Skip to main content

Crate spacedls

Crate spacedls 

Source
Expand description

§spacedls

no_std implementation of CCSDS 355.0-B-2 and CCSDS 355.1-B-1 — Space Data Link Security (SDLS) protocol.

This crate provides the cryptographic framing layer defined by the Consultative Committee for Space Data Systems for securing telecommand (TC), telemetry (TM), Advanced Orbiting Systems (AOS) and Unified Space Data Link Protocol (USLP) transfer frames.

§Standards

§Feature flags

FlagDefaultDescription
softcryptoyesSoftware AES-CBC, AES-GCM, and HMAC-SHA providers.
extendedyesManagedSa, ManagedKey lifecycle state machines, SA store, and Keyring proc macros.
stdnoEnables std (for testing / non-embedded targets).
defmtnoDerives defmt::Format on public error and state types.

§Architecture

The central type is SecurityAssociation, parameterized over a service provider, a frame format, and a counter-length:

SecurityAssociation<'a, S, F, N>
  'a — key lifetime
  S  — service wrapper (AsEnc, AsAuth, or AsAuthEnc)
  F  — SDLSFrameFormat (compile-time field lengths)
  N  — counter array size (sequence number or IV-as-counter)

Three service kinds map to CCSDS 355.0-B-2 Section 2.3.1.3:

  • Encryption-only (AsEnc) — confidentiality without authentication
  • Authentication-only (AsAuth) — integrity via MAC, no encryption
  • Authenticated encryption (AsAuthEnc) — confidentiality + integrity (AEAD)

Frame formats are defined at the type level via SDLSFrameFormat. Each associated type (SNLen, IVLen, PLLen, MacLen, HeaderLen) is a typenum unsigned integer, enforced at compile time to be within valid CCSDS ranges.

§Quick start

use spacedls::consts::{BIT128, BYTE0, BYTE4, BYTE12, BYTE16, BYTE18};
use spacedls::crypto::{AesGcm, VerifyMacResult};
use spacedls::key::ConstKey;
use spacedls::protocol::{SDLSFrameFormat, SecurityAssociation};
use spacedls::service::AsAuthEnc;

// Define a frame format matching your mission's SDLS configuration
struct MyFmt;
impl SDLSFrameFormat for MyFmt {
    type SNLen  = BYTE4;
    type IVLen  = BYTE12;
    type PLLen  = BYTE0;
    type MacLen = BYTE16;
    type HeaderLen = BYTE18; // 2 (SPI) + 12 (IV) + 4 (SN) + 0 (PL)
}

let key = ConstKey::<BIT128>::new([0u8; 16]);

let mut sa = SecurityAssociation::new_authenc(
    AesGcm::<aes::Aes128>::default(), 0x0001, &key, 16, None,
);

let iv = [0u8; 12].into();
let prefix = b"TC-HDR";
let plain = b"payload";
let mut cipher = [0u8; 7];
let (written, hdr, trlr) = sa.seal(iv, prefix, plain, &mut cipher).unwrap();

§Modules

  • consts — Byte/bit-width type aliases (BYTE4, BIT128, etc.)
  • key — Key trait and implementations (ConstKey, EmptyKey, ManagedKey)
  • service — Service provider traits and parameter types
  • protocol — Frame format, security association, sequence numbers, errors
  • crypto — MAC type and software crypto providers (feature-gated)

Modules§

consts
Byte-width and bit-width type aliases for typenum unsigned integers.
crypto
MAC types and software cryptographic providers.
key
Cryptographic key abstractions.
protocol
SDLS protocol types: frame format, security association, sequence numbers, and errors.
service
Service provider traits and parameter types.

Macros§

make_static_keyring
Generates a static, compile-time-fixed key ring struct.
make_static_sastore
Generates a static, compile-time-fixed SA store struct.