From e168c7e3449450dc7405aa3fda86fa9fece915bd Mon Sep 17 00:00:00 2001 From: Jason Scatena Date: Mon, 7 Aug 2023 14:16:29 -0400 Subject: [PATCH 1/6] added fix and test for Notify parse --- src/ikev2_parser.rs | 38 ++++++++++++++++++++++++++++++++++++-- 1 file changed, 36 insertions(+), 2 deletions(-) diff --git a/src/ikev2_parser.rs b/src/ikev2_parser.rs index c1dd0a1..0fc1319 100644 --- a/src/ikev2_parser.rs +++ b/src/ikev2_parser.rs @@ -236,10 +236,10 @@ pub fn parse_ikev2_payload_notify(i: &[u8], length: u16) -> IResult<&[u8], IkeV2 let (i, notify_type) = map(be_u16, NotifyType)(i)?; let (i, spi) = cond(spi_size > 0, take(spi_size))(i)?; let (i, notify_data) = cond( - length > 8 + spi_size as u16, + length > 4 + spi_size as u16, // we have to specify a callback here to force lazy evaluation, // because the function arguments are evaluated *before* the test (causing underflow) - |d| take(length - (8 + spi_size as u16))(d), + |d| take(length - (4 + spi_size as u16))(d), )(i)?; let payload = NotifyPayload { protocol_id, @@ -597,4 +597,38 @@ static IKEV2_PAYLOAD_SA: &[u8] = &[ let res = parse_ikev2_payload_list(bytes, IkePayloadType::SecurityAssociation); println!("{:?}", res); } + + static NOTFIY_UNSUPPORTED_CRITICAL_PAYLOAD: ([u8; 9], IkeV2PayloadContent) = ( + [ + 0x00, //Next Payload: u8 + 0x00, //C + Reserved + 0x00, 0x09, // Payload_length: u16 + 0x00, //Protocol ID + 0x00, //Spi Size + 0x00, 0x01, // Notify Message Type: Unsupported Critical Payload = 1: u16 + 0xFF, //Payload data + ], + IkeV2PayloadContent::Notify(NotifyPayload { + protocol_id: ProtocolID(0), + spi_size: 0, + notify_type: NotifyType::UNSUPPORTED_CRITICAL_PAYLOAD, + spi: None, + notify_data: Some(&[0xFFu8]), + }), + ); + + #[test] + fn test_parse_notify() { + let (input, expected) = &NOTFIY_UNSUPPORTED_CRITICAL_PAYLOAD; + let res = parse_ikev2_payload_list(input, IkePayloadType::Notify); + let (rem, payloads) = res.unwrap(); + assert!(rem.is_empty()); + let mut payloads = payloads.unwrap(); + assert_eq!(payloads.len(), 2); + if let Some(payload) = payloads.pop() { + assert_eq!(payload.content, *expected) + } else { + panic!("Expected Notify"); + } + } } From 14304387c742dd2eb14afda9e7285632401190af Mon Sep 17 00:00:00 2001 From: Jason Scatena Date: Mon, 7 Aug 2023 14:45:06 -0400 Subject: [PATCH 2/6] delete payload fix and test --- src/ikev2_parser.rs | 44 +++++++++++++++++++++++++++++++++++++------- 1 file changed, 37 insertions(+), 7 deletions(-) diff --git a/src/ikev2_parser.rs b/src/ikev2_parser.rs index 0fc1319..c50af21 100644 --- a/src/ikev2_parser.rs +++ b/src/ikev2_parser.rs @@ -263,13 +263,13 @@ pub fn parse_ikev2_payload_vendor_id(i: &[u8], length: u16) -> IResult<&[u8], Ik } pub fn parse_ikev2_payload_delete(i: &[u8], length: u16) -> IResult<&[u8], IkeV2PayloadContent> { - if length < 8 { + if length < 4 { return Err(Err::Error(make_error(i, ErrorKind::Verify))); } let (i, protocol_id) = map(be_u8, ProtocolID)(i)?; let (i, spi_size) = be_u8(i)?; let (i, num_spi) = be_u16(i)?; - let (i, spi) = take(length - 8)(i)?; + let (i, spi) = take(length - 4)(i)?; let payload = DeletePayload { protocol_id, spi_size, @@ -600,6 +600,7 @@ static IKEV2_PAYLOAD_SA: &[u8] = &[ static NOTFIY_UNSUPPORTED_CRITICAL_PAYLOAD: ([u8; 9], IkeV2PayloadContent) = ( [ + // Hand crafted based on 0x00, //Next Payload: u8 0x00, //C + Reserved 0x00, 0x09, // Payload_length: u16 @@ -625,10 +626,39 @@ static IKEV2_PAYLOAD_SA: &[u8] = &[ assert!(rem.is_empty()); let mut payloads = payloads.unwrap(); assert_eq!(payloads.len(), 2); - if let Some(payload) = payloads.pop() { - assert_eq!(payload.content, *expected) - } else { - panic!("Expected Notify"); - } + let payload = payloads.pop().unwrap(); + assert_eq!(payload.content, *expected); + } + + static DELETE_IKE_SA: ([u8; 8], IkeV2PayloadContent) = { + ( + [ + // Hand crafted based on + 0x00, //Next Payload: u8 + 0x00, //C + Reserved + 0x00, 0x08, // Payload_length: u16 + 0x01, //Protocol ID + 0x00, //Spi Size + 0x00, 0x00, //Number of SPIs: u16 + ], + IkeV2PayloadContent::Delete(DeletePayload { + protocol_id: ProtocolID::IKE, + spi_size: 0, + num_spi: 0, + spi: &[], + }), + ) + }; + + #[test] + fn test_parse_delete() { + let (input, expected) = &DELETE_IKE_SA; + let res = parse_ikev2_payload_list(input, IkePayloadType::Delete); + let (rem, payloads) = res.unwrap(); + assert!(rem.is_empty()); + let mut payloads = payloads.unwrap(); + assert_eq!(payloads.len(), 2); + let payload = payloads.pop().unwrap(); + assert_eq!(payload.content, *expected); } } From 8b7b8363666f9bf9f99204e65c6d450e467bc8a2 Mon Sep 17 00:00:00 2001 From: Jason Scatena Date: Mon, 7 Aug 2023 15:17:55 -0400 Subject: [PATCH 3/6] added vendor_id fix and test --- src/ikev2_parser.rs | 31 +++++++++++++++++++++++++++++-- 1 file changed, 29 insertions(+), 2 deletions(-) diff --git a/src/ikev2_parser.rs b/src/ikev2_parser.rs index c50af21..540e233 100644 --- a/src/ikev2_parser.rs +++ b/src/ikev2_parser.rs @@ -252,10 +252,10 @@ pub fn parse_ikev2_payload_notify(i: &[u8], length: u16) -> IResult<&[u8], IkeV2 } pub fn parse_ikev2_payload_vendor_id(i: &[u8], length: u16) -> IResult<&[u8], IkeV2PayloadContent> { - if length < 8 { + if length < 1 { return Err(Err::Error(make_error(i, ErrorKind::Verify))); } - let (i, vendor_id) = take(length - 8)(i)?; + let (i, vendor_id) = take(length)(i)?; Ok(( i, IkeV2PayloadContent::VendorID(VendorIDPayload { vendor_id }), @@ -661,4 +661,31 @@ static IKEV2_PAYLOAD_SA: &[u8] = &[ let payload = payloads.pop().unwrap(); assert_eq!(payload.content, *expected); } + + static VENDOR_ID: ([u8; 11], IkeV2PayloadContent) = { + ( + [ + // Hand crafted based on + 0x00, //Next Payload: u8 + 0x00, //C + Reserved + 0x00, 0x0b, // Payload_length: u16 + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + ], + IkeV2PayloadContent::VendorID(VendorIDPayload { + vendor_id: &[0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07], + }), + ) + }; + + #[test] + fn test_parse_vendor_id() { + let (input, expected) = &VENDOR_ID; + let res = parse_ikev2_payload_list(input, IkePayloadType::VendorID); + let (rem, payloads) = res.unwrap(); + assert!(rem.is_empty()); + let mut payloads = payloads.unwrap(); + assert_eq!(payloads.len(), 2); + let payload = payloads.pop().unwrap(); + assert_eq!(payload.content, *expected); + } } From df68053e9de45aa5246cff0c7083d3a219e0ec96 Mon Sep 17 00:00:00 2001 From: Jason Scatena Date: Wed, 9 Aug 2023 09:24:54 -0400 Subject: [PATCH 4/6] address clippy lint --- src/ikev2_parser.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/ikev2_parser.rs b/src/ikev2_parser.rs index 540e233..f37d157 100644 --- a/src/ikev2_parser.rs +++ b/src/ikev2_parser.rs @@ -423,7 +423,7 @@ pub fn parse_ikev2_payload_list( content: IkeV2PayloadContent::Dummy, }]); #[allow(clippy::clone_double_ref)] - let mut i = i.clone(); + let mut i = i; loop { if i.is_empty() { break; From 37540ffa519a336cc7f0354e920a52180c711671 Mon Sep 17 00:00:00 2001 From: Jason Scatena Date: Wed, 9 Aug 2023 10:10:00 -0400 Subject: [PATCH 5/6] clippy lint 2 --- src/ikev2_parser.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/ikev2_parser.rs b/src/ikev2_parser.rs index f37d157..00be0b4 100644 --- a/src/ikev2_parser.rs +++ b/src/ikev2_parser.rs @@ -422,7 +422,7 @@ pub fn parse_ikev2_payload_list( }, content: IkeV2PayloadContent::Dummy, }]); - #[allow(clippy::clone_double_ref)] + #[allow(suspicious_double_ref_op)] let mut i = i; loop { if i.is_empty() { From 1c2e3db314e8b531abb463ff82076afe1fb9e663 Mon Sep 17 00:00:00 2001 From: Jason Scatena Date: Wed, 9 Aug 2023 11:20:02 -0400 Subject: [PATCH 6/6] unit test values are behind static refs --- src/ikev2_parser.rs | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/src/ikev2_parser.rs b/src/ikev2_parser.rs index 00be0b4..60799d6 100644 --- a/src/ikev2_parser.rs +++ b/src/ikev2_parser.rs @@ -598,8 +598,8 @@ static IKEV2_PAYLOAD_SA: &[u8] = &[ println!("{:?}", res); } - static NOTFIY_UNSUPPORTED_CRITICAL_PAYLOAD: ([u8; 9], IkeV2PayloadContent) = ( - [ + static NOTFIY_UNSUPPORTED_CRITICAL_PAYLOAD: (&[u8], &IkeV2PayloadContent) = ( + &[ // Hand crafted based on 0x00, //Next Payload: u8 0x00, //C + Reserved @@ -609,7 +609,7 @@ static IKEV2_PAYLOAD_SA: &[u8] = &[ 0x00, 0x01, // Notify Message Type: Unsupported Critical Payload = 1: u16 0xFF, //Payload data ], - IkeV2PayloadContent::Notify(NotifyPayload { + &IkeV2PayloadContent::Notify(NotifyPayload { protocol_id: ProtocolID(0), spi_size: 0, notify_type: NotifyType::UNSUPPORTED_CRITICAL_PAYLOAD, @@ -620,7 +620,7 @@ static IKEV2_PAYLOAD_SA: &[u8] = &[ #[test] fn test_parse_notify() { - let (input, expected) = &NOTFIY_UNSUPPORTED_CRITICAL_PAYLOAD; + let (input, expected) = NOTFIY_UNSUPPORTED_CRITICAL_PAYLOAD; let res = parse_ikev2_payload_list(input, IkePayloadType::Notify); let (rem, payloads) = res.unwrap(); assert!(rem.is_empty()); @@ -630,9 +630,9 @@ static IKEV2_PAYLOAD_SA: &[u8] = &[ assert_eq!(payload.content, *expected); } - static DELETE_IKE_SA: ([u8; 8], IkeV2PayloadContent) = { + static DELETE_IKE_SA: (&[u8], &IkeV2PayloadContent) = { ( - [ + &[ // Hand crafted based on 0x00, //Next Payload: u8 0x00, //C + Reserved @@ -641,7 +641,7 @@ static IKEV2_PAYLOAD_SA: &[u8] = &[ 0x00, //Spi Size 0x00, 0x00, //Number of SPIs: u16 ], - IkeV2PayloadContent::Delete(DeletePayload { + &IkeV2PayloadContent::Delete(DeletePayload { protocol_id: ProtocolID::IKE, spi_size: 0, num_spi: 0, @@ -652,7 +652,7 @@ static IKEV2_PAYLOAD_SA: &[u8] = &[ #[test] fn test_parse_delete() { - let (input, expected) = &DELETE_IKE_SA; + let (input, expected) = DELETE_IKE_SA; let res = parse_ikev2_payload_list(input, IkePayloadType::Delete); let (rem, payloads) = res.unwrap(); assert!(rem.is_empty()); @@ -662,16 +662,16 @@ static IKEV2_PAYLOAD_SA: &[u8] = &[ assert_eq!(payload.content, *expected); } - static VENDOR_ID: ([u8; 11], IkeV2PayloadContent) = { + static VENDOR_ID: (&[u8], &IkeV2PayloadContent) = { ( - [ + &[ // Hand crafted based on 0x00, //Next Payload: u8 0x00, //C + Reserved 0x00, 0x0b, // Payload_length: u16 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, ], - IkeV2PayloadContent::VendorID(VendorIDPayload { + &IkeV2PayloadContent::VendorID(VendorIDPayload { vendor_id: &[0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07], }), ) @@ -679,7 +679,7 @@ static IKEV2_PAYLOAD_SA: &[u8] = &[ #[test] fn test_parse_vendor_id() { - let (input, expected) = &VENDOR_ID; + let (input, expected) = VENDOR_ID; let res = parse_ikev2_payload_list(input, IkePayloadType::VendorID); let (rem, payloads) = res.unwrap(); assert!(rem.is_empty());