Detailed Description

This module implements the variables and callback functions for the add-on CANopen Secure Configuration. The module adds the following objects to the object dictionary:

Index	Description	Function / Variable	Configuration Symbol
2D10_h	Secure Object Dictionary	CosSecureConfig_Idx2D10()	-
2D11_h	Secure DCF Configuration	CosSecureConfig_Idx2D11()	-
2D12_h	Secure Configuration Checksum	CosSecureConfig_Idx2D12()	-
2D14_h	Secure Configuration Status	CosSecureConfig_Idx2D14()	-
2D16_h	Secure Configuration Error History	CosSecureConfig_Idx2D16()	-
2D18_h	Secure Authentication Seed	CosSecureConfig_Idx2D18()	-

The symbol COS_SECURE_CONFIG_SUPPORT must be configured (file cos_conf.h) to enable this add-on.

Authentication

The CANopen device has to ensure that the CANopen manager is entitled to perform changes in a secured object dictionary. For that reason, a seed/nonce procedure is implemented which allows to identify the CANopen manager.

The server generates a random seed (see function CosSecureConfigGetSeed()) which is used to create a nonce (see function CosSecureConfigBuildNonce()) by the server and the manager. The nonce is valid for a maximum duration of 1 second. The nonce can be used only once to gain write access to objects 2D10_h and 2D11_h. Access to other objects by the CANopen manager will destroy the nonce.

Storage of Secure Concise DCF

A full configuration of the CANopen device shall be issued by the CANopen manager for the very first configuration process. A full configuration is marked by bit 0 inside the flags field of the secure DCF header. The Secure Concise DCF can be stored by writing the value save to object 1010_h. Please note that this operation must be the last entry inside the Secure Concise DCF. The contents of the Secure Concise DCF is not written by means of McNvmWrite() to a non-volatile memory. Instead, a specific API is provided, as shown in the following picture.

The functions CosSecureConfigFileLoad() and CosSecureConfigFileSave() are used for that purpose, an example is provided in the file cos_user.c .

Event handling

Operations executed by the Secure Configuration module can be monitored by the CosSecureConfigEvent() function.

Include dependency graph for cos_secure_config.h:

Macros
#define	COS_SECURE_CONFIG_VERSION_MAJOR 1
#define	COS_SECURE_CONFIG_VERSION_MINOR 4

Enumerations
enum	CosSecureConfigEvent_e { eCOS_SECURE_CONFIG_EVENT_START_FULL = 1 , eCOS_SECURE_CONFIG_EVENT_START_PART = 2 , eCOS_SECURE_CONFIG_EVENT_DESTROY_NONCE = 3 , eCOS_SECURE_CONFIG_EVENT_ALLOW_ACCESS = 4 , eCOS_SECURE_CONFIG_EVENT_BLOCK_ACCESS = 5 , eCOS_SECURE_CONFIG_EVENT_DCF_APPLIED = 6 , eCOS_SECURE_CONFIG_EVENT_DCF_FAILED = 7 }

Functions
bool_t	CosSecureConfigAccessAllowed (uint16_t uwIndexV, uint8_t ubSubIndexV)
uint8_t *	CosSecureConfigBufferAllocate (uint32_t ulSizeV)
void	CosSecureConfigBufferRelease (void)
uint64_t	CosSecureConfigBuildNonce (uint64_t uqSeedV)
void	CosSecureConfigEvent (uint8_t ubSecureConfigEventV)
uint8_t	CosSecureConfigFileLoad (void)
uint8_t	CosSecureConfigFileSave (uint8_t *pubSecureConfigV, uint32_t ulSizeV)
uint8_t *	CosSecureConfigGetDcfBuffer (uint32_t ulSizeV)
uint64_t	CosSecureConfigGetSeed (void)

Enumeration Type Documentation

◆ CosSecureConfigEvent_e

enum CosSecureConfigEvent_e

The possible values for Secure Configuration events are listed in this enumeration. The function CosSecureConfigEvent() is called to inform the application about possible events.

Enumerator
eCOS_SECURE_CONFIG_EVENT_START_FULL	Start full configuration, triggered upon write access to object 2D11_h
eCOS_SECURE_CONFIG_EVENT_START_PART	Start partial configuration, triggered upon write access to object 2D11_h
eCOS_SECURE_CONFIG_EVENT_DESTROY_NONCE	Nonce was destroyed
eCOS_SECURE_CONFIG_EVENT_ALLOW_ACCESS	Allow write access to object dictionary, triggered upon write access to object 2D10_h
eCOS_SECURE_CONFIG_EVENT_BLOCK_ACCESS	Block write access to object dictionary, triggered upon write access to object 2D10_h
eCOS_SECURE_CONFIG_EVENT_DCF_APPLIED	Secure Concise DCF has been applied
eCOS_SECURE_CONFIG_EVENT_DCF_FAILED	Secure Concise DCF has not been applied, check for configuration error

Function Documentation

◆ CosSecureConfigAccessAllowed()

bool_t CosSecureConfigAccessAllowed	(	uint16_t	uwIndexV,
		uint8_t	ubSubIndexV )

Parameters

[in]	uwIndexV	Index of data element
[in]	ubSubIndexV	Sub-Index of data element

Returns: true if write access is allowed, otherwise false

Note: The code located in the file cos_user.c provides an example and has to be adopted to the application.

This function is called by the protocol stack during upon SDO / USDO access. In case the write access to the data element defined by uwIndexV and ubSubIndexV is allowed the function shall return true. By means of this function an application can allow exceptions to blocking any write access.

bool_t  CosSecureConfigAccessAllowed(uint16_t uwIndexV, uint8_t ubSubIndexV)
{
   bool_t btResultT = false;     // deny write access as default
 
   //---------------------------------------------------------------------------------------------------
   // accept write access to object 1017:00h as exception
   //
   if ((uwIndexV == 0x1017) && (ubSubIndexV == 0x00))
   {
      btResultT = true;
   }
 
   return (btResultT);
}

◆ CosSecureConfigBufferAllocate()

uint8_t * CosSecureConfigBufferAllocate ( uint32_t ulSizeV )

Parameters

[in] ulSizeV Allocation size in number of bytes

Returns: Pointer to allocated memory

See also: CosSecureConfigBufferRelease()

Note: The code located in the file cos_user.c provides an example and has to be adopted to the application.

This function shall allocate at least ulSizeV number of bytes as intermediate buffer when a DCF is written to object 2D11_h (Secure DCF Configuration). The buffer can be release after the Secure DCF Configuration has been processed (refer to CosSecureConfigBufferRelease()).

◆ CosSecureConfigBufferRelease()

void CosSecureConfigBufferRelease ( void )

See also: CosSecureConfigBufferAllocate()

Note: The code located in the file cos_user.c provides an example and has to be adopted to the application.

This function releases memory which has been allocated by CosSecureConfigBufferAllocate().

◆ CosSecureConfigBuildNonce()

uint64_t CosSecureConfigBuildNonce ( uint64_t uqSeedV )

Parameters

[in] uqSeedV Seed value

Returns: Nonce for Secure Configuration process

See also: CosSecureConfigGetSeed()

Note: The code located in the file cos_user.c provides an example and has to be adopted to the application.

This function shall calculate a nonce (i.e. an arbitrary number used only once in a cryptographic communication) based on the parameter uqSeedV. This function is called by the protocol stack upon read access to object 2D18_h (Secure Authentication Seed). The value of parameter uqSeedV is identical to the return value of CosSecureConfigGetSeed().

uint64_t CosSecureConfigBuildNonce(uint64_t uqSeedV)
{
   uint64_t uqResultT = uqSeedV;
 
   uqResultT += 1;
 
   return (uqResultT);
}

◆ CosSecureConfigEvent()

void CosSecureConfigEvent ( uint8_t ubSecureConfigEventV )

Parameters

[in] ubSecureConfigEventV Configuration event

Note: The code located in the file cos_user.c provides an example and has to be adopted to the application.

This function is called by the protocol stack in case of the following events:

Start of full configuration
Start of partial configuration
Nonce destroyed
Block write access to object dictionary
Allow write access to object dictionary

Possible values for parameter ubSecureConfigEventV are defined by the enumeration CosSecureConfigEvent_e.

void CosSecureConfigEvent(uint8_t ubSecureConfigEventV)
{
   switch (ubSecureConfigEventV)
   {
      case eCOS_SECURE_CONFIG_EVENT_START_FULL:
 
         break;
 
      case eCOS_SECURE_CONFIG_EVENT_START_PART:
 
         break;
 
      case eCOS_SECURE_CONFIG_EVENT_DESTROY_NONCE:
 
         break;
 
      case eCOS_SECURE_CONFIG_EVENT_ALLOW_ACCESS:
 
         break;
 
      case eCOS_SECURE_CONFIG_EVENT_BLOCK_ACCESS:
 
         break;
 
      case eCOS_SECURE_CONFIG_EVENT_DCF_APPLIED:
 
         break;
 
      case eCOS_SECURE_CONFIG_EVENT_DCF_FAILED:
 
         break;
 
   }
}

◆ CosSecureConfigFileLoad()

uint8_t CosSecureConfigFileLoad ( void )

Returns: eCOS_ERR_NONE on success, eCOS_ERR_PARM_LOAD on failure

Note: The code located in the file cos_user.c provides an example and has to be adopted to the application.

This function is used to load a concise DCF file. The function is called by the protocol stack. The function does not load the secure DCF from a non-volatile memory via the McNvmRead() call. Instead, the application must care how to load the data.

uint8_t CosSecureConfigFileLoad(void)
{
   uint8_t  ubResultT = eCOS_ERR_PARM_LOAD;
   uint8_t  *pubSecureConfigT = (uint8_t *) 0L;
   uint32_t ulSizeT = 0;
 
   //---------------------------------------------------------------------------------------------------
   // get Secure Concise DCF data here and setup the variables 'pubSecureConfigT' and 'ulSizeT'
   //
 
   //---------------------------------------------------------------------------------------------------
   // provide data to secure config module
   //
   ubResultT = CosSecureConfigParmLoad(pubSecureConfigT, ulSizeT);
 
   return (ubResultT);
}

◆ CosSecureConfigFileSave()

uint8_t CosSecureConfigFileSave	(	uint8_t *	pubSecureConfigV,
		uint32_t	ulSizeV )

Parameters

[in]	pubSecureConfigV	Pointer to Secure Concise DCF file structure
[in]	ulSizeV	Size if Secure Concise DCF file structure

Note: The code located in the file cos_user.c provides an example and has to be adopted to the application.

Returns: eCOS_ERR_NONE on success, eCOS_ERR_PARM_SAVE on failure

This function is used to store a Secure Concise DCF file. The function is called by the protocol stack upon save command to object 1010_h (save all or save manufacturer-specific objects).

◆ CosSecureConfigGetDcfBuffer()

uint8_t * CosSecureConfigGetDcfBuffer ( uint32_t ulSizeV )

Parameters

[in] ulSizeV Allocation size in number of bytes

Returns: Pointer to allocated memory

See also: CosSecureConfigBufferAllocate()

Note: The code located in the file cos_user.c provides an example and has to be adopted to the application.

This function shall allocate at least ulSizeV number of bytes as process buffer when a DCF is written to object 2D11_h (Secure DCF Configuration). The function is only called when a full configuration is done. The allocated buffer and size is required when the secure DCF file shall be stored by means of CosSecureConfigFileSave().

◆ CosSecureConfigGetSeed()

uint64_t CosSecureConfigGetSeed ( void )

Returns: Seed for Secure Configuration process

See also: CosSecureConfigBuildNonce()

Note: The code located in the file cos_user.c provides an example and has to be adopted to the application.

This function returns a random seed for calculation of a nonce which is required for the Secure Configuration process. This function is called by the protocol stack upon read access to object 2D18_h (Secure Authentication Seed).

uint64_t CosSecureConfigGetSeed(void)
{
   static uint64_t uqSeedS = 41;
 
   uqSeedS++;
   return (uqSeedS);
}

Detailed Description

Authentication

Storage of Secure Concise DCF

Event handling

Macros

Enumerations

Functions

Enumeration Type Documentation

◆ CosSecureConfigEvent_e

Function Documentation

◆ CosSecureConfigAccessAllowed()

◆ CosSecureConfigBufferAllocate()

◆ CosSecureConfigBufferRelease()

◆ CosSecureConfigBuildNonce()

◆ CosSecureConfigEvent()

◆ CosSecureConfigFileLoad()

◆ CosSecureConfigFileSave()

◆ CosSecureConfigGetDcfBuffer()

◆ CosSecureConfigGetSeed()