def create_aut_env(self): # Spaeter on Button Click z.B.
''' this method creates the simulation'''
api_log_path = os.path.join(os.path.dirname(__file__), "../logs/api.log")
api.show_logging(logging.INFO, api_log_path, True)
my_env = api.create_environment(2500)
ecu_spec = SimpleECUSpec([], 200, 200)
ecu_group_1 = api.set_ecus(my_env, 10, 'SecureECU', ecu_spec)
ecu_spec = SimpleECUSpec(['SEC 1'], 200, 200)
ecu_spec.set_ecu_setting('t_ecu_auth_trigger_process', 100)
ecu_spec.set_ecu_setting('t_ecu_auth_trigger_intervall', 1000)
sec_mod_group = api.set_ecus(my_env, 1, 'SecLwAuthSecurityModule', ecu_spec)
bus_spec = SimpleBusSpec(['CAN_0'])
bus_group = api.set_busses(my_env, 1, 'StdCANBus', bus_spec)
api.connect_bus_by_obj(my_env, 'CAN_0', ecu_group_1 + sec_mod_group)
api.register_ecu_groups_to_secmod(my_env, sec_mod_group[0].ecu_id, [ecu_group_1])
certeros = api.create_cert_manager()
for ecu in APICore()._ecu_list_from_groups([[ecu_group_1]]): # UNINTENDED HACK
api.generate_valid_ecu_cert_cfg(certeros, ecu.ecu_id, CAEnum.CA_L313, 'SEC 1', 0, float('inf'))
api.generate_valid_sec_mod_cert_cfg(certeros, 'SEC 1', CAEnum.CA_L313, 0, float('inf'))
api.apply_certification(my_env, certeros)
stream_1 = MessageStream(my_env.get_env(), 'SecureECU_0', ['SecureECU_1', 'SecureECU_4', 'SecureECU_5'], 13, float('inf'), 0, float('inf'))
stream_2 = MessageStream(my_env.get_env(), 'SecureECU_1', ['SecureECU_3', 'SecureECU_2', 'SecureECU_5'], 12, float('inf'), 0, float('inf'))
stream_3 = MessageStream(my_env.get_env(), 'SecureECU_0', ['SecureECU_4', 'SecureECU_1', 'SecureECU_5'], 222, float('inf'), 0, float('inf'))
stream_4 = MessageStream(my_env.get_env(), 'SecureECU_3', ['SecureECU_0', 'SecureECU_1', 'SecureECU_5'], 11, float('inf'), 0, float('inf'))
stream_5 = MessageStream(my_env.get_env(), 'SecureECU_4', ['SecureECU_2', 'SecureECU_1', 'SecureECU_3'], 500, float('inf'), 0, float('inf'))
api.add_allowed_stream(my_env, 'SEC 1', stream_1)
api.add_allowed_stream(my_env, 'SEC 1', stream_2)
api.add_allowed_stream(my_env, 'SEC 1', stream_3)
api.add_allowed_stream(my_env, 'SEC 1', stream_4)
api.add_allowed_stream(my_env, 'SEC 1', stream_5)
t_set = TimingFunctionSet()
ecu_func_set = StdSecurLwSecModTimingFunctions(main_library_tag='CyaSSL')
t_set.set_mapping_from_function_set('SEC 1', ecu_func_set)
api.apply_timing_functions_set(my_env, 'SEC 1', t_set)
t_set2 = TimingFunctionSet()
ecu_func_set = StdSecurECUTimingFunctions(main_library_tag='CyaSSL')
for ecu in APICore()._ecu_list_from_groups([[ecu_group_1]]): # UNINTENDED HACK
t_set2.set_mapping_from_function_set(ecu.ecu_id, ecu_func_set)
api.apply_timing_functions_set(my_env, ecu.ecu_id, t_set2)
api.connect_monitor(my_env, self.monitor, 50)
api.build_simulation(my_env)
''' start this in a new thread'''
sim = SimulationThread(self, my_env)
sim.start()
api.connect_bus_by_obj(my_env, 'CAN_0', ecu_group_1 + sec_mod_group + gateway_group_1)
api.connect_bus_by_obj(my_env, 'CAN_1', gateway_group_1 + ecu_group_3)
api.connect_bus_by_obj(my_env, 'CAN_2', ecu_group_4 + gateway_group_1)
# GATEWAY BUS DEPENDENT FILTER
# filters incoming messages, so all messages in fst that are coming from bus CAN_0 are allowed the rest is filtered
# GW1 allows only CAN_TEST_MSG to be forwarded when coming from can_0
# fst = [can_registration.CAN_TEST_MSG]
# scd = can_registration.AUTH_MESSAGES + [500]
# api.gateway_filter_bus(gateway_group_1, {'CAN_0':[1,2,3,4,5], 'CAN_1':[1,2,3,4,5,2730,511]})
# api.gateway_filter_sending_bus(gateway_group_1, {'CAN_0':[1, 2, 3, 4, 2730, 5, 6, 7, 8, 9], 'CAN_1':[1, 2, 3, 4, 5, 6, 7, 8, 9, 2730, 511], 'CAN_2':[1, 2, 3, 4, 5, 6, 7, 8, 9, 2730, 511]})
api.register_ecu_groups_to_secmod(my_env, sec_mod_group[0].ecu_id, [ecu_group_1 + ecu_group_3 + ecu_group_4 ])
certeros = api.create_cert_manager()
ecu_ids = []
for ecu in APICore()._ecu_list_from_groups([[ecu_group_1 + ecu_group_3 + ecu_group_4]]): # UNINTENDED HACK
if isinstance(ecu, CANGateway):
continue
ecu_ids += [ecu.ecu_id]
api.generate_valid_ecu_cert_cfg(certeros, ecu.ecu_id, CAEnum.CA_L313, 'SEC 1', 0, float('inf'))
api.generate_valid_sec_mod_cert_cfg(certeros, 'SEC 1', CAEnum.CA_L313, ecu_ids, 0, float('inf'))
api.apply_certification(my_env, certeros)
stream_1 = MessageStream('RegularSecureECU_15', ['SecureECU_1', 'TEST ECU 9', 'TEST ECU 11'], can_registration.CAN_TEST_MSG, float('inf'), 0, float('inf'))
stream_2 = MessageStream('RegularSecureECU_15', ['SecureECU_1', 'TEST ECU 12', 'SecureECU_5'], 16, float('inf'), 0, float('inf'))
# stream_3 = MessageStream('SecureECU_0', ['SecureECU_4', 'SecureECU_1', 'SecureECU_5'], 222, float('inf'), 0, float('inf'))
# stream_4 = MessageStream('SecureECU_3', ['SecureECU_0', 'SecureECU_1', 'SecureECU_5'], AbstractBusMessage.CAN_TEST_MSG_2, float('inf'), 0, float('inf'))
# stream_5 = MessageStream('SecureECU_4', ['TEST ECU 9', 'SecureECU_1', 'SecureECU_3'], 500, float('inf'), 0, float('inf'))
# in this example: gateway 1 will only transmit message ids 1, 2, 3, 4, 2730, 5, 6, 7, 8, 9 to CAN_0 - all others are not forwarded to this bus
# analogously it only transmits message ids 1, 2, 3, 4, 5, 6, 7, 8, 9, 2730, 511 to CAN_1 - all others are not forwarded to this bus
# api.gateway_filter_sending_bus(gateway_group_1, {'CAN_0':[1, 2, 3, 4, 2730, 5, 6, 7, 8, 9], 'CAN_1':[1, 2, 3, 4, 5, 6, 7, 8, 9, 2730, 511], 'CAN_2':[1, 2, 3, 4, 5, 6, 7, 8, 9, 2730, 511]})
#==============================================================================
# setup security values of ECUs
#==============================================================================
# register all ECUs to the security module
all_ecu_groups = [ecu_group_1 + ecu_group_3 + ecu_group_4]
api.register_ecu_groups_to_secmod(sim_env, security_module.ecu_id, all_ecu_groups)
# generate the certificates for the ECUs
# the constellation of the certificate - i.e. its organization in the CA hierarchy is set
# in the certificate_manager object
certificate_manager = api.create_cert_manager()
# create a certificate signed by CA CAEnum.CA_L313 defined in the CAHierarchy() that was defined in the
# certificate manager. A custom CAHierarchy can be passed to the api.create_cert_manager() class
all_created_ecus = api.ecu_list_from_groups([all_ecu_groups])
ecu_ids = [ecu.ecu_id for ecu in all_created_ecus]
# generate certificates for the ECUs and setting root certificates to the corresponding security module
for ecu_id in ecu_ids:
api.generate_valid_ecu_cert_cfg(certificate_manager, ecu_id, CAEnum.CA_L313, security_module.ecu_id, 0, float('inf'))
# generate a certificate in the security module and setting root certificates to all ecus passed in the list ecu_ids
api.generate_valid_sec_mod_cert_cfg(certificate_manager, security_module.ecu_id, CAEnum.CA_L313, ecu_ids, 0, float('inf'))
# apply the certification
api.apply_certification(sim_env, certificate_manager)
# -> Setup logging # -> Create Environment #=============================================================================== api.register_ecu_classes(os.path.join(os.path.dirname(__file__), "ecus")) # setup the logging api_log_path = os.path.join(os.path.dirname(__file__), "logs/api.log") api.show_logging(logging.INFO, api_log_path, True) # create an empty environment specification for the environment sim_env = api.create_environment(200) #=========================================================================== # Create Certificate Manager #=========================================================================== GeneralSpecPreset().certificate_manager = api.create_cert_manager() #=============================================================================== # Creating ECUs #=============================================================================== # create ECU with specification A ecu_spec = RegularECUSpec(["My_Test_ECU_1"], 20000, 20000) ecu_spec.add_sending_actions(2, 0.5, 16, "TEST STRING B", 50) # sends a at time 10, 10.5, 11... message id 16, content test string b and size 50 ecu_group_1 = api.set_ecus(sim_env, 1, 'MyProtocolECU', ecu_spec) # create 2 ECUs with specification B (here: same as A) ecu_spec = RegularECUSpec(["My_Test_ECU_2", "My_Test_ECU_3"], 20000, 20000) ecu_group_3 = api.set_ecus(sim_env, 2, 'MyProtocolECU', ecu_spec) # create 3 ECUs with specification C (here: same as A) ecu_spec = RegularECUSpec(["My_Test_ECU_4", "My_Test_ECU_5", "My_Test_ECU_6"], 20000, 20000)
def prepare_configuration(self, simpy_env, life_time):
''' this method prepares the configuration on the side of the
ECU simulation. It sets up the defined environment by mapping
the ECU Ids as they are defined in the battery management system
on the ECUs and the defined specs. So the constellation used is
implemented here.
Input: simpy_env simpy.Environment environment used in the battery management system
life_time float life time of the simulation
Output: -
'''
# lifetime
life_time = 50000
# logging
# api_log_path = os.path.join(os.path.dirname(__file__), "../logs/api.log")
# api.show_logging(logging.INFO, api_log_path, True)
# create environment
sim_env = api.create_environment(life_time)
sim_env.set_env(simpy_env)
ecu_list = []
# generate a ecu from the ECU specs setting the adapter
for ecu_id in self.available_can_adapters():
# logging.info("ECU ID %s: " % ecu_id)
# define individual ECU Spec
ecu_spec = copy.deepcopy(self._ecu_spec)
ecu_class_name = self._ecu_class_name
if ecu_id in self._individual_spec:
ecu_spec = self._individual_spec[ecu_id][0]
ecu_class_name = self._individual_spec[ecu_id][1]
ecu_spec.ecu_id_list = [str(ecu_id)]
# create ecu
ecu = api.set_ecus(sim_env, 1, ecu_class_name, ecu_spec)[0]
ecu_list += [ecu]
# connect ecu to adapter
ecu.connect_adapter(self.can_bus_adapter[ecu_id])
# add security module
# create ECU specification
ecu_spec = SimpleECUSpec(['SEC 1'], 200000, 200000) # 200 KB
ecu_spec.set_ecu_setting('t_ecu_auth_trigger_process', 0)
ecu_spec.set_ecu_setting('t_ecu_auth_trigger_intervall', 80000)
ecu_spec.set_apply_jitter(0.0001)
sec_mod_group = api.set_ecus(sim_env, 1, 'SecLwAuthSecurityModule', ecu_spec)
security_module = sec_mod_group[0]
# connect to one bus
# create the bus specifications
bus_spec = SimpleBusSpec(['CAN_0'])
api.set_busses(sim_env, 1, 'StdCANBus', bus_spec)
api.connect_bus_by_obj(sim_env, 'CAN_0', ecu_list + sec_mod_group)
# security constellation
all_ecu_groups = [ecu_list]
api.register_ecu_groups_to_secmod(sim_env, sec_mod_group[0].ecu_id, all_ecu_groups)
certificate_manager = api.create_cert_manager()
all_created_ecus = api.ecu_list_from_groups([all_ecu_groups])
ecu_ids = [str(ecu.ecu_id) for ecu in all_created_ecus]
for ecu_id in ecu_ids:
api.generate_valid_ecu_cert_cfg(certificate_manager, ecu_id, CAEnum.CA_L313, security_module.ecu_id, 0, float('inf'))
api.generate_valid_sec_mod_cert_cfg(certificate_manager, security_module.ecu_id, CAEnum.CA_L313, ecu_ids, 0, float('inf'))
api.apply_certification(sim_env, certificate_manager)
# define allowed streams -------------------------------------------------------------- TODO very IMPORTANT
for broadcast_stream_id in [0x0080, 0x0081, 0x0082, 0x0083, 0x0012, 0x0013, 0x0020, 0x00A0, 0x00A1 ]:
for ecu_id in ecu_ids:
lst = copy.deepcopy(ecu_ids)
lst.remove(ecu_id)
stream = MessageStream(ecu_id, lst, broadcast_stream_id, float('inf'), 0, float('inf'))
api.add_allowed_stream(sim_env, security_module.ecu_id, stream)
# -------------------------------------------------------------- TODO very IMPORTANT
# set gateways
api.autoset_gateway_filters(sim_env, sec_mod_group[0].ecu_id)
# set timing functions
function_set = TimingFunctionSet()
ecu_func_set = StdSecurLwSecModTimingFunctions(main_library_tag='CyaSSL')
ecu_func_set.library_tags['t_ecu_auth_reg_msg_validate_cert'] = 'Crypto_Lib_SW'
function_set.set_mapping_from_function_set(security_module.ecu_id, ecu_func_set)
api.apply_timing_functions_set(sim_env, security_module.ecu_id, function_set)
function_set_2 = TimingFunctionSet()
ecu_func_set = StdSecurECUTimingFunctions(main_library_tag='CyaSSL')
ecu_func_set.library_tags['t_adv_msg_secmodcert_enc'] = 'Crypto_Lib_SW'
for ecu_id in ecu_ids:
function_set_2.set_mapping_from_function_set(ecu_id, ecu_func_set)
api.apply_timing_functions_set(sim_env, ecu_id, function_set_2)
# add monitor
if self._monitor and self._result_reader:
api.connect_monitor(sim_env, self._monitor, 0.5)
api.connect_result_reader(sim_env, self._monitor, self._result_reader)
# run view if defined
if self._view:
self._view.show(self._result_reader, self._view_options, self.q_application)
# run simulation
api.open_simulation_stop_button(sim_env)
api.build_simulation(sim_env)
api.run_simulation(sim_env)
api.connect_bus_by_obj(my_env, 'CAN_1', gateway_group_1 + ecu_group_3)
api.connect_bus_by_obj(my_env, 'CAN_2', ecu_group_4 + gateway_group_1)
# GATEWAY BUS DEPENDENT FILTER
# filters incoming messages, so all messages in fst that are coming from bus CAN_0 are allowed the rest is filtered
# GW1 allows only CAN_TEST_MSG to be forwarded when coming from can_0
# fst = [can_registration.CAN_TEST_MSG]
# scd = can_registration.AUTH_MESSAGES + [500]
# api.gateway_filter_bus(gateway_group_1, {'CAN_0':[1,2,3,4,5], 'CAN_1':[1,2,3,4,5,2730,511]})
# api.gateway_filter_sending_bus(gateway_group_1, {'CAN_0':[1, 2, 3, 4, 2730, 5, 6, 7, 8, 9], 'CAN_1':[1, 2, 3, 4, 5, 6, 7, 8, 9, 2730, 511], 'CAN_2':[1, 2, 3, 4, 5, 6, 7, 8, 9, 2730, 511]})
api.register_ecu_groups_to_secmod(my_env, sec_mod_group[0].ecu_id,
[ecu_group_1 + ecu_group_3 + ecu_group_4])
certeros = api.create_cert_manager()
ecu_ids = []
for ecu in APICore()._ecu_list_from_groups(
[[ecu_group_1 + ecu_group_3 + ecu_group_4]]): # UNINTENDED HACK
if isinstance(ecu, CANGateway):
continue
ecu_ids += [ecu.ecu_id]
api.generate_valid_ecu_cert_cfg(certeros, ecu.ecu_id, CAEnum.CA_L313,
'SEC 1', 0, float('inf'))
api.generate_valid_sec_mod_cert_cfg(certeros, 'SEC 1', CAEnum.CA_L313, ecu_ids,
0, float('inf'))
api.apply_certification(my_env, certeros)
stream_1 = MessageStream('RegularSecureECU_15',
['SecureECU_1', 'TEST ECU 9', 'TEST ECU 11'],
can_registration.CAN_TEST_MSG, float('inf'), 0,
# -> Setup logging
# -> Create Environment
#===============================================================================
api.register_ecu_classes(os.path.join(os.path.dirname(__file__), "ecus"))
# setup the logging
api_log_path = os.path.join(os.path.dirname(__file__), "logs/api.log")
api.show_logging(logging.INFO, api_log_path, True)
# create an empty environment specification for the environment
sim_env = api.create_environment(200)
#===========================================================================
# Create Certificate Manager
#===========================================================================
GeneralSpecPreset().certificate_manager = api.create_cert_manager()
#===============================================================================
# Creating ECUs
#===============================================================================
# create ECU with specification A
ecu_spec = RegularECUSpec(["My_Test_ECU_1"], 20000, 20000)
ecu_spec.add_sending_actions(
2, 0.5, 16, "TEST STRING B", 50
) # sends a at time 10, 10.5, 11... message id 16, content test string b and size 50
ecu_group_1 = api.set_ecus(sim_env, 1, 'MyProtocolECU', ecu_spec)
# create 2 ECUs with specification B (here: same as A)
ecu_spec = RegularECUSpec(["My_Test_ECU_2", "My_Test_ECU_3"], 20000, 20000)
ecu_group_3 = api.set_ecus(sim_env, 2, 'MyProtocolECU', ecu_spec)