Add emit to IPSec

src/wire/ipsec_ah.rs

@@ -9,6 +9,19 @@ pub struct Packet<T: AsRef<[u8]>> {
     buffer: T,
 }
 
+//     0                   1                   2                   3
+//     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+//   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+//   | Next Header   |  Payload Len  |          RESERVED             |
+//   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+//   |                 Security Parameters Index (SPI)               |
+//   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+//   |                    Sequence Number Field                      |
+//   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+//   |                                                               |
+//   +                Integrity Check Value-ICV (variable)           |
+//   |                                                               |
+//   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 mod field {
     #![allow(non_snake_case)]
 
@@ -121,6 +134,12 @@ impl<T: AsRef<[u8]> + AsMut<[u8]>> Packet<T> {
         data[field::PAYLOAD_LEN] = value
     }
 
+    /// Clear reserved field
+    fn clear_reserved(&mut self) {
+        let data = self.buffer.as_mut();
+        data[field::RESERVED].fill(0)
+    }
+
     /// Set security parameters index field
     fn set_security_parameters_index(&mut self, value: u32) {
         let data = self.buffer.as_mut();
@@ -143,8 +162,7 @@ impl<T: AsRef<[u8]> + AsMut<[u8]>> Packet<T> {
 }
 
 pub struct Repr<'a> {
-    next_header: u8,
-    payload_len: u8,
+    next_header: IpProtocol,
     security_parameters_index: u32,
     sequence_number: u32,
     integrity_check_value: &'a [u8],
@@ -154,13 +172,30 @@ impl<'a> Repr<'a> {
     /// Parse an IPSec Authentication Header packet and return a high-level representation,
     pub fn parse<T: AsRef<[u8]>>(packet: &Packet<&'a T>) -> Result<Repr<'a>> {
         Ok(Repr {
-            next_header: packet.next_header().into(),
-            payload_len: packet.payload_len(),
+            next_header: packet.next_header(),
             security_parameters_index: packet.security_parameters_index(),
             sequence_number: packet.sequence_number(),
             integrity_check_value: packet.integrity_check_value(),
         })
     }
+
+    /// Return the length of a packet that will be emitted from this high-level representation.
+    pub const fn buffer_len(&self) -> usize {
+        self.integrity_check_value.len() + field::SEQUENCE_NUMBER.end
+    }
+
+    /// Emit a high-level representation into an IPSec Authentication Header.
+    pub fn emit<T: AsRef<[u8]> + AsMut<[u8]> + ?Sized>(&self, packet: &mut Packet<&'a mut T>) {
+        packet.set_next_header(self.next_header);
+        
+        let payload_len = (field::SEQUENCE_NUMBER.end + self.integrity_check_value.len() - 2) / 4;
+        packet.set_payload_len(payload_len as u8);
+
+        packet.clear_reserved();
+        packet.set_security_parameters_index(self.security_parameters_index);
+        packet.set_sequence_number(self.sequence_number);
+        packet.integrity_check_value_mut().copy_from_slice(self.integrity_check_value);
+    }
 }
 
 // This sample can be used for test: https://www.cloudshark.org/captures/4d1561a5935f

src/wire/mod.rs

@@ -275,6 +275,9 @@ pub use self::dns::{
     Repr as DnsRepr, Type as DnsQueryType,
 };
 
+#[cfg(feature = "proto-ipsec-ah")]
+pub use self::ipsec_ah::{Packet as IPSecAuthHeaderPacket, Repr as IPSecAuthHeaderRepr};
+
 /// Parsing a packet failed.
 ///
 /// Either it is malformed, or it is not supported by smoltcp.