In this article I will discuss about Crypto Stack in AUTOSAR which is responsible to provide cryptographic services to the application. Crypto stack consists of CSM (Crypto Service Manager), CryIf (Crypto Abstraction Layer), Software/Hardware Crypto Driver.
Crypto Service Manager (CSM) is a Service layer module which provides standard interface to the application to access basic cryptographic services provided by the Software/Hardware crypto driver. These services can be accessed by application synchronously (services are completed when the function returns) or asynchronously (callback routine is called on completion of the service).
Crypto Interface (CryIf) is an ECU abstraction layer module which abstracts the services provided by the low level Software/Hardware driver from CSM, so that CSM can provide a standardized interface to the application.
Crypto Driver is an MCAL module which has an implementation for a cryptographic service. It can be software or a hardware module. Hardware is also used to provide the functionality but it is then mostly accessed using an SPI handler.
Crypto Stack in AUTOSAR can be used to provide interface for HASH, MAC, Encryption/Decryption, Authenticated Encryption with Associated Data, Signature, Secure Counter, Random Numbers and Key Management.
I will explain the usage of the HASH service from the service layer: The configuration of the HASH interface to use the SHA256/SHA384/SHA512 (there are many other HASH algorithms) is done in the CSM module by configuring the crypto primitive (Crypto Object in driver) as SHA256/SHA384/SHA512 for a job (configuration object referring to a primitive). This job is then referred from the CSM layer using a generic interface with job id as a parameter. CSM keys, channel, queue, priority and type of job (synchronous or asynchronous) are also defined for a job.
CSM defines different operations for the Crypto Services. These operations are START, UPDATE and FINISH. START operation defines a new operation with new initialization parameter. UPDATE operation expects input data and can provide intermediate results. FINISH operation indicates end of data and conclusion of operation.
When HASH algorithm is performed on a chunk of data, operation is passed as an input parameter to the Csm_Hash function (START UPDATE FINISH). If complete data is not provided as input at once, Csm_Hash can be called multiple times with operation as UPDATE and then FINISH operation is called to get the final results.