def create_aut_env(self): # Spaeter on Button Click z.B. ''' this method creates the simulation''' api_log_path = os.path.join(os.path.dirname(__file__), "../logs/api.log") api.show_logging(logging.INFO, api_log_path, True) my_env = api.create_environment(2500) ecu_spec = SimpleECUSpec([], 200, 200) ecu_group_1 = api.set_ecus(my_env, 10, 'SecureECU', ecu_spec) ecu_spec = SimpleECUSpec(['SEC 1'], 200, 200) ecu_spec.set_ecu_setting('t_ecu_auth_trigger_process', 100) ecu_spec.set_ecu_setting('t_ecu_auth_trigger_intervall', 1000) sec_mod_group = api.set_ecus(my_env, 1, 'SecLwAuthSecurityModule', ecu_spec) bus_spec = SimpleBusSpec(['CAN_0']) bus_group = api.set_busses(my_env, 1, 'StdCANBus', bus_spec) api.connect_bus_by_obj(my_env, 'CAN_0', ecu_group_1 + sec_mod_group) api.register_ecu_groups_to_secmod(my_env, sec_mod_group[0].ecu_id, [ecu_group_1]) certeros = api.create_cert_manager() for ecu in APICore()._ecu_list_from_groups([[ecu_group_1]]): # UNINTENDED HACK api.generate_valid_ecu_cert_cfg(certeros, ecu.ecu_id, CAEnum.CA_L313, 'SEC 1', 0, float('inf')) api.generate_valid_sec_mod_cert_cfg(certeros, 'SEC 1', CAEnum.CA_L313, 0, float('inf')) api.apply_certification(my_env, certeros) stream_1 = MessageStream(my_env.get_env(), 'SecureECU_0', ['SecureECU_1', 'SecureECU_4', 'SecureECU_5'], 13, float('inf'), 0, float('inf')) stream_2 = MessageStream(my_env.get_env(), 'SecureECU_1', ['SecureECU_3', 'SecureECU_2', 'SecureECU_5'], 12, float('inf'), 0, float('inf')) stream_3 = MessageStream(my_env.get_env(), 'SecureECU_0', ['SecureECU_4', 'SecureECU_1', 'SecureECU_5'], 222, float('inf'), 0, float('inf')) stream_4 = MessageStream(my_env.get_env(), 'SecureECU_3', ['SecureECU_0', 'SecureECU_1', 'SecureECU_5'], 11, float('inf'), 0, float('inf')) stream_5 = MessageStream(my_env.get_env(), 'SecureECU_4', ['SecureECU_2', 'SecureECU_1', 'SecureECU_3'], 500, float('inf'), 0, float('inf')) api.add_allowed_stream(my_env, 'SEC 1', stream_1) api.add_allowed_stream(my_env, 'SEC 1', stream_2) api.add_allowed_stream(my_env, 'SEC 1', stream_3) api.add_allowed_stream(my_env, 'SEC 1', stream_4) api.add_allowed_stream(my_env, 'SEC 1', stream_5) t_set = TimingFunctionSet() ecu_func_set = StdSecurLwSecModTimingFunctions(main_library_tag='CyaSSL') t_set.set_mapping_from_function_set('SEC 1', ecu_func_set) api.apply_timing_functions_set(my_env, 'SEC 1', t_set) t_set2 = TimingFunctionSet() ecu_func_set = StdSecurECUTimingFunctions(main_library_tag='CyaSSL') for ecu in APICore()._ecu_list_from_groups([[ecu_group_1]]): # UNINTENDED HACK t_set2.set_mapping_from_function_set(ecu.ecu_id, ecu_func_set) api.apply_timing_functions_set(my_env, ecu.ecu_id, t_set2) api.connect_monitor(my_env, self.monitor, 50) api.build_simulation(my_env) ''' start this in a new thread''' sim = SimulationThread(self, my_env) sim.start()
# scd = can_registration.AUTH_MESSAGES + [500] # api.gateway_filter_bus(gateway_group_1, {'CAN_0':[1,2,3,4,5], 'CAN_1':[1,2,3,4,5,2730,511]}) # api.gateway_filter_sending_bus(gateway_group_1, {'CAN_0':[1, 2, 3, 4, 2730, 5, 6, 7, 8, 9], 'CAN_1':[1, 2, 3, 4, 5, 6, 7, 8, 9, 2730, 511], 'CAN_2':[1, 2, 3, 4, 5, 6, 7, 8, 9, 2730, 511]}) api.register_ecu_groups_to_secmod(my_env, sec_mod_group[0].ecu_id, [ecu_group_1 + ecu_group_3 + ecu_group_4 ]) certeros = api.create_cert_manager() ecu_ids = [] for ecu in APICore()._ecu_list_from_groups([[ecu_group_1 + ecu_group_3 + ecu_group_4]]): # UNINTENDED HACK if isinstance(ecu, CANGateway): continue ecu_ids += [ecu.ecu_id] api.generate_valid_ecu_cert_cfg(certeros, ecu.ecu_id, CAEnum.CA_L313, 'SEC 1', 0, float('inf')) api.generate_valid_sec_mod_cert_cfg(certeros, 'SEC 1', CAEnum.CA_L313, ecu_ids, 0, float('inf')) api.apply_certification(my_env, certeros) stream_1 = MessageStream('RegularSecureECU_15', ['SecureECU_1', 'TEST ECU 9', 'TEST ECU 11'], can_registration.CAN_TEST_MSG, float('inf'), 0, float('inf')) stream_2 = MessageStream('RegularSecureECU_15', ['SecureECU_1', 'TEST ECU 12', 'SecureECU_5'], 16, float('inf'), 0, float('inf')) # stream_3 = MessageStream('SecureECU_0', ['SecureECU_4', 'SecureECU_1', 'SecureECU_5'], 222, float('inf'), 0, float('inf')) # stream_4 = MessageStream('SecureECU_3', ['SecureECU_0', 'SecureECU_1', 'SecureECU_5'], AbstractBusMessage.CAN_TEST_MSG_2, float('inf'), 0, float('inf')) # stream_5 = MessageStream('SecureECU_4', ['TEST ECU 9', 'SecureECU_1', 'SecureECU_3'], 500, float('inf'), 0, float('inf')) # stream_6 = MessageStream('RegularSecureECU_15', ["TEST ECU 10", 'SecureECU_1'], 16, float('inf'), 0, float('inf')) api.add_allowed_stream(my_env, 'SEC 1', stream_1) api.add_allowed_stream(my_env, 'SEC 1', stream_2) # api.add_allowed_stream(my_env, 'SEC 1', stream_3) # api.add_allowed_stream(my_env, 'SEC 1', stream_4) # api.add_allowed_stream(my_env, 'SEC 1', stream_5) # api.add_allowed_stream(my_env, 'SEC 1', stream_6)
certificate_manager = api.create_cert_manager() # create a certificate signed by CA CAEnum.CA_L313 defined in the CAHierarchy() that was defined in the # certificate manager. A custom CAHierarchy can be passed to the api.create_cert_manager() class all_created_ecus = api.ecu_list_from_groups([all_ecu_groups]) ecu_ids = [ecu.ecu_id for ecu in all_created_ecus] # generate certificates for the ECUs and setting root certificates to the corresponding security module for ecu_id in ecu_ids: api.generate_valid_ecu_cert_cfg(certificate_manager, ecu_id, CAEnum.CA_L313, security_module.ecu_id, 0, float('inf')) # generate a certificate in the security module and setting root certificates to all ecus passed in the list ecu_ids api.generate_valid_sec_mod_cert_cfg(certificate_manager, security_module.ecu_id, CAEnum.CA_L313, ecu_ids, 0, float('inf')) # apply the certification api.apply_certification(sim_env, certificate_manager) #=============================================================================== # Setup the streams #=============================================================================== # add allowed streams to the to the security module which is responsible for managing requested streams stream_1 = MessageStream('RegularSecureECU_15', ['RegularSecureECU_1', 'RegularSecureECU_18'], can_registration.CAN_TEST_MSG, float('inf'), 0, float('inf')) stream_2 = MessageStream('RegularSecureECU_15', ['Any_ECU_Name'], 16, float('inf'), 0, float('inf')) api.add_allowed_stream(sim_env, security_module.ecu_id, stream_1) api.add_allowed_stream(sim_env, security_module.ecu_id, stream_2) # this method defines the gateway filter in the following way # only streams are let pass that are headed in the right direction
def prepare_configuration(self, simpy_env, life_time): ''' this method prepares the configuration on the side of the ECU simulation. It sets up the defined environment by mapping the ECU Ids as they are defined in the battery management system on the ECUs and the defined specs. So the constellation used is implemented here. Input: simpy_env simpy.Environment environment used in the battery management system life_time float life time of the simulation Output: - ''' # lifetime life_time = 50000 # logging # api_log_path = os.path.join(os.path.dirname(__file__), "../logs/api.log") # api.show_logging(logging.INFO, api_log_path, True) # create environment sim_env = api.create_environment(life_time) sim_env.set_env(simpy_env) ecu_list = [] # generate a ecu from the ECU specs setting the adapter for ecu_id in self.available_can_adapters(): # logging.info("ECU ID %s: " % ecu_id) # define individual ECU Spec ecu_spec = copy.deepcopy(self._ecu_spec) ecu_class_name = self._ecu_class_name if ecu_id in self._individual_spec: ecu_spec = self._individual_spec[ecu_id][0] ecu_class_name = self._individual_spec[ecu_id][1] ecu_spec.ecu_id_list = [str(ecu_id)] # create ecu ecu = api.set_ecus(sim_env, 1, ecu_class_name, ecu_spec)[0] ecu_list += [ecu] # connect ecu to adapter ecu.connect_adapter(self.can_bus_adapter[ecu_id]) # add security module # create ECU specification ecu_spec = SimpleECUSpec(['SEC 1'], 200000, 200000) # 200 KB ecu_spec.set_ecu_setting('t_ecu_auth_trigger_process', 0) ecu_spec.set_ecu_setting('t_ecu_auth_trigger_intervall', 80000) ecu_spec.set_apply_jitter(0.0001) sec_mod_group = api.set_ecus(sim_env, 1, 'SecLwAuthSecurityModule', ecu_spec) security_module = sec_mod_group[0] # connect to one bus # create the bus specifications bus_spec = SimpleBusSpec(['CAN_0']) api.set_busses(sim_env, 1, 'StdCANBus', bus_spec) api.connect_bus_by_obj(sim_env, 'CAN_0', ecu_list + sec_mod_group) # security constellation all_ecu_groups = [ecu_list] api.register_ecu_groups_to_secmod(sim_env, sec_mod_group[0].ecu_id, all_ecu_groups) certificate_manager = api.create_cert_manager() all_created_ecus = api.ecu_list_from_groups([all_ecu_groups]) ecu_ids = [str(ecu.ecu_id) for ecu in all_created_ecus] for ecu_id in ecu_ids: api.generate_valid_ecu_cert_cfg(certificate_manager, ecu_id, CAEnum.CA_L313, security_module.ecu_id, 0, float('inf')) api.generate_valid_sec_mod_cert_cfg(certificate_manager, security_module.ecu_id, CAEnum.CA_L313, ecu_ids, 0, float('inf')) api.apply_certification(sim_env, certificate_manager) # define allowed streams -------------------------------------------------------------- TODO very IMPORTANT for broadcast_stream_id in [0x0080, 0x0081, 0x0082, 0x0083, 0x0012, 0x0013, 0x0020, 0x00A0, 0x00A1 ]: for ecu_id in ecu_ids: lst = copy.deepcopy(ecu_ids) lst.remove(ecu_id) stream = MessageStream(ecu_id, lst, broadcast_stream_id, float('inf'), 0, float('inf')) api.add_allowed_stream(sim_env, security_module.ecu_id, stream) # -------------------------------------------------------------- TODO very IMPORTANT # set gateways api.autoset_gateway_filters(sim_env, sec_mod_group[0].ecu_id) # set timing functions function_set = TimingFunctionSet() ecu_func_set = StdSecurLwSecModTimingFunctions(main_library_tag='CyaSSL') ecu_func_set.library_tags['t_ecu_auth_reg_msg_validate_cert'] = 'Crypto_Lib_SW' function_set.set_mapping_from_function_set(security_module.ecu_id, ecu_func_set) api.apply_timing_functions_set(sim_env, security_module.ecu_id, function_set) function_set_2 = TimingFunctionSet() ecu_func_set = StdSecurECUTimingFunctions(main_library_tag='CyaSSL') ecu_func_set.library_tags['t_adv_msg_secmodcert_enc'] = 'Crypto_Lib_SW' for ecu_id in ecu_ids: function_set_2.set_mapping_from_function_set(ecu_id, ecu_func_set) api.apply_timing_functions_set(sim_env, ecu_id, function_set_2) # add monitor if self._monitor and self._result_reader: api.connect_monitor(sim_env, self._monitor, 0.5) api.connect_result_reader(sim_env, self._monitor, self._result_reader) # run view if defined if self._view: self._view.show(self._result_reader, self._view_options, self.q_application) # run simulation api.open_simulation_stop_button(sim_env) api.build_simulation(sim_env) api.run_simulation(sim_env)
api.register_ecu_groups_to_secmod(my_env, sec_mod_group[0].ecu_id, [ecu_group_1 + ecu_group_3 + ecu_group_4]) certeros = api.create_cert_manager() ecu_ids = [] for ecu in APICore()._ecu_list_from_groups( [[ecu_group_1 + ecu_group_3 + ecu_group_4]]): # UNINTENDED HACK if isinstance(ecu, CANGateway): continue ecu_ids += [ecu.ecu_id] api.generate_valid_ecu_cert_cfg(certeros, ecu.ecu_id, CAEnum.CA_L313, 'SEC 1', 0, float('inf')) api.generate_valid_sec_mod_cert_cfg(certeros, 'SEC 1', CAEnum.CA_L313, ecu_ids, 0, float('inf')) api.apply_certification(my_env, certeros) stream_1 = MessageStream('RegularSecureECU_15', ['SecureECU_1', 'TEST ECU 9', 'TEST ECU 11'], can_registration.CAN_TEST_MSG, float('inf'), 0, float('inf')) stream_2 = MessageStream('RegularSecureECU_15', ['SecureECU_1', 'TEST ECU 12', 'SecureECU_5'], 16, float('inf'), 0, float('inf')) # stream_3 = MessageStream('SecureECU_0', ['SecureECU_4', 'SecureECU_1', 'SecureECU_5'], 222, float('inf'), 0, float('inf')) # stream_4 = MessageStream('SecureECU_3', ['SecureECU_0', 'SecureECU_1', 'SecureECU_5'], AbstractBusMessage.CAN_TEST_MSG_2, float('inf'), 0, float('inf')) # stream_5 = MessageStream('SecureECU_4', ['TEST ECU 9', 'SecureECU_1', 'SecureECU_3'], 500, float('inf'), 0, float('inf')) # stream_6 = MessageStream('RegularSecureECU_15', ["TEST ECU 10", 'SecureECU_1'], 16, float('inf'), 0, float('inf')) api.add_allowed_stream(my_env, 'SEC 1', stream_1) api.add_allowed_stream(my_env, 'SEC 1', stream_2)