Woman, Life, Freedom
Adaptive AUTOSAR
ARA public interface header documentation
security_access.h
1#ifndef SECURITY_ACCESS_H
2#define SECURITY_ACCESS_H
3
4#include "./reentrancy.h"
5#include "./routing/delay_timer.h"
6#include "./routing/routable_uds_service.h"
7
8namespace ara
9{
10 namespace diag
11 {
14 struct SecurityLevel
15 {
17 bool Unlocked;
19 uint16_t Seed;
20
23 explicit SecurityLevel(uint16_t seed = 0) noexcept : Unlocked{false}, Seed{seed}
24 {
25 }
26 };
27
29 enum class KeyCompareResultType
30 {
31 kKeyValid = 0x00,
32 kKeyInvalid = 0x01
33 };
34
37 class SecurityAccess : public routing::RoutableUdsService
38 {
39 private:
40 static const uint8_t cSid{0x27};
41 static const uint16_t cInitialSeed{1};
42
43 const size_t cSidIndex{0};
44 const size_t cSubFunctionIndex{1};
45 const size_t cDataRecordOffset{2};
46 const size_t cKeyLength{2};
47
48 const uint8_t cSuppressPosRspMask{0x80};
49 const uint8_t cGeneralReject{0x10};
50 const uint8_t cInvalidKey{0x35};
51 const uint8_t cExceededNumberOfAttempts{0x36};
52
53 const uint8_t cIsoReservedSubFunction{0x00};
54 const uint8_t cIsoReservedLBound{0x43};
55 const uint8_t cIsoReservedHBound{0x5e};
56 const uint8_t cSupplierReservedLBound{0x61};
57 const uint8_t cSupplierReservedHBound{0x7f};
58
59 const std::string cEncryptorKey{"Encryptor"};
60 const std::string cAttemptThresholdKey{"AttemptThreshold"};
61 const std::string cExceededAttemptDelayKey{"ExceededAttemptDelay"};
62
63 const ReentrancyType mReentrancy;
64 uint16_t mSeed;
65 std::map<uint8_t, SecurityLevel> mSecurityLevels;
66 routing::DelayTimer mDelayTimer;
67 uint8_t mFailedUnlockAttempt;
68
69 bool hasProblem(
70 const std::vector<uint8_t> &requestData, uint8_t &nrc) const;
71
72 bool tryFetchSeed(uint8_t level, uint16_t &seed) const;
73 uint16_t addLevel(uint8_t level);
74 void handleRequestSeed(
75 OperationOutput &response,
76 uint8_t subFunction,
77 const std::vector<uint8_t> &securityAccessDataRecord,
78 MetaInfo &metaInfo,
79 CancellationHandler &&cancellationHandler,
80 bool suppressPositiveResponse);
81
82 void handlePassedAttempt(
83 std::map<uint8_t, SecurityLevel>::iterator securityLevelItr);
84 void handleFailedAttempt(MetaInfo &metaInfo);
85 void handleSendKey(
86 OperationOutput &response,
87 uint8_t subFunction,
88 const std::vector<uint8_t> &key,
89 MetaInfo &metaInfo,
90 CancellationHandler &&cancellationHandler,
91 bool suppressPositiveResponse);
92
93 public:
97 explicit SecurityAccess(
98 const core::InstanceSpecifier &specifier,
99 ReentrancyType reentrancyType) noexcept;
100
101 ~SecurityAccess() noexcept = default;
102
103 std::future<OperationOutput> HandleMessage(
104 const std::vector<uint8_t> &requestData,
105 MetaInfo &metaInfo,
106 CancellationHandler &&cancellationHandler) override;
107
114 std::future<std::vector<uint8_t>> GetSeed(
115 uint8_t subFunction,
116 std::vector<uint8_t> securityAccessDataRecord,
117 MetaInfo &metaInfo,
118 CancellationHandler &&cancellationHandler);
119
126 std::future<KeyCompareResultType> CompareKey(
127 uint8_t subFunction,
128 std::vector<uint8_t> key,
129 MetaInfo &metaInfo,
130 CancellationHandler &&cancellationHandler);
131 };
132 }
133}
134#endif
ara::core::InstanceSpecifier
AUTOSAR shortname-path wrapper.
Definition: instance_specifier.h:14
ara::diag::CancellationHandler
A wrapper class around a conversation cancellation handler callback.
Definition: cancellation_handler.h:12
ara::diag::MetaInfo
Diagnostic metainfo in different context.
Definition: meta_info.h:24
ara::diag::SecurityAccess
A class to evaluate the security access to the data among diagnostic services.
Definition: security_access.h:38
ara::diag::SecurityAccess::SecurityAccess
SecurityAccess(const core::InstanceSpecifier &specifier, ReentrancyType reentrancyType) noexcept
Constructor.
Definition: security_access.cpp:10
ara::diag::SecurityAccess::GetSeed
std::future< std::vector< uint8_t > > GetSeed(uint8_t subFunction, std::vector< uint8_t > securityAccessDataRecord, MetaInfo &metaInfo, CancellationHandler &&cancellationHandler)
Request a seed from the client side to provide a security key.
Definition: security_access.cpp:188
ara::diag::SecurityAccess::CompareKey
std::future< KeyCompareResultType > CompareKey(uint8_t subFunction, std::vector< uint8_t > key, MetaInfo &metaInfo, CancellationHandler &&cancellationHandler)
Evaluate the key provided by a client.
Definition: security_access.cpp:316
ara::diag::SecurityAccess::HandleMessage
std::future< OperationOutput > HandleMessage(const std::vector< uint8_t > &requestData, MetaInfo &metaInfo, CancellationHandler &&cancellationHandler) override
Handle an UDS request message.
Definition: security_access.cpp:57
ara::diag::routing::DelayTimer
A thread-safe countdown timer running on a different thread.
Definition: delay_timer.h:15
ara::diag::routing::RoutableUdsService
An UDS service to handle a diagnostic request by offering itself to a router.
Definition: routable_uds_service.h:28
ara::diag::KeyCompareResultType
KeyCompareResultType
Security key comparison result.
Definition: security_access.h:30
ara::diag::KeyCompareResultType::kKeyValid
@ kKeyValid
Valid security key.
ara::diag::KeyCompareResultType::kKeyInvalid
@ kKeyInvalid
Invalid security key.
ara::diag::ReentrancyType
ReentrancyType
Reentrancy type of an instance.
Definition: reentrancy.h:12
ara::diag::OperationOutput
Positive response of a handled UDS request.
Definition: routable_uds_service.h:17
ara::diag::SecurityLevel
A data model that contains the status of a security level.
Definition: security_access.h:15
ara::diag::SecurityLevel::Unlocked
bool Unlocked
Indicate whether the security level has been unlocked or not.
Definition: security_access.h:17
ara::diag::SecurityLevel::SecurityLevel
SecurityLevel(uint16_t seed=0) noexcept
Constructor.
Definition: security_access.h:23
ara::diag::SecurityLevel::Seed
uint16_t Seed
Seed that corresponds to the security level for key comparison.
Definition: security_access.h:19