gazagnaire.org / ocaml-bpsec
Bundle Protocol Security (RFC 9172) - authentication and encryption for DTN
fork atom
OCaml 93.0%
Dune 2.3%
Other 4.7%
29 1 0

Clone this repository

https://tangled.org/gazagnaire.org/ocaml-bpsec https://tangled.org/did:plc:jhift2vwcxhou52p3sewcrpx/ocaml-bpsec
git@git.recoil.org:gazagnaire.org/ocaml-bpsec git@git.recoil.org:did:plc:jhift2vwcxhou52p3sewcrpx/ocaml-bpsec

For self-hosted knots, clone URLs may differ based on your setup.

Download tar.gz
README.md

bpsec#

Pure OCaml implementation of Bundle Protocol Security (RFC 9172) for Delay-Tolerant Networking.

Overview#

BPSec provides integrity and confidentiality services for Bundle Protocol v7 bundles. It defines two extension block types:

  • Block Integrity Block (BIB) - HMAC-based integrity protection
  • Block Confidentiality Block (BCB) - AES-GCM authenticated encryption

Features#

  • Full RFC 9172 BPSec implementation
  • RFC 9173 default security contexts:
    • BIB-HMAC-SHA2 (SHA-256, SHA-384, SHA-512)
    • BCB-AES-GCM (A128GCM, A256GCM)
  • CBOR encoding/decoding
  • Integration with bundle library

Installation#

opam install bpsec

Usage#

(* Create a Block Integrity Block *)
let key = String.make 32 '\x42' in
let bib = Bpsec.bib
  ~key
  ~source:(Bundle.Ipn (1L, 1L))
  ~targets:[1]
  ~target_data:["payload data"]
  ()

(* Verify integrity *)
let valid = Bpsec.verify_bib ~key bib ~target_data:["payload data"]

(* Create a Block Confidentiality Block *)
let bcb, encrypted = Bpsec.bcb
  ~key
  ~source:(Bundle.Ipn (1L, 1L))
  ~targets:[1]
  ~target_data:["secret payload"]
  ()

(* Decrypt *)
match Bpsec.decrypt_bcb ~key bcb ~ciphertext:encrypted with
| Some plaintext -> (* ... *)
| None -> (* decryption failed *)
  • ION - NASA/JPL DTN with BPSec
  • µD3TN - Lightweight DTN implementation
  • DTN7-go - Go BPv7 with BPSec support

References#

Licence#

ISC License. See LICENSE.md for details.