bpsec#
Pure OCaml implementation of Bundle Protocol Security (RFC 9172) for Delay-Tolerant Networking.
Overview#
BPSec provides integrity and confidentiality services for Bundle Protocol v7 bundles. It defines two extension block types:
- Block Integrity Block (BIB) - HMAC-based integrity protection
- Block Confidentiality Block (BCB) - AES-GCM authenticated encryption
Features#
- Full RFC 9172 BPSec implementation
- RFC 9173 default security contexts:
- BIB-HMAC-SHA2 (SHA-256, SHA-384, SHA-512)
- BCB-AES-GCM (A128GCM, A256GCM)
- CBOR encoding/decoding
- Integration with
bundlelibrary
Installation#
Install with opam:
$ opam install bpsec
If opam cannot find the package, it may not yet be released in the public
opam-repository. Add the overlay repository, then install it:
$ opam repo add samoht https://tangled.org/gazagnaire.org/opam-overlay.git
$ opam update
$ opam install bpsec
Usage#
let () = Crypto_rng_unix.use_default ()
let key = String.make 32 '\x42'
(* Create a Block Integrity Block *)
let bib =
Bpsec.bib
~key
~source:(Bundle.Ipn (1L, 1L))
~targets:[1]
~target_data:["payload data"]
()
(* Verify integrity *)
let () = assert (Bpsec.verify_bib ~key bib ~target_data:["payload data"])
(* Create a Block Confidentiality Block *)
let bcb, encrypted =
Bpsec.bcb
~key
~source:(Bundle.Ipn (1L, 1L))
~targets:[1]
~target_data:["secret payload"]
()
(* Decrypt *)
let plaintext =
match Bpsec.decrypt_bcb ~key bcb ~ciphertext:encrypted with
| Some [p] -> p
| _ -> failwith "decryption failed"
let () = assert (plaintext = "secret payload")
Related Work#
- ION - NASA/JPL DTN with BPSec
- µD3TN - Lightweight DTN implementation
- DTN7-go - Go BPv7 with BPSec support
References#
Licence#
ISC License. See LICENSE.md for details.