spacedls 0.4.0

no_std CCSDS 355.0-B-2 (SDLS) Space Data Link Security implementation
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88

# spacedls

## spacedls

`no_std` implementation of **CCSDS 355.0-B-2** and **CCSDS 355.1-B-1** — Space Data Link Security (SDLS) protocol.

This crate provides the cryptographic framing layer defined by the Consultative Committee
for Space Data Systems for securing telecommand (TC), telemetry (TM), Advanced Orbiting Systems (AOS)
and Unified Space Data Link Protocol (USLP) transfer frames.

### Standards

- [CCSDS 355.0-B-2 — SDLS standard procedures](https://public.ccsds.org/Pubs/355x0b2.pdf)
- [CCSDS 355.1-B-1 — SDLS extended procedures](https://public.ccsds.org/Pubs/355x1b1.pdf)

### Feature flags

| Flag | Default | Description |
|------|---------|-------------|
| `softcrypto` | yes | Software AES-CBC, AES-GCM, and HMAC-SHA providers. |
| `extended` | yes | `ManagedSa`, `ManagedKey` lifecycle state machines, SA store, and Keyring proc macros. |
| `std` | no | Enables `std` (for testing / non-embedded targets). |
| `defmt` | no | Derives `defmt::Format` on public error and state types. |

### Architecture

The central type is [`SecurityAssociation`](protocol::SecurityAssociation), parameterized
over a service provider, a frame format, and a counter-length:

```
SecurityAssociation<'a, S, F, N>
  'a — key lifetime
  S  — service wrapper (AsEnc, AsAuth, or AsAuthEnc)
  F  — SDLSFrameFormat (compile-time field lengths)
  N  — counter array size (sequence number or IV-as-counter)
```

Three service kinds map to CCSDS 355.0-B-2 Section 2.3.1.3:

- **Encryption-only** (`AsEnc`) — confidentiality without authentication
- **Authentication-only** (`AsAuth`) — integrity via MAC, no encryption
- **Authenticated encryption** (`AsAuthEnc`) — confidentiality + integrity (AEAD)

Frame formats are defined at the type level via [`SDLSFrameFormat`](protocol::SDLSFrameFormat).
Each associated type (`SNLen`, `IVLen`, `PLLen`, `MacLen`, `HeaderLen`) is a `typenum`
unsigned integer, enforced at compile time to be within valid CCSDS ranges.

### Quick start

```rust
use spacedls::consts::{BIT128, BYTE0, BYTE4, BYTE12, BYTE16, BYTE18};
use spacedls::crypto::{AesGcm, VerifyMacResult};
use spacedls::key::ConstKey;
use spacedls::protocol::{SDLSFrameFormat, SecurityAssociation};
use spacedls::service::AsAuthEnc;

// Define a frame format matching your mission's SDLS configuration
struct MyFmt;
impl SDLSFrameFormat for MyFmt {
    type SNLen  = BYTE4;
    type IVLen  = BYTE12;
    type PLLen  = BYTE0;
    type MacLen = BYTE16;
    type HeaderLen = BYTE18; // 2 (SPI) + 12 (IV) + 4 (SN) + 0 (PL)
}

let key = ConstKey::<BIT128>::new([0u8; 16]);

let mut sa = SecurityAssociation::new_authenc(
    AesGcm::<aes::Aes128>::default(), 0x0001, &key, 16, None,
);

let iv = [0u8; 12].into();
let prefix = b"TC-HDR";
let plain = b"payload";
let mut cipher = [0u8; 7];
let (written, hdr, trlr) = sa.seal(iv, prefix, plain, &mut cipher).unwrap();
```

### Modules

- [`consts`] — Byte/bit-width type aliases (`BYTE4`, `BIT128`, etc.)
- [`key`] — Key trait and implementations (`ConstKey`, `EmptyKey`, `ManagedKey`)
- [`service`] — Service provider traits and parameter types
- [`protocol`] — Frame format, security association, sequence numbers, errors
- [`crypto`] — MAC type and software crypto providers (feature-gated)

License: Apache-2.0