BSL v0.0.0 - 0.geda3e66
AMMOS Bundle Protocol Security Library (BSL)
Loading...
Searching...
No Matches
Introduction

This documentation is for the detailed BPSec Library (BSL) application programming interface (API) in the C language. This is an implementation of RFC 9172 [3] functionality and RFC 9173 [4] default security contexts.

For details about installation, maintenance, and compile-time use of the BSL, see the BSL Product Guide [11]. For details about higher-level run-time use patterns, see the BSL User Guide [12].

Library Architecture

The BSL as a whole is separated into two primary layers of implementation: an API-centric abstract Frontend library and a host-binding concrete Backend library.

The Frontend library provides the service API for the BSL to be called by its associated BPA integration and for stable public APIs used by Policy Provider implementations and Security Context implementations. The Backend library implements forward-declared structs and functions from the Frontend using specific concrete data containers, algorithms, etc.

The BSL source repository also contains Example Policy Providers and Example Default Security Contexts to actually exercise the BSL during testing, and a Mock BPA which allows as-built integration testing of the BSL using a pseudo-daemon process.

The BSL comes with a Frontend and a Dynamic Backend implementation which uses heap-allocated, dynamically-sized data structures and run-time registration capabilities. For a more constrained (e.g., flight software) environment an alternative backend could be implemented with fixed-size data containers and constant-time registry lookup algorithms.

Along with these libraries are also two integration extensions: an Example Policy module and a Default Security Contexts module. Together these use the abstract Frontend and populate the otherwise empty Dynamic Backend registries to create an out-of-the-box usable BPSec implementation.

Dependencies

The BSL is written for the C99 language [9] excluding any compiler-specific extensions.

The Dynamic Backend relies on the POSIX.1-2008 [8] standard for operating system abstraction, and M*LIB [16] for heap-allocated data containers.

The example default security contexts use the OpenSSL library [15] for all cryptographic functions, including random number generation. This allows these security contexts to be FIPS-140 [19] compliant.

BSL unit tests use the Unity library [18] for test execution and assertions.