1. A diagnostic security algorithm packaging and verification method for secure communication between a diagnostic engine and an ECU within a vehicle, the method comprising the steps of:

step S10, generating a source code of the diagnosis security algorithm, wherein the source code is defined with a calculation relation between a seed and a secret key;

step S11, compiling the diagnostic security algorithm source code to generate a diagnostic security algorithm dll file;

step S12, loading the diagnosis security algorithm dll file, verifying the correctness of the seeds and the keys, and generating a seed and key example file containing a plurality of groups of corresponding relations between the seeds and the keys;

step S13, according to the software compiling environment adopted by the ECU part supplier, the diagnosis safety source code is generated into a diagnosis safety algorithm library file used by the ECU part supplier;

step S14, outputting the diagnosis safety algorithm dll file, the seed and the key example file for the diagnosis instrument software developer to carry out the integration verification of the diagnosis instrument software;

and step S15, outputting the diagnosis security algorithm library file, the seed and the key example file for the ECU part supplier to carry out ECU software integration verification.

2. The method of claim 1, wherein the step S11 further comprises:

step S110, generating a standard dll project by using a dll project guide of Visual Studio software, and determining a function interface and input/output parameters of a dll project derivation algorithm for various diagnostic instruments;

and step S111, determining a calling interface and return value information between the diagnostic security algorithm and the dll engineering derivation algorithm.

3. The method of claim 2, wherein the step S12 further comprises:

step S120, loading the dll file of the diagnostic security algorithm through pre-generated dll algorithm library file check software;

step S121, generating a plurality of groups of random numbers with different security levels as security seeds, and obtaining a corresponding group of security keys from a dll file of the diagnostic security algorithm by calling a function interface of a dll engineering derivation algorithm;

and S122, correspondingly combining the multiple groups of security seeds with different security levels with the security keys one by one, and storing the combined security seeds and the security keys in a txt text to form a seed and key example file.

4. The method of claim 2, wherein the step S12 further comprises:

step S120, loading the dll file of the diagnostic security algorithm through pre-generated dll algorithm library file check software;

step S123, manually inputting safety seeds and safety grade parameters, and displaying a secret key calculated by a diagnosis safety algorithm;

step S124, obtaining the input safety seed and a safety key corresponding to the safety level from the dll file of the diagnostic safety algorithm by calling a function interface of a dll engineering derivation algorithm;

step S125, verifying whether the calculated key and the obtained key are the same.

5. The method of any one of claims 1 to 4, wherein the diagnostic security algorithm library file format for use by the ECU component supplier is the.lib format or the.a format.

6. A diagnostic security algorithm packaging and verification system for secure communication between a diagnostic engine and an ECU within a vehicle, the system comprising:

the source code generating unit is used for generating a source code of the diagnosis security algorithm, and a calculation relation between a seed and a secret key is defined in the source code;

the diagnostic security algorithm dll file generating unit is used for compiling the diagnostic security algorithm source code by using Visual Studio software to generate a diagnostic security algorithm dll file;

the verification unit is used for loading the diagnosis security algorithm dll file by using Visual Studio software, verifying the correctness of the seeds and the keys and generating a seed and key example file containing a plurality of groups of corresponding relations between the seeds and the keys;

the supplier library file generating unit is used for generating a diagnosis safety algorithm library file used by the ECU part supplier according to the software compiling environment adopted by the ECU part supplier;

the first output unit is used for outputting the diagnosis safety algorithm dll file, the seed and the key example file for a diagnosis instrument software developer to carry out diagnosis instrument software integration verification;

and the second output unit is used for outputting the diagnosis security algorithm library file, the seed and the key example file for an ECU part supplier to carry out ECU software integration verification.

7. The system of claim 6, wherein the diagnostic security algorithm dll file generating unit further comprises:

the standard dll project generating unit is used for generating a standard dll project by using a dll project guide of Visual Studio software and determining a function interface and input and output parameters of a dll project derivation algorithm used by various diagnostic instruments;

and the associated call generation unit is used for determining a call interface and return value information between the diagnostic security algorithm and the dll engineering derivation algorithm.

8. The method of claim 7, wherein the authentication unit further comprises:

the loading unit is used for loading the dll file of the diagnostic security algorithm through pre-generated dll algorithm library file check software;

an example file forming unit, configured to generate multiple sets of random numbers for different security levels as security seeds, and obtain a corresponding set of security keys from the diagnostic security algorithm dll file by calling a function interface of a dll engineering derivation algorithm; the multiple groups of security seeds with different security levels correspond to the security keys one by one, and are combined and stored in a txt text to form a seed and key example file;

the manual verification unit is used for manually inputting the safety seeds and the safety grade parameters and displaying the key calculated by the diagnosis safety algorithm; acquiring the input security seed and a security key corresponding to the security level from the dll file of the diagnostic security algorithm by calling a function interface of a dll engineering derivation algorithm; and verifying whether the calculated key is the same as the obtained security key.

9. The system of any one of claims 6 to 8, wherein the diagnostic security algorithm library file format for use by the ECU component supplier is the.lib format or the.a format.

10. A computer-readable storage medium having stored thereon computer instructions which, when executed on a computer, cause the computer to perform the method of any one of claims 1-5.

Background

For the design of the diagnostic safety algorithm between a diagnostic instrument (Tester) and a vehicle ECU (Electronic Control Unit), it is common that a host factory (such as a whole vehicle factory or a Control system manufacturer) directly releases a source code to an application manufacturer for software integration, or generating a library file by using a compiler environment provided by a part supplier and then integrating the library file with the supplier software; the diagnostic apparatus is generally developed by a host factory directly using the source code (or may be developed by outsourcing), but the disadvantage of directly using the source code is that, the source code is modified, so that a plurality of items are easy to be confused, the unlocking failure of the same source code under different compiling environments (difference of large end and small end in a data alignment mode) due to the fact that the key actually replied by the ECU is different from the key actually replied by the diagnostic apparatus often occurs, the diagnostic apparatus cannot verify the correctness of the two items, and the troubleshooting is very difficult.

At present, the security algorithm package of a host factory is mostly used for a part supplier so as to reduce the risk of security algorithm source code leakage. The common package library file is in the format of lib or a, but the difference between the software development and compilation environment of a supplier and a control chip is large, and a host factory needs to consume a large amount of labor and cost for maintaining and managing each library file of the compilation environment.

Disclosure of Invention

The invention aims to provide a diagnostic security algorithm packaging and verifying method, a diagnostic security algorithm packaging and verifying system and a storage medium. The method is applicable to compiling environments of different part suppliers, has good confidentiality and is easy to maintain and expand.

The technical scheme adopted by the invention is that on one hand, a diagnosis safety algorithm packaging and verifying method is provided, the diagnosis safety algorithm is used for carrying out safety communication between a diagnosis instrument and an ECU (electronic control unit) in a vehicle, and the method comprises the following steps:

step S10, generating a source code of the diagnosis security algorithm, wherein the source code is defined with a calculation relation between a seed and a secret key;

step S11, compiling the diagnostic security algorithm source code by using Visual Studio software to generate a diagnostic security algorithm dll file;

step S12, loading the diagnosis security algorithm dll file by using Visual Studio software, verifying the correctness of the seeds and the keys, and generating seed and key example files containing a plurality of groups of corresponding relations between the seeds and the keys;

step S13, according to the software compiling environment adopted by the ECU part supplier, the diagnosis safety source code is generated into a diagnosis safety algorithm library file used by the ECU part supplier;

step S14, outputting the diagnosis safety algorithm dll file, the seed and the key example file for the diagnosis instrument software developer to carry out the integration verification of the diagnosis instrument software;

and step S15, outputting the diagnosis security algorithm library file, the seed and the key example file for the ECU part supplier to carry out ECU software integration verification.

Wherein the step S11 further includes:

step S110, generating a standard dll project by using a dll project guide of Visual Studio software, and determining a function interface and input/output parameters of a dll project derivation algorithm for various diagnostic instruments;

and step S111, determining a calling interface and return value information between the diagnostic security algorithm and the dll engineering derivation algorithm.

Wherein the step S12 further includes:

step S120, loading the dll file of the diagnostic security algorithm through pre-generated dll algorithm library file check software;

step S121, generating a plurality of groups of random numbers with different security levels as security Seed, and obtaining a corresponding group of security Key Key from the dll file of the diagnostic security algorithm by calling a function interface of a dll engineering derivation algorithm;

and S122, correspondingly combining the multiple groups of security seeds with different security levels with the security keys one by one, and storing the combined security seeds and the security keys in a txt text to form a seed and key example file.

Wherein the step S12 further includes:

step S120, loading the dll file of the diagnostic security algorithm through pre-generated dll algorithm library file check software;

step S123, manually inputting safety seeds and safety grade parameters, and displaying a secret key calculated by a diagnosis safety algorithm;

step S124, obtaining the input safety seed and a safety key corresponding to the safety level from the dll file of the diagnostic safety algorithm by calling a function interface of a dll engineering derivation algorithm;

in step S125, it is compared whether the key obtained in step S123 is the same as the key in step S124 to complete the manual authentication function.

The format of the diagnostic safety algorithm library file used by the ECU part supplier is a.lib format or a.a format.

Accordingly, as another aspect of the present invention, there is also provided a diagnostic security algorithm packaging and verification system for secure communication between a diagnostic instrument and an ECU inside a vehicle, the system comprising:

the source code generating unit is used for generating a source code of the diagnosis security algorithm, and a calculation relation between a seed and a secret key is defined in the source code;

the diagnostic security algorithm dll file generating unit is used for compiling the diagnostic security algorithm source code by using Visual Studio software to generate a diagnostic security algorithm dll file;

the verification unit is used for loading the diagnosis security algorithm dll file by using Visual Studio software, verifying the correctness of the seeds and the keys and generating a seed and key example file containing a plurality of groups of corresponding relations between the seeds and the keys;

the supplier library file generating unit is used for generating a diagnosis safety algorithm library file used by the ECU part supplier according to the software compiling environment adopted by the ECU part supplier;

the first output unit is used for outputting the diagnosis safety algorithm dll file, the seed and the key example file for a diagnosis instrument software developer to carry out diagnosis instrument software integration verification;

and the second output unit is used for outputting the diagnosis security algorithm library file, the seed and the key example file for an ECU part supplier to carry out ECU software integration verification.

Wherein the diagnostic security algorithm dll file generating unit further comprises:

the standard dll project generating unit is used for generating a standard dll project by using a dll project guide of Visual Studio software and determining a function interface and input and output parameters of a dll project derivation algorithm used by various diagnostic instruments;

and the associated call generation unit is used for determining a call interface and return value information between the diagnostic security algorithm and the dll engineering derivation algorithm.

Wherein the authentication unit further comprises:

the loading unit is used for loading the dll file of the diagnostic security algorithm through pre-generated dll algorithm library file check software;

an example file forming unit, configured to generate multiple sets of random numbers for different security levels as security Seed, and obtain a corresponding set of security keys Key from the dll file of the diagnostic security algorithm by calling a function interface of a dll engineering derivation algorithm; the multiple groups of security seeds with different security levels correspond to the security keys one by one, and are combined and stored in a txt text to form a seed and key example file;

the manual verification unit is used for manually inputting the safety seeds and the safety grade parameters and displaying the key calculated by the diagnosis safety algorithm; acquiring the input security seed and a security key corresponding to the security level from the dll file of the diagnostic security algorithm by calling a function interface of a dll engineering derivation algorithm; and verifying whether the calculated key is the same as the obtained security key.

The format of the diagnostic safety algorithm library file used by the ECU part supplier is a.lib format or a.a format.

Accordingly, as a further aspect of the present invention, there is also provided a computer-readable storage medium storing computer instructions which, when run on a computer, cause the computer to perform the aforementioned method.

The embodiment of the invention has the following beneficial effects:

the embodiment of the invention provides a method, a system and a method for packaging and verifying a diagnostic security algorithm, wherein Visual Studio software is used for carrying out function packaging on an algorithm source code to generate a standard Windows platform dll algorithm library file, a host factory can master a core algorithm function interface and input and output parameters, a diagnostic instrument or a part supplier cannot modify the core algorithm function interface and the input and output parameters, and the confidentiality and the safety of the algorithm source code can be ensured;

meanwhile, the generated dll file can be directly called and integrated by the diagnostic device, so that the work of algorithm development and verification of the diagnostic device is greatly reduced, and if the unlocking failure occurs in the normal data interaction process of the diagnostic device and the ECU, the problem of software integration of a part supplier can be easily judged;

moreover, in the embodiment of the invention, a plurality of groups of seed/key examples are automatically generated through software, so that the software integration verification of a diagnostic apparatus or a part supplier can be facilitated, and the accuracy can be improved because the algorithm example verification is already performed when a corresponding library file is generated and the secondary verification is performed at the diagnostic apparatus or the part supplier, thereby improving the diagnosis and development efficiency; the failure rate of safe access unlocking in actual development can be reduced;

in addition, in the embodiment of the invention, the method is developed based on standard C language modularization, has strong function portability, can be adapted to compiling environments of different part suppliers, and reduces the maintenance and management cost of diagnostic personnel of a host factory.

Drawings

In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is within the scope of the present invention for those skilled in the art to obtain other drawings based on the drawings without inventive exercise.

FIG. 1 is a schematic flow chart of a diagnostic security algorithm packaging and verification method according to the present invention;

FIG. 2 is a schematic diagram of the attributes of an example of a diagnostic security algorithm dll file to which the present invention relates;

FIG. 3 is a more detailed flowchart of one example of step S12 in FIG. 1;

FIG. 4 is a schematic illustration of the main interface of the dll-algorism library file checking software referred to in FIG. 3;

FIG. 5 is a schematic diagram of an exemplary file of the seeds and keys referred to in FIG. 3;

FIG. 6 is a more detailed flowchart of another example of step S12 in FIG. 1;

FIG. 7 is a schematic diagram of a diagnostic security algorithm packaging and verification system according to the present invention;

FIG. 8 is a schematic diagram of the structure of the diagnostic security algorithm dll file generating unit in FIG. 7;

fig. 9 is a schematic structural diagram of the verification unit in fig. 7.

Detailed Description

In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention will be described in further detail with reference to the accompanying drawings.

As shown in fig. 1, a main flow chart of a method for packaging and verifying a diagnostic security algorithm according to the present invention is shown, and is shown in fig. 2 to 6, in this embodiment, the diagnostic security algorithm is used for secure communication between a diagnostic apparatus and an ECU inside a vehicle, and the method includes the following steps:

step S10, generating a source code of the diagnosis security algorithm, wherein the source code is defined with a calculation relation between a seed and a secret key;

it is understood that the diagnostic security algorithm is simply a mathematical and logical relationship expression of a seed/key agreed in advance between the diagnostic device (diagnostic instrument) and the ECU. The Seed of the security algorithm can be defined as Seed, and the security Key is Key, so that different mathematical formulas can be defined by a host factory (such as a vehicle factory) according to the security level requirement of the ECU.

For example, the simplest "Key ═ Seed ^0x 11223344" is taken as an example to describe the security negotiation process between the diagnostic device and the ECU.

The Key value can be obtained by xoring Seed with a fixed value of 0x 11223344. The method comprises the steps that the diagnostic equipment sends 27 a service request Seed, after the ECU replies a random number Seed (such as 0x12345678), the diagnostic equipment performs exclusive OR operation on the Seed and a fixed value 0x11223344 to obtain a Key1 value (such as 0x316653C), then the diagnostic equipment sends the Key1 to the ECU to request unlocking, at the moment, the same Seed (such as 0x12345678) and a fixed value 0x11223344 are used inside the ECU to perform exclusive OR operation, then a Key2 (such as 0x316653C) is calculated, and by comparing the Key2 with the Key1 value, if the same, unlocking is successful and a positive response is replied; otherwise, the unlocking is failed, and the ECU replies a negative response.

In addition, the mathematical formulas used for different security levels (Level1 for 2701/02 diagnostic services; Level2 for 2703/04, etc.) may be different, such as a fixed value of 0x0x11223344 for Level1, another fixed value of 0x55667788 for Level2, or more complex mathematical formulas. It is to be understood that the specific mathematical formulas described above are exemplary only and not limiting.

Step S11, compiling the diagnostic security algorithm source code by using Visual Studio software to generate a diagnostic security algorithm dll file;

the dll file here is a Windows platform dynamic link library file that is automatically generated by the compilation of Visual Studio software. The method is a library file containing codes and data which can be used by a plurality of programs simultaneously, and any application program (such as diagnostic instrument software) based on a Windows platform can directly access program function blocks through a packaged export function interface when running, so that the function block sharing and the software efficient development are realized. The dll file style generated by the present invention is shown in FIG. 2 below.

Further, in a specific example, the step S11 further includes:

step S110, generating a standard dll project by using a dll project guide of Visual Studio software, and determining a function interface and input/output parameters of a dll project derivation algorithm for various diagnostic instruments;

specifically, different types of diagnostic instruments may employ different environment algorithm interfaces, for example, some diagnostic instruments may employ CANoe software, vessel Spy software, etc.; therefore, when defining the derived algorithm function interface and the input and output parameters, the requirements of the use end of the diagnostic equipment need to be considered, and if a plurality of pieces of equipment need to be supported, the derived functions need to be defined one by one;

taking the CANoe software interface as an example, in one example, the derivation function interface prototype may be defined as:

__declspec(dllexport)int GenerateKeyEx(const unsigned char*iSeedArray,unsigned short iSeedArraySize,const unsigned int iSecurityLevel,const char*iVariant,unsigned char*ioKeyArray,unsigned int iKeyArraySize,unsigned int&oSize)；

wherein: __ declspec (dllexport) is a key word for exporting functions, classes, objects and the like for external calling in the dynamic link library dll project of Visual Studio software.

The function return value is int type, and 0x00 represents that the function runs successfully; the remaining values represent operation failures (the failure reasons can also be enumerated in detail, for example, an iSecurityLevel security level parameter error can return 0x01, etc.);

iSedArray: the parameter is input into a secure seed array, and the general secure seed is multi-byte, so that byte array storage is needed;

iSeedArraySize: the parameter is the length of the input secure seed array, typically 4 bytes, used with an iSeDedArray.

iSecurity level: the parameter is an input diagnostic security access level. For example, Ox01 represents Level1 grade; 0x03 represents a Level2 rating;

iVariant: the parameter is an input reservation parameter and is not used temporarily.

ioKeyArray: the parameter is an output Key safety Key, and is also a multi-byte parameter, and byte array storage is needed;

iKeyArraySize: the parameter is the maximum length supported by the Key Security Key array.

And (2) carrying out oSize: the parameter is the actual length of the secure Key array of the output Key, is generally 4 bytes, and is used together with ioKeyArray.

And step S111, determining a calling interface and return value information between the diagnostic security algorithm and the dll engineering derivation algorithm.

In order to realize the modular calling, the host factory core algorithm in the step one needs to be packaged. For example, in one example, the following example may be taken for a prototype of the host factory core algorithm function:

int GAC_SA(const unsigned char*iSeedArray,unsigned short iSeedArraySize,const unsigned int iSecurityLevel,const char*iVariant,unsigned char*ioKeyArray,unsigned int*oSize)；

wherein: the function return value is int type, and 0x00 represents that the function runs successfully; the remaining values represent operation failures (the failure reasons can also be enumerated in detail, for example, an iSecurityLevel security level parameter error can return 0x01, etc.);

iSedArray: the parameter is input into a secure seed array, and the general secure seed is multi-byte, so that byte array storage is needed;

iSeedArraySize: the parameter is the length of the input secure seed array, typically 4 bytes, used with an iSeDedArray.

iSecurity level: the parameter is an input diagnostic security access level. For example, Ox01 represents Level1 grade; 0x03 represents a Level2 rating;

iVariant: the parameter is an input reservation parameter and is not used temporarily.

ioKeyArray: the parameter is an output Key safety Key, and is also a multi-byte parameter, and byte array storage is needed;

and (2) carrying out oSize: the parameter is the actual length of the secure Key array of the output Key, is generally 4 bytes, and is used together with ioKeyArray.

From the above step S110 and step S111, it can be seen that the host factory core algorithm function prototype and dll derived algorithm function prototype parameters and return values are substantially the same, so that only corresponding parameters need to be directly transferred during calling, and redundant ikeyaraysize parameters may be omitted and not transferred.

Step S12, loading the diagnosis security algorithm dll file by using Visual Studio software, verifying the correctness of the seeds and the keys, and generating seed and key example files containing a plurality of groups of corresponding relations between the seeds and the keys;

in one example of the present invention, the process of verifying the correctness of the seed and the key may adopt automatic verification and manual verification.

As shown in fig. 3, showing a process of using automatic verification, the step S12 specifically includes:

step S120, loading the dll file of the diagnostic security algorithm through pre-generated dll algorithm library file check software;

wherein, the dll algorithm library file checking software can be realized by generating exe engineering by using a Visual Studio software application program engineering guide; as shown in fig. 4, a schematic diagram of the main interface of the dll algorithm library file checking software is shown.

In one example, the specific process of loading the diagnostic security algorithm dll file is as follows: firstly, loading a dll file by using a LoadLibrary function or a LoadLibraryEx function provided by a Windows platform when an application program runs, then obtaining address information of a derived dll function (such as GenerateKeyEx) to be called by using a GetProcAddress function, then normally using the GenerateKeyEx function by software to complete seed/key generation unlocking, and finally using a FreeLibrary library function to release a library file after using up the dll file;

step S121, generating a plurality of groups of random numbers for different security levels as security Seed, and calling a function interface (such as GenerateKeyEx) of a dll engineering derivation algorithm to obtain a corresponding group of security Key Key from the dll file of the diagnostic security algorithm, specifically, 10 groups of security Key Key under different Level levels can be generated;

and S122, correspondingly combining the multiple groups of security seeds with different security levels with the security keys one by one, and storing the combined security seeds and the security keys in a txt text to form a seed and key example file. As shown in fig. 5, an example file of seeds and keys is shown, which includes ten sets of security seeds and security key correspondences at two different security levels.

As shown in fig. 6, which shows a process of using manual verification, the step S12 specifically includes:

step S120, loading the dll file of the diagnostic security algorithm through pre-generated dll algorithm library file check software; the detailed interior of this step can be referred to step S120 in the previous figures;

step S123, manually inputting safety seeds and safety grade parameters, and displaying a secret key calculated by a diagnosis safety algorithm;

step S124, obtaining the input security seed and the security key corresponding to the security level from the dll file of the diagnostic security algorithm by calling a function interface (such as GenerateKeyEx) of a dll engineering derivation algorithm;

in step S125, it is compared whether the key obtained in step S123 is the same as the key in step S124 to complete the manual authentication function.

Step S13, according to the software compiling environment adopted by the ECU part supplier, the diagnosis safety source code is generated into a diagnosis safety algorithm library file used by the ECU part supplier; here, the library file format is determined by a software compiler environment provided by a component supplier, and the library file format supported by the general embedded software development is the.lib or.a format. That is, the diagnostic security algorithm library file format used by the ECU part vendor may be, for example, the.lib format or the.a format. The generation principles of library files with different formats are similar, and basic C language source codes are automatically generated after being compiled by a compiler provided by a software development environment.

Step S14, outputting the diagnosis safety algorithm dll file, the seed and the key example file for the diagnosis instrument software developer to carry out the integration verification of the diagnosis instrument software; it will be appreciated that the files output herein are intended for diagnostic instrument software design developers, not 4s after-market diagnostic instrument users. The integrated verification work of the diagnostic instrument software mainly comprises the steps that a diagnostic instrument software design developer verifies whether a dll file can be normally called and accurately calculates a Key value, and the condition that unlocking failure is caused by calculation of a wrong Key value due to calling error of the diagnostic instrument is avoided.

And step S15, outputting the diagnosis security algorithm library file, the seed and the key example file for the ECU part supplier to carry out ECU software integration verification. The output file is provided to the design developer of the parts supplier. The software integration verification work is mainly that a supplier diagnosis design developer verifies whether a corresponding library file (. a or.lib) can be normally called and accurately calculates a Key value, and the condition that the supplier diagnosis developer calls a mistake so as to calculate a wrong Key to cause unlocking failure is avoided.

It can be understood that in the diagnostic security algorithm encapsulation and verification method provided by the invention, the complex diagnostic security algorithm source codes are encapsulated in a dll file mode and export algorithm function interface control is carried out, and the software loads the encapsulated dll file, so that the manual computation verification of the seeds/keys of a plurality of ECUs of the whole vehicle and the automatic generation of seed/key example txt files can be flexibly realized. And finally, respectively releasing the dll file, the part supplier library file and the seed/key example txt file to a diagnostic instrument and part supplier software for integration and verification, wherein the operation is simple and reliable.

Meanwhile, in the embodiment of the invention, the source codes of the diagnosis safety algorithm are packaged into dll files, and the diagnosis instrument can be directly called, so that the confidentiality of the algorithm source codes is improved, and the diagnosis instrument is convenient to reasonably use; it can be understood that in the invention, the algorithm source code is encapsulated into dll file management, because dll file is not easy to be tampered than other formats (for example, the source code is in text format), common software can not be opened (the source code can be used by secondary programming party, but the content of the common software can not be modified), therefore, the confidentiality of the algorithm source code can be improved;

thirdly, in the embodiment of the invention, a plurality of groups of seed/key examples can be automatically generated, so that the software integration verification of a diagnostic instrument or a part supplier can be facilitated, the accuracy is ensured, and the diagnostic development efficiency is improved; it can be understood that, because the host factory provides a plurality of sets of seed/key illustrations, the diagnostic instrument or component supplier can be used for synchronous verification accuracy when integrating diagnostic software; since the verification of the algorithm example is already performed when the corresponding library file is generated, the verification at the diagnostic instrument or the part supplier is the secondary verification, so that the accuracy can be ensured;

in addition, the encapsulation library file is also convenient for later algorithm expansibility, for example, in other examples, the source code can be designed to be more complicated (such as an AES/DES algorithm and the like), and the calculation of the Seed-Key example by the method of the invention is far faster and more accurate than the manual calculation and verification by the source code.

Accordingly, as shown in fig. 7, a schematic structural diagram of a diagnostic security algorithm packaging and verification system 1 provided by the present invention is shown. Referring collectively to fig. 8 to 9, in the present embodiment, the diagnostic safety algorithm is used for safety communication between a diagnostic apparatus and an ECU inside a vehicle, and the system 1 includes:

a source code generating unit 11, configured to generate a source code of a diagnostic security algorithm, where a calculation relationship between a seed and a secret key is defined in the source code;

the diagnostic security algorithm dll file generating unit 12 is used for compiling the diagnostic security algorithm source code by using Visual Studio software to generate a diagnostic security algorithm dll file;

the verification unit 13 is configured to load the dll file of the diagnostic security algorithm by using Visual Studio software, verify correctness of the seeds and the keys, and generate a seed and key instance file including a plurality of sets of corresponding relationships between the seeds and the keys;

a supplier library file generating unit 14, configured to generate a diagnosis security algorithm library file for the ECU component supplier to use from the diagnosis security source code according to a software compiling environment adopted by the ECU component supplier; in some specific examples, the format of the library of diagnostic security algorithms for use by the supplier of the ECU components is the.lib format or the.a format;

the first output unit 15 is used for outputting the diagnosis security algorithm dll file, the seed and the key example file for the diagnostic instrument software developer to perform the integrated verification of the diagnostic instrument software;

and the second output unit 16 is configured to output the diagnosis security algorithm library file, the seed and the key example file for the ECU component supplier to perform ECU software integration verification.

In a specific example, the diagnostic security algorithm dll file generating unit 12 further includes:

the standard dll project generating unit 120 is used for generating a standard dll project by using dll project guide of Visual Studio software and determining a function interface and input and output parameters of a dll project derivation algorithm used by various diagnostic instruments;

and the associated call generation unit 121 is configured to determine a call interface and return value information between the diagnostic security algorithm and the dll engineering derivation algorithm.

In a specific example, the verification unit 13 further includes:

a loading unit 130, configured to load the dll file of the diagnostic security algorithm through pre-generated dll algorithm library file checking software;

an example file forming unit 131, configured to generate multiple sets of random numbers for different security levels as security seeds Seed, and obtain a corresponding set of security keys Key from the security diagnosis algorithm dll file by calling a function interface of a dll engineering derivation algorithm; the multiple groups of security seeds with different security levels correspond to the security keys one by one, and are combined and stored in a txt text to form a seed and key example file;

a manual verification unit 132 for manually inputting the security seed and the security level parameter and displaying the key calculated by the diagnostic security algorithm; acquiring the input security seed and a security key corresponding to the security level from the dll file of the diagnostic security algorithm by calling a function interface of a dll engineering derivation algorithm; and verifying whether the calculated key is the same as the obtained security key.

It will be appreciated that further details may be had with reference to the description of figures 1 to 6 above.

Based on the same inventive concept, an embodiment of the present invention further provides a computer-readable storage medium, where computer instructions are stored, and when the computer instructions are executed on a computer, the computer is enabled to execute the diagnostic security algorithm encapsulation and verification method described in fig. 1 to 6 in the above method embodiment of the present invention.

As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.

The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

The embodiment of the invention has the following beneficial effects:

the embodiment of the invention provides a method, a system and a method for packaging and verifying a diagnostic security algorithm, wherein Visual Studio software is used for carrying out function packaging on an algorithm source code to generate a standard Windows platform dll algorithm library file, a host factory can master a core algorithm function interface and input and output parameters, a diagnostic instrument or a part supplier cannot modify the core algorithm function interface and the input and output parameters, and the confidentiality and the safety of the algorithm source code can be ensured;

meanwhile, the generated dll file can be directly called and integrated by the diagnostic device, so that the work of algorithm development and verification of the diagnostic device is greatly reduced, and if the unlocking failure occurs in the normal data interaction process of the diagnostic device and the ECU, the problem of software integration of a part supplier can be easily judged;

moreover, in the embodiment of the invention, a plurality of groups of seed/key examples are automatically generated through software, so that the software integration verification of a diagnostic apparatus or a part supplier can be facilitated, and the accuracy can be improved because the algorithm example verification is already performed when a corresponding library file is generated and the secondary verification is performed at the diagnostic apparatus or the part supplier, thereby improving the diagnosis and development efficiency; the failure rate of safe access unlocking in actual development can be reduced;

in addition, in the embodiment of the invention, the method is developed based on standard C language modularization, has strong function portability, can be adapted to compiling environments of different part suppliers, and reduces the maintenance and management cost of diagnostic personnel of a host factory.

While the invention has been described in connection with what is presently considered to be the most practical and preferred embodiment, it is to be understood that the invention is not to be limited to the disclosed embodiment, but on the contrary, is intended to cover various modifications and equivalent arrangements included within the spirit and scope of the appended claims.