Crypto Documentation#
This documentation covers the Crypto module — a cryptographic
middleware stack for automotive ECUs. The module
provides a C++ client library (score::mw::crypto) and an accompanying
crypto daemon that together deliver key management, symmetric and asymmetric
cryptography, hashing, signing, certificate handling, and secure memory
allocation.
Overview#
The score::mw::crypto module follows a daemon-based client–server
architecture:
Client library (
//score/mw/crypto/api/...) — a pure C++ interface layer that applications link against. All operations are expressed through factory-created context objects (IHashContext,IMacContext, etc.) following anInit()→Update()→Finalize()streaming pattern.Crypto daemon (
//score/crypto/daemon:crypto_daemon) — a separate process that hosts all cryptographic state, enforces per-application Access Control List (ACL) and per-key operation permissions (KeyOperationPermissionbitmask), and drives the underlying provider (OpenSSL, SoftHSM / PKCS#11, or future HSM/TEE backends).IPC transport — gRPC over a Unix domain socket (Temporary solution). ABI compatibility between library and daemon shall be guarenteed.
Requirements#
Functional requirements are captured implicitly via the public interface specifications in Interfaces and the design decisions in Design Decisions.
Architecture#
Project Layout#
The module template includes the following top-level structure:
.github/workflows/: CI pipelines for Bazel build, unit tests, and documentation generation
docs/: Documentation using docs-as-code
examples/: Usage examples for each context type (hash, encrypt, sign, key management, certificates)
tests/: Unit tests, integration tests, provider tests, and test vectors
third_party/: Patches for third-party dependencies (if any)
Quick Start#
To build documentation:
bazel run //:docs
To build the module:
bazel build //score/... //tests/...
To run tests:
# Execute tests
bazel test //tests/...