Skip to main content

SecurityAssociation

spacedls::protocol

Struct SecurityAssociation 

Source 
pub struct SecurityAssociation<'a, S: ServiceProviderGeneric, F: SDLSFrameFormat, N: ArraySize> { /* private fields */ }
Expand description

The core SDLS processing entity (CCSDS 355.0-B-2 Section 2.3.1).

Binds a service provider, frame format, key reference and anti-replay counter into a stateful object that performs cryptographic operations on transfer frames.

§Generic parameters

  • 'a — key lifetime
  • S — service wrapper (AsEnc, AsAuth, or AsAuthEnc)
  • FSDLSFrameFormat defining field lengths
  • N — counter array size (sequence number bytes, or IV bytes in counter mode)

§ABM (Authentication Bit Mask)

When set, the ABM is applied to the frame prefix and security header before MAC computation. Data field masking is intentionally unsupported: AND is lossy and no_std forbids allocating a masked copy. Also data field bytes are recommended always 0xFF in the ABM anyway (CCSDS 355.0-B-2 Section 4.2.2.6.2). The ABM must be at least as long as the frame prefix plus the security header.

§Counter modes (AuthEnc)

  • Explicit SN (new_authenc / seal / open): caller provides the IV; the SA maintains a separate sequence number in the SN header field.
  • IV-as-counter (new_authenc_ctr / seal_ctr / open_ctr): the SA derives the IV from its internal counter; the SN header field is zero-length.

Implementations§

Source§

impl<'a, S: ServiceProviderGeneric, F: SDLSFrameFormat, N: ArraySize> SecurityAssociation<'a, S, F, N>

Source

pub fn spi(&self) -> u16

Returns the Security Parameter Index.

Source

pub fn set_spi(&mut self, spi: u16)

Sets the Security Parameter Index.

Source

pub fn sn_length() -> usize

Returns the sequence number field length in bytes.

Source

pub fn sn(&self) -> &SequenceNumber<N>

Returns a reference to the internal sequence number.

Source

pub fn sn_mut(&mut self) -> &mut SequenceNumber<N>

Returns a mutable reference to the internal sequence number.

Source

pub fn iv_length(&self) -> usize

Returns the IV field length in bytes.

Source

pub fn mac_length(&self) -> usize

Returns the MAC field length in bytes.

Source

pub const fn service_type(&self) -> ServiceKind

Returns the service kind (Enc, Auth, or AuthEnc).

Source

pub fn get_key( &self, ) -> &'a dyn Key<<<S as ServiceProviderGeneric>::Param as WithKeySize>::KeySize>

Returns the key reference.

Source

pub fn set_key( &mut self, key: &'a dyn Key<<<S as ServiceProviderGeneric>::Param as WithKeySize>::KeySize>, )

Replaces the key reference.

Source

pub fn abm(&self) -> Option<&[u8]>

Returns the ABM slice, if set.

Source

pub fn set_abm(&mut self, abm: Option<&'a [u8]>)

Sets or clears the Authentication Bit Mask.

Source§

impl<'a, S, F> SecurityAssociation<'a, AsEnc<S>, F, U0>
where S: EncProvider, F: SDLSFrameFormat<IVLen = <S::Spec as EncSpec>::IvSize>, F::MacLen: Zero, F::SNLen: Zero, F::IVLen: NonZero,

Source

pub fn new_enc( service: S, spi: u16, key: &'a dyn Key<<<AsEnc<S> as ServiceProviderGeneric>::Param as WithKeySize>::KeySize>, ) -> Self

Creates an encryption-only SA. Frame format must have non-zero IVLen and zero MacLen/SNLen.

Source

pub fn encrypt( &self, iv: Array<u8, F::IVLen>, plain: &[u8], cipher: &mut [u8], ) -> Result<(usize, SecurityHeader<F>), SaOperationError<S::EncryptError>>

Encrypts plain into cipher using the provided IV. Returns the security header. The output buffer cipher should be sized with possible algorithm padding in mind. Returns the number of bytes written to the output buffer and the Security Header for the frame.

Source

pub fn decrypt( &self, sec_hdr: SecurityHeader<F>, cipher: &mut [u8], ) -> Result<usize, SaOperationError<S::DecryptError>>

Decrypts cipher in place. Validates SPI before decryption. Returns the number of bytes written into the inout buffer.

Source§

impl<'a, S, F> SecurityAssociation<'a, AsAuth<S>, F, F::SNLen>
where S: AuthProvider, F: SDLSFrameFormat, F::IVLen: Zero, F::PLLen: Zero, F::SNLen: NonZero, F::MacLen: NonZero,

Source

pub fn new_auth( service: S, spi: u16, key: &'a dyn Key<<<AsAuth<S> as ServiceProviderGeneric>::Param as WithKeySize>::KeySize>, sn_window: u16, abm: Option<&'a [u8]>, ) -> Self

Creates an authentication-only SA with replay detection.

Source

pub fn sign<const N_PRFX: usize>( &mut self, frame_prefix: &[u8; N_PRFX], data: &[u8], ) -> Result<(SecurityHeader<F>, SecurityTrailer<F>), SaOperationError<S::SignError>>

Authenticates plain and advances SN on success. Returns the Security Header and Trailer for the Secure Frame

Source

pub fn verify<const N_PRFX: usize>( &mut self, frame_prefix: &[u8; N_PRFX], data: &[u8], sec_hdr: SecurityHeader<F>, sec_trlr: SecurityTrailer<F>, ) -> Result<VerifyMacResult, SaOperationError<S::VerifyError>>

Verifies the MAC and checks for replay. Sets sequence number to incoming if accepted.

Source§

impl<'a, S, F> SecurityAssociation<'a, AsAuthEnc<S>, F, F::SNLen>
where S: AuthEncProvider, F: SDLSFrameFormat<IVLen = <S::Spec as AuthEncSpec>::IvSize>, F::PLLen: Zero, F::IVLen: NonZero, F::MacLen: NonZero, F::SNLen: NonZero,

Source

pub fn new_authenc( service: S, spi: u16, key: &'a dyn Key<<<AsAuthEnc<S> as ServiceProviderGeneric>::Param as WithKeySize>::KeySize>, sn_window: u16, abm: Option<&'a [u8]>, ) -> Self

Creates an authenticated-encryption SA with explicit IV and sequence number.

Source

pub fn seal<const N_PRFX: usize>( &mut self, iv: Array<u8, F::IVLen>, frame_prefix: &[u8; N_PRFX], plain: &[u8], cipher: &mut [u8], ) -> Result<(usize, SecurityHeader<F>, SecurityTrailer<F>), SaOperationError<S::SealError>>

Encrypts and authenticates plain with the provided IV. Advances SN on success. Returns the number of bytes written to the output buffer, the Security Header, and Trailer for the frame.

Source

pub fn open<const N_PRFX: usize>( &mut self, frame_prefix: &[u8; N_PRFX], cipher: &mut [u8], sec_hdr: SecurityHeader<F>, sec_trlr: SecurityTrailer<F>, ) -> Result<(usize, VerifyMacResult), SaOperationError<S::OpenError>>

Verifies MAC and decrypts cipher in place. Sets sequence number to incoming if accepted. Returns the number of bytes written in the inout data buffer.

Source§

impl<'a, S, F> SecurityAssociation<'a, AsAuthEnc<S>, F, F::IVLen>
where S: AuthEncProvider, F: SDLSFrameFormat<IVLen = <S::Spec as AuthEncSpec>::IvSize>, F::PLLen: Zero, F::IVLen: NonZero, F::MacLen: NonZero, F::SNLen: Zero,

Source

pub fn new_authenc_ctr( service: S, spi: u16, key: &'a dyn Key<<<AsAuthEnc<S> as ServiceProviderGeneric>::Param as WithKeySize>::KeySize>, sn_window: u16, abm: Option<&'a [u8]>, ) -> Self

Creates an authenticated-encryption SA using IV-as-counter mode.

Source

pub fn seal_ctr<const N_PRFX: usize>( &mut self, frame_prefix: &[u8; N_PRFX], plain: &[u8], cipher: &mut [u8], ) -> Result<(SecurityHeader<F>, SecurityTrailer<F>), SaOperationError<S::SealError>>

Encrypts and authenticates using the IV field for the sequence number and the IV (deterministic incrementing counter). Returns the Security Header and Trailer for the outgoing frame.

Source

pub fn open_ctr<const N_PRFX: usize>( &mut self, frame_prefix: &[u8; N_PRFX], cipher: &mut [u8], sec_hdr: SecurityHeader<F>, sec_trlr: SecurityTrailer<F>, ) -> Result<(usize, VerifyMacResult), SaOperationError<S::OpenError>>

Verifies and decrypts. IV field is used for the sequence number and the IV (deterministic incrementing counter). Returns the number of bytes written in the inout data buffer.

Auto Trait Implementations§

§

impl<'a, S, F, N> Freeze for SecurityAssociation<'a, S, F, N>
where S: Freeze, <N as ArraySize>::ArrayType<u8>: Freeze,

§

impl<'a, S, F, N> !RefUnwindSafe for SecurityAssociation<'a, S, F, N>

§

impl<'a, S, F, N> !Send for SecurityAssociation<'a, S, F, N>

§

impl<'a, S, F, N> !Sync for SecurityAssociation<'a, S, F, N>

§

impl<'a, S, F, N> Unpin for SecurityAssociation<'a, S, F, N>
where S: Unpin, F: Unpin, <N as ArraySize>::ArrayType<u8>: Unpin,

§

impl<'a, S, F, N> UnsafeUnpin for SecurityAssociation<'a, S, F, N>
where S: UnsafeUnpin, <N as ArraySize>::ArrayType<u8>: UnsafeUnpin,

§

impl<'a, S, F, N> !UnwindSafe for SecurityAssociation<'a, S, F, N>

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.