def create_aut_env(self): # Spaeter on Button Click z.B. ''' this method creates the simulation''' api_log_path = os.path.join(os.path.dirname(__file__), "../logs/api.log") api.show_logging(logging.INFO, api_log_path, True) my_env = api.create_environment(2500) ecu_spec = SimpleECUSpec([], 200, 200) ecu_group_1 = api.set_ecus(my_env, 10, 'SecureECU', ecu_spec) ecu_spec = SimpleECUSpec(['SEC 1'], 200, 200) ecu_spec.set_ecu_setting('t_ecu_auth_trigger_process', 100) ecu_spec.set_ecu_setting('t_ecu_auth_trigger_intervall', 1000) sec_mod_group = api.set_ecus(my_env, 1, 'SecLwAuthSecurityModule', ecu_spec) bus_spec = SimpleBusSpec(['CAN_0']) bus_group = api.set_busses(my_env, 1, 'StdCANBus', bus_spec) api.connect_bus_by_obj(my_env, 'CAN_0', ecu_group_1 + sec_mod_group) api.register_ecu_groups_to_secmod(my_env, sec_mod_group[0].ecu_id, [ecu_group_1]) certeros = api.create_cert_manager() for ecu in APICore()._ecu_list_from_groups([[ecu_group_1]]): # UNINTENDED HACK api.generate_valid_ecu_cert_cfg(certeros, ecu.ecu_id, CAEnum.CA_L313, 'SEC 1', 0, float('inf')) api.generate_valid_sec_mod_cert_cfg(certeros, 'SEC 1', CAEnum.CA_L313, 0, float('inf')) api.apply_certification(my_env, certeros) stream_1 = MessageStream(my_env.get_env(), 'SecureECU_0', ['SecureECU_1', 'SecureECU_4', 'SecureECU_5'], 13, float('inf'), 0, float('inf')) stream_2 = MessageStream(my_env.get_env(), 'SecureECU_1', ['SecureECU_3', 'SecureECU_2', 'SecureECU_5'], 12, float('inf'), 0, float('inf')) stream_3 = MessageStream(my_env.get_env(), 'SecureECU_0', ['SecureECU_4', 'SecureECU_1', 'SecureECU_5'], 222, float('inf'), 0, float('inf')) stream_4 = MessageStream(my_env.get_env(), 'SecureECU_3', ['SecureECU_0', 'SecureECU_1', 'SecureECU_5'], 11, float('inf'), 0, float('inf')) stream_5 = MessageStream(my_env.get_env(), 'SecureECU_4', ['SecureECU_2', 'SecureECU_1', 'SecureECU_3'], 500, float('inf'), 0, float('inf')) api.add_allowed_stream(my_env, 'SEC 1', stream_1) api.add_allowed_stream(my_env, 'SEC 1', stream_2) api.add_allowed_stream(my_env, 'SEC 1', stream_3) api.add_allowed_stream(my_env, 'SEC 1', stream_4) api.add_allowed_stream(my_env, 'SEC 1', stream_5) t_set = TimingFunctionSet() ecu_func_set = StdSecurLwSecModTimingFunctions(main_library_tag='CyaSSL') t_set.set_mapping_from_function_set('SEC 1', ecu_func_set) api.apply_timing_functions_set(my_env, 'SEC 1', t_set) t_set2 = TimingFunctionSet() ecu_func_set = StdSecurECUTimingFunctions(main_library_tag='CyaSSL') for ecu in APICore()._ecu_list_from_groups([[ecu_group_1]]): # UNINTENDED HACK t_set2.set_mapping_from_function_set(ecu.ecu_id, ecu_func_set) api.apply_timing_functions_set(my_env, ecu.ecu_id, t_set2) api.connect_monitor(my_env, self.monitor, 50) api.build_simulation(my_env) ''' start this in a new thread''' sim = SimulationThread(self, my_env) sim.start()
# CONNECT 7 ECUs and the SEC MOD to CAN 0 and 2 ECUs to CAN_1 and 2 ECUs to CAN 2 # CONNECT CAN 0 via GW1 to CAN 1 // CONNECT CAN 1 via GW 2 to CAN 2 api.connect_bus_by_obj(my_env, 'CAN_0', ecu_group_1 + sec_mod_group + gateway_group_1) api.connect_bus_by_obj(my_env, 'CAN_1', gateway_group_1 + ecu_group_3) api.connect_bus_by_obj(my_env, 'CAN_2', ecu_group_4 + gateway_group_1) # GATEWAY BUS DEPENDENT FILTER # filters incoming messages, so all messages in fst that are coming from bus CAN_0 are allowed the rest is filtered # GW1 allows only CAN_TEST_MSG to be forwarded when coming from can_0 # fst = [can_registration.CAN_TEST_MSG] # scd = can_registration.AUTH_MESSAGES + [500] # api.gateway_filter_bus(gateway_group_1, {'CAN_0':[1,2,3,4,5], 'CAN_1':[1,2,3,4,5,2730,511]}) # api.gateway_filter_sending_bus(gateway_group_1, {'CAN_0':[1, 2, 3, 4, 2730, 5, 6, 7, 8, 9], 'CAN_1':[1, 2, 3, 4, 5, 6, 7, 8, 9, 2730, 511], 'CAN_2':[1, 2, 3, 4, 5, 6, 7, 8, 9, 2730, 511]}) api.register_ecu_groups_to_secmod(my_env, sec_mod_group[0].ecu_id, [ecu_group_1 + ecu_group_3 + ecu_group_4 ]) certeros = api.create_cert_manager() ecu_ids = [] for ecu in APICore()._ecu_list_from_groups([[ecu_group_1 + ecu_group_3 + ecu_group_4]]): # UNINTENDED HACK if isinstance(ecu, CANGateway): continue ecu_ids += [ecu.ecu_id] api.generate_valid_ecu_cert_cfg(certeros, ecu.ecu_id, CAEnum.CA_L313, 'SEC 1', 0, float('inf')) api.generate_valid_sec_mod_cert_cfg(certeros, 'SEC 1', CAEnum.CA_L313, ecu_ids, 0, float('inf')) api.apply_certification(my_env, certeros) stream_1 = MessageStream('RegularSecureECU_15', ['SecureECU_1', 'TEST ECU 9', 'TEST ECU 11'], can_registration.CAN_TEST_MSG, float('inf'), 0, float('inf')) stream_2 = MessageStream('RegularSecureECU_15', ['SecureECU_1', 'TEST ECU 12', 'SecureECU_5'], 16, float('inf'), 0, float('inf')) # stream_3 = MessageStream('SecureECU_0', ['SecureECU_4', 'SecureECU_1', 'SecureECU_5'], 222, float('inf'), 0, float('inf'))
# in this example: gateway 1 will only receive message ids 1,2,3,4,5 from CAN_0 - all others are discarded # analogously it only receives message ids 1,2,3,4,5,2730,511 from CAN_1 - all others are discarded # api.gateway_filter_bus(gateway_group_1, {'CAN_0':[1,2,3,4,5], 'CAN_1':[1,2,3,4,5,2730,511]}) # type 1 - receive filter: only the defined message ids will be forwarded to the defined bus # in this example: gateway 1 will only transmit message ids 1, 2, 3, 4, 2730, 5, 6, 7, 8, 9 to CAN_0 - all others are not forwarded to this bus # analogously it only transmits message ids 1, 2, 3, 4, 5, 6, 7, 8, 9, 2730, 511 to CAN_1 - all others are not forwarded to this bus # api.gateway_filter_sending_bus(gateway_group_1, {'CAN_0':[1, 2, 3, 4, 2730, 5, 6, 7, 8, 9], 'CAN_1':[1, 2, 3, 4, 5, 6, 7, 8, 9, 2730, 511], 'CAN_2':[1, 2, 3, 4, 5, 6, 7, 8, 9, 2730, 511]}) #============================================================================== # setup security values of ECUs #============================================================================== # register all ECUs to the security module all_ecu_groups = [ecu_group_1 + ecu_group_3 + ecu_group_4] api.register_ecu_groups_to_secmod(sim_env, security_module.ecu_id, all_ecu_groups) # generate the certificates for the ECUs # the constellation of the certificate - i.e. its organization in the CA hierarchy is set # in the certificate_manager object certificate_manager = api.create_cert_manager() # create a certificate signed by CA CAEnum.CA_L313 defined in the CAHierarchy() that was defined in the # certificate manager. A custom CAHierarchy can be passed to the api.create_cert_manager() class all_created_ecus = api.ecu_list_from_groups([all_ecu_groups]) ecu_ids = [ecu.ecu_id for ecu in all_created_ecus] # generate certificates for the ECUs and setting root certificates to the corresponding security module for ecu_id in ecu_ids: api.generate_valid_ecu_cert_cfg(certificate_manager, ecu_id, CAEnum.CA_L313, security_module.ecu_id, 0, float('inf'))
def prepare_configuration(self, simpy_env, life_time): ''' this method prepares the configuration on the side of the ECU simulation. It sets up the defined environment by mapping the ECU Ids as they are defined in the battery management system on the ECUs and the defined specs. So the constellation used is implemented here. Input: simpy_env simpy.Environment environment used in the battery management system life_time float life time of the simulation Output: - ''' # lifetime life_time = 50000 # logging # api_log_path = os.path.join(os.path.dirname(__file__), "../logs/api.log") # api.show_logging(logging.INFO, api_log_path, True) # create environment sim_env = api.create_environment(life_time) sim_env.set_env(simpy_env) ecu_list = [] # generate a ecu from the ECU specs setting the adapter for ecu_id in self.available_can_adapters(): # logging.info("ECU ID %s: " % ecu_id) # define individual ECU Spec ecu_spec = copy.deepcopy(self._ecu_spec) ecu_class_name = self._ecu_class_name if ecu_id in self._individual_spec: ecu_spec = self._individual_spec[ecu_id][0] ecu_class_name = self._individual_spec[ecu_id][1] ecu_spec.ecu_id_list = [str(ecu_id)] # create ecu ecu = api.set_ecus(sim_env, 1, ecu_class_name, ecu_spec)[0] ecu_list += [ecu] # connect ecu to adapter ecu.connect_adapter(self.can_bus_adapter[ecu_id]) # add security module # create ECU specification ecu_spec = SimpleECUSpec(['SEC 1'], 200000, 200000) # 200 KB ecu_spec.set_ecu_setting('t_ecu_auth_trigger_process', 0) ecu_spec.set_ecu_setting('t_ecu_auth_trigger_intervall', 80000) ecu_spec.set_apply_jitter(0.0001) sec_mod_group = api.set_ecus(sim_env, 1, 'SecLwAuthSecurityModule', ecu_spec) security_module = sec_mod_group[0] # connect to one bus # create the bus specifications bus_spec = SimpleBusSpec(['CAN_0']) api.set_busses(sim_env, 1, 'StdCANBus', bus_spec) api.connect_bus_by_obj(sim_env, 'CAN_0', ecu_list + sec_mod_group) # security constellation all_ecu_groups = [ecu_list] api.register_ecu_groups_to_secmod(sim_env, sec_mod_group[0].ecu_id, all_ecu_groups) certificate_manager = api.create_cert_manager() all_created_ecus = api.ecu_list_from_groups([all_ecu_groups]) ecu_ids = [str(ecu.ecu_id) for ecu in all_created_ecus] for ecu_id in ecu_ids: api.generate_valid_ecu_cert_cfg(certificate_manager, ecu_id, CAEnum.CA_L313, security_module.ecu_id, 0, float('inf')) api.generate_valid_sec_mod_cert_cfg(certificate_manager, security_module.ecu_id, CAEnum.CA_L313, ecu_ids, 0, float('inf')) api.apply_certification(sim_env, certificate_manager) # define allowed streams -------------------------------------------------------------- TODO very IMPORTANT for broadcast_stream_id in [0x0080, 0x0081, 0x0082, 0x0083, 0x0012, 0x0013, 0x0020, 0x00A0, 0x00A1 ]: for ecu_id in ecu_ids: lst = copy.deepcopy(ecu_ids) lst.remove(ecu_id) stream = MessageStream(ecu_id, lst, broadcast_stream_id, float('inf'), 0, float('inf')) api.add_allowed_stream(sim_env, security_module.ecu_id, stream) # -------------------------------------------------------------- TODO very IMPORTANT # set gateways api.autoset_gateway_filters(sim_env, sec_mod_group[0].ecu_id) # set timing functions function_set = TimingFunctionSet() ecu_func_set = StdSecurLwSecModTimingFunctions(main_library_tag='CyaSSL') ecu_func_set.library_tags['t_ecu_auth_reg_msg_validate_cert'] = 'Crypto_Lib_SW' function_set.set_mapping_from_function_set(security_module.ecu_id, ecu_func_set) api.apply_timing_functions_set(sim_env, security_module.ecu_id, function_set) function_set_2 = TimingFunctionSet() ecu_func_set = StdSecurECUTimingFunctions(main_library_tag='CyaSSL') ecu_func_set.library_tags['t_adv_msg_secmodcert_enc'] = 'Crypto_Lib_SW' for ecu_id in ecu_ids: function_set_2.set_mapping_from_function_set(ecu_id, ecu_func_set) api.apply_timing_functions_set(sim_env, ecu_id, function_set_2) # add monitor if self._monitor and self._result_reader: api.connect_monitor(sim_env, self._monitor, 0.5) api.connect_result_reader(sim_env, self._monitor, self._result_reader) # run view if defined if self._view: self._view.show(self._result_reader, self._view_options, self.q_application) # run simulation api.open_simulation_stop_button(sim_env) api.build_simulation(sim_env) api.run_simulation(sim_env)
# CONNECT CAN 0 via GW1 to CAN 1 // CONNECT CAN 1 via GW 2 to CAN 2 api.connect_bus_by_obj(my_env, 'CAN_0', ecu_group_1 + sec_mod_group + gateway_group_1) api.connect_bus_by_obj(my_env, 'CAN_1', gateway_group_1 + ecu_group_3) api.connect_bus_by_obj(my_env, 'CAN_2', ecu_group_4 + gateway_group_1) # GATEWAY BUS DEPENDENT FILTER # filters incoming messages, so all messages in fst that are coming from bus CAN_0 are allowed the rest is filtered # GW1 allows only CAN_TEST_MSG to be forwarded when coming from can_0 # fst = [can_registration.CAN_TEST_MSG] # scd = can_registration.AUTH_MESSAGES + [500] # api.gateway_filter_bus(gateway_group_1, {'CAN_0':[1,2,3,4,5], 'CAN_1':[1,2,3,4,5,2730,511]}) # api.gateway_filter_sending_bus(gateway_group_1, {'CAN_0':[1, 2, 3, 4, 2730, 5, 6, 7, 8, 9], 'CAN_1':[1, 2, 3, 4, 5, 6, 7, 8, 9, 2730, 511], 'CAN_2':[1, 2, 3, 4, 5, 6, 7, 8, 9, 2730, 511]}) api.register_ecu_groups_to_secmod(my_env, sec_mod_group[0].ecu_id, [ecu_group_1 + ecu_group_3 + ecu_group_4]) certeros = api.create_cert_manager() ecu_ids = [] for ecu in APICore()._ecu_list_from_groups( [[ecu_group_1 + ecu_group_3 + ecu_group_4]]): # UNINTENDED HACK if isinstance(ecu, CANGateway): continue ecu_ids += [ecu.ecu_id] api.generate_valid_ecu_cert_cfg(certeros, ecu.ecu_id, CAEnum.CA_L313, 'SEC 1', 0, float('inf')) api.generate_valid_sec_mod_cert_cfg(certeros, 'SEC 1', CAEnum.CA_L313, ecu_ids, 0, float('inf')) api.apply_certification(my_env, certeros) stream_1 = MessageStream('RegularSecureECU_15',