The TReK CFDP console application provides the capability to transfer files using the Consultative Committee for Space Data Systems (CCSDS) File Delivery Protocol (CFDP). The application uses the TReK CFDP library to provide CFDP functionality through a menu of console application command line primitives.
The CCSDS File Delivery Protocol (CFDP) was developed by the Consultative Committee for Space Data Systems (CCSDS). Official specifications are contained in a CCSDS document called the CFDP Blue Book (available at www.ccsds.org). The CFDP protocol provides reliable transfer of files from one computer (entity) to another, and has been designed to work well over space links. It can be used to perform space to ground, ground to space, and ground to ground file transfers.
CFDP requires a sender and a receiver. The sender and receiver must be configured and running at the same time to perform a file transfer. Each party is referred to as an “Entity”. The sender is an entity and the receiver is an entity. Each “Entity” must have a unique Entity ID. For example:
To move a file from one computer to another, you will enter one or more CFDP Commands (primitives) to indicate the action to be taken. The syntax of a primitive is as follows:
[CFDP Directive] [Transmission] [source-path] [remote-EID] [destination-path]
The TReK CFDP console application provides support for CFDP over User Datagram Protocol (UDP) and CFDP over Bundle Protocol (BP) using the Jet Propulsion Lab (JPL) Interplanetary Overlay Network (ION) Disruption Tolerant Networking (DTN) software. The CFDP over UDP configuration option is referred to as Native CFDP. The CFDP over BP configuration option is referred to as ION CFDP. In the Native CFDP configuration, the application uses UDP sockets and a Goddard Space Flight Center (GSFC) CFDP library that performs the CFDP work. In the ION CDFP configuration, the TReK CFDP console application communicates with the ION software which performs the CFDP work.
There are differences in capabilities and syntax between the CFDP Native mode and the ION CFDP mode. These differences are summarized below.
Native CFDP Configuration
The syntax of a primitive is as follows:
[CFDP Directive] [Transmission] [source-path] [remote-EID] [destination-path]
Native CFDP Example: put class2 “D:\file1.txt” 2 “/home/kirk/file1.txt”
The TReK CFDP application currently supports multiple CFDP Directives for both Native and ION CFDP modes. These are defined in the Table 2 CFDP Directives.
Valid Transmission values are class1 or class2. Class1 does not guarantee reliable delivery of the file to the destination. Class2 does ensure reliable delivery.
The file you want to transfer is considered the “Source” and the location it should be transferred to is considered the “Destination”.
When entering a Source or Destination in a CFDP command line, it must be encapsulated in double quotes.
ION CFDP Configuration
The syntax of a primitive is as follows:
[CFDP Directive] [Transmission] [source-path] [remote-EID] [destination-path]
ION CFDP Example: put //// “D:\file1.txt” 2 “/home/kirk/file1.txt”
The TReK CFDP application currently supports multiple CFDP Directives for both Native and ION CFDP modes. These are defined in the Table 2 CFDP Directives.
The Transmission entry for ION CFDP is composed of five properties. Once these properties are configured, a “////” string is used to indicate that the pre-configured values should be used. The “////” nomenclature is shorthand notation for the following combination of values:
Lifespan/Bundle Protocol Class of Service/Expedited Priority Ordinal/Transmission Mode/Criticality
When the values are empty it indicates that pre-configured values should be used for these properties.
A summary of the Transmission properties is provided in the following table. For details, please reference section 5.1 Table 4.
| Property | Description |
| Lifespan | The lifespan is the bundle's "time to live" (TTL) in seconds. The bundle is destroyed if its TTL has expired and it has not reached its destination. |
| Bundle Protocol Class of Service | The Bundle Protocol Class of Service defines the transmission priority of outbound bundles from three ION priority queues corresponding to bulk, standard, and expedited priorities. The expedited priority queue must be empty before bundles in the standard or bulk queues are serviced by ION. Therefore, bundles with expedited priority should only be sent in critical/emergency situations. |
| Expedited Priority Ordinal | The expedited priority ordinal is only associated with the expedited priority class of service. |
| Transmission Mode | The transmission mode defines the reliability of bundle delivery to a destination. The three transmission modes supported are best effort, assured, and assured with custody transfer. |
| Criticality | A critical bundle is one that has to reach its destination as soon as is physically possible. For this reason, bundles flagged as critical may not include custody transfer and require an ION configuration with contact graph routing. In some cases, a critical bundle may be sent over multiple routes to ensure delivery to its final destination. Critical bundles are placed in the expedited priority queue and should only be used in emergency situations. |
CFDP Directives
The TReK CFDP console application currently supports multiple CFDP directives for both Native and ION CFDP mode and includes put and get directives, filestore directives and message directives. These directives are defined in the following table:
| Directive | Description |
| append_file | append a file at the remote entity to another file at the remote entity. |
| bit_rate | changes the aggregate file transfer bit rate, in real time, for local or remote entities hosting a TReK implementation of Native CFDP. The “affected EID” may be the local entity ID or a remote entity ID. The "bit_rate" primitive is delivered to a remote entity in the form of a TReK CFDP message. |
| close_rec_file | send a directive to a TReK Record library to close one or all open record files. If the record file name is not included in the primitive, all open record files associated with the TReK Record library are closed. The TReK Record library automatically opens a new record file after it closes a current record file. The “affected EID” may be the local entity ID or a remote entity ID. The "close_rec_file" directive is delivered to a remote entity in the form of a TReK CFDP message. |
| create_dir | create a directory at the remote entity. |
| create_file | create an empty file at the remote entity. |
| delete_file | delete a file at the remote entity. |
| deny_dir | delete a directory at the remote entity. (Like remove_dir, but does not fail if the directory does not exist. Directory must be empty.) |
| deny_file | delete a file at the remote entity. (Like delete_file, but does not fail if the file does not exist) |
| get | copy file(s) from the remote entity to the local entity. (File cannot be empty.) |
| message | send a text string to the remote entity. |
| put | copy file(s) from the local entity to the remote entity. (File cannot be empty.) |
| remove_dir | delete a directory at the remote entity. (Directory must be empty.) |
| rename_file | rename a file at the remote entity. |
| replace_file | replace a file (contents) at the remote entity with another file (contents) at the remote entity. |
Some directives only require a Source. The following table describes what is required for Source and Destination for each directive. Name of file, filename, and name of directory refer to an absolute path.
| Directive | Source (first file) | Destination (second file) |
| append_file | name of file whose contents form first part of new file and name of the new file | name of file whose contents will form second part of new file |
| bit_rate | aggregate file transfer bit rate | |
| close_rec_file | name of the TReK record library device | name of the TReK record file to close (if not included all record files associated with the record device are closed) |
| create_dir | name of directory to be created | |
| create_file | filename to be created | |
| delete_file | filename to be deleted | |
| deny_dir | name of directory to be deleted | |
| deny_file | filename to be deleted | |
| get | file or directory name of file(s) to retrieve | file or directory name for file(s) retrieved |
| message | message | |
| put | file or directory name of file(s) to send | file or directory name for file(s) sent |
| remove_dir | name of directory to be deleted | |
| rename_file | old filename | new filename |
| replace_file | filename whose contents are to be replaced | filename whose contents will replace the contents of the first filename |
When entering a Source or Destination in a CFDP command line, it must be encapsulated in double quotes.
Note: The Get directive is not supported in all ISS CFDP Native and ION implementations. Filestore and message directives are not supported in all ISS CFDP Native implementations. They are supported by TReK when both the sender and receiver are TReK CFDP implementations (TReK CFDP application, TReK CFDP console application, or TReK CFDP Library). In addition, the bit rate and close rec file directives are not part of the CFDP Blue Book. The bit rate directive is only supported by the TReK CFDP implementation of Native CFDP. The close rec file directive is only supported the by the TReK CFDP implementation of Native and ION CFDP in conjunction with the TReK Record library.
TReK CFDP may be configured to encrypt and decrypt all Native CFDP transactions streams (e.g., "put", "get", "message", "create_file", "delete_file" ...). The Native CFDP stream encryption and decryption capability is implemented by encrypting and decrypting the CFDP Protocol Data Units (PDUs) that are exchanged between the CFDP source and destination platforms. In addition, Native CFDP stream encryption may be configured to encrypt a time stamp, Time To Live (TTL) value and sequence count to provide replay resistance time authentication in support of Safety Conditional KuIP Services (SCKIPS). The encrypted TTL value is in seconds and must be between 0-65535. The time authentication software compares the packet's decrypted time stamp with the operating system time (plus or minus the decrypted TTL) to see if the packet's decrypted time falls within the authentication time window. In addition, the time authentication software does not allow a packet to be processed if the decrypted time and sequence count stays the same or decreases when compared to the previous decrypted packet time and sequence count. Review the “remote entity ID” discussion in the CFDP configuration file description for further information on this Native CFDP encrypt/decrypt configuration option. This option is not available for ION CFDP because TReK CFDP does not have access to ION’s CFDP PDUs.
TReK provides the ability to create CFDP dropboxes to push files to a remote destination. The dropboxes support both Native and ION CFDP modes. CFDP dropboxes are created when the TReK application’s TReK CFDP library reads and processes the TReK CFDP configuration file. A TReK CFDP configuration file CFDP "dropbox" primitive defines a dropbox's operation parameters including where the dropbox is located and the destination of each file placed in the dropbox. A dropbox file is transferred to the dropbox destination immediately after the file is copied to the dropbox assuming a communication path exists between both sides of the transaction. Pre-existing dropbox files are immediately transferred after the creation of the dropbox.
TReK also provides the ability to create encryption and decryption dropboxes to encrypt and decrypt local files. The encrypt and decrypt dropboxes support both Native and ION CFDP modes. Encrypt and decrypt dropboxes are created when the TReK application’s TReK CFDP library reads and processes the TReK CFDP configuration file. A TReK CFDP configuration file encrypt/decrypt "dropbox" primitive defines a dropbox's operation parameters including where the dropbox is located and the directory location of the newly created encrypted or decrypted file. By chaining together encrypt and decrypt dropboxes with a CFDP dropbox, a completely automated encrypt, CFDP file transfer, decrypt chain may be created. This is the only method TReK provides to automate file encryption/decryption using ION CFDP.
TReK includes a CFDP Graphical User Interface (GUI) application and a CFDP library. If you need command line CFDP functionality onboard a spacecraft consider using the TReK CFDP console application. Source code for the console application is provided in the TReK example directory. If you need CFDP functionality without a command line interface, the CFDP destination application may meet your requirements. The source code for the CFDP destination application is also found in the TReK example directory. If you need CFDP functionality on the ground consider using the TReK CFDP GUI application. If you need to include CFDP functionality in your own application, consider using the TReK CFDP library.
TReK Encryption
The TReK encryption library uses OpenSSL's FIPS 140-2 validated cryptographic module and public/private key pairs to encrypt and decrypt files and packets. TReK encryption library support is provided on 32 bit and 64 bit Linux operating systems and 64 bit Windows operating systems. TReK encryption library support is not available on 32 bit Window operating systems. Both the flight platform and ground platform generate public/private key pairs using TReK's "trek_crypt" application. TReK's public key/private key encryption architecture is based on Elliptic Curve Cryptography (ECC) using curve P-256 providing 128-bit security with 128 or 256 bit keys. The cipher packages included with the TReK encryption library are the Advance Encryption Standard (AES) Galois/Counter Mode(AES GCM) and the AES Counter with CBC-MAC (AES CCM) ciphers offering confidentiality, authenticity and integrity. The library supports 128 and 256 bit cipher key sizes and provides AES 128 and 256 bit key-wrap/unwrap functions. Fresh Cipher Encryption Keys (CEK) are created for files and packets using a Password-Based Key Derivation Function 2 (PBKDF2).
TReK's "trek_crypt" application generates the public and private key pair using ECC. The private key is wrapped prior to storing in a file with a default passphrase or an optional user passphrase up to 63 characters in length. If a user passphrase is used to wrap the private key, the passphrase must be provided during runtime. Three methods are available to provide the user passphrase at runtime: enter the passphrase using the TReK CFDP GUI, include the passphrase as a seperate parameter after the path and filename of the CFDP configuration file when launching the TReK CFDP console application or provide the passphrase programmatically using the TReK API. The latter method requires recompilation of the TReK CFDP console application or user application. A shared secred key is generated using the private key and the remote/destination platform's public key referred to as the peer public key. The peer public key (i.e., the public key of the destination platform) must be exchanged manually prior to encryption or decryption, no automated key exchange mechanisms is implemented. The TReK encryption library generates a new CEK for every encrypted file and may be configured to generate a new CEK for every encrypted packet in a packet stream. The TReK encryption library may also be configured to generate a new CEK, for a packet stream, once every "x" seconds to support encryption of high rate packet stream. No "encryption handshaking" is required between flight and ground hardware during the encryption and decryption of packets.
Files may be encrypted and decrypted using TReK encryption or decryption dropboxes. Native CFDP may be configured to encrypt and decrypt the CFDP packet streams associated with CFDP transactions. The native CFDP stream encryption configuration automatically encrypts and decrypts files as they are being transferred between the source platform and destination platform requiring no encryption or decryption dropbox. The CFDP packet stream encryption option is not available for ION CFDP. ION CFDP must use the encryption and decryption dropboxes to encrypt and decrypt files. Review the description of the CFDP configuration file's remote entity IDs for further information on packet stream encryption and native CFDP.