Skip to content

Latest commit

 

History

History
95 lines (79 loc) · 8.57 KB

File metadata and controls

95 lines (79 loc) · 8.57 KB

ISO 14229-1 (UDS) Compliance

Single source of truth for what LibUDS supports against the standard. Every row below is grounded in the dispatcher's service table (src/core/uds_core.c).

  • Standard: ISO 14229-1:2013, with selected 2020 additions (e.g. 0x29 Authentication).
  • Transport: ISO 15765-2 (ISO-TP) over CAN and CAN-FD.
  • Role: Server (ECU) stack. A generic client requester (uds_client_request) is also provided.
  • Coverage: 27 of 27 application services implemented.
  • Last updated: 2026-06-19.

Implemented services (27)

SID Service Notes
0x10 DiagnosticSessionControl Default / Programming / Extended / SafetySystem; returns configured P2/P2*; re-locks security on transition; optional fn_session_transition_allowed hook for OEM transition graphs.
0x11 ECUReset Hard, Soft, KeyOffOn; SuppressPosMsg supported.
0x14 ClearDiagnosticInformation Optional memory-selection byte.
0x19 ReadDTCInformation DTCStatusMask validation; library-formatted wire layout for 0x01/0x02/0x0A (via fn_dtc_list) and 0x04/0x06 framing (via fn_dtc_snapshot/fn_dtc_extdata); raw fn_dtc_read fallback. Severity/WWH-OBD subfunctions: 0x07 reportNumberOfDTCBySeverityMaskRecord, 0x08 reportDTCBySeverityMaskRecord, 0x09 reportSeverityInformationOfDTC, 0x14 reportDTCFaultDetectionCounter, 0x42 reportWWHOBDDTCByMaskRecord, 0x55 reportWWHOBDDTCWithPermanentStatus (via fn_dtc_list + dtc_severity_availability_mask); 0x0B/0x0C/0x0D/0x0E first/most-recent test-failed/confirmed and 0x15 reportDTCWithPermanentStatus (via fn_dtc_list). The sub-function mask admits all standard sub-functions (0x01–0x19, 0x42, 0x55); the memory-region/by-record-number/emissions-OBD/user-defined variants (0x03, 0x05, 0x0F–0x13, 0x16–0x19) are routed to fn_dtc_read (which receives the full request) for the application to format — see examples/dtc_full_coverage.
0x22 ReadDataByIdentifier Multi-DID; per-DID session/security gating; tx-buffer overflow protection.
0x23 ReadMemoryByAddress ALFID parsing + bounds/length checks.
0x24 ReadScalingDataByIdentifier Library frames 0x64 <DID>; scalingByte/scalingData via fn_read_scaling.
0x27 SecurityAccess App seed/key callbacks; requestSeed→sendKey sequencing (NRC 0x24); attempt counter + delay (NRC 0x36/0x37).
0x28 CommunicationControl Subfunctions 0x00–0x05 (incl. enhanced-address nodeIdentificationNumber) + validation.
0x29 Authentication ISO 14229-1:2020 sub-function set 0x00–0x08 (mask-validated). Native deAuthenticate (0x00) and authenticationConfiguration (0x08); certificate/proof/challenge (0x01–0x07) delegated to fn_auth (crypto in app/HSM). ctx.authenticated state auto-clears on deAuth/session-change/S3/reset.
0x2A ReadDataByPeriodicIdentifier Integrated scheduler (Fast / Medium / Slow / Stop).
0x2C DynamicallyDefineDataIdentifier defineByIdentifier / defineByMemoryAddress / clear; bookkeeping via fn_dynamic_did.
0x2E WriteDataByIdentifier Table-driven registry; per-DID session/security gating.
0x2F InputOutputControlByIdentifier Actuator control; subfunction-less validation.
0x31 RoutineControl Start / Stop / RequestResults.
0x34 RequestDownload ALFID-based address/size parsing.
0x35 RequestUpload Symmetrical data-provider flow.
0x36 TransferData Block-sequence-counter tracking + rollover; optional last-block replay.
0x37 RequestTransferExit Completion logic.
0x38 RequestFileTransfer modeOfOperation (1–5) + path-length validation; operation via fn_file_transfer.
0x3D WriteMemoryByAddress Echoes address/size in the positive response.
0x3E TesterPresent Busy-relaxed NRC 0x21 handling; suppressed TP keeps S3 alive.
0x83 AccessTimingParameter Read / set / default the live P2 and P2* timing.
0x84 SecuredDataTransmission Library owns 0x84 framing + Administrative Parameter + secured-session gate; crypto via fn_secure_decode/fn_secure_encode hooks (no bundled cipher).
0x85 ControlDTCSetting DTC ON/OFF; SuppressPosMsg.
0x86 ResponseOnEvent All 8 sub-functions: onDTCStatusChange (0x01) / onTimerInterrupt (0x02) / onChangeOfDataIdentifier (0x03) / onComparisonOfValues (0x07) + start/stop/clear/report. App events emitted via uds_roe_trigger, timer events from uds_process. Definitions persist across reset via uds_roe_serialize/uds_roe_deserialize.
0x87 LinkControl Baud-rate transition; verify→transition handshake (NRC 0x24 if out of sequence).

Coverage notes

All 27 ISO 14229-1 application services are now dispatched. Partial-depth items worth noting: 0x86 implements all 8 sub-functions (the 0x07 onComparisonOfValues eventTypeRecord is a documented simplification); 0x84 ships the protocol envelope and delegates the cipher to the integrator. Unknown/unsupported SIDs are rejected with NRC 0x11 (serviceNotSupported).

Physical/functional addressing: Each service entry gates on the address_mode field in uds_service_entry_t (a UDS_ADDR_* bitmask; 0 = both, the default for all built-in core services). A functionally addressed request to a service that does not accept it is silently dropped. Per ISO 14229-1, functionally addressed requests also suppress the negative response codes 0x11, 0x12, 0x7E, 0x7F, and 0x31 to avoid flooding a shared bus.

Transport conformance (ISO 15765-2)

  • Frame types: Single (SF), First (FF), Consecutive (CF), Flow Control (FC).
  • Classic CAN (8-byte) and CAN-FD (up to 64-byte, DLC-aligned) framing.
  • Flow control: BlockSize and STmin honored; STmin 0x00–0x7F (ms) and 0xF1–0xF9 (sub-ms) decoded.
  • Timeouts: N_Cr (reception) and N_Bs (flow-control wait) abort a stalled transfer instead of wedging the engine (configurable per instance; default 1000 ms).
  • Short/malformed frames (truncated SF/FF/FC, NULL/zero-length) are rejected.

Conformance safeguards

  • NRC priority: Session → Subfunction → Length → Security → Safety, per ISO 14229-1.
  • Session policy: by default every service is reachable in every session (the integrator enforces policy via fn_is_safe or per-service session_mask). Set config.restrict_sessions for a built-in ISO-sensible default: reprogramming services (0x34/0x35/0x36/0x37/0x87/0x3D) → programming session; other privileged services (0x27/0x11/0x28/0x29/0x2E/0x2F/0x31/0x83/0x85/0x23) → extended or programming. Disallowed-session requests return NRC 0x7F.
  • SecurityAccess: seed cached and passed to the key verifier; key requires a prior requestSeed at the same level (else NRC 0x24); configurable attempt limit and delay timer.
  • Session/security reset: security level and outstanding seed cleared on session change and S3 timeout.
  • Session transitions: by default any ISO-valid session ($01 default / $02 programming / $03 extended / $04 safetySystem) may be entered from any session, per ISO 14229-1 (the standard imposes no transition graph). OEM-specific graphs (e.g. requiring extended before programming) are enforced by supplying the optional fn_session_transition_allowed(ctx, from, to) hook; returning false rejects the request with NRC 0x22.
  • RCRRP limit: configurable cap on NRC 0x78 (ResponsePending) repetitions to prevent infinite loops.
  • Safety gates: application callback can block destructive services (Reset, Write, Download) with NRC 0x22.
  • Async: UDS_PENDING (NRC 0x78) supports non-blocking integration with slow flash/hardware.
  • MISRA-C:2012: checked in CI via cppcheck's addon; no mandatory-rule violations. Required/advisory deviations documented in docs/MISRA.md.

Verification

  • End-to-end reprogramming reference (session → security → link/timing → download → transfer → checksum), smoke-tested in CI: examples/pro_flash_tool/.
  • Full server request/response sequence over ISO-TP (all services above): tests/integration/test_uds.py.
  • Unit suite per service under tests/unit/ (run via ctest).
  • PCAP + HTML session-report demo (SessionControl + ReadDataByIdentifier/VIN): run_capture.sh.

Remediation history

A 2026-02 audit against ISO 14229-1:2013 identified 20 deviations (C-01…C-20) in the then-implemented services — invalid-session acceptance, NRC-priority ordering, ALFID validation, security reset, RCRRP looping, DID buffer bounds, response echoing, and others. All C-01…C-20 were remediated in v1.9.0.

Since then: per-DID session gating corrected (programming/extended were swapped — v1.12.0), SecurityAccess requestSeed→sendKey sequencing added (v1.12.0), and ISO-TP N_Cr/N_Bs timeouts added (v1.12.0).