# api.add_allowed_stream(my_env, 'SEC 1', stream_5) # api.add_allowed_stream(my_env, 'SEC 1', stream_6) t_set = TimingFunctionSet() ecu_func_set = StdSecurLwSecModTimingFunctions(main_library_tag='CyaSSL') ecu_func_set.library_tags['t_ecu_auth_reg_msg_validate_cert'] = 'Crypto_Lib_SW' t_set.set_mapping_from_function_set('SEC 1', ecu_func_set) api.apply_timing_functions_set(my_env, 'SEC 1', t_set) t_set2 = TimingFunctionSet() ecu_func_set = StdSecurECUTimingFunctions(main_library_tag='CyaSSL') ecu_func_set.library_tags['t_adv_msg_secmodcert_enc'] = 'Crypto_Lib_SW' # SET ALL GATEWAY FILTERS, Bus dependent from the streams api.autoset_gateway_filters(my_env, 'SEC 1') for ecu in APICore()._ecu_list_from_groups([[ecu_group_1 + ecu_group_3 + ecu_group_4]]): # UNINTENDED HACK t_set2.set_mapping_from_function_set(ecu.ecu_id, ecu_func_set) api.apply_timing_functions_set(my_env, ecu.ecu_id, t_set2) # Save environment # filepath = os.path.join(os.path.dirname(__file__), "environments/1.env") # api.save_env_spec(my_env, filepath) # my_env = api.load_env_spec(filepath) # Monitor Test (optional) my_moni = Monitor() api.connect_monitor(my_env, my_moni, 5) # Connect monitor to environment
def prepare_configuration(self, simpy_env, life_time): ''' this method prepares the configuration on the side of the ECU simulation. It sets up the defined environment by mapping the ECU Ids as they are defined in the battery management system on the ECUs and the defined specs. So the constellation used is implemented here. Input: simpy_env simpy.Environment environment used in the battery management system life_time float life time of the simulation Output: - ''' # lifetime life_time = 50000 # logging # api_log_path = os.path.join(os.path.dirname(__file__), "../logs/api.log") # api.show_logging(logging.INFO, api_log_path, True) # create environment sim_env = api.create_environment(life_time) sim_env.set_env(simpy_env) ecu_list = [] # generate a ecu from the ECU specs setting the adapter for ecu_id in self.available_can_adapters(): # logging.info("ECU ID %s: " % ecu_id) # define individual ECU Spec ecu_spec = copy.deepcopy(self._ecu_spec) ecu_class_name = self._ecu_class_name if ecu_id in self._individual_spec: ecu_spec = self._individual_spec[ecu_id][0] ecu_class_name = self._individual_spec[ecu_id][1] ecu_spec.ecu_id_list = [str(ecu_id)] # create ecu ecu = api.set_ecus(sim_env, 1, ecu_class_name, ecu_spec)[0] ecu_list += [ecu] # connect ecu to adapter ecu.connect_adapter(self.can_bus_adapter[ecu_id]) # add security module # create ECU specification ecu_spec = SimpleECUSpec(['SEC 1'], 200000, 200000) # 200 KB ecu_spec.set_ecu_setting('t_ecu_auth_trigger_process', 0) ecu_spec.set_ecu_setting('t_ecu_auth_trigger_intervall', 80000) ecu_spec.set_apply_jitter(0.0001) sec_mod_group = api.set_ecus(sim_env, 1, 'SecLwAuthSecurityModule', ecu_spec) security_module = sec_mod_group[0] # connect to one bus # create the bus specifications bus_spec = SimpleBusSpec(['CAN_0']) api.set_busses(sim_env, 1, 'StdCANBus', bus_spec) api.connect_bus_by_obj(sim_env, 'CAN_0', ecu_list + sec_mod_group) # security constellation all_ecu_groups = [ecu_list] api.register_ecu_groups_to_secmod(sim_env, sec_mod_group[0].ecu_id, all_ecu_groups) certificate_manager = api.create_cert_manager() all_created_ecus = api.ecu_list_from_groups([all_ecu_groups]) ecu_ids = [str(ecu.ecu_id) for ecu in all_created_ecus] for ecu_id in ecu_ids: api.generate_valid_ecu_cert_cfg(certificate_manager, ecu_id, CAEnum.CA_L313, security_module.ecu_id, 0, float('inf')) api.generate_valid_sec_mod_cert_cfg(certificate_manager, security_module.ecu_id, CAEnum.CA_L313, ecu_ids, 0, float('inf')) api.apply_certification(sim_env, certificate_manager) # define allowed streams -------------------------------------------------------------- TODO very IMPORTANT for broadcast_stream_id in [0x0080, 0x0081, 0x0082, 0x0083, 0x0012, 0x0013, 0x0020, 0x00A0, 0x00A1 ]: for ecu_id in ecu_ids: lst = copy.deepcopy(ecu_ids) lst.remove(ecu_id) stream = MessageStream(ecu_id, lst, broadcast_stream_id, float('inf'), 0, float('inf')) api.add_allowed_stream(sim_env, security_module.ecu_id, stream) # -------------------------------------------------------------- TODO very IMPORTANT # set gateways api.autoset_gateway_filters(sim_env, sec_mod_group[0].ecu_id) # set timing functions function_set = TimingFunctionSet() ecu_func_set = StdSecurLwSecModTimingFunctions(main_library_tag='CyaSSL') ecu_func_set.library_tags['t_ecu_auth_reg_msg_validate_cert'] = 'Crypto_Lib_SW' function_set.set_mapping_from_function_set(security_module.ecu_id, ecu_func_set) api.apply_timing_functions_set(sim_env, security_module.ecu_id, function_set) function_set_2 = TimingFunctionSet() ecu_func_set = StdSecurECUTimingFunctions(main_library_tag='CyaSSL') ecu_func_set.library_tags['t_adv_msg_secmodcert_enc'] = 'Crypto_Lib_SW' for ecu_id in ecu_ids: function_set_2.set_mapping_from_function_set(ecu_id, ecu_func_set) api.apply_timing_functions_set(sim_env, ecu_id, function_set_2) # add monitor if self._monitor and self._result_reader: api.connect_monitor(sim_env, self._monitor, 0.5) api.connect_result_reader(sim_env, self._monitor, self._result_reader) # run view if defined if self._view: self._view.show(self._result_reader, self._view_options, self.q_application) # run simulation api.open_simulation_stop_button(sim_env) api.build_simulation(sim_env) api.run_simulation(sim_env)
#=============================================================================== # add allowed streams to the to the security module which is responsible for managing requested streams stream_1 = MessageStream('RegularSecureECU_15', ['RegularSecureECU_1', 'RegularSecureECU_18'], can_registration.CAN_TEST_MSG, float('inf'), 0, float('inf')) stream_2 = MessageStream('RegularSecureECU_15', ['Any_ECU_Name'], 16, float('inf'), 0, float('inf')) api.add_allowed_stream(sim_env, security_module.ecu_id, stream_1) api.add_allowed_stream(sim_env, security_module.ecu_id, stream_2) # this method defines the gateway filter in the following way # only streams are let pass that are headed in the right direction # so if a stream with id 60 is defined from E1 at CAN1 and headed to E2 at CAN0 via Gateway G1 # then this message would be filtered out when sent from CAN0 to CAN1 # or if a message is heading to E2 that was not declared in the streams it will not be forwarded # to CAN0 api.autoset_gateway_filters(sim_env, security_module.ecu_id) #=============================================================================== # Defining functions called when accessing the timeout values #=============================================================================== # create mapping from functions onto timing variables # e.g. t_ecu_auth_reg_msg_validate_cert should call function my_test_function # def my_test_function(*args): # ''' do something ''' # -> function_set.set_mapping('RegularSecureECU_15', 't_ecu_auth_reg_msg_validate_cert', my_test_function) function_set = TimingFunctionSet() # create a timing function set for a Security Module # this mapping contains all mappings from timing variables used in the security module # to methods that are called when those timings are accessed
# api.add_allowed_stream(my_env, 'SEC 1', stream_5) # api.add_allowed_stream(my_env, 'SEC 1', stream_6) t_set = TimingFunctionSet() ecu_func_set = StdSecurLwSecModTimingFunctions(main_library_tag='CyaSSL') ecu_func_set.library_tags['t_ecu_auth_reg_msg_validate_cert'] = 'Crypto_Lib_SW' t_set.set_mapping_from_function_set('SEC 1', ecu_func_set) api.apply_timing_functions_set(my_env, 'SEC 1', t_set) t_set2 = TimingFunctionSet() ecu_func_set = StdSecurECUTimingFunctions(main_library_tag='CyaSSL') ecu_func_set.library_tags['t_adv_msg_secmodcert_enc'] = 'Crypto_Lib_SW' # SET ALL GATEWAY FILTERS, Bus dependent from the streams api.autoset_gateway_filters(my_env, 'SEC 1') for ecu in APICore()._ecu_list_from_groups( [[ecu_group_1 + ecu_group_3 + ecu_group_4]]): # UNINTENDED HACK t_set2.set_mapping_from_function_set(ecu.ecu_id, ecu_func_set) api.apply_timing_functions_set(my_env, ecu.ecu_id, t_set2) # Save environment # filepath = os.path.join(os.path.dirname(__file__), "environments/1.env") # api.save_env_spec(my_env, filepath) # my_env = api.load_env_spec(filepath) # Monitor Test (optional) my_moni = Monitor() api.connect_monitor(my_env, my_moni, 5) # Connect monitor to environment