spacedls 0.4.0

no_std CCSDS 355.0-B-2 (SDLS) Space Data Link Security implementation
Documentation
spacedls-0.4.0 has been yanked.

spacedls

spacedls

no_std implementation of CCSDS 355.0-B-2 and CCSDS 355.1-B-1 — Space Data Link Security (SDLS) protocol.

This crate provides the cryptographic framing layer defined by the Consultative Committee for Space Data Systems for securing telecommand (TC), telemetry (TM), Advanced Orbiting Systems (AOS) and Unified Space Data Link Protocol (USLP) transfer frames.

Standards

Feature flags

Flag Default Description
softcrypto yes Software AES-CBC, AES-GCM, and HMAC-SHA providers.
extended yes ManagedSa, ManagedKey lifecycle state machines, SA store, and Keyring proc macros.
std no Enables std (for testing / non-embedded targets).
defmt no Derives defmt::Format on public error and state types.

Architecture

The central type is SecurityAssociation, parameterized over a service provider, a frame format, and a counter-length:

SecurityAssociation<'a, S, F, N>
  'a — key lifetime
  S  — service wrapper (AsEnc, AsAuth, or AsAuthEnc)
  F  — SDLSFrameFormat (compile-time field lengths)
  N  — counter array size (sequence number or IV-as-counter)

Three service kinds map to CCSDS 355.0-B-2 Section 2.3.1.3:

  • Encryption-only (AsEnc) — confidentiality without authentication
  • Authentication-only (AsAuth) — integrity via MAC, no encryption
  • Authenticated encryption (AsAuthEnc) — confidentiality + integrity (AEAD)

Frame formats are defined at the type level via SDLSFrameFormat. Each associated type (SNLen, IVLen, PLLen, MacLen, HeaderLen) is a typenum unsigned integer, enforced at compile time to be within valid CCSDS ranges.

Quick start

use spacedls::consts::{BIT128, BYTE0, BYTE4, BYTE12, BYTE16, BYTE18};
use spacedls::crypto::{AesGcm, VerifyMacResult};
use spacedls::key::ConstKey;
use spacedls::protocol::{SDLSFrameFormat, SecurityAssociation};
use spacedls::service::AsAuthEnc;

// Define a frame format matching your mission's SDLS configuration
struct MyFmt;
impl SDLSFrameFormat for MyFmt {
    type SNLen  = BYTE4;
    type IVLen  = BYTE12;
    type PLLen  = BYTE0;
    type MacLen = BYTE16;
    type HeaderLen = BYTE18; // 2 (SPI) + 12 (IV) + 4 (SN) + 0 (PL)
}

let key = ConstKey::<BIT128>::new([0u8; 16]);

let mut sa = SecurityAssociation::new_authenc(
    AesGcm::<aes::Aes128>::default(), 0x0001, &key, 16, None,
);

let iv = [0u8; 12].into();
let prefix = b"TC-HDR";
let plain = b"payload";
let mut cipher = [0u8; 7];
let (written, hdr, trlr) = sa.seal(iv, prefix, plain, &mut cipher).unwrap();

Modules

  • [consts] — Byte/bit-width type aliases (BYTE4, BIT128, etc.)
  • [key] — Key trait and implementations (ConstKey, EmptyKey, ManagedKey)
  • [service] — Service provider traits and parameter types
  • [protocol] — Frame format, security association, sequence numbers, errors
  • [crypto] — MAC type and software crypto providers (feature-gated)

License: Apache-2.0