AUTOSAR E2E Protection Library

A high-performance, memory-safe Rust implementation of the AUTOSAR E2E (End-to-End) Protection Protocol for safety-critical automotive communication systems.

Overview

This library implements the AUTOSAR E2E protection mechanism which provides end-to-end data protection for safety-critical automotive communication. The E2E protection helps detect:

Features

Supported Profiles

Key Features

• Zero-copy operations - In-place data modification
• Thread-safe - All operations are safe for concurrent use
• High performance - Optimized common operations with shared helpers
• Memory safe - 100% safe Rust, no unsafe code
• Configurable - Extensive configuration options per AUTOSAR spec
• Well tested - Comprehensive test coverage including edge cases
• Well documented - Extensive API documentation with examples

Installation

Add this to your Cargo.toml:

[dependencies]

autosar-e2e = "0.6.0"

Quick Start

Basic Usage

use autosar_e2e::{E2EProfile, E2EResult, E2EStatus};
use autosar_e2e::profile4::{Profile4, Profile4Config};

fn main() -> E2EResult<()> {
    // Configure Profile 4 for large data packets
    let config = Profile4Config {
        data_id: 0x12345678,
        max_delta_counter: 1,
        min_data_length: 96,    // 12 bytes minimum
        max_data_length: 4096,  // 512 bytes maximum
        ..Default::default()
    };

    // Create sender and receiver instances
    let mut sender = Profile4::new(config.clone());
    let mut receiver = Profile4::new(config);

    // Prepare data buffer (12 bytes minimum for Profile 4)
    let mut data = vec![0u8; 16]; // [length, counter, data_id, crc, user_data...]

    // Add E2E protection
    sender.protect(&mut data)?;
    println!("Protected data: {:02X?}", data);

    // Simulate network transmission...

    // Verify E2E protection at receiver
    match receiver.check(&data)? {
        E2EStatus::Ok => println!("Data integrity verified!"),
        E2EStatus::CrcError => println!("CRC error detected!"),
        E2EStatus::DataIdError => println!("Data ID mismatch!"),
        E2EStatus::WrongSequence => println!("Counter sequence error!"),
        E2EStatus::OkSomeLost => println!("Some messages lost but within tolerance"),
        E2EStatus::Repeated => println!("Repeated message detected"),
        E2EStatus::DataLengthError => println!("Data length mismatch!"),
    }

    Ok(())
}

Advanced Configuration

use autosar_e2e::profile7::{Profile7, Profile7Config};

// High-integrity protection with 64-bit CRC
let config = Profile7Config {
    data_id: 0x0a0b0c0d,
    offset: 64,                    // Header at bit offset 64
    min_data_length: 20 * 8,       // 20 bytes minimum
    max_data_length: 4096 * 8,     // 4KB maximum
    max_delta_counter: 5,          // Allow up to 5 lost messages
};

let mut profile = Profile7::new(config);

Architecture

Clean Module Organization

src/
├── lib.rs              # Main library interface
├── profiles/           # All E2E profile implementations
│   ├── profile4.rs     # Large packets, 32-bit CRC
│   ├── profile5.rs     # Small packets, 16-bit CRC
│   ├── profile6.rs     # Dynamic size, 16-bit CRC
│   ├── profile7.rs     # High integrity, 64-bit CRC
│   ├── profile7m.rs    # Profile 7 + message metadata
│   ├── profile8.rs     # Flexible protection, 32-bit CRC
│   ├── profile11.rs    # Nibble/Both variants
│   └── profile22.rs    # Enhanced protection
└── common/             # Shared helper modules
    ├── counter.rs      # Generic counter validation
    ├── field_ops.rs    # Binary field operations
    └── validation.rs   # Common validation functions

Trait-Based Design

The library follows a clean trait-based design for extensibility:

pub trait E2EProfile {
    type Config;

    /// Create a new profile instance with configuration
    fn new(config: Self::Config) -> Self;

    /// Add E2E protection to data buffer (in-place)
    fn protect(&mut self, data: &mut [u8]) -> E2EResult<()>;

    /// Verify E2E protection on received data
    fn check(&mut self, data: &[u8]) -> E2EResult<E2EStatus>;
}

Refactored Common Helpers

The library has been refactored to eliminate code duplication:

• 60-70% less duplicate code across profiles
• Generic counter operations for u8, u16, u32 types
• Shared field operations for consistent byte handling
• Centralized validation with uniform error messages

Testing

Run the comprehensive test suite:

# Run all tests

cargo test


# Run with output

cargo test -- --nocapture


# Run specific profile tests

cargo test profile4


# Run tests in release mode for performance

cargo test --release

Test Coverage

# Generate coverage report

cargo tarpaulin --out Html


# View coverage

open tarpaulin-report.html

Current test coverage: 96% with 26 test cases covering:

• Basic protection/check cycles
• Counter wraparound scenarios
• Error detection (CRC, sequence, length)
• Edge cases and boundary conditions
• Configuration validation

Performance

The library is optimized for automotive real-time constraints:

Benchmarks run on Intel i7-9750H @ 2.60GHz

Configuration Examples

Profile Selection Guide

Sample Configurations

// Minimal overhead for CAN (Profile 5)
let can_config = Profile5Config {
    data_length: 8 * 8,    // 8 bytes total
    data_id: 0x123,
    max_delta_counter: 1,
    offset: 0,
};

// High-integrity Ethernet (Profile 7)
let eth_config = Profile7Config {
    min_data_length: 20 * 8,
    max_data_length: 1500 * 8,  // MTU size
    data_id: 0xdeadbeef,
    max_delta_counter: 10,      // Higher tolerance
};

Safety and Correctness

• Memory safety: 100% safe Rust, no unsafe code
• Static analysis: Passes clippy with zero warnings
• Fuzz tested: Robust against malformed inputs
• AUTOSAR compliant: Follows specification exactly
• Verified CRCs: Uses industry-standard polynomials
• Correct wraparound: Handles counter overflow properly

Security Considerations

// Data ID should be unique per message type
let config = ProfileConfig {
    data_id: 0x12345678,  // Good: unique per message
    // data_id: 0x00000000,  // Bad: not unique
};

// Configure appropriate counter tolerance
let config = ProfileConfig {
    max_delta_counter: 5,  // Good: allows some loss
    // max_delta_counter: 255, // Bad: too permissive
};

Roadmap

Completed

• Core E2E profiles (4, 5, 6, 7, 8, 11, 22)
• Comprehensive test coverage
• Code refactoring and optimization
• Documentation and examples
• Profile 7M implementation
• Profile 4M implementation

Future

• Performance benchmarks and optimization
• Async/await support for non-blocking operations
• Custom derive macros for config validation

Contributing

We welcome contributions! Please see CONTRIBUTING.md for guidelines.

Quick Start for Contributors

# Clone the repository

git clone https://github.com/your-org/autosar-e2e

cd autosar-e2e


# Run tests

cargo test


# Check formatting

cargo fmt --check


# Run clippy

cargo clippy -- -D warnings


# Generate docs

cargo doc --open

License

This project is dual-licensed under either:

• Apache License, Version 2.0 (LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0)
• MIT license (LICENSE-MIT or http://opensource.org/licenses/MIT)

at your option.

References and Resources

• AUTOSAR E2E Protocol Specification
• AUTOSAR Classic Platform
• Rust Embedded Working Group
• Automotive Rust

Disclaimer

This is an independent implementation and is not officially affiliated with or endorsed by AUTOSAR GbR. The implementation follows the publicly available AUTOSAR specifications but has not undergone official AUTOSAR certification.

For production safety-critical systems, please ensure appropriate validation and testing according to your functional safety requirements (ISO 26262 or similar).

Made with care for the automotive industry

Report Bug • Request Feature • Discussions