spacedls 0.4.0

no_std CCSDS 355.0-B-2 (SDLS) Space Data Link Security implementation
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142

use crate::core::{AuthParams, AuthProvider, AuthSpec, VerifyMacResult};
use core::{convert::Infallible, marker::PhantomData};
use ctutils::CtEq;
use hmac::{EagerHash, Hmac, KeyInit, Mac, digest::OutputSizeUser};

/// Type-level specification for HMAC-SHA, deriving key and MAC sizes from the hash.
#[derive(Debug, Clone, Copy, Default)]
pub struct HmacShaSpec<Sha>(PhantomData<Sha>);

impl<Sha> AuthSpec for HmacShaSpec<Sha>
where Sha: EagerHash
{
    type KeySize = Sha::BlockSize;
    type MacSize = <Sha::Core as OutputSizeUser>::OutputSize;
}

/// Software HMAC-SHA authentication provider. MAC verification uses constant-time comparison.
#[derive(Debug, Clone, Copy)]
pub struct HmacSha<Sha>(PhantomData<Sha>);

impl<Sha> Default for HmacSha<Sha> {
    fn default() -> Self { Self(PhantomData) }
}

impl<Sha> AuthProvider for HmacSha<Sha>
where Sha: EagerHash
{
    type Spec = HmacShaSpec<Sha>;
    type SignError = Infallible;
    type VerifyError = Infallible;

    fn sign(
        &self,
        p: &AuthParams<Self::Spec>,
        data: &[&[u8]],
    ) -> Result<crate::core::Mac<<Self::Spec as AuthSpec>::MacSize>, Self::SignError> {
        let mut mac = <Hmac<Sha> as KeyInit>::new(&p.key);
        for chunk in data {
            mac.update(chunk);
        }

        Ok(mac.finalize().into_bytes().into())
    }

    fn verify(
        &self,
        p: &AuthParams<Self::Spec>,
        data: &[&[u8]],
        mac: &[u8],
    ) -> Result<VerifyMacResult, Infallible> {
        let n = mac.len();

        let mut verifier = <Hmac<Sha> as KeyInit>::new(&p.key);
        for chunk in data {
            verifier.update(chunk);
        }
        let actual_mac = verifier.finalize().into_bytes();

        if n == 0 || n > actual_mac.len() {
            return Ok(VerifyMacResult::InvalidMac);
        }
        if mac.ct_eq(&actual_mac[0..mac.len()]).into() {
            if n < actual_mac.len() {
                Ok(VerifyMacResult::OkButTruncated)
            } else {
                Ok(VerifyMacResult::Ok)
            }
        } else {
            Ok(VerifyMacResult::InvalidMac)
        }
    }
}

#[cfg(test)]
mod tests {
    use super::HmacSha;
    use crate::core::{AuthParams, AuthProvider, VerifyMacResult};
    use assert_matches::assert_matches;
    use sha2::Sha256;
    use std::vec;

    type Provider = HmacSha<Sha256>;

    #[test]
    fn computes_and_accepts_valid_mac() {
        let provider = Provider::default();
        let params = AuthParams { key: [0x11_u8; 64].into() };
        let data = b"ccsds-auth-payload";

        let mac = provider.sign(&params, &[data]).unwrap();
        assert_matches!(
            provider.verify(&params, &[data], mac.as_slice()).unwrap(),
            VerifyMacResult::Ok
        );
    }

    #[test]
    fn rejects_tampered_mac() {
        let provider = Provider::default();
        let params = AuthParams { key: [0x22_u8; 64].into() };
        let data = b"ccsds-auth-payload";

        let mut mac = provider.sign(&params, &[data]).unwrap();
        mac[0] ^= 0x01;

        let result = provider.verify(&params, &[data], mac.as_slice());
        assert_matches!(result.unwrap(), VerifyMacResult::InvalidMac);
    }

    #[test]
    fn accepts_truncated_mac() {
        let provider = Provider::default();
        let params = AuthParams { key: [0x22_u8; 64].into() };
        let data = b"ccsds-auth-payload";

        let mac = provider.sign(&params, &[data]).unwrap();

        let result = provider.verify(&params, &[data], &mac.as_slice()[0..15]);
        assert_matches!(result.unwrap(), VerifyMacResult::OkButTruncated);
    }

    #[test]
    fn rejects_empty_mac() {
        let provider = Provider::default();
        let params = AuthParams { key: [0x22_u8; 64].into() };
        let data = b"ccsds-auth-payload";

        let result = provider.verify(&params, &[data], &[]);
        assert_matches!(result.unwrap(), VerifyMacResult::InvalidMac);
    }

    #[test]
    fn rejects_oversized_mac() {
        let provider = Provider::default();
        let params = AuthParams { key: [0x22_u8; 64].into() };
        let data = b"ccsds-auth-payload";

        let bad = vec![0_u8; 33];
        let result = provider.verify(&params, &[data], &bad);
        assert_matches!(result.unwrap(), VerifyMacResult::InvalidMac);
    }
}