LoginSignup
0
0

Specification of Cryptography, AUTOSAR 883, R23-11, AP

Last updated at Posted at 2024-01-02

AUTOSARが2023年版、R23-11を公開しました。
https://www.autosar.org/fileadmin/standards/R23-11/AP/AUTOSAR_AP_SWS_Cryptography.pdf

R22-11
https://www.autosar.org/fileadmin/standards/R22-11/AP/AUTOSAR_SWS_Cryptography.pdf

R21-11
https://www.autosar.org/fileadmin/standards/R21-11/AP/AUTOSAR_SWS_Cryptography.pdf

R20-11
https://www.autosar.org/fileadmin/standards/R20-11/AP/AUTOSAR_SWS_Cryptography.pdf

R19-11
https://www.autosar.org/fileadmin/standards/R19-11/AP/AUTOSAR_SWS_Cryptography.pdf

文書は検索してダウンロードできます。
https://www.autosar.org/

<この項は書きかけです。順次追記します。>
This article is not completed. I will add some words in order.

Release Overviews

AUTOSARには現在3つの分類があります。Foundation, CAN OSEK/VDXのClassic Platform, Ethernet/TCP/IP POSIXのAdaptive Platform.

Foundation Release Overview, AUTOSAR 781, R23-11, FO
https://qiita.com/kaizen_nagoya/items/f249bdb8c313d8bff883

Classic Platform Release Overview, AUTOSAR No.0 ,R23-11, CP
https://qiita.com/kaizen_nagoya/items/9d22c8722cbc0f42b137

Adaptive Platform Release Overview, AUTOSAR 782, R23-11, AP
https://qiita.com/kaizen_nagoya/items/13a104606a34fe24fcf7

Qiita 記事一覧

Autosar Foundation R23-11 一覧
https://qiita.com/kaizen_nagoya/items/c30674cb2dac2fcbbd04

AUTOSAR Adaptive Platform R23-11一覧
https://qiita.com/kaizen_nagoya/items/1dece8799a730367b0dc

Autosar Classic Platform R23-11 一覧
https://qiita.com/kaizen_nagoya/items/f770f6c2906e1dcbf180

文書変更(Document Change)

• Improved Crypto API Functional specification in Chapter 7
• Improved Chapter 8. API specification
• Added initial version from Chapter 5. Dependencies to other functional clusters

用語(terms)

短縮名(short name)

Abbreviation / Acronym Description
ACL Access Control List
AE Authenticated Encryption
AEAD Authenticated Encryption with Associated Data - Encryption scheme which simultaneously provides confidentiality and authenticity of data as well as additional authenticated but not encrypted data.
AES Advanced Encryption Standard - A block cipher for the symmetric encryption of electronic data.
API Abstract Programming Interface
ARA Autosar Runtime Environment for Adaptive Applications
ASN.1 Abstract Syntax Notation One, as defined in the ASN.1 standards
BER Basic Encoding Rules
BLOB Binary Large Object - A Binary Large OBject (BLOB) is a collection of binary data stored as a single entity.
CA Certificate Authority or Certification Authority is an entity that issues digital certificates.
CBC Cipher Block Chaining Mode - A mode of operation for symmetric ciphers (e.g. AES) that supports encryption.
CBC-MAC Cipher Block Chaining Message Authentication Mode - A mode of operation for symmetric ciphers (e.g. AES) that supports authentication.
CCM Counter Mode with CBC-MAC - An AEAD operation mode (encryption and authentication) for AES.
CMAC Cipher-based Message Authentication Code - A mode of operation for symmetric ciphers (e.g. AES) that supports authentication and is similar but advanced to CBC-MAC.
CMP X.509 Certificate Management Provider.
CO Cryptographic Object
COUID Cryptographic Object Unique Identifier
CRL Certificate Revocation Lists is a list of digital certificates that have been revoked before their expiration date was reached. This list contains all the serial numbers of the revoked certificates and the revoked data.
CSR Certificate Signing Request
CTL Certificate Trust List is a list of digital certificates that are explicitly trusted in this environment. This list contains all the serial numbers of the explicitly trusted certificates.
DER Distinguished Encoding Rules as defined in [2]
DH Diffie-Hellman (key exchange method)
ECC Elliptic Curve Cryptography - Public-key cryptography based on the structure of elliptic curves.
ECDH Elliptic Curve Diffie-Hellman - An ECC based DH key exchange with perfect forward secrecy.
ECDSA Elliptic Curve Digital Signature Algorithm - An ECC based signature scheme.
ECIES Elliptic Curve Integrated Encryption Scheme - An ECC based encryption scheme.
ECU Electronic Control Unit
FC Crypto Functional cluster Cryptography. This is the AUTOSAR cluster, which provides all important functionality related to cryptograhic, key management, and certificate handling needs.
gamma linear recurrent sequence
GCM Galois Counter Mode - An AEAD operation mode (encryption and authentication) for AES.
GMAC Galois MAC - A mode of operation for symmetric ciphers (e.g. AES) that supports authentication.
HSM Hardware Security Module - Hardware security module, used to store cryptographic credentials and secure run-time environment
HMAC Hashed Message Authentication Code
IETF Internet Engineering Task Force
IKE Internet Key Exchange
IPC Inter-Process Communication
IPsec Internet Protocol Security (IPsec) is a secure network protocol suite that authenticates and encrypts the packets of data to provide secure encrypted communication between two computers over an Internet Protocol network.
IV Initialization Vector
KDF Key Derivation Function - A function to derive one or more keys from a secret value.
KEK Key encryption key - A key that is used to encrypt another key for transportation or storage in an unsecure environment
KSP Key Storage Provider
MAC Message Authentication Code - A cryptographic function similar to a hash function. It takes a message of variable length and a secret key as input to generate a hash value, the MAC value. The MAC value is attached to the message to be sent. The receiver of the message can recalculate the MAC value to check if the message is authentic.
MGF Mask Generation Function - A cryptographic function similar to a hash function. It takes a variable length input and an output length l to generate an output of length l. If the input is unknown, the output appears random.
OCSP Online Certificate Status Protocol - Internet protocol used to obtain revocation status of X.509 certificates.
PEM Privacy-Enhanced Mail
PKI Public Key Infrastructure - A system that issues, distributes, and checks digital certificates.
PKCS Public Key Cryptography Standard.
RA Registration Authority
RNG Random Number Generator
RSA Rivest, Shamir, Adleman - RSA is an algorithm for public-key cryptography; It is named after its inventors Ronald L. Rivest, Adi Shamir and Leonard Adleman.
SecOC Secure Onboard Communication
SHA-1 Secure Hash Algorithm (version 1) - Hash functions family.
SHA-2 Secure Hash Algorithm (version 2) - Hash functions family with different hash value length.
SHA-3 Secure Hash Algorithm (version 3) - New hash function generation, faster and more secure as SHA-2.
SHE Secure Hardware Extension
TLS Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network.
TPM The Trusted Platform Module is defined in [3] and is a secure cryptoprocessor.
UCM Update and Configuration Management
UID Unique Identifier
X.509 Standard for certificates

Term

Terms Description
Adaptive Application An adaptive application is a part of application SW in the architecture of Adaptive AUTOSAR. An adaptive application runs on top of ARA and accesses AUTOSAR functional clusters through ARA.
Adaptive Platform Services Adaptive Platform Services are located below the ARA. They provide platform standard services of Adaptive AUTOSAR.
Asymmetric Key An asymmetric key describes a pair of two keys (public and private key). A cipher text created by one key cannot be decrypted with this key. Encryption is only possible with the other key of this pair.
Block Cipher A symmetric encryption that encrypts plaintext blocks of fixed length.
certificate serial number An integer value, unique within the issuing authority, which is unambiguously associated with a certificate issued by that authority.
certification path An ordered list of one or more public-key certificates, starting with a public-key certificate signed by the trust anchor, and ending with the public key certificate to be validated. All intermediate public-key certificates, if any, are CA-certificates in which the subject of the preceding certificate is the issuer of the following certificate.
Ciphertext A ciphertext is an encrypted text, which is the result of encryption performed on plaintext.
CryptoAPI The set of all interfaces that are provided by FC Crypto to consumers.
Crypto Provider A structural element that organizes cryptographic primitives.
Cryptographic primitives Well-established, low-level cryptographic algorithms that are frequently used to build cryptographic protocols for computer security systems.
Distinguished name is originally defined in X.501 [4] as a representation of a directory name, defined as a construct that identifies a particular object from among a set of all objects.
Functional Cluster The SW functionality of ARA is divided into functional clusters. Functional clusters provide APIs and can communicate with each other.
Instance Specifier Crypto provider can have more than one instance. To distinguish between instances the spcific instance is addressed with an instance specifier. An instance specifier identifies one instance of a crypto provider.
Key Material public keys, private keys, seeds.
Key Slot Secure storage of key material. Key slots define the access to the stored key material and grant the access only to authorized application or functional cluster.
Key Storage Provider A structural element that organizes and manages cryptographic keys.
Nonce A nonce is a random or semi-random number that is generated for cryptographic topics. A nonce can be used as an input to a hash algorithm so that the hash algorithm computes a hash value out of two inputs
Plaintext A plaintext is ordinary readable text before being encrypted into ciphertext or after being decrypted.
Policy Decision Point A PDP defines which item (process, application, function) can decide if a requested access to resources may be granted or not.
Random Number Generator A program that generates random numbers or pseudo random numbers in a given range.
Salt A salt is a random or semi-random number which is created for passwords. When a password is edited for a user/account also a salt is created for this user/account. A hash algorithm creates a hash value of password and salt. Salts increase the security against brute force password guessing attacks.
SecretSeed A secret value that is used as an initial value to start encryption/decryption.
Stream Ciphe r A symmetric encryption that calculates cipher text out of streaming plaintext and the status result of the encryption of previous streamed plaintext. For the first part of encryption a start value is needed as status result.
Symmetric Key In a symmetric encryption the same key (symmetric key) is used to encrypt plaintext into cipher text and to decode cipher text into plain text. A symmetric key is also called secret key because it must be kept secret.
X.509 Provider Domain SW for X.509 certificates parsing, verification, storage and search.

References

[1] Glossary AUTOSAR_FO_TR_Glossary
https://www.autosar.org/fileadmin/standards/R23-11/FO/AUTOSAR_FO_TR_Glossary.pdf
[2] X.690 :Information technology - ASN.1 encoding rules:Specification of Basic En- coding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encod- ing Rules (DER)
https://www.itu.int/rec/T-REC-X.690
[3] ISO/IEC 11889-1:2015 Information technology - Trusted platform module library - Part 1:Architecture
https://www.iso.org
[4] X.501 :Information technology - Open Systems Interconnection - The Directory: Models
https://www.itu.int/rec/T-REC-X.501
[5] Specification of Adaptive Platform Core AUTOSAR_AP_SWS_Core
[6] Explanation of Adaptive Platform Software Architecture AUTOSAR_AP_EXP_SWArchitecture
[7] General Requirements specific to Adaptive Platform AUTOSAR_AP_RS_General
[8] Requirements on Cryptography AUTOSAR_AP_RS_Cryptography
[9] BSI:Functionality Classes and Evaluation Methodology for Deterministic Random Number Generators (AIS) https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Zertifizierung/Interpretationen /AIS_20_Functionality_Classes_Evaluation_Methodology_DRNG_e.pdf? __ blob=publicationFile[5]
[10] Recommendation for Pair-Wise Key-Establishment Schemes Using Discrete Log- arithm Cryptography https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Ar3.pdf
[11] Public Key Cryptography for the Financial Services Industry Key Agreement and Key Stransport Using Elliptic Curve Cryptography https://webstore.ansi.org/preview-pages/ASCX9/preview_ANSI+X9.63- 2011+(R2017).pdf
[12] Recommendation for Key Derivation Using Pseudorandom Functions (Revised) https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-108.pdf
[13] Elliptic Curve Cryptography
https://www.secg.org/sec1-v2.pdf
[14] ISO IEC 9797-3:2011 Amd 1:2020(en) Information technology - Security tech- niques - Message Authentication Codes (MAC)
https://www.iso.org
[15] HMAC:Keyed-Hashing for Message Authentication https://tools.ietf.org/html/rfc2104
[16] Updated Security Considerations the MD5 Message-Digest and the HMAC-MD5 Algorithms
https://tools.ietf.org/html/rfc6151
[17] Using Advanced Encryption Standard Counter Mode (AES-CTR) with the Internet Key Exchange version 02 (IKEv2) Protocol
https://rfc-editor.org/rfc/rfc5930.txt
[18] ChaCha20-Poly1305 Cipher Suites for Transport Layer Security (TLS) https://rfc-editor.org/rfc/rfc7905.txt
[19] TRIVIUM Specifications http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.59.9030
[20] PKCS #5:Password-Based Cryptography Specification Version 2.0 https://rfc-editor.org/rfc/rfc2898.txt
[21] PKCS #5:Password-Based Cryptography Specification Version 2.1 https://rfc-editor.org/rfc/rfc8018.txt
[22] PKCS #7:Cryptographic Message Syntax Version 1.5 https://rfc-editor.org/rfc/rfc2315.txt
[23] Financial institution encryption of wholesale financial messages:X9.23
[24] Advanced Encryption Standard (AES) Key Wrap Algorithm https://tools.ietf.org/html/rfc3394
[25] Advanced Encryption Standard (AES) Key Wrap with Padding Algorithm https://tools.ietf.org/html/rfc5649
[26] ISO/IEC 9796-2:2010 Information technology - Security techniques - Digital signa- ture schemes giving message recovery - Part 2:Integer factorization based mech- anisms
https://www.iso.org
[27] Use of Elliptic Curve Cryptography (ECC) Algorithms in Cryptographic Message Syntax (CMS)
https://rfc-editor.org/rfc/rfc3278.txt
[28] Use of Elliptic Curve Cryptography (ECC) Algorithms in Cryptographic Message Syntax (CMS)
https://rfc-editor.org/rfc/rfc5753.txt
[29] IEEE P1363:A Standard for RSA, Diffie-Hellman, and Elliptic-Curve Cryptography (Abstract)
[30] New directions in cryptography https://ieeexplore.ieee.org/document/1055638
[31] Specification of Secure Hardware Extensions AUTOSAR_FO_TR_SecureHardwareExtensions
[32] Guide for Internet Standards Writers https://tools.ietf.org/html/rfc2360
[33] X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP https://rfc-editor.org/rfc/rfc6960.txt
[34] Standard X.509 https://www.itu.int/rec/T-REC-X.509/en
[35] Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile
https://rfc-editor.org/rfc/rfc5280.txt
[36] PKCS #10:Certification Request Syntax Specification Version 1.7 https://tools.ietf.org/html/rfc2986
[37] The application/pkcs10 Media Type https://tools.ietf.org/html/rfc5967
[38] Internet X.509 Certificate Request Message Format https://tools.ietf.org/html/rfc2511
[39] Internet X.509 Public Key Infrastructure Certificate Request Message Format (CRMF)
https://tools.ietf.org/html/rfc4211
[40] S/MIME Version 2 Message Specification https://tools.ietf.org/html/rfc2311
[41] Public-Key Cryptography Standards (PKCS) #8:Private-Key Information Syntax Specification Version 1.2
https://rfc-editor.org/rfc/rfc5208.txt
[42] PKCS #12:Personal Information Exchange Syntax v1.1 https://tools.ietf.org/html/rfc7292
[43] X.680 :Information technology - Abstract Syntax Notation One (ASN.1):Specifica- tion of basic notation
https://www.itu.int/rec/T-REC-X.680
[44] X.682 :Information technology - Abstract Syntax Notation One (ASN.1):Constraint specification
https://www.itu.int/rec/T-REC-X.682
[45] X.683 :Information technology - Abstract Syntax Notation One (ASN.1):Parame- terization of ASN.1 specifications
https://www.itu.int/rec/T-REC-X.683
[46] Keying and Authentication for Routing Protocols (KARP) Design Guidelines https://tools.ietf.org/html/rfc6518
[47] Internationalized Email Addresses in X.509 Certificates https://tools.ietf.org/html/rfc8398
[48] Internationalization Updates to RFC 5280 https://tools.ietf.org/html/rfc8399
[49] Transport Layer Security (TLS) Extensions:Extension Definitions https://tools.ietf.org/html/rfc6066
[50] The Transport Layer Security (TLS) Multiple Certificate Status Request Extension https://tools.ietf.org/html/rfc6961
[51] The Transport Layer Security (TLS) Protocol Version 1.3 https://tools.ietf.org/html/rfc8446

補足資料(Additions)

祝休日・謹賀新年:2024年の目標
https://qiita.com/kaizen_nagoya/items/b659d922327a7dcdc898

2023 Countdown Calendar 主催・参加一覧
https://qiita.com/kaizen_nagoya/items/c4c2f08ac97f38d08543

CountDownCalendar月間 いいねをいただいた記事群 views 順
https://qiita.com/kaizen_nagoya/items/583c5cbc225dac23398a

Countdown Calendar 2023, 百記事目を書くにあたって。
https://qiita.com/kaizen_nagoya/items/45185a04cfd88b71256a

1年間をまとめた「振り返りページ」@2023
https://qiita.com/kaizen_nagoya/items/bcd1ebd49d3a9e8c7a90

AUTOSAR 文書番号
https://qiita.com/kaizen_nagoya/items/8b894228a0b76c2265c7

AUTOSAR Countdown Calendar 2023
https://qiita.com/advent-calendar/2023/autosar

AUTOSAR Abstract Platformへの道 R22-11
https://qiita.com/kaizen_nagoya/items/8ac2826635a8c536c7ec

自動車 記事 100
https://qiita.com/kaizen_nagoya/items/f7f0b9ab36569ad409c5

Basic principles, ボッシュ自動車handbook(英語)11版まとめ<2>
https://qiita.com/kaizen_nagoya/items/24a1ba5da3d09b2a95d1

JAXA/IPA クリティカルソフトウェアワークショップ WOCS言語関連発表(改定版)
https://qiita.com/kaizen_nagoya/items/4789832baf494cb74626

<この記事は個人の過去の経験に基づく個人の感想です。現在所属する組織、業務とは関係がありません。>
This article is an individual impression based on the individual's experience. It has nothing to do with the organization or business to which I currently belong.

文書履歴(document history)

ver. 0.01 初稿  20240102

最後までおよみいただきありがとうございました。

いいね 💚、フォローをお願いします。

Thank you very much for reading to the last sentence.

Please press the like icon 💚 and follow me for your happy life.

0
0
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
0
0