AUTOSAR|AUTOSAR SecOC Introduction -- Part 2

Encryption & Validation Flow AUTOSAR|AUTOSAR SecOC Introduction -- Part 2
文章图片


Encryption 主要分为如下几步

  1. 传输Authentic I-PDU
  2. 获取SecOC ID
  3. 获取Freshness Value
  4. 获取Key
  5. 构建Authentication data
  6. 生成MAC
  7. 构建Secured I-PDU
可以将Secured I-PDU 拆成2帧报文进行发送(通过设置SecOCTxSecuredPduCollection)
Authentic I -PDU (Including Message Link)
Truncated FV| Truncated MAC | Message Link
因为一个Secured I-PDU 已经被拆分成2帧报文进行发送,通过比较所包含的Message Link来判断这两帧报文是由同一Secured I-PDU拆分而来

Validation 主要分为如下几步
  1. 收到的Secured I-PDU
  2. 获取SecOC ID
  3. 构建FV
  4. 构建 Authentication data
  5. 获取Key
  6. 验证MAC
  7. 比较MAC
针对验证可以配置最大尝试验证次数SecOCAuthenticationBuildAttempts
AUTOSAR|AUTOSAR SecOC Introduction -- Part 2
文章图片

Data Transmission Flow AUTOSAR|AUTOSAR SecOC Introduction -- Part 2
文章图片


App Transmission AUTOSAR|AUTOSAR SecOC Introduction -- Part 2
文章图片

1.For each transmission request of an Authentic I-PDU, the upper layer communication module shall call the PduR module through PduR_Transmit.
2. The PduR routes this request to the SecOC module and calls SecOC_[If|Tp]Transmit.
3. The SecOC module copies the Authentic I-PDU to its own memory and returns.

4.During the next scheduled call of its main function, the SecOC module creates the Secured I-PDU by calculating the Authentication Information and initiates the transmission of the Secured I-PDU by notifying the respective lower layer module via the PduR module.
5. Thereafter, the SecOC module takes the role of an upper layer communication module and thus serves all lower layer requests to provide information on or to copy data of the Secured I-PDU.
6. Finally, the confirmation of the successful or unsuccessful transmission of the Secured I-PDU are provided to the upper layer communication module as confirmation of the successful or unsuccessful transmission of the Authentic I-PDU

TP Transmission AUTOSAR|AUTOSAR SecOC Introduction -- Part 2
文章图片

App ReceptionAUTOSAR|AUTOSAR SecOC Introduction -- Part 2
文章图片


1. For each indication of an incoming Secured I-PDU from a lower layer bus interface or transport protocol module, the SecOC module takes the role of an upper layer communication module and thus serves all lower layer requests that are necessary to receive the complete Secured I-PDU.
2. The SecOC module copies the Secured I-PDU into its own memory.
3. Thereafter, when the complete Secured I-PDU is available and during the next scheduled call of its main function, the SecOC module verifies the contents of the Secured I-PDU according
4. If the verification fails and the parameter SecOcIgnoreVerificationResult is configured to FALSE, the SecOC module drops the Secured I-PDU.
5. If the verification succeeds or the verification fails and the parameter SecOcIgnoreVerificationResult is configured to TRUE, the SecOC module takes the role of a lower layer communication module and calls PduR_SecOC[If|Tp]RxIndication for the Authentic I-PDU.
6. The SecOC reports the verification results

TP Reception AUTOSAR|AUTOSAR SecOC Introduction -- Part 2
文章图片

Freshness Handling AUTOSAR|AUTOSAR SecOC Introduction -- Part 2
文章图片

【AUTOSAR|AUTOSAR SecOC Introduction -- Part 2】

    推荐阅读