use crate::packet::{Layer, LayerContext};
use crate::protocols::ipsec::ikev2::payload::{
write_generic_payload_header, IkePayload, PayloadHeaderFields, PayloadType,
};
use crate::protocols::transport::common::{impl_layer_div, impl_layer_object};
use crate::Result;
pub const IKE_EAP_PAYLOAD_NAME: &str = "IkeEapPayload";
#[derive(Debug, Clone)]
pub struct IkeEapPayload {
eap_message: Vec<u8>,
header: PayloadHeaderFields,
}
impl IkeEapPayload {
pub fn new(eap_message: impl Into<Vec<u8>>) -> Self {
Self {
eap_message: eap_message.into(),
header: PayloadHeaderFields::new(),
}
}
pub fn eap_message(mut self, eap_message: impl Into<Vec<u8>>) -> Self {
self.eap_message = eap_message.into();
self
}
pub fn next_payload(mut self, next_payload: u8) -> Self {
self.header.set_next_payload(next_payload);
self
}
pub fn payload_length(mut self, length: u16) -> Self {
self.header.set_length(length);
self
}
pub fn critical(mut self, critical: bool) -> Self {
self.header.set_critical(critical);
self
}
pub fn eap_message_bytes(&self) -> &[u8] {
&self.eap_message
}
}
impl IkePayload for IkeEapPayload {
fn payload_type(&self) -> PayloadType {
PayloadType::ExtensibleAuthentication
}
fn payload_body(&self, _ctx: &LayerContext<'_>) -> Result<Vec<u8>> {
Ok(self.eap_message.clone())
}
fn next_payload_override(&self) -> Option<u8> {
self.header.next_payload_override()
}
fn payload_length_override(&self) -> Option<u16> {
self.header.payload_length_override()
}
fn critical(&self) -> bool {
self.header.critical()
}
}
impl Layer for IkeEapPayload {
fn name(&self) -> &'static str {
IKE_EAP_PAYLOAD_NAME
}
fn summary(&self) -> String {
format!("IkeEapPayload(eap_message_len={})", self.eap_message.len())
}
fn inspection_fields(&self) -> Vec<(&'static str, String)> {
vec![("eap_message_len", self.eap_message.len().to_string())]
}
fn encoded_len(&self) -> usize {
super::GENERIC_PAYLOAD_HEADER_LEN + self.eap_message.len()
}
fn compile(&self, ctx: &LayerContext<'_>, out: &mut Vec<u8>) -> Result<()> {
let body = self.payload_body(ctx)?;
write_generic_payload_header(
out,
ctx,
self.next_payload_override(),
self.critical(),
self.payload_length_override(),
body.len(),
)?;
out.extend_from_slice(&body);
Ok(())
}
impl_layer_object!(IkeEapPayload);
}
impl_layer_div!(IkeEapPayload);
pub(crate) fn parse_eap_payload_body(bytes: &[u8]) -> Result<IkeEapPayload> {
Ok(IkeEapPayload::new(bytes.to_vec()))
}
#[cfg(test)]
mod tests {
use super::*;
use crate::packet::{LayerContext, Packet, Raw};
use crate::protocols::ipsec::ikev2::payload::GENERIC_PAYLOAD_HEADER_LEN;
fn compile_payload(payload: IkeEapPayload) -> Vec<u8> {
let packet = Packet::from_layer(payload);
let ctx = LayerContext::new(&packet, 0);
let mut out = Vec::new();
packet.get(0).unwrap().compile(&ctx, &mut out).unwrap();
out
}
fn eap_request_identity() -> IkeEapPayload {
IkeEapPayload::new(vec![0x01u8, 0x2A, 0x00, 0x05, 0x01])
}
#[test]
fn eap_payload_type_and_name() {
let payload = eap_request_identity();
assert_eq!(
payload.payload_type(),
PayloadType::ExtensibleAuthentication
);
assert_eq!(PayloadType::ExtensibleAuthentication.codepoint(), 48);
assert_eq!(payload.name(), IKE_EAP_PAYLOAD_NAME);
}
#[test]
fn body_is_eap_message_bytes() {
let payload = eap_request_identity();
assert_eq!(payload.eap_message_bytes(), &[0x01, 0x2A, 0x00, 0x05, 0x01]);
}
#[test]
fn payload_compiles_generic_header_then_body() {
let payload = eap_request_identity();
let bytes = compile_payload(payload.clone());
assert_eq!(bytes[0], 0); assert_eq!(bytes[1], 0); let payload_len = u16::from_be_bytes([bytes[2], bytes[3]]) as usize;
assert_eq!(payload_len, bytes.len());
assert_eq!(payload_len, payload.encoded_len());
assert_eq!(
&bytes[GENERIC_PAYLOAD_HEADER_LEN..],
&[0x01, 0x2A, 0x00, 0x05, 0x01]
);
}
#[test]
fn payload_honors_generic_header_overrides() {
let payload = eap_request_identity()
.next_payload(40)
.critical(true)
.payload_length(0xBEEF);
let bytes = compile_payload(payload);
assert_eq!(bytes[0], 40);
assert_eq!(bytes[1], 0x80); assert_eq!(u16::from_be_bytes([bytes[2], bytes[3]]), 0xBEEF);
}
#[test]
fn chain_next_payload_points_at_eap() {
use crate::protocols::ipsec::ikev2::payload::{
following_next_payload, payload_type_for_layer_name, PAYLOAD_EAP,
};
assert_eq!(
payload_type_for_layer_name(IKE_EAP_PAYLOAD_NAME),
Some(PayloadType::ExtensibleAuthentication)
);
let packet: Packet = Packet::from_layer(Raw::from_bytes([0u8; 0])) / eap_request_identity();
let ctx = LayerContext::new(&packet, 0);
assert_eq!(following_next_payload(&ctx), PAYLOAD_EAP);
}
#[test]
fn round_trip_preserves_eap_message() {
let payload = eap_request_identity();
let bytes = compile_payload(payload.clone());
let parsed = parse_eap_payload_body(&bytes[GENERIC_PAYLOAD_HEADER_LEN..]).unwrap();
assert_eq!(parsed.eap_message_bytes(), &[0x01, 0x2A, 0x00, 0x05, 0x01]);
let recompiled = compile_payload(parsed);
assert_eq!(recompiled, bytes);
}
}