From e4558c0737e95a36ec5119bbbcca94d9a6e66367 Mon Sep 17 00:00:00 2001 From: Adeeb <8762862+adeebshihadeh@users.noreply.github.com> Date: Mon, 11 May 2020 12:58:33 -0700 Subject: [PATCH] Safety: message length check on RX and TX (#529) --- board/safety.h | 14 ++++++++++---- board/safety/safety_chrysler.h | 16 +++++++--------- board/safety/safety_gm.h | 21 ++++++++++----------- board/safety/safety_honda.h | 24 ++++++++++++------------ board/safety/safety_hyundai.h | 15 +++++++-------- board/safety/safety_nissan.h | 15 +++++++-------- board/safety/safety_subaru.h | 25 ++++++++++++------------- board/safety/safety_toyota.h | 18 +++++++++--------- board/safety/safety_volkswagen.h | 28 +++++++++++++--------------- board/safety_declarations.h | 8 ++++---- tests/safety/Dockerfile | 2 +- tests/safety/test_volkswagen_pq.py | 6 +++--- 12 files changed, 95 insertions(+), 97 deletions(-) diff --git a/board/safety.h b/board/safety.h index d2d107d..7148f91 100644 --- a/board/safety.h +++ b/board/safety.h @@ -72,10 +72,14 @@ void gen_crc_lookup_table(uint8_t poly, uint8_t crc_lut[]) { } } -bool msg_allowed(int addr, int bus, const AddrBus addr_list[], int len) { +bool msg_allowed(CAN_FIFOMailBox_TypeDef *to_send, const CanMsg msg_list[], int len) { + int addr = GET_ADDR(to_send); + int bus = GET_BUS(to_send); + int length = GET_LEN(to_send); + bool allowed = false; for (int i = 0; i < len; i++) { - if ((addr == addr_list[i].addr) && (bus == addr_list[i].bus)) { + if ((addr == msg_list[i].addr) && (bus == msg_list[i].bus) && (length == msg_list[i].len)) { allowed = true; break; } @@ -92,11 +96,13 @@ uint32_t get_ts_elapsed(uint32_t ts, uint32_t ts_last) { int get_addr_check_index(CAN_FIFOMailBox_TypeDef *to_push, AddrCheckStruct addr_list[], const int len) { int bus = GET_BUS(to_push); int addr = GET_ADDR(to_push); + int length = GET_LEN(to_push); int index = -1; for (int i = 0; i < len; i++) { - for (uint8_t j = 0U; addr_list[i].addr[j] != 0; j++) { - if ((addr == addr_list[i].addr[j]) && (bus == addr_list[i].bus)) { + for (uint8_t j = 0U; addr_list[i].msg[j].addr != 0; j++) { + if ((addr == addr_list[i].msg[j].addr) && (bus == addr_list[i].msg[j].bus) && + (length == addr_list[i].msg[j].len)) { index = i; goto Return; } diff --git a/board/safety/safety_chrysler.h b/board/safety/safety_chrysler.h index 82fcfb1..59d8af6 100644 --- a/board/safety/safety_chrysler.h +++ b/board/safety/safety_chrysler.h @@ -6,15 +6,14 @@ const int CHRYSLER_MAX_RATE_DOWN = 3; const int CHRYSLER_MAX_TORQUE_ERROR = 80; // max torque cmd in excess of torque motor const int CHRYSLER_GAS_THRSLD = 30; // 7% more than 2m/s const int CHRYSLER_STANDSTILL_THRSLD = 10; // about 1m/s -const AddrBus CHRYSLER_TX_MSGS[] = {{571, 0}, {658, 0}, {678, 0}}; +const CanMsg CHRYSLER_TX_MSGS[] = {{571, 0, 3}, {658, 0, 6}, {678, 0, 8}}; -// TODO: do checksum and counter checks AddrCheckStruct chrysler_rx_checks[] = { - {.addr = {544}, .bus = 0, .check_checksum = true, .max_counter = 15U, .expected_timestep = 10000U}, - {.addr = {514}, .bus = 0, .check_checksum = false, .max_counter = 0U, .expected_timestep = 10000U}, - {.addr = {500}, .bus = 0, .check_checksum = true, .max_counter = 15U, .expected_timestep = 20000U}, - {.addr = {308}, .bus = 0, .check_checksum = false, .max_counter = 15U, .expected_timestep = 20000U}, - {.addr = {320}, .bus = 0, .check_checksum = true, .max_counter = 15U, .expected_timestep = 20000U}, + {.msg = {{544, 0, 8}}, .check_checksum = true, .max_counter = 15U, .expected_timestep = 10000U}, + {.msg = {{514, 0, 8}}, .check_checksum = false, .max_counter = 0U, .expected_timestep = 10000U}, + {.msg = {{500, 0, 8}}, .check_checksum = true, .max_counter = 15U, .expected_timestep = 20000U}, + {.msg = {{308, 0, 8}}, .check_checksum = false, .max_counter = 15U, .expected_timestep = 20000U}, + {.msg = {{320, 0, 8}}, .check_checksum = true, .max_counter = 15U, .expected_timestep = 20000U}, }; const int CHRYSLER_RX_CHECK_LEN = sizeof(chrysler_rx_checks) / sizeof(chrysler_rx_checks[0]); @@ -132,9 +131,8 @@ static int chrysler_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) { int tx = 1; int addr = GET_ADDR(to_send); - int bus = GET_BUS(to_send); - if (!msg_allowed(addr, bus, CHRYSLER_TX_MSGS, sizeof(CHRYSLER_TX_MSGS) / sizeof(CHRYSLER_TX_MSGS[0]))) { + if (!msg_allowed(to_send, CHRYSLER_TX_MSGS, sizeof(CHRYSLER_TX_MSGS) / sizeof(CHRYSLER_TX_MSGS[0]))) { tx = 0; } diff --git a/board/safety/safety_gm.h b/board/safety/safety_gm.h index 264df31..da1acd4 100644 --- a/board/safety/safety_gm.h +++ b/board/safety/safety_gm.h @@ -18,18 +18,18 @@ const int GM_DRIVER_TORQUE_FACTOR = 4; const int GM_MAX_GAS = 3072; const int GM_MAX_REGEN = 1404; const int GM_MAX_BRAKE = 350; -const AddrBus GM_TX_MSGS[] = {{384, 0}, {1033, 0}, {1034, 0}, {715, 0}, {880, 0}, // pt bus - {161, 1}, {774, 1}, {776, 1}, {784, 1}, // obs bus - {789, 2}, // ch bus - {0x104c006c, 3}, {0x10400060, 3}}; // gmlan +const CanMsg GM_TX_MSGS[] = {{384, 0, 4}, {1033, 0, 7}, {1034, 0, 7}, {715, 0, 8}, {880, 0, 6}, // pt bus + {161, 1, 7}, {774, 1, 8}, {776, 1, 7}, {784, 1, 2}, // obs bus + {789, 2, 5}, // ch bus + {0x104c006c, 3, 3}, {0x10400060, 3, 5}}; // gmlan // TODO: do checksum and counter checks. Add correct timestep, 0.1s for now. AddrCheckStruct gm_rx_checks[] = { - {.addr = {388}, .bus = 0, .expected_timestep = 100000U}, - {.addr = {842}, .bus = 0, .expected_timestep = 100000U}, - {.addr = {481}, .bus = 0, .expected_timestep = 100000U}, - {.addr = {241}, .bus = 0, .expected_timestep = 100000U}, - {.addr = {417}, .bus = 0, .expected_timestep = 100000U}, + {.msg = {{388, 0, 8}}, .expected_timestep = 100000U}, + {.msg = {{842, 0, 5}}, .expected_timestep = 100000U}, + {.msg = {{481, 0, 7}}, .expected_timestep = 100000U}, + {.msg = {{241, 0, 6}}, .expected_timestep = 100000U}, + {.msg = {{417, 0, 7}}, .expected_timestep = 100000U}, }; const int GM_RX_CHECK_LEN = sizeof(gm_rx_checks) / sizeof(gm_rx_checks[0]); @@ -122,9 +122,8 @@ static int gm_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) { int tx = 1; int addr = GET_ADDR(to_send); - int bus = GET_BUS(to_send); - if (!msg_allowed(addr, bus, GM_TX_MSGS, sizeof(GM_TX_MSGS)/sizeof(GM_TX_MSGS[0]))) { + if (!msg_allowed(to_send, GM_TX_MSGS, sizeof(GM_TX_MSGS)/sizeof(GM_TX_MSGS[0]))) { tx = 0; } diff --git a/board/safety/safety_honda.h b/board/safety/safety_honda.h index 9f09da9..6a85c7f 100644 --- a/board/safety/safety_honda.h +++ b/board/safety/safety_honda.h @@ -6,9 +6,9 @@ // accel rising edge // brake rising edge // brake > 0mph -const AddrBus HONDA_N_TX_MSGS[] = {{0xE4, 0}, {0x194, 0}, {0x1FA, 0}, {0x200, 0}, {0x30C, 0}, {0x33D, 0}}; -const AddrBus HONDA_BG_TX_MSGS[] = {{0xE4, 2}, {0xE5, 2}, {0x296, 0}, {0x33D, 2}}; // Bosch Giraffe -const AddrBus HONDA_BH_TX_MSGS[] = {{0xE4, 0}, {0xE5, 0}, {0x296, 1}, {0x33D, 0}}; // Bosch Harness +const CanMsg HONDA_N_TX_MSGS[] = {{0xE4, 0, 5}, {0x194, 0, 4}, {0x1FA, 0, 8}, {0x200, 0, 6}, {0x30C, 0, 8}, {0x33D, 0, 5}}; +const CanMsg HONDA_BG_TX_MSGS[] = {{0xE4, 2, 5}, {0xE5, 2, 8}, {0x296, 0, 4}, {0x33D, 2, 5}}; // Bosch Giraffe +const CanMsg HONDA_BH_TX_MSGS[] = {{0xE4, 0, 5}, {0xE5, 0, 8}, {0x296, 1, 4}, {0x33D, 0, 5}}; // Bosch Harness // Roughly calculated using the offsets in openpilot +5%: // In openpilot: ((gas1_norm + gas2_norm)/2) > 15 @@ -21,17 +21,17 @@ const int HONDA_GAS_INTERCEPTOR_THRESHOLD = 344; // Nidec and Bosch giraffe have pt on bus 0 AddrCheckStruct honda_rx_checks[] = { - {.addr = {0x1A6, 0x296}, .bus = 0, .check_checksum = true, .max_counter = 3U, .expected_timestep = 40000U}, - {.addr = { 0x158}, .bus = 0, .check_checksum = true, .max_counter = 3U, .expected_timestep = 10000U}, - {.addr = { 0x17C}, .bus = 0, .check_checksum = true, .max_counter = 3U, .expected_timestep = 10000U}, + {.msg = {{0x1A6, 0, 8}, {0x296, 0, 4}}, .check_checksum = true, .max_counter = 3U, .expected_timestep = 40000U}, + {.msg = {{0x158, 0, 8}}, .check_checksum = true, .max_counter = 3U, .expected_timestep = 10000U}, + {.msg = {{0x17C, 0, 8}}, .check_checksum = true, .max_counter = 3U, .expected_timestep = 10000U}, }; const int HONDA_RX_CHECKS_LEN = sizeof(honda_rx_checks) / sizeof(honda_rx_checks[0]); // Bosch harness has pt on bus 1 AddrCheckStruct honda_bh_rx_checks[] = { - {.addr = {0x296}, .bus = 1, .check_checksum = true, .max_counter = 3U, .expected_timestep = 40000U}, - {.addr = {0x158}, .bus = 1, .check_checksum = true, .max_counter = 3U, .expected_timestep = 10000U}, - {.addr = {0x17C}, .bus = 1, .check_checksum = true, .max_counter = 3U, .expected_timestep = 10000U}, + {.msg = {{0x296, 1, 4}}, .check_checksum = true, .max_counter = 3U, .expected_timestep = 40000U}, + {.msg = {{0x158, 1, 8}}, .check_checksum = true, .max_counter = 3U, .expected_timestep = 10000U}, + {.msg = {{0x17C, 1, 8}}, .check_checksum = true, .max_counter = 3U, .expected_timestep = 10000U}, }; const int HONDA_BH_RX_CHECKS_LEN = sizeof(honda_bh_rx_checks) / sizeof(honda_bh_rx_checks[0]); @@ -192,11 +192,11 @@ static int honda_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) { int bus = GET_BUS(to_send); if (honda_hw == HONDA_BG_HW) { - tx = msg_allowed(addr, bus, HONDA_BG_TX_MSGS, sizeof(HONDA_BG_TX_MSGS)/sizeof(HONDA_BG_TX_MSGS[0])); + tx = msg_allowed(to_send, HONDA_BG_TX_MSGS, sizeof(HONDA_BG_TX_MSGS)/sizeof(HONDA_BG_TX_MSGS[0])); } else if (honda_hw == HONDA_BH_HW) { - tx = msg_allowed(addr, bus, HONDA_BH_TX_MSGS, sizeof(HONDA_BH_TX_MSGS)/sizeof(HONDA_BH_TX_MSGS[0])); + tx = msg_allowed(to_send, HONDA_BH_TX_MSGS, sizeof(HONDA_BH_TX_MSGS)/sizeof(HONDA_BH_TX_MSGS[0])); } else { - tx = msg_allowed(addr, bus, HONDA_N_TX_MSGS, sizeof(HONDA_N_TX_MSGS)/sizeof(HONDA_N_TX_MSGS[0])); + tx = msg_allowed(to_send, HONDA_N_TX_MSGS, sizeof(HONDA_N_TX_MSGS)/sizeof(HONDA_N_TX_MSGS[0])); } if (relay_malfunction) { diff --git a/board/safety/safety_hyundai.h b/board/safety/safety_hyundai.h index 61c3b7e..adfd1d4 100644 --- a/board/safety/safety_hyundai.h +++ b/board/safety/safety_hyundai.h @@ -6,15 +6,15 @@ const int HYUNDAI_MAX_RATE_DOWN = 7; const int HYUNDAI_DRIVER_TORQUE_ALLOWANCE = 50; const int HYUNDAI_DRIVER_TORQUE_FACTOR = 2; const int HYUNDAI_STANDSTILL_THRSLD = 30; // ~1kph -const AddrBus HYUNDAI_TX_MSGS[] = {{832, 0}, {1265, 0}, {1157, 0}}; +const CanMsg HYUNDAI_TX_MSGS[] = {{832, 0, 8}, {1265, 0, 4}, {1157, 0, 4}}; // TODO: do checksum checks AddrCheckStruct hyundai_rx_checks[] = { - {.addr = {608}, .bus = 0, .max_counter = 3U, .expected_timestep = 10000U}, - {.addr = {897}, .bus = 0, .max_counter = 255U, .expected_timestep = 10000U}, - {.addr = {902}, .bus = 0, .max_counter = 3U, .expected_timestep = 10000U}, - {.addr = {916}, .bus = 0, .max_counter = 7U, .expected_timestep = 10000U}, - {.addr = {1057}, .bus = 0, .max_counter = 15U, .expected_timestep = 20000U}, + {.msg = {{608, 0, 8}}, .max_counter = 3U, .expected_timestep = 10000U}, + {.msg = {{897, 0, 8}}, .max_counter = 255U, .expected_timestep = 10000U}, + {.msg = {{902, 0, 8}}, .max_counter = 3U, .expected_timestep = 10000U}, + {.msg = {{916, 0, 8}}, .max_counter = 7U, .expected_timestep = 10000U}, + {.msg = {{1057, 0, 8}}, .max_counter = 15U, .expected_timestep = 20000U}, }; const int HYUNDAI_RX_CHECK_LEN = sizeof(hyundai_rx_checks) / sizeof(hyundai_rx_checks[0]); @@ -106,9 +106,8 @@ static int hyundai_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) { int tx = 1; int addr = GET_ADDR(to_send); - int bus = GET_BUS(to_send); - if (!msg_allowed(addr, bus, HYUNDAI_TX_MSGS, sizeof(HYUNDAI_TX_MSGS)/sizeof(HYUNDAI_TX_MSGS[0]))) { + if (!msg_allowed(to_send, HYUNDAI_TX_MSGS, sizeof(HYUNDAI_TX_MSGS)/sizeof(HYUNDAI_TX_MSGS[0]))) { tx = 0; } diff --git a/board/safety/safety_nissan.h b/board/safety/safety_nissan.h index aca99d1..5a3e33b 100644 --- a/board/safety/safety_nissan.h +++ b/board/safety/safety_nissan.h @@ -11,14 +11,14 @@ const struct lookup_t NISSAN_LOOKUP_ANGLE_RATE_DOWN = { const int NISSAN_DEG_TO_CAN = 100; -const AddrBus NISSAN_TX_MSGS[] = {{0x169, 0}, {0x2b1, 0}, {0x4cc, 0}, {0x20b, 2}, {0x280, 2}}; +const CanMsg NISSAN_TX_MSGS[] = {{0x169, 0, 8}, {0x2b1, 0, 8}, {0x4cc, 0, 8}, {0x20b, 2, 8}, {0x280, 2, 8}}; AddrCheckStruct nissan_rx_checks[] = { - {.addr = {0x2}, .bus = 0, .expected_timestep = 10000U}, // STEER_ANGLE_SENSOR (100Hz) - {.addr = {0x285}, .bus = 0, .expected_timestep = 20000U}, // WHEEL_SPEEDS_REAR (50Hz) - {.addr = {0x30f}, .bus = 2, .expected_timestep = 100000U}, // CRUISE_STATE (10Hz) - {.addr = {0x15c, 0x239}, .bus = 0, .expected_timestep = 20000U}, // GAS_PEDAL (100Hz / 50Hz) - {.addr = {0x454, 0x1cc}, .bus = 0, .expected_timestep = 100000U}, // DOORS_LIGHTS (10Hz) / BRAKE (100Hz) + {.msg = {{0x2, 0, 5}}, .expected_timestep = 10000U}, // STEER_ANGLE_SENSOR (100Hz) + {.msg = {{0x285, 0, 8}}, .expected_timestep = 20000U}, // WHEEL_SPEEDS_REAR (50Hz) + {.msg = {{0x30f, 2, 3}}, .expected_timestep = 100000U}, // CRUISE_STATE (10Hz) + {.msg = {{0x15c, 0, 8}, {0x239, 0, 8}}, .expected_timestep = 20000U}, // GAS_PEDAL (100Hz / 50Hz) + {.msg = {{0x454, 0, 8}, {0x1cc, 0, 8}}, .expected_timestep = 100000U}, // DOORS_LIGHTS (10Hz) / BRAKE (100Hz) }; const int NISSAN_RX_CHECK_LEN = sizeof(nissan_rx_checks) / sizeof(nissan_rx_checks[0]); @@ -119,10 +119,9 @@ static int nissan_rx_hook(CAN_FIFOMailBox_TypeDef *to_push) { static int nissan_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) { int tx = 1; int addr = GET_ADDR(to_send); - int bus = GET_BUS(to_send); bool violation = 0; - if (!msg_allowed(addr, bus, NISSAN_TX_MSGS, sizeof(NISSAN_TX_MSGS) / sizeof(NISSAN_TX_MSGS[0]))) { + if (!msg_allowed(to_send, NISSAN_TX_MSGS, sizeof(NISSAN_TX_MSGS) / sizeof(NISSAN_TX_MSGS[0]))) { tx = 0; } diff --git a/board/safety/safety_subaru.h b/board/safety/safety_subaru.h index 17bd699..b663802 100644 --- a/board/safety/safety_subaru.h +++ b/board/safety/safety_subaru.h @@ -9,23 +9,23 @@ const int SUBARU_DRIVER_TORQUE_ALLOWANCE = 60; const int SUBARU_DRIVER_TORQUE_FACTOR = 10; const int SUBARU_STANDSTILL_THRSLD = 20; // about 1kph -const AddrBus SUBARU_TX_MSGS[] = {{0x122, 0}, {0x221, 0}, {0x322, 0}}; -const AddrBus SUBARU_L_TX_MSGS[] = {{0x164, 0}, {0x221, 0}, {0x322, 0}}; +const CanMsg SUBARU_TX_MSGS[] = {{0x122, 0, 8}, {0x221, 0, 8}, {0x322, 0, 8}}; +const CanMsg SUBARU_L_TX_MSGS[] = {{0x164, 0, 8}, {0x221, 0, 8}, {0x322, 0, 8}}; const int SUBARU_TX_MSGS_LEN = sizeof(SUBARU_TX_MSGS) / sizeof(SUBARU_TX_MSGS[0]); const int SUBARU_L_TX_MSGS_LEN = sizeof(SUBARU_L_TX_MSGS) / sizeof(SUBARU_L_TX_MSGS[0]); AddrCheckStruct subaru_rx_checks[] = { - {.addr = { 0x40}, .bus = 0, .check_checksum = true, .max_counter = 15U, .expected_timestep = 10000U}, - {.addr = {0x119}, .bus = 0, .check_checksum = true, .max_counter = 15U, .expected_timestep = 20000U}, - {.addr = {0x139}, .bus = 0, .check_checksum = true, .max_counter = 15U, .expected_timestep = 20000U}, - {.addr = {0x13a}, .bus = 0, .check_checksum = true, .max_counter = 15U, .expected_timestep = 20000U}, - {.addr = {0x240}, .bus = 0, .check_checksum = true, .max_counter = 15U, .expected_timestep = 50000U}, + {.msg = {{ 0x40, 0, 8}}, .check_checksum = true, .max_counter = 15U, .expected_timestep = 10000U}, + {.msg = {{0x119, 0, 8}}, .check_checksum = true, .max_counter = 15U, .expected_timestep = 20000U}, + {.msg = {{0x139, 0, 8}}, .check_checksum = true, .max_counter = 15U, .expected_timestep = 20000U}, + {.msg = {{0x13a, 0, 8}}, .check_checksum = true, .max_counter = 15U, .expected_timestep = 20000U}, + {.msg = {{0x240, 0, 8}}, .check_checksum = true, .max_counter = 15U, .expected_timestep = 50000U}, }; // TODO: do checksum and counter checks after adding the signals to the outback dbc file AddrCheckStruct subaru_l_rx_checks[] = { - {.addr = {0x140}, .bus = 0, .expected_timestep = 10000U}, - {.addr = {0x371}, .bus = 0, .expected_timestep = 20000U}, - {.addr = {0x144}, .bus = 0, .expected_timestep = 50000U}, + {.msg = {{0x140, 0, 8}}, .expected_timestep = 10000U}, + {.msg = {{0x371, 0, 8}}, .expected_timestep = 20000U}, + {.msg = {{0x144, 0, 8}}, .expected_timestep = 50000U}, }; const int SUBARU_RX_CHECK_LEN = sizeof(subaru_rx_checks) / sizeof(subaru_rx_checks[0]); const int SUBARU_L_RX_CHECK_LEN = sizeof(subaru_l_rx_checks) / sizeof(subaru_l_rx_checks[0]); @@ -131,10 +131,9 @@ static int subaru_rx_hook(CAN_FIFOMailBox_TypeDef *to_push) { static int subaru_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) { int tx = 1; int addr = GET_ADDR(to_send); - int bus = GET_BUS(to_send); - if ((!msg_allowed(addr, bus, SUBARU_TX_MSGS, SUBARU_TX_MSGS_LEN) && subaru_global) || - (!msg_allowed(addr, bus, SUBARU_L_TX_MSGS, SUBARU_L_TX_MSGS_LEN) && !subaru_global)) { + if ((!msg_allowed(to_send, SUBARU_TX_MSGS, SUBARU_TX_MSGS_LEN) && subaru_global) || + (!msg_allowed(to_send, SUBARU_L_TX_MSGS, SUBARU_L_TX_MSGS_LEN) && !subaru_global)) { tx = 0; } diff --git a/board/safety/safety_toyota.h b/board/safety/safety_toyota.h index f69e4d3..8d91504 100644 --- a/board/safety/safety_toyota.h +++ b/board/safety/safety_toyota.h @@ -29,16 +29,16 @@ const int TOYOTA_STANDSTILL_THRSLD = 100; // 1kph const int TOYOTA_GAS_INTERCEPTOR_THRSLD = 845; #define TOYOTA_GET_INTERCEPTOR(msg) (((GET_BYTE((msg), 0) << 8) + GET_BYTE((msg), 1) + (GET_BYTE((msg), 2) << 8) + GET_BYTE((msg), 3)) / 2) // avg between 2 tracks -const AddrBus TOYOTA_TX_MSGS[] = {{0x283, 0}, {0x2E6, 0}, {0x2E7, 0}, {0x33E, 0}, {0x344, 0}, {0x365, 0}, {0x366, 0}, {0x4CB, 0}, // DSU bus 0 - {0x128, 1}, {0x141, 1}, {0x160, 1}, {0x161, 1}, {0x470, 1}, // DSU bus 1 - {0x2E4, 0}, {0x411, 0}, {0x412, 0}, {0x343, 0}, {0x1D2, 0}, // LKAS + ACC - {0x200, 0}, {0x750, 0}}; // interceptor + Blindspot monitor +const CanMsg TOYOTA_TX_MSGS[] = {{0x283, 0, 7}, {0x2E6, 0, 8}, {0x2E7, 0, 8}, {0x33E, 0, 7}, {0x344, 0, 8}, {0x365, 0, 7}, {0x366, 0, 7}, {0x4CB, 0, 8}, // DSU bus 0 + {0x128, 1, 6}, {0x141, 1, 4}, {0x160, 1, 8}, {0x161, 1, 7}, {0x470, 1, 4}, // DSU bus 1 + {0x2E4, 0, 5}, {0x411, 0, 8}, {0x412, 0, 8}, {0x343, 0, 8}, {0x1D2, 0, 8}, // LKAS + ACC + {0x200, 0, 6}, {0x750, 0, 8}}; // interceptor + Blindspot monitor AddrCheckStruct toyota_rx_checks[] = { - {.addr = { 0xaa}, .bus = 0, .check_checksum = false, .expected_timestep = 12000U}, - {.addr = {0x260}, .bus = 0, .check_checksum = true, .expected_timestep = 20000U}, - {.addr = {0x1D2}, .bus = 0, .check_checksum = true, .expected_timestep = 30000U}, - {.addr = {0x224, 0x226}, .bus = 0, .check_checksum = false, .expected_timestep = 25000U}, + {.msg = {{ 0xaa, 0, 8}}, .check_checksum = false, .expected_timestep = 12000U}, + {.msg = {{0x260, 0, 8}}, .check_checksum = true, .expected_timestep = 20000U}, + {.msg = {{0x1D2, 0, 8}}, .check_checksum = true, .expected_timestep = 30000U}, + {.msg = {{0x224, 0, 8}, {0x226, 0, 8}}, .check_checksum = false, .expected_timestep = 25000U}, }; const int TOYOTA_RX_CHECKS_LEN = sizeof(toyota_rx_checks) / sizeof(toyota_rx_checks[0]); @@ -153,7 +153,7 @@ static int toyota_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) { int addr = GET_ADDR(to_send); int bus = GET_BUS(to_send); - if (!msg_allowed(addr, bus, TOYOTA_TX_MSGS, sizeof(TOYOTA_TX_MSGS)/sizeof(TOYOTA_TX_MSGS[0]))) { + if (!msg_allowed(to_send, TOYOTA_TX_MSGS, sizeof(TOYOTA_TX_MSGS)/sizeof(TOYOTA_TX_MSGS[0]))) { tx = 0; } diff --git a/board/safety/safety_volkswagen.h b/board/safety/safety_volkswagen.h index 4063fa7..a02375d 100644 --- a/board/safety/safety_volkswagen.h +++ b/board/safety/safety_volkswagen.h @@ -18,15 +18,15 @@ const int VOLKSWAGEN_DRIVER_TORQUE_FACTOR = 3; #define MSG_LDW_02 0x397 // TX by OP, Lane line recognition and text alerts // Transmit of GRA_ACC_01 is allowed on bus 0 and 2 to keep compatibility with gateway and camera integration -const AddrBus VOLKSWAGEN_MQB_TX_MSGS[] = {{MSG_HCA_01, 0}, {MSG_GRA_ACC_01, 0}, {MSG_GRA_ACC_01, 2}, {MSG_LDW_02, 0}}; +const CanMsg VOLKSWAGEN_MQB_TX_MSGS[] = {{MSG_HCA_01, 0, 8}, {MSG_GRA_ACC_01, 0, 8}, {MSG_GRA_ACC_01, 2, 8}, {MSG_LDW_02, 0, 8}}; const int VOLKSWAGEN_MQB_TX_MSGS_LEN = sizeof(VOLKSWAGEN_MQB_TX_MSGS) / sizeof(VOLKSWAGEN_MQB_TX_MSGS[0]); AddrCheckStruct volkswagen_mqb_rx_checks[] = { - {.addr = {MSG_ESP_19}, .bus = 0, .check_checksum = false, .max_counter = 0U, .expected_timestep = 10000U}, - {.addr = {MSG_EPS_01}, .bus = 0, .check_checksum = true, .max_counter = 15U, .expected_timestep = 10000U}, - {.addr = {MSG_ESP_05}, .bus = 0, .check_checksum = true, .max_counter = 15U, .expected_timestep = 20000U}, - {.addr = {MSG_TSK_06}, .bus = 0, .check_checksum = true, .max_counter = 15U, .expected_timestep = 20000U}, - {.addr = {MSG_MOTOR_20}, .bus = 0, .check_checksum = true, .max_counter = 15U, .expected_timestep = 20000U}, + {.msg = {{MSG_ESP_19, 0, 8}}, .check_checksum = false, .max_counter = 0U, .expected_timestep = 10000U}, + {.msg = {{MSG_EPS_01, 0, 8}}, .check_checksum = true, .max_counter = 15U, .expected_timestep = 10000U}, + {.msg = {{MSG_ESP_05, 0, 8}}, .check_checksum = true, .max_counter = 15U, .expected_timestep = 20000U}, + {.msg = {{MSG_TSK_06, 0, 8}}, .check_checksum = true, .max_counter = 15U, .expected_timestep = 20000U}, + {.msg = {{MSG_MOTOR_20, 0, 8}}, .check_checksum = true, .max_counter = 15U, .expected_timestep = 20000U}, }; const int VOLKSWAGEN_MQB_RX_CHECKS_LEN = sizeof(volkswagen_mqb_rx_checks) / sizeof(volkswagen_mqb_rx_checks[0]); @@ -40,14 +40,14 @@ const int VOLKSWAGEN_MQB_RX_CHECKS_LEN = sizeof(volkswagen_mqb_rx_checks) / size #define MSG_LDW_1 0x5BE // TX by OP, Lane line recognition and text alerts // Transmit of GRA_Neu is allowed on bus 0 and 2 to keep compatibility with gateway and camera integration -const AddrBus VOLKSWAGEN_PQ_TX_MSGS[] = {{MSG_HCA_1, 0}, {MSG_GRA_NEU, 0}, {MSG_GRA_NEU, 2}, {MSG_LDW_1, 0}}; +const CanMsg VOLKSWAGEN_PQ_TX_MSGS[] = {{MSG_HCA_1, 0, 5}, {MSG_GRA_NEU, 0, 4}, {MSG_GRA_NEU, 2, 4}, {MSG_LDW_1, 0, 8}}; const int VOLKSWAGEN_PQ_TX_MSGS_LEN = sizeof(VOLKSWAGEN_PQ_TX_MSGS) / sizeof(VOLKSWAGEN_PQ_TX_MSGS[0]); AddrCheckStruct volkswagen_pq_rx_checks[] = { - {.addr = {MSG_LENKHILFE_3}, .bus = 0, .check_checksum = true, .max_counter = 15U, .expected_timestep = 10000U}, - {.addr = {MSG_MOTOR_2}, .bus = 0, .check_checksum = false, .max_counter = 0U, .expected_timestep = 20000U}, - {.addr = {MSG_MOTOR_3}, .bus = 0, .check_checksum = false, .max_counter = 0U, .expected_timestep = 10000U}, - {.addr = {MSG_BREMSE_3}, .bus = 0, .check_checksum = false, .max_counter = 0U, .expected_timestep = 10000U}, + {.msg = {{MSG_LENKHILFE_3, 0, 6}}, .check_checksum = true, .max_counter = 15U, .expected_timestep = 10000U}, + {.msg = {{MSG_MOTOR_2, 0, 8}}, .check_checksum = false, .max_counter = 0U, .expected_timestep = 20000U}, + {.msg = {{MSG_MOTOR_3, 0, 8}}, .check_checksum = false, .max_counter = 0U, .expected_timestep = 10000U}, + {.msg = {{MSG_BREMSE_3, 0, 8}}, .check_checksum = false, .max_counter = 0U, .expected_timestep = 10000U}, }; const int VOLKSWAGEN_PQ_RX_CHECKS_LEN = sizeof(volkswagen_pq_rx_checks) / sizeof(volkswagen_pq_rx_checks[0]); @@ -311,10 +311,9 @@ static bool volkswagen_steering_check(int desired_torque) { static int volkswagen_mqb_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) { int addr = GET_ADDR(to_send); - int bus = GET_BUS(to_send); int tx = 1; - if (!msg_allowed(addr, bus, VOLKSWAGEN_MQB_TX_MSGS, VOLKSWAGEN_MQB_TX_MSGS_LEN) || relay_malfunction) { + if (!msg_allowed(to_send, VOLKSWAGEN_MQB_TX_MSGS, VOLKSWAGEN_MQB_TX_MSGS_LEN) || relay_malfunction) { tx = 0; } @@ -348,10 +347,9 @@ static int volkswagen_mqb_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) { static int volkswagen_pq_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) { int addr = GET_ADDR(to_send); - int bus = GET_BUS(to_send); int tx = 1; - if (!msg_allowed(addr, bus, VOLKSWAGEN_PQ_TX_MSGS, VOLKSWAGEN_PQ_TX_MSGS_LEN) || relay_malfunction) { + if (!msg_allowed(to_send, VOLKSWAGEN_PQ_TX_MSGS, VOLKSWAGEN_PQ_TX_MSGS_LEN) || relay_malfunction) { tx = 0; } diff --git a/board/safety_declarations.h b/board/safety_declarations.h index be8be93..7ce7305 100644 --- a/board/safety_declarations.h +++ b/board/safety_declarations.h @@ -17,13 +17,13 @@ struct lookup_t { typedef struct { int addr; int bus; -} AddrBus; + int len; +} CanMsg; // params and flags about checksum, counter and frequency checks for each monitored address typedef struct { // const params - const int addr[3]; // check either messages (e.g. honda steer). Array MUST terminate with a zero to know its length. - const int bus; // bus where to expect the addr. Temp hack: -1 means skip the bus check + const CanMsg msg[3]; // check either messages (e.g. honda steer). Array MUST terminate with an empty struct to know its length. const bool check_checksum; // true is checksum check is performed const uint8_t max_counter; // maximum value of the counter. 0 means that the counter check is skipped const uint32_t expected_timestep; // expected time between message updates [us] @@ -50,7 +50,7 @@ bool driver_limit_check(int val, int val_last, struct sample_t *val_driver, bool rt_rate_limit_check(int val, int val_last, const int MAX_RT_DELTA); float interpolate(struct lookup_t xy, float x); void gen_crc_lookup_table(uint8_t poly, uint8_t crc_lut[]); -bool msg_allowed(int addr, int bus, const AddrBus addr_list[], int len); +bool msg_allowed(CAN_FIFOMailBox_TypeDef *to_send, const CanMsg msg_list[], int len); int get_addr_check_index(CAN_FIFOMailBox_TypeDef *to_push, AddrCheckStruct addr_list[], const int len); void update_counter(AddrCheckStruct addr_list[], int index, uint8_t counter); void update_addr_timestamp(AddrCheckStruct addr_list[], int index); diff --git a/tests/safety/Dockerfile b/tests/safety/Dockerfile index 524cfc3..0bad054 100644 --- a/tests/safety/Dockerfile +++ b/tests/safety/Dockerfile @@ -34,7 +34,7 @@ RUN pip install -r /tmp/requirements.txt WORKDIR /openpilot RUN git clone https://github.com/commaai/opendbc.git || true WORKDIR /openpilot/opendbc -RUN git pull && git checkout 7f3b1774dd248d4ebad91cc9de0fb1c561fab54b +RUN git pull && git checkout f1e69a6cf91cdaf1b8008d73f6fbb6634fbbeb42 WORKDIR /openpilot RUN git clone https://github.com/commaai/cereal.git WORKDIR /openpilot/cereal diff --git a/tests/safety/test_volkswagen_pq.py b/tests/safety/test_volkswagen_pq.py index f30d19f..11310e0 100644 --- a/tests/safety/test_volkswagen_pq.py +++ b/tests/safety/test_volkswagen_pq.py @@ -82,7 +82,7 @@ class TestVolkswagenPqSafety(common.PandaSafetyTest): # Driver steering input torque def _lenkhilfe_3_msg(self, torque): - to_send = make_msg(0, MSG_LENKHILFE_3) + to_send = make_msg(0, MSG_LENKHILFE_3, 6) t = abs(torque) to_send[0].RDLR = ((t & 0x3FF) << 16) if torque < 0: @@ -94,7 +94,7 @@ class TestVolkswagenPqSafety(common.PandaSafetyTest): # openpilot steering output torque def _hca_1_msg(self, torque): - to_send = make_msg(0, MSG_HCA_1) + to_send = make_msg(0, MSG_HCA_1, 5) t = abs(torque) << 5 # DBC scale from centi-Nm to PQ network (approximated) to_send[0].RDLR = (t & 0x7FFF) << 16 if torque < 0: @@ -120,7 +120,7 @@ class TestVolkswagenPqSafety(common.PandaSafetyTest): # Cruise control buttons def _gra_neu_msg(self, bit): - to_send = make_msg(2, MSG_GRA_NEU) + to_send = make_msg(2, MSG_GRA_NEU, 4) to_send[0].RDLR = 1 << bit to_send[0].RDLR |= volkswagen_pq_checksum(to_send[0], MSG_GRA_NEU, 8) return to_send