Summary

bp7-rs 0.10.7 accepts a BPv7 bundle whose primary block has no CRC and is not protected by a BPSec BIB block. But, RFC 9171 Section 4.3.1 requires the CRC to be present in the primary block unless the primary block is protected by a BPSec BIB block.

Details

The bundle below encodes a primary block with CRC type = 0 (“no CRC”) and three canonical blocks (Previous Node, Bundle Age, Payload). The primary block is not covered by a BIB.

9f88071844008202820301820100820100821b000000b5998c982b011a000493e08506021000458202820200850704010042183485010101004454455354ff

Behavior observed in bp7-rs:

[bp7-rs] OK:
... (Primary block with crc: CrcNo) ...
... Canonical blocks: PreviousNode, BundleAge(52), Payload("TEST") ...

Insead, Hardy rejects such bundles:

[Hardy] ERROR:
Primary block is not protected by a BPSec BIB or a CRC

Specification

RFC 9171 Section 4.3.1 states:

“CRC: A CRC SHALL be present in the primary block unless the bundle
includes a BPSec Block Integrity Block [BPSEC] whose target is the
primary block, in which case a CRC MAY be present in the primary
block.”

The current bp7-rs behavior (accepting CRC type = 0 without BIB) is therefore non-conformant.

Suggested fix

Update bp7-rs validation to reject bundles where the primary block has CRC type = 0 and is not protected by a BIB.