Encryption Protocol Stack

ZC.MuNiu encryption protocol stack is mainly composed of four modules: Csm, CryIf, Crypto, and KeyM. The Csm module implements the encryption algorithm requirements for Cybersecurity software or hardware needed by users, such as AES-128, CMAC, HASH, TRNG, etc., through the configuration of CsmJobs, and provides interfaces for user calls. The CryIf module functions to connect the service layer Csm module with the hardware abstraction layer Crypto module, protecting the integrity and confidentiality of data through security functions such as encryption, decryption, verification, and authentication. The Crypto module implements the transfer of information data between the RH850 F1KM main core and the ICUM core. The KeyM module implements the management of keys and certificates, including the parsing and verification of keys and certificates downloaded into the ECU, and connecting to the ICMU kernel driver to store keys into the ICMU protected area.

木牛(MUNIU)CryptoLibrary

The software of CryptoLibrary is divided into two main parts:

1)   ICUM hardware cryptographic module firmware (zICUM CORE)

2)    CryptoStack (CSM, CRYIF, CRYPTO, CRYPTO(SW)) for RH850 G3MH main coreand ICUM CDD(zICUM COM、zICUM CRY)

The ICUM CDD includes two sub-modules: the Crypto layer call interface zICUM CRY module and the ICUM communication zICUM COM module. The functional description of each module is as shown in Table 1.

Table 1 Software Module (TC2XX/TC3XX) Functional Description

ZC.MuNiu CryptoLibrary also supports the SHE (Security Hardware Extension) standard. Compared to the standard SHE, the CryptoLibrary has some functional extensions, including support for software or hardware algorithms. The main functions and differences can be seen in Tables 2 and 3.

Table 2 Main Features of MuNiu CryptoLibrary

Table 3 Description of the SHE functions of the MUNIU CryptoLibrary

Application scenarios

The CryptoLibrary is mainly used in controllers with Cybersecurity requirements. This product is adapted to automotive electronics in the electrical architecture:

Ø  Battery Management System

Ø  Advanced Driver Assistance Systems

Ø  Electric Power Steering (EPS)

Ø  Body Control Module (BCM)

Ø  Engine Management System (EMS)

By integrating the CryptoLibrary into the RH850 F1KM-based automotive electronic control unit, the user can fulfil the Cybersecurity functions of the automotive electronic control unit as defined in the AUTOSAR standard.

In the early days, automobiles were relatively closed systems that did not connect with the outside world. As vehicles evolve towards intelligence and connectivity, Cybersecurity is becoming increasingly important. The ISO21434 standard has also been introduced, and the requirements for Cybersecurity in automotive electronics are becoming stricter, with growing demands. With the formal launch of China's “Technical Requirements for Vehicle Cybersecurity” standard in the second half of 2024, the technical specifications and implementation standards in the field of vehicle Cybersecurity have been further refined, and it marks that the field of Cybersecurity will enter an era of real strong regulation.

The ZC.MuNiu CryptoLibrary developed by ZC for the Renesas RH850 F1KM consists of the kernel firmware (zICUM CORE) for the Hardware Cryptographic Module (ICUM), the CryptoStack for the main core's Cybersecurity protocol stack (CSM, CRYIF, CRYPTO, KEYM), and the ICUM CDD (zICUM COM, zICUM CRY). The core firmware not only meets NIST mainstream international cryptographic algorithms such as AES, HASH, ECC, and TRNG/DRNG but also includes national cryptographic algorithms SM2/3/4, and can expand various functions based on algorithms: symmetric encryption and decryption, asymmetric signature generation and signature verification, secure boot, secure flashing, and SecOC. CryptoStack and ICUM CDD, in addition to meeting the requirements of AUTOSAR 4.4.0 version support, can also be integrated as a separate complex driver in non-AUTOSAR environments.

Based on the CryptoLibrary provided by RH850 F1KM, we have added the CryptoStack, including Csm module, CryIf module, Crypto module and KeyM module, to make it compatible with the RH850 F1KM kernel driver.

Ø  Csm module：Located in the service layer to handle user Cybersecurity task configuration management and scheduling

Ø  CryIf module：Located in the ECU abstraction layer and used to implement secure communication between the Csm module and the Crypto module

Ø  Crypto module：Hardware abstraction layer for data transfer between Host and Icum kernel, access to related components, encryption and decryption operations.

Ø  KeyM module：Key management and certificate management for interaction between keys, certificates and underlying storage

In short, the CryptoLibrary flexibly applies to Renesas RH850 F1KM products with high scalability, and can be upgraded, configured and redeveloped according to the requirements of different customer projects, ultimately meeting the Cybersecurity requirements of different customers.

In order to meet the different project requirements of customers and improve the scalability of the CryptoLibrary, Renesas RH850 F1KM realises the configurability of each module and implements the configuration tool for the CryptoLibrary. Customers can complete the configuration work of each module of Safety Library on the configuration tool according to different requirements, and can generate configuration code files and integrate the generated configuration files into the project.

Click to download the product manual