ALGOFAM_
0x22 Cipher padding according to PKCS.7
PADDING_PKCS7

39 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Cipher padding mode. Fill/verify data with 0,

CRYPTO_ALGOFAM_
0x23 but first bit after the data is 1. Eg. "DATA" &
PADDING_ONEWITHZEROS
0x80 & 0x00...

CRYPTO_ALGOFAM_
0x24 Password-Based Key Derivation Function 2
PBKDF2

CRYPTO_ALGOFAM_
0x25 ANSI X9.63 Public Key Cryptography
KDFX963

CRYPTO_ALGOFAM_DH 0x26 Diffie-Hellman

CRYPTO_ALGOFAM_SM2 0x27 SM2 elliptic curve algorithm

CRYPTO_ALGOFAM_EEA3 0x28 Stream cipher based on [x01]

CRYPTO_ALGOFAM_SM3 0x29 Chinese hash algorithm based on [x02]

CRYPTO_ALGOFAM_EIA3 0x2A Authentication algorithm [x01]

HMAC-based extract-and-expand key

CRYPTO_ALGOFAM_HKDF 0x2B
derivation function

CRYPTO_ALGOFAM_
0x2C Elliptic-curve Digital Signatures
ECDSA

CRYPTO_ALGOFAM_
0x2D MAC calculation algorithm
POLY1305

CRYPTO_ALGOFAM_
0x2E Elliptic curve X25519 for ECDH
X25519

CRYPTO_ALGOFAM_ECDH 0x2F Elliptic-curve Diffie Hellman

CRYPTO_ALGOFAM_
0xff Custom algorithm family
CUSTOM

Description Enumeration of the algorithm family.

Available
Crypto_GeneralTypes.h
via

⌋()

8.2.4 Crypto_AlgorithmModeType

[SWS_Csm_01048]⌈
Name Crypto_AlgorithmModeType

Kind Enumeration

CRYPTO_ALGOMODE_NOT_SET 0x00 Algorithm key is not set

CRYPTO_ALGOMODE_ECB 0x01 Blockmode: Electronic Code Book

Range
CRYPTO_ALGOMODE_CBC 0x02 Blockmode: Cipher Block Chaining

CRYPTO_ALGOMODE_CFB 0x03 Blockmode: Cipher Feedback Mode

40 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager
 Specification of Crypto Service Manager
AUTOSAR CP R20-11

CRYPTO_ALGOMODE_OFB 0x04 Blockmode: Output Feedback Mode

CRYPTO_ALGOMODE_CTR 0x05 Blockmode: Counter Modex

CRYPTO_ALGOMODE_GCM 0x06 Blockmode: Galois/Counter Mode

XEX Tweakable Block Cipher with

CRYPTO_ALGOMODE_XTS 0x07
Ciphertext Stealing

CRYPTO_ALGOMODE_RSAES_ RSA Optimal Asymmetric Encryption

0x08
OAEP Padding

CRYPTO_ALGOMODE_RSAES_ RSA encryption/decryption with

0x09
PKCS1_v1_5 PKCS#1 v1.5 padding

CRYPTO_ALGOMODE_RSASSA_
0x0a RSA Probabilistic Signature Scheme
PSS

CRYPTO_ALGOMODE_RSASSA_
0x0b RSA signature with PKCS#1 v1.5
PKCS1_v1_5

CRYPTO_ALGOMODE_8ROUNDS 0x0c 8 rounds (e.g. ChaCha8)

CRYPTO_ALGOMODE_12ROUNDS 0x0d 12 rounds (e.g. ChaCha12)

CRYPTO_ALGOMODE_20ROUNDS 0x0e 20 rounds (e.g. ChaCha20)

CRYPTO_ALGOMODE_HMAC 0x0f Hashed-based MAC

CRYPTO_ALGOMODE_CMAC 0x10 Cipher-based MAC

CRYPTO_ALGOMODE_GMAC 0x11 Galois MAC

Counter-based Deterministic
CRYPTO_ALGOMODE_CTRDRBG 0x12
Random Bit Generator

CRYPTO_ALGOMODE_
0x13 Siphash-2-4
SIPHASH_2_4

CRYPTO_ALGOMODE_
0x14 Siphash-4-8
SIPHASH_4_8

CRYPTO_ALGOMODE_PXXXR1 0x15 ANSI R1 Curve

CRYPTO_ALGOMODE_CUSTOM 0xff Custom algorithm mode

Description Enumeration of the algorithm mode

Available
Crypto_GeneralTypes.h
via

⌋()

8.2.5 Crypto_InputOutputRedirectionConfigType

[SWS_Csm_91024]⌈
Name Crypto_InputOutputRedirectionConfigType

41 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Kind Enumeration

CRYPTO_REDIRECT_CONFIG_PRIMARY_INPUT 0x01 --

CRYPTO_REDIRECT_CONFIG_SECONDARY_INPUT 0x02 --

Range CRYPTO_REDIRECT_CONFIG_TERTIARY_INPUT 0x04 --

CRYPTO_REDIRECT_CONFIG_PRIMARY_OUTPUT 0x10 --

CRYPTO_REDIRECT_CONFIG_SECONDARY_OUTPUT 0x20 --

Defines which of the input/output parameters are re-directed to a key element. The
Description
values can be combined to define a bit field.

Available
Crypto_GeneralTypes.h
via

⌋()

8.2.6 Crypto_JobType

[SWS_Csm_01013]⌈
Name Crypto_JobType

Kind Structure

jobId

Type uint32

Comment Identifier for the job structure.

jobState

Type Crypto_JobStateType

Comment Determines the current job state.

jobPrimitiveInputOutput

Elements Type Crypto_JobPrimitiveInputOutputType

Structure containing input and output information depending on the job

Comment
and the crypto primitive.

jobPrimitiveInfo

Type const Crypto_JobPrimitiveInfoType*

Pointer to a structure containing further information which depends on

Comment
the job and the crypto primitive.

cryptoKeyId

Type uint32

42 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Identifier of the Crypto Driver key. The identifier shall be written by the
Comment
Crypto Interface.

jobRedirectionInfoRef

Type Crypto_JobRedirectionInfoType*

Pointer to a structure containing further information on the usage of keys

Comment
as input and output for jobs.

targetCryptoKeyId

Type uint32

Target identifier of the Crypto Driver key. The identifier shall be written by
Comment
the Crypto Interface.

jobPriority

Type const uint32

Comment Specifies the importance of the job (the higher, the more important).

Structure which contains further information, which depends on the job and the crypto
Description
primitive.

Available
Crypto_GeneralTypes.h
via

⌋()

8.2.7 Crypto_JobStateType

[SWS_Csm_01028]⌈
Name Crypto_JobStateType

Kind Enumeration

CRYPTO_ Job is in the state "idle". This state is reached after Csm_
0x00
JOBSTATE_IDLE Init() or when the "Finish" state is finished.
Range
CRYPTO_ Job is in the state "active". There was already some input
JOBSTATE_ 0x01 or there are intermediate results. This state is reached,
ACTIVE when the "update" or "start" operation finishes.

Description Enumeration of the current job state.

Available
Crypto_GeneralTypes.h
via

⌋()

8.2.8 Crypto_JobPrimitiveInputOutputType

[SWS_Csm_01009]⌈
43 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager
 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Name Crypto_JobPrimitiveInputOutputType

Kind Structure

inputPtr

Type const uint8*

Comment Pointer to the input data.

inputLength

Type uint32

Comment Contains the input length in bytes.

secondaryInputPtr

Type const uint8*

Comment Pointer to the secondary input data (for MacVerify, SignatureVerify).

secondaryInputLength

Type uint32

Contains the secondary input length in bits or bytes, depending on the

Comment
requested service.

tertiaryInputPtr

Type const uint8*

Elements
Comment Pointer to the tertiary input data (for MacVerify, SignatureVerify).

tertiaryInputLength

Type uint32

Comment Contains the tertiary input length in bytes.

outputPtr

Type uint8*

Comment Pointer to the output data.

outputLengthPtr

Type uint32*

Holds a pointer to a memory location containing the output length in

Comment
bytes.

secondaryOutputPtr

Type uint8*

Comment Pointer to the secondary output data.

secondaryOutputLengthPtr

44 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Type uint32*

Holds a pointer to a memory location containing the secondary output

Comment
length in bytes.

verifyPtr

Type Crypto_VerifyResultType*

Comment Output pointer to a memory location holding a Crypto_VerifyResultType

mode

Type Crypto_OperationModeType

Comment Indicator of the mode(s)/operation(s) to be performed

cryIfKeyId

Type uint32

Comment Holds the CryIf key id for key operation services.

targetCryIfKeyId

Type uint32

Comment Holds the target CryIf key id for key operation services.

Structure which contains input and output information depending on the job and the
Description
crypto primitive.

Available
Crypto_GeneralTypes.h
via

⌋()

8.2.9 Crypto_JobPrimitiveInfoType

[SWS_Csm_01012]⌈
Name Crypto_JobPrimitiveInfoType

Kind Structure

callbackId

Type uint32

Internal identifier of the callback function, to be called by Csm, if the

Comment
configured service is finished.
Elements
primitiveInfo

Type const Crypto_PrimitiveInfoType*

Pointer to a structure containing further configuration of the crypto

Comment
primitives

45 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

cryIfKeyId

Type uint32

Comment Identifier of the CryIf key.

processingType

Type Crypto_ProcessingType

Comment Determines the synchronous or asynchronous behavior.

Structure which contains further information, which depends on the job and the crypto
Description
primitive.

Available
Crypto_GeneralTypes.h
via

⌋(SRS_CryptoStack_00008)

8.2.10 Crypto_ServiceInfoType

[SWS_Csm_01031]⌈
Name Crypto_ServiceInfoType

Kind Enumeration

CRYPTO_HASH 0x00 Hash Service

CRYPTO_MACGENERATE 0x01 MacGenerate Service

CRYPTO_MACVERIFY 0x02 MacVerify Service

CRYPTO_ENCRYPT 0x03 Encrypt Service

CRYPTO_DECRYPT 0x04 Decrypt Service

CRYPTO_AEADENCRYPT 0x05 AEADEncrypt Service

CRYPTO_AEADDECRYPT 0x06 AEADDecrypt Service

CRYPTO_SIGNATUREGENERATE 0x07 SignatureGenerate Service

Range
CRYPTO_SIGNATUREVERIFY 0x08 SignatureVerify Service

CRYPTO_RANDOMGENERATE 0x0B RandomGenerate Service

CRYPTO_RANDOMSEED 0x0C RandomSeed Service

CRYPTO_KEYGENERATE 0x0D KeyGenerate Service

CRYPTO_KEYDERIVE 0x0E KeyDerive Service

CRYPTO_ KeyExchangeCalcPubVal
0x0F
KEYEXCHANGECALCPUBVAL Service

CRYPTO_ KeyExchangeCalcSecret
0x10
KEYEXCHANGECALCSECRET Service

46 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

CRYPTO_KEYSETVALID 0x13 KeySetValid Service

CRYPTO_KEYSETINVALID 0x14 KeySetInvalid Service

Description Enumeration of the kind of the service.

Available
Crypto_GeneralTypes.h
via

⌋()

8.2.11 Crypto_JobRedirectionInfoType

[SWS_Csm_91026]⌈
Name Crypto_JobRedirectionInfoType

Kind Structure

redirectionConfig

Type uint8

Bit structure which indicates which buffer shall be redirected to a key

Comment element. Values from Crypto_InputOutputRedirectionConfigType can be
used and combined with unary OR operation.

inputKeyId

Type uint32

Comment Identifier of the key which shall be used as input

inputKeyElementId

Type uint32

Comment Identifier of the key element which shall be used as input

Elements
secondaryInputKeyId

Type uint32

Comment Identifier of the key which shall be used as secondary input

secondaryInputKeyElementId

Type uint32

Comment Identifier of the key element which shall be used as secondary input

tertiaryInputKeyId

Type uint32

Comment Identifier of the key which shall be used as tertiary input

tertiaryInputKeyElementId

47 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Type uint32

Comment Identifier of the key element which shall be used as tertiary input

outputKeyId

Type uint32

Comment Identifier of the key which shall be used as output

outputKeyElementId

Type uint32

Comment Identifier of the key element which shall be used as output

secondaryOutputKeyId

Type uint32

Comment Identifier of the key which shall be used as secondary output

secondaryOutputKeyElementId

Type uint32

Comment Identifier of the key element which shall be used as secondary output

Structure which holds the identifiers of the keys and key elements which shall be used
Description as input and output for a job and a bit structure which indicates which buffers shall be
redirected to those key elements.

Available
Crypto_GeneralTypes.h
via

⌋()

8.2.12 Crypto_AlgorithmInfoType

[SWS_Csm_01008]⌈
Name Crypto_AlgorithmInfoType

Kind Structure

family

Type Crypto_AlgorithmFamilyType

Comment The family of the algorithm

Elements secondaryFamily

Type Crypto_AlgorithmFamilyType

Comment The secondary family of the algorithm

keyLength

48 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Type uint32

Comment The key length in bits to be used with that algorithm

mode

Type Crypto_AlgorithmModeType

Comment The operation mode to be used with that algorithm

Structure which determines the exact algorithm. Note, not every algorithm needs to
Description
specify all fields. AUTOSAR shall only allow valid combinations.

Available
Crypto_GeneralTypes.h
via

⌋()

8.2.13 Crypto_ProcessingType

[SWS_Csm_01049]⌈
Name Crypto_ProcessingType

Kind Enumeration

CRYPTO_PROCESSING_ASYNC 0x00 Asynchronous job processing

Range
CRYPTO_PROCESSING_SYNC 0x01 Synchronous job processing

Description Enumeration of the processing type.

Available via Crypto_GeneralTypes.h

⌋(SRS_CryptoStack_00100, SRS_CryptoStack_00101)

8.2.14 Crypto_PrimitiveInfoType

[SWS_Csm_01011]⌈
Name Crypto_PrimitiveInfoType

Kind Structure

service

Type const Crypto_ServiceInfoType

Comment Contains the enum of the used service, e.g. Encrypt

Elements
algorithm

Type const Crypto_AlgorithmInfoType

Comment Contains the information of the used algorithm

Description Structure which contains basic information about the crypto primitive.
49 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager
 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Available via Crypto_GeneralTypes.h

⌋()

8.2.15 Csm_ConfigIdType

[SWS_Csm_00691]⌈
Name Csm_ConfigIdType

Kind Type

Derived
uint16
from

Range 0..65535 -- --

Identification of a CSM service configuration via a numeric identifier, that is unique

Description within a service. The name of a CSM service configuration, i.e. the name of the
container Csm_<Service>Config, shall serve as a symbolic name for this parameter

Available
Csm.h
via

⌋(SRS_Csm_00066)

8.3 Function Definitions

[SWS_Csm_00478] ⌈All functions need not to be reentrant. For behavior in case of a
reentrant call see SWS_Csm_00017.
⌋()

8.3.1 General Interface

8.3.1.1 Csm_Init

[SWS_Csm_00646]⌈
Service Name Csm_Init

void Csm_Init (
Syntax const Csm_ConfigType* configPtr
)

Service ID
0x00
[hex]

Sync/Async Synchronous

Reentrancy Non Reentrant

Parameters
configPtr Pointer to a selected configuration structure
(in)

50 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Parameters
None
(inout)

Parameters
None
(out)

Return value None

Initializes the CSM module. In configurations, in which Csm is assigned to more

Description than one partition (i.e. Csm_MainFunctions are mapped to partitions), Csm may
provide one init function per partition.

Available via Csm.h

⌋(SRS_BSW_00101, SRS_BSW_00358, SRS_BSW_00414)

[SWS_Csm_00186] ⌈The Configuration pointer configPtr shall always have a null

pointer value.
⌋(SWS_BSW_00050)

The Configuration pointer configPtr is currently not used and shall therefore be set
null pointer value.

[SWS_Csm_00659] ⌈If the initialization of the CSM module fails, the CSM shall
report CSM_E_INIT_FAILED to the DET when CsmDevErrorDetect is true.
⌋()

8.3.1.2 Csm_GetVersionInfo

[SWS_Csm_00705]⌈
Service Name Csm_GetVersionInfo

void Csm_GetVersionInfo (
Syntax Std_VersionInfoType* versioninfo
)

Service ID [hex] 0x3b

Sync/Async Synchronous

Reentrancy Reentrant

Parameters (in) None

Parameters (inout) None

Parameters (out) versioninfo Pointer to where to store the version information of this module.

Return value None

Description Returns the version information of this module.

Available via Csm.h

⌋(SRS_BSW_00407)
51 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager
 Specification of Crypto Service Manager
AUTOSAR CP R20-11

8.3.2 Hash Interface

A cryptographic hash function is a deterministic procedure that takes an arbitrary

block of data and returns a fixed-size bit string, the hash value, such that an
accidental or intentional change to the data will change the hash value. Main
properties of hash functions are that it is infeasible to find a message that has a given
hash or to find two different messages with the same hash.

8.3.2.1 Csm_Hash

[SWS_Csm_00980]⌈
Service
Csm_Hash
Name

Std_ReturnType Csm_Hash (
uint32 jobId,
Crypto_OperationModeType mode,
const uint8* dataPtr,
Syntax uint32 dataLength,
uint8* resultPtr,
uint32* resultLengthPtr
)

Service ID
0x5d
[hex]

Sync/Async Synchronous or Async, depending on the job configuration

Reentrancy Reentrant

jobId Holds the identifier of the job using the CSM service.

mode Indicates which operation mode(s) to perfom.

Parameters
(in) dataPtr Contains the pointer to the data for which the hash shall be computed.

data
Contains the number of bytes to be hashed.
Length

Holds a pointer to the memory location in which the output length in bytes
is stored. On calling this function, this parameter shall contain the size of
result
Parameters the buffer provided by resultPtr. When the request has finished, the
Length
(inout) actual length of the returned value shall be stored. If the provided length
Ptr
information is smaller than the total length of the hash result, the resultPtr
will contain the truncated hash result.

Parameters
resultPtr Contains the pointer to the data where the hash value shall be stored.
(out)

Std_-
E_OK: Request successful
Return value Return-
E_NOT_OK: Request failed
Type

Description Uses the given data to perform the hash calculation and stores the hash.

Available via Csm.h

52 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

⌋(SRS_CryptoStack_00024)

8.3.3 MAC interface

A message authentication code (MAC) is a short piece of information used to

authenticate a message. A MAC algorithm accepts as input a secret key and an
arbitrary-length message to be authenticated, and outputs a MAC. The MAC value
protects both a message's data integrity as well as its authenticity, by allowing
verifiers (who also possess the secret key) to detect any changes to the message
content.

8.3.3.1 Csm_MacGenerate

[SWS_Csm_00982]⌈
Service
Csm_MacGenerate
Name

Std_ReturnType Csm_MacGenerate (
uint32 jobId,
Crypto_OperationModeType mode,
const uint8* dataPtr,
Syntax uint32 dataLength,
uint8* macPtr,
uint32* macLengthPtr
)

Service ID
0x60
[hex]

Sync/Async Synchronous or Async, depending on the job configuration

Reentrancy Reentrant

jobId Holds the identifier of the job using the CSM service.

mode Indicates which operation mode(s) to perfom.

Parameters
(in) dataPtr Contains the pointer to the data for which the MAC shall be computed.

data
Contains the number of bytes to be hashed.
Length

Holds a pointer to the memory location in which the output length in bytes
is stored. On calling this function, this parameter shall contain the size of
mac
Parameters the buffer provided by macPtr. When the request has finished, the actual
Length
(inout) length of the returned MAC shall be stored. If the provided length
Ptr
information is smaller than the total length of the MAC result, the macPtr
will contain the truncated MAC result.

Parameters
macPtr Contains the pointer to the data where the MAC shall be stored.
(out)

Std_- E_OK: Request successful

Return value Return- E_NOT_OK: Request failed
Type CRYPTO_E_BUSY: Request failed, service is still busy

53 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

CRYPTO_E_KEY_NOT_VALID: Request failed, the key's state is

"invalid"
CRYPTO_E_KEY_SIZE_MISMATCH: Request failed, a key element has
the wrong size
CRYPTO_E_KEY_EMPTY: Request failed because of uninitialized
source key element

Uses the given data to perform a MAC generation and stores the MAC in the memory
Description
location pointed to by the MAC pointer.

Available via Csm.h

⌋(SRS_CryptoStack_00022)

8.3.3.2 Csm_MacVerify

[SWS_Csm_01050]⌈
Service Name Csm_MacVerify

Std_ReturnType Csm_MacVerify (
uint32 jobId,
Crypto_OperationModeType mode,
const uint8* dataPtr,
Syntax uint32 dataLength,
const uint8* macPtr,
const uint32 macLength,
Crypto_VerifyResultType* verifyPtr
)

Service ID [hex] 0x61

Sync/Async Synchronous or Async, depending on the job configuration

Reentrancy Reentrant

jobId Holds the identifier of the job using the CSM service.

mode Indicates which operation mode(s) to perfom.

dataPtr Holds a pointer to the data for which the MAC shall be verified.
Parameters (in)
Contains the number of data bytes for which the MAC shall be
dataLength
verified.

macPtr Holds a pointer to the MAC to be verified.

macLength Contains the MAC length in BITS to be verified.

Parameters
None
(inout)

Parameters Holds a pointer to the memory location, which will hold the result
verifyPtr
(out) of the MAC verification.

E_OK: Request successful

Std_Return- E_NOT_OK: Request failed
Return value
Type CRYPTO_E_BUSY: Request failed, service is still busy
CRYPTO_E_KEY_NOT_VALID: Request failed, the key's state
54 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager
 Specification of Crypto Service Manager
AUTOSAR CP R20-11

is "invalid"
CRYPTO_E_KEY_SIZE_MISMATCH: Request failed, a key
element has the wrong size
CRYPTO_E_KEY_EMPTY: Request failed because of
uninitialized source key element

Description Verifies the given MAC by comparing if the MAC is generated with the given data.

Available via Csm.h

⌋()

8.3.4 Cipher Interface

The cipher interfaces can be used for symmetrical and asymmentrical encryption or
decryption. Furthermore, it is also possible to use these interfaces for compression
and decompression, respectively.

8.3.4.1 Csm_Encrypt

[SWS_Csm_00984]⌈
Service
Csm_Encrypt
Name

Std_ReturnType Csm_Encrypt (
uint32 jobId,
Crypto_OperationModeType mode,
const uint8* dataPtr,
Syntax uint32 dataLength,
uint8* resultPtr,
uint32* resultLengthPtr
)

Service ID
0x5e
[hex]

Sync/Async Synchronous or Async, depending on the job configuration

Reentrancy Reentrant

jobId Holds the identifier of the job using the CSM service.

mode Indicates which operation mode(s) to perfom.

Parameters
(in) dataPtr Contains the pointer to the data to be encrypted.

data
Contains the number of bytes to encrypt.
Length

Holds a pointer to the memory location in which the output length

information is stored in bytes. On calling this function, this parameter
Parameters result
shall contain the size of the buffer provided by resultPtr. When the
(inout) LengthPtr
request has finished, the actual length of the returned value shall be
stored.

55 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Parameters Contains the pointer to the data where the encrypted data shall be
resultPtr
(out) stored.

E_OK: Request successful

E_NOT_OK: Request failed
CRYPTO_E_BUSY: Request failed, service is still busy
Std_- CRYPTO_E_KEY_NOT_VALID: Request failed, the key's state is
Return value Return- "invalid"
Type CRYPTO_E_KEY_SIZE_MISMATCH: Request failed, a key element has
the wrong size
CRYPTO_E_KEY_EMPTY: Request failed because of uninitialized
source key element

Encrypts the given data and store the ciphertext in the memory location pointed by
Description
the result pointer.

Available via Csm.h

⌋(SRS_CryptoStack_00020, SRS_CryptoStack_00021)

In the case of block ciphers, it shall be possible to pass a dataLength which is not
a multiple of the corresponding block size. The underlying Crypto Driver is
responsible for handling these input data.

8.3.4.2 Csm_Decrypt

[SWS_Csm_00989]⌈
Service
Csm_Decrypt
Name

Std_ReturnType Csm_Decrypt (
uint32 jobId,
Crypto_OperationModeType mode,
const uint8* dataPtr,
Syntax
uint32 dataLength,
uint8* resultPtr,
uint32* resultLengthPtr
)

Service ID
0x5f
[hex]

Sync/Async Synchronous or Async, depending on the job configuration

Reentrancy Reentrant

jobId Holds the identifier of the job using the CSM service.

mode Indicates which operation mode(s) to perfom.

Parameters
(in) dataPtr Contains the pointer to the data to be decrypted.

data
Contains the number of bytes to decrypt.
Length

56 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Holds a pointer to the memory location in which the output length

information is stored in bytes. On calling this function, this parameter
Parameters result
shall contain the size of the buffer provided by resultPtr. When the
(inout) LengthPtr
request has finished, the actual length of the returned value shall be
stored.

Parameters Contains the pointer to the memory location where the decrypted data
resultPtr
(out) shall be stored.

E_OK: Request successful

E_NOT_OK: Request failed
CRYPTO_E_BUSY: Request failed, service is still busy
Std_- CRYPTO_E_KEY_NOT_VALID: Request failed, the key's state is
Return value Return- "invalid"
Type CRYPTO_E_KEY_SIZE_MISMATCH: Request failed, a key element has
the wrong size
CRYPTO_E_KEY_EMPTY: Request failed because of uninitialized
source key element

Decrypts the given encrypted data and store the decrypted plaintext in the memory
Description
location pointed by the result pointer.

Available via Csm.h

⌋(SRS_CryptoStack_00020, SRS_CryptoStack_00021)

8.3.5 Authenticated Encryption with Associated Data (AEAD) Interface

AEAD (also known as Authenticated Encryption) is a block cipher mode of operation

which also allows integrity checks (e.g. AES-GCM).

8.3.5.1 Csm_AEADEncrypt

[SWS_Csm_01023]⌈
Service
Csm_AEADEncrypt
Name

Std_ReturnType Csm_AEADEncrypt (
uint32 jobId,
Crypto_OperationModeType mode,
const uint8* plaintextPtr,
uint32 plaintextLength,
const uint8* associatedDataPtr,
Syntax uint32 associatedDataLength,
uint8* ciphertextPtr,
uint32* ciphertextLengthPtr,
uint8* tagPtr,
uint32* tagLengthPtr
)

Service ID
0x62
[hex]

Sync/Async Synchronous or Async, depending on the job configuration

57 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Reentrancy Reentrant

jobId Holds the identifier of the job using the CSM service.

mode Indicates which operation mode(s) to perfom.

plaintextPtr Contains the pointer to the data to be encrypted.

Parameters plaintext
Contains the number of bytes to encrypt.
(in) Length

associated
Contains the pointer to the associated data.
DataPtr

associated
Contains the number of bytes of the associated data.
DataLength

Holds a pointer to the memory location in which the output length in

bytes of the ciphertext is stored. On calling this function, this
ciphertext
parameter shall contain the size of the buffer in bytes provided by
LengthPtr
resultPtr. When the request has finished, the actual length of the
returned value shall be stored.
Parameters
(inout)
Holds a pointer to the memory location in which the output length in
bytes of the Tag is stored. On calling this function, this parameter
tagLengthPtr shall contain the size of the buffer in bytes provided by resultPtr.
When the request has finished, the actual length of the returned
value shall be stored.

Contains the pointer to the data where the encrypted data shall be
ciphertextPtr
Parameters stored.
(out)
tagPtr Contains the pointer to the data where the Tag shall be stored.

E_OK: Request successful

E_NOT_OK: Request failed
CRYPTO_E_BUSY: Request failed, service is still busy
CRYPTO_E_KEY_NOT_VALID: Request failed, the key's state is
Std_Return-
Return value "invalid"
Type
CRYPTO_E_KEY_SIZE_MISMATCH: Request failed, a key element
has the wrong size
CRYPTO_E_KEY_EMPTY: Request failed because of uninitialized
source key element

Uses the given input data to perform a AEAD encryption and stores the ciphertext
Description and the MAC in the memory locations pointed by the ciphertext pointer and Tag
pointer.

Available via Csm.h

⌋()

8.3.5.2 Csm_AEADDecrypt

[SWS_Csm_01026]⌈
Service
Csm_AEADDecrypt
Name

58 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Std_ReturnType Csm_AEADDecrypt (
uint32 jobId,
Crypto_OperationModeType mode,
const uint8* ciphertextPtr,
uint32 ciphertextLength,
const uint8* associatedDataPtr,
Syntax uint32 associatedDataLength,
const uint8* tagPtr,
uint32 tagLength,
uint8* plaintextPtr,
uint32* plaintextLengthPtr,
Crypto_VerifyResultType* verifyPtr
)

Service ID
0x63
[hex]

Sync/Async Synchronous or Async, depending on the job configuration

Reentrancy Reentrant

jobId Holds the identifier of the job using the CSM service.

mode Indicates which operation mode(s) to perfom.

ciphertextPtr Contains the pointer to the data to be decrypted.

ciphertext
Contains the number of bytes to decrypt.
Length
Parameters
(in) associated
Contains the pointer to the associated data.
DataPtr

associated
Contains the length in bytes of the associated data.
DataLength

tagPtr Contains the pointer to the Tag to be verified.

tagLength Contains the length in bytes of the Tag to be verified.

Holds a pointer to the memory location in which the output length in

bytes of the paintext is stored. On calling this function, this
Parameters plaintext
parameter shall contain the size of the buffer provided by plaintext
(inout) LengthPtr
Ptr. When the request has finished, the actual length of the returned
value shall be stored.

Contains the pointer to the data where the decrypted data shall be
plaintextPtr
Parameters stored.
(out)
verifyPtr Contains the pointer to the result of the verification.

E_OK: Request successful

E_NOT_OK: Request failed
CRYPTO_E_BUSY: Request failed, service is still busy
CRYPTO_E_KEY_NOT_VALID: Request failed, the key's state is
Std_Return-
Return value "invalid"
Type
CRYPTO_E_KEY_SIZE_MISMATCH: Request failed, a key element
has the wrong size
CRYPTO_E_KEY_EMPTY: Request failed because of uninitialized
source key element

59 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Uses the given data to perform an AEAD encryption and stores the ciphertext and
Description
the MAC in the memory locations pointed by the ciphertext pointer and Tag pointer.

Available via Csm.h

⌋()

8.3.6 Signature Interface

A digital signature is a type of asymmetric cryptography. Digital signatures are

equivalent to traditional handwritten signatures in many respects.
Digital signatures can be used to authenticate the source of messages as well as to
prove integrity of signed messages. If a message is digitally signed, any change in
the message after signature will invalidate the signature. Furthermore, there is no
efficient way to modify a message and its signature to produce a new message with
a valid signature.

8.3.6.1 Csm_SignatureGenerate

[SWS_Csm_00992]⌈
Service
Csm_SignatureGenerate
Name

Std_ReturnType Csm_SignatureGenerate (
uint32 jobId,
Crypto_OperationModeType mode,
const uint8* dataPtr,
Syntax uint32 dataLength,
uint8* signaturePtr,
uint32* signatureLengthPtr
)

Service ID
0x76
[hex]

Sync/Async Synchronous or Async, depending on the job configuration

Reentrancy Reentrant

jobId Holds the identifier of the job using the CSM service.

mode Indicates which operation mode(s) to perform.

Parameters
(in)
dataPtr Contains the pointer to the data to be signed.

dataLength Contains the number of bytes to sign.

Holds a pointer to the memory location in which the output length in

bytes of the signature is stored. On calling this function, this parameter
Parameters signature
shall contain the size of the buffer provided by resultPtr. When the
(inout) LengthPtr
request has finished, the actual length of the returned value shall be
stored.

Parameters signature
Contains the pointer to the data where the signature shall be stored.
(out) Ptr
60 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager
 Specification of Crypto Service Manager
AUTOSAR CP R20-11

E_OK: Request successful

E_NOT_OK: Request failed
CRYPTO_E_BUSY: Request failed, service is still busy
Std_- CRYPTO_E_KEY_NOT_VALID: Request failed, the key's state is
Return value Return- "invalid"
Type CRYPTO_E_KEY_SIZE_MISMATCH: Request failed, a key element
has the wrong size
CRYPTO_E_KEY_EMPTY: Request failed because of uninitialized
source key element

Uses the given data to perform the signature calculation and stores the signature in
Description
the memory location pointed by the result pointer.

Available via Csm.h

⌋(SRS_CryptoStack_00023)

8.3.6.2 Csm_SignatureVerify

[SWS_Csm_00996]⌈
Service Name Csm_SignatureVerify

Std_ReturnType Csm_SignatureVerify (
uint32 jobId,
Crypto_OperationModeType mode,
const uint8* dataPtr,
Syntax uint32 dataLength,
const uint8* signaturePtr,
uint32 signatureLength,
Crypto_VerifyResultType* verifyPtr
)

Service ID [hex] 0x64

Sync/Async Synchronous or Async, depending on the job configuration

Reentrancy Reentrant

jobId Holds the identifier of the job using the CSM service.

mode Indicates which operation mode(s) to perfom.

dataPtr Contains the pointer to the data to be verified.

Parameters (in)
dataLength Contains the number of data bytes.

signaturePtr Holds a pointer to the signature to be verified.

signature
Contains the signature length in bytes.
Length

Parameters
None
(inout)

Parameters Holds a pointer to the memory location, which will hold the result
verifyPtr
(out) of the signature verification.

61 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

E_OK: Request successful

E_NOT_OK: Request failed
CRYPTO_E_BUSY: Request failed, service is still busy
CRYPTO_E_KEY_NOT_VALID: Request failed, the key's state
Std_Return-
Return value is "invalid"
Type
CRYPTO_E_KEY_SIZE_MISMATCH: Request failed, a key
element has the wrong size
CRYPTO_E_KEY_EMPTY: Request failed because of
uninitialized source key element

Verifies the given MAC by comparing if the signature is generated with the given
Description
data.

Available via Csm.h

⌋(SRS_CryptoStack_00023)

8.3.7 Random Interface

The random interface provides generation of random numbers. A random number

can be generated either by a physical device (true random number generator), or by
computational algorithms (pseudo random number generator). The randomness of
pseudo random number generators can be increased by an appropriate selection of
the seed.

8.3.7.1 Csm_RandomGenerate
[SWS_Csm_01543]⌈
Service
Csm_RandomGenerate
Name

Std_ReturnType Csm_RandomGenerate (
uint32 jobId,
Syntax uint8* resultPtr,
uint32* resultLengthPtr
)

Service ID
0x72
[hex]

Sync/Async Synchronous or Async, depending on the job configuration

Reentrancy Reentrant

Parameters
jobId Holds the identifier of the job using the CSM service.
(in)

Holds a pointer to the memory location in which the result length in bytes
result is stored. On calling this function, this parameter shall contain the number
Parameters
Length of random bytes, which shall be stored to the buffer provided by resultPtr.
(inout)
Ptr When the request has finished, the actual length of the returned value
shall be stored.

Parameters Holds a pointer to the memory location which will hold the result of the
resultPtr
(out) random number generation.

62 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

E_OK: Request successful

Std_- E_NOT_OK: Request failed
Return value Return- CRYPTO_E_BUSY: Request failed, service is still busy
Type CRYPTO_E_ENTROPY_EXHAUSTED: Request failed, entropy of
random number generator is exhausted

Generate a random number and stores it in the memory location pointed by the result
Description
pointer.

Available via Csm.h

⌋(SRS_CryptoStack_00019)

To generate a random number, no streaming approach is necessary. The interface

Csm_RandomGenerate can be called arbitrarily often to generate multiple random
numbers.

[SWS_Csm_01054] ⌈ The operation mode of the Csm_RandomGenerate() function

call shall be set to ”CRYPTO_OPERATIONMODE_SINGLECALL”.
⌋()

8.3.8 Key Management Interface

The following interfaces are used for key management. Basically, a key contains of
one ore more key elements. A key element can be part of multiple keys. For
example, this allows to derive a key element from a password with one keyId, and to
use this derived key element for encryption with another keyId.

Note:
If the actual key element to be modified is directly mapped to flash memory, there
could be a bigger delay when calling the key management functions (synchronous
operation)

[SWS_Csm_00974] ⌈ If a key management function is called, the CSM shall disable

processing new jobs from the queue until the next call of the main function.
⌋()

8.3.8.1 Key Setting Interface

8.3.8.1.1 Csm_KeyElementSet
[SWS_Csm_00957]⌈
Service Name Csm_KeyElementSet

Std_ReturnType Csm_KeyElementSet (
uint32 keyId,
uint32 keyElementId,
Syntax
const uint8* keyElementPtr,
uint32 keyElementLength
)

63 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Service ID
0x78
[hex]

Sync/Async Synchronous

Reentrancy Non Reentrant

Holds the identifier of the key for which a new material shall be
keyId
set.

keyElementId Holds the identifier of the key element to be written.

Parameters (in)
keyElement
Holds the pointer to the key element bytes to be processed.
Ptr

keyElement
Contains the number of key element bytes.
Length

Parameters
None
(inout)

Parameters
None
(out)

E_OK: Request successful

E_NOT_OK: Request failed
CRYPTO_E_BUSY: Request failed, Crypto Driver Object is busy
CRYPTO_E_KEY_WRITE_FAIL:Request failed because write
Std_Return-
Return value access was denied
Type
CRYPTO_E_KEY_NOT_AVAILABLE: Request failed because the
key is not available
CRYPTO_E_KEY_SIZE_MISMATCH: Request failed, key
element size does not match size of provided data

Description Sets the given key element bytes to the key identified by keyId.

Available via Csm.h

⌋()

[SWS_Csm_01002] ⌈ If no errors are detected by Csm, the service

Csm_KeyElementSet() shall call CryIf_KeyElementSet().
⌋()

8.3.8.1.2 Csm_KeySetValid
[SWS_Csm_00958]⌈
Service Name Csm_KeySetValid

Std_ReturnType Csm_KeySetValid (
Syntax uint32 keyId
)

Service ID [hex] 0x67

Sync/Async Synchronous

Reentrancy Non Reentrant

64 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Holds the identifier of the key for which a new material shall be
Parameters (in) keyId
validated.

Parameters
None
(inout)

Parameters (out) None

E_OK: Request successful

Std_Return- E_NOT_OK: Request failed
Return value
Type CRYPTO_E_BUSY: Request failed, Crypro Driver Object is
busy

Description Sets the key state of the key identified by keyId to valid.

Available via Csm.h

⌋()

[SWS_Csm_01003] ⌈ If no errors are detected by Csm, the service

Csm_KeySetValid() shall call CryIf_KeySetValid().
⌋()

8.3.8.1.3 Csm_KeySetInvalid
[SWS_Csm_91075]⌈
Service Name Csm_KeySetInvalid

Std_ReturnType Csm_KeySetInvalid (
Syntax uint32 keyId
)

Service ID
0x85
[hex]

Sync/Async Synchronous

Reentrancy Non Reentrant

Parameters (in) keyId Holds the identifier of the key which shall be invalidated.

Parameters
None
(inout)

Parameters
None
(out)

E_OK: Request successful

E_NOT_OK: Request failed
Return value Std_ReturnType
CRYPTO_E_BUSY: Request failed, Crypro Driver Object is
busy

Sets the key status to invalid. The key cannot be used any longer for cryptographic
Description
operations until it has been set to valid state again.

Available via Csm.h

⌋()
65 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager
 Specification of Crypto Service Manager
AUTOSAR CP R20-11

[SWS_Csm_91050] ⌈ If no errors are detected by Csm, the service

Csm_KeySetInvalid() shall call CryIf_KeySetInvalid().
⌋()

8.3.8.2 Key Status Interface

8.3.8.2.1 Csm_KeyGetStatus
[SWS_Csm_91047]⌈
Service Name Csm_KeyGetStatus

Std_ReturnType Csm_KeyGetStatus (
uint32 keyId,
Syntax Crypto_KeyStatusType* keyStatusPtr
)

Service ID [hex] 0x83

Sync/Async Synchronous

Reentrancy Reentrant

Holds the identifier of the key for which the key state shall be
Parameters (in) keyId
returned.

Parameters
None
(inout)

Contains the pointer to the data where the status of the key
Parameters (out) keyStatusPtr
shall be stored.

Std_Return- E_OK: Request successful

Return value
Type E_NOT_OK: Request failed

Description Returns the key state of the key identified by keyId.

Available via Csm.h

⌋()

[SWS_Csm_91048] ⌈ If no errors are detected by Csm, the service

Csm_KeyGetStatus() shall call CryIf_KeyGetStatus().
⌋()

8.3.8.3 Key Extraction Interface

8.3.8.3.1 Csm_KeyElementGet
[SWS_Csm_00959]⌈
Service
Csm_KeyElementGet
Name

Std_ReturnType Csm_KeyElementGet (
uint32 keyId,
Syntax uint32 keyElementId,
uint8* keyElementPtr,
66 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager
 Specification of Crypto Service Manager
AUTOSAR CP R20-11

uint32* keyElementLengthPtr
)

Service ID
0x68
[hex]

Sync/Async Synchronous

Reentrancy Reentrant

Holds the identifier of the key from which a key element shall be
keyId
extracted.
Parameters
(in)
key
Holds the identifier of the key element to be extracted.
ElementId

Holds a pointer to the memory location in which the output buffer length
key
Parameters in bytes is stored. On calling this function, this parameter shall contain
Element
(inout) the buffer length in bytes of the keyElementPtr. When the request has
LengthPtr
finished, the actual size of the written input bytes shall be stored.

Parameters key Holds the pointer to the memory location where the key element shall
(out) ElementPtr be copied to.

E_OK: Request successful

E_NOT_OK: Request failed
CRYPTO_E_BUSY: Request failed, Crypto Driver Object is busy
Std_- CRYPTO_E_KEY_NOT_AVAILABLE: Request failed, the requested
Return value Return- key element is not available
Type CRYPTO_E_KEY_READ_FAIL: Request failed because read access
was denied
CRYPTO_E_KEY_EMPTY: Request failed because of uninitialized
source key element

Retrieves the key element bytes from a specific key element of the key identified by
Description the keyId and stores the key element in the memory location pointed by the key
pointer.

Available via Csm.h

⌋(SRS_CryptoStack_00010, SRS_CryptoStack_00011, SRS_CrytptoStack_00029)

[SWS_Csm_01004] ⌈ If no errors are detected by Csm, the service

Csm_KeyElementGet() shall call CryIf_KeyElementGet().
⌋()

The underlying Crypto Driver has to decide if and how the key element bytes are
extracted.

8.3.8.4 Key Copying Interface

8.3.8.4.1 Csm_KeyElementCopy

[SWS_Csm_00969]⌈
Service Name Csm_KeyElementCopy

67 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Std_ReturnType Csm_KeyElementCopy (
const uint32 keyId,
const uint32 keyElementId,
Syntax
const uint32 targetKeyId,
const uint32 targetKeyElementId
)

Service ID
0x71
[hex]

Sync/Async Synchronous

Reentrancy Reentrant, but not for the same keyId

Holds the identifier of the key whose key element shall be the
keyId
source element.

Holds the identifier of the key element which shall be the source
keyElementId
for the copy operation.
Parameters (in)
Holds the identifier of the key whose key element shall be the
targetKeyId
destination element.

targetKey Holds the identifier of the key element which shall be the
ElementId destination for the copy operation.

Parameters
None
(inout)

Parameters
None
(out)

E_OK: Request successful

E_NOT_OK: Request failed
CRYPTO_E_BUSY: Request failed, Crypto Driver Object is
busy
CRYPTO_E_KEY_NOT_AVAILABLE: Request failed, the
requested key element is not available
Std_Return- CRYPTO_E_KEY_READ_FAIL: Request failed, not allowed to
Return value
Type extract key element
CRYPTO_E_KEY_WRITE_FAIL: Request failed, not allowed to
write key element
CRYPTO_E_KEY_SIZE_MISMATCH: Request failed, key
element sizes are not compatible
CRYPTO_E_KEY_EMPTY: Request failed because of
uninitialized source key element

Description This function shall copy a key elements from one key to a target key.

Available via Csm.h

⌋()

[SWS_Csm_01032] ⌈ If no errors are detected by Csm and the keyId and

targetKeyId are located in different Crypto Drivers, the service
Csm_KeyElementCopy() shall call CryIf_KeyElementCopy() and pass on the
return value.
⌋()
68 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager
 Specification of Crypto Service Manager
AUTOSAR CP R20-11

8.3.8.4.2 Csm_KeyCopy

[SWS_Csm_01034]⌈
Service Name Csm_KeyCopy

Std_ReturnType Csm_KeyCopy (
const uint32 keyId,
Syntax const uint32 targetKeyId
)

Service ID [hex] 0x73

Sync/Async Synchronous

Reentrancy Reentrant, but not for same keyId

Holds the identifier of the key whose key element shall be the
keyId
source element.
Parameters (in)
Holds the identifier of the key whose key element shall be the
targetKeyId
destination element.

Parameters
None
(inout)

Parameters
None
(out)

E_OK: Request successful

E_NOT_OK: Request failed
CRYPTO_E_BUSY: Request failed, Crypto Driver Object is busy
CRYPTO_E_KEY_NOT_AVAILABLE: Request failed, the
requested key element is not available
CRYPTO_E_KEY_READ_FAIL: Request failed, not allowed to
Std_Return-
Return value extract key element
Type
CRYPTO_E_KEY_WRITE_FAIL: Request failed, not allowed to
write key element
CRYPTO_E_KEY_SIZE_MISMATCH: Request failed, key
element sizes are not compatible
CRYPTO_E_KEY_EMPTY: Request failed because of
uninitialized source key element

Description This function shall copy all key elements from the source key to a target key.

Available via Csm.h

⌋()

[SWS_Csm_01035] ⌈ If no errors are detected by Csm and the keyId and

targetKeyId are located in the same Crypto Driver, the service Csm_KeyCopy()
shall call CryIf_KeyCopy()and pass on the return value.
⌋()

8.3.8.4.3 Csm_KeyElementCopyPartial

[SWS_Csm_91025]⌈
69 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager
 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Service
Csm_KeyElementCopyPartial
Name

Std_ReturnType Csm_KeyElementCopyPartial (
uint32 keyId,
uint32 keyElementId,
uint32 keyElementSourceOffset,
Syntax uint32 keyElementTargetOffset,
uint32 keyElementCopyLength,
uint32 targetKeyId,
uint32 targetKeyElementId
)

Service ID
0x79
[hex]

Sync/Async Synchronous

Reentrancy Reentrant, but not for the same keyId

Holds the identifier of the key whose key element shall be the
keyId
source element for copy operation.

Holds the identifier of the key element which shall be the

keyElementId
source for the copy operation.

keyElementSource This is the offset of the source key element indicating the start
Offset index of the copy operation.

Parameters keyElementTarget This is the offset of the destination key element indicating the
(in) Offset start index of the copy operation.

keyElementCopy
Specifies the number of bytes that shall be copied.
Length

Holds the identifier of the key whose key element shall be the
targetKeyId
destination element.

Holds the identifier of the key element which shall be the

targetKeyElementId
destination for the copy operation.

Parameters
None
(inout)

Parameters
None
(out)

E_OK: Request successful

E_NOT_OK: Request failed
CRYPTO_E_BUSY: Request failed, Crypto Driver Object is
busy
CRYPTO_E_KEY_NOT_AVAILABLE: Request failed, the
requested key element is not available
Return value Std_ReturnType
CRYPTO_E_KEY_READ_FAIL: Request failed, not allowed
to extract key element
CRYPTO_E_KEY_WRITE_FAIL: Request failed, not allowed
to write key element
CRYPTO_E_KEY_SIZE_MISMATCH: Request failed, key
element sizes are not compatible

70 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

CRYPTO_E_KEY_EMPTY: Request failed because of

uninitialized source key element

Copies a key element to another key element in the same crypto driver. The key
ElementSourceOffset and keyElementCopyLength allows to copy just a part of the
Description
source key element into the destination. The offset into the target key is also
specified with this function.

Available via Csm.h

⌋()

Note: A Concatenation of partial keys into one key element is possible by calling
Csm_KeyElementCopyPartial() multiple times and adjusting keyElementTargetOffset
properly.

[SWS_Csm_91019] ⌈ If no errors are detected by Csm shall call

CryIf_KeyElementCopyPartial() and pass on the return value.
⌋()

[SWS_Csm_91020] ⌈If the current length of the target key element is greater or
equal than (keyElementTargetOffset + keyElementCopyLength), the key element
length remains unchanged and the target data is overwritten with the contents of the
source data.
⌋()

[SWS_Csm_91021] ⌈ If the current length of the target key element is lower than
(keyElementTargetOffset + keyElementCopyLength) and the maximum
length of the key element is greater or equal than (keyElementTargetOffset +
keyElementCopyLength), then the source data shall be copied into the target key
element and the length shall be set to (keyElementTargetOffset +
keyElementCopyLength).
⌋()

[SWS_Csm_91022] ⌈
If the maximum length of the target key element is lower than
(keyElementTargetOffset + keyElementCopyLength) then the copy operation
shall not be performed and the function shall return with the error code
CRYPTO_E_KEY_SIZE_MISMATCH.
⌋()

8.3.8.5 Key Generation interface

The key generation interface is used to generate a key into the key element
CRYPTO_KE_KEYGENERATE_KEY according to the algorithm defined in the key
element CRYPTO_KE_KEYGENERATE_ALGORITHM.
The key will be generated from the random value that is located in the key element
CRYPTO_KE_KEYGENERATE_SEED.

71 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

The random value can be generated, for example, with the function
Csm_RandomGenerate() and must be stored in CRYPTO_KE_KEYGENERATE_SEED
before the key generation is triggered.
It is important to check the quality of the randomness and its entropy of the seed,
which depends on the used hardware, and software of a stack. The randomness has
a major impact on the quality of the generated key material.

The key element with the id=CRYPTO_KE_KEYGENERATE_ALGORITHM contains a

type from "Crypto_AlgorithmFamilyType", e.g. CRYPTO_ALGOFAM_AES,
CRYPTO_ALGOFAM_RSA or CRYPTO_ALGOFAM_ED25519, that allows to generate an
adequate key.
As a counter example, the algorithm family type CRYPTO_ALGOFAM_SHA2_256 is
not adequate because it provides no hint what key shall be generated.

For the key element CRYPTO_KE_KEYGENERATE_KEY the key element configuration

item CryptoKeyElement/CryptoKeyElementFormat indicates the format of the
generated key.

8.3.8.5.1 Csm_RandomSeed
[SWS_Csm_01051]⌈
Service Name Csm_RandomSeed

Std_ReturnType Csm_RandomSeed (
uint32 keyId,
Syntax const uint8* seedPtr,
uint32 seedLength
)

Service ID [hex] 0x69

Sync/Async Synchronous

Reentrancy Reentrant, but not for same keyId

Holds the identifier of the key for which a new seed shall be
keyId
generated.

Parameters (in) Holds a pointer to the memory location which contains the data
seedPtr
to feed the seed.

seedLength Contains the length of the seed in bytes.

Parameters
None
(inout)

Parameters (out) None

E_OK: Request successful

E_NOT_OK: Request failed
Std_Return- CRYPTO_E_BUSY: Request failed, Crypto Driver Object is
Return value
Type busy
CRYPTO_E_KEY_NOT_VALID: Request failed, the key's state
is "invalid"

Description Feeds the key element CRYPTO_KE_RANDOM_SEED with a random seed.

72 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Available via Csm.h

⌋()

[SWS_Csm_01052] ⌈ If no errors are detected by Csm, the service

Csm_RandomSeed() shall call CryIf_RandomSeed().
⌋()

8.3.8.5.2 Csm_KeyGenerate
[SWS_Csm_00955]⌈
Service Name Csm_KeyGenerate

Std_ReturnType Csm_KeyGenerate (
Syntax uint32 keyId
)

Service ID [hex] 0x6a

Sync/Async Synchronous

Reentrancy Reentrant but not for same keyId

Holds the identifier of the key for which a new material shall be
Parameters (in) keyId
generated.

Parameters
None
(inout)

Parameters
None
(out)

E_OK: Request successful

E_NOT_OK: Request failed
CRYPTO_E_BUSY: Request failed, Crypto Driver Object is busy
Std_Return-
Return value CRYPTO_E_KEY_NOT_VALID: Request failed, the key's state
Type
is "invalid"
CRYPTO_E_KEY_EMPTY: Request failed because of
uninitialized source key element

Description Generates new key material and store it in the key identified by keyId.

Available via Csm.h

⌋(SRS_CryptoStack_00026, SRS_CryptoStack_00027)

[SWS_Csm_01005] ⌈ If no errors are detected by Csm, the service

Csm_KeyGenerate() shall call CryIf_KeyGenerate().
⌋()

73 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

8.3.8.6 Key Derivation Interface

In cryptography, a key derivation function (or KDF) is a function, which derives one or
more secret keys from a secret value and/or other known information such as a
passphrase or cryptographic key.
Specification of input keys that are protected by hardware means can be achieved by
using the Csm_KeyDeriveKey interface.

8.3.8.6.1 Csm_KeyDerive
[SWS_Csm_00956]⌈
Service
Csm_KeyDerive
Name

Std_ReturnType Csm_KeyDerive (
uint32 keyId,
Syntax
uint32 targetKeyId
)

Service ID
0x6b
[hex]

Sync/Async Synchronous

Reentrancy Reentrant, but not for same keyId

keyId Holds the identifier of the key which is used for key derivation.
Parameters
(in) Holds the identifier of the key which is used to store the derived
targetKeyId
key.

Parameters
None
(inout)

Parameters
None
(out)

E_OK: Request successful

E_NOT_OK: Request failed
CRYPTO_E_BUSY: Request failed, Crypto Driver Object is busy
CRYPTO_E_KEY_READ_FAIL: Request failed, not allowed to
extract key element
CRYPTO_E_KEY_WRITE_FAIL: Request failed, not allowed to
Std_Return-
Return value write key element
Type
CRYPTO_E_KEY_NOT_VALID: Request failed, the key's state is
"invalid"
CRYPTO_E_KEY_SIZE_MISMATCH: Request failed, key
element sizes are not compatible
CRYPTO_E_KEY_EMPTY: Request failed because of
uninitialized source key element

Derives a new key by using the key elements in the given key identified by the keyId.
Description The given key contains the key elements for the password and salt. The derived key
is stored in the key element with the id 1 of the key identified by targetCryptoKeyId.

Available via Csm.h

⌋(SRS_CryptoStack_00103)Csm_KeyGenerate

74 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

[SWS_Csm_01018] ⌈ If no errors are detected by Csm, the service Csm_KeyDerive

() shall call CryIf_KeyDerive().
⌋()

[SWS_Csm_01019] ⌈ If the number of iterations for the key derivation is needed by

the Crypto Driver, it shall be stored in the key element
CRYPTO_KE_KEYDERIVATION_ITERATIONS.
⌋()

8.3.8.7 Key Exchange Interface

Two users that each have a private secret can use a key exchange protocol to obtain
a common secret, e.g. a key for a symmetric-key algorithm, without telling each other
their private secret and without any listener being able to obtain the common secret
or their private secrets

The functions Csm_KeyExchangeCalcPubVal() /

Csm_JobKeyExchangeCalcPubVal() and Csm_KeyExchangeCalcSecret() /
Csm_JobKeyExchangeCalcSecret() are used to support Diffie-Hellman (DH) key
exchange.
This allows two partners, Alice and Bob, to generate private and public key material,
to exchange public parts so that both parties can generate at the end a common
shared secret. This shared secret can further be used, e.g. for symmetric data
operation such as data encryption or MAC generation.
The public and private key material can either be based on prime based large
number as it is used with RSA or on elliptic curve (so-called elliptic-curve diffie-
hellman).

The CSM key exchange functions require a key with key elements according to
[SWS_Csm_01022], in the line of Crypto Service "Key Exchange". The key elements
CRYPTO_KE_KEYEXCHANGE_BASE, CRYPTO_KE_KEYEXCHANGE_PRIVKEY and
CRYPTO_KE_KEYEXCHANGE_OWNPUBKEY are used to hold the public/private key
material.
These values can either be pre-defined and set by Csm_KeyElementSet()
followed by Csm_KeySetValid() or generated. For example, these key values can
be generated by Csm_KeyGenerate() and then copied with
Csm_KeyElementCopy() to the corresponding key elements, followed by a call to
Csm_KeySetValid().
In a first step, Alice will call Csm_KeyExchangeCalcPubVal() /
Csm_JobKeyExchangeCalcPubVal() and send the results to Bob (exchanged
data may need to be signed and/or encrypted depending on the protocol).
It should be noted, that if KeyExchangeCalcPubVal is called but no valid key
material exists (key is not valid or essential key elements have length=0), the function
shall generate the necessary key material and continue as normal.
If needed, Bob will put received key material from Alice into the corresponding key
elements. He will also call Csm_KeyExchangeCalcPubVal() to generate his
shared value that needs to be sent to Alice. Afterwards, Bob can call

75 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Csm_KeyExchangeCalcSecret() to generate the common secret. This value will

be placed into the key element CRYPTO_KE_KEYEXCHANGE_SHAREDVALUE.
When Alice receives the public value from Bob, it will call
KeyExchangeCalcSecret() and provides the value from Bob in the parameter of
the function. The common shared secret will be generated by this function into the
key element CRYPTO_KE_KEYEXCHANGE_SHAREDVALUE.
Depending on the algorithm, Bob needs to send key material to Alice to allow her to
generate the common shared secret.

The key element CRYPTO_KE_KEYEXCHANGE_ALGORITHM specifies the Diffie-

Hellman algorithm. The key element value is of type Crypto_AlgorithmFamily, for
example CRYPTO_ALGOFAM_DH (for modulo based DH) or
CRYPTO_ALGOFAM_ED25519 (for ECDH(E)).
Additional elliptic curve parameter can be specified with the additional key element
CRYPTO_KE_KEYEXCHANGE_CURVE.

The other key elements have the following meaning:

DH(E) ECDH(E)
CRYPTO_KE_KEYEXCHANGE_BASE Modulo Generator point
CRYPTO_KE_KEYEXCHANGE_PRIVKEY Local exponent Private key
CRYPTO_KE_KEYEXCHANGE_OWNPUBKEY Generator Public key

8.3.8.7.1 Csm_KeyExchangeCalcPubVal
[SWS_Csm_00966]⌈
Service
Csm_KeyExchangeCalcPubVal
Name

Std_ReturnType Csm_KeyExchangeCalcPubVal (
uint32 keyId,
Syntax uint8* publicValuePtr,
uint32* publicValueLengthPtr
)

Service ID
0x6c
[hex]

Sync/Async Synchronous

Reentrancy Reentrant but not for same keyId

Parameters Holds the identifier of the key which shall be used for the key exchange
keyId
(in) protocol.

Holds a pointer to the memory location in which the public value length
public information is stored. On calling this function, this parameter shall
Parameters
Value contain the size of the buffer provided by publicValuePtr. When the
(inout)
LengthPtr request has finished, the actual length of the returned value shall be
stored.

Parameters public
Contains the pointer to the data where the public value shall be stored.
(out) ValuePtr

76 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

E_OK: Request successful

E_NOT_OK: Request failed
Std_- CRYPTO_E_BUSY: Request failed, Crypto Driver Object is busy
Return value Return- CRYPTO_E_KEY_NOT_VALID: Request failed, the key's state is
Type "invalid"
CRYPTO_E_KEY_EMPTY: Request failed because of uninitialized
source key element

Calculates the public value of the current user for the key exchange and stores the
Description
public key in the memory location pointed by the public value pointer.

Available via Csm.h

⌋(SRS_CrytptoStack_00028)

[SWS_Csm_01020] ⌈ If no errors are detected by Csm, the service

Csm_KeyExchangeCalcPubVal() shall call
CryIf_KeyExchangeCalcPubVal().
⌋()

8.3.8.7.2 Csm_KeyExchangeCalcSecret
[SWS_Csm_00967]⌈
Service
Csm_KeyExchangeCalcSecret
Name

Std_ReturnType Csm_KeyExchangeCalcSecret (
uint32 keyId,
Syntax const uint8* partnerPublicValuePtr,
uint32 partnerPublicValueLength
)

Service ID
0x6d
[hex]

Sync/Async Synchronous

Reentrancy Reentrant but not for same keyId

Holds the identifier of the key which shall be used for the
keyId
key exchange protocol.

Parameters Holds the pointer to the memory location which contains the
partnerPublicValuePtr
(in) partner's public value.

partnerPublicValue
Contains the length of the partner's public value in bytes.
Length

Parameters
None
(inout)

Parameters
None
(out)

E_OK: Request successful

E_NOT_OK: Request failed
Return value Std_ReturnType
CRYPTO_E_BUSY: Request failed, Crypto Driver Object is
busy
77 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager
 Specification of Crypto Service Manager
AUTOSAR CP R20-11

CRYPTO_E_KEY_NOT_VALID: Request failed, the key's

state is "invalid"
CRYPTO_E_KEY_EMPTY: Request failed because of
uninitialized source key element

Calculates the shared secret key for the key exchange with the key material of the
Description key identified by the keyId and the partner public key. The shared secret key is
stored as a key element in the same key.

Available via Csm.h

⌋(SRS_CrytptoStack_00028)

[SWS_Csm_01006] ⌈ If no errors are detected by Csm, the service

Csm_KeyExchangeCalcSecret() shall call
CryIf_KeyExchangeCalcSecret().
⌋()

8.3.9 Cryptographic Primitives and Schemes

The keyId configured in the Job is only used to determine which driver objects needs
to be used for the specific JobKeyPrimitive operation.

8.3.9.1 Csm_JobKeySetValid

[SWS_Csm_91027]⌈
Service Name Csm_JobKeySetValid

Std_ReturnType Csm_JobKeySetValid (
uint32 jobId,
Syntax
uint32 keyId
)

Service ID [hex] 0x7a

Sync/Async Sync or Async, depending on the job configuration

Reentrancy Reentrant

jobId Holds the identifier of the job using the CSM service.
Parameters (in)
Holds the identifier of the key for which a new material shall be
keyId
validated.

Parameters
None
(inout)

Parameters (out) None

E_OK: Request successful

Std_Return- E_NOT_OK: Request failed
Return value
Type CRYPTO_E_BUSY: Request failed, Crypro Driver Object is
busy

78 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Stores the key if necessary and sets the key state of the key identified by keyId
Description
to valid.

Available via Csm.h

⌋()

8.3.9.2 Csm_JobKeySetInvalid

[SWS_Csm_91002]⌈
Service Name Csm_JobKeySetInvalid

Std_ReturnType Csm_JobKeySetInvalid (
uint32 jobId,
Syntax uint32 keyId
)

Service ID
0x84
[hex]

Sync/Async Synchronous or Async, depending on the job configuration

Reentrancy Reentrant

jobId Holds the identifier of the job using the CSM service.
Parameters (in)
keyId Holds the identifier of the key which shall be invalidated.

Parameters
None
(inout)

Parameters
None
(out)

E_OK: Request successful

E_NOT_OK: Request failed
Return value Std_ReturnType
CRYPTO_E_BUSY: Request failed, Crypro Driver Object is
busy

Sets the key status to invalid. The key cannot be used any longer for cryptographic
Description
operations until it has been set to valid state again.

Available via Csm.h

⌋()

8.3.9.3 Csm_JobRandomSeed

[SWS_Csm_91028]⌈
Service Name Csm_JobRandomSeed

Std_ReturnType Csm_JobRandomSeed (
uint32 jobId,
Syntax
uint32 keyId,
const uint8* seedPtr,

79 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

uint32 seedLength
)

Service ID [hex] 0x7b

Sync/Async Synchronous or Async, depending on the job configuration

Reentrancy Reentrant

jobId Holds the identifier of the job using the CSM service.

Holds the identifier of the key for which a new seed shall be
keyId
generated.
Parameters (in)
Holds a pointer to the memory location which contains the data
seedPtr
to feed the seed.

seedLength Contains the length of the seed in bytes.

Parameters
None
(inout)

Parameters (out) None

E_OK: Request successful

E_NOT_OK: Request failed
Std_Return-
Return value CRYPTO_E_BUSY: Request failed, service is still busy
Type
CRYPTO_E_KEY_NOT_VALID: Request failed, the key's state
is "invalid"

Provides a new seed for the specified key that is used for an associated random
Description
number generator.

Available via Csm.h

⌋()

Note: The provided key Id(s) shall be transformed from CsmKeyId’s to CryIfKeyId’s.

8.3.9.4 Csm_JobKeyGenerate

[SWS_Csm_91029]⌈
Service Name Csm_JobKeyGenerate

Std_ReturnType Csm_JobKeyGenerate (
uint32 jobId,
Syntax
uint32 keyId
)

Service ID [hex] 0x7c

Sync/Async Synchronous or Async, depending on the job configuration

Reentrancy Reentrant

Parameters (in) jobId Holds the identifier of the job using the CSM service.

80 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Holds the identifier of the key for which a new material shall be
keyId
generated.

Parameters
None
(inout)

Parameters
None
(out)

E_OK: Request successful

E_NOT_OK: Request failed
CRYPTO_E_BUSY: Request failed, service is still busy
Std_Return-
Return value CRYPTO_E_KEY_NOT_VALID: Request failed, the key's state
Type
is "invalid"
CRYPTO_E_KEY_EMPTY: Request failed because of
uninitialized source key element

Description Generates new key material and stores it in the key identified by keyId.

Available via Csm.h

⌋()

Note: The provided key Id(s) shall be transformed from CsmKeyId’s to CryIfKeyId’s.

8.3.9.5 Csm_JobKeyDerive

[SWS_Csm_91030]⌈
Service
Csm_JobKeyDerive
Name

Std_ReturnType Csm_JobKeyDerive (
uint32 jobId,
Syntax uint32 keyId,
uint32 targetKeyId
)

Service ID
0x7d
[hex]

Sync/Async Synchronous or Async, depending on the job configuration

Reentrancy Reentrant

jobId Holds the identifier of the job using the CSM service.

Parameters keyId Holds the identifier of the key which is used for key derivation.
(in)
Holds the identifier of the key which is used to store the derived
targetKeyId
key.

Parameters
None
(inout)

Parameters
None
(out)

81 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

E_OK: Request successful

E_NOT_OK: Request failed
CRYPTO_E_BUSY: Request failed, service is still busy
CRYPTO_E_KEY_READ_FAIL: Request failed, not allowed to
extract key element
CRYPTO_E_KEY_WRITE_FAIL: Request failed, not allowed to
Std_Return-
Return value write key element
Type
CRYPTO_E_KEY_NOT_VALID: Request failed, the key's state is
"invalid"
CRYPTO_E_KEY_SIZE_MISMATCH: Request failed, key
element sizes are not compatible
CRYPTO_E_KEY_EMPTY: Request failed because of
uninitialized source key element

Derives a new key by using the key elements in the given key identified by the keyId.
Description The given key contains the key elements for the password and salt. The derived key
is stored in the key element with the id 1 of the key identified by targetCryptoKeyId.

Available via Csm.h

⌋()

Note: The provided key Id(s) shall be transformed from CsmKeyId’s to CryIfKeyId’s.

8.3.9.6 Csm_JobKeyExchangeCalcPubVal

[SWS_Csm_91031]⌈
Service
Csm_JobKeyExchangeCalcPubVal
Name

Std_ReturnType Csm_JobKeyExchangeCalcPubVal (
uint32 jobId,
uint32 keyId,
Syntax uint8* publicValuePtr,
uint32* publicValueLengthPtr
)

Service ID
0x7e
[hex]

Sync/Async Synchronous or Async, depending on the job configuration

Reentrancy Reentrant

jobId Holds the identifier of the job using the CSM service.
Parameters
(in) Holds the identifier of the key which shall be used for the key exchange
keyId
protocol.

Holds a pointer to the memory location in which the public value length
public information is stored. On calling this function, this parameter shall
Parameters
Value contain the size of the buffer provided by publicValuePtr. When the
(inout)
LengthPtr request has finished, the actual length of the returned value shall be
stored.

Parameters public
Contains the pointer to the data where the public value shall be stored.
(out) ValuePtr

82 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

E_OK: Request successful

E_NOT_OK: Request failed
Std_- CRYPTO_E_BUSY: Request failed, service is still busy
Return value Return- CRYPTO_E_KEY_NOT_VALID: Request failed, the key's state is
Type "invalid"
CRYPTO_E_KEY_EMPTY: Request failed because of uninitialized
source key element

Calculates the public value of the current user for the key exchange and stores the
Description
public key in the memory location pointed by the public value pointer.

Available via Csm.h

⌋()

Note: The provided key Id(s) shall be transformed from CsmKeyId’s to CryIfKeyId’s.

8.3.9.7 Csm_JobKeyExchangeCalcSecret

[SWS_Csm_91032]⌈
Service
Csm_JobKeyExchangeCalcSecret
Name

Std_ReturnType Csm_JobKeyExchangeCalcSecret (
uint32 jobId,
uint32 keyId,
Syntax const uint8* partnerPublicValuePtr,
uint32 partnerPublicValueLength
)

Service ID
0x7f
[hex]

Sync/Async Synchronous or Async, depending on the job configuration

Reentrancy Reentrant

jobId Holds the identifier of the job using the CSM service.

Holds the identifier of the key which shall be used for the
keyId
key exchange protocol.
Parameters
(in) Holds the pointer to the memory location which contains the
partnerPublicValuePtr
partner's public value.

partnerPublicValue
Contains the length of the partner's public value in bytes.
Length

Parameters
None
(inout)

Parameters
None
(out)

E_OK: Request successful

Return value Std_ReturnType
E_NOT_OK: Request failed

83 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

CRYPTO_E_BUSY: Request failed, service is still busy

CRYPTO_E_KEY_NOT_VALID: Request failed, the key's
state is "invalid"
CRYPTO_E_KEY_EMPTY: Request failed because of
uninitialized source key element

Calculates the shared secret key for the key exchange with the key material of the
Description key identified by the keyId and the partner public key. The shared secret key is
stored as a key element in the same key.

Available via Csm.h

⌋()

Note: The provided key Id(s) shall be transformed from CsmKeyId’s to CryIfKeyId’s.

8.3.10 Context Save and Restore

8.3.10.1 Csm_SaveContextJob

[SWS_Csm_91063]⌈
Service
Csm_SaveContextJob
Name

Std_ReturnType Csm_SaveContextJob (
uint32 jobId,
Syntax uint8* contextBufferPtr,
uint32* contextBufferLengthPtr
)

Service ID
0x86
[hex]

Sync/Async Synchronous or asynchronous depending on the job configuration

Reentrancy Reentrant

Parameters
jobId Holds the identifier of the job using the CSM service.
(in)

Pointer to the buffer, where the length value is located. As input data it
context
Parameters provides the maximum length of data available in contextBufferPtr. As
Buffer
(inout) output data it provides the actual length of data located in context
LengthPtr
BufferPtr (or 0 in case of a failure)

Parameters context Pointer to the buffer in the application where the context data shall be
(out) BufferPtr stored to.

Std_- E_OK: Context data successfully provided.

Return value Return- E_NOT_OK: Context data could not be provided; values are not valid.
Type CRYPTO_E_BUSY: Request failed, service is still busy

The Crypto Driver stores the internal context of the respective crypto operation to the
Description
contextBuffer.

Available via Csm.h

84 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

⌋()

[SWS_Csm_91067] ⌈ If Csm_SaveContextJob() is called and the job is active,

CSM shall put contextBufferPtr to
job.PrimitiveInputOutput.outputPtr and contextOutputLengthPtr into
job.PrimitiveInputOutput.outputLengthPtr, set job-
>jobPrimitiveInputOutput->mode to
CRYPTO_OPERATIONMODE_SAVE_CONTEXT and call CryIf_ProcessJob() with
the corresponding ChannelId of this job and a pointer to the job itself. Any return
value from this function call shall be provided back to the application.
⌋ ()

8.3.10.2 Csm_RestoreContextJob

[SWS_Csm_91064]⌈
Service Name Csm_RestoreContextJob

Std_ReturnType Csm_RestoreContextJob (
uint32 jobId,
Syntax uint8* contextBufferPtr,
uint32 contextBufferLength
)

Service ID
0x87
[hex]

Sync/Async Synchronous or asynchronous depending on the job configuration

Reentrancy Reentrant

Holds the identifier of the job where context shall be

jobId
requested from.

Parameters Pointer to the buffer, where the context data are located that
contextBufferPtr
(in) shall be restored.

contextBuffer Provides the length of context data that are located in context
Length BufferPtr.

Parameters
None
(inout)

Parameters
None
(out)

E_OK: Context data successfully restored.

Return value Std_ReturnType E_NOT_OK: Context data could not be restored.
CRYPTO_E_BUSY: Request failed, service is still busy

The Crypto Driver extracts the context data from the contextBuffer and restores the
Description internal state so that further crypto operation of this crypto service will continue at
the exact point when the context was taken.

Available via Csm.h

85 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

⌋()

[SWS_Csm_91068] ⌈ If Csm_RestoreContextJob () is called and the job is

active, CSM shall put contextBufferPtr into
job.PrimitiveInputOutput.inputPtr and contextBufferLength into
job.PrimitiveInputOutput.inputLength, set job-
>jobPrimitiveInputOutput->mode to
CRYPTO_OPERATIONMODE_RESTORE_CONTEXT and call CryIf_ProcessJob()
with the corresponding ChannelId of this job and a pointer to the job itself. Any
return value from this function call shall be provided back to the application.
⌋ ()

8.3.11 Job Cancellation Interface

8.3.11.1 Csm_CancelJob

[SWS_Csm_00968]⌈
Service Name Csm_CancelJob

Std_ReturnType Csm_CancelJob (
uint32 job,
Syntax
Crypto_OperationModeType mode
)

Service ID
0x6f
[hex]

Sync/Async Synchronous

Reentrancy Non Reentrant

job Holds the identifier of the job to be canceled

Parameters
(in)
mode Not used, just for interface compatibility provided.

Parameters
None
(inout)

Parameters
None
(out)

E_OK: Request successful. Job removed from any queue and

potentially from crypto driver hardware.
Std_-
E_NOT_OK: Request failed
Return value Return-
CRYPTO_E_JOB_CANCELED: Immediate cancelation not possible.
Type
The cancelation will be done at next suitable processing step and
notified via a negative job's closing callback.

Description Cancels the job processing from asynchronous or streaming jobs.

Available via Csm.h

⌋()
86 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager
 Specification of Crypto Service Manager
AUTOSAR CP R20-11

[SWS_Csm_01086] ⌈ If development error detection for the CSM is enabled: The

function Csm_CancelJob() shall raise the error CSM_E_PROCESSING_MODE and
return E_NOT_OK if the Csm_CancelJob() is called for a synchronous job.
⌋()

[SWS_Csm_01021] ⌈ The Csm shall remove the job from its own queue or call
CryIf_CancelJob() to cancel a potential job in the driver.⌋ ( )

[SWS_Csm_01030] ⌈ In case the CryIf_CancelJob() returns E_OK, the job's

closing callback CallbackNotification shall be called with a result value of
CRYPTO_E_JOB_CANCELED.
⌋()

[SWS_Csm_01087] ⌈In case the CryIf_CancelJob() returns

CRYPTO_E_JOB_CANCELED (i.e. the job was not instantly cancled) the CSM shall
postpone the call of the job's closing callback until the next call of
Csm_CallbackNotification(). The result of the job's closing callback shall be
CRYPTO_E_JOB_CANCELED.
⌋()

Note: In case the crypto driver does not support an instant cancelation of the job, the
application need to wait for the job's closing callback to free the buffers. The crypto
driver could potentially still write to the output buffer(s).

8.3.12 Callback Notifications

8.3.12.1 Csm_CallbackNotification

[SWS_Csm_00970]⌈
Service Name Csm_CallbackNotification

void Csm_CallbackNotification (
Crypto_JobType* job,
Syntax Crypto_ResultType result
)

Service ID [hex] 0x70

Sync/Async Synchronous

Reentrancy Reentrant

job Holds a pointer to the job, which has finished.

Parameters (in)
result Contains the result of the cryptographic operation.

Parameters
None
(inout)

Parameters (out) None

87 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Return value None

Notifies the CSM that a job has finished. This function is used by the underlying
Description
layer (CRYIF).

Available via Csm.h

⌋(SRS_BSW_00359, SRS_BSW_00360)

[SWS_Csm_01044]⌈If the CRYPTO_OPERATIONMODE_FINISH bit is set in job-

>jobPrimitiveInputOutput.mode, the Csm_CallbackNotification shall
call the configured callback function.
⌋()

[SWS_Csm_91017]⌈If the CRYPTO_OPERATIONMODE_FINISH bit is set in job-

>jobPrimitiveInputOutput.mode and CsmProcessingMode is set to
CRYPTO_PROCESSING_ASYNC and CsmJobInterfaceUsePort is set to
CRYPTO_USE_PORT_OPTIMIZED, the CSM shall trigger CallbackNotification service.
⌋()

8.3.13 Scheduled functions

8.3.13.1 Csm_MainFunction

[SWS_Csm_00479]⌈
Service
Csm_MainFunction
Name

void Csm_MainFunction (
Syntax void
)

Service ID
0x01
[hex]

API to be called cyclically to process the requested jobs. The Csm_MainFunction

shall check the queues for jobs to pass to the underlying CRYIF. Per configured Csm
Description MainFunction instance one Csm_MainFunction_<shortName> shall be implemented.
Hereby <shortName> is the short name of the CsmMainFunction configuration
container in the ECU configuration.

Available
SchM_Csm.h
via

⌋(SRS_BSW_00373, SRS_BSW_00432)

88 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

8.4 Expected Interfaces

8.4.1 Interfaces to Standard Software Modules

8.4.2 Mandatory Interfaces

[SWS_Csm_91100]⌈
Header
API Function Description
File

This interface dispatches the job cancellation function to the

CryIf_CancelJob CryIf.h
configured crypto driver object.

This function shall copy all key elements from the source key to a
CryIf_KeyCopy CryIf.h
target key.

CryIf_Key-
CryIf.h This function shall copy a key elements from one key to a target key.
ElementCopy

CryIf_Key- Copies a key element to another key element. The keyElementOffsets

ElementCopy- CryIf.h and keyElementCopyLength allows to copy just parts of the source
Partial key element into the destination key element.

CryIf_Key- This function shall dispatch the get key element function to the
CryIf.h
ElementGet configured crypto driver object.

CryIf_Key- This function shall dispatch the set key element function to the
CryIf.h
ElementSet configured crypto driver object.

CryIf_Key-
This function shall dispatch the key exchange common shared secret
ExchangeCalc- CryIf.h
calculation function to the configured crypto driver object.
Secret

CryIf_Key- This function shall dispatch the key generate function to the
CryIf.h
Generate configured crypto driver object.

CryIf_KeySet- This function shall dispatch the set key valid function to the configured
CryIf.h
Valid crypto driver object.

CryIf_Process- This interface dispatches the received jobs to the configured crypto
CryIf.h
Job driver object.

CryIf_Random- This function shall dispatch the random seed function to the
CryIf.h
Seed configured crypto driver object.

Det_Report- Service to report runtime errors. If a callout has been configured then
Det.h
RuntimeError this callout shall be called.

⌋()

8.4.3 Optional Interfaces

[SWS_Csm_91101]⌈
API Function Header File Description
89 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager
 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Det_ReportError Det.h Service to report development errors.

⌋()

8.4.4 Configurable interfaces

8.4.4.1 <Csm_ApplicationCallbackNotification>

[SWS_Csm_00971]⌈
Service Name <Csm_ApplicationCallbackNotification>

void <Csm_ApplicationCallbackNotification> (
uint32 jobId,
Syntax
Crypto_ResultType result
)

Service ID
0x82
[hex]

Sync/Async Synchronous

Reentrancy Reentrant

jobId JobID of the operation that caused the callback

Parameters
(in)
result Contains the result of the cryptographic operation.

Parameters
None
(inout)

Parameters
None
(out)

Return value None

CSM notifies the application that a job has finished. The function name is
Description configurable. The function name itself is derived from "{CsmJob/CsmJobPrimitive
CallbackRef}/CsmCallbackFunc".

Available via Csm.h

⌋(SRS_BSW_00359, SRS_BSW_00360)

[SWS_Csm_01090] ⌈ Csm_ApplicationCallbackNotification shall be called

once at the end when an asynchronous job's call has been finished, i.e. the given
operation mode has been completely processed, the job has been aborted due to an
error or the the job has been cancelled. Thus, if a job's call processed multiple
operation modes, i.e. CRYPTO_OPERATIONMODE_STREAMSTART or
CRYPTO_OPERATIONMODE_SINGLECALL,
Csm_ApplicationCallbackNotification is called only once.
⌋()
90 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager
 Specification of Crypto Service Manager
AUTOSAR CP R20-11

[SWS_Csm_01095] ⌈ The CSM shall call the application callback function if the
following condition is met:
({ecuc(Csm/CsmJobs/CsmJob.CsmProcessingMode)} == CRYPTO_PROCESSING_ASYN) &&
(CsmJob/CsmJobInterfaceUsePort == CRYPTO_USE_FNC) &&
(CsmJob/CsmJobPrimitiveCallbackRef != 0)
For the service interface the callback service shall be called if the asynchronous
processing is configured:
({ecuc(Csm/CsmJobs/CsmJob.CsmProcessingMode)} == CRYPTO_PROCESSING_ASYN) &&
(CsmJob/CsmJobInterfaceUsePort != CRYPTO_USE_FNC)
⌋()

8.5 Service Interface

This chapter is an addition to the specification of the Csm module. Whereas the other
parts of the specification define the behavior and the C-interfaces of the
corresponding basic software module, this chapter formally specifies the
corresponding AUTOSAR service in terms of the SWC template. The interfaces
described here will be visible on the VFB and are used to generate the RTE between
application software and the Csm module.

8.5.1 Client-Server-Interfaces

8.5.1.1 CsmKeyManagement_{Key}

[SWS_Csm_01905]⌈
Name CsmKeyManagement_{Key}

Comment Interface to execute the key management functions.

IsService true

({ecuc(Csm/CsmKeys/CsmKey.CsmKeyUsePort)} == TRUE)
Variation
Key = {ecuc(Csm/CsmKeys/CsmKey.SHORT-NAME)}

0 E_OK Operation successful

1 E_NOT_OK Operation failed

2 CRYPTO_E_BUSY Request failed, service is still busy.

Possible CRYPTO_E_KEY_ The service request failed because read access was
6
Errors READ_FAIL denied.

CRYPTO_E_KEY_ The service request failed because write access was

7
WRITE_FAIL denied.

CRYPTO_E_KEY_ The service request failed because the key is not

8
NOT_AVAILABLE available.

91 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

CRYPTO_E_KEY_
9 Request failed, the key is not valid.
NOT_VALID

Request failed because the key element is not partially

CRYPTO_E_KEY_
10 accessible and the provided key element length is too
SIZE_MISMATCH
short or too long for that key element.

CRYPTO_E_KEY_ The service request failed because of uninitialized source

13
EMPTY key element.

Operation KeyCopy

Comment This function shall copy all key elements from the source key to a target key.

Variation --

targetKeyId

Type uint32

Direction IN
Parameters
Holds the identifier of the key whose key element shall be the
Comment
destination element.

Variation --

E_OK
E_NOT_OK
CRYPTO_E_BUSY
Possible CRYPTO_E_KEY_READ_FAIL
Errors CRYPTO_E_KEY_WRITE_FAIL
CRYPTO_E_KEY_NOT_AVAILABLE
CRYPTO_E_KEY_SIZE_MISMATCH
CRYPTO_E_KEY_EMPTY

Operation KeyDerive

Derives a new key by using the key elements in the given key. The given key
Comment contains the key elements for the password and salt. The derived key is stored in the
key element with the id 1 of the key identified by targetCryptoKeyId.

Variation --

targetKeyId

Type uint32

Direction IN
Parameters
Holds the identifier of the key which is used to store the derived
Comment
key.

Variation --

E_OK
Possible
E_NOT_OK
Errors
CRYPTO_E_BUSY

92 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

CRYPTO_E_KEY_READ_FAIL
CRYPTO_E_KEY_WRITE_FAIL
CRYPTO_E_KEY_NOT_VALID
CRYPTO_E_KEY_SIZE_MISMATCH
CRYPTO_E_KEY_EMPTY

Operation KeyElementCopy

Comment This function shall copy a key elements from one key to a target key

Variation --

keyElementId

Type uint32

Direction IN

Holds the identifier of the key element which shall be the source for the
Comment
copy operation.

Variation --

targetKeyId

Type uint32

Direction IN
Parameters
Holds the identifier of the key whose key element shall be the
Comment
destination element.

Variation --

targetKeyElementId

Type uint32

Direction IN

Holds the identifier of the key element which shall be the destination
Comment
for the copy operation.

Variation --

E_OK
E_NOT_OK
CRYPTO_E_BUSY
Possible CRYPTO_E_KEY_READ_FAIL
Errors CRYPTO_E_KEY_WRITE_FAIL
CRYPTO_E_KEY_NOT_AVAILABLE
CRYPTO_E_KEY_SIZE_MISMATCH
CRYPTO_E_KEY_EMPTY

Operation KeyElementCopyPartial

This function shall copy parts of a a key elements from one key to parts of a target
Comment
key element of a target key.

93 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Variation --

keyElementId

Type uint32

Direction IN

Holds the identifier of the key element which shall be the source for the
Comment
copy operation.

Variation --

keyElementSourceOffset

Type uint32

Direction IN

This is the offset of the source key element indicating the start index of
Comment
the copy operation.

Variation --

keyElementTargetOffset

Type uint32

Direction IN

This is the offset of the destination key element indicating the start
Comment
Parameters index of the copy operation.

Variation --

keyElementCopyLength

Type uint32

Direction IN

Comment Specifies the number of bytes that shall be copied.

Variation --

targetKeyId

Type uint32

Direction IN

Holds the identifier of the key whose key element shall be the
Comment
destination element.

Variation --

targetKeyElementId

Type uint32

Direction IN

94 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Holds the identifier of the key element which shall be the destination
Comment
for the copy operation.

Variation --

E_OK
E_NOT_OK
CRYPTO_E_BUSY
Possible CRYPTO_E_KEY_READ_FAIL
Errors CRYPTO_E_KEY_WRITE_FAIL
CRYPTO_E_KEY_NOT_AVAILABLE
CRYPTO_E_KEY_SIZE_MISMATCH
CRYPTO_E_KEY_EMPTY

Operation KeyElementGet

Retrieves the key element bytes from a specific key element of the key and stores
Comment
the key element in the provided buffer.

Variation --

keyElementId

Type uint32

Direction IN

Comment Holds the identifier of the key element to be read.

Variation --

keyElement

Type Csm_KeyDataType_{Crypto}

Parameters Direction OUT

Comment Holds the data to the key element bytes to be written.

Variation --

keyElementLength

Type uint32

Direction INOUT

Comment Contains the number of key element bytes.

Variation --

E_OK
E_NOT_OK
Possible CRYPTO_E_BUSY
Errors CRYPTO_E_KEY_READ_FAIL
CRYPTO_E_KEY_NOT_AVAILABLE
CRYPTO_E_KEY_EMPTY

95 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Operation KeyElementSet

Comment Sets the given key element bytes to the key.

Variation --

keyElementId

Type uint32

Direction IN

Comment Holds the identifier of the key element to be written.

Variation --

keyElement

Type Csm_KeyDataType_{Crypto}

Parameters Direction IN

Comment Holds the data to the key element bytes to be processed.

Variation --

keyElementLength

Type uint32

Direction IN

Comment Contains the number of key element bytes.

Variation --

E_OK
E_NOT_OK
CRYPTO_E_BUSY
Possible Errors
CRYPTO_E_KEY_WRITE_FAIL
CRYPTO_E_KEY_NOT_AVAILABLE
CRYPTO_E_KEY_SIZE_MISMATCH

Operation KeyExchangeCalcPubVal

Calculates the public value of the current user for the key exchange and stores the
Comment
public key in the provided buffer

Variation --

publicValue

Type Csm_KeyDataType_{Crypto}

Direction OUT
Parameters
Contains the pointer to the memory location where the public value shall
Comment
be stored.

Variation --
96 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager
 Specification of Crypto Service Manager
AUTOSAR CP R20-11

publicValueLength

Type uint32

Direction INOUT

Holds a pointer to the memory location in which the public value length in
bytes is stored. On calling this function, this parameter shall contain the
Comment
size of the buffer in bytes provided by publicValuePtr. When the request
has finished, the actual length of the returned value shall be stored.

Variation --

E_OK
E_NOT_OK
Possible
CRYPTO_E_BUSY
Errors
CRYPTO_E_KEY_NOT_VALID
CRYPTO_E_KEY_EMPTY

Operation KeyExchangeCalcSecret

Calculates the shared secret key for the key exchange with the key material of the
Comment key identified by the keyId and the partner public key. The shared secret key is
stored as a key element in the same key.

Variation --

partnerPublicValue

Type Csm_KeyDataType_{Crypto}

Direction IN

Holds the pointer to the memory location containing the partner's

Comment
public value

Variation --
Parameters
partnerPublicValueLength

Type uint32

Direction IN

Comment Contains the number of bytes of the partner pulic value

Variation --

E_OK
E_NOT_OK
Possible
CRYPTO_E_BUSY
Errors
CRYPTO_E_KEY_NOT_VALID
CRYPTO_E_KEY_EMPTY

Operation KeyGenerate

Comment Generates new key material and store it in the key identified by keyId.

97 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Variation --

E_OK
E_NOT_OK
Possible Errors CRYPTO_E_BUSY
CRYPTO_E_KEY_NOT_VALID
CRYPTO_E_KEY_EMPTY

Operation KeyGetStatus

Comment Returns the key state of the key identified by keyId.

Variation --

keyStatusPtr

Type Crypto_KeyStatusType

Parameters Direction OUT

Comment Holds the status of the key referenced by the port.

Variation --

E_OK
Possible Errors
E_NOT_OK

Operation KeySetInvalid

Comment Operation to set the status of the key to invalid.

Variation --

E_OK
Possible Errors E_NOT_OK
CRYPTO_E_BUSY

Operation KeySetValid

Comment Sets the given key element bytes to the key.

Variation --

E_OK
Possible Errors E_NOT_OK
CRYPTO_E_BUSY

Operation RandomSeed

Comment Feeds the key element CRYPTO_KE_RANDOM_SEED with a random seed.

Variation --

seed
Parameters
Type Csm_KeyDataType_{Crypto}
98 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager
 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Direction IN

Comment Holds the data which shall be used for the random seed initialization.

Variation --

seedLength

Type uint32

Direction IN

Comment Contains the length of the seed in bytes.

Variation --

E_OK
E_NOT_OK
Possible Errors CRYPTO_E_BUSY
CRYPTO_E_KEY_NOT_VALID
CRYPTO_E_KEY_EMPTY

⌋(SRS_Csm_00066)

8.5.1.2 CsmHash_{PrimitiveCfg}

[SWS_Csm_00946]⌈
Name CsmHash_{PrimitiveCfg}

Comment Synchronous processing interface to execute the hash calculation.

IsService true

Primitive = {ecuc(Csm/CsmPrimitives.SHORT-NAME)}
Variation PrimitiveCfg = {ecuc(Csm/CsmPrimitives/{Primitive}/{Primitive}Config.SHORT-
NAME)}

0 E_OK Operation successful

Possible
1 E_NOT_OK Operation failed
Errors
2 CRYPTO_E_BUSY Request failed, service is still busy.

Operation Hash

Comment Streaming approach of the hash calculation.

Variation --

data

Type Csm_HashDataType_{Crypto}
Parameters
Direction IN

Comment Contains the data to be hashed.

99 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Variation Crypto = {ecuc/Csm/CsmPrimitives.SHORT-NAME}

dataLength

Type uint32

Direction IN

Comment Contains the length in bytes of the data to be hashed.

Variation --

result

Type Csm_HashResultType_{Crypto}

Direction OUT

Comment Contains the data of the hash.

Variation Crypto = {ecuc/Csm/CsmPrimitives.SHORT-NAME}

resultLength

Type uint32

Direction INOUT

Comment Contains the length in bytes of the hash.

Variation --

E_OK
Possible Errors E_NOT_OK
CRYPTO_E_BUSY

⌋(SRS_CryptoStack_00090)

8.5.1.3 CsmMacGenerate_{PrimitiveCfg}

[SWS_Csm_09000]⌈
Name CsmMacGenerate_{PrimitiveCfg}

Comment Synchronous processing interface to execute the MAC generation.

IsService true

Primitive = {ecuc(Csm/CsmPrimitives.SHORT-NAME)}
Variation
PrimitiveCfg = {ecuc(Csm/CsmPrimitives/{Primitive}/{Primitive}Config.SHORT-NAME)}

0 E_OK Operation successful

1 E_NOT_OK Operation failed

Possible
Errors 2 CRYPTO_E_BUSY Request failed, service is still busy.

CRYPTO_E_KEY_
9 Request failed, the key is not valid.
NOT_VALID

100 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Request failed because the key element is not partially

CRYPTO_E_KEY_
10 accessible and the provided key element length is too
SIZE_MISMATCH
short or too long for that key element.

CRYPTO_E_KEY_ The service request failed because of uninitialized

13
EMPTY source key element.

Operation MacGenerate

Uses the given data to perform a MAC generation and stores the MAC in the
Comment
memory location pointed to by the MAC pointer.

Variation --

data

Type Csm_MacGenerateDataType_{Crypto}

Direction IN

Comment Contains the data from which a MAC shall be generated of.

Variation Crypto = {ecuc/Csm/CsmPrimitives.SHORT-NAME}

dataLength

Type uint32

Direction IN

Contains the length in bytes of the data from which a MAC shall be
Comment
generated of.

Variation --
Parameters
mac

Type Csm_MacGenerateResultType_{Crypto}

Direction OUT

Comment Contains the data of the MAC.

Variation Crypto = {ecuc/Csm/CsmPrimitives.SHORT-NAME}

macLength

Type uint32

Direction INOUT

Comment Contains the length in bytes of the MAC.

Variation --

E_OK
Possible E_NOT_OK
Errors CRYPTO_E_BUSY
CRYPTO_E_KEY_NOT_VALID

101 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

CRYPTO_E_KEY_SIZE_MISMATCH
CRYPTO_E_KEY_EMPTY

⌋(SRS_CryptoStack_00090)

8.5.1.4 CsmMacVerify_{PrimitiveCfg}

[SWS_Csm_00936]⌈
Name CsmMacVerify_{PrimitiveCfg}

Comment Synchronous processing interface to execute the MAC verification.

IsService true

Primitive = {ecuc(Csm/CsmPrimitives.SHORT-NAME)}
Variation
PrimitiveCfg = {ecuc(Csm/CsmPrimitives/{Primitive}/{Primitive}Config.SHORT-NAME)}

0 E_OK Operation successful

1 E_NOT_OK Operation failed

2 CRYPTO_E_BUSY Request failed, service is still busy.

CRYPTO_E_KEY_
Possible 9 Request failed, the key is not valid.
NOT_VALID
Errors
Request failed because the key element is not partially
CRYPTO_E_KEY_
10 accessible and the provided key element length is too
SIZE_MISMATCH
short or too long for that key element.

CRYPTO_E_KEY_ The service request failed because of uninitialized

13
EMPTY source key element.

Operation MacVerify

Uses the given data to perform a MAC generation and stores the MAC in the
Comment
memory location pointed to by the MAC pointer.

Variation --

data

Type Csm_MacVerifyDataType_{Crypto}

Direction IN

Comment Contains the data from which a MAC shall be generated of.
Parameters
Variation Crypto = {ecuc/Csm/CsmPrimitives.SHORT-NAME}

dataLength

Type uint32

Direction IN

102 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Contains the length in bytes of the data for whichs MAC shall be
Comment
verified.

Variation --

mac

Type Csm_MacVerifyCompareType_{Crypto}

Direction IN

Comment Contains the MAC to be verified.

Variation Crypto = {ecuc/Csm/CsmPrimitives.SHORT-NAME}

macLength

Type uint32

Direction IN

Comment Contains the length in BITS of the MAC to be verified.

Variation --

verify

Type Crypto_VerifyResultType

Direction OUT

Comment Contains the verification result.

Variation --

E_OK
E_NOT_OK
Possible CRYPTO_E_BUSY
Errors CRYPTO_E_KEY_NOT_VALID
CRYPTO_E_KEY_SIZE_MISMATCH
CRYPTO_E_KEY_EMPTY

⌋(SRS_CryptoStack_00090)

8.5.1.5 CsmEncrypt_{PrimitiveCfg}

[SWS_Csm_00947]⌈
Name CsmEncrypt_{PrimitiveCfg}

Comment Synchronous processing interface to execute the encryption.

IsService true

Primitive = {ecuc(Csm/CsmPrimitives.SHORT-NAME)}
Variation
PrimitiveCfg = {ecuc(Csm/CsmPrimitives/{Primitive}/{Primitive}Config.SHORT-NAME)}

0 E_OK Operation successful

103 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

1 E_NOT_OK Operation failed

2 CRYPTO_E_BUSY Request failed, service is still busy.

CRYPTO_E_KEY_
9 Request failed, the key is not valid.
NOT_VALID
Possible
Errors
Request failed because the key element is not partially
CRYPTO_E_KEY_
10 accessible and the provided key element length is too
SIZE_MISMATCH
short or too long for that key element.

CRYPTO_E_KEY_ The service request failed because of uninitialized

13
EMPTY source key element.

Operation Encrypt

Encrypts the given data and store the ciphertext in the memory location pointed by
Comment
the result pointer.

Variation --

data

Type Csm_EncryptDataType_{Crypto}

Direction IN

Comment Contains the data to be encrypted.

Variation Crypto = {ecuc/Csm/CsmPrimitives.SHORT-NAME}

dataLength

Type uint32

Direction IN

Comment Contains the length in bytes of the data to be encrypted.

Variation --
Parameters
result

Type Csm_EncryptResultType_{Crypto}

Direction OUT

Comment Contains the data of the cipher.

Variation Crypto = {ecuc/Csm/CsmPrimitives.SHORT-NAME}

resultLength

Type uint32

Direction INOUT

Comment Contains the length in bytes of the cipher.

Variation --

104 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

E_OK
E_NOT_OK
Possible CRYPTO_E_BUSY
Errors CRYPTO_E_KEY_NOT_VALID
CRYPTO_E_KEY_SIZE_MISMATCH
CRYPTO_E_KEY_EMPTY

⌋(SRS_CryptoStack_00906)

8.5.1.6 CsmDecrypt_{PrimitiveCfg}

[SWS_Csm_01906]⌈
Name CsmDecrypt_{PrimitiveCfg}

Comment Synchronous processing interface to execute the decryption.

IsService true

Primitive = {ecuc(Csm/CsmPrimitives.SHORT-NAME)}
Variation
PrimitiveCfg = {ecuc(Csm/CsmPrimitives/{Primitive}/{Primitive}Config.SHORT-NAME)}

0 E_OK Operation successful

1 E_NOT_OK Operation failed

2 CRYPTO_E_BUSY Request failed, service is still busy.

CRYPTO_E_KEY_
Possible 9 Request failed, the key is not valid.
NOT_VALID
Errors
Request failed because the key element is not partially
CRYPTO_E_KEY_
10 accessible and the provided key element length is too
SIZE_MISMATCH
short or too long for that key element.

CRYPTO_E_KEY_ The service request failed because of uninitialized

13
EMPTY source key element.

Operation Decrypt

Comment Streaming approach of the decryption.

Variation --

data

Type Csm_DecryptDataType_{Crypto}

Direction IN

Parameters Comment Contains the data to be decrypted.

Variation Crypto = {ecuc/Csm/CsmPrimitives.SHORT-NAME}

dataLength

Type uint32

105 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Direction IN

Comment Contains the length in bytes of the data to be decrypted.

Variation --

result

Type Csm_DecryptResultType_{Crypto}

Direction OUT

Comment Contains the data of the decrypted plaintext.

Variation Crypto = {ecuc/Csm/CsmPrimitives.SHORT-NAME}

resultLength

Type uint32

Direction INOUT

Comment Contains the length in bytes of the decrypted plaintext.

Variation --

E_OK
E_NOT_OK
CRYPTO_E_BUSY
Possible Errors
CRYPTO_E_KEY_NOT_VALID
CRYPTO_E_KEY_SIZE_MISMATCH
CRYPTO_E_KEY_EMPTY

⌋(SRS_CryptoStack_00090)

8.5.1.7 CsmAEADEncrypt_{PrimitiveCfg}

[SWS_Csm_01910]⌈
Name CsmAEADEncrypt_{PrimitiveCfg}

Comment Synchronous processing interface to execute the AEAD encryption.

IsService true

Primitive = {ecuc(Csm/CsmPrimitives.SHORT-NAME)}
Variation
PrimitiveCfg = {ecuc(Csm/CsmPrimitives/{Primitive}/{Primitive}Config.SHORT-NAME)}

0 E_OK Operation successful

1 E_NOT_OK Operation failed

Possible
Errors 2 CRYPTO_E_BUSY Request failed, service is still busy.

CRYPTO_E_KEY_
9 Request failed, the key is not valid.
NOT_VALID

106 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Request failed because the key element is not partially

CRYPTO_E_KEY_
10 accessible and the provided key element length is too
SIZE_MISMATCH
short or too long for that key element.

CRYPTO_E_KEY_ The service request failed because of uninitialized

13
EMPTY source key element.

Operation AEADEncrypt

Comment Streaming approach of the AEAD encryption.

Variation --

plaintext

Type Csm_AEADEncryptPlaintextType_{Crypto}

Direction IN

Comment Contains the plaintext to be encrypted with AEAD.

Variation Crypto = {ecuc/Csm/CsmPrimitives.SHORT-NAME}

plaintextLength

Type uint32

Direction IN

This element Contains the length in bytes of the plaintext to be

Comment
encrypted with AEAD.

Variation --

associatedData

Parameters Type Csm_AEADEncryptAssociatedDataType_{Crypto}

Direction IN

Contains the data of the header (that is not part of the encryption but
Comment
authentication).

Variation Crypto = {ecuc/Csm/CsmPrimitives.SHORT-NAME}

associatedDataLength

Type uint32

Direction IN

Comment Contains the length in bytes of the data of the header.

Variation --

ciphertext

Type Csm_AEADEncryptCiphertextType_{Crypto}

Direction OUT

107 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Comment Contains the data of the AEAD cipher.

Variation Crypto = {ecuc/Csm/CsmPrimitives.SHORT-NAME}

ciphertextLength

Type uint32

Direction INOUT

Comment Contains the length in bytes of the data of the AEAD cipher.

Variation --

tag

Type Csm_AEADEncryptTagType_{Crypto}

Direction OUT

Comment Contains the data of the Tag.

Variation Crypto = {ecuc/Csm/CsmPrimitives.SHORT-NAME}

tagLength

Type uint32

Direction INOUT

Comment Contains the length in bytes of the data of the Tag.

Variation --

E_OK
E_NOT_OK
Possible CRYPTO_E_BUSY
Errors CRYPTO_E_KEY_NOT_VALID
CRYPTO_E_KEY_SIZE_MISMATCH
CRYPTO_E_KEY_EMPTY

⌋(SRS_CryptoStack_00090)

8.5.1.8 CsmAEADDecrypt_{PrimitiveCfg}

[SWS_Csm_01915]⌈
Name CsmAEADDecrypt_{PrimitiveCfg}

Comment Synchronous processing interface to execute the AEAD decryption.

IsService true

Primitive = {ecuc(Csm/CsmPrimitives.SHORT-NAME)}
Variation
PrimitiveCfg = {ecuc(Csm/CsmPrimitives/{Primitive}/{Primitive}Config.SHORT-NAME)}

0 E_OK Operation successful

Possible
Errors
1 E_NOT_OK Operation failed

108 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

2 CRYPTO_E_BUSY Request failed, service is still busy.

CRYPTO_E_KEY_
9 Request failed, the key is not valid.
NOT_VALID

Request failed because the key element is not partially

CRYPTO_E_KEY_
10 accessible and the provided key element length is too
SIZE_MISMATCH
short or too long for that key element.

CRYPTO_E_KEY_ The service request failed because of uninitialized

13
EMPTY source key element.

Operation AEADDecrypt

Comment Streaming approach of the AEAD decryption.

Variation --

ciphertext

Type Csm_AEADDecryptCiphertextType_{Crypto}

Direction IN

Comment Contains the ciphertext to be decrypted with AEAD.

Variation Crypto = {ecuc/Csm/CsmPrimitives.SHORT-NAME}

ciphertextLength

Type uint32

Direction IN

Contains the length in bytes of the ciphertext to be decrypted with

Comment
AEAD.

Variation --
Parameters
associatedData

Type Csm_AEADDecryptAssociatedDataType_{Crypto}

Direction IN

Contains the data of the header (that is not part of the encryption but
Comment
authentication) .

Variation Crypto = {ecuc/Csm/CsmPrimitives.SHORT-NAME}

associatedDataLength

Type uint32

Direction IN

Comment Contains the length in bytes of the data of the header.

Variation --

109 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

tag

Type Csm_AEADDecryptTagType_{Crypto}

Direction IN

Comment Contains the data of the Tag.

Variation Crypto = {ecuc/Csm/CsmPrimitives.SHORT-NAME}

tagLength

Type uint32

Direction IN

Comment Contains the length in BITS of the data of the Tag.

Variation --

plaintext

Type Csm_AEADDecryptPlaintextType_{Crypto}

Direction OUT

Comment Contains the data of the decrypted AEAD plaintext.

Variation Crypto = {ecuc/Csm/CsmPrimitives.SHORT-NAME}

plaintextLength

Type uint32

Direction INOUT

Contains the length in bytes of the data of the decrypted AEAD

Comment
plaintext.

Variation --

verify

Type Crypto_VerifyResultType

Direction OUT

Comment Contains the verification result.

Variation --

E_OK
E_NOT_OK
Possible CRYPTO_E_BUSY
Errors CRYPTO_E_KEY_NOT_VALID
CRYPTO_E_KEY_SIZE_MISMATCH
CRYPTO_E_KEY_EMPTY

⌋(SRS_CryptoStack_00090)

110 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

8.5.1.9 CsmSignatureGenerate_{PrimitiveCfg}

[SWS_Csm_00903]⌈
Name CsmSignatureGenerate_{PrimitiveCfg}

Comment Synchronous processing interface to generate a signature.

IsService true

Primitive = {ecuc(Csm/CsmPrimitives.SHORT-NAME)}
Variation
PrimitiveCfg = {ecuc(Csm/CsmPrimitives/{Primitive}/{Primitive}Config.SHORT-NAME)}

0 E_OK Operation successful

1 E_NOT_OK Operation failed

2 CRYPTO_E_BUSY Request failed, service is still busy.

CRYPTO_E_KEY_
Possible 9 Request failed, the key is not valid.
NOT_VALID
Errors
Request failed because the key element is not partially
CRYPTO_E_KEY_
10 accessible and the provided key element length is too
SIZE_MISMATCH
short or too long for that key element.

CRYPTO_E_KEY_ The service request failed because of uninitialized

13
EMPTY source key element.

Operation SignatureGenerate

Comment Streaming approach of the signature generation.

Variation --

data

Type Csm_SignatureGenerateDataType_{Crypto}

Direction IN

Comment Contains the data from which the signature shall be generated.

Variation Crypto = {ecuc/Csm/CsmPrimitives.SHORT-NAME}

dataLength
Parameters
Type uint32

Direction IN

Contains the length in bytes of the data from which the signature shall
Comment
be generated.

Variation --

signature

Type Csm_SignatureGenerateResultType_{Crypto}

111 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Direction OUT

Comment Contains the signature.

Variation Crypto = {ecuc/Csm/CsmPrimitives.SHORT-NAME}

signatureLength

Type uint32

Direction INOUT

Comment Contains the length in bytes of the signature.

Variation --

E_OK
E_NOT_OK
Possible CRYPTO_E_BUSY
Errors CRYPTO_E_KEY_NOT_VALID
CRYPTO_E_KEY_SIZE_MISMATCH
CRYPTO_E_KEY_EMPTY

⌋(SRS_CryptoStack_00090)

8.5.1.10 CsmSignatureVerify_{PrimitiveCfg}

[SWS_Csm_00943]⌈
Name CsmSignatureVerify_{PrimitiveCfg}

Comment Synchronous processing interface to execute the signature verification.

IsService true

Primitive = {ecuc(Csm/CsmPrimitives.SHORT-NAME)}
Variation
PrimitiveCfg = {ecuc(Csm/CsmPrimitives/{Primitive}/{Primitive}Config.SHORT-NAME)}

0 E_OK Operation successful

1 E_NOT_OK Operation failed

2 CRYPTO_E_BUSY Request failed, service is still busy.

CRYPTO_E_KEY_
Possible 9 Request failed, the key is not valid.
NOT_VALID
Errors
Request failed because the key element is not partially
CRYPTO_E_KEY_
10 accessible and the provided key element length is too
SIZE_MISMATCH
short or too long for that key element.

CRYPTO_E_KEY_ The service request failed because of uninitialized

13
EMPTY source key element.

Operation SignatureVerify

Comment Interface to verify a signature.

112 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Variation --

data

Type Csm_SignatureVerifyDataType_{Crypto}

Direction IN

Comment Contains the data for whichs signature shall be verified.

Variation Crypto = {ecuc/Csm/CsmPrimitives.SHORT-NAME}

dataLength

Type uint32

Direction IN

Contains the length in bytes of the data for whichs signature shall be
Comment
verified.

Variation --

signature

Type Csm_SignatureVerifyCompareType_{Crypto}
Parameters
Direction IN

Comment Contains the signature to be verified.

Variation Crypto = {ecuc/Csm/CsmPrimitives.SHORT-NAME}

signatureLength

Type uint32

Direction IN

Comment Contains the length in bytes of the signature to be verified.

Variation --

verify

Type Crypto_VerifyResultType

Direction OUT

Comment Contains the verification result.

Variation --

E_OK
E_NOT_OK
Possible CRYPTO_E_BUSY
Errors CRYPTO_E_KEY_NOT_VALID
CRYPTO_E_KEY_SIZE_MISMATCH
CRYPTO_E_KEY_EMPTY

⌋(SRS_CryptoStack_00090)
113 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager
 Specification of Crypto Service Manager
AUTOSAR CP R20-11

8.5.1.11 CsmRandomGenerate_{PrimitiveCfg}

[SWS_Csm_00902]⌈
Name CsmRandomGenerate_{PrimitiveCfg}

Comment Synchronous processing interface to execute the random number generation.

IsService true

Primitive = {ecuc(Csm/CsmPrimitives.SHORT-NAME)}
Variation PrimitiveCfg = {ecuc(Csm/CsmPrimitives/{Primitive}/{Primitive}Config.SHORT-
NAME)}

0 E_OK Operation successful

1 E_NOT_OK Operation failed

Possible
Errors 2 CRYPTO_E_BUSY Request failed, service is still busy.

CRYPTO_E_ENTROPY_ Request failed, entropy of random number

4
EXHAUSTED generator is exhausted.

Operation RandomGenerate

Comment Synchronous processing interface to execute the random number generation.

Variation --

result

Type Csm_RandomGenerateResultType_{Crypto}

Direction OUT

Comment Contains the random number

Variation Crypto = {ecuc/Csm/CsmPrimitives.SHORT-NAME}

Parameters
resultLength

Type uint32

Direction INOUT

Comment Contains the length in bytes of the data of random number.

Variation --

E_OK
E_NOT_OK
Possible Errors
CRYPTO_E_BUSY
CRYPTO_E_ENTROPY_EXHAUSTED

⌋(SRS_CryptoStack_00090)

114 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

8.5.2 Client-Server-Interfaces (DATA_REFERENCES)

8.5.2.1 CsmHash

[SWS_Csm_91051]⌈
Name CsmHash

Comment Asynchronous processing interface to execute the hash calculation.

IsService true

Variation Primitive = {ecuc(Csm/CsmPrimitives.SHORT-NAME)}

0 E_OK Operation successful

1 E_NOT_OK Operation failed

Possible
Errors 2 CRYPTO_E_BUSY Request failed, service is still busy.

CRYPTO_E_JOB_ Request failed because the job has been

12
CANCELED canceled.

Operation CancelJob

Comment Cancels the job.

Variation --

E_OK
Possible Errors E_NOT_OK
CRYPTO_E_JOB_CANCELED

Operation Hash

Comment Utilize the random seed service.

Variation --

dataPtr

Type ConstVoidPtr

Direction IN

Comment References the data to be hashed.

Variation --
Parameters
dataLength

Type uint32

Direction IN

Comment Contains the length in bytes of the data to be hashed.

Variation --

115 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

resultPtr

Type VoidPtr

Direction IN

Comment References the data of the hash.

Variation --

resultLengthPtr

Type Csm_LengthPtr

Direction IN

Comment Contains the length in bytes of the hash.

Variation --

E_OK
Possible Errors E_NOT_OK
CRYPTO_E_BUSY

⌋(SRS_CryptoStack_00090)

8.5.2.2 CsmMacGenerate

[SWS_Csm_91052]⌈
Name CsmMacGenerate

Comment Asynchronous processing interface to execute the MAC generation.

IsService true

Variation Primitive = {ecuc(Csm/CsmPrimitives.SHORT-NAME)}

0 E_OK Operation successful

1 E_NOT_OK Operation failed

2 CRYPTO_E_BUSY Request failed, service is still busy.

CRYPTO_E_KEY_
9 Request failed, the key is not valid.
NOT_VALID
Possible
Errors Request failed because the key element is not partially
CRYPTO_E_KEY_
10 accessible and the provided key element length is too
SIZE_MISMATCH
short or too long for that key element.

CRYPTO_E_JOB_
12 Request failed because the job has been canceled.
CANCELED

CRYPTO_E_KEY_ The service request failed because of uninitialized source

13
EMPTY key element.

Operation CancelJob

116 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Comment Cancels the job.

Variation --

E_OK
Possible Errors E_NOT_OK
CRYPTO_E_JOB_CANCELED

Operation MacGenerate

Uses the given data to perform a MAC generation and stores the MAC in the
Comment
memory location pointed to by the MAC pointer.

Variation --

dataPtr

Type ConstVoidPtr

Direction IN

Comment References the data from which a MAC shall be generated of.

Variation --

dataLength

Type uint32

Direction IN

Contains the length in bytes of the data from which a MAC shall be
Comment
generated of.

Variation --
Parameters
macPtr

Type VoidPtr

Direction IN

Comment References the data of the MAC.

Variation --

macLengthPtr

Type Csm_LengthPtr

Direction IN

Comment Contains the length in bytes of the MAC.

Variation --

E_OK
Possible E_NOT_OK
Errors CRYPTO_E_BUSY
CRYPTO_E_KEY_NOT_VALID
117 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager
 Specification of Crypto Service Manager
AUTOSAR CP R20-11

CRYPTO_E_KEY_SIZE_MISMATCH
CRYPTO_E_KEY_EMPTY

⌋(SRS_CryptoStack_00090)

8.5.2.3 CsmMacVerify

[SWS_Csm_91053]⌈
Name CsmMacVerify

Comment Asynchronous processing interface to execute the MAC verification.

IsService true

Variation Primitive = {ecuc(Csm/CsmPrimitives.SHORT-NAME)}

0 E_OK Operation successful

1 E_NOT_OK Operation failed

2 CRYPTO_E_BUSY Request failed, service is still busy.

CRYPTO_E_KEY_
9 Request failed, the key is not valid.
NOT_VALID
Possible
Errors Request failed because the key element is not partially
CRYPTO_E_KEY_
10 accessible and the provided key element length is too
SIZE_MISMATCH
short or too long for that key element.

CRYPTO_E_JOB_
12 Request failed because the job has been canceled.
CANCELED

CRYPTO_E_KEY_ The service request failed because of uninitialized source

13
EMPTY key element.

Operation CancelJob

Comment Cancels the job.

Variation --

E_OK
Possible Errors E_NOT_OK
CRYPTO_E_JOB_CANCELED

Operation MacVerify

Uses the given data to perform a MAC generation and stores the MAC in the
Comment
memory location pointed to by the MAC pointer.

Variation --

dataPtr
Parameters
Type ConstVoidPtr

118 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Direction IN

Comment References the data from which a MAC shall be generated of.

Variation --

dataLength

Type uint32

Direction IN

Contains the length in bytes of the data for whichs MAC shall be
Comment
verified.

Variation --

macPtr

Type ConstVoidPtr

Direction IN

Comment References the MAC to be verified.

Variation --

macLength

Type uint32

Direction IN

Comment Contains the length in BITS of the MAC to be verified.

Variation --

verifyPtr

Type Csm_VerifyResultPtr

Direction IN

Comment Contains the verification result.

Variation --

E_OK
E_NOT_OK
Possible CRYPTO_E_BUSY
Errors CRYPTO_E_KEY_NOT_VALID
CRYPTO_E_KEY_SIZE_MISMATCH
CRYPTO_E_KEY_EMPTY

⌋(SRS_CryptoStack_00090)

8.5.2.4 CsmEncrypt

[SWS_Csm_91054]⌈
119 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager
 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Name CsmEncrypt

Comment Asynchronous processing interface to execute the encryption.

IsService true

Variation Primitive = {ecuc(Csm/CsmPrimitives.SHORT-NAME)}

0 E_OK Operation successful

1 E_NOT_OK Operation failed

2 CRYPTO_E_BUSY Request failed, service is still busy.

CRYPTO_E_KEY_
9 Request failed, the key is not valid.
NOT_VALID
Possible
Errors Request failed because the key element is not partially
CRYPTO_E_KEY_
10 accessible and the provided key element length is too
SIZE_MISMATCH
short or too long for that key element.

CRYPTO_E_JOB_
12 Request failed because the job has been canceled.
CANCELED

CRYPTO_E_KEY_ The service request failed because of uninitialized source

13
EMPTY key element.

Operation CancelJob

Comment Cancels the job.

Variation --

E_OK
Possible Errors E_NOT_OK
CRYPTO_E_JOB_CANCELED

Operation Encrypt

Encrypts the given data and stores the ciphertext in the memory location pointed by
Comment
the result pointer.

Variation --

dataPtr

Type ConstVoidPtr

Direction IN

Parameters Comment References the data to be encrypted.

Variation --

dataLength

Type uint32

120 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Direction IN

Comment Contains the length in bytes of the data to be encrypted.

Variation --

resultPtr

Type VoidPtr

Direction IN

Comment References the data of the cipher.

Variation --

resultLengthPtr

Type Csm_LengthPtr

Direction IN

Comment Contains the length in bytes of the cipher.

Variation --

E_OK
E_NOT_OK
Possible CRYPTO_E_BUSY
Errors CRYPTO_E_KEY_NOT_VALID
CRYPTO_E_KEY_SIZE_MISMATCH
CRYPTO_E_KEY_EMPTY

⌋(SRS_CryptoStack_00090)

8.5.2.5 CsmDecrypt

[SWS_Csm_91055]⌈
Name CsmDecrypt

Comment Asynchronous processing interface to execute the decryption.

IsService true

Variation Primitive = {ecuc(Csm/CsmPrimitives.SHORT-NAME)}

0 E_OK Operation successful

1 E_NOT_OK Operation failed

2 CRYPTO_E_BUSY Request failed, service is still busy.

Possible
Errors CRYPTO_E_KEY_
9 Request failed, the key is not valid.
NOT_VALID

Request failed because the key element is not partially

CRYPTO_E_KEY_
10 accessible and the provided key element length is too
SIZE_MISMATCH
short or too long for that key element.

121 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

CRYPTO_E_JOB_
12 Request failed because the job has been canceled.
CANCELED

CRYPTO_E_KEY_ The service request failed because of uninitialized source

13
EMPTY key element.

Operation CancelJob

Comment Cancels the job.

Variation --

E_OK
Possible Errors E_NOT_OK
CRYPTO_E_JOB_CANCELED

Operation Decrypt

Decrypts the given data and stores the plaintext in the memory location pointed by
Comment
the resultBuffer pointer.

Variation --

dataPtr

Type ConstVoidPtr

Direction IN

Comment References the data to be decrypted.

Variation --

dataLength

Type uint32

Direction IN

Comment Contains the length in bytes of the data to be decrypted.

Parameters
Variation --

resultPtr

Type VoidPtr

Direction IN

Comment References the data of the decrypted plaintext.

Variation --

resultLengthPtr

Type Csm_LengthPtr

Direction IN

122 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Comment Contains the length in bytes of the decrypted plaintext.

Variation --

E_OK
E_NOT_OK
Possible CRYPTO_E_BUSY
Errors CRYPTO_E_KEY_NOT_VALID
CRYPTO_E_KEY_SIZE_MISMATCH
CRYPTO_E_KEY_EMPTY

⌋(SRS_CryptoStack_00090)

8.5.2.6 CsmAEADEncrypt

[SWS_Csm_91056]⌈
Name CsmAEADEncrypt

Comment Asynchronous processing interface to execute the AEAD encryption.

IsService true

Variation Primitive = {ecuc(Csm/CsmPrimitives.SHORT-NAME)}

0 E_OK Operation successful

1 E_NOT_OK Operation failed

2 CRYPTO_E_BUSY Request failed, service is still busy.

CRYPTO_E_KEY_
9 Request failed, the key is not valid.
NOT_VALID
Possible
Errors Request failed because the key element is not partially
CRYPTO_E_KEY_
10 accessible and the provided key element length is too
SIZE_MISMATCH
short or too long for that key element.

CRYPTO_E_JOB_
12 Request failed because the job has been canceled.
CANCELED

CRYPTO_E_KEY_ The service request failed because of uninitialized source

13
EMPTY key element.

Operation AEADEncrypt

Comment Streaming approach of the AEAD encryption.

Variation --

plaintextPtr

Type ConstVoidPtr
Parameters
Direction IN

Comment References the plaintext to be encrypted with AEAD.

123 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Variation --

plaintextLength

Type uint32

Direction IN

This element Contains the length in bytes of the plaintext to be

Comment
encrypted with AEAD.

Variation --

associatedDataPtr

Type ConstVoidPtr

Direction IN

References the data of the header (that is not part of the encryption
Comment
but authentication).

Variation --

associatedDataLength

Type uint32

Direction IN

Comment Contains the length in bytes of the data of the header.

Variation --

ciphertextPtr

Type VoidPtr

Direction IN

Comment References the data of the AEAD cipher.

Variation --

ciphertextLengthPtr

Type Csm_LengthPtr

Direction IN

Comment Contains the length in bytes of the data of the AEAD cipher.

Variation --

tagPtr

Type VoidPtr

Direction IN

Comment References the data of the Tag.

124 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Variation --

tagLengthPtr

Type Csm_LengthPtr

Direction IN

Comment Contains the length in bytes of the data of the Tag.

Variation --

E_OK
E_NOT_OK
Possible CRYPTO_E_BUSY
Errors CRYPTO_E_KEY_NOT_VALID
CRYPTO_E_KEY_SIZE_MISMATCH
CRYPTO_E_KEY_EMPTY

Operation CancelJob

Comment Cancels the job.

Variation --

E_OK
Possible Errors E_NOT_OK
CRYPTO_E_JOB_CANCELED

⌋(SRS_CryptoStack_00090)

8.5.2.7 CsmAEADDecrypt

[SWS_Csm_91057]⌈
Name CsmAEADDecrypt

Comment Asynchronous processing interface to execute the AEAD decryption.

IsService true

Variation Primitive = {ecuc(Csm/CsmPrimitives.SHORT-NAME)}

0 E_OK Operation successful

1 E_NOT_OK Operation failed

2 CRYPTO_E_BUSY Request failed, service is still busy.

CRYPTO_E_KEY_
Possible 9 Request failed, the key is not valid.
NOT_VALID
Errors
Request failed because the key element is not partially
CRYPTO_E_KEY_
10 accessible and the provided key element length is too
SIZE_MISMATCH
short or too long for that key element.

CRYPTO_E_JOB_
12 Request failed because the job has been canceled.
CANCELED

125 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

CRYPTO_E_KEY_ The service request failed because of uninitialized source

13
EMPTY key element.

Operation AEADDecrypt

Comment Streaming approach of the AEAD decryption.

Variation --

ciphertextPtr

Type ConstVoidPtr

Direction IN

Comment References the ciphertext to be decrypted with AEAD.

Variation --

ciphertextLength

Type uint32

Direction IN

Contains the length in bytes of the ciphertext to be decrypted with

Comment
AEAD.

Variation --

associatedDataPtr

Type ConstVoidPtr

Parameters Direction IN

References the data of the header (that is not part of the encryption
Comment
but authentication).

Variation --

associatedDataLength

Type uint32

Direction IN

Comment Contains the length in bytes of the data of the header.

Variation --

tagPtr

Type ConstVoidPtr

Direction IN

Comment References the data of the Tag.

Variation --

126 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

tagLength

Type uint32

Direction IN

Comment Contains the length in BITS of the data of the Tag.

Variation --

plaintextPtr

Type VoidPtr

Direction IN

Comment References the data of the decrypted AEAD plaintext.

Variation --

plaintextLengthPtr

Type Csm_LengthPtr

Direction IN

Contains the length in bytes of the data of the decrypted AEAD

Comment
plaintext.

Variation --

verifyPtr

Type Csm_VerifyResultPtr

Direction IN

Comment Contains the verification result.

Variation --

E_OK
E_NOT_OK
Possible CRYPTO_E_BUSY
Errors CRYPTO_E_KEY_NOT_VALID
CRYPTO_E_KEY_SIZE_MISMATCH
CRYPTO_E_KEY_EMPTY

Operation CancelJob

Comment Cancels the job.

Variation --

E_OK
Possible Errors E_NOT_OK
CRYPTO_E_JOB_CANCELED

⌋(SRS_CryptoStack_00090)
127 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager
 Specification of Crypto Service Manager
AUTOSAR CP R20-11

8.5.2.8 CsmSignatureGenerate

[SWS_Csm_91058]⌈
Name CsmSignatureGenerate

Comment Asynchronous processing interface to generate a signature.

IsService true

Variation Primitive = {ecuc(Csm/CsmPrimitives.SHORT-NAME)}

0 E_OK Operation successful

1 E_NOT_OK Operation failed

2 CRYPTO_E_BUSY Request failed, service is still busy.

CRYPTO_E_KEY_
9 Request failed, the key is not valid.
NOT_VALID
Possible
Errors Request failed because the key element is not partially
CRYPTO_E_KEY_
10 accessible and the provided key element length is too
SIZE_MISMATCH
short or too long for that key element.

CRYPTO_E_JOB_
12 Request failed because the job has been canceled.
CANCELED

CRYPTO_E_KEY_ The service request failed because of uninitialized source

13
EMPTY key element.

Operation CancelJob

Comment Cancels the job.

Variation --

E_OK
Possible Errors E_NOT_OK
CRYPTO_E_JOB_CANCELED

Operation SignatureGenerate

Comment Operation to generate a signature.

Variation --

dataPtr

Type ConstVoidPtr

Direction IN
Parameters
Comment References the data from which the signature shall be generated.

Variation --

dataLength

128 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Type uint32

Direction IN

Contains the length in bytes of the data from which the signature shall
Comment
be generated.

Variation --

resultPtr

Type VoidPtr

Direction IN

Comment References the signature.

Variation --

resultLengthPtr

Type Csm_LengthPtr

Direction IN

Comment Contains the length in bytes of the signature.

Variation --

E_OK
E_NOT_OK
Possible CRYPTO_E_BUSY
Errors CRYPTO_E_KEY_NOT_VALID
CRYPTO_E_KEY_SIZE_MISMATCH
CRYPTO_E_KEY_EMPTY

⌋(SRS_CryptoStack_00090)

8.5.2.9 CsmSignatureVerify

[SWS_Csm_91059]⌈
Name CsmSignatureVerify

Comment Asynchronous processing interface to execute the signature verification.

IsService true

Variation Primitive = {ecuc(Csm/CsmPrimitives.SHORT-NAME)}

0 E_OK Operation successful

1 E_NOT_OK Operation failed

Possible
Errors 2 CRYPTO_E_BUSY Request failed, service is still busy.

CRYPTO_E_KEY_
9 Request failed, the key is not valid.
NOT_VALID

129 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Request failed because the key element is not partially

CRYPTO_E_KEY_
10 accessible and the provided key element length is too
SIZE_MISMATCH
short or too long for that key element.

CRYPTO_E_JOB_
12 Request failed because the job has been canceled.
CANCELED

CRYPTO_E_KEY_ The service request failed because of uninitialized source

13
EMPTY key element.

Operation CancelJob

Comment Cancels the job.

Variation --

E_OK
Possible Errors E_NOT_OK
CRYPTO_E_JOB_CANCELED

Operation SignatureVerify

Comment Operation to verify a signature.

Variation --

dataPtr

Type ConstVoidPtr

Direction IN

Comment References the data for which signature shall be verified.

Variation --

dataLength

Type uint32

Direction IN
Parameters
Contains the length in bytes of the data for which signature shall be
Comment
verified.

Variation --

comparePtr

Type ConstVoidPtr

Direction IN

Comment References the signature to be verified.

Variation --

compareLength

130 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Type uint32

Direction IN

Comment Contains the length in bytes of the signature to be verified.

Variation --

verifyPtr

Type Csm_VerifyResultPtr

Direction IN

Comment Contains the verification result.

Variation --

E_OK
E_NOT_OK
Possible CRYPTO_E_BUSY
Errors CRYPTO_E_KEY_NOT_VALID
CRYPTO_E_KEY_SIZE_MISMATCH
CRYPTO_E_KEY_EMPTY

⌋(SRS_CryptoStack_00090)

8.5.2.10 CsmRandomGenerate

[SWS_Csm_91060]⌈
Name CsmRandomGenerate

Comment Asynchronous processing interface to execute the random number generation.

IsService true

Variation Primitive = {ecuc(Csm/CsmPrimitives.SHORT-NAME)}

0 E_OK Operation successful

1 E_NOT_OK Operation failed

2 CRYPTO_E_BUSY Request failed, service is still busy.

Possible
Errors
CRYPTO_E_ENTROPY_ Request failed, entropy of random number
4
EXHAUSTED generator is exhausted.

CRYPTO_E_JOB_ Request failed because the job has been

12
CANCELED canceled.

Operation CancelJob

Comment Cancels the job.

Variation --

131 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

E_OK
Possible Errors E_NOT_OK
CRYPTO_E_JOB_CANCELED

Operation RandomGenerate

Generates a random number and stores it in the memory location pointed by the
Comment
resultBuffer pointer.

Variation --

resultPtr

Type VoidPtr

Direction IN

Comment References the random number.

Variation --
Parameters
resultLengthPtr

Type Csm_LengthPtr

Direction IN

Comment Contains the length in bytes of the data of random number.

Variation --

E_OK
Possible E_NOT_OK
Errors CRYPTO_E_BUSY
CRYPTO_E_ENTROPY_EXHAUSTED

⌋(SRS_CryptoStack_00090)

8.5.3 Client-Server-Interfaces (Key Management)

8.5.3.1 CsmJobKeySetValid

[SWS_Csm_91035]⌈
Name CsmJobKeySetValid

Comment Interface to set a key valid.

IsService true

Variation Primitive = {ecuc(Csm/CsmPrimitives.SHORT-NAME)}

0 E_OK Operation successful

Possible
1 E_NOT_OK Operation failed
Errors
2 CRYPTO_E_BUSY Request failed, service is still busy.
132 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager
 Specification of Crypto Service Manager
AUTOSAR CP R20-11

CRYPTO_E_JOB_ Request failed because the job has been

12
CANCELED canceled.

Operation CancelJob

Comment Cancels the job.

Variation --

E_OK
Possible Errors E_NOT_OK
CRYPTO_E_JOB_CANCELED

Operation KeySetValid

Comment Operation to set a key valid.

Variation --

keyId

Type uint32

Parameters Direction IN

Comment Identifier of the key.

Variation --

E_OK
Possible Errors E_NOT_OK
CRYPTO_E_BUSY

⌋()

8.5.3.2 CsmJobKeySetInvalid

[SWS_Csm_91003]⌈
Name CsmJobKeySetInvalid

Comment Interface to set the status of the key to invalid.

IsService true

Variation Primitive = {ecuc(Csm/CsmPrimitives.SHORT-NAME)}

0 E_OK Operation successful

1 E_NOT_OK Operation failed

Possible
Errors 2 CRYPTO_E_BUSY Request failed, service is still busy.

CRYPTO_E_JOB_ Request failed because the job has been

12
CANCELED canceled.

133 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Operation CancelJob

Comment Cancels the job.

Variation --

E_OK
Possible Errors E_NOT_OK
CRYPTO_E_JOB_CANCELED

Operation KeySetInvalid

Comment Operation to set the status of the key to invalid.

Variation --

key

Type uint32

Parameters Direction IN

Comment Identifier of the key.

Variation --

E_OK
Possible Errors E_NOT_OK
CRYPTO_E_BUSY

⌋()

8.5.3.3 CsmJobRandomSeed

[SWS_Csm_91036]⌈
Name CsmJobRandomSeed

Comment Interface to random seed operation.

IsService true

Variation Primitive = {ecuc(Csm/CsmPrimitives.SHORT-NAME)}

0 E_OK Operation successful

1 E_NOT_OK Operation failed

2 CRYPTO_E_BUSY Request failed, service is still busy.

Possible
Errors
CRYPTO_E_KEY_NOT_
9 Request failed, the key is not valid.
VALID

CRYPTO_E_JOB_ Request failed because the job has been

12
CANCELED canceled.

134 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Operation CancelJob

Comment Cancels the job.

Variation --

E_OK
Possible Errors E_NOT_OK
CRYPTO_E_JOB_CANCELED

Operation RandomSeed

Comment Utilize the random seed service.

Variation --

keyId

Type uint32

Direction IN

Comment Identifier of the key.

Variation --

seedPtr

Type Csm_DataPtr

Parameters Direction IN

Comment Holds the data which shall be used for the random seed initialization.

Variation --

seedLength

Type uint32

Direction IN

Comment Contains the length of the seed in bytes.

Variation --

E_OK
E_NOT_OK
Possible Errors
CRYPTO_E_BUSY
CRYPTO_E_KEY_NOT_VALID

⌋()

8.5.3.4 CsmJobKeyGenerate

[SWS_Csm_91037]⌈

135 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Name CsmJobKeyGenerate

Comment Interface to execute key generation.

IsService true

Variation Primitive = {ecuc(Csm/CsmPrimitives.SHORT-NAME)}

0 E_OK Operation successful

1 E_NOT_OK Operation failed

2 CRYPTO_E_BUSY Request failed, service is still busy.

Possible CRYPTO_E_KEY_NOT_
9 Request failed, the key is not valid.
Errors VALID

CRYPTO_E_JOB_
12 Request failed because the job has been canceled.
CANCELED

CRYPTO_E_KEY_ The service request failed because of uninitialized

13
EMPTY source key element.

Operation CancelJob

Comment Cancels the job.

Variation --

E_OK
Possible Errors E_NOT_OK
CRYPTO_E_JOB_CANCELED

Operation KeyGenerate

Comment Generates new key material and stores it in the key identified by keyId.

Variation --

keyId

Type uint32

Parameters Direction IN

Comment Identifier of the key.

Variation --

E_OK
E_NOT_OK
Possible Errors CRYPTO_E_BUSY
CRYPTO_E_KEY_NOT_VALID
CRYPTO_E_KEY_EMPTY

⌋()

136 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

8.5.3.5 CsmJobKeyDerive

[SWS_Csm_91038]⌈
Name CsmJobKeyDerive

Comment Interface to execute key derive.

IsService true

Variation Primitive = {ecuc(Csm/CsmPrimitives.SHORT-NAME)}

0 E_OK Operation successful

1 E_NOT_OK Operation failed

2 CRYPTO_E_BUSY Request failed, service is still busy.

CRYPTO_E_KEY_ The service request failed because read access was

6
READ_FAIL denied.

CRYPTO_E_KEY_ The service request failed because write access was

7
WRITE_FAIL denied.
Possible
Errors CRYPTO_E_KEY_
9 Request failed, the key is not valid.
NOT_VALID

Request failed because the key element is not partially

CRYPTO_E_KEY_
10 accessible and the provided key element length is too
SIZE_MISMATCH
short or too long for that key element.

CRYPTO_E_JOB_
12 Request failed because the job has been canceled.
CANCELED

CRYPTO_E_KEY_ The service request failed because of uninitialized source

13
EMPTY key element.

Operation CancelJob

Comment Cancels the job.

Variation --

E_OK
Possible Errors E_NOT_OK
CRYPTO_E_JOB_CANCELED

Operation KeyDerive

Derives a new key by using the key elements in the given key. The given key
Comment contains the key elements for the password and salt. The derived key is stored in the
key element with the id 1 of the key identified by targetCryptoKeyId.

Variation --

keyId
Parameters
Type uint32

137 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Direction IN

Comment Identifier of the key.

Variation --

targetKeyId

Type uint32

Direction IN

Holds the identifier of the key which is used to store the derived
Comment
key.

Variation --

E_OK
E_NOT_OK
CRYPTO_E_BUSY
Possible CRYPTO_E_KEY_READ_FAIL
Errors CRYPTO_E_KEY_WRITE_FAIL
CRYPTO_E_KEY_NOT_VALID
CRYPTO_E_KEY_SIZE_MISMATCH
CRYPTO_E_KEY_EMPTY

⌋()

8.5.3.6 CsmJobKeyExchangeCalcPubVal

[SWS_Csm_91039]⌈
Name CsmJobKeyExchangeCalcPubVal

Comment Interface to execute calculation of the public value for key exchange.

IsService true

Variation Primitive = {ecuc(Csm/CsmPrimitives.SHORT-NAME)}

0 E_OK Operation successful

1 E_NOT_OK Operation failed

2 CRYPTO_E_BUSY Request failed, service is still busy.

Possible CRYPTO_E_KEY_NOT_
9 Request failed, the key is not valid.
Errors VALID

CRYPTO_E_JOB_
12 Request failed because the job has been canceled.
CANCELED

CRYPTO_E_KEY_ The service request failed because of uninitialized

13
EMPTY source key element.

Operation CancelJob

Comment Cancels the job.

138 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Variation --

E_OK
Possible Errors E_NOT_OK
CRYPTO_E_JOB_CANCELED

Operation KeyExchangeCalcPubVal

Calculates the public value of the current user for the key exchange and stores the
Comment
public key in the provided buffer.

Variation --

keyId

Type uint32

Direction IN

Comment Identifier of the key.

Variation --

publicValuePtr

Type VoidPtr

Direction IN

Parameters Contains the pointer to the memory location where the public value shall
Comment
be stored.

Variation --

publicValueLengthPtr

Type Csm_LengthPtr

Direction IN

Holds a pointer to the memory location in which the public value length in
bytes is stored. On calling this function, this parameter shall contain the
Comment
size of the buffer in bytes provided by publicValuePtr. When the request
has finished, the actual length of the returned value shall be stored.

Variation --

E_OK
E_NOT_OK
Possible
CRYPTO_E_BUSY
Errors
CRYPTO_E_KEY_NOT_VALID
CRYPTO_E_KEY_EMPTY

⌋()

8.5.3.7 CsmJobKeyExchangeCalcSecret

[SWS_Csm_91040]⌈
139 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager
 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Name CsmJobKeyExchangeCalcSecret

Comment Interface to execute calculation of shared secret for key exchange.

IsService true

Variation Primitive = {ecuc(Csm/CsmPrimitives.SHORT-NAME)}

0 E_OK Operation successful

1 E_NOT_OK Operation failed

2 CRYPTO_E_BUSY Request failed, service is still busy.

Possible CRYPTO_E_KEY_NOT_
9 Request failed, the key is not valid.
Errors VALID

CRYPTO_E_JOB_
12 Request failed because the job has been canceled.
CANCELED

CRYPTO_E_KEY_ The service request failed because of uninitialized

13
EMPTY source key element.

Operation CancelJob

Comment Cancels the job.

Variation --

E_OK
Possible Errors E_NOT_OK
CRYPTO_E_JOB_CANCELED

Operation KeyExchangeCalcSecret

Calculates the shared secret key for the key exchange with the key material of the
Comment key identified by the keyId and the partner public key. The shared secret key is
stored as a key element in the same key.

Variation --

keyId

Type uint32

Direction IN

Comment Identifier of the key.

Parameters
Variation --

partnerPublicValuePtr

Type Csm_KeyDataType_{Crypto}

Direction IN

140 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Holds the pointer to the memory location containing the partner's

Comment
public value.

Variation --

partnerPublicValueLength

Type uint32

Direction IN

Comment Contains the number of bytes of the partner public value.

Variation --

E_OK
E_NOT_OK
Possible
CRYPTO_E_BUSY
Errors
CRYPTO_E_KEY_NOT_VALID
CRYPTO_E_KEY_EMPTY

⌋()

8.5.4 Client-Server-Interface (Context Service)

8.5.4.1 CsmContextService{Job}

[SWS_Csm_91106]⌈
Name CsmContextService_{Job}

Comment Interface to context data operation

IsService true

{ecuc(Csm/CsmJobs/CsmJob. CsmJobServiceInterfaceContextUsePort)} ==
Variation CRYPTO_USE_PORT
Job = {ecuc(Csm/CsmJobs/CsmJob.SHORT-NAME)}

0 E_OK Operation successful

Possible
1 E_NOT_OK Operation failed
Errors
2 CRYPTO_E_BUSY Request failed, service is still busy.

Operation RestoreContextJob

Comment Restore the job context.

Variation --

contextBuffer

Parameters Type VoidPtr

Direction IN

141 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Comment Provides the buffer for the context as [DATA_REFERENCE].

Variation --

contextBufferLength

Type uint32

Direction IN

Comment Contains the length in bytes of the context buffer.

Variation --

E_OK
Possible Errors E_NOT_OK
CRYPTO_E_BUSY

Operation SaveContextJob

Comment Save the job context to the provided buffer.

Variation --

contextBufferPtr

Type VoidPtr

Direction IN

Comment Provides the buffer for the context as [DATA_REFERENCE].

Variation --
Parameters
contextBufferLengthPtr

Type uint32

Direction IN

Contains the length in bytes of the context buffer as [DATA_

Comment
REFERENCE].

Variation --

E_OK
Possible
E_NOT_OK
Errors
CRYPTO_E_BUSY

⌋()

8.5.5 Client-Server-Interface Callbacks

8.5.5.1 CallbackNotification

[SWS_Csm_00928]⌈

142 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Name CallbackNotification

Comment Interface for the callback notification.

IsService true

Variation --

Possible Errors -- -- --

Operation CallbackNotification

Comment Notifies the application with a return value that the job has finished.

Variation --

result

Type Crypto_ResultType

Parameters Direction IN

Comment Return value that shall be returned to the application

Variation --

Possible Errors --

⌋(SRS_CryptoStack_00090)

8.5.6 Implementation Data Types

8.5.6.1 Crypto_OperationModeType

[SWS_Csm_01029]⌈
Name Crypto_OperationModeType

Kind Enumeration

Operation Mode is "Start". The job's state shall

CRYPTO_
0x01 be reset, i.e. previous input data and
OPERATIONMODE_START
intermediate results shall be deleted.

CRYPTO_
Operation Mode is "Update". Used to calculate
OPERATIONMODE_ 0x02
intermediate results.
UPDATE
Range
CRYPTO_
Operation Mode is "Stream Start". Mixture of
OPERATIONMODE_ 0x03
"Start" and "Update". Used for streaming.
STREAMSTART

CRYPTO_ Operation Mode is "Finish". The calculations

0x04
OPERATIONMODE_FINISH shall be finalized.

143 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

CRYPTO_
Operation Mode is "Single Call". Mixture of
OPERATIONMODE_ 0x07
"Start", "Update" and "Finish".
SINGLECALL

CRYPTO_ Operation mode is "Save workspace context".

OPERATIONMODE_SAVE_ 0x08 Context data shall be provided by the crypto
CONTEXT driver to the application.

Operation mode is "Restore workspace

CRYPTO_
context". Application provides the context data
OPERATIONMODE_ 0x10
that was previously stored and the crypto driver
RESTORE_CONTEXT
shall restore the internal workspace.

Enumeration which operation shall be performed. This enumeration is constructed

Description from a bit mask, where the first bit indicates "Start", the second "Update" and the third
"Finish".

Variation --

Available
Rte_Csm_Type.h
via

⌋()

8.5.6.2 Crypto_VerifyResultType

[SWS_Csm_01024]⌈
Name Crypto_VerifyResultType

Kind Enumeration

The result of the verification is "true", i.e. the two

CRYPTO_E_
0x00 compared elements are identical. This return code shall be
VER_OK
given as value "0"
Range
The result of the verification is "false", i.e. the two
CRYPTO_E_
0x01 compared elements are not identical. This return code
VER_NOT_OK
shall be given as value "1".

Description Enumeration of the result type of verification operations.

Variation --

Available
Rte_Csm_Type.h
via

⌋()

8.5.6.3 Csm_KeyDataType_{Crypto}

[SWS_Csm_00828]⌈
Name Csm_KeyDataType_{Crypto}

Kind Array Element type uint8

144 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

max({ecuc(Csm/CsmKeys/CsmKey/CsmKeyRef->CryIfKey/CryIfKeyRef->CryptoKey/
Size CryptoKeyTypeRef->CryptoKeyType/CryptoKeyElementRef->CryptoKeyElement/
CryptoKeyElementSize) Elements

Description Array long enough to store any key element of the considered key

Variation Crypto = {ecuc(Csm/CsmKeys/CsmKey.SHORT-NAME)}

Available
Rte_Csm_Type.h
via

⌋()

8.5.6.4 Crypto_ResultType

[SWS_Csm_91044]⌈
Name Crypto_ResultType

Kind Enumeration

E_OK 0x00 The service request is successful.

E_NOT_OK 0x01 The service request failed.

The service request failed because the service is

CRYPTO_E_BUSY 0x02
still busy

CRYPTO_E_ENTROPY_ The service request failed because the entropy of

0x04
EXHAUSTED the random number generator is exhausted

CRYPTO_E_KEY_ The service request failed because read access

0x06
READ_FAIL was denied

CRYPTO_E_KEY_ The service request failed because the writing

0x07
WRITE_FAIL access failed
Range
CRYPTO_E_KEY_NOT_ The service request failed because the key is not
0x08
AVAILABLE available

CRYPTO_E_KEY_NOT_ The service request failed because the key is

0x09
VALID invalid.

CRYPTO_E_KEY_SIZE_ The service request failed because the key size

0x0A
MISMATCH does not match.

CRYPTO_E_JOB_ The service request failed because the Job has

0x0C
CANCELED been canceled.

CRYPTO_E_KEY_ The service request failed because of uninitialized

0x0D
EMPTY source key element.

Description Return for Std_ReturnType for Cryptostack.

Variation --

Available
Rte_Csm_Type.h
via

145 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

⌋(SRS_CryptoStack_00095)

8.5.6.5 Csm_HashDataType_{Crypto}

[SWS_Csm_01920]⌈
Name Csm_HashDataType_{Crypto}

Kind Array Element type uint8

{ecuc(Csm/CsmPrimitives/CsmHash/CsmHashConfig/CsmHashDataMaxLength}
Size
Elements

Description Array long enough to store the data which shall be hashed.

Variation Crypto={ecuc/Csm/CsmPrimitives.SHORT-NAME}

Available
Rte_Csm_Type.h
via

⌋(SRS_CryptoStack_00090)

8.5.6.6 Csm_HashResultType_{Crypto}

[SWS_Csm_00912]⌈
Name Csm_HashResultType_{Crypto}

Kind Array Element type uint8

{ecuc(Csm/CsmPrimitives/CsmHash/CsmHashConfig/CsmHashResultLength}
Size
Elements

Description Array long enough to store the data of the hash.

Variation Crypto= {ecuc/Csm/CsmPrimitives.SHORT-NAME}

Available
Rte_Csm_Type.h
via

⌋(SRS_CryptoStack_00090)

8.5.6.7 Csm_MacGenerateDataType_{Crypto}

[SWS_Csm_00935]⌈
Name Csm_MacGenerateDataType_{Crypto}

Kind Array Element type uint8

{ecuc(Csm/CsmPrimitives/CsmMacGenerate/CsmMacGenerateConfig/CsmMac
Size
GenerateDataMaxLength} Elements

Description Array long enough to store the data from which a MAC shall be generated.

Variation Crypto= {ecuc/Csm/CsmPrimitives.SHORT-NAME}

146 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Available
Rte_Csm_Type.h
via

⌋(SRS_CryptoStack_00090)

8.5.6.8 Csm_MacGenerateResultType_{Crypto}

[SWS_Csm_00927]⌈
Name Csm_MacGenerateResultType_{Crypto}

Kind Array Element type uint8

{ecuc(Csm/CsmPrimitives/CsmMacGenerate/CsmMacGenerateConfig/CsmMac
Size
GenerateResultLength} Elements

Description Array long enough to store the data of the MAC.

Variation Crypto= {ecuc/Csm/CsmPrimitives.SHORT-NAME}

Available
Rte_Csm_Type.h
via

⌋(SRS_CryptoStack_00090)

8.5.6.9 Csm_MacVerifyDataType_{Crypto}

[SWS_Csm_00802]⌈
Name Csm_MacVerifyDataType_{Crypto}

Kind Array Element type uint8

{ecuc(Csm/CsmPrimitives/CsmMacVerify/CsmMacVerifyConfig/CsmMacVerifyData
Size
MaxLength} Elements

Description Array long enough to store the data for whichs MAC shall be verified.

Variation Crypto= {ecuc/Csm/CsmPrimitives.SHORT-NAME}

Available
Rte_Csm_Type.h
via

⌋(SRS_CryptoStack_00090)

8.5.6.10 Csm_MacVerifyCompareType_{Crypto}

[SWS_Csm_00803]⌈
Name Csm_MacVerifyCompareType_{Crypto}

Kind Array Element type uint8

{ecuc(Csm/CsmPrimitives/CsmMacVerify/CsmMacVerifyConfig/CsmMacVerify
Size
CompareLength}/8 Elements

147 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Description Array long enough to store a MAC to be verified.

Variation Crypto= {ecuc/Csm/CsmPrimitives.SHORT-NAME}

Available
Rte_Csm_Type.h
via

⌋(SRS_CryptoStack_00090)

8.5.6.11 Csm_EncryptDataType_{Crypto}

[SWS_Csm_01921]⌈
Name Csm_EncryptDataType_{Crypto}

Kind Array Element type uint8

{ecuc(Csm/CsmPrimitives/CsmEncrypt/CsmEncryptConfig/CsmEncryptDataMax
Size
Length} Elements

Description Array long enough to store the data to be encrypted.

Variation Crypto= {ecuc/Csm/CsmPrimitives.SHORT-NAME}

Available
Rte_Csm_Type.h
via

⌋(SRS_CryptoStack_00090)

8.5.6.12 Csm_EncryptResultType_{Crypto}

[SWS_Csm_01922]⌈
Name Csm_EncryptResultType_{Crypto}

Kind Array Element type uint8

{ecuc(Csm/CsmPrimitives/CsmEncrypt/CsmEncryptConfig/CsmEncryptResultMax
Size
Length} Elements

Description Array long enough to store the data of the cipher.

Variation Crypto= {ecuc/Csm/CsmPrimitives.SHORT-NAME}

Available
Rte_Csm_Type.h
via

⌋(SRS_CryptoStack_00090)

8.5.6.13 Csm_DecryptDataType_{Crypto}

[SWS_Csm_01923]⌈
Name Csm_DecryptDataType_{Crypto}

Kind Array Element type uint8

148 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

{ecuc(Csm/CsmPrimitives/CsmDecrypt/CsmDecryptConfig/CsmDecryptDataMax
Size
Length} Elements

Description Array long enough to store the data to be decrypted.

Variation Crypto= {ecuc/Csm/CsmPrimitives.SHORT-NAME}

Available
Rte_Csm_Type.h
via

⌋(SRS_CryptoStack_00090)

8.5.6.14 Csm_DecryptResultType_{Crypto}

[SWS_Csm_01924]⌈
Name Csm_DecryptResultType_{Crypto}

Kind Array Element type uint8

{ecuc(Csm/CsmPrimitives/CsmDecrypt/CsmDecryptConfig/CsmDecryptResultMax
Size
Length} Elements

Description Array long enough to store the data of the decrypted plaintext.

Variation Crypto= {ecuc/Csm/CsmPrimitives.SHORT-NAME}

Available
Rte_Csm_Type.h
via

⌋(SRS_CryptoStack_00090)

8.5.6.15 Csm_AEADEncryptPlaintextType_{Crypto}

[SWS_Csm_01925]⌈
Name Csm_AEADEncryptPlaintextType_{Crypto}

Kind Array Element type uint8

{ecuc(Csm/CsmPrimitives/CsmAEADEncrypt/CsmAEADEncryptConfig/Csm
Size
AEADEncryptPlaintextMaxLength} Elements

Description Array long enough to store the plaintext to be encrypted with AEAD.

Variation Crypto= {ecuc/Csm/CsmPrimitives.SHORT-NAME}

Available
Rte_Csm_Type.h
via

⌋(SRS_CryptoStack_00090)

8.5.6.16 Csm_AEADEncryptAssociatedDataType_{Crypto}

[SWS_Csm_01928]⌈

149 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Name Csm_AEADEncryptAssociatedDataType_{Crypto}

Kind Array Element type uint8

{ecuc(Csm/CsmPrimitives/CsmAEADEncrypt/CsmAEADEncryptConfig/Csm
Size
AEADEncryptAssociatedDataMaxLength} Elements

Description Array long enough to store the data of the header.

Variation Crypto= {ecuc/Csm/CsmPrimitives.SHORT-NAME}

Available
Rte_Csm_Type.h
via

⌋(SRS_CryptoStack_00090)

8.5.6.17 Csm_AEADEncryptCiphertextType_{Crypto}

[SWS_Csm_01927]⌈
Name Csm_AEADEncryptCiphertextType_{Crypto}

Kind Array Element type uint8

{ecuc(Csm/CsmPrimitives/CsmAEADEncrypt/CsmAEADEncryptConfig/Csm
Size
AEADEncryptCiphertextMaxLength} Elements

Description Array long enough to store the data of the cipher.

Variation Crypto= {ecuc/Csm/CsmPrimitives.SHORT-NAME}

Available
Rte_Csm_Type.h
via

⌋(SRS_CryptoStack_00090)

8.5.6.18 Csm_AEADEncryptTagType_{Crypto}

[SWS_Csm_01926]⌈
Name Csm_AEADEncryptTagType_{Crypto}

Kind Array Element type uint8

{ecuc(Csm/CsmPrimitives/CsmAEADEncrypt/CsmAEADEncryptConfig/Csm
Size
AEADEncryptTagLength)} Elements

Description Array long enough to store the data of the Tag.

Variation Crypto= {ecuc/Csm/CsmPrimitives.SHORT-NAME}

Available
Rte_Csm_Type.h
via

⌋(SRS_CryptoStack_00090)

150 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

8.5.6.19 Csm_AEADDecryptCiphertextType_{Crypto}

[SWS_Csm_00922]⌈
Name Csm_AEADDecryptCiphertextType_{Crypto}

Kind Array Element type uint8

{ecuc(Csm/CsmAEADDecrypt/CsmAEADDecryptConfig/CsmAEADDecryptCiphertext
Size
MaxLength} Elements

Description Array long enough to store the ciphertext to be decrypted with AEAD.

Variation Crypto= {ecuc/Csm/CsmPrimitives.SHORT-NAME}

Available
Rte_Csm_Type.h
via

⌋(SRS_CryptoStack_00090)

8.5.6.20 Csm_AEADDecryptAssociatedDataType_{Crypto}

[SWS_Csm_00923]⌈
Name Csm_AEADDecryptAssociatedDataType_{Crypto}

Kind Array Element type uint8

{ecuc(Csm/CsmAEADDecrypt/CsmAEADDecryptConfig/CsmAEADDecrypt
Size
AssociatedDataMaxLength} Elements

Description Array long enough to store the data of the header.

Variation Crypto= {ecuc/Csm/CsmPrimitives.SHORT-NAME}

Available
Rte_Csm_Type.h
via

⌋(SRS_CryptoStack_00090)

8.5.6.21 Csm_AEADDecryptTagType_{Crypto}

[SWS_Csm_01074]⌈
Name Csm_AEADDecryptTagType_{Crypto}

Kind Array Element type uint8

(({ecuc(Csm/CsmPrimitives/CsmAEADDecrypt/CsmAEADDecryptConfig/Csm
Size
AEADDecryptTagLength)}+7)/8) Elements

Description Array long enough to store the data of the Tag.

Variation Crypto = {ecuc/Csm/CsmPrimitives.SHORT-NAME}

Available
Rte_Csm_Type.h
via

151 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

⌋(SRS_CryptoStack_00090)

8.5.6.22 Csm_AEADDecryptPlaintextType_{Crypto}

[SWS_Csm_01075]⌈
Name Csm_AEADDecryptPlaintextType_{Crypto}

Kind Array Element type uint8

{ecuc(Csm/CsmPrimitives/CsmAEADDecrypt/CsmAEADDecryptConfig/Csm
Size
AEADDecryptPlaintextMaxLength} Elements

Description Array long enough to store the data of the plaintext.

Variation Crypto= {ecuc/Csm/CsmPrimitives.SHORT-NAME}

Available
Rte_Csm_Type.h
via

⌋(SRS_CryptoStack_00090)

8.5.6.23 Csm_SignatureGenerateDataType_{Crypto}

[SWS_Csm_01083]⌈
Name Csm_SignatureGenerateDataType_{Crypto}

Kind Array Element type uint8

{ecuc(Csm/CsmPrimitives/CsmSignatureGenerate/CsmSignatureGenerateConfig/
Size
CsmSignatureGenerateDataMaxLength} Elements

Description Array long enough to store the data from which the signature shall be generated.

Variation Crypto= {ecuc/Csm/CsmPrimitives.SHORT-NAME}

Available
Rte_Csm_Type.h
via

⌋(SRS_CryptoStack_01076)

8.5.6.24 Csm_SignatureGenerateResultType_{Crypto}

[SWS_Csm_01077]⌈
Name Csm_SignatureGenerateResultType_{Crypto}

Kind Array Element type uint8

{ecuc(Csm/CsmPrimitives/CsmSignatureGenerate/CsmSignatureGenerateConfig/
Size
CsmSignatureGenerateResultLength} Elements

Description Array long enough to store the signature and its length.

Variation Crypto= {ecuc/Csm/CsmPrimitives.SHORT-NAME}

152 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Available
Rte_Csm_Type.h
via

⌋(SRS_CryptoStack_00090)

8.5.6.25 Csm_SignatureVerifyDataType_{Crypto}

[SWS_Csm_01078]⌈
Name Csm_SignatureVerifyDataType_{Crypto}

Kind Array Element type uint8

{ecuc(Csm/CsmPrimitives/CsmSignatureVerify/CsmSignatureVerifyConfig/Csm
Size
SignatureVerifyDataMaxLength} Elements

Description Array long enough to store the data for whichs signature shall be verified.

Variation Crypto= {ecuc/Csm/CsmPrimitives.SHORT-NAME}

Available
Rte_Csm_Type.h
via

⌋(SRS_CryptoStack_00090)

8.5.6.26 Csm_SignatureVerifyCompareType_{Crypto}

[SWS_Csm_01079]⌈
Name Csm_SignatureVerifyCompareType_{Crypto}

Kind Array Element type uint8

{ecuc(Csm/CsmPrimitives/CsmSignatureVerify/CsmSignatureVerifyConfig/Csm
Size
SignatureVerifyCompareLength} Elements

Description Array long enough to store a signature to be verified.

Variation Crypto= {ecuc/Csm/CsmPrimitives.SHORT-NAME}

Available
Rte_Csm_Type.h
via

⌋(SRS_CryptoStack_00090)

8.5.6.27 Csm_RandomGenerateResultType_{Crypto}

[SWS_Csm_00930]⌈
Name Csm_RandomGenerateResultType_{Crypto}

Kind Array Element type uint8

{ecuc(Csm/CsmPrimitives/CsmRandomGenerate/CsmRandomGenerateConfig/Csm
Size
RandomGenerateResultLength) Elements

153 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Description Array long enough to store the data of the random number.

Variation Crypto= {ecuc/Csm/CsmPrimitives.SHORT-NAME}

Available
Rte_Csm_Type.h
via

⌋(SRS_CryptoStack_00090)

8.5.6.28 Csm_LengthPtr

[SWS_Csm_91045]⌈
Name Csm_LengthPtr

Kind Pointer

Type uint32*

ImplementationDataType of category DATA_REFERENCE with the pointer target

Description
uint32 to be able to return asynchronously the length.

Variation --

Available
Rte_Csm_Type.h
via

⌋(SRS_CryptoStack_00090)

8.5.6.29 Csm_VerifyResultPtr

[SWS_Csm_91046]⌈
Name Csm_VerifyResultPtr

Kind Pointer

Type Csm_VerifyResultType*

ImplementationDataType of category DATA_REFERENCE with the pointer target

Description
Csm_VerifyResultType to be able to return asynchronously the verify result.

Variation --

Available
Rte_Csm_Type.h
via

⌋(SRS_CryptoStack_00090)

154 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

8.5.6.30 Crypto_KeyStatusType

[SWS_Csm_91102]⌈
Name Crypto_KeyStatusType

Kind Enumeration

CRYPTO_ The status of the key is invalid (for example after

KEYSTATUS_ 0x00 Csm_KeyElementSet the Csm_KeySetValid was not
INVALID called).
Range
CRYPTO_ The status of the key is valid (for example the status
0x01
KEYSTATUS_VALID was successfully set by the Csm_KeySetValid).

Description Enumeration for key status.

Variation --

Available
Rte_Csm_Type.h
via

⌋()

8.5.7 Ports

8.5.7.1 CsmKey_{Key}

[SWS_Csm_01042]⌈
Name CsmKey_{Key}

Kind ProvidedPort Interface CsmKeyManagement_{Key}

Port related to a specific cryptographic key to execute the key

Description
management functions synchronously.

Type uint32
Port Defined Argument
Value(s)
Value {ecuc(Csm/CsmKeys/CsmKey/CsmKeyId)}

{ecuc(Csm/CsmKeys/CsmKey.CsmKeyUsePort)} == TRUE
Variation
Key = {ecuc(Csm/CsmKeys/CsmKey.SHORT-NAME)}

⌋(SRS_CryptoStack_00090, SRS_CryptoStack_00091)

8.5.7.2 CsmJob_{Job} (CRYPTO_USE_PORT)

[SWS_Csm_91023]⌈
Name CsmJob_{Job}

Kind ProvidedPort Interface --

155 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Port related to a specific cryptographic job to execute the assigned

Description
cryptographic calculations synchronously.

Type uint32

Value {ecuc(Csm/CsmJobs/CsmJob.CsmJobId)}
Port Defined
Argument
Type Crypto_OperationModeType
Value(s)
CRYPTO_OPERATIONMODE_
Value
SINGLECALL

({ecuc(Csm/CsmJobs/CsmJob.CsmJobInterfaceUsePort)} == CRYPTO_USE_
PORT) &&({ecuc(Csm/CsmJobs/CsmJob.CsmJobPrimitiveRef)} != NULL)
Job = {ecuc(Csm/CsmJobs/CsmJob.SHORT-NAME)}
Variation Primitive = {ecuc(Csm/CsmJobs/CsmJob.CsmJobPrimitiveRef->Csm
Primitives/*.SHORT-NAME)}
PrimitiveCfg = {ecuc(Csm/CsmPrimitives/{Primitive}/{Primitive}Config.SHORT-
NAME)}

⌋(SRS_CryptoStack_00090, SRS_CryptoStack_00091)

8.5.7.3 CsmJob_{Job} (CRYPTO_USE_PORT_OPTIMIZED)

[SWS_Csm_91062]⌈
Name CsmJob_{Job}

Kind ProvidedPort Interface --

Port related to a specific cryptographic job to execute the assigned

Description
cryptographic calculations asynchronously.

Type uint32

Value {ecuc(Csm/CsmJobs/CsmJob.CsmJobId)}
Port Defined
Argument
Type Crypto_OperationModeType
Value(s)
CRYPTO_OPERATIONMODE_
Value
SINGLECALL

({ecuc(Csm/CsmJobs/CsmJob.CsmJobInterfaceUsePort)} == CRYPTO_USE_
PORT_OPTIMIZED) &&({ecuc(Csm/CsmJobs/CsmJob.CsmJobPrimitiveRef)}
!= NULL)
Variation
Job = {ecuc(Csm/CsmJobs/CsmJob.SHORT-NAME)}
Primitive = {ecuc(Csm/CsmJobs/CsmJob.CsmJobPrimitiveRef->Csm
Primitives/*.SHORT-NAME)}

⌋(SRS_CryptoStack_00090, SRS_CryptoStack_00091)

8.5.7.4 CallbackNotification_{Job}

[SWS_Csm_00934]⌈

156 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Name CallbackNotification_{Job}

Kind RequiredPort Interface CallbackNotification

Description Port for the callback notification.

({ecuc(Csm/CsmJobs/CsmJob.CsmProcessingMode)}==CRYPTO_PROCESSING_
Variation ASYN)&&(CsmJob/CsmJobInterfaceUsePort!=CRYPTO_USE_FNC)
Job = {ecuc(Csm/CsmJobs/CsmJob.SHORT-NAME)}

⌋(SRS_CryptoStack_00090, SRS_CryptoStack_00091)

8.5.7.5 CsmContext_{Job}

[SWS_Csm_91105]⌈
Name CsmContext_{Job}

Kind ProvidedPort Interface CsmContextService_{Job}

Description Port related to context data operation.

Type uint32
Port Defined Argument
Value(s)
Value {ecuc(Csm/CsmJobs/CsmJob.CsmJobId)}

{ecuc(Csm/CsmJobs/CsmJob. CsmJobServiceInterfaceContextUsePort)}
Variation == CRYPTO_USE_PORT
Job={ecuc(Csm/CsmJobs/CsmJob.SHORT-NAME)}

⌋(SRS_CryptoStack_00090)

157 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

9 Sequence Diagrams
The following sequence diagrams concentrate on the interaction between the CSM
module and software components respectively the ECU state manager.

9.1 Asynchronous Calls

The following diagram (Sequence diagram for asynchronous call) shows a sample
sequence of function calls for a request performed asynchronously. The result of the
asynchronous function can be accessed after an asynchronous notification
(invocation of the configured callback function).

Application «module» «module» «module»

:Csm :CryIf :Crypto

<Service>()

<Service>()

<Service>()

return()

return()

return()

Crypto_ProcessJob(Std_ReturnType,
uint32, Crypto_JobType**)

callback with result

callback with result

callback with result

Figure 9-1 Sequence Diagram for Asynchronous Call with Callback

158 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

9.2 Synchronous Calls

The following diagram (Sequence diagram for synchronous calls) shows a sample
sequence of function calls with the scheduler for a request performed synchronously.

:Application «module» «module» «module»

:Csm :CryIf :Crypto

<Service>()

<Service>()

<Service>()

return with result()

return with result()

return with result()

Figure 9-2 Sequence Diagram for Synchronous Call

159 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

10 Configuration
In general, this chapter defines configuration parameters and their clustering into
containers. In order to support the specification Chapter 10.1 describes
fundamentals. It also specifies a template (table) you shall use for the parameter
specification.

Chapter 10.2 specifies the structure (containers) and the parameters of the module
CSM.

Chapter 10.3 specifies published information of the module CSM.

10.1 How to Read this Chapter

For details refer to the chapter 10.1 “Introduction to configuration specification” in
SWS_BSWGeneral.

10.2 Containers and Configuration Parameters

The following chapters summarize all configuration parameters. The detailed
meanings of the parameters describe Chapters 7 and Chapter 8.

160 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Csm: EcucModuleDef
+container CsmGeneral:
lowerMultiplicity = 0 EcucParamConfContainerDef
upperMultiplicity = 1

CsmJobs:
+container EcucParamConfContainerDef

lowerMultiplicity = 0
upperMultiplicity = 1

CsmKeys:
+container EcucParamConfContainerDef

lowerMultiplicity = 0
upperMultiplicity = 1

CsmPrimitives:
+container EcucParamConfContainerDef

lowerMultiplicity = 0
upperMultiplicity = *

CsmQueues:
+container EcucParamConfContainerDef

lowerMultiplicity = 0
upperMultiplicity = 1

CsmCallbacks:
+container EcucParamConfContainerDef

lowerMultiplicity = 0
upperMultiplicity = 1

CsmInOutRedirections:
+container EcucParamConfContainerDef

lowerMultiplicity = 0
upperMultiplicity = 1

Figure 9-3 Crypto Service Manager Layout

10.2.1 Csm

SWS Item ECUC_Csm_00818 :

161 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager
 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Module Name Csm

Module Description Configuration of the Csm (CryptoServiceManager) module.
Post-Build Variant Support false
Supported Config Variants VARIANT-PRE-COMPILE

Included Containers
Container Name Multiplicity Scope / Dependency
CsmCallbacks 0..1 Container for callback function configurations
CsmGeneral 1 Container for common configuration options.
CsmInOutRedirections 0..1 Configuration for CSM redirection configurations
CsmJobs 0..1 Container for configuration of CSM jobs.
CsmKeys 0..1 Container for CSM key configurations.
Each element of this container defines one instance of
Csm_MainFunction.
CsmMainFunction 0..* For each partition, where the Csm module shall be
instantiated, at least one MainFunction instance needs to be
configured.
CsmPrimitives 0..* Container for configuration of CsmPrimitives
CsmQueues 0..1 Container for CSM queue configurations

CsmGeneral: +parameter CsmDevErrorDetect:

EcucParamConfContainerDef EcucBooleanParamDef

defaultValue = false

+parameter CsmVersionInfoApi:
EcucBooleanParamDef

defaultValue = false

Figure 9-4 Crypto Service Manager General Layout

10.2.2 CsmGeneral

SWS Item ECUC_Csm_00002 :

Container Name CsmGeneral
Parent Container Csm
Description Container for common configuration options.
Multiplicity Configuration Pre-compile time X All Variants
Class Link time --
Post-build time --
Configuration Parameters

SWS Item ECUC_Csm_00001 :

Name CsmDevErrorDetect
Parent Container CsmGeneral
Description Switches the development error detection and notification on or off.

 true: detection and notification is enabled.

162 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

 false: detection and notification is disabled.

Multiplicity 1
Type EcucBooleanParamDef
Default value false
Post-Build Variant Value false
Multiplicity ConfigurationPre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local

SWS Item ECUC_Csm_00003 :

Name CsmVersionInfoApi
Parent Container CsmGeneral
Description Pre-processor switch to enable and disable availability of the API
Csm_GetVersionInfo().
True: API Csm_GetVersionInfo() is available.
False: API Csm_GetVersionInfo() is not available.
Multiplicity 1
Type EcucBooleanParamDef
Default value false
Post-Build Variant Value false
Multiplicity Configuration Pre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local

No Included Containers

163 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Csm: EcucModuleDef

lowerMultiplicity = 0
upperMultiplicity = 1

+container

CsmMainFunction: CsmMainFunctionPeriod:
EcucParamConfContainerDef EcucFloatParamDef
+parameter
lowerMultiplicity = 0 min = 0
upperMultiplicity = * max = INF
lowerMultiplicity = 0
upperMultiplicity = 1

CsmMainFunctionPartitionRef: EcucPartition:
+reference EcucReferenceDef +destination EcucParamConfContainerDef

lowerMultiplicity = 1 lowerMultiplicity = 0
upperMultiplicity = 1 upperMultiplicity = *

(from EcucPartition)

Figure 9-5 Crypto Service Manager MainFunction Layout

10.2.3 CsmMainFunction

SWS Item ECUC_Csm_00279 :

Container Name CsmMainFunction
Parent Container Csm
Each element of this container defines one instance of Csm_MainFunction.
Description For each partition, where the Csm module shall be instantiated, at least
one MainFunction instance needs to be configured.
Configuration Parameters

SWS Item ECUC_Csm_00113 :

Name CsmMainFunctionPeriod
Parent Container CsmMainFunction
Description Specifies the period of main function Csm_MainFunction in seconds.
Multiplicity 0..1
Type EcucFloatParamDef
Range ]0 .. INF[
Default value --
Post-Build Variant
false
Multiplicity
Post-Build Variant Value false
Multiplicity ConfigurationPre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
164 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager
 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Scope / Dependency scope: local

SWS Item ECUC_Csm_00280 :

Name CsmMainFunctionPartitionRef
Parent Container CsmMainFunction
Description Reference to EcucPartition, where the according CsmMainFunction
instance is assigned to.
Multiplicity 1
Type Reference to [ EcucPartition ]
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local

No Included Containers

165 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

CsmJobs:
EcucParamConfContainerDef

lowerMultiplicity = 0
upperMultiplicity = 1

+subContainer

CsmJob: CsmJobId:
EcucParamConfContainerDef +parameter EcucIntegerParamDef

lowerMultiplicity = 1 min = 0
upperMultiplicity = * max = 4294967295
symbolicNameValue = true

CsmJobPriority:
+parameter EcucIntegerParamDef

min = 0
max = 4294967295

+literal
CsmJobInterfaceUsePort: CRYPTO_USE_PORT_OPTIMIZED:
EcucEnumerationParamDef EcucEnumerationLiteralDef

+parameter +literal
CRYPTO_USE_FNC:
EcucEnumerationLiteralDef

+literal
CRYPTO_USE_PORT:
EcucEnumerationLiteralDef

CsmJobPrimitiveCallbackRef: CsmCallback:
+reference EcucReferenceDef +destination EcucParamConfContainerDef

lowerMultiplicity = 0 lowerMultiplicity = 0
upperMultiplicity = 1 upperMultiplicity = *
CsmPrimitives:
EcucParamConfContainerDef
+destination
+reference CsmJobPrimitiveRef: lowerMultiplicity = 0
EcucReferenceDef upperMultiplicity = *

CsmQueue: CsmInOutRedirections:
EcucParamConfContainerDef EcucParamConfContainerDef
+reference CsmJobQueueRef: +destination
EcucReferenceDef lowerMultiplicity = 1 lowerMultiplicity = 0
upperMultiplicity = * upperMultiplicity = 1

CsmKey:
+reference CsmJobKeyRef: +destination EcucParamConfContainerDef
EcucReferenceDef
lowerMultiplicity = 0
upperMultiplicity = * +subContainer

CsmInOutRedirection:
EcucParamConfContainerDef
CsmInOutRedirectionRef:
+reference EcucReferenceDef +destination
lowerMultiplicity = 1
upperMultiplicity = *
lowerMultiplicity = 0
upperMultiplicity = 1

+literal
CsmProcessingMode: CRYPTO_PROCESSING_ASYNC:
+parameter EcucEnumerationParamDef EcucEnumerationLiteralDef

+literal
CRYPTO_PROCESSING_SYNC:
EcucEnumerationLiteralDef

CsmJobServiceInterfaceContextUsePort: +literal CRYPTO_USE_FUNC:

EcucEnumerationParamDef EcucEnumerationLiteralDef
+parameter
defaultValue = CRYPTO_USE_FUNC
lowerMultiplicity = 0 +literal
upperMultiplicity = 1 CRYPTO_USE_PORT:
EcucEnumerationLiteralDef

Figure 9-6 CsmJobs Layout

166 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

10.2.4 CsmJobs

SWS Item ECUC_Csm_00112 :

Container Name CsmJobs
Parent Container Csm
Description Container for configuration of CSM jobs.
Multiplicity Configuration Pre-compile time X All Variants
Class Link time --
Post-build time --
Configuration Parameters

Included Containers
Container Name Multiplicity Scope / Dependency
Container for configuration of CSM job. The container name
CsmJob 1..* serves as a symbolic name for the identifier of a job
configuration.

10.2.5 CsmJob

SWS Item ECUC_Csm_00118 :

Container Name CsmJob
Parent Container CsmJobs
Container for configuration of CSM job. The container name serves as a
Description
symbolic name for the identifier of a job configuration.
Multiplicity Configuration Pre-compile time X All Variants
Class Link time --
Post-build time --
Configuration Parameters

SWS Item ECUC_Csm_00119 :

Name CsmJobId
Parent Container CsmJob
Description Identifier of the CSM job. The set of actually configured identifiers shall be
consecutive and gapless.
Multiplicity 1
Type EcucIntegerParamDef (Symbolic Name generated for this parameter)
Range 0 .. 4294967295
Default value --
Post-Build Variant Value false
Multiplicity Configuration Pre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local

SWS Item ECUC_Csm_00275 :

Name CsmJobInterfaceUsePort
Parent Container CsmJob
Description Does the job need RTE interfaces?
Multiplicity 1
Type EcucEnumerationParamDef
167 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager
 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Range CRYPTO_USE_FNC Port is not used.

CRYPTO_USE_PORT Port is used.
CRYPTO_USE_PORT_OPTIMIZED DATA_REFERENCE is used.
Post-Build Variant
false
Value
Value Pre-compile time X All Variants
Configuration Link time --
Class Post-build time --
Scope / scope: local
Dependency

SWS Item ECUC_Csm_00120 :

Name CsmJobPriority
Parent Container CsmJob
Description Priority of the job.
The higher the value, the higher the job's priority.
Multiplicity 1
Type EcucIntegerParamDef
Range 0 .. 4294967295
Default value --
Post-Build Variant Value false
Multiplicity Configuration Pre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local

SWS Item ECUC_Csm_00327 :

Name CsmJobServiceInterfaceContextUsePort
Parent Container CsmJob
Description Does the job need RTE interfaces for context operations
Multiplicity 0..1
Type EcucEnumerationParamDef
Range CRYPTO_USE_FUNC Port is not used.
CRYPTO_USE_PORT Port is used for this operation.
Default value CRYPTO_USE_FUNC
Multiplicity Pre-compile time X All Variants
Configuration Link time --
Class Post-build time --
Value Pre-compile time X All Variants
Configuration Link time --
Class Post-build time --
Scope / scope: local
Dependency

SWS Item ECUC_Csm_00276 :

Name CsmProcessingMode
Parent Container CsmJob
Description Determines how the interface shall be used for that job. Synchronous processing
returns with the result while asynchronous processing returns without processing
the job. The caller will be notified by the corresponding callback.
Multiplicity 1
Type EcucEnumerationParamDef
Range CRYPTO_PROCESSING_ASYNC --
168 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager
 Specification of Crypto Service Manager
AUTOSAR CP R20-11

CRYPTO_PROCESSING_SYNC --
Post-Build Variant
false
Value
Value Pre-compile time X All Variants
Configuration Link time --
Class Post-build time --
Scope / scope: local
Dependency

SWS Item ECUC_Csm_00263 :

Name CsmInOutRedirectionRef
Parent Container CsmJob
Description This parameter refers to the used redirection.
Multiplicity 0..1
Type Reference to [ CsmInOutRedirection ]
Post-Build Variant
false
Multiplicity
Post-Build Variant Value false
Multiplicity ConfigurationPre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local

SWS Item ECUC_Csm_00126 :

Name CsmJobKeyRef
Parent Container CsmJob
Description This parameter refers to the key which shall be used for the CsmPrimitive.
It's possible to use a CsmKey for different jobs
Multiplicity 1
Type Reference to [ CsmKey ]
Post-Build Variant Value false
Multiplicity Configuration Pre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local
dependency: A dummy key shall be referenced if the CsmPrimitive doesn't
require a key (e.g. for Hash calculation).

SWS Item ECUC_Csm_00123 :

Name CsmJobPrimitiveCallbackRef
Parent Container CsmJob
Description This parameter refers to the used CsmCallback.
The referred CsmCallback is called when the crypto job has been finished.
Multiplicity 0..1
Type Reference to [ CsmCallback ]
Post-Build Variant Value false
Multiplicity Configuration Pre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
169 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager
 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Link time --
Post-build time --
Scope / Dependency scope: local

SWS Item ECUC_Csm_00122 :

Name CsmJobPrimitiveRef
Parent Container CsmJob
Description This parameter refers to the used CsmPrimitive.
Different jobs may refer to one CsmPrimitive. The referred CsmPrimitive
provides detailed information on the actual cryptographic routine.
Multiplicity 1
Type Reference to [ CsmPrimitives ]
Post-Build Variant Value false
Multiplicity Configuration Pre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local

SWS Item ECUC_Csm_00125 :

Name CsmJobQueueRef
Parent Container CsmJob
Description This parameter refers to the queue.
The queue is used if the underlying crypto driver object is busy. The queue
refers also to the channel which is used.
Multiplicity 1
Type Reference to [ CsmQueue ]
Post-Build Variant Value false
Multiplicity Configuration Pre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local

No Included Containers

170 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

CsmKeys:
CsmKey:
EcucParamConfContainerDef CsmKeyId:
EcucParamConfContainerDef
+parameter EcucIntegerParamDef
lowerMultiplicity = 0
lowerMultiplicity = 0
upperMultiplicity = 1 symbolicNameValue = true
upperMultiplicity = *
min = 0
+subContainer
max = 4294967295

CsmKeyRef: EcucReferenceDef
+reference
requiresSymbolicNameValue = true

+destination

CryIfKey:
EcucParamConfContainerDef

lowerMultiplicity = 0
upperMultiplicity = *

+parameter CsmKeyUsePort:
EcucBooleanParamDef

Figure 9-7 Crypto Service Manager Keys Layout

10.2.6 CsmKeys

SWS Item ECUC_Csm_00005 :

Container Name CsmKeys
Parent Container Csm
Description Container for CSM key configurations.
Configuration Parameters

Included Containers
Container Name Multiplicity Scope / Dependency
Container for configuration of a CSM key. The container name
CsmKey 0..* serves as a symbolic name for the identifier of a key
configuration.

10.2.7 CsmKey

SWS Item ECUC_Csm_00014 :

Container Name CsmKey
Parent Container CsmKeys
Container for configuration of a CSM key. The container name serves as a
Description
symbolic name for the identifier of a key configuration.
Configuration Parameters

SWS Item ECUC_Csm_00015 :

171 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager
 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Name CsmKeyId
Parent Container CsmKey
Description Identifier of the CsmKey. The set of actually configured identifiers shall be
consecutive and gapless.
Multiplicity 1
Type EcucIntegerParamDef (Symbolic Name generated for this parameter)
Range 0 .. 4294967295
Default value --
Post-Build Variant Value false
Multiplicity Configuration Pre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local

SWS Item ECUC_Csm_00127 :

Name CsmKeyUsePort
Parent Container CsmKey
Description Does the key need RTE interfaces?
True: RTE interfaces used for this key
False: No RTE interfaces used for this key
Multiplicity 1
Type EcucBooleanParamDef
Default value --
Post-Build Variant Value false
Multiplicity Configuration Pre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local

SWS Item ECUC_Csm_00016 :

Name CsmKeyRef
Parent Container CsmKey
Description This parameter refers to the used CryIfKey. The underlying CryIfKey refers
to a specific CryptoKey in the Crypto Driver.
Multiplicity 1
Type Symbolic name reference to [ CryIfKey ]
Post-Build Variant Value false
Multiplicity Configuration Pre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local

No Included Containers

172 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

CsmQueues: CsmQueue: +reference CsmChannelRef: EcucReferenceDef

EcucParamConfContainerDef EcucParamConfContainerDef
requiresSymbolicNameValue = true
lowerMultiplicity = 0 lowerMultiplicity = 1
upperMultiplicity = 1 upperMultiplicity = *

+destination

CryIfChannel:
+subContainer EcucParamConfContainerDef

lowerMultiplicity = 0
upperMultiplicity = *

CsmQueueSize:
+parameter EcucIntegerParamDef

min = 1
max = 4294967295

CsmQueueMainFunctionRef:
+reference
EcucReferenceDef

lowerMultiplicity = 1
upperMultiplicity = 1

+destination

CsmMainFunction:
EcucParamConfContainerDef

lowerMultiplicity = 0
upperMultiplicity = *

Figure 9-8 Crypto Service Manager Queues Layout

10.2.8 CsmQueues

SWS Item ECUC_Csm_00007 :

Container Name CsmQueues
Parent Container Csm
Description Container for CSM queue configurations
Configuration Parameters

Included Containers
Container Name Multiplicity Scope / Dependency
Container for configuration of a CSM queue.
A queue has two tasks:
CsmQueue 1..* 1. queue jobs which cannot be processed since the underlying
hardware is busy and
2. refer to channel which shall be used

10.2.9 CsmQueue

SWS Item ECUC_Csm_00032 :

173 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager
 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Container Name CsmQueue

Parent Container CsmQueues
Container for configuration of a CSM queue.
A queue has two tasks:
Description 1. queue jobs which cannot be processed since the underlying hardware is
busy and
2. refer to channel which shall be used
Configuration Parameters

SWS Item ECUC_Csm_00034 :

Name CsmQueueSize
Parent Container CsmQueue
Description Size of the CsmQueue. If jobs cannot be processed by the underlying
hardware since the hardware is busy, the jobs stay in the prioritized queue.
If the queue is full, the next job will be rejected.
Multiplicity 1
Type EcucIntegerParamDef
Range 1 .. 4294967295
Default value --
Post-Build Variant Value false
Multiplicity Configuration Pre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local

SWS Item ECUC_Csm_00033 :

Name CsmChannelRef
Parent Container CsmQueue
Description Refers to the underlying Crypto Interface channel.
Multiplicity 1
Type Symbolic name reference to [ CryIfChannel ]
Post-Build Variant Value false
Multiplicity ConfigurationPre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local

SWS Item ECUC_Csm_00281 :

Name CsmQueueMainFunctionRef
Parent Container CsmQueue
Description Reference to CsmMainFunction, where the according CsmQueue is
assigned to.
Multiplicity 1
Type Reference to [ CsmMainFunction ]
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local

No Included Containers
174 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager
 Specification of Crypto Service Manager
AUTOSAR CP R20-11

175 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

CsmInOutRedirections:
EcucParamConfContainerDef

lowerMultiplicity = 0
upperMultiplicity = 1

+subContainer
CsmInputKeyRef: CsmKey:
CsmInOutRedirection:
EcucReferenceDef EcucParamConfContainerDef
EcucParamConfContainerDef +destination
+reference
lowerMultiplicity = 0 lowerMultiplicity = 0
lowerMultiplicity = 1 upperMultiplicity = *
upperMultiplicity = 1
upperMultiplicity = *

CsmSecondaryInputKeyRef:
EcucReferenceDef
+reference +destination
lowerMultiplicity = 0
upperMultiplicity = 1

CsmTertiaryInputKeyRef:
EcucReferenceDef
+reference +destination
lowerMultiplicity = 0
upperMultiplicity = 1

CsmOutputKeyRef:
EcucReferenceDef
+reference +destination
lowerMultiplicity = 0
upperMultiplicity = 1

CsmSecondaryOutputKeyRef:
EcucReferenceDef
+reference +destination
lowerMultiplicity = 0
upperMultiplicity = 1

CsmInputKeyElementId:
EcucIntegerParamDef
+parameter
min = 0
max = 4294967295
lowerMultiplicity = 0
upperMultiplicity = 1

CsmSecondaryInputKeyElementId:
EcucIntegerParamDef
+parameter
min = 0
max = 4294967295
lowerMultiplicity = 0
upperMultiplicity = 1

CsmTertiaryInputKeyElementId:
EcucIntegerParamDef
+parameter
min = 0
max = 4294967295
lowerMultiplicity = 0
upperMultiplicity = 1

CsmOutputKeyElementId:
EcucIntegerParamDef
+parameter
min = 0
max = 4294967295
lowerMultiplicity = 0
upperMultiplicity = 1

CsmSecondaryOutputKeyElementId:
+parameter EcucIntegerParamDef

min = 0
max = 4294967295
lowerMultiplicity = 0
upperMultiplicity = 1

176 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Figure 9-9 Crypto Service Manager CsmInOutRedirections Layout

10.2.10 CsmInOutRedirections

SWS Item ECUC_Csm_00262 :

Container Name CsmInOutRedirections
Parent Container Csm
Description Configuration for CSM redirection configurations
Configuration Parameters

Included Containers
Container Name Multiplicity Scope / Dependency
Container for configuration of a CSM redirection.
CsmInOutRedirection 1..* A redirection let a CSM job use a specific key element as input
or/and output.

10.2.11 CsmInOutRedirection

SWS Item ECUC_Csm_00264 :

Container Name CsmInOutRedirection
Parent Container CsmInOutRedirections
Container for configuration of a CSM redirection.
Description A redirection let a CSM job use a specific key element as input or/and
output.
Configuration Parameters

SWS Item ECUC_Csm_00266 :

Name CsmInputKeyElementId
Parent Container CsmInOutRedirection
Description Identifier of the key element used as input
Multiplicity 0..1
Type EcucIntegerParamDef
Range 0 .. 4294967295
Default value --
Post-Build Variant
false
Multiplicity
Post-Build Variant Value false
Multiplicity ConfigurationPre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local

SWS Item ECUC_Csm_00272 :

Name CsmOutputKeyElementId
Parent Container CsmInOutRedirection
Description Identifier of the key element used as output.
Multiplicity 0..1
Type EcucIntegerParamDef
Range 0 .. 4294967295
177 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager
 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Default value --
Post-Build Variant
false
Multiplicity
Post-Build Variant Value false
Multiplicity ConfigurationPre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local

SWS Item ECUC_Csm_00269 :

Name CsmSecondaryInputKeyElementId
Parent Container CsmInOutRedirection
Description Identifier of the key element used as secondary input.
Multiplicity 0..1
Type EcucIntegerParamDef
Range 0 .. 4294967295
Default value --
Post-Build Variant
false
Multiplicity
Post-Build Variant Value false
Multiplicity ConfigurationPre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local

SWS Item ECUC_Csm_00274 :

Name CsmSecondaryOutputKeyElementId
Parent Container CsmInOutRedirection
Description Identifier of the key element used as secondary output.
Multiplicity 0..1
Type EcucIntegerParamDef
Range 0 .. 4294967295
Default value --
Post-Build Variant
false
Multiplicity
Post-Build Variant Value false
Multiplicity ConfigurationPre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local

SWS Item ECUC_Csm_00270 :

Name CsmTertiaryInputKeyElementId
Parent Container CsmInOutRedirection
Description Identifier of the key element used as tertiary input.
Multiplicity 0..1
Type EcucIntegerParamDef
178 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager
 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Range 0 .. 4294967295
Default value --
Post-Build Variant
false
Multiplicity
Post-Build Variant Value false
Multiplicity ConfigurationPre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local

SWS Item ECUC_Csm_00265 :

Name CsmInputKeyRef
Parent Container CsmInOutRedirection
Description This parameter refers to the key used as input.
Multiplicity 0..1
Type Reference to [ CsmKey ]
Post-Build Variant
false
Multiplicity
Post-Build Variant Value false
Multiplicity ConfigurationPre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local

SWS Item ECUC_Csm_00271 :

Name CsmOutputKeyRef
Parent Container CsmInOutRedirection
Description This parameter refers to the key used as output.
Multiplicity 0..1
Type Reference to [ CsmKey ]
Post-Build Variant
false
Multiplicity
Post-Build Variant Value false
Multiplicity ConfigurationPre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local

SWS Item ECUC_Csm_00267 :

Name CsmSecondaryInputKeyRef
Parent Container CsmInOutRedirection
Description This parameter refers to the key used as secondary input.
Multiplicity 0..1
Type Reference to [ CsmKey ]
Post-Build Variant
false
Multiplicity
Post-Build Variant Value false
179 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager
 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Multiplicity ConfigurationPre-compile time X All Variants

Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local

SWS Item ECUC_Csm_00273 :

Name CsmSecondaryOutputKeyRef
Parent Container CsmInOutRedirection
Description This parameter refers to the key used as secondary output.
Multiplicity 0..1
Type Reference to [ CsmKey ]
Post-Build Variant
false
Multiplicity
Post-Build Variant Value false
Multiplicity ConfigurationPre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local

SWS Item ECUC_Csm_00268 :

Name CsmTertiaryInputKeyRef
Parent Container CsmInOutRedirection
Description This parameter refers to the key used as tertiary input.
Multiplicity 0..1
Type Reference to [ CsmKey ]
Post-Build Variant
false
Multiplicity
Post-Build Variant Value false
Multiplicity ConfigurationPre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local

No Included Containers

10.2.12 CsmPrimitives

SWS Item ECUC_Csm_00006 :

Container Name CsmPrimitives
Parent Container Csm
Description Container for configuration of CsmPrimitives
Configuration Parameters

Included Containers
180 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager
 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Container Name Multiplicity Scope / Dependency

CsmAEADDecrypt 0..1 Configuration of AEAD decryption primitives
CsmAEADEncrypt 0..1 Configuration of AEAD encryption primitives
CsmDecrypt 0..1 Configurations of Decryption primitives
CsmEncrypt 0..1 Configurations of Encryption primitives
CsmHash 0..1 Container for Hash Configurations
CsmJobKeyDerive 0..1 Configurations of KeyDerive primitives
CsmJobKeyExchangeCalcPubVa
0..1 Configurations of KeyExchangeCalcPubVal primitives
l
CsmJobKeyExchangeCalcSecret 0..1 Configurations of KeyExchangeCalcSecret primitives
CsmJobKeyGenerate 0..1 Configurations of KeyGenerate primitives
CsmJobKeySetInvalid 0..1 Configurations of KeySetInvalid primitives
CsmJobKeySetValid 0..1 Configurations of KeySetValid primitives
CsmJobRandomSeed 0..1 Configurations of RandomSeed primitives
CsmMacGenerate 0..1 Configurations of MacGenerate primitives
CsmMacVerify 0..1 Configurations of MacVerify primitives
CsmRandomGenerate 0..1 Configurations of RandomGenerate primitives
CsmSignatureGenerate 0..1 Configurations of SignatureGenerate primitives
CsmSignatureVerify 0..1 Configurations of SignatureVerify primitives

181 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

CsmHash:
EcucParamConfContainerDef

lowerMultiplicity = 0
upperMultiplicity = 1

+subContainer

CsmHashConfig: +parameter CsmHashAlgorithmFamily: EcucEnumerationParamDef +literal CRYPTO_ALGOFAM_CUSTOM:

EcucParamConfContainerDef EcucEnumerationLiteralDef

+literal
CsmHashAlgorithmSecondaryFamily:
EcucEnumerationParamDef
+parameter
defaultValue = CRYPTO_ALGOFAM_NOT_SET

+literal CRYPTO_ALGOFAM_NOT_SET:
EcucEnumerationLiteralDef

CsmHashAlgorithmFamilyCustomRef: CryptoPrimitiveAlgorithmFamilyCustom:
+reference EcucReferenceDef +destination EcucParamConfContainerDef

lowerMultiplicity = 0 lowerMultiplicity = 0
upperMultiplicity = 1 upperMultiplicity = *
requiresSymbolicNameValue = true

CsmHashAlgorithmSecondaryFamilyCustomRef:
+reference EcucReferenceDef +destination
lowerMultiplicity = 0
upperMultiplicity = 1
requiresSymbolicNameValue = true

CsmHashAlgorithmModeCustomRef: EcucReferenceDef CryptoPrimitiveAlgorithmModeCustom:

+reference +destination EcucParamConfContainerDef
lowerMultiplicity = 0
upperMultiplicity = 1 lowerMultiplicity = 0
requiresSymbolicNameValue = true upperMultiplicity = *

CsmHashDataMaxLength: EcucIntegerParamDef

+parameter min = 1
max = 4294967295
lowerMultiplicity = 0
upperMultiplicity = 1

CsmHashResultLength: EcucIntegerParamDef
+parameter min = 1
max = 4294967295
lowerMultiplicity = 0
upperMultiplicity = 1

CsmHashAlgorithmMode: EcucEnumerationParamDef +literal CRYPTO_ALGOMODE_NOT_SET:

EcucEnumerationLiteralDef
defaultValue = CRYPTO_ALGOMODE_NOT_SET
+parameter

+literal CRYPTO_ALGOMODE_CUSTOM:
EcucEnumerationLiteralDef

Figure 9-10 CsmHash Layout

10.2.13 CsmHash

SWS Item ECUC_Csm_00021 :

Container Name CsmHash
Parent Container CsmPrimitives
Description Container for Hash Configurations
Configuration Parameters
182 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager
 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Included Containers
Container Name Multiplicity Scope / Dependency
Container for configuration of a CSM hash. The container
CsmHashConfig 1 name serves as a symbolic name for the identifier of a key
configuration.

10.2.14 CsmHashConfig

SWS Item ECUC_Csm_00036 :

Container Name CsmHashConfig
Parent Container CsmHash
Container for configuration of a CSM hash. The container name serves as
Description
a symbolic name for the identifier of a key configuration.
Configuration Parameters

SWS Item ECUC_Csm_00038 :

Name CsmHashAlgorithmFamily
Parent Container CsmHashConfig
Description Determines the algorithm family used for the crypto service. This parameter
defines the most significant part of the algorithm.
Multiplicity 1
Type EcucEnumerationParamDef
Range CRYPTO_ALGOFAM_BLAKE_1_256 0x0F
CRYPTO_ALGOFAM_BLAKE_1_512 0x10
CRYPTO_ALGOFAM_BLAKE_2s_256 0x11
CRYPTO_ALGOFAM_BLAKE_2s_512 0x12
CRYPTO_ALGOFAM_CUSTOM 0xFF
CRYPTO_ALGOFAM_RIPEMD160 0x0E
CRYPTO_ALGOFAM_SHA1 0x01
CRYPTO_ALGOFAM_SHA2_224 0x02
CRYPTO_ALGOFAM_SHA2_256 0x03
CRYPTO_ALGOFAM_SHA2_384 0x04
CRYPTO_ALGOFAM_SHA2_512 0x05
CRYPTO_ALGOFAM_SHA2_512_224 0x06
CRYPTO_ALGOFAM_SHA2_512_256 0x07
CRYPTO_ALGOFAM_SHA3_224 0x08
CRYPTO_ALGOFAM_SHA3_256 0x09
CRYPTO_ALGOFAM_SHA3_384 0x0A
CRYPTO_ALGOFAM_SHA3_512 0x0B
CRYPTO_ALGOFAM_SHAKE128 0x0C
CRYPTO_ALGOFAM_SHAKE256 0x0D
CRYPTO_ALGOFAM_SM3 0x29
Post-Build Variant
false
Value
Multiplicity Pre-compile time X All Variants
Configuration Link time --
Class Post-build time --
Value Pre-compile time X All Variants
Configuration Link time --
Class Post-build time --
Scope / scope: local
Dependency
183 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager
 Specification of Crypto Service Manager
AUTOSAR CP R20-11

SWS Item ECUC_Csm_00131 :

Name CsmHashAlgorithmMode
Parent Container CsmHashConfig
Description Determines the algorithm mode used for the crypto service
Multiplicity 1
Type EcucEnumerationParamDef
Range CRYPTO_ALGOMODE_CUSTOM 0xFF
CRYPTO_ALGOMODE_NOT_SET 0x00
Default value CRYPTO_ALGOMODE_NOT_SET
Post-Build Variant
false
Value
Multiplicity Pre-compile time X All Variants
Configuration Link time --
Class Post-build time --
Value Pre-compile time X All Variants
Configuration Link time --
Class Post-build time --
Scope / scope: local
Dependency

SWS Item ECUC_Csm_00181 :

Name CsmHashAlgorithmSecondaryFamily
Parent Container CsmHashConfig
Description Determines the algorithm family used for the crypto service
Multiplicity 1
Type EcucEnumerationParamDef
Range CRYPTO_ALGOFAM_CUSTOM 0xFF
CRYPTO_ALGOFAM_NOT_SET 0x00
Default value CRYPTO_ALGOFAM_NOT_SET
Post-Build Variant
false
Value
Multiplicity Pre-compile time X All Variants
Configuration Link time --
Class Post-build time --
Value Pre-compile time X All Variants
Configuration Link time --
Class Post-build time --
Scope / scope: local
Dependency

SWS Item ECUC_Csm_00040 :

Name CsmHashDataMaxLength
Parent Container CsmHashConfig
Description Size of the input data buffer for the synchronous RTE service interface if
this primitive is referenced by a Csm job. It may also be possible that other
BSW modules use the length parameter for buffer size calculation.
Multiplicity 0..1
Type EcucIntegerParamDef
Range 1 .. 4294967295
Default value --
Post-Build Variant Value false
Multiplicity Configuration Pre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
184 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager
 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Link time --
Post-build time --
Scope / Dependency scope: local
dependency: This parameter is only relevant if CsmJobInterfaceUsePort is
configured as CRYPTO_USE_PORT.

SWS Item ECUC_Csm_00130 :

Name CsmHashResultLength
Parent Container CsmHashConfig
Description Size of the result data buffer for the synchronous RTE service interface if
this primitive is referenced by a Csm job. It may also be possible that other
BSW modules use the length parameter for buffer size calculation.
Multiplicity 0..1
Type EcucIntegerParamDef
Range 1 .. 4294967295
Default value --
Post-Build Variant Value false
Multiplicity Configuration Pre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local
dependency: This parameter is only relevant if CsmJobInterfaceUsePort is
configured as CRYPTO_USE_PORT.

SWS Item ECUC_Csm_00282 :

Name CsmHashAlgorithmFamilyCustomRef
Parent Container CsmHashConfig
Description Reference to a customer specific algorithm family custom container
Multiplicity 0..1
Type Symbolic name reference to [ CryptoPrimitiveAlgorithmFamilyCustom ]
Multiplicity ConfigurationPre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local
dependency: This parameter shall only be present if
CsmHashAlgorithmFamily is set to CRYPTO_ALGOFAM_CUSTOM.

SWS Item ECUC_Csm_00284 :

Name CsmHashAlgorithmModeCustomRef
Parent Container CsmHashConfig
Description Reference to a customer specific algorithm mode custom container
Multiplicity 0..1
Type Symbolic name reference to [ CryptoPrimitiveAlgorithmModeCustom ]
Multiplicity ConfigurationPre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --

185 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Scope / Dependency scope: local

dependency: This reference shall only be present if
CsmHashAlgorithmMode is set to CRYPTO_ALGOMODE_CUSTOM.

SWS Item ECUC_Csm_00283 :

Name CsmHashAlgorithmSecondaryFamilyCustomRef
Parent Container CsmHashConfig
Description Reference to a customer specific algorithm family container in the Crypto
Driver
Multiplicity 0..1
Type Symbolic name reference to [ CryptoPrimitiveAlgorithmFamilyCustom ]
Multiplicity Configuration Pre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local
dependency: This reference shall only be present if
CsmHashSecondaryAlgorithmFamily is set to
CRYPTO_ALGOFAM_CUSTOM.

No Included Containers

186 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

CsmMacGenerate:
EcucParamConfContainerDef

lowerMultiplicity = 0
upperMultiplicity = 1

+subContainer

CsmMacGenerateConfig: +parameter CsmMacGenerateAlgorithmFamily:

EcucParamConfContainerDef EcucEnumerationParamDef

CsmMacGenerateAlgorithmFamilyCustomRef: CryptoPrimitiveAlgorithmFamilyCustom:
+reference EcucReferenceDef +destination EcucParamConfContainerDef

lowerMultiplicity = 0 lowerMultiplicity = 0
upperMultiplicity = 1 upperMultiplicity = *
requiresSymbolicNameValue = true

CsmMacGenerateAlgorithmSecondaryFamilyCustomRef:
+reference EcucReferenceDef +destination
lowerMultiplicity = 0
upperMultiplicity = 1
requiresSymbolicNameValue = true

CsmMacGenerateAlgorithmModeCustomRef: CryptoPrimitiveAlgorithmModeCustom:
+reference EcucReferenceDef +destination EcucParamConfContainerDef

lowerMultiplicity = 0 lowerMultiplicity = 0
upperMultiplicity = 1 upperMultiplicity = *
requiresSymbolicNameValue = true

CsmMacGenerateAlgorithmSecondaryFamily: +literal CRYPTO_ALGOFAM_NOT_SET:

EcucEnumerationParamDef EcucEnumerationLiteralDef
+parameter
defaultValue = CRYPTO_ALGOFAM_NOT_SET

+literal CRYPTO_ALGOMODE_CUSTOM:
EcucEnumerationLiteralDef

CsmMacGenerateAlgorithmKeyLength:
+parameter EcucIntegerParamDef

min = 1
max = 4294967295

+parameter CsmMacGenerateAlgorithmMode:
EcucEnumerationParamDef

CsmMacGenerateDataMaxLength: EcucIntegerParamDef

+parameter min = 1
max = 4294967295
lowerMultiplicity = 0
upperMultiplicity = 1

CsmMacGenerateResultLength: EcucIntegerParamDef

+parameter min = 1
max = 4294967295
lowerMultiplicity = 0
upperMultiplicity = 1

Figure 9-11 CsmMacGenerate Layout

10.2.15 CsmMacGenerate

SWS Item ECUC_Csm_00022 :

Container Name CsmMacGenerate
Parent Container CsmPrimitives
Description Configurations of MacGenerate primitives
187 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager
 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Configuration Parameters

Included Containers
Container Name Multiplicity Scope / Dependency
Container for configuration of a CSM mac generation interface.
CsmMacGenerateConfig 1 The container name serves as a symbolic name for the
identifier of a MAC generation interface.

10.2.16 CsmMacGenerateConfig

SWS Item ECUC_Csm_00041 :

Container Name CsmMacGenerateConfig
Parent Container CsmMacGenerate
Container for configuration of a CSM mac generation interface. The
Description container name serves as a symbolic name for the identifier of a MAC
generation interface.
Configuration Parameters

SWS Item ECUC_Csm_00188 :

Name CsmMacGenerateAlgorithmFamily
Parent Container CsmMacGenerateConfig
Description Determines the algorithm family used for the crypto service. This parameter defines
the most significant part of the algorithm.
Multiplicity 1
Type EcucEnumerationParamDef
Range CRYPTO_ALGOFAM_3DES 0x13
CRYPTO_ALGOFAM_AES 0x14
CRYPTO_ALGOFAM_BLAKE_1_256 0x0F
CRYPTO_ALGOFAM_BLAKE_1_512 0x10
CRYPTO_ALGOFAM_BLAKE_2s_256 0x11
CRYPTO_ALGOFAM_BLAKE_2s_512 0x12
CRYPTO_ALGOFAM_CHACHA 0x15
CRYPTO_ALGOFAM_CUSTOM 0xFF
CRYPTO_ALGOFAM_EEA3 0x28
CRYPTO_ALGOFAM_EIA3 0x2A
CRYPTO_ALGOFAM_POLY1305 0x2D
CRYPTO_ALGOFAM_RIPEMD160 0x0E
CRYPTO_ALGOFAM_RNG 0x1B
CRYPTO_ALGOFAM_SHA1 0x01
CRYPTO_ALGOFAM_SHA2_224 0x02
CRYPTO_ALGOFAM_SHA2_256 0x03
CRYPTO_ALGOFAM_SHA2_384 0x04
CRYPTO_ALGOFAM_SHA2_512 0x05
CRYPTO_ALGOFAM_SHA2_512_224 0x06
CRYPTO_ALGOFAM_SHA2_512_256 0x07
CRYPTO_ALGOFAM_SHA3_224 0x08
CRYPTO_ALGOFAM_SHA3_256 0x09
CRYPTO_ALGOFAM_SHA3_384 0x0A
CRYPTO_ALGOFAM_SHA3_512 0x0B
CRYPTO_ALGOFAM_SHAKE128 0x0C
CRYPTO_ALGOFAM_SHAKE256 0x0D
CRYPTO_ALGOFAM_SIPHASH 0x1C
CRYPTO_ALGOFAM_SM3 0x29
188 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager
 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Post-Build Variant
false
Value
Multiplicity Pre-compile time X All Variants
Configuration Link time --
Class Post-build time --
Value Pre-compile time X All Variants
Configuration Link time --
Class Post-build time --
Scope / scope: local
Dependency

SWS Item ECUC_Csm_00044 :

Name CsmMacGenerateAlgorithmKeyLength
Parent Container CsmMacGenerateConfig
Description Size of the MAC key in bytes
Multiplicity 1
Type EcucIntegerParamDef
Range 1 .. 4294967295
Default value --
Post-Build Variant Value false
Multiplicity ConfigurationPre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local

SWS Item ECUC_Csm_00189 :

Name CsmMacGenerateAlgorithmMode
Parent Container CsmMacGenerateConfig
Description Determines the algorithm mode used for the crypto service
Multiplicity 1
Type EcucEnumerationParamDef
Range CRYPTO_ALGOMODE_CMAC 0x10
CRYPTO_ALGOMODE_CTRDRBG 0x12
CRYPTO_ALGOMODE_CUSTOM 0xFF
CRYPTO_ALGOMODE_GMAC 0x11
CRYPTO_ALGOMODE_HMAC 0x0f
CRYPTO_ALGOMODE_NOT_SET 0x00
CRYPTO_ALGOMODE_SIPHASH_2_4 0x17
CRYPTO_ALGOMODE_SIPHASH_4_8 0x18
Post-Build Variant
false
Value
Multiplicity Pre-compile time X All Variants
Configuration Link time --
Class Post-build time --
Value Pre-compile time X All Variants
Configuration Link time --
Class Post-build time --
Scope / scope: local
Dependency

SWS Item ECUC_Csm_00134 :

Name CsmMacGenerateAlgorithmSecondaryFamily
Parent Container CsmMacGenerateConfig
189 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager
 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Description Determines the secondary algorithm family used for the crypto service
Multiplicity 1
Type EcucEnumerationParamDef
Range CRYPTO_ALGOFAM_NOT_SET 0x00
CRYPTO_ALGOMODE_CUSTOM 0xFF
Default value CRYPTO_ALGOFAM_NOT_SET
Post-Build Variant
false
Value
Multiplicity Pre-compile time X All Variants
Configuration Link time --
Class Post-build time --
Value Pre-compile time X All Variants
Configuration Link time --
Class Post-build time --
Scope / scope: local
Dependency

SWS Item ECUC_Csm_00137 :

Name CsmMacGenerateDataMaxLength
Parent Container CsmMacGenerateConfig
Description Size of the input data buffer for the synchronous RTE service interface if
this primitive is referenced by a Csm job. It may also be possible that other
BSW modules use the length parameter for buffer size calculation.
Multiplicity 0..1
Type EcucIntegerParamDef
Range 1 .. 4294967295
Default value --
Post-Build Variant Value false
Multiplicity Configuration Pre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local
dependency: This parameter is only relevant if CsmJobInterfaceUsePort is
configured as CRYPTO_USE_PORT.

SWS Item ECUC_Csm_00138 :

Name CsmMacGenerateResultLength
Parent Container CsmMacGenerateConfig
Description Size of the result data buffer for the synchronous RTE service interface if
this primitive is referenced by a Csm job. It may also be possible that other
BSW modules use the length parameter for buffer size calculation.
Multiplicity 0..1
Type EcucIntegerParamDef
Range 1 .. 4294967295
Default value --
Post-Build Variant Value false
Multiplicity Configuration Pre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --

190 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Scope / Dependency scope: local

dependency: This parameter is only relevant if CsmJobInterfaceUsePort is
configured as CRYPTO_USE_PORT.

SWS Item ECUC_Csm_00285 :

Name CsmMacGenerateAlgorithmFamilyCustomRef
Parent Container CsmMacGenerateConfig
Description Reference to a customer specific algorithm family custom container
Multiplicity 0..1
Type Symbolic name reference to [ CryptoPrimitiveAlgorithmFamilyCustom ]
Multiplicity ConfigurationPre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local
dependency: This reference shall only be present if
CsmMacGenerateAlgorithmFamily is set to
CRYPTO_ALGOFAM_CUSTOM.

SWS Item ECUC_Csm_00286 :

Name CsmMacGenerateAlgorithmModeCustomRef
Parent Container CsmMacGenerateConfig
Description Reference to a customer specific algorithm mode custom container
Multiplicity 0..1
Type Symbolic name reference to [ CryptoPrimitiveAlgorithmModeCustom ]
Multiplicity ConfigurationPre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local
dependency: This reference shall only be present if
CsmMacGenerateAlgorithmMode is set to
CRYPTO_ALGOMODE_CUSTOM.

SWS Item ECUC_Csm_00287 :

Name CsmMacGenerateAlgorithmSecondaryFamilyCustomRef
Parent Container CsmMacGenerateConfig
Description Reference to a customer specific algorithm family container in the Crypto
Driver
Multiplicity 0..1
Type Symbolic name reference to [ CryptoPrimitiveAlgorithmFamilyCustom ]
Multiplicity Configuration Pre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local
dependency: This parameter shall only be present if
CsmMacGenerateSecondaryAlgorithmFamily is set to
CRYPTO_ALGOFAM_CUSTOM.

191 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

No Included Containers

CsmMacVerify:
EcucParamConfContainerDef

lowerMultiplicity = 0
upperMultiplicity = 1

+subContainer

CsmMacVerifyConfig: +parameter CsmMacVerifyAlgorithmFamily:

EcucParamConfContainerDef EcucEnumerationParamDef

CsmMacVerifyAlgorithmFamilyCustomRef: CryptoPrimitiveAlgorithmFamilyCustom:
+reference EcucReferenceDef +destination EcucParamConfContainerDef

lowerMultiplicity = 0 lowerMultiplicity = 0
upperMultiplicity = 1 upperMultiplicity = *
requiresSymbolicNameValue = true

CsmMacVerifyAlgorithmSecondaryFamilyCustomRef:
+reference EcucReferenceDef +destination
lowerMultiplicity = 0
upperMultiplicity = 1
requiresSymbolicNameValue = true

CsmMacVerifyAlgorithmModeCustomRef: CryptoPrimitiveAlgorithmModeCustom:
+reference EcucReferenceDef +destination EcucParamConfContainerDef

lowerMultiplicity = 0 lowerMultiplicity = 0
upperMultiplicity = 1 upperMultiplicity = *
requiresSymbolicNameValue = true

CsmMacVerifyAlgorithmSecondaryFamily: +literal CRYPTO_ALGOFAM_NOT_SET:

EcucEnumerationParamDef EcucEnumerationLiteralDef
+parameter defaultValue = CRYPTO_ALGOFAM_NOT_SET

+literal CRYPTO_ALGOFAM_CUSTOM:
EcucEnumerationLiteralDef

CsmMacVerifyDataMaxLength: EcucIntegerParamDef

+parameter min = 1
max = 4294967295
lowerMultiplicity = 0
upperMultiplicity = 1

CsmMacVerifyCompareLength: EcucIntegerParamDef

+parameter min = 1
max = 4294967295
lowerMultiplicity = 0
upperMultiplicity = 1

+parameter CsmMacVerifyAlgorithmKeyLength:
EcucIntegerParamDef

min = 1
max = 4294967295

+parameter
CsmMacVerifyAlgorithmMode:
EcucEnumerationParamDef

Figure 9-12 CsmMacVerify Layout

192 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager
 Specification of Crypto Service Manager
AUTOSAR CP R20-11

10.2.17 CsmMacVerify

SWS Item ECUC_Csm_00023 :

Container Name CsmMacVerify
Parent Container CsmPrimitives
Description Configurations of MacVerify primitives
Configuration Parameters

Included Containers
Container Name Multiplicity Scope / Dependency
Container for configuration of a CSM MAC verification
CsmMacVerifyConfig 1 interface. The container name serves as a symbolic name for
the identifier of a MAC generation interface

10.2.18 CsmMacVerifyConfig

SWS Item ECUC_Csm_00049 :

Container Name CsmMacVerifyConfig
Parent Container CsmMacVerify
Container for configuration of a CSM MAC verification interface. The
Description container name serves as a symbolic name for the identifier of a MAC
generation interface
Configuration Parameters

SWS Item ECUC_Csm_00051 :

Name CsmMacVerifyAlgorithmFamily
Parent Container CsmMacVerifyConfig
Description Determines the algorithm family used for the crypto service. This parameter defines
the most significant part of the algorithm.
Multiplicity 1
Type EcucEnumerationParamDef
Range CRYPTO_ALGOFAM_3DES 0x13
CRYPTO_ALGOFAM_AES 0x14
CRYPTO_ALGOFAM_BLAKE_1_256 0x0F
CRYPTO_ALGOFAM_BLAKE_1_512 0x10
CRYPTO_ALGOFAM_BLAKE_2s_256 0x11
CRYPTO_ALGOFAM_BLAKE_2s_512 0x12
CRYPTO_ALGOFAM_CHACHA 0x15
CRYPTO_ALGOFAM_EEA3 0x28
CRYPTO_ALGOFAM_EIA3 0x2A
CRYPTO_ALGOFAM_POLY1305 0x2D
CRYPTO_ALGOFAM_RIPEMD160 0x0E
CRYPTO_ALGOFAM_RNG 0x1B
CRYPTO_ALGOFAM_SHA1 0x01
CRYPTO_ALGOFAM_SHA2_224 0x02
CRYPTO_ALGOFAM_SHA2_256 0x03
CRYPTO_ALGOFAM_SHA2_384 0x04
CRYPTO_ALGOFAM_SHA2_512 0x05
CRYPTO_ALGOFAM_SHA2_512_224 0x06
CRYPTO_ALGOFAM_SHA2_512_256 0x07
193 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager
 Specification of Crypto Service Manager
AUTOSAR CP R20-11

CRYPTO_ALGOFAM_SHA3_224 0x08
CRYPTO_ALGOFAM_SHA3_256 0x09
CRYPTO_ALGOFAM_SHA3_384 0x0A
CRYPTO_ALGOFAM_SHA3_512 0x0B
CRYPTO_ALGOFAM_SHAKE128 0x0C
CRYPTO_ALGOFAM_SHAKE256 0x0D
CRYPTO_ALGOFAM_SIPHASH 0x1C
CRYPTO_ALGOFAM_SM3 0x29
CRYPTO_ALGOMODE_CUSTOM 0xFF
Post-Build Variant
false
Value
Multiplicity Pre-compile time X All Variants
Configuration Link time --
Class Post-build time --
Value Pre-compile time X All Variants
Configuration Link time --
Class Post-build time --
Scope / scope: local
Dependency

SWS Item ECUC_Csm_00193 :

Name CsmMacVerifyAlgorithmKeyLength
Parent Container CsmMacVerifyConfig
Description Size of the MAC key in bytes
Multiplicity 1
Type EcucIntegerParamDef
Range 1 .. 4294967295
Default value --
Multiplicity ConfigurationPre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local

SWS Item ECUC_Csm_00195 :

Name CsmMacVerifyAlgorithmMode
Parent Container CsmMacVerifyConfig
Description Determines the algorithm mode used for the crypto service
Multiplicity 1
Type EcucEnumerationParamDef
Range CRYPTO_ALGOMODE_CMAC 0x10
CRYPTO_ALGOMODE_CTRDRBG 0x12
CRYPTO_ALGOMODE_CUSTOM 0xFF
CRYPTO_ALGOMODE_GMAC 0x11
CRYPTO_ALGOMODE_HMAC 0x0f
CRYPTO_ALGOMODE_NOT_SET 0x00
CRYPTO_ALGOMODE_SIPHASH_2_4 0x17
CRYPTO_ALGOMODE_SIPHASH_4_8 0x18
Multiplicity Pre-compile time X All Variants
Configuration Link time --
Class Post-build time --
Value Pre-compile time X All Variants
Configuration Link time --
Class Post-build time --
194 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager
 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Scope / scope: local

Dependency

SWS Item ECUC_Csm_00140 :

Name CsmMacVerifyAlgorithmSecondaryFamily
Parent Container CsmMacVerifyConfig
Description Determines the secondary algorithm family used for the crypto service
Multiplicity 1
Type EcucEnumerationParamDef
Range CRYPTO_ALGOFAM_CUSTOM 0xFF
CRYPTO_ALGOFAM_NOT_SET 0x00
Default value CRYPTO_ALGOFAM_NOT_SET
Post-Build Variant
false
Value
Multiplicity Pre-compile time X All Variants
Configuration Link time --
Class Post-build time --
Value Pre-compile time X All Variants
Configuration Link time --
Class Post-build time --
Scope / scope: local
Dependency

SWS Item ECUC_Csm_00142 :

Name CsmMacVerifyCompareLength
Parent Container CsmMacVerifyConfig
Description Size of the input MAC buffer in BITS for the synchronous RTE service
interface if this primitive is referenced by a Csm job. It may also be
possible that other BSW modules use the length parameter for buffer size
calculation.
Multiplicity 0..1
Type EcucIntegerParamDef
Range 1 .. 4294967295
Default value --
Post-Build Variant Value false
Multiplicity Configuration Pre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local
dependency: This parameter is only relevant if CsmJobInterfaceUsePort is
configured as CRYPTO_USE_PORT.

SWS Item ECUC_Csm_00056 :

Name CsmMacVerifyDataMaxLength
Parent Container CsmMacVerifyConfig
Description Size of the input data buffer for the synchronous RTE service interface if
this primitive is referenced by a Csm job. It may also be possible that other
BSW modules use the length parameter for buffer size calculation.
Multiplicity 0..1
Type EcucIntegerParamDef
Range 1 .. 4294967295
Default value --
Post-Build Variant Value false

195 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Multiplicity ConfigurationPre-compile time X All Variants

Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local
dependency: This parameter is only relevant if CsmJobInterfaceUsePort is
configured as CRYPTO_USE_PORT.

SWS Item ECUC_Csm_00288 :

Name CsmMacVerifyAlgorithmFamilyCustomRef
Parent Container CsmMacVerifyConfig
Description Reference to a customer specific algorithm family custom container
Multiplicity 0..1
Type Symbolic name reference to [ CryptoPrimitiveAlgorithmFamilyCustom ]
Multiplicity ConfigurationPre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local
dependency: This reference shall only be present if
CsmMacVerifyAlgorithmFamily is set to CRYPTO_ALGOFAM_CUSTOM.

SWS Item ECUC_Csm_00289 :

Name CsmMacVerifyAlgorithmModeCustomRef
Parent Container CsmMacVerifyConfig
Description Reference to a customer specific algorithm mode custom container
Multiplicity 0..1
Type Symbolic name reference to [ CryptoPrimitiveAlgorithmModeCustom ]
Multiplicity ConfigurationPre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local
dependency: This reference shall only be present if
CsmMacVerifyAlgorithmMode is set to CRYPTO_ALGOMODE_CUSTOM.

SWS Item ECUC_Csm_00290 :

Name CsmMacVerifyAlgorithmSecondaryFamilyCustomRef
Parent Container CsmMacVerifyConfig
Description Reference to a customer specific algorithm family container in the Crypto
Driver
Multiplicity 0..1
Type Symbolic name reference to [ CryptoPrimitiveAlgorithmFamilyCustom ]
Multiplicity Configuration Pre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --

196 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Scope / Dependency scope: local

dependency: This reference shall only be present if
CsmMacVerifySecondaryAlgorithmFamily is set to
CRYPTO_ALGOFAM_CUSTOM.

No Included Containers

197 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

CsmEncryptConfig: CsmEncryptAlgorithmFamily: +literal CRYPTO_ALGOFAM_3DES:

EcucParamConfContainerDef EcucEnumerationParamDef EcucEnumerationLiteralDef

+literal CRYPTO_ALGOFAM_CHACHA:
EcucEnumerationLiteralDef

+literal CRYPTO_ALGOFAM_AES:
+parameter
EcucEnumerationLiteralDef

+literal CRYPTO_ALGOFAM_RSA:
EcucEnumerationLiteralDef

+literal CRYPTO_ALGOFAM_EEA3:
EcucEnumerationLiteralDef

+literal

CRYPTO_ALGOFAM_CUSTOM:
+literal EcucEnumerationLiteralDef
CsmEncryptAlgorithmSecondaryFamily:
+parameter EcucEnumerationParamDef

defaultValue = CRYPTO_ALGOFAM_NOT_SET +literal CRYPTO_ALGOFAM_NOT_SET:

EcucEnumerationLiteralDef

CsmEncryptAlgorithmFamilyCustomRef: CryptoPrimitiveAlgorithmFamilyCustom:
+reference EcucReferenceDef EcucParamConfContainerDef
+destination
lowerMultiplicity = 0 lowerMultiplicity = 0
upperMultiplicity = 1 upperMultiplicity = *
requiresSymbolicNameValue = true

CsmEncryptAlgorithmSecondaryFamilyCustomRef:
+reference EcucReferenceDef +destination
lowerMultiplicity = 0
upperMultiplicity = 1
requiresSymbolicNameValue = true

CsmEncryptAlgorithmModeCustomRef: CryptoPrimitiveAlgorithmModeCustom:
+reference EcucReferenceDef +destination EcucParamConfContainerDef

lowerMultiplicity = 0 lowerMultiplicity = 0
upperMultiplicity = 1 upperMultiplicity = *
requiresSymbolicNameValue = true

+parameter CsmEncryptAlgorithmMode:
EcucEnumerationParamDef

CsmEncryptAlgorithmKeyLength:
EcucIntegerParamDef

+parameter min = 1
max = 4294967295
lowerMultiplicity = 1
upperMultiplicity = 1

CsmEncryptResultMaxLength: EcucIntegerParamDef

+parameter min = 1
max = 4294967295
lowerMultiplicity = 0
upperMultiplicity = 1

CsmEncryptDataMaxLength: EcucIntegerParamDef

min = 1
max = 4294967295
+parameter lowerMultiplicity = 0
upperMultiplicity = 1

Figure 9-13 CsmEncrypt Layout

198 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

CsmEncryptConfig:
EcucParamConfContainerDef

+parameter

CRYPTO_ALGOFAM_CUSTOM: +literal CsmEncryptAlgorithmSecondaryFamily: +literal CRYPTO_ALGOFAM_NOT_SET:

EcucEnumerationLiteralDef EcucEnumerationParamDef EcucEnumerationLiteralDef

defaultValue = CRYPTO_ALGOFAM_NOT_SET
(from CryptoDrv) (from CryptoDrv)

CRYPTO_ALGOFAM_BLAKE_1_512: +literal +literal CRYPTO_ALGOFAM_SHA1:

EcucEnumerationLiteralDef EcucEnumerationLiteralDef

(from CryptoDrv) (from CryptoDrv)

CRYPTO_ALGOFAM_BLAKE_2s_512: +literal +literal CRYPTO_ALGOFAM_SHA2_224:

EcucEnumerationLiteralDef EcucEnumerationLiteralDef

(from CryptoDrv) (from CryptoDrv)

CRYPTO_ALGOFAM_BLAKE_2s_256: +literal +literal CRYPTO_ALGOFAM_SHA2_256:

EcucEnumerationLiteralDef EcucEnumerationLiteralDef

(from CryptoDrv) (from CryptoDrv)

CRYPTO_ALGOFAM_BLAKE_1_256: +literal +literal CRYPTO_ALGOFAM_SHA2_512:

EcucEnumerationLiteralDef EcucEnumerationLiteralDef

(from CryptoDrv) (from CryptoDrv)

CRYPTO_ALGOFAM_RIPEMD160: +literal +literal CRYPTO_ALGOFAM_SHA2_512_224:

EcucEnumerationLiteralDef EcucEnumerationLiteralDef

(from CryptoDrv) (from CryptoDrv)

CRYPTO_ALGOFAM_SHAKE128: +literal +literal CRYPTO_ALGOFAM_SHA2_512_256:

EcucEnumerationLiteralDef EcucEnumerationLiteralDef

(from CryptoDrv) (from CryptoDrv)

CRYPTO_ALGOFAM_SHAKE256: +literal +literal CRYPTO_ALGOFAM_SHA2_384:

EcucEnumerationLiteralDef EcucEnumerationLiteralDef

(from CryptoDrv) (from CryptoDrv)

CRYPTO_ALGOFAM_SHA3_512: +literal +literal CRYPTO_ALGOFAM_SHA3_224:

EcucEnumerationLiteralDef EcucEnumerationLiteralDef

(from CryptoDrv) (from CryptoDrv)

CRYPTO_ALGOFAM_SHA3_256: +literal +literal CRYPTO_ALGOFAM_SHA3_384:

EcucEnumerationLiteralDef EcucEnumerationLiteralDef

(from CryptoDrv) (from CryptoDrv)

Figure 9-14 CsmEncryptAlgorithmSecondaryFamily Layout

10.2.19 CsmEncrypt

SWS Item ECUC_Csm_00024 :

Container Name CsmEncrypt
Parent Container CsmPrimitives
Description Configurations of Encryption primitives
199 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager
 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Configuration Parameters

Included Containers
Container Name Multiplicity Scope / Dependency
Container for configuration of a CSM encryption interface. The
CsmEncryptConfig 1 container name serves as a symbolic name for the identifier of
an encryption interface.

10.2.20 CsmEncryptConfig

SWS Item ECUC_Csm_00057 :

Container Name CsmEncryptConfig
Parent Container CsmEncrypt
Container for configuration of a CSM encryption interface. The container
Description name serves as a symbolic name for the identifier of an encryption
interface.
Configuration Parameters

SWS Item ECUC_Csm_00182 :

Name CsmEncryptAlgorithmFamily
Parent Container CsmEncryptConfig
Description Determines the algorithm family used for the crypto service. This parameter
defines the most significant part of the algorithm.
Multiplicity 1
Type EcucEnumerationParamDef
Range CRYPTO_ALGOFAM_3DES 0x13
CRYPTO_ALGOFAM_AES 0x14
CRYPTO_ALGOFAM_CHACHA 0x15
CRYPTO_ALGOFAM_CUSTOM 0xFF
CRYPTO_ALGOFAM_EEA3 0x28
CRYPTO_ALGOFAM_RSA 0x16
Post-Build Variant
false
Value
Multiplicity Pre-compile time X All Variants
Configuration Link time --
Class Post-build time --
Value Pre-compile time X All Variants
Configuration Link time --
Class Post-build time --
Scope / scope: local
Dependency

SWS Item ECUC_Csm_00191 :

Name CsmEncryptAlgorithmKeyLength
Parent Container CsmEncryptConfig
Description Size of the encryption key in bytes
Multiplicity 1
Type EcucIntegerParamDef
Range 1 .. 4294967295
Default value --
Post-Build Variant Value false
Multiplicity Configuration Pre-compile time X All Variants
Class Link time --
200 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager
 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local

SWS Item ECUC_Csm_00060 :

Name CsmEncryptAlgorithmMode
Parent Container CsmEncryptConfig
Description Determines the algorithm mode used for the crypto service
Multiplicity 1
Type EcucEnumerationParamDef
Range CRYPTO_ALGOMODE_12ROUNDS 0x0d
CRYPTO_ALGOMODE_20ROUNDS 0x0e
CRYPTO_ALGOMODE_8ROUNDS 0x0c
CRYPTO_ALGOMODE_CBC 0x02
CRYPTO_ALGOMODE_CFB 0x03
CRYPTO_ALGOMODE_CTR 0x05
CRYPTO_ALGOMODE_CUSTOM 0xFF
CRYPTO_ALGOMODE_ECB 0x01
CRYPTO_ALGOMODE_NOT_SET 0x00
CRYPTO_ALGOMODE_OFB 0x04
CRYPTO_ALGOMODE_RSAES_OAEP 0x08
CRYPTO_ALGOMODE_RSAES_- 0x09
PKCS1_v1_5
CRYPTO_ALGOMODE_XTS 0x06
Post-Build Variant
false
Value
Multiplicity Pre-compile time X All Variants
Configuration Link time --
Class Post-build time --
Value Pre-compile time X All Variants
Configuration Link time --
Class Post-build time --
Scope / scope: local
Dependency

SWS Item ECUC_Csm_00144 :

Name CsmEncryptAlgorithmSecondaryFamily
Parent Container CsmEncryptConfig
Description Determines the algorithm family used for the crypto service
Multiplicity 1
Type EcucEnumerationParamDef
Range CRYPTO_ALGOFAM_BLAKE_1_256 0x0F
CRYPTO_ALGOFAM_BLAKE_1_512 0x10
CRYPTO_ALGOFAM_BLAKE_2s_256 0x11
CRYPTO_ALGOFAM_BLAKE_2s_512 0x12
CRYPTO_ALGOFAM_CUSTOM 0xFF
CRYPTO_ALGOFAM_NOT_SET 0x00
CRYPTO_ALGOFAM_RIPEMD160 0x0E
CRYPTO_ALGOFAM_SHA1 0x01
CRYPTO_ALGOFAM_SHA2_224 0x02
CRYPTO_ALGOFAM_SHA2_256 0x03
CRYPTO_ALGOFAM_SHA2_384 0x04
CRYPTO_ALGOFAM_SHA2_512 0x05
CRYPTO_ALGOFAM_SHA2_512_224 0x06
201 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager
 Specification of Crypto Service Manager
AUTOSAR CP R20-11

CRYPTO_ALGOFAM_SHA2_512_256 0x07
CRYPTO_ALGOFAM_SHA3_224 0x08
CRYPTO_ALGOFAM_SHA3_256 0x09
CRYPTO_ALGOFAM_SHA3_384 0x0A
CRYPTO_ALGOFAM_SHA3_512 0x0B
CRYPTO_ALGOFAM_SHAKE128 0x0C
CRYPTO_ALGOFAM_SHAKE256 0x0D
Default value CRYPTO_ALGOFAM_NOT_SET
Post-Build Variant
false
Value
Multiplicity Pre-compile time X All Variants
Configuration Link time --
Class Post-build time --
Value Pre-compile time X All Variants
Configuration Link time --
Class Post-build time --
Scope / scope: local
Dependency

SWS Item ECUC_Csm_00146 :

Name CsmEncryptDataMaxLength
Parent Container CsmEncryptConfig
Description Size of the input plaintext buffer for the synchronous RTE service interface
if this primitive is referenced by a Csm job. It may also be possible that
other BSW modules use the length parameter for buffer size calculation.
Multiplicity 0..1
Type EcucIntegerParamDef
Range 1 .. 4294967295
Default value --
Post-Build Variant Value false
Multiplicity Configuration Pre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local
dependency: This parameter is only relevant if CsmJobInterfaceUsePort is
configured as CRYPTO_USE_PORT."

SWS Item ECUC_Csm_00147 :

Name CsmEncryptResultMaxLength
Parent Container CsmEncryptConfig
Description Size of the result data buffer for the synchronous RTE service interface if
this primitive is referenced by a Csm job. It may also be possible that other
BSW modules use the length parameter for buffer size calculation.
Multiplicity 0..1
Type EcucIntegerParamDef
Range 1 .. 4294967295
Default value --
Post-Build Variant Value false
Multiplicity Configuration Pre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
202 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager
 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Post-build time --
Scope / Dependency scope: local
dependency: This parameter is only relevant if CsmJobInterfaceUsePort is
configured as CRYPTO_USE_PORT.

SWS Item ECUC_Csm_00291 :

Name CsmEncryptAlgorithmFamilyCustomRef
Parent Container CsmEncryptConfig
Description Reference to a customer specific algorithm family custom container
Multiplicity 0..1
Type Symbolic name reference to [ CryptoPrimitiveAlgorithmFamilyCustom ]
Multiplicity ConfigurationPre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local
dependency: This parameter shall only be present if
CsmEncryptAlgorithmFamily is set to CRYPTO_ALGOFAM_CUSTOM.

SWS Item ECUC_Csm_00292 :

Name CsmEncryptAlgorithmModeCustomRef
Parent Container CsmEncryptConfig
Description Reference to a customer specific algorithm mode custom container
Multiplicity 0..1
Type Symbolic name reference to [ CryptoPrimitiveAlgorithmModeCustom ]
Multiplicity ConfigurationPre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local
dependency: This reference shall only be present if
CsmEncryptAlgorithmMode is set to CRYPTO_ALGOMODE_CUSTOM.

SWS Item ECUC_Csm_00293 :

Name CsmEncryptAlgorithmSecondaryFamilyCustomRef
Parent Container CsmEncryptConfig
Description Reference to a customer specific algorithm family container in the Crypto
Driver
Multiplicity 0..1
Type Symbolic name reference to [ CryptoPrimitiveAlgorithmFamilyCustom ]
Multiplicity Configuration Pre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local
dependency: This parameter shall only be present if
CsmEncryptSecondaryAlgorithmFamily is set to
CRYPTO_ALGOFAM_CUSTOM.

No Included Containers

203 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

CsmDecryptAlgorithmFamily: +literal CRYPTO_ALGOFAM_EEA3:

EcucEnumerationParamDef EcucEnumerationLiteralDef

+literal CRYPTO_ALGOFAM_AES:
EcucEnumerationLiteralDef

+literal CRYPTO_ALGOFAM_3DES:
EcucEnumerationLiteralDef

CsmDecryptConfig:
EcucParamConfContainerDef +literal CRYPTO_ALGOFAM_CUSTOM:
EcucEnumerationLiteralDef

+parameter
+literal CRYPTO_ALGOFAM_RSA:
EcucEnumerationLiteralDef

+literal CRYPTO_ALGOFAM_CHACHA:
EcucEnumerationLiteralDef

CsmDecryptAlgorithmFamilyCustomRef: CryptoPrimitiveAlgorithmFamilyCustom:
+reference EcucReferenceDef +destination EcucParamConfContainerDef

lowerMultiplicity = 0 lowerMultiplicity = 0
upperMultiplicity = 1 upperMultiplicity = *
requiresSymbolicNameValue = true

CsmDecryptAlgorithmSecondaryFamilyCustomRef:
+reference EcucReferenceDef +destination

lowerMultiplicity = 0
upperMultiplicity = 1
requiresSymbolicNameValue = true

CsmDecryptAlgorithmModeCustomRef: CryptoPrimitiveAlgorithmModeCustom:
+reference EcucReferenceDef +destination EcucParamConfContainerDef

lowerMultiplicity = 0 lowerMultiplicity = 0
upperMultiplicity = 1 upperMultiplicity = *
requiresSymbolicNameValue = true

CsmDecryptResultMaxLength: EcucIntegerParamDef

+parameter min = 1
max = 4294967295
lowerMultiplicity = 0
upperMultiplicity = 1

CsmDecryptDataMaxLength: EcucIntegerParamDef

min = 1
+parameter max = 4294967295
lowerMultiplicity = 0
upperMultiplicity = 1

CsmDecryptAlgorithmKeyLength:
+parameter EcucIntegerParamDef

min = 1
max = 4294967295

See diagram
CsmDecryptAlgorithmMode: CsmDecryptAlgorithmM
+parameter EcucEnumerationParamDef ode

Figure 9-15 CsmDecrypt Layout

204 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager


CRYPTO_ALGOFAM_CUSTOM:
EcucEnumerationLiteralDef
(from CryptoDrv)
CRYPTO_ALGOFAM_BLAKE_1_512:
EcucEnumerationLiteralDef
(from CryptoDrv)
CRYPTO_ALGOFAM_BLAKE_2s_256:
EcucEnumerationLiteralDef
(from CryptoDrv)
CRYPTO_ALGOFAM_BLAKE_2s_512:
EcucEnumerationLiteralDef
(from CryptoDrv)
CRYPTO_ALGOFAM_BLAKE_1_256:
EcucEnumerationLiteralDef
(from CryptoDrv)
CRYPTO_ALGOFAM_RIPEMD160:
EcucEnumerationLiteralDef
(from CryptoDrv)
CRYPTO_ALGOFAM_SHAKE128:
EcucEnumerationLiteralDef
(from CryptoDrv)
CRYPTO_ALGOFAM_SHAKE256:
EcucEnumerationLiteralDef
(from CryptoDrv)
CRYPTO_ALGOFAM_SHA3_224:
EcucEnumerationLiteralDef
(from CryptoDrv)
CRYPTO_ALGOFAM_SHA3_512:
EcucEnumerationLiteralDef
(from CryptoDrv)
Figure 9-16 CsmDecryptAlgorithmSecondaryFamily Layout
10.2.21 CsmDecrypt
SWS Item
Container Name
Parent Container
Description
Configuration Parameters
205 of 265
Specification of Crypto Service Manager
AUTOSAR CP R20-11
CsmDecryptConfig: EcucParamConfContainerDef
+parameter
CsmDecryptAlgorithmSecondaryFamily:
+literal +literal
EcucEnumerationParamDef CRYPTO_ALGOFAM_NOT_SET:
EcucEnumerationLiteralDef
defaultValue = CRYPTO_ALGOFAM_NOT_SET
(from CryptoDrv)
+literal +literal CRYPTO_ALGOFAM_SHA1:
EcucEnumerationLiteralDef
(from CryptoDrv)
+literal +literal CRYPTO_ALGOFAM_SHA2_224:
EcucEnumerationLiteralDef
(from CryptoDrv)
+literal +literal CRYPTO_ALGOFAM_SHA2_256:
EcucEnumerationLiteralDef
(from CryptoDrv)
+literal +literal CRYPTO_ALGOFAM_SHA2_512:
EcucEnumerationLiteralDef
(from CryptoDrv)
+literal +literal CRYPTO_ALGOFAM_SHA2_512_224:
EcucEnumerationLiteralDef
(from CryptoDrv)
+literal +literal CRYPTO_ALGOFAM_SHA2_512_256:
EcucEnumerationLiteralDef
(from CryptoDrv)
+literal +literal CRYPTO_ALGOFAM_SHA2_384:
EcucEnumerationLiteralDef
(from CryptoDrv)
+literal +literal CRYPTO_ALGOFAM_SHA3_256:
EcucEnumerationLiteralDef
(from CryptoDrv)
+literal +literal CRYPTO_ALGOFAM_SHA3_384:
EcucEnumerationLiteralDef
(from CryptoDrv)
ECUC_Csm_00025 :
CsmDecrypt
CsmPrimitives
Configurations of Decryption primitives
Document ID 402: AUTOSAR_SWS_CryptoServiceManager
 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Included Containers
Container Name Multiplicity Scope / Dependency
Container for configuration of a CSM decryption interface. The
CsmDecryptConfig 1 container name serves as a symbolic name for the identifier of
an decryption interface.

10.2.22 CsmDecryptConfig

SWS Item ECUC_Csm_00064 :

Container Name CsmDecryptConfig
Parent Container CsmDecrypt
Container for configuration of a CSM decryption interface. The container
Description name serves as a symbolic name for the identifier of an decryption
interface.
Configuration Parameters

SWS Item ECUC_Csm_00066 :

Name CsmDecryptAlgorithmFamily
Parent Container CsmDecryptConfig
Description Determines the algorithm family used for the crypto service. This parameter
defines the most significant part of the algorithm.
Multiplicity 1
Type EcucEnumerationParamDef
Range CRYPTO_ALGOFAM_3DES 0x13
CRYPTO_ALGOFAM_AES 0x14
CRYPTO_ALGOFAM_CHACHA 0x15
CRYPTO_ALGOFAM_CUSTOM 0xFF
CRYPTO_ALGOFAM_EEA3 0x28
CRYPTO_ALGOFAM_RSA 0x16
Post-Build Variant
false
Value
Multiplicity Pre-compile time X All Variants
Configuration Link time --
Class Post-build time --
Value Pre-compile time X All Variants
Configuration Link time --
Class Post-build time --
Scope / scope: local
Dependency

SWS Item ECUC_Csm_00067 :

Name CsmDecryptAlgorithmKeyLength
Parent Container CsmDecryptConfig
Description Size of the encryption key in bytes
Multiplicity 1
Type EcucIntegerParamDef
Range 1 .. 4294967295
Default value --
Post-Build Variant Value false
Multiplicity Configuration Pre-compile time X All Variants
Class Link time --
Post-build time --
206 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager
 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Value Configuration Class Pre-compile time X All Variants

Link time --
Post-build time --
Scope / Dependency scope: local

SWS Item ECUC_Csm_00068 :

Name CsmDecryptAlgorithmMode
Parent Container CsmDecryptConfig
Description Determines the algorithm mode used for the crypto service
See diagram CsmDecryptAlgorithmMode
Multiplicity 1
Type EcucEnumerationParamDef
Range CRYPTO_ALGOMODE_12ROUNDS 0x0d
CRYPTO_ALGOMODE_20ROUNDS 0x0e
CRYPTO_ALGOMODE_8ROUNDS 0x0c
CRYPTO_ALGOMODE_CBC 0x02
CRYPTO_ALGOMODE_CFB 0x03
CRYPTO_ALGOMODE_CTR 0x05
CRYPTO_ALGOMODE_CUSTOM 0xFF
CRYPTO_ALGOMODE_ECB 0x01
CRYPTO_ALGOMODE_OFB 0x04
CRYPTO_ALGOMODE_RSAES_OAEP 0x08
CRYPTO_ALGOMODE_RSAES_- 0x09
PKCS1_v1_5
CRYPTO_ALGOMODE_XTS 0x06
Post-Build Variant
false
Value
Multiplicity Pre-compile time X All Variants
Configuration Link time --
Class Post-build time --
Value Pre-compile time X All Variants
Configuration Link time --
Class Post-build time --
Scope / scope: local
Dependency

SWS Item ECUC_Csm_00149 :

Name CsmDecryptAlgorithmSecondaryFamily
Parent Container CsmDecryptConfig
Description Determines the secondary algorithm family used for the crypto service
Multiplicity 1
Type EcucEnumerationParamDef
Range CRYPTO_ALGOFAM_BLAKE_1_256 0x0F
CRYPTO_ALGOFAM_BLAKE_1_512 0x10
CRYPTO_ALGOFAM_BLAKE_2s_256 0x11
CRYPTO_ALGOFAM_BLAKE_2s_512 0x12
CRYPTO_ALGOFAM_CUSTOM 0xFF
CRYPTO_ALGOFAM_NOT_SET 0x00
CRYPTO_ALGOFAM_RIPEMD160 0x0E
CRYPTO_ALGOFAM_SHA1 0x01
CRYPTO_ALGOFAM_SHA2_224 0x02
CRYPTO_ALGOFAM_SHA2_256 0x03
CRYPTO_ALGOFAM_SHA2_384 0x04
CRYPTO_ALGOFAM_SHA2_512 0x05
CRYPTO_ALGOFAM_SHA2_512_224 0x06
CRYPTO_ALGOFAM_SHA2_512_256 0x07
207 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager
 Specification of Crypto Service Manager
AUTOSAR CP R20-11

CRYPTO_ALGOFAM_SHA3_224 0x08
CRYPTO_ALGOFAM_SHA3_256 0x09
CRYPTO_ALGOFAM_SHA3_384 0x0A
CRYPTO_ALGOFAM_SHA3_512 0x0B
CRYPTO_ALGOFAM_SHAKE128 0x0C
CRYPTO_ALGOFAM_SHAKE256 0x0D
Default value CRYPTO_ALGOFAM_NOT_SET
Post-Build Variant
false
Value
Multiplicity Pre-compile time X All Variants
Configuration Link time --
Class Post-build time --
Value Pre-compile time X All Variants
Configuration Link time --
Class Post-build time --
Scope / scope: local
Dependency

SWS Item ECUC_Csm_00154 :

Name CsmDecryptDataMaxLength
Parent Container CsmDecryptConfig
Description Size of the input ciphertext buffer for the synchronous RTE service
interface if this primitive is referenced by a Csm job. It may also be
possible that other BSW modules use the length parameter for buffer size
calculation.
Multiplicity 0..1
Type EcucIntegerParamDef
Range 1 .. 4294967295
Default value --
Post-Build Variant Value false
Multiplicity Configuration Pre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local
dependency: This parameter is only relevant if CsmJobInterfaceUsePort is
configured as CRYPTO_USE_PORT.

SWS Item ECUC_Csm_00155 :

Name CsmDecryptResultMaxLength
Parent Container CsmDecryptConfig
Description Size of the result data buffer for the synchronous RTE service interface if
this primitive is referenced by a Csm job. It may also be possible that other
BSW modules use the length parameter for buffer size calculation.
Multiplicity 0..1
Type EcucIntegerParamDef
Range 1 .. 4294967295
Default value --
Post-Build Variant Value false
Multiplicity Configuration Pre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
208 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager
 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Post-build time --
Scope / Dependency scope: local
dependency: This parameter is only relevant if CsmJobInterfaceUsePort is
configured as CRYPTO_USE_PORT.

SWS Item ECUC_Csm_00294 :

Name CsmDecryptAlgorithmFamilyCustomRef
Parent Container CsmDecryptConfig
Description Reference to a customer specific algorithm family custom container
Multiplicity 0..1
Type Symbolic name reference to [ CryptoPrimitiveAlgorithmFamilyCustom ]
Multiplicity ConfigurationPre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local
dependency: This reference shall only be present if
CsmDecryptAlgorithmFamily is set to CRYPTO_ALGOFAM_CUSTOM.

SWS Item ECUC_Csm_00295 :

Name CsmDecryptAlgorithmModeCustomRef
Parent Container CsmDecryptConfig
Description Reference to a customer specific algorithm mode custom container
Multiplicity 0..1
Type Symbolic name reference to [ CryptoPrimitiveAlgorithmModeCustom ]
Multiplicity ConfigurationPre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local
dependency: This reference shall only be present if
CsmDecryptAlgorithmMode is set to CRYPTO_ALGOMODE_CUSTOM.

SWS Item ECUC_Csm_00296 :

Name CsmDecryptAlgorithmSecondaryFamilyCustomRef
Parent Container CsmDecryptConfig
Description Reference to a customer specific algorithm family container in the Crypto
Driver
Multiplicity 0..1
Type Symbolic name reference to [ CryptoPrimitiveAlgorithmFamilyCustom ]
Multiplicity Configuration Pre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local
dependency: This reference shall only be present if
CsmDecryptSecondaryAlgorithmFamily is set to
CRYPTO_ALGOFAM_CUSTOM.

No Included Containers

209 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

CsmAEADEncrypt:
EcucParamConfContainerDef

lowerMultiplicity = 0
upperMultiplicity = 1

+subContainer

CsmAEADEncryptConfig: +reference CsmAEADEncryptQueueRef: +destination CsmQueue: EcucParamConfContainerDef

EcucParamConfContainerDef EcucReferenceDef
lowerMultiplicity = 1
upperMultiplicity = *

CsmAEADEncryptAlgorithmKeyLength:
+parameter EcucIntegerParamDef

min = 1
max = 4294967295 See diagram CsmAEADEncryptAlgorithmFamily

+parameter CsmAEADEncryptAlgorithmFamily:
EcucEnumerationParamDef +literal
CRYPTO_ALGOFAM_CUSTOM:
EcucEnumerationLiteralDef
+literal
CsmAEADEncryptAlgorithmSecondaryFamily:
EcucEnumerationParamDef

lowerMultiplicity = 1
+literal CRYPTO_ALGOFAM_POLY1305:
+parameter upperMultiplicity = 1
EcucEnumerationLiteralDef

+literal CRYPTO_ALGOFAM_NOT_SET:
EcucEnumerationLiteralDef

+parameter
CsmAEADEncryptAlgorithmMode:
EcucEnumerationParamDef See diagram CsmAEADEncryptAlgorithmMode

CsmKey: EcucParamConfContainerDef
+reference CsmAEADEncryptKeyRef: EcucReferenceDef +destination
lowerMultiplicity = 0
upperMultiplicity = *

CsmAEADEncryptPlaintextMaxLength:
EcucIntegerParamDef
+parameter
min = 1
max = 4294967295
lowerMultiplicity = 0 CsmAEADEncryptCiphertextMaxLength:
upperMultiplicity = 1 EcucIntegerParamDef
+parameter
min = 1
max = 4294967295
CsmAEADEncryptAssociatedDataMaxLength: lowerMultiplicity = 0
EcucIntegerParamDef upperMultiplicity = 1
+parameter
min = 1
max = 4294967295
CsmAEADEncryptTagLength:
lowerMultiplicity = 0
EcucIntegerParamDef
upperMultiplicity = 1
+parameter min = 1
max = 4294967295
lowerMultiplicity = 0
CsmAEADEncryptAlgorithmFamilyCustomRef: upperMultiplicity = 1
+reference EcucReferenceDef

lowerMultiplicity = 0 +destination CryptoPrimitiveAlgorithmFamilyCustom:

upperMultiplicity = 1 EcucParamConfContainerDef
requiresSymbolicNameValue = true
lowerMultiplicity = 0
upperMultiplicity = *
CsmAEADEncryptAlgorithmSecondaryFamilyCustomRef:
+reference EcucReferenceDef +destination

lowerMultiplicity = 0
upperMultiplicity = 1
requiresSymbolicNameValue = true

CsmAEADEncryptAlgorithmModeCustomRef: CryptoPrimitiveAlgorithmModeCustom:
+reference EcucReferenceDef +destination EcucParamConfContainerDef

lowerMultiplicity = 0 lowerMultiplicity = 0
upperMultiplicity = 1 upperMultiplicity = *
requiresSymbolicNameValue = true

210 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Figure 9-17 CsmAEADEncrypt Layout

10.2.23 CsmAEADEncrypt

SWS Item ECUC_Csm_00026 :

Container Name CsmAEADEncrypt
Parent Container CsmPrimitives
Description Configuration of AEAD encryption primitives
Configuration Parameters

Included Containers
Container Name Multiplicity Scope / Dependency
Container for configuration of a CSM encryption interface. The
CsmAEADEncryptConfig 1 container name serves as a symbolic name for the identifier of
an encryption interface.

10.2.24 CsmAEADEncryptConfig

SWS Item ECUC_Csm_00072 :

Container Name CsmAEADEncryptConfig
Parent Container CsmAEADEncrypt
Container for configuration of a CSM encryption interface. The container
Description name serves as a symbolic name for the identifier of an encryption
interface.
Configuration Parameters

SWS Item ECUC_Csm_00074 :

Name CsmAEADEncryptAlgorithmFamily
Parent Container CsmAEADEncryptConfig
Description Determines the algorithm family used for the crypto service. This parameter defines
the most significant part of the algorithm.
See diagram CsmAEADEncryptAlgorithmFamily
Multiplicity 1
Type EcucEnumerationParamDef
Range CRYPTO_ALGOFAM_3DES 0x13
CRYPTO_ALGOFAM_AES 0x14
CRYPTO_ALGOFAM_CHACHA 0x15
CRYPTO_ALGOFAM_CUSTOM 0xFF
CRYPTO_ALGOFAM_EEA3 0x28
Post-Build Variant
false
Value
Multiplicity Pre-compile time X All Variants
Configuration Link time --
Class Post-build time --
Value Pre-compile time X All Variants
Configuration Link time --
Class Post-build time --
Scope / scope: local
Dependency

SWS Item ECUC_Csm_00075 :

Name CsmAEADEncryptAlgorithmKeyLength

211 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Parent Container CsmAEADEncryptConfig

Description Size of the AEAD encryption key in bytes
Multiplicity 1
Type EcucIntegerParamDef
Range 1 .. 4294967295
Default value --
Post-Build Variant Value false
Multiplicity ConfigurationPre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local

SWS Item ECUC_Csm_00076 :

Name CsmAEADEncryptAlgorithmMode
Parent Container CsmAEADEncryptConfig
Description Determines the algorithm mode used for the crypto service
See diagram CsmAEADEncryptAlgorithmMode
Multiplicity 1
Type EcucEnumerationParamDef
Range CRYPTO_ALGOMODE_12ROUNDS 0x0d
CRYPTO_ALGOMODE_20ROUNDS 0x0e
CRYPTO_ALGOMODE_8ROUNDS 0x0c
CRYPTO_ALGOMODE_CUSTOM 0xFF
CRYPTO_ALGOMODE_GCM 0x07
Post-Build Variant
false
Value
Multiplicity Pre-compile time X All Variants
Configuration Link time --
Class Post-build time --
Value Pre-compile time X All Variants
Configuration Link time --
Class Post-build time --
Scope / scope: local
Dependency

SWS Item ECUC_Csm_00278 :

Name CsmAEADEncryptAlgorithmSecondaryFamily
Parent Container CsmAEADEncryptConfig
Description Defines the secondary family used for the crypto service
Multiplicity 1
Type EcucEnumerationParamDef
Range CRYPTO_ALGOFAM_CUSTOM 0xFF
CRYPTO_ALGOFAM_NOT_SET 0x00
CRYPTO_ALGOFAM_POLY1305 0x2D
Multiplicity Pre-compile time X All Variants
Configuration Link time --
Class Post-build time --
Value Pre-compile time X All Variants
Configuration Link time --
Class Post-build time --
Scope / scope: local
Dependency

212 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

SWS Item ECUC_Csm_00159 :

Name CsmAEADEncryptAssociatedDataMaxLength
Parent Container CsmAEADEncryptConfig
Description Size of the input associated data buffer for the synchronous RTE service
interface if this primitive is referenced by a Csm job. It may also be
possible that other BSW modules use the length parameter for buffer size
calculation.
Multiplicity 0..1
Type EcucIntegerParamDef
Range 1 .. 4294967295
Default value --
Post-Build Variant Value false
Multiplicity Configuration Pre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local
dependency: This parameter is only relevant if CsmJobInterfaceUsePort is
configured as CRYPTO_USE_PORT.

SWS Item ECUC_Csm_00160 :

Name CsmAEADEncryptCiphertextMaxLength
Parent Container CsmAEADEncryptConfig
Description Size of the output ciphertext buffer for the synchronous RTE service
interface if this primitive is referenced by a Csm job. It may also be
possible that other BSW modules use the length parameter for buffer size
calculation.
Multiplicity 0..1
Type EcucIntegerParamDef
Range 1 .. 4294967295
Default value --
Post-Build Variant Value false
Multiplicity Configuration Pre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local
dependency: This parameter is only relevant if CsmJobInterfaceUsePort is
configured as CRYPTO_USE_PORT.

SWS Item ECUC_Csm_00158 :

Name CsmAEADEncryptPlaintextMaxLength
Parent Container CsmAEADEncryptConfig
Description Size of the input plaintext length buffer for the synchronous RTE service
interface if this primitive is referenced by a Csm job. It may also be
possible that other BSW modules use the length parameter for buffer size
calculation.
Multiplicity 0..1
Type EcucIntegerParamDef
Range 1 .. 4294967295
Default value --
Post-Build Variant Value false

213 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Multiplicity ConfigurationPre-compile time X All Variants

Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local
dependency: This parameter is only relevant if CsmJobInterfaceUsePort is
configured as CRYPTO_USE_PORT.

SWS Item ECUC_Csm_00161 :

Name CsmAEADEncryptTagLength
Parent Container CsmAEADEncryptConfig
Description Size of the output tag length buffer for the synchronous RTE service
interface if this primitive is referenced by a Csm job. It may also be
possible that other BSW modules use the length parameter for buffer size
calculation.
Multiplicity 0..1
Type EcucIntegerParamDef
Range 1 .. 4294967295
Default value --
Post-Build Variant Value false
Multiplicity Configuration Pre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local
dependency: This parameter is only relevant if CsmJobInterfaceUsePort is
configured as CRYPTO_USE_PORT.

SWS Item ECUC_Csm_00297 :

Name CsmAEADEncryptAlgorithmFamilyCustomRef
Parent Container CsmAEADEncryptConfig
Description Reference to a customer specific algorithm family custom container
Multiplicity 0..1
Type Symbolic name reference to [ CryptoPrimitiveAlgorithmFamilyCustom ]
Multiplicity ConfigurationPre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local
dependency: This reference shall only be present if
CsmAEADEncryptAlgorithmFamily is set to
CRYPTO_ALGOFAM_CUSTOM.

SWS Item ECUC_Csm_00298 :

Name CsmAEADEncryptAlgorithmModeCustomRef
Parent Container CsmAEADEncryptConfig
Description Reference to a customer specific algorithm mode custom container
Multiplicity 0..1
Type Symbolic name reference to [ CryptoPrimitiveAlgorithmModeCustom ]
Pre-compile time X All Variants

214 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Multiplicity Configuration Link time --

Class Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local
dependency: This reference shall only be present if
CsmAEADEncryptAlgorithmMode is set to
CRYPTO_ALGOMODE_CUSTOM.

SWS Item ECUC_Csm_00299 :

Name CsmAEADEncryptAlgorithmSecondaryFamilyCustomRef
Parent Container CsmAEADEncryptConfig
Description Reference to a customer specific algorithm family container in the Crypto
Driver
Multiplicity 0..1
Type Symbolic name reference to [ CryptoPrimitiveAlgorithmFamilyCustom ]
Multiplicity Configuration Pre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local
dependency: This reference shall only be present if
CsmAEADEncryptSecondaryAlgorithmFamily is set to
CRYPTO_ALGOFAM_CUSTOM.

SWS Item ECUC_Csm_00157 :

Name CsmAEADEncryptKeyRef
Parent Container CsmAEADEncryptConfig
Description This parameter refers to the key used for that encryption primitive.
Multiplicity 1
Type Reference to [ CsmKey ]
Post-Build Variant Value false
Multiplicity ConfigurationPre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local

SWS Item ECUC_Csm_00156 :

Name CsmAEADEncryptQueueRef
Parent Container CsmAEADEncryptConfig
Description This parameter refers to the queue used for that encryption primitive.
Multiplicity 1
Type Reference to [ CsmQueue ]
Post-Build Variant Value false
Multiplicity ConfigurationPre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
215 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager
 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Scope / Dependency scope: local

No Included Containers

See diagram CsmAEADDecryptAlgorithmFamily

CsmAEADDecryptConfig: +parameter CsmAEADDecryptAlgorithmFamily:
EcucParamConfContainerDef EcucEnumerationParamDef
+literal
CRYPTO_ALGOFAM_CUSTOM:
+literal EcucEnumerationLiteralDef
CsmAEADDecryptAlgorithmSecondaryFamily:
EcucEnumerationParamDef

lowerMultiplicity = 1
+literal CRYPTO_ALGOFAM_NOT_SET:
upperMultiplicity = 1
+parameter EcucEnumerationLiteralDef

+literal CRYPTO_ALGOFAM_POLY1305:
EcucEnumerationLiteralDef

+reference CsmAEADDecryptQueueRef: EcucReferenceDef +destination CsmQueue: EcucParamConfContainerDef

lowerMultiplicity = 1
upperMultiplicity = *

CsmAEADDecryptAlgorithmKeyLength:
+parameter EcucIntegerParamDef

min = 1 See diagram

max = 4294967295 CsmAEADDecryptAlgorithmMode

+parameter CsmAEADDecryptAlgorithmMode:
EcucEnumerationParamDef CsmKey: EcucParamConfContainerDef

lowerMultiplicity = 0
+destination upperMultiplicity = *
+reference CsmAEADDecryptKeyRef: EcucReferenceDef

+parameter

CsmAEADDecryptAssociatedDataMaxLength:
CsmAEADDecryptCiphertextMaxLength: EcucIntegerParamDef
EcucIntegerParamDef
+parameter min = 1
min = 1 max = 4294967295
max = 4294967295 lowerMultiplicity = 0
lowerMultiplicity = 0 upperMultiplicity = 1
upperMultiplicity = 1

CsmAEADDecryptTagLength:
EcucIntegerParamDef
CsmAEADDecryptPlaintextMaxLength:
+parameter
min = 1 EcucIntegerParamDef
max = 4294967295
min = 1
lowerMultiplicity = 0
max = 4294967295
upperMultiplicity = 1
+parameter lowerMultiplicity = 0
upperMultiplicity = 1

CsmAEADDecryptAlgorithmFamilyCustomRef:
+reference EcucReferenceDef

lowerMultiplicity = 0 +destination CryptoPrimitiveAlgorithmFamilyCustom:

EcucParamConfContainerDef
upperMultiplicity = 1
requiresSymbolicNameValue = true lowerMultiplicity = 0
upperMultiplicity = *

CsmAEADDecryptAlgorithmSecondaryFamilyCustomRef:
+reference EcucReferenceDef +destination

lowerMultiplicity = 0
upperMultiplicity = 1
requiresSymbolicNameValue = true

CsmAEADDecryptAlgorithmModeCustomRef: CryptoPrimitiveAlgorithmModeCustom:
+reference EcucReferenceDef +destination EcucParamConfContainerDef

lowerMultiplicity = 0 lowerMultiplicity = 0
upperMultiplicity = 1 upperMultiplicity = *
requiresSymbolicNameValue = true

216 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Figure 9-18 CsmAEADDecrypt Layout

10.2.25 CsmAEADDecrypt

SWS Item ECUC_Csm_00027 :

Container Name CsmAEADDecrypt
Parent Container CsmPrimitives
Description Configuration of AEAD decryption primitives
Configuration Parameters

Included Containers
Container Name Multiplicity Scope / Dependency
Container for configuration of a CSM decryption interface. The
CsmAEADDecryptConfig 1 container name serves as a symbolic name for the identifier of
an decryption interface.

10.2.26 CsmAEADDecryptConfig

SWS Item ECUC_Csm_00080 :

Container Name CsmAEADDecryptConfig
Parent Container CsmAEADDecrypt
Container for configuration of a CSM decryption interface. The container
Description name serves as a symbolic name for the identifier of an decryption
interface.
Configuration Parameters

SWS Item ECUC_Csm_00082 :

Name CsmAEADDecryptAlgorithmFamily
Parent Container CsmAEADDecryptConfig
Description Determines the algorithm family used for the crypto service. This parameter defines
the most significant part of the algorithm.
See diagram CsmAEADDecryptAlgorithmFamily
Multiplicity 1
Type EcucEnumerationParamDef
Range CRYPTO_ALGOFAM_3DES 0x13
CRYPTO_ALGOFAM_AES 0x14
CRYPTO_ALGOFAM_CHACHA 0x15
CRYPTO_ALGOFAM_CUSTOM 0xFF
CRYPTO_ALGOFAM_EEA3 0x28
Post-Build Variant
false
Value
Multiplicity Pre-compile time X All Variants
Configuration Link time --
Class Post-build time --
Value Pre-compile time X All Variants
Configuration Link time --
Class Post-build time --
Scope / scope: local
Dependency

SWS Item ECUC_Csm_00083 :

Name CsmAEADDecryptAlgorithmKeyLength

217 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Parent Container CsmAEADDecryptConfig

Description Size of the AEAD decryption key in bytes
Multiplicity 1
Type EcucIntegerParamDef
Range 1 .. 4294967295
Default value --
Post-Build Variant Value false
Multiplicity ConfigurationPre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local

SWS Item ECUC_Csm_00084 :

Name CsmAEADDecryptAlgorithmMode
Parent Container CsmAEADDecryptConfig
Description Determines the algorithm mode used for the crypto service
See diagram CsmAEADDecryptAlgorithmMode
Multiplicity 1
Type EcucEnumerationParamDef
Range CRYPTO_ALGOMODE_12ROUNDS 0x0d
CRYPTO_ALGOMODE_20ROUNDS 0x0e
CRYPTO_ALGOMODE_8ROUNDS 0x0c
CRYPTO_ALGOMODE_CUSTOM 0xFF
CRYPTO_ALGOMODE_GCM 0x07
Post-Build Variant
false
Value
Multiplicity Pre-compile time X All Variants
Configuration Link time --
Class Post-build time --
Value Pre-compile time X All Variants
Configuration Link time --
Class Post-build time --
Scope / scope: local
Dependency

SWS Item ECUC_Csm_00277 :

Name CsmAEADDecryptAlgorithmSecondaryFamily
Parent Container CsmAEADDecryptConfig
Description Defines the secondary family used for the crypto service
Multiplicity 1
Type EcucEnumerationParamDef
Range CRYPTO_ALGOFAM_CUSTOM 0xFF
CRYPTO_ALGOFAM_NOT_SET 0x00
CRYPTO_ALGOFAM_POLY1305 0x2D
Value Pre-compile time X All Variants
Configuration Link time --
Class Post-build time --
Scope / scope: local
Dependency

SWS Item ECUC_Csm_00163 :

Name CsmAEADDecryptAssociatedDataMaxLength
Parent Container CsmAEADDecryptConfig
218 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager
 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Description Size of the input associated data buffer for the synchronous RTE service
interface if this primitive is referenced by a Csm job. It may also be
possible that other BSW modules use the length parameter for buffer size
calculation.
Multiplicity 0..1
Type EcucIntegerParamDef
Range 1 .. 4294967295
Default value --
Post-Build Variant Value false
Multiplicity Configuration Pre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local
dependency: This parameter is only relevant if CsmJobInterfaceUsePort is
configured as CRYPTO_USE_PORT.

SWS Item ECUC_Csm_00162 :

Name CsmAEADDecryptCiphertextMaxLength
Parent Container CsmAEADDecryptConfig
Description Size of the input ciphertext buffer for the synchronous RTE service
interface if this primitive is referenced by a Csm job. It may also be
possible that other BSW modules use the length parameter for buffer size
calculation.
Multiplicity 0..1
Type EcucIntegerParamDef
Range 1 .. 4294967295
Default value --
Post-Build Variant Value false
Multiplicity Configuration Pre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local
dependency: This parameter is only relevant if CsmJobInterfaceUsePort is
configured as CRYPTO_USE_PORT

SWS Item ECUC_Csm_00165 :

Name CsmAEADDecryptPlaintextMaxLength
Parent Container CsmAEADDecryptConfig
Description Size of the output plaintext length buffer for the synchronous RTE service
interface if this primitive is referenced by a Csm job. It may also be
possible that other BSW modules use the length parameter for buffer size
calculation.
Multiplicity 0..1
Type EcucIntegerParamDef
Range 1 .. 4294967295
Default value --
Post-Build Variant Value false
Multiplicity Configuration Pre-compile time X All Variants
Class Link time --
Post-build time --

219 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Value Configuration Class Pre-compile time X All Variants

Link time --
Post-build time --
Scope / Dependency scope: local
dependency: This parameter is only relevant if CsmJobInterfaceUsePort is
configured as CRYPTO_USE_PORT.

SWS Item ECUC_Csm_00164 :

Name CsmAEADDecryptTagLength
Parent Container CsmAEADDecryptConfig
Description Size of the input tag buffer in BITS for the synchronous RTE service
interface if this primitive is referenced by a Csm job. It may also be
possible that other BSW modules use the length parameter for buffer size
calculation."
Multiplicity 0..1
Type EcucIntegerParamDef
Range 1 .. 4294967295
Default value --
Post-Build Variant Value false
Multiplicity Configuration Pre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local
dependency: This parameter is only relevant if CsmJobInterfaceUsePort is
configured as CRYPTO_USE_PORT.

SWS Item ECUC_Csm_00300 :

Name CsmAEADDecryptAlgorithmFamilyCustomRef
Parent Container CsmAEADDecryptConfig
Description Reference to a customer specific algorithm family custom container
Multiplicity 0..1
Type Symbolic name reference to [ CryptoPrimitiveAlgorithmFamilyCustom ]
Multiplicity ConfigurationPre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local
dependency: This reference shall only be present if
CsmAEADDecryptAlgorithmFamily is set to
CRYPTO_ALGOFAM_CUSTOM.

SWS Item ECUC_Csm_00301 :

Name CsmAEADDecryptAlgorithmModeCustomRef
Parent Container CsmAEADDecryptConfig
Description Reference to a customer specific algorithm mode custom container
Multiplicity 0..1
Type Symbolic name reference to [ CryptoPrimitiveAlgorithmModeCustom ]
Multiplicity ConfigurationPre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants

220 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Link time --
Post-build time --
Scope / Dependency scope: local
dependency: This reference shall only be present if
CsmAEADDecryptAlgorithmMode is set to
CRYPTO_ALGOMODE_CUSTOM.

SWS Item ECUC_Csm_00302 :

Name CsmAEADDecryptAlgorithmSecondaryFamilyCustomRef
Parent Container CsmAEADDecryptConfig
Description Reference to a customer specific algorithm family container in the Crypto
Driver
Multiplicity 0..1
Type Symbolic name reference to [ CryptoPrimitiveAlgorithmFamilyCustom ]
Multiplicity Configuration Pre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local
dependency: This reference shall only be present if
CsmAEADDecryptSecondaryAlgorithmFamily is set to
CRYPTO_ALGOFAM_CUSTOM.

SWS Item ECUC_Csm_00086 :

Name CsmAEADDecryptKeyRef
Parent Container CsmAEADDecryptConfig
Description This parameter refers to the key used for that decryption primitive.
Multiplicity 1
Type Reference to [ CsmKey ]
Post-Build Variant Value false
Multiplicity ConfigurationPre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local

SWS Item ECUC_Csm_00081 :

Name CsmAEADDecryptQueueRef
Parent Container CsmAEADDecryptConfig
Description This parameter refers to the queue used for that decryption primitive.
Multiplicity 1
Type Reference to [ CsmQueue ]
Post-Build Variant Value false
Multiplicity ConfigurationPre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local

No Included Containers
221 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager
 Specification of Crypto Service Manager
AUTOSAR CP R20-11

CsmSignatureGenerate:
EcucParamConfContainerDef

lowerMultiplicity = 0
upperMultiplicity = 1
See diagram CsmSignatureGenerateAlgorithmFamily

+subContainer

CsmSignatureGenerateConfig:
+parameter
EcucParamConfContainerDef
CsmSignatureGenerateAlgorithmFamily:
EcucEnumerationParamDef +literal
CRYPTO_ALGOFAM_CUSTOM:
EcucEnumerationLiteralDef
+literal

+parameter CsmSignatureGenerateAlgorithmSecondaryFamily:
EcucEnumerationParamDef
CsmSignatureGenerateKeyLength:
defaultValue = CRYPTO_ALGOFAM_NOT_SET EcucIntegerParamDef
+parameter
min = 1
max = 4294967295

CsmSignatureGenerateAlgorithmFamilyCustomRef:
+reference EcucReferenceDef
+destination CryptoPrimitiveAlgorithmFamilyCustom:
lowerMultiplicity = 0 EcucParamConfContainerDef
upperMultiplicity = 1
requiresSymbolicNameValue = true lowerMultiplicity = 0
upperMultiplicity = *

CsmSignatureGenerateAlgorithmSecondaryFamilyCustomRef:
+reference EcucReferenceDef +destination

lowerMultiplicity = 0
upperMultiplicity = 1
requiresSymbolicNameValue = true

CsmSignatureGenerateAlgorithmModeCustomRef: CryptoPrimitiveAlgorithmModeCustom:
+reference EcucReferenceDef +destination EcucParamConfContainerDef

lowerMultiplicity = 0 lowerMultiplicity = 0
upperMultiplicity = 1 upperMultiplicity = *
requiresSymbolicNameValue = true

+literal CRYPTO_ALGOMODE_RSASSA_PSS:
CsmSignatureGenerateAlgorithmMode: EcucEnumerationLiteralDef
EcucEnumerationParamDef

+literal CRYPTO_ALGOMODE_RSASSA_PKCS1_v1_5:
EcucEnumerationLiteralDef
+parameter

+literal CRYPTO_ALGOMODE_NOT_SET:
EcucEnumerationLiteralDef

+literal
CRYPTO_ALGOMODE_CUSTOM:
EcucEnumerationLiteralDef

+parameter CsmSignatureGenerateResultLength:
EcucIntegerParamDef

min = 1
CsmSignatureGenerateDataMaxLength: max = 4294967295
EcucIntegerParamDef lowerMultiplicity = 0
+parameter
min = 1 upperMultiplicity = 1
max = 4294967295
lowerMultiplicity = 0
upperMultiplicity = 1

Figure 9-19 CsmSignatureGenerate Layout

10.2.27 CsmSignatureGenerate

SWS Item ECUC_Csm_00028 :

222 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager
 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Container Name CsmSignatureGenerate

Parent Container CsmPrimitives
Description Configurations of SignatureGenerate primitives
Configuration Parameters

Included Containers
Container Name Multiplicity Scope / Dependency
Container for configuration of a CSM signature generation
CsmSignatureGenerateConfi
1 interface. The container name serves as a symbolic name for
g
the identifier of signature generation interface.

10.2.28 CsmSignatureGenerateConfig

SWS Item ECUC_Csm_00087 :

Container Name CsmSignatureGenerateConfig
Parent Container CsmSignatureGenerate
Container for configuration of a CSM signature generation interface. The
Description container name serves as a symbolic name for the identifier of signature
generation interface.
Configuration Parameters

SWS Item ECUC_Csm_00089 :

Name CsmSignatureGenerateAlgorithmFamily
Parent Container CsmSignatureGenerateConfig
Description Determines the algorithm family used for the crypto service. This parameter defines
the most significant part of the algorithm.
See diagram CsmSignatureGenerateAlgorithmFamily
Multiplicity 1
Type EcucEnumerationParamDef
Range CRYPTO_ALGOFAM_BRAINPOOL 0x18
CRYPTO_ALGOFAM_CUSTOM 0xFF
CRYPTO_ALGOFAM_ECCNIST 0x19
CRYPTO_ALGOFAM_ECDSA 0x2C
CRYPTO_ALGOFAM_ED25519 0x17
CRYPTO_ALGOFAM_RSA 0x16
CRYPTO_ALGOFAM_SM2 0x27
Post-Build Variant
false
Value
Multiplicity Pre-compile time X All Variants
Configuration Link time --
Class Post-build time --
Value Pre-compile time X All Variants
Configuration Link time --
Class Post-build time --
Scope / scope: local
Dependency

SWS Item ECUC_Csm_00091 :

Name CsmSignatureGenerateAlgorithmMode
Parent Container CsmSignatureGenerateConfig
Description Determines the algorithm mode used for the crypto service
Multiplicity 1
Type EcucEnumerationParamDef
223 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager
 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Range CRYPTO_ALGOMODE_CUSTOM 0xFF

CRYPTO_ALGOMODE_NOT_SET 0x00
CRYPTO_ALGOMODE_RSASSA_- 0x0b
PKCS1_v1_5
CRYPTO_ALGOMODE_RSASSA_PSS 0x0a
Post-Build Variant
false
Value
Multiplicity Pre-compile time X All Variants
Configuration Link time --
Class Post-build time --
Value Pre-compile time X All Variants
Configuration Link time --
Class Post-build time --
Scope / scope: local
Dependency

SWS Item ECUC_Csm_00183 :

Name CsmSignatureGenerateAlgorithmSecondaryFamily
Parent Container CsmSignatureGenerateConfig
Description Determines the algorithm mode used for the crypto service
Multiplicity 1
Type EcucEnumerationParamDef
Range CRYPTO_ALGOFAM_BLAKE_1_256 0x0F
CRYPTO_ALGOFAM_BLAKE_1_512 0x10
CRYPTO_ALGOFAM_BLAKE_2s_256 0x11
CRYPTO_ALGOFAM_BLAKE_2s_512 0x12
CRYPTO_ALGOFAM_CUSTOM 0xFF
CRYPTO_ALGOFAM_NOT_SET 0x00
CRYPTO_ALGOFAM_RIPEMD160 0x0E
CRYPTO_ALGOFAM_SHA1 0x01
CRYPTO_ALGOFAM_SHA2_224 0x02
CRYPTO_ALGOFAM_SHA2_256 0x03
CRYPTO_ALGOFAM_SHA2_384 0x04
CRYPTO_ALGOFAM_SHA2_512 0x05
CRYPTO_ALGOFAM_SHA2_512_224 0x06
CRYPTO_ALGOFAM_SHA2_512_256 0x07
CRYPTO_ALGOFAM_SHA3_224 0x08
CRYPTO_ALGOFAM_SHA3_256 0x09
CRYPTO_ALGOFAM_SHA3_384 0x0A
CRYPTO_ALGOFAM_SHA3_512 0x0B
CRYPTO_ALGOFAM_SHAKE128 0x0C
CRYPTO_ALGOFAM_SHAKE256 0x0D
Default value CRYPTO_ALGOFAM_NOT_SET
Post-Build Variant
false
Value
Multiplicity Pre-compile time X All Variants
Configuration Link time --
Class Post-build time --
Value Pre-compile time X All Variants
Configuration Link time --
Class Post-build time --
Scope / scope: local
Dependency

SWS Item ECUC_Csm_00169 :

Name CsmSignatureGenerateDataMaxLength
224 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager
 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Parent Container CsmSignatureGenerateConfig

Description Size of the input data buffer for the synchronous RTE service interface if
this primitive is referenced by a Csm job. It may also be possible that other
BSW modules use the length parameter for buffer size calculation.
Multiplicity 0..1
Type EcucIntegerParamDef
Range 1 .. 4294967295
Default value --
Post-Build Variant Value false
Multiplicity Configuration Pre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local
dependency: This parameter is only relevant if CsmJobInterfaceUsePort is
configured as CRYPTO_USE_PORT.

SWS Item ECUC_Csm_00090 :

Name CsmSignatureGenerateKeyLength
Parent Container CsmSignatureGenerateConfig
Description Size of the signature generate key in bytes
Multiplicity 1
Type EcucIntegerParamDef
Range 1 .. 4294967295
Default value --
Post-Build Variant Value false
Multiplicity ConfigurationPre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local

SWS Item ECUC_Csm_00170 :

Name CsmSignatureGenerateResultLength
Parent Container CsmSignatureGenerateConfig
Description Size of the result data buffer for the synchronous RTE service interface if
this primitive is referenced by a Csm job. It may also be possible that other
BSW modules use the length parameter for buffer size calculation.
Multiplicity 0..1
Type EcucIntegerParamDef
Range 1 .. 4294967295
Default value --
Post-Build Variant Value false
Multiplicity Configuration Pre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local
dependency: This parameter is only relevant if CsmJobInterfaceUsePort is
configured as CRYPTO_USE_PORT.
225 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager
 Specification of Crypto Service Manager
AUTOSAR CP R20-11

SWS Item ECUC_Csm_00303 :

Name CsmSignatureGenerateAlgorithmFamilyCustomRef
Parent Container CsmSignatureGenerateConfig
Description Reference to a customer specific algorithm family custom container
Multiplicity 0..1
Type Symbolic name reference to [ CryptoPrimitiveAlgorithmFamilyCustom ]
Multiplicity ConfigurationPre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local
dependency: This reference shall only be present if
CsmSignatureGenerateAlgorithmFamily is set to
CRYPTO_ALGOFAM_CUSTOM.

SWS Item ECUC_Csm_00304 :

Name CsmSignatureGenerateAlgorithmModeCustomRef
Parent Container CsmSignatureGenerateConfig
Description Reference to a customer specific algorithm mode custom container
Multiplicity 0..1
Type Symbolic name reference to [ CryptoPrimitiveAlgorithmModeCustom ]
Multiplicity ConfigurationPre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local
dependency: This reference shall only be present if
CsmSignatureGenerateAlgorithmMode is set to
CRYPTO_ALGOMODE_CUSTOM.

SWS Item ECUC_Csm_00305 :

Name CsmSignatureGenerateAlgorithmSecondaryFamilyCustomRef
Parent Container CsmSignatureGenerateConfig
Description Reference to a customer specific algorithm family container in the Crypto
Driver
Multiplicity 0..1
Type Symbolic name reference to [ CryptoPrimitiveAlgorithmFamilyCustom ]
Multiplicity Configuration Pre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local
dependency: This reference shall only be present if
CsmSignatureGenerateSecondaryAlgorithmFamily is set to
CRYPTO_ALGOFAM_CUSTOM.

No Included Containers

226 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

CsmSignatureVerify:
EcucParamConfContainerDef

lowerMultiplicity = 0
upperMultiplicity = 1
See diagram CsmSignatureVerifyAlgorithmFamily

+subContainer

CsmSignatureVerifyConfig: +parameter CsmSignatureVerifyAlgorithmFamily: +literal CRYPTO_ALGOFAM_CUSTOM:

EcucParamConfContainerDef EcucEnumerationParamDef EcucEnumerationLiteralDef

+parameter CsmSignatureVerifyAlgorithmSecondaryFamily: +literal

EcucEnumerationParamDef

CsmSignatureVerifyAlgorithmFamilyCustomRef: CryptoPrimitiveAlgorithmFamilyCustom:
+reference EcucReferenceDef +destination EcucParamConfContainerDef

lowerMultiplicity = 0 lowerMultiplicity = 0
upperMultiplicity = 1 upperMultiplicity = *
requiresSymbolicNameValue = true

CsmSignatureVerifyAlgorithmSecondaryFamilyCustomRef:
+reference EcucReferenceDef +destination

lowerMultiplicity = 0
upperMultiplicity = 1
requiresSymbolicNameValue = true

CsmSignatureVerifyAlgorithmModeCustomRef: CryptoPrimitiveAlgorithmModeCustom:
+reference EcucReferenceDef +destination EcucParamConfContainerDef

lowerMultiplicity = 0 lowerMultiplicity = 0
upperMultiplicity = 1 upperMultiplicity = *
requiresSymbolicNameValue = true

CsmSignatureVerifyAlgorithmMode: +literal CRYPTO_ALGOMODE_RSASSA_PSS:

EcucEnumerationParamDef EcucEnumerationLiteralDef

+literal CRYPTO_ALGOMODE_RSASSA_PKCS1_v1_5:
EcucEnumerationLiteralDef
+parameter

+literal CRYPTO_ALGOMODE_NOT_SET:
EcucEnumerationLiteralDef

+literal
CRYPTO_ALGOMODE_CUSTOM:
EcucEnumerationLiteralDef

CsmSignatureVerifyDataMaxLength:
EcucIntegerParamDef
+parameter
min = 1
max = 4294967295
lowerMultiplicity = 0
upperMultiplicity = 1

+parameter CsmSignatureVerifyKeyLength:
EcucIntegerParamDef

min = 1
max = 4294967295
lowerMultiplicity = 1
upperMultiplicity = 1

CsmSignatureVerifyCompareLength:
EcucIntegerParamDef
+parameter
min = 1
max = 4294967295
lowerMultiplicity = 0
upperMultiplicity = 1

Figure 9-20 CsmSignatureVerify Layout

227 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

10.2.29 CsmSignatureVerify

SWS Item ECUC_Csm_00029 :

Container Name CsmSignatureVerify
Parent Container CsmPrimitives
Description Configurations of SignatureVerify primitives
Configuration Parameters

Included Containers
Container Name Multiplicity Scope / Dependency
Container for configuration of a CSM signature verification
CsmSignatureVerifyConfig 1 interface. The container name serves as a symbolic name for
the identifier of signature verification interface.

10.2.30 CsmSignatureVerifyConfig

SWS Item ECUC_Csm_00094 :

Container Name CsmSignatureVerifyConfig
Parent Container CsmSignatureVerify
Container for configuration of a CSM signature verification interface. The
Description container name serves as a symbolic name for the identifier of signature
verification interface.
Configuration Parameters

SWS Item ECUC_Csm_00096 :

Name CsmSignatureVerifyAlgorithmFamily
Parent Container CsmSignatureVerifyConfig
Description Determines the algorithm family used for the crypto service. This parameter defines
the most significant part of the algorithm.
See diagram CsmSignatureVerifyAlgorithmFamily
Multiplicity 1
Type EcucEnumerationParamDef
Range CRYPTO_ALGOFAM_BRAINPOOL 0x18
CRYPTO_ALGOFAM_CUSTOM 0xFF
CRYPTO_ALGOFAM_ECCNIST 0x19
CRYPTO_ALGOFAM_ECDSA 0x2C
CRYPTO_ALGOFAM_ED25519 0x17
CRYPTO_ALGOFAM_RSA 0x16
CRYPTO_ALGOFAM_SM2 0x27
Post-Build Variant
false
Value
Multiplicity Pre-compile time X All Variants
Configuration Link time --
Class Post-build time --
Value Pre-compile time X All Variants
Configuration Link time --
Class Post-build time --
Scope / scope: local
Dependency

SWS Item ECUC_Csm_00098 :

Name CsmSignatureVerifyAlgorithmMode
Parent Container CsmSignatureVerifyConfig
228 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager
 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Description Determines the algorithm mode used for the crypto service
Multiplicity 1
Type EcucEnumerationParamDef
Range CRYPTO_ALGOMODE_CUSTOM 0xFF
CRYPTO_ALGOMODE_NOT_SET 0x00
CRYPTO_ALGOMODE_RSASSA_- 0x0B
PKCS1_v1_5
CRYPTO_ALGOMODE_RSASSA_PSS 0x0A
Post-Build Variant
false
Value
Multiplicity Pre-compile time X All Variants
Configuration Link time --
Class Post-build time --
Value Pre-compile time X All Variants
Configuration Link time --
Class Post-build time --
Scope / scope: local
Dependency

SWS Item ECUC_Csm_00172 :

Name CsmSignatureVerifyAlgorithmSecondaryFamily
Parent Container CsmSignatureVerifyConfig
Description Determines the algorithm family used for the crypto service. This parameter defines
the most significant part of the algorithm.
Multiplicity 1
Type EcucEnumerationParamDef
Range CRYPTO_ALGOFAM_BLAKE_1_256 0x0F
CRYPTO_ALGOFAM_BLAKE_1_512 0x10
CRYPTO_ALGOFAM_BLAKE_2s_256 0x11
CRYPTO_ALGOFAM_BLAKE_2s_512 0x12
CRYPTO_ALGOFAM_CUSTOM 0xFF
CRYPTO_ALGOFAM_NOT_SET 0x00
CRYPTO_ALGOFAM_RIPEMD160 0x0E
CRYPTO_ALGOFAM_SHA1 0x01
CRYPTO_ALGOFAM_SHA2_224 0x02
CRYPTO_ALGOFAM_SHA2_256 0x03
CRYPTO_ALGOFAM_SHA2_384 0x04
CRYPTO_ALGOFAM_SHA2_512 0x05
CRYPTO_ALGOFAM_SHA2_512_224 0x06
CRYPTO_ALGOFAM_SHA2_512_256 0x07
CRYPTO_ALGOFAM_SHA3_224 0x08
CRYPTO_ALGOFAM_SHA3_256 0x09
CRYPTO_ALGOFAM_SHA3_384 0x0A
CRYPTO_ALGOFAM_SHA3_512 0x0B
CRYPTO_ALGOFAM_SHAKE128 0x0C
CRYPTO_ALGOFAM_SHAKE256 0x0D
Post-Build Variant
false
Value
Multiplicity Pre-compile time X All Variants
Configuration Link time --
Class Post-build time --
Value Pre-compile time X All Variants
Configuration Link time --
Class Post-build time --
Scope / scope: local
Dependency
229 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager
 Specification of Crypto Service Manager
AUTOSAR CP R20-11

SWS Item ECUC_Csm_00176 :

Name CsmSignatureVerifyCompareLength
Parent Container CsmSignatureVerifyConfig
Description Size of the input signature buffer for the synchronous RTE service
interface if this primitive is referenced by a Csm job. It may also be
possible that other BSW modules use the length parameter for buffer size
calculation.
Multiplicity 0..1
Type EcucIntegerParamDef
Range 1 .. 4294967295
Default value --
Post-Build Variant Value false
Multiplicity Configuration Pre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local
dependency: This parameter is only relevant if CsmJobInterfaceUsePort is
configured as CRYPTO_USE_PORT.

SWS Item ECUC_Csm_00175 :

Name CsmSignatureVerifyDataMaxLength
Parent Container CsmSignatureVerifyConfig
Description Size of the input data buffer for the synchronous RTE service interface if
this primitive is referenced by a Csm job. It may also be possible that other
BSW modules use the length parameter for buffer size calculation.
Multiplicity 0..1
Type EcucIntegerParamDef
Range 1 .. 4294967295
Default value --
Post-Build Variant Value false
Multiplicity Configuration Pre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local
dependency: This parameter is only relevant if CsmJobInterfaceUsePort is
configured as CRYPTO_USE_PORT.

SWS Item ECUC_Csm_00192 :

Name CsmSignatureVerifyKeyLength
Parent Container CsmSignatureVerifyConfig
Description Size of the signature verify key in bytes
Multiplicity 1
Type EcucIntegerParamDef
Range 1 .. 4294967295
Default value --
Post-Build Variant Value false
Multiplicity Configuration Pre-compile time X All Variants
Class Link time --
Post-build time --

230 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Value Configuration Class Pre-compile time X All Variants

Link time --
Post-build time --
Scope / Dependency scope: local

SWS Item ECUC_Csm_00306 :

Name CsmSignatureVerifyAlgorithmFamilyCustomRef
Parent Container CsmSignatureVerifyConfig
Description Reference to a customer specific algorithm family custom container
Multiplicity 0..1
Type Symbolic name reference to [ CryptoPrimitiveAlgorithmFamilyCustom ]
Multiplicity ConfigurationPre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local
dependency: This reference shall only be present if
CsmSignatureVerifyAlgorithmFamily is set to
CRYPTO_ALGOFAM_CUSTOM.

SWS Item ECUC_Csm_00307 :

Name CsmSignatureVerifyAlgorithmModeCustomRef
Parent Container CsmSignatureVerifyConfig
Description Reference to a customer specific algorithm mode custom container
Multiplicity 0..1
Type Symbolic name reference to [ CryptoPrimitiveAlgorithmModeCustom ]
Multiplicity ConfigurationPre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local
dependency: This reference shall only be present if
CsmSignatureVerifyAlgorithmMode is set to
CRYPTO_ALGOMODE_CUSTOM.

SWS Item ECUC_Csm_00308 :

Name CsmSignatureVerifyAlgorithmSecondaryFamilyCustomRef
Parent Container CsmSignatureVerifyConfig
Description Reference to a customer specific algorithm family container in the Crypto
Driver
Multiplicity 0..1
Type Symbolic name reference to [ CryptoPrimitiveAlgorithmFamilyCustom ]
Multiplicity Configuration Pre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local
dependency: This reference shall only be present if
CsmSignatureVerifySecondaryAlgorithmFamily is set to
CRYPTO_ALGOFAM_CUSTOM.

231 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

No Included Containers

CsmRandomGenerate: CsmRandomGenerateAlgorithmFamily: +literal CRYPTO_ALGOFAM_3DES:

EcucParamConfContainerDef
lowerMultiplicity = 0
upperMultiplicity = 1
EcucEnumerationParamDef EcucEnumerationLiteralDef
+literal CRYPTO_ALGOFAM_AES:
EcucEnumerationLiteralDef

+literal CRYPTO_ALGOFAM_CHACHA:
EcucEnumerationLiteralDef
+subContainer

CsmRandomGenerateConfig:
EcucParamConfContainerDef +literal CRYPTO_ALGOFAM_RNG:
EcucEnumerationLiteralDef
+parameter

+literal CRYPTO_ALGOFAM_CUSTOM:
EcucEnumerationLiteralDef

+literal
CsmRandomGenerateAlgorithmSecondaryFamily:
+parameter EcucEnumerationParamDef

+literal CRYPTO_ALGOFAM_NOT_SET:
EcucEnumerationLiteralDef

CsmRandomGenerateAlgorithmFamilyCustomRef: CryptoPrimitiveAlgorithmFamilyCustom:
EcucReferenceDef EcucParamConfContainerDef
+reference +destination
lowerMultiplicity = 0 lowerMultiplicity = 0
upperMultiplicity = 1 upperMultiplicity = *
requiresSymbolicNameValue = true

CsmRandomGenerateAlgorithmSecondaryFamilyCustomRef:
EcucReferenceDef +destination
+reference
lowerMultiplicity = 0
upperMultiplicity = 1
requiresSymbolicNameValue = true

CsmRandomGenerateAlgorithmModeCustomRef: CryptoPrimitiveAlgorithmModeCustom:
EcucReferenceDef EcucParamConfContainerDef
+reference +destination

lowerMultiplicity = 0 lowerMultiplicity = 0
upperMultiplicity = 1 upperMultiplicity = *
requiresSymbolicNameValue = true

CsmRandomGenerateAlgorithmMode: +literal CRYPTO_ALGOMODE_CTRDRBG:

EcucEnumerationParamDef EcucEnumerationLiteralDef

+parameter +literal CRYPTO_ALGOMODE_CUSTOM:

EcucEnumerationLiteralDef

+literal CRYPTO_ALGOMODE_NOT_SET:
EcucEnumerationLiteralDef

CsmRandomGenerateResultLength:
EcucIntegerParamDef
+parameter
min = 1
max = 4294967295
lowerMultiplicity = 0
upperMultiplicity = 1

Figure 9-21 CsmRandomGenerate Layout

232 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

10.2.31 CsmRandomGenerate

SWS Item ECUC_Csm_00031 :

Container Name CsmRandomGenerate
Parent Container CsmPrimitives
Description Configurations of RandomGenerate primitives
Configuration Parameters

Included Containers
Container Name Multiplicity Scope / Dependency
Container for configuration of a CSM random generator. The
CsmRandomGenerateConfig 1 container name serves as a symbolic name for the identifier of
a random generator configuration.

10.2.32 CsmRandomGenerateConfig

SWS Item ECUC_Csm_00103 :

Container Name CsmRandomGenerateConfig
Parent Container CsmRandomGenerate
Container for configuration of a CSM random generator. The container
Description name serves as a symbolic name for the identifier of a random generator
configuration.
Configuration Parameters

SWS Item ECUC_Csm_00105 :

Name CsmRandomGenerateAlgorithmFamily
Parent Container CsmRandomGenerateConfig
Description Determines the algorithm family used for the crypto service. This parameter defines
the most significant part of the algorithm.
Multiplicity 1
Type EcucEnumerationParamDef
Range CRYPTO_ALGOFAM_3DES 0x13
CRYPTO_ALGOFAM_AES 0x14
CRYPTO_ALGOFAM_BLAKE_1_256 0x0F
CRYPTO_ALGOFAM_BLAKE_1_512 0x10
CRYPTO_ALGOFAM_BLAKE_2s_256 0x11
CRYPTO_ALGOFAM_BLAKE_2s_512 0x12
CRYPTO_ALGOFAM_CHACHA 0x15
CRYPTO_ALGOFAM_CUSTOM 0xFF
CRYPTO_ALGOFAM_EEA3 0x28
CRYPTO_ALGOFAM_RIPEMD160 0x0E
CRYPTO_ALGOFAM_RNG 0x1B
CRYPTO_ALGOFAM_SHA1 0x01
CRYPTO_ALGOFAM_SHA2_224 0x02
CRYPTO_ALGOFAM_SHA2_256 0x03
CRYPTO_ALGOFAM_SHA2_384 0x04
CRYPTO_ALGOFAM_SHA2_512 0x05
CRYPTO_ALGOFAM_SHA2_512_224 0x06
CRYPTO_ALGOFAM_SHA2_512_256 0x07
CRYPTO_ALGOFAM_SHA3_224 0x08
CRYPTO_ALGOFAM_SHA3_256 0x09
CRYPTO_ALGOFAM_SHA3_384 0x0A
CRYPTO_ALGOFAM_SHA3_512 0x0B
233 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager
 Specification of Crypto Service Manager
AUTOSAR CP R20-11

CRYPTO_ALGOFAM_SHAKE128 0x0C
CRYPTO_ALGOFAM_SHAKE256 0x0D
CRYPTO_ALGOFAM_SM3 0x29
Post-Build Variant
false
Value
Multiplicity Pre-compile time X All Variants
Configuration Link time --
Class Post-build time --
Value Pre-compile time X All Variants
Configuration Link time --
Class Post-build time --
Scope / scope: local
Dependency

SWS Item ECUC_Csm_00107 :

Name CsmRandomGenerateAlgorithmMode
Parent Container CsmRandomGenerateConfig
Description Determines the algorithm mode used for the crypto service
Multiplicity 1
Type EcucEnumerationParamDef
Range CRYPTO_ALGOMODE_CMAC 0x10
CRYPTO_ALGOMODE_CTRDRBG 0x12
CRYPTO_ALGOMODE_CUSTOM 0xFF
CRYPTO_ALGOMODE_GMAC 0x11
CRYPTO_ALGOMODE_HMAC 0x0f
CRYPTO_ALGOMODE_NOT_SET 0x00
CRYPTO_ALGOMODE_SIPHASH_2_4 0x17
CRYPTO_ALGOMODE_SIPHASH_4_8 0x18
Post-Build Variant
false
Value
Multiplicity Pre-compile time X All Variants
Configuration Link time --
Class Post-build time --
Value Pre-compile time X All Variants
Configuration Link time --
Class Post-build time --
Scope / scope: local
Dependency

SWS Item ECUC_Csm_00178 :

Name CsmRandomGenerateAlgorithmSecondaryFamily
Parent Container CsmRandomGenerateConfig
Description Determines the algorithm family used for the crypto service
Multiplicity 1
Type EcucEnumerationParamDef
Range CRYPTO_ALGOFAM_CUSTOM 0xFF
CRYPTO_ALGOFAM_NOT_SET 0x00
Post-Build Variant
false
Value
Multiplicity Pre-compile time X All Variants
Configuration Link time --
Class Post-build time --
Value Pre-compile time X All Variants
Configuration Link time --
Class Post-build time --

234 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Scope / scope: local

Dependency

SWS Item ECUC_Csm_00106 :

Name CsmRandomGenerateResultLength
Parent Container CsmRandomGenerateConfig
Description Size of the result data buffer for the synchronous RTE service interface if
this primitive is referenced by a Csm job. It may also be possible that other
BSW modules use the length parameter for buffer size calculation
Multiplicity 0..1
Type EcucIntegerParamDef
Range 1 .. 4294967295
Default value --
Post-Build Variant Value false
Multiplicity Configuration Pre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local
dependency: This parameter is only relevant if CsmJobInterfaceUsePort is
configured as CRYPTO_USE_PORT.

SWS Item ECUC_Csm_00309 :

Name CsmRandomGenerateAlgorithmFamilyCustomRef
Parent Container CsmRandomGenerateConfig
Description Reference to a customer specific algorithm family custom container
Multiplicity 0..1
Type Symbolic name reference to [ CryptoPrimitiveAlgorithmFamilyCustom ]
Multiplicity ConfigurationPre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local
dependency: This reference shall only be present if
CsmRandomGenerateAlgorithmFamily is set to
CRYPTO_ALGOFAM_CUSTOM.

SWS Item ECUC_Csm_00310 :

Name CsmRandomGenerateAlgorithmModeCustomRef
Parent Container CsmRandomGenerateConfig
Description Reference to a customer specific algorithm mode custom container
Multiplicity 0..1
Type Symbolic name reference to [ CryptoPrimitiveAlgorithmModeCustom ]
Multiplicity ConfigurationPre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local
dependency: This reference shall only be present if

235 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

CsmRandomGenerateAlgorithmMode is set to
CRYPTO_ALGOMODE_CUSTOM.

SWS Item ECUC_Csm_00311 :

Name CsmRandomGenerateAlgorithmSecondaryFamilyCustomRef
Parent Container CsmRandomGenerateConfig
Description Reference to a customer specific algorithm family container in the Crypto
Driver
Multiplicity 0..1
Type Symbolic name reference to [ CryptoPrimitiveAlgorithmFamilyCustom ]
Multiplicity Configuration Pre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local
dependency: This reference shall only be present if
CsmRandomGenerateSecondaryAlgorithmFamily is set to
CRYPTO_ALGOFAM_CUSTOM.

No Included Containers

236 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

CsmJobKeySetValid:
EcucParamConfContainerDef

lowerMultiplicity = 0
upperMultiplicity = 1

+subContainer

CsmJobKeySetValidConfig: CsmJobKeySetValidAlgorithmFamily: EcucEnumerationParamDef

EcucParamConfContainerDef +parameter
lowerMultiplicity = 1
upperMultiplicity = 1

+literal +literal

CRYPTO_ALGOFAM_CUSTOM: CRYPTO_ALGOFAM_NOT_SET:
EcucEnumerationLiteralDef EcucEnumerationLiteralDef

+literal
(from CryptoDrv) +literal
(from CryptoDrv)

CsmJobKeySetValidAlgorithmSecondaryFamily: EcucEnumerationParamDef
+parameter
lowerMultiplicity = 1
upperMultiplicity = 1

CsmJobKeySetValidAlgorithmMode: +literal CRYPTO_ALGOMODE_CUSTOM:

EcucEnumerationParamDef EcucEnumerationLiteralDef
+parameter lowerMultiplicity = 1
upperMultiplicity = 1

+literal CRYPTO_ALGOMODE_NOT_SET:
EcucEnumerationLiteralDef

CsmJobKeySetValidAlgorithmFamilyCustomRef: CryptoPrimitiveAlgorithmFamilyCustom:
+reference EcucReferenceDef +destination EcucParamConfContainerDef

lowerMultiplicity = 0 lowerMultiplicity = 0
upperMultiplicity = 1 upperMultiplicity = *
requiresSymbolicNameValue = true

CsmJobKeySetValidAlgorithmSecondaryFamilyCustomRef:
+reference EcucReferenceDef +destination
lowerMultiplicity = 0
upperMultiplicity = 1
requiresSymbolicNameValue = true

(from CryptoDrv)

CsmJobKeySetValidAlgorithmModeCustomRef: CryptoPrimitiveAlgorithmModeCustom:
+reference EcucReferenceDef +destination EcucParamConfContainerDef

lowerMultiplicity = 0 lowerMultiplicity = 0
upperMultiplicity = 1 upperMultiplicity = *
requiresSymbolicNameValue = true

(from CryptoDrv)

Figure 9-22 CsmJobKeySetValid Layout

10.2.33 CsmJobKeySetValid

SWS Item ECUC_Csm_00196 :

Container Name CsmJobKeySetValid
Parent Container CsmPrimitives
Description Configurations of KeySetValid primitives
Configuration Parameters

Included Containers
Container Name Multiplicity Scope / Dependency

237 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Container for configuration of a CSM key set valid operation.

CsmJobKeySetValidConfig 1 The container name serves as a symbolic name for the
identifier of a key configuration.

10.2.34 CsmJobKeySetValidConfig

SWS Item ECUC_Csm_00204 :

Container Name CsmJobKeySetValidConfig
Parent Container CsmJobKeySetValid
Container for configuration of a CSM key set valid operation. The container
Description
name serves as a symbolic name for the identifier of a key configuration.
Configuration Parameters

SWS Item ECUC_Csm_00328 :

Name CsmJobKeySetValidAlgorithmFamily
Parent Container CsmJobKeySetValidConfig
Description Determines the algorithm family used for the crypto service. This parameter defines
the most significant part of the algorithm.
Multiplicity 1
Type EcucEnumerationParamDef
Range CRYPTO_ALGOFAM_CUSTOM 0xFF
CRYPTO_ALGOFAM_NOT_SET 0x00
Multiplicity Pre-compile time X All Variants
Configuration Link time --
Class Post-build time --
Value Pre-compile time X All Variants
Configuration Link time --
Class Post-build time --
Scope / scope: local
Dependency

SWS Item ECUC_Csm_00329 :

Name CsmJobKeySetValidAlgorithmMode
Parent Container CsmJobKeySetValidConfig
Description Determines the algorithm mode used for the crypto service.
Multiplicity 1
Type EcucEnumerationParamDef
Range CRYPTO_ALGOMODE_CUSTOM 0xFF
CRYPTO_ALGOMODE_NOT_SET 0x00
Multiplicity Pre-compile time X All Variants
Configuration Link time --
Class Post-build time --
Value Pre-compile time X All Variants
Configuration Link time --
Class Post-build time --
Scope / scope: local
Dependency

SWS Item ECUC_Csm_00340 :

Name CsmJobKeySetValidAlgorithmSecondaryFamily
Parent Container CsmJobKeySetValidConfig
Description Determines the secondary algorithm family used for the crypto service.
Multiplicity 1
238 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager
 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Type EcucEnumerationParamDef
Range CRYPTO_ALGOFAM_CUSTOM 0xFF
CRYPTO_ALGOFAM_NOT_SET 0x00
Multiplicity Pre-compile time X All Variants
Configuration Link time --
Class Post-build time --
Value Pre-compile time X All Variants
Configuration Link time --
Class Post-build time --
Scope / scope: local
Dependency

SWS Item ECUC_Csm_00330 :

Name CsmJobKeySetValidAlgorithmFamilyCustomRef
Parent Container CsmJobKeySetValidConfig
Description Reference to a customer specific algorithm family custom container
Multiplicity 0..1
Type Symbolic name reference to [ CryptoPrimitiveAlgorithmFamilyCustom ]
Multiplicity ConfigurationPre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local
dependency: This reference shall only be present if
CsmJobKeySetValidAlgorithmFamily is set to
CRYPTO_ALGOFAM_CUSTOM.

SWS Item ECUC_Csm_00331 :

Name CsmJobKeySetValidAlgorithmModeCustomRef
Parent Container CsmJobKeySetValidConfig
Description Reference to a customer specific algorithm mode custom container
Multiplicity 0..1
Type Symbolic name reference to [ CryptoPrimitiveAlgorithmModeCustom ]
Multiplicity ConfigurationPre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local
dependency: This reference shall only be present if
CsmJobKeySetValidAlgorithmMode is set to
CRYPTO_ALGOMODE_CUSTOM.

SWS Item ECUC_Csm_00332 :

Name CsmJobKeySetValidAlgorithmSecondaryFamilyCustomRef
Parent Container CsmJobKeySetValidConfig
Description Reference to a customer specific algorithm family container in the Crypto
Driver
Multiplicity 0..1
Type Symbolic name reference to [ CryptoPrimitiveAlgorithmFamilyCustom ]
Multiplicity Configuration Pre-compile time X All Variants
Class Link time --
Post-build time --
239 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager
 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Value Configuration Class Pre-compile time X All Variants

Link time --
Post-build time --
Scope / Dependency scope: local
dependency: This reference shall only be present if
CsmJobKeySetValidSecondaryAlgorithmFamily is set to
CRYPTO_ALGOFAM_CUSTOM.

No Included Containers

CsmJobKeySetInvalid:
EcucParamConfContainerDef

lowerMultiplicity = 0
upperMultiplicity = 1

+subContainer

CsmJobKeySetInvalidConfig: CsmJobKeySetInvalidAlgorithmFamily: EcucEnumerationParamDef

EcucParamConfContainerDef +parameter
lowerMultiplicity = 1
lowerMultiplicity = 1 upperMultiplicity = 1
upperMultiplicity = 1

+literal +literal

CRYPTO_ALGOFAM_CUSTOM: CRYPTO_ALGOFAM_NOT_SET:
EcucEnumerationLiteralDef EcucEnumerationLiteralDef

+literal
(from CryptoDrv) +literal
(from CryptoDrv)

CsmJobKeySetInvalidAlgorithmSecondaryFamily: EcucEnumerationParamDef
+parameter
lowerMultiplicity = 1
upperMultiplicity = 1

CsmJobKeySetInvalidAlgorithmMode: +literal CRYPTO_ALGOMODE_CUSTOM:

EcucEnumerationParamDef EcucEnumerationLiteralDef

+parameter lowerMultiplicity = 1
upperMultiplicity = 1

+literal CRYPTO_ALGOMODE_NOT_SET:
EcucEnumerationLiteralDef

CsmJobKeySetInvalidAlgorithmFamilyCustomRef: CryptoPrimitiveAlgorithmFamilyCustom:
+reference EcucReferenceDef +destination EcucParamConfContainerDef

lowerMultiplicity = 0 lowerMultiplicity = 0
upperMultiplicity = 1 upperMultiplicity = *
requiresSymbolicNameValue = true

CsmJobKeySetInvalidAlgorithmSecondaryFamilyCustomRef:
+reference EcucReferenceDef +destination
lowerMultiplicity = 0
upperMultiplicity = 1
requiresSymbolicNameValue = true

(from CryptoDrv)

CsmJobKeySetInvalidAlgorithmModeCustomRef: CryptoPrimitiveAlgorithmModeCustom:
+reference EcucReferenceDef +destination EcucParamConfContainerDef

lowerMultiplicity = 0 lowerMultiplicity = 0
upperMultiplicity = 1 upperMultiplicity = *
requiresSymbolicNameValue = true

(from CryptoDrv)

Figure 9-23 CsmJobKeySetInvalid Layout

240 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

10.2.35 CsmJobKeySetInvalid

SWS Item ECUC_Csm_00333 :

Container Name CsmJobKeySetInvalid
Parent Container CsmPrimitives
Description Configurations of KeySetInvalid primitives
Configuration Parameters

Included Containers
Container Name Multiplicity Scope / Dependency
CsmJobKeySetInvalidConfig 1 Container for configuration of a CSM key set invalid operation.

10.2.36 CsmJobKeySetInvalidConfig

SWS Item ECUC_Csm_00334 :

Container Name CsmJobKeySetInvalidConfig
Parent Container CsmJobKeySetInvalid
Description Container for configuration of a CSM key set invalid operation.
Configuration Parameters

SWS Item ECUC_Csm_00335 :

Name CsmJobKeySetInvalidAlgorithmFamily
Parent Container CsmJobKeySetInvalidConfig
Description Determines the algorithm family used for the crypto service. This parameter defines
the most significant part of the algorithm.
Multiplicity 1
Type EcucEnumerationParamDef
Range CRYPTO_ALGOFAM_CUSTOM 0xFF
CRYPTO_ALGOFAM_NOT_SET 0x00
Multiplicity Pre-compile time X All Variants
Configuration Link time --
Class Post-build time --
Value Pre-compile time X All Variants
Configuration Link time --
Class Post-build time --
Scope / scope: local
Dependency

SWS Item ECUC_Csm_00336 :

Name CsmJobKeySetInvalidAlgorithmMode
Parent Container CsmJobKeySetInvalidConfig
Description Determines the algorithm mode used for the crypto service.
Multiplicity 1
Type EcucEnumerationParamDef
Range CRYPTO_ALGOMODE_CUSTOM 0xFF
CRYPTO_ALGOMODE_NOT_SET 0x00
Multiplicity Pre-compile time X All Variants
Configuration Link time --
Class Post-build time --
Value Pre-compile time X All Variants
Configuration Link time --
Class Post-build time --

241 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Scope / scope: local

Dependency

SWS Item ECUC_Csm_00341 :

Name CsmJobKeySetInvalidAlgorithmSecondaryFamily
Parent Container CsmJobKeySetInvalidConfig
Description Determines the secondary algorithm family used for the crypto service.
Multiplicity 1
Type EcucEnumerationParamDef
Range CRYPTO_ALGOFAM_CUSTOM 0xFF
CRYPTO_ALGOFAM_NOT_SET 0x00
Multiplicity Pre-compile time X All Variants
Configuration Link time --
Class Post-build time --
Value Pre-compile time X All Variants
Configuration Link time --
Class Post-build time --
Scope / scope: local
Dependency

SWS Item ECUC_Csm_00337 :

Name CsmJobKeySetInvalidAlgorithmFamilyCustomRef
Parent Container CsmJobKeySetInvalidConfig
Description Reference to a customer specific algorithm family custom container
Multiplicity 0..1
Type Symbolic name reference to [ CryptoPrimitiveAlgorithmFamilyCustom ]
Multiplicity ConfigurationPre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local
dependency: This reference shall only be present if
CsmJobKeySetInvalidAlgorithmFamily is set to
CRYPTO_ALGOFAM_CUSTOM.

SWS Item ECUC_Csm_00339 :

Name CsmJobKeySetInvalidAlgorithmModeCustomRef
Parent Container CsmJobKeySetInvalidConfig
Description Reference to a customer specific algorithm mode custom container
Multiplicity 0..1
Type Symbolic name reference to [ CryptoPrimitiveAlgorithmModeCustom ]
Multiplicity ConfigurationPre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local
dependency: This reference shall only be present if
CsmJobKeySetInvalidAlgorithmMode is set to
CRYPTO_ALGOMODE_CUSTOM.

SWS Item ECUC_Csm_00338 :

Name CsmJobKeySetInvalidAlgorithmSecondaryFamilyCustomRef
242 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager
 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Parent Container CsmJobKeySetInvalidConfig

Description Reference to a customer specific algorithm family container in the Crypto
Driver
Multiplicity 0..1
Type Symbolic name reference to [ CryptoPrimitiveAlgorithmFamilyCustom ]
Multiplicity Configuration Pre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local
dependency: This reference shall only be present if
CsmJobKeySetInvalidAlgorithmSecondaryFamily is set to
CRYPTO_ALGOFAM_CUSTOM.

No Included Containers

243 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

CsmJobRandomSeed: CsmJobRandomSeedAlgorithmMode: +literal CRYPTO_ALGOMODE_CMAC:

EcucParamConfContainerDef EcucEnumerationParamDef EcucEnumerationLiteralDef

lowerMultiplicity = 0
upperMultiplicity = 1
+literal CRYPTO_ALGOMODE_CUSTOM:
EcucEnumerationLiteralDef

+subContainer
+literal CRYPTO_ALGOMODE_HMAC:
CsmJobRandomSeedConfig:
EcucEnumerationLiteralDef
EcucParamConfContainerDef

+literal CRYPTO_ALGOMODE_SIPHASH_2_4:
EcucEnumerationLiteralDef

+literal CRYPTO_ALGOMODE_CTRDRBG:
EcucEnumerationLiteralDef
+parameter

+literal CRYPTO_ALGOMODE_NOT_SET:
EcucEnumerationLiteralDef

+literal CRYPTO_ALGOMODE_SIPHASH_4_8:
EcucEnumerationLiteralDef

+literal CRYPTO_ALGOMODE_GMAC:
EcucEnumerationLiteralDef

+literal CRYPTO_ALGOFAM_DRBG:
CsmJobRandomSeedAlgorithmFamily:
EcucEnumerationParamDef EcucEnumerationLiteralDef

lowerMultiplicity = 1
(from CryptoDrv)
upperMultiplicity = 1
+literal CRYPTO_ALGOFAM_FIPS186:
EcucEnumerationLiteralDef

+parameter
(from CryptoDrv)

+literal CRYPTO_ALGOFAM_RNG:
EcucEnumerationLiteralDef

(from CryptoDrv)

+literal CRYPTO_ALGOFAM_CUSTOM:
EcucEnumerationLiteralDef

(from CryptoDrv)

CsmJobRandomSeedAlgorithmFamilyCustomRef: CryptoPrimitiveAlgorithmFamilyCustom:
+reference EcucReferenceDef +destination EcucParamConfContainerDef

lowerMultiplicity = 0 lowerMultiplicity = 0
upperMultiplicity = 1 upperMultiplicity = *
requiresSymbolicNameValue = true

CsmJobRandomSeedAlgorithmSecondaryFamilyCustomRef:
+reference EcucReferenceDef +destination
lowerMultiplicity = 0
upperMultiplicity = 1
requiresSymbolicNameValue = true

(from CryptoDrv)

CsmJobRandomSeedAlgorithmModeCustomRef: CryptoPrimitiveAlgorithmModeCustom:
+reference EcucReferenceDef +destination EcucParamConfContainerDef

lowerMultiplicity = 0 lowerMultiplicity = 0
upperMultiplicity = 1 upperMultiplicity = *
requiresSymbolicNameValue = true

(from CryptoDrv)

Figure 9-24 CsmJobRandomSeed Layout

10.2.37 CsmJobRandomSeed

SWS Item ECUC_Csm_00197 :

244 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager
 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Container Name CsmJobRandomSeed

Parent Container CsmPrimitives
Description Configurations of RandomSeed primitives
Configuration Parameters

Included Containers
Container Name Multiplicity Scope / Dependency
Container for configuration of a CSM Ramdom Seed
CsmJobRandomSeedConfig 1 operation. The container name serves as a symbolic name for
the identifier of a random seed configuration.

10.2.38 CsmJobRandomSeedConfig

SWS Item ECUC_Csm_00261 :

Container Name CsmJobRandomSeedConfig
Parent Container CsmJobRandomSeed
Container for configuration of a CSM random seed operation. The
Description container name serves as a symbolic name for the identifier of a random
seed configuration.
Configuration Parameters

SWS Item ECUC_Csm_00206 :

Name CsmJobRandomSeedAlgorithmFamily
Parent Container CsmJobRandomSeedConfig
Description Determines the algorithm family used for the crypto service.
Multiplicity 1
Type EcucEnumerationParamDef
Range CRYPTO_ALGOFAM_3DES 0x13
CRYPTO_ALGOFAM_AES 0x14
CRYPTO_ALGOFAM_BLAKE_1_256 0x0F
CRYPTO_ALGOFAM_BLAKE_1_512 0x10
CRYPTO_ALGOFAM_BLAKE_2s_256 0x11
CRYPTO_ALGOFAM_BLAKE_2s_512 0x12
CRYPTO_ALGOFAM_CHACHA 0x15
CRYPTO_ALGOFAM_CUSTOM 0xFF
CRYPTO_ALGOFAM_DRBG 0x20
CRYPTO_ALGOFAM_EEA3 0x28
CRYPTO_ALGOFAM_FIPS186 0x21
CRYPTO_ALGOFAM_RIPEMD160 0x0E
CRYPTO_ALGOFAM_RNG 0x1B
CRYPTO_ALGOFAM_SHA1 0x01
CRYPTO_ALGOFAM_SHA2_224 0x02
CRYPTO_ALGOFAM_SHA2_256 0x03
CRYPTO_ALGOFAM_SHA2_384 0x04
CRYPTO_ALGOFAM_SHA2_512 0x05
CRYPTO_ALGOFAM_SHA2_512_224 0x06
CRYPTO_ALGOFAM_SHA2_512_256 0x07
CRYPTO_ALGOFAM_SHA3_224 0x08
CRYPTO_ALGOFAM_SHA3_256 0x09
CRYPTO_ALGOFAM_SHA3_384 0x0A
CRYPTO_ALGOFAM_SHA3_512 0x0B
CRYPTO_ALGOFAM_SHAKE128 0x0C
CRYPTO_ALGOFAM_SHAKE256 0x0D
245 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager
 Specification of Crypto Service Manager
AUTOSAR CP R20-11

CRYPTO_ALGOFAM_SM3 0x29
Post-Build Variant
false
Value
Multiplicity Pre-compile time X All Variants
Configuration Link time --
Class Post-build time --
Value Pre-compile time X All Variants
Configuration Link time --
Class Post-build time --
Scope / scope: local
Dependency

SWS Item ECUC_Csm_00208 :

Name CsmJobRandomSeedAlgorithmMode
Parent Container CsmJobRandomSeedConfig
Description Determines the algorithm mode used for the crypto service
Multiplicity 1
Type EcucEnumerationParamDef
Range CRYPTO_ALGOMODE_CMAC 0x10
CRYPTO_ALGOMODE_CTRDRBG 0x12
CRYPTO_ALGOMODE_CUSTOM 0xFF
CRYPTO_ALGOMODE_GMAC 0x11
CRYPTO_ALGOMODE_HMAC 0x0f
CRYPTO_ALGOMODE_NOT_SET 0x00
CRYPTO_ALGOMODE_SIPHASH_2_4 0x17
CRYPTO_ALGOMODE_SIPHASH_4_8 0x18
Post-Build Variant
false
Value
Value Pre-compile time X All Variants
Configuration Link time --
Class Post-build time --
Scope / scope: local
Dependency

SWS Item ECUC_Csm_00210 :

Name CsmJobRandomSeedAlgorithmSecondaryFamily
Parent Container CsmJobRandomSeedConfig
Description Determines the algorithm family used for the crypto service.
Multiplicity 1
Type EcucEnumerationParamDef
Range CRYPTO_ALGOFAM_3DES 0x13
CRYPTO_ALGOFAM_AES 0x14
CRYPTO_ALGOFAM_BLAKE_1_256 0x0F
CRYPTO_ALGOFAM_BLAKE_1_512 0x10
CRYPTO_ALGOFAM_BLAKE_2s_256 0x11
CRYPTO_ALGOFAM_BLAKE_2s_512 0x12
CRYPTO_ALGOFAM_CHACHA 0x15
CRYPTO_ALGOFAM_CUSTOM 0xFF
CRYPTO_ALGOFAM_NOT_SET 0x00
CRYPTO_ALGOFAM_RIPEMD160 0x0E
CRYPTO_ALGOFAM_SHA1 0x01
CRYPTO_ALGOFAM_SHA2_224 0x02
CRYPTO_ALGOFAM_SHA2_256 0x03
CRYPTO_ALGOFAM_SHA2_384 0x04
CRYPTO_ALGOFAM_SHA2_512 0x05
CRYPTO_ALGOFAM_SHA2_512_224 0x06
246 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager
 Specification of Crypto Service Manager
AUTOSAR CP R20-11

CRYPTO_ALGOFAM_SHA2_512_256 0x07
CRYPTO_ALGOFAM_SHA3_224 0x08
CRYPTO_ALGOFAM_SHA3_256 0x09
CRYPTO_ALGOFAM_SHA3_384 0x0A
CRYPTO_ALGOFAM_SHA3_512 0x0B
CRYPTO_ALGOFAM_SHAKE128 0x0C
CRYPTO_ALGOFAM_SHAKE256 0x0D
Post-Build Variant
false
Value
Value Pre-compile time X All Variants
Configuration Link time --
Class Post-build time --
Scope / scope: local
Dependency

SWS Item ECUC_Csm_00312 :

Name CsmJobRandomSeedAlgorithmFamilyCustomRef
Parent Container CsmJobRandomSeedConfig
Description Reference to a customer specific algorithm family custom container
Multiplicity 0..1
Type Symbolic name reference to [ CryptoPrimitiveAlgorithmFamilyCustom ]
Multiplicity ConfigurationPre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local
dependency: This reference shall only be present if
CsmJobRandomSeedAlgorithmFamily is set to
CRYPTO_ALGOFAM_CUSTOM.

SWS Item ECUC_Csm_00313 :

Name CsmJobRandomSeedAlgorithmModeCustomRef
Parent Container CsmJobRandomSeedConfig
Description Reference to a customer specific algorithm mode custom container
Multiplicity 0..1
Type Symbolic name reference to [ CryptoPrimitiveAlgorithmModeCustom ]
Multiplicity ConfigurationPre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local
dependency: This parameter shall only be present if
CsmJobRandomSeedAlgorithmMode is set to
CRYPTO_ALGOMODE_CUSTOM.

SWS Item ECUC_Csm_00314 :

Name CsmJobRandomSeedAlgorithmSecondaryFamilyCustomRef
Parent Container CsmJobRandomSeedConfig
Description Reference to a customer specific algorithm family container in the Crypto
Driver
Multiplicity 0..1
Type Symbolic name reference to [ CryptoPrimitiveAlgorithmFamilyCustom ]
247 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager
 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Multiplicity ConfigurationPre-compile time X All Variants

Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local
dependency: This parameter shall only be present if
CsmJobRandomSeedSecondaryAlgorithmFamily is set to
CRYPTO_ALGOFAM_CUSTOM.

No Included Containers

248 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

CsmJobKeyDerive: CsmJobKeyDeriveAlgorithmFamily: +literal CRYPTO_ALGOFAM_HKDF:

EcucParamConfContainerDef EcucEnumerationParamDef EcucEnumerationLiteralDef

lowerMultiplicity = 0
upperMultiplicity = 1 (from CryptoDrv)

+literal CRYPTO_ALGOFAM_PBKDF2:
EcucEnumerationLiteralDef

(from CryptoDrv)

+subContainer +literal CRYPTO_ALGOFAM_KDFX963:

EcucEnumerationLiteralDef
CsmJobKeyDeriveConfig:
EcucParamConfContainerDef
+parameter (from CryptoDrv)

+literal CRYPTO_ALGOFAM_CUSTOM:
EcucEnumerationLiteralDef

(from CryptoDrv)

CsmJobKeyDeriveAlgorithmMode: +literal CRYPTO_ALGOMODE_CMAC:

EcucEnumerationParamDef EcucEnumerationLiteralDef

+literal CRYPTO_ALGOMODE_CTRDRBG:
EcucEnumerationLiteralDef

+literal CRYPTO_ALGOMODE_CUSTOM:
EcucEnumerationLiteralDef

+literal CRYPTO_ALGOMODE_GMAC:
EcucEnumerationLiteralDef
+parameter

+literal CRYPTO_ALGOMODE_NOT_SET:
EcucEnumerationLiteralDef

+literal CRYPTO_ALGOMODE_HMAC:
EcucEnumerationLiteralDef

+literal CRYPTO_ALGOMODE_SIPHASH_2_4:
EcucEnumerationLiteralDef

+literal CRYPTO_ALGOMODE_SIPHASH_4_8:
EcucEnumerationLiteralDef

CsmJobKeyDeriveAlgorithmFamilyCustomRef: CryptoPrimitiveAlgorithmFamilyCustom:
+reference EcucReferenceDef +destination EcucParamConfContainerDef

lowerMultiplicity = 0 lowerMultiplicity = 0
upperMultiplicity = 1 upperMultiplicity = *
requiresSymbolicNameValue = true

CsmJobKeyDeriveAlgorithmSecondaryFamilyCustomRef:
+reference EcucReferenceDef +destination

lowerMultiplicity = 0
upperMultiplicity = 1
requiresSymbolicNameValue = true

(from CryptoDrv)

CsmJobKeyDeriveAlgorithmModeCustomRef: CryptoPrimitiveAlgorithmModeCustom:
+reference EcucReferenceDef +destination EcucParamConfContainerDef

lowerMultiplicity = 0 lowerMultiplicity = 0
upperMultiplicity = 1 upperMultiplicity = *
requiresSymbolicNameValue = true

(from CryptoDrv)

Figure 9-25 CsmJobKeyDerive Layout

249 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

10.2.39 CsmJobKeyDerive

SWS Item ECUC_Csm_00198 :

Container Name CsmJobKeyDerive
Parent Container CsmPrimitives
Description Configurations of KeyDerive primitives
Configuration Parameters

Included Containers
Container Name Multiplicity Scope / Dependency
Container for configuration of a CSM key derive operation. The
CsmJobKeyDeriveConfig 1 container name serves as a symbolic name for the identifier of
a key derive configuration.

10.2.40 CsmJobKeyDeriveConfig

SWS Item ECUC_Csm_00213 :

Container Name CsmJobKeyDeriveConfig
Parent Container CsmJobKeyDerive
Container for configuration of a CSM key derive operation. The container
Description name serves as a symbolic name for the identifier of a key derive
configuration.
Configuration Parameters

SWS Item ECUC_Csm_00215 :

Name CsmJobKeyDeriveAlgorithmFamily
Parent Container CsmJobKeyDeriveConfig
Description Determines the algorithm family used for the crypto service. This parameter defines
the most significant part of the algorithm.
Multiplicity 1
Type EcucEnumerationParamDef
Range CRYPTO_ALGOFAM_CUSTOM 0xFF
CRYPTO_ALGOFAM_HKDF 0x2B
CRYPTO_ALGOFAM_KDFX963 0x25
CRYPTO_ALGOFAM_PBKDF2 0x24
Post-Build Variant
false
Value
Value Pre-compile time X All Variants
Configuration Link time --
Class Post-build time --
Scope / scope: local
Dependency

SWS Item ECUC_Csm_00216 :

Name CsmJobKeyDeriveAlgorithmMode
Parent Container CsmJobKeyDeriveConfig
Description Determines the algorithm mode used for the crypto service
Multiplicity 1
Type EcucEnumerationParamDef
Range CRYPTO_ALGOMODE_CMAC 0x10
CRYPTO_ALGOMODE_CTRDRBG 0x12
CRYPTO_ALGOMODE_CUSTOM 0xFF
CRYPTO_ALGOMODE_GMAC 0x11
250 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager
 Specification of Crypto Service Manager
AUTOSAR CP R20-11

CRYPTO_ALGOMODE_HMAC 0x0f
CRYPTO_ALGOMODE_NOT_SET 0x00
CRYPTO_ALGOMODE_SIPHASH_2_4 0x17
CRYPTO_ALGOMODE_SIPHASH_4_8 0x18
Post-Build Variant
false
Value
Value Pre-compile time X All Variants
Configuration Link time --
Class Post-build time --
Scope / scope: local
Dependency

SWS Item ECUC_Csm_00218 :

Name CsmJobKeyDeriveAlgorithmSecondaryFamily
Parent Container CsmJobKeyDeriveConfig
Description Determines the algorithm family used for the crypto service.
Multiplicity 1
Type EcucEnumerationParamDef
Range CRYPTO_ALGOFAM_BLAKE_1_256 0x0F
CRYPTO_ALGOFAM_BLAKE_1_512 0x10
CRYPTO_ALGOFAM_BLAKE_2s_256 0x11
CRYPTO_ALGOFAM_BLAKE_2s_512 0x12
CRYPTO_ALGOFAM_CUSTOM 0xFF
CRYPTO_ALGOFAM_NOT_SET 0x00
CRYPTO_ALGOFAM_RIPEMD160 0x0E
CRYPTO_ALGOFAM_SHA1 0x01
CRYPTO_ALGOFAM_SHA2_224 0x02
CRYPTO_ALGOFAM_SHA2_256 0x03
CRYPTO_ALGOFAM_SHA2_384 0x04
CRYPTO_ALGOFAM_SHA2_512 0x05
CRYPTO_ALGOFAM_SHA2_512_224 0x06
CRYPTO_ALGOFAM_SHA2_512_256 0x07
CRYPTO_ALGOFAM_SHA3_224 0x08
CRYPTO_ALGOFAM_SHA3_256 0x09
CRYPTO_ALGOFAM_SHA3_384 0x0A
CRYPTO_ALGOFAM_SHA3_512 0x0B
CRYPTO_ALGOFAM_SHAKE128 0x0C
CRYPTO_ALGOFAM_SHAKE256 0x0D
Default value CRYPTO_ALGOFAM_NOT_SET
Post-Build Variant
false
Value
Value Pre-compile time X All Variants
Configuration Link time --
Class Post-build time --
Scope / scope: local
Dependency

SWS Item ECUC_Csm_00315 :

Name CsmJobKeyDeriveAlgorithmFamilyCustomRef
Parent Container CsmJobKeyDeriveConfig
Description Reference to a customer specific algorithm family custom container
Multiplicity 0..1
Type Symbolic name reference to [ CryptoPrimitiveAlgorithmFamilyCustom ]
Multiplicity Configuration Pre-compile time X All Variants
Class Link time --
Post-build time --
251 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager
 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Value Configuration Class Pre-compile time X All Variants

Link time --
Post-build time --
Scope / Dependency scope: local
dependency: This reference shall only be present if
CsmJobKeyDeriveAlgorithmFamily is set to
CRYPTO_ALGOFAM_CUSTOM.

SWS Item ECUC_Csm_00316 :

Name CsmJobKeyDeriveAlgorithmModeCustomRef
Parent Container CsmJobKeyDeriveConfig
Description Reference to a customer specific algorithm mode custom container
Multiplicity 0..1
Type Symbolic name reference to [ CryptoPrimitiveAlgorithmModeCustom ]
Multiplicity ConfigurationPre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency dependency: This reference shall only be present if
CsmJobKeyDeriveAlgorithmMode is set to
CRYPTO_ALGOMODE_CUSTOM.

SWS Item ECUC_Csm_00317 :

Name CsmJobKeyDeriveAlgorithmSecondaryFamilyCustomRef
Parent Container CsmJobKeyDeriveConfig
Description Reference to a customer specific algorithm family container in the Crypto
Driver
Multiplicity 0..1
Type Symbolic name reference to [ CryptoPrimitiveAlgorithmFamilyCustom ]
Multiplicity Configuration Pre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local
dependency: This reference shall only be present if
CsmJobKeyDeriveSecondaryAlgorithmFamily is set to
CRYPTO_ALGOFAM_CUSTOM.

No Included Containers

252 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

CsmJobKeyGenerate: CsmJobKeyGenerateAlgorithmMode: +literal CRYPTO_ALGOMODE_CUSTOM:

EcucParamConfContainerDef EcucEnumerationParamDef EcucEnumerationLiteralDef

lowerMultiplicity = 0 defaultValue = CRYPTO_ALGOMODE_NOT_SET

upperMultiplicity = 1
+literal CRYPTO_ALGOMODE_NOT_SET:
EcucEnumerationLiteralDef

+subContainer +literal CRYPTO_ALGOFAM_ECCANSI:

EcucEnumerationLiteralDef
CsmJobKeyGenerateConfig:
EcucParamConfContainerDef
(from CryptoDrv)

+literal CRYPTO_ALGOFAM_ECCSEC:
EcucEnumerationLiteralDef

(from CryptoDrv)

+literal CRYPTO_ALGOFAM_X25519:
EcucEnumerationLiteralDef

+parameter (from CryptoDrv)

+literal CRYPTO_ALGOFAM_ED25519:
EcucEnumerationLiteralDef

(from CryptoDrv)

+literal CRYPTO_ALGOFAM_ECCNIST:
EcucEnumerationLiteralDef

(from CryptoDrv)

+literal CRYPTO_ALGOFAM_ECDH:
EcucEnumerationLiteralDef

(from CryptoDrv)

CsmJobKeyGenerateAlgorithmSecondaryFamily: +literal CRYPTO_ALGOFAM_NOT_SET:

EcucEnumerationParamDef EcucEnumerationLiteralDef
+parameter
defaultValue = CRYPTO_ALGOFAM_NOT_SET
(from CryptoDrv)

+literal
CRYPTO_ALGOFAM_CUSTOM:
EcucEnumerationLiteralDef

+literal
CsmJobKeyGenerateAlgorithmFamily:
+parameter EcucEnumerationParamDef
(from CryptoDrv)

CsmJobKeyGenerateAlgorithmFamilyCustomRef: CryptoPrimitiveAlgorithmFamilyCustom:
+reference EcucReferenceDef +destination EcucParamConfContainerDef

lowerMultiplicity = 0 lowerMultiplicity = 0
upperMultiplicity = 1 upperMultiplicity = *
requiresSymbolicNameValue = true

CsmJobKeyGenerateAlgorithmSecondaryFamilyCustomRef:
+reference EcucReferenceDef +destination
lowerMultiplicity = 0
upperMultiplicity = 1
requiresSymbolicNameValue = true

(from CryptoDrv)

CsmJobKeyGenerateAlgorithmModeCustomRef: CryptoPrimitiveAlgorithmModeCustom:
+reference EcucReferenceDef +destination EcucParamConfContainerDef

lowerMultiplicity = 0 lowerMultiplicity = 0
upperMultiplicity = 1 upperMultiplicity = *
requiresSymbolicNameValue = true

(from CryptoDrv)

Figure 9-26 CsmJobKeyGenerate Layout

253 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

10.2.41 CsmJobKeyGenerate

SWS Item ECUC_Csm_00199 :

Container Name CsmJobKeyGenerate
Parent Container CsmPrimitives
Description Configurations of KeyGenerate primitives
Configuration Parameters

Included Containers
Container Name Multiplicity Scope / Dependency
Container for configuration of a CSM key generate operation.
CsmJobKeyGenerateConfig 1 The container name serves as a symbolic name for the
identifier of a key generate configuration.

10.2.42 CsmJobKeyGenerateConfig

SWS Item ECUC_Csm_00220 :

Container Name CsmJobKeyGenerateConfig
Parent Container CsmJobKeyGenerate
Container for configuration of a CSM key generate operation. The
Description container name serves as a symbolic name for the identifier of a key
generate configuration.
Configuration Parameters

SWS Item ECUC_Csm_00222 :

Name CsmJobKeyGenerateAlgorithmFamily
Parent Container CsmJobKeyGenerateConfig
Description Determines the algorithm family used for the crypto service. This parameter defines
the most significant part of the algorithm.
Multiplicity 1
Type EcucEnumerationParamDef
Range CRYPTO_ALGOFAM_CUSTOM 0xFF
Post-Build Variant
false
Value
Value Pre-compile time X All Variants
Configuration Link time --
Class Post-build time --
Scope / scope: local
Dependency

SWS Item ECUC_Csm_00223 :

Name CsmJobKeyGenerateAlgorithmMode
Parent Container CsmJobKeyGenerateConfig
Description Determines the algorithm mode used for the crypto service
Multiplicity 1
Type EcucEnumerationParamDef
Range CRYPTO_ALGOFAM_ECCANSI 0x1e
CRYPTO_ALGOFAM_ECCNIST 0x19
CRYPTO_ALGOFAM_ECCSEC 0x1f
CRYPTO_ALGOFAM_ECDH 0x2F
CRYPTO_ALGOFAM_ED25519 0x17
CRYPTO_ALGOFAM_X25519 0x2E

254 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

CRYPTO_ALGOMODE_CUSTOM 0xFF
CRYPTO_ALGOMODE_NOT_SET 0x00
Default value CRYPTO_ALGOMODE_NOT_SET
Post-Build Variant
false
Value
Value Pre-compile time X All Variants
Configuration Link time --
Class Post-build time --
Scope / scope: local
Dependency

SWS Item ECUC_Csm_00225 :

Name CsmJobKeyGenerateAlgorithmSecondaryFamily
Parent Container CsmJobKeyGenerateConfig
Description Determines the algorithm family used for the crypto service.
Multiplicity 1
Type EcucEnumerationParamDef
Range CRYPTO_ALGOFAM_CUSTOM 0xFF
CRYPTO_ALGOFAM_NOT_SET 0x00
Default value CRYPTO_ALGOFAM_NOT_SET
Post-Build Variant
false
Value
Value Pre-compile time X All Variants
Configuration Link time --
Class Post-build time --
Scope / scope: local
Dependency

SWS Item ECUC_Csm_00318 :

Name CsmJobKeyGenerateAlgorithmFamilyCustomRef
Parent Container CsmJobKeyGenerateConfig
Description Reference to a customer specific algorithm family custom container
Multiplicity 0..1
Type Symbolic name reference to [ CryptoPrimitiveAlgorithmFamilyCustom ]
Multiplicity ConfigurationPre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local
dependency: This reference shall only be present if
CsmJobKeyGenerateAlgorithmFamily is set to
CRYPTO_ALGOFAM_CUSTOM.

SWS Item ECUC_Csm_00319 :

Name CsmJobKeyGenerateAlgorithmModeCustomRef
Parent Container CsmJobKeyGenerateConfig
Description Reference to a customer specific algorithm mode custom container
Multiplicity 0..1
Type Symbolic name reference to [ CryptoPrimitiveAlgorithmModeCustom ]
Multiplicity ConfigurationPre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
255 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager
 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Post-build time --
Scope / Dependency scope: local
dependency: This reference shall only be present if
CsmJobKeyGenerateAlgorithmMode is set to
CRYPTO_ALGOMODE_CUSTOM.

SWS Item ECUC_Csm_00320 :

Name CsmJobKeyGenerateAlgorithmSecondaryFamilyCustomRef
Parent Container CsmJobKeyGenerateConfig
Description Reference to a customer specific algorithm family container in the Crypto
Driver
Multiplicity 0..1
Type Symbolic name reference to [ CryptoPrimitiveAlgorithmFamilyCustom ]
Multiplicity Configuration Pre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local
dependency: This reference shall only be present if
CsmJobKeyGenerateSecondaryAlgorithmFamily is set to
CRYPTO_ALGOFAM_CUSTOM.

No Included Containers

256 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

CsmJobKeyExchangeCalcPubValAlgorithmFamily: +literal CRYPTO_ALGOFAM_RSA:

CsmJobKeyExchangeCalcPubVal:
EcucParamConfContainerDef EcucEnumerationParamDef EcucEnumerationLiteralDef

lowerMultiplicity = 0
(from CryptoDrv)
upperMultiplicity = 1

+literal CRYPTO_ALGOFAM_ECDH:
+subContainer EcucEnumerationLiteralDef

CsmJobKeyExchangeCalcPubValConfig: (from CryptoDrv)

EcucParamConfContainerDef

+literal CRYPTO_ALGOFAM_DH:
+parameter
EcucEnumerationLiteralDef

(from CryptoDrv)

+literal
CRYPTO_ALGOFAM_CUSTOM:
EcucEnumerationLiteralDef
+literal
CsmJobKeyExchangeCalcPubValAlgorithmSecondaryFamily:
EcucEnumerationParamDef (from CryptoDrv)
+literal CRYPTO_ALGOFAM_NOT_SET:
EcucEnumerationLiteralDef

(from CryptoDrv)

+literal CRYPTO_ALGOFAM_ECCNIST:
EcucEnumerationLiteralDef

(from CryptoDrv)
+parameter
+literal CRYPTO_ALGOFAM_ECCANSI:
EcucEnumerationLiteralDef

(from CryptoDrv)

+literal CRYPTO_ALGOFAM_ECCSEC:
EcucEnumerationLiteralDef

(from CryptoDrv)

+literal CRYPTO_ALGOFAM_X25519:
EcucEnumerationLiteralDef

(from CryptoDrv)

CsmJobKeyExchangeCalcPubValAlgorithmMode: +literal CRYPTO_ALGOMODE_CUSTOM:

EcucEnumerationParamDef EcucEnumerationLiteralDef
+parameter

+literal CRYPTO_ALGOMODE_NOT_SET:
EcucEnumerationLiteralDef

CsmJobKeyExchangeCalcPubValAlgorithmFamilyCustomRef: CryptoPrimitiveAlgorithmFamilyCustom:
+reference EcucReferenceDef +destination EcucParamConfContainerDef

lowerMultiplicity = 0 lowerMultiplicity = 0
upperMultiplicity = 1 upperMultiplicity = *
requiresSymbolicNameValue = true

+destination (from CryptoDrv)

CsmJobKeyExchangeCalcPubValAlgorithmSecondaryFamilyCustomRef:
+reference EcucReferenceDef

lowerMultiplicity = 0
upperMultiplicity = 1
requiresSymbolicNameValue = true

CsmJobKeyExchangeCalcPubValAlgorithmModeCustomRef: CryptoPrimitiveAlgorithmModeCustom:
+reference EcucReferenceDef +destination EcucParamConfContainerDef

lowerMultiplicity = 0 lowerMultiplicity = 0
upperMultiplicity = 1 upperMultiplicity = *
requiresSymbolicNameValue = true

(from CryptoDrv)

Figure 9-27 CsmJobKeyExchangeCalcPubVal Layout

257 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

10.2.43 CsmJobKeyExchangeCalcPubVal

SWS Item ECUC_Csm_00200 :

Container Name CsmJobKeyExchangeCalcPubVal
Parent Container CsmPrimitives
Description Configurations of KeyExchangeCalcPubVal primitives
Configuration Parameters

Included Containers
Container Name Multiplicity Scope / Dependency
Container for configuration of a CSM
CsmJobKeyExchangeCalcPubValConfi JobKeyExchangeCalcPubVal. The container name
1
g serves as a symbolic name for the identifier of a key
configuration.

10.2.44 CsmJobKeyExchangeCalcPubValConfig

SWS Item ECUC_Csm_00226 :

Container Name CsmJobKeyExchangeCalcPubValConfig
Parent Container CsmJobKeyExchangeCalcPubVal
Container for configuration of a CSM JobKeyExchangeCalcPubVal. The
Description container name serves as a symbolic name for the identifier of a key
configuration.
Configuration Parameters

SWS Item ECUC_Csm_00227 :

Name CsmJobKeyExchangeCalcPubValAlgorithmFamily
Parent Container CsmJobKeyExchangeCalcPubValConfig
Description Determines the algorithm family used for the crypto service. This parameter defines
the most significant part of the algorithm.
Multiplicity 1
Type EcucEnumerationParamDef
Range CRYPTO_ALGOFAM_CUSTOM 0xFF
CRYPTO_ALGOFAM_DH 0x26
CRYPTO_ALGOFAM_ECDH 0x2F
CRYPTO_ALGOFAM_RSA 0x16
Post-Build Variant
false
Value
Value Pre-compile time X All Variants
Configuration Link time --
Class Post-build time --
Scope / scope: local
Dependency

SWS Item ECUC_Csm_00229 :

Name CsmJobKeyExchangeCalcPubValAlgorithmMode
Parent Container CsmJobKeyExchangeCalcPubValConfig
Description Determines the algorithm mode used for the crypto service
Multiplicity 1
Type EcucEnumerationParamDef
Range CRYPTO_ALGOMODE_CUSTOM 0xFF
CRYPTO_ALGOMODE_NOT_SET 0x00

258 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Post-Build Variant
false
Value
Value Pre-compile time X All Variants
Configuration Link time --
Class Post-build time --
Scope / scope: local
Dependency

SWS Item ECUC_Csm_00231 :

Name CsmJobKeyExchangeCalcPubValAlgorithmSecondaryFamily
Parent Container CsmJobKeyExchangeCalcPubValConfig
Description Determines the algorithm family used for the crypto service.
Multiplicity 1
Type EcucEnumerationParamDef
Range CRYPTO_ALGOFAM_CUSTOM 0xFF
CRYPTO_ALGOFAM_ECCANSI 0x1e
CRYPTO_ALGOFAM_ECCNIST 0x19
CRYPTO_ALGOFAM_ECCSEC 0x1f
CRYPTO_ALGOFAM_NOT_SET 0x00
CRYPTO_ALGOFAM_X25519 0x2E
Post-Build
false
Variant Value
Value Pre-compile time X All Variants
Configuration Link time --
Class Post-build time --
Scope / scope: local
Dependency

SWS Item ECUC_Csm_00321 :

Name CsmJobKeyExchangeCalcPubValAlgorithmFamilyCustomRef
Parent Container CsmJobKeyExchangeCalcPubValConfig
Description Reference to a customer specific algorithm family custom container
Multiplicity 0..1
Type Symbolic name reference to [ CryptoPrimitiveAlgorithmFamilyCustom ]
Multiplicity ConfigurationPre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local
dependency: This reference shall only be present if
CsmJobKeyExchangeCalcPubValAlgorithmFamily is set to
CRYPTO_ALGOFAM_CUSTOM.

SWS Item ECUC_Csm_00322 :

Name CsmJobKeyExchangeCalcPubValAlgorithmModeCustomRef
Parent Container CsmJobKeyExchangeCalcPubValConfig
Description Reference to a customer specific algorithm mode custom container
Multiplicity 0..1
Type Symbolic name reference to [ CryptoPrimitiveAlgorithmModeCustom ]
Multiplicity ConfigurationPre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
259 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager
 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Post-build time --
Scope / Dependency scope: local
dependency: This parameter shall only be present if
CsmJobKeyExchangeCalcPubValAlgorithmMode is set to
CRYPTO_ALGOMODE_CUSTOM.

SWS Item ECUC_Csm_00323 :

Name CsmJobKeyExchangeCalcPubValAlgorithmSecondaryFamilyCustomRef
Parent Container CsmJobKeyExchangeCalcPubValConfig
Description Reference to a customer specific algorithm family container in the Crypto
Driver
Multiplicity 0..1
Type Symbolic name reference to [ CryptoPrimitiveAlgorithmFamilyCustom ]
Multiplicity Configuration Pre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local
dependency: This reference shall only be present if
CsmJobKeyExchangeCalcPubValSecondaryAlgorithmFamily is set to
CRYPTO_ALGOFAM_CUSTOM.

No Included Containers

260 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

CsmJobKeyExchangeCalcSecret: CsmJobKeyExchangeCalcSecretAlgorithmFamily: +literal CRYPTO_ALGOFAM_ECDH:

EcucParamConfContainerDef EcucEnumerationParamDef EcucEnumerationLiteralDef

lowerMultiplicity = 0
upperMultiplicity = 1 (from CryptoDrv)

+literal CRYPTO_ALGOFAM_RSA:
EcucEnumerationLiteralDef

+subContainer
(from CryptoDrv)
CsmJobKeyExchangeCalcSecretConfig:
EcucParamConfContainerDef +literal CRYPTO_ALGOFAM_DH:
+parameter EcucEnumerationLiteralDef

(from CryptoDrv)
+literal
CRYPTO_ALGOFAM_CUSTOM:
EcucEnumerationLiteralDef
+literal
CsmJobKeyExchangeCalcSecretAlgorithmSecondaryFamily:
EcucEnumerationParamDef
(from CryptoDrv)

+literal CRYPTO_ALGOFAM_NOT_SET:
EcucEnumerationLiteralDef

(from CryptoDrv)

+literal CRYPTO_ALGOFAM_ECCNIST:
EcucEnumerationLiteralDef

+parameter (from CryptoDrv)

+literal CRYPTO_ALGOFAM_ECCSEC:
EcucEnumerationLiteralDef

(from CryptoDrv)

+literal CRYPTO_ALGOFAM_ECCANSI:
EcucEnumerationLiteralDef

(from CryptoDrv)

+literal CRYPTO_ALGOFAM_X25519:
EcucEnumerationLiteralDef

(from CryptoDrv)

CRYPTO_ALGOMODE_CUSTOM:
+literal
EcucEnumerationLiteralDef
CsmJobKeyExchangeCalcSecretAlgorithmMode:
+parameter EcucEnumerationParamDef

+literal CRYPTO_ALGOMODE_NOT_SET:
EcucEnumerationLiteralDef

CsmJobKeyExchangeCalcSecretAlgorithmFamilyCustomRef: CryptoPrimitiveAlgorithmFamilyCustom:
+reference EcucReferenceDef +destination EcucParamConfContainerDef

lowerMultiplicity = 0 lowerMultiplicity = 0
upperMultiplicity = 1 upperMultiplicity = *
requiresSymbolicNameValue = true

+destination (from CryptoDrv)

CsmJobKeyExchangeCalcSecretAlgorithmSecondaryFamilyCustomRef:
+reference EcucReferenceDef

lowerMultiplicity = 0
upperMultiplicity = 1
requiresSymbolicNameValue = true

CsmJobKeyExchangeCalcSecretAlgorithmModeCustomRef: CryptoPrimitiveAlgorithmModeCustom:
+reference EcucReferenceDef +destination EcucParamConfContainerDef

lowerMultiplicity = 0 lowerMultiplicity = 0
upperMultiplicity = 1 upperMultiplicity = *
requiresSymbolicNameValue = true

(from CryptoDrv)

Figure 9-28 CsmJobKeyExchangeCalcSecret Layout

261 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

10.2.45 CsmJobKeyExchangeCalcSecret

SWS Item ECUC_Csm_00201 :

Container Name CsmJobKeyExchangeCalcSecret
Parent Container CsmPrimitives
Description Configurations of KeyExchangeCalcSecret primitives
Configuration Parameters

Included Containers
Container Name Multiplicity Scope / Dependency
Container for configuration of a CSM
CsmJobKeyExchangeCalcSecretConfi JobKeyExchangeCalcSecret. The container name
1
g serves as a symbolic name for the identifier of a
JobKeyExchangeCalcSecret configuration.

10.2.46 CsmJobKeyExchangeCalcSecretConfig

SWS Item ECUC_Csm_00234 :

Container Name CsmJobKeyExchangeCalcSecretConfig
Parent Container CsmJobKeyExchangeCalcSecret
Container for configuration of a CSM JobKeyExchangeCalcSecret. The
Description container name serves as a symbolic name for the identifier of a
JobKeyExchangeCalcSecret configuration.
Configuration Parameters

SWS Item ECUC_Csm_00235 :

Name CsmJobKeyExchangeCalcSecretAlgorithmFamily
Parent Container CsmJobKeyExchangeCalcSecretConfig
Description Determines the algorithm family used for the crypto service. This parameter defines
the most significant part of the algorithm.
Multiplicity 1
Type EcucEnumerationParamDef
Range CRYPTO_ALGOFAM_CUSTOM 0xFF
CRYPTO_ALGOFAM_DH 0x26
CRYPTO_ALGOFAM_ECDH 0x2F
CRYPTO_ALGOFAM_RSA 0x16
Post-Build Variant
false
Value
Value Pre-compile time X All Variants
Configuration Link time --
Class Post-build time --
Scope / scope: local
Dependency

SWS Item ECUC_Csm_00237 :

Name CsmJobKeyExchangeCalcSecretAlgorithmMode
Parent Container CsmJobKeyExchangeCalcSecretConfig
Description Determines the algorithm mode used for the crypto service
Multiplicity 1
Type EcucEnumerationParamDef
Range CRYPTO_ALGOMODE_CUSTOM 0xFF
CRYPTO_ALGOMODE_NOT_SET 0x00

262 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager

 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Post-Build Variant
false
Value
Value Pre-compile time X All Variants
Configuration Link time --
Class Post-build time --
Scope / scope: local
Dependency

SWS Item ECUC_Csm_00239 :

Name CsmJobKeyExchangeCalcSecretAlgorithmSecondaryFamily
Parent Container CsmJobKeyExchangeCalcSecretConfig
Description Determines the algorithm family used for the crypto service.
Multiplicity 1
Type EcucEnumerationParamDef
Range CRYPTO_ALGOFAM_CUSTOM 0xFF
CRYPTO_ALGOFAM_ECCANSI 0x1e
CRYPTO_ALGOFAM_ECCNIST 0x19
CRYPTO_ALGOFAM_ECCSEC 0x1f
CRYPTO_ALGOFAM_NOT_SET 0x00
CRYPTO_ALGOFAM_X25519 0x2E
Post-Build
false
Variant Value
Value Pre-compile time X All Variants
Configuration Link time --
Class Post-build time --
Scope / scope: local
Dependency

SWS Item ECUC_Csm_00324 :

Name CsmJobKeyExchangeCalcSecretAlgorithmFamilyCustomRef
Parent Container CsmJobKeyExchangeCalcSecretConfig
Description Reference to a customer specific algorithm family custom container
Multiplicity 0..1
Type Symbolic name reference to [ CryptoPrimitiveAlgorithmFamilyCustom ]
Multiplicity ConfigurationPre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local
dependency: This reference shall only be present if
CsmJobKeyExchangeCalcSecretAlgorithmFamily is set to
CRYPTO_ALGOFAM_CUSTOM.

SWS Item ECUC_Csm_00325 :

Name CsmJobKeyExchangeCalcSecretAlgorithmModeCustomRef
Parent Container CsmJobKeyExchangeCalcSecretConfig
Description Reference to a customer specific algorithm mode custom container
Multiplicity 0..1
Type Symbolic name reference to [ CryptoPrimitiveAlgorithmModeCustom ]
Multiplicity ConfigurationPre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
263 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager
 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Scope / Dependency
Post-build time --
scope: local
dependency: This reference shall only be present if
CsmJobKeyExchangeCalcSecretAlgorithmMode is set to
CRYPTO_ALGOMODE_CUSTOM.

SWS Item ECUC_Csm_00326 :

Name CsmJobKeyExchangeCalcSecretAlgorithmSecondaryFamilyCustomRef
Parent Container CsmJobKeyExchangeCalcSecretConfig
Description Reference to a customer specific algorithm family container in the Crypto
Driver
Multiplicity 0..1
Type Symbolic name reference to [ CryptoPrimitiveAlgorithmFamilyCustom ]
Multiplicity Configuration Pre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local
dependency: This reference shall only be present if
CsmJobKeyExchangeCalcSecretSecondaryAlgorithmFamily is set to
CRYPTO_ALGOFAM_CUSTOM.

No Included Containers

CsmCallbacks: CsmCallback: CsmCallbackFunc:

EcucParamConfContainerDef +subContainer EcucParamConfContainerDef +parameter EcucFunctionNameDef

lowerMultiplicity = 0 lowerMultiplicity = 0 lowerMultiplicity = 1

upperMultiplicity = 1 upperMultiplicity = * upperMultiplicity = 1

Figure 9-29 CsmCallbacks Layout

10.2.47 CsmCallbacks

SWS Item ECUC_Csm_00008 :

Container Name CsmCallbacks
Parent Container Csm
Description Container for callback function configurations
Configuration Parameters

Included Containers
Container Name Multiplicity Scope / Dependency
CsmCallback 0..* Container for configuration of a callback function

10.2.48 CsmCallback

SWS Item ECUC_Csm_00109 :

Container Name CsmCallback
Parent Container CsmCallbacks
264 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager
 Specification of Crypto Service Manager
AUTOSAR CP R20-11

Description Container for configuration of a callback function

Multiplicity Configuration Pre-compile time X All Variants
Class Link time --
Post-build time --
Configuration Parameters

SWS Item ECUC_Csm_00110 :

Name CsmCallbackFunc
Parent Container CsmCallback
Description Callback function to be called if an asynchronous operation has finished.
The corresponding job has to be configured to be processed
asynchronously.
Multiplicity 1
Type EcucFunctionNameDef
Default value --
maxLength --
minLength --
regularExpression --
Post-Build Variant Value false
Multiplicity Configuration Pre-compile time X All Variants
Class Link time --
Post-build time --
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local

No Included Containers

10.3 Published Information

For details refer to the chapter 10.3 “Published Information” in SWS_BSWGeneral.

265 of 265 Document ID 402: AUTOSAR_SWS_CryptoServiceManager