suricata
detect-tls-cert-fingerprint.c
Go to the documentation of this file.
1/* Copyright (C) 2019 Open Information Security Foundation
2 *
3 * You can copy, redistribute or modify this Program under the terms of
4 * the GNU General Public License version 2 as published by the Free
5 * Software Foundation.
6 *
7 * This program is distributed in the hope that it will be useful,
8 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 * GNU General Public License for more details.
11 *
12 * You should have received a copy of the GNU General Public License
13 * version 2 along with this program; if not, write to the Free Software
14 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15 * 02110-1301, USA.
16 */
17
18/**
19 * \file
20 *
21 * \author Mats Klepsland <mats.klepsland@gmail.com>
22 *
23 */
24
25#include "detect-engine-build.h"
26#include "app-layer-parser.h"
27/**
28 * \test Test that a signature containing tls_cert_fingerprint is correctly parsed
29 * and that the keyword is registered.
30 */
31static int DetectTlsFingerprintTest01(void)
32{
33 DetectEngineCtx *de_ctx = DetectEngineCtxInit();
34 FAIL_IF_NULL(de_ctx);
35 de_ctx->flags |= DE_QUIET;
36
37 Signature *s = DetectEngineAppendSig(de_ctx,
38 "alert tls any any -> any any "
39 "(msg:\"Testing tls.cert_fingerprint\"; "
40 "tls.cert_fingerprint; "
41 "content:\"11:22:33:44:55:66:77:88:99:00:11:22:33:44:55:66:77:88:99:00\"; "
42 "sid:1;)");
43 FAIL_IF_NULL(s);
44
45 /* sm should not be in the MATCH list */
46 SigMatch *sm = s->init_data->smlists[DETECT_SM_LIST_MATCH];
47 FAIL_IF_NOT_NULL(sm);
48
49 sm = DetectBufferGetFirstSigMatch(s, g_tls_cert_fingerprint_buffer_id);
50 FAIL_IF_NULL(sm);
51
52 FAIL_IF(sm->type != DETECT_CONTENT);
53 FAIL_IF_NOT_NULL(sm->next);
54
55 SigGroupCleanup(de_ctx);
56 DetectEngineCtxFree(de_ctx);
57
58 PASS;
59}
60
61/**
62 * \test Test matching for fingerprint of a certificate.
63 */
64static int DetectTlsFingerprintTest02(void)
65{
66 /* client hello */
67 uint8_t client_hello[] = {
68 0x16, 0x03, 0x01, 0x00, 0xc8, 0x01, 0x00, 0x00,
69 0xc4, 0x03, 0x03, 0xd6, 0x08, 0x5a, 0xa2, 0x86,
70 0x5b, 0x85, 0xd4, 0x40, 0xab, 0xbe, 0xc0, 0xbc,
71 0x41, 0xf2, 0x26, 0xf0, 0xfe, 0x21, 0xee, 0x8b,
72 0x4c, 0x7e, 0x07, 0xc8, 0xec, 0xd2, 0x00, 0x46,
73 0x4c, 0xeb, 0xb7, 0x00, 0x00, 0x16, 0xc0, 0x2b,
74 0xc0, 0x2f, 0xc0, 0x0a, 0xc0, 0x09, 0xc0, 0x13,
75 0xc0, 0x14, 0x00, 0x33, 0x00, 0x39, 0x00, 0x2f,
76 0x00, 0x35, 0x00, 0x0a, 0x01, 0x00, 0x00, 0x85,
77 0x00, 0x00, 0x00, 0x12, 0x00, 0x10, 0x00, 0x00,
78 0x0d, 0x77, 0x77, 0x77, 0x2e, 0x67, 0x6f, 0x6f,
79 0x67, 0x6c, 0x65, 0x2e, 0x6e, 0x6f, 0xff, 0x01,
80 0x00, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x08, 0x00,
81 0x06, 0x00, 0x17, 0x00, 0x18, 0x00, 0x19, 0x00,
82 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x23, 0x00,
83 0x00, 0x33, 0x74, 0x00, 0x00, 0x00, 0x10, 0x00,
84 0x29, 0x00, 0x27, 0x05, 0x68, 0x32, 0x2d, 0x31,
85 0x36, 0x05, 0x68, 0x32, 0x2d, 0x31, 0x35, 0x05,
86 0x68, 0x32, 0x2d, 0x31, 0x34, 0x02, 0x68, 0x32,
87 0x08, 0x73, 0x70, 0x64, 0x79, 0x2f, 0x33, 0x2e,
88 0x31, 0x08, 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31,
89 0x2e, 0x31, 0x00, 0x05, 0x00, 0x05, 0x01, 0x00,
90 0x00, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x16, 0x00,
91 0x14, 0x04, 0x01, 0x05, 0x01, 0x06, 0x01, 0x02,
92 0x01, 0x04, 0x03, 0x05, 0x03, 0x06, 0x03, 0x02,
93 0x03, 0x04, 0x02, 0x02, 0x02
94 };
95
96 /* server hello */
97 uint8_t server_hello[] = {
98 0x16, 0x03, 0x03, 0x00, 0x48, 0x02, 0x00, 0x00,
99 0x44, 0x03, 0x03, 0x57, 0x91, 0xb8, 0x63, 0xdd,
100 0xdb, 0xbb, 0x23, 0xcf, 0x0b, 0x43, 0x02, 0x1d,
101 0x46, 0x11, 0x27, 0x5c, 0x98, 0xcf, 0x67, 0xe1,
102 0x94, 0x3d, 0x62, 0x7d, 0x38, 0x48, 0x21, 0x23,
103 0xa5, 0x62, 0x31, 0x00, 0xc0, 0x2f, 0x00, 0x00,
104 0x1c, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x00,
105 0x00, 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x10,
106 0x00, 0x05, 0x00, 0x03, 0x02, 0x68, 0x32, 0x00,
107 0x0b, 0x00, 0x02, 0x01, 0x00
108 };
109
110 /* certificate */
111 uint8_t certificate[] = {
112 0x16, 0x03, 0x03, 0x04, 0x93, 0x0b, 0x00, 0x04,
113 0x8f, 0x00, 0x04, 0x8c, 0x00, 0x04, 0x89, 0x30,
114 0x82, 0x04, 0x85, 0x30, 0x82, 0x03, 0x6d, 0xa0,
115 0x03, 0x02, 0x01, 0x02, 0x02, 0x08, 0x5c, 0x19,
116 0xb7, 0xb1, 0x32, 0x3b, 0x1c, 0xa1, 0x30, 0x0d,
117 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
118 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x49, 0x31,
119 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06,
120 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11,
121 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0a, 0x47,
122 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x20, 0x49, 0x6e,
123 0x63, 0x31, 0x25, 0x30, 0x23, 0x06, 0x03, 0x55,
124 0x04, 0x03, 0x13, 0x1c, 0x47, 0x6f, 0x6f, 0x67,
125 0x6c, 0x65, 0x20, 0x49, 0x6e, 0x74, 0x65, 0x72,
126 0x6e, 0x65, 0x74, 0x20, 0x41, 0x75, 0x74, 0x68,
127 0x6f, 0x72, 0x69, 0x74, 0x79, 0x20, 0x47, 0x32,
128 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x36, 0x30, 0x37,
129 0x31, 0x33, 0x31, 0x33, 0x32, 0x34, 0x35, 0x32,
130 0x5a, 0x17, 0x0d, 0x31, 0x36, 0x31, 0x30, 0x30,
131 0x35, 0x31, 0x33, 0x31, 0x36, 0x30, 0x30, 0x5a,
132 0x30, 0x65, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03,
133 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31,
134 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08,
135 0x0c, 0x0a, 0x43, 0x61, 0x6c, 0x69, 0x66, 0x6f,
136 0x72, 0x6e, 0x69, 0x61, 0x31, 0x16, 0x30, 0x14,
137 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x0d, 0x4d,
138 0x6f, 0x75, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x20,
139 0x56, 0x69, 0x65, 0x77, 0x31, 0x13, 0x30, 0x11,
140 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0a, 0x47,
141 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x20, 0x49, 0x6e,
142 0x63, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55,
143 0x04, 0x03, 0x0c, 0x0b, 0x2a, 0x2e, 0x67, 0x6f,
144 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x6e, 0x6f, 0x30,
145 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a,
146 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
147 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30,
148 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00,
149 0xa5, 0x0a, 0xb9, 0xb1, 0xca, 0x36, 0xd1, 0xae,
150 0x22, 0x38, 0x07, 0x06, 0xc9, 0x1a, 0x56, 0x4f,
151 0xbb, 0xdf, 0xa8, 0x6d, 0xbd, 0xee, 0x76, 0x16,
152 0xbc, 0x53, 0x3c, 0x03, 0x6a, 0x5c, 0x94, 0x50,
153 0x87, 0x2f, 0x28, 0xb4, 0x4e, 0xd5, 0x9b, 0x8f,
154 0xfe, 0x02, 0xde, 0x2a, 0x83, 0x01, 0xf9, 0x45,
155 0x61, 0x0e, 0x66, 0x0e, 0x24, 0x22, 0xe2, 0x59,
156 0x66, 0x0d, 0xd3, 0xe9, 0x77, 0x8a, 0x7e, 0x42,
157 0xaa, 0x5a, 0xf9, 0x05, 0xbf, 0x30, 0xc7, 0x03,
158 0x2b, 0xdc, 0xa6, 0x9c, 0xe0, 0x9f, 0x0d, 0xf1,
159 0x28, 0x19, 0xf8, 0xf2, 0x02, 0xfa, 0xbd, 0x62,
160 0xa0, 0xf3, 0x02, 0x2b, 0xcd, 0xf7, 0x09, 0x04,
161 0x3b, 0x52, 0xd8, 0x65, 0x4b, 0x4a, 0x70, 0xe4,
162 0x57, 0xc9, 0x2e, 0x2a, 0xf6, 0x9c, 0x6e, 0xd8,
163 0xde, 0x01, 0x52, 0xc9, 0x6f, 0xe9, 0xef, 0x82,
164 0xbc, 0x0b, 0x95, 0xb2, 0xef, 0xcb, 0x91, 0xa6,
165 0x0b, 0x2d, 0x14, 0xc6, 0x00, 0xa9, 0x33, 0x86,
166 0x64, 0x00, 0xd4, 0x92, 0x19, 0x53, 0x3d, 0xfd,
167 0xcd, 0xc6, 0x1a, 0xf2, 0x0e, 0x67, 0xc2, 0x1d,
168 0x2c, 0xe0, 0xe8, 0x29, 0x97, 0x1c, 0xb6, 0xc4,
169 0xb2, 0x02, 0x0c, 0x83, 0xb8, 0x60, 0x61, 0xf5,
170 0x61, 0x2d, 0x73, 0x5e, 0x85, 0x4d, 0xbd, 0x0d,
171 0xe7, 0x1a, 0x37, 0x56, 0x8d, 0xe5, 0x50, 0x0c,
172 0xc9, 0x64, 0x4c, 0x11, 0xea, 0xf3, 0xcb, 0x26,
173 0x34, 0xbd, 0x02, 0xf5, 0xc1, 0xfb, 0xa2, 0xec,
174 0x27, 0xbb, 0x60, 0xbe, 0x0b, 0xf6, 0xe7, 0x3c,
175 0x2d, 0xc9, 0xe7, 0xb0, 0x30, 0x28, 0x17, 0x3d,
176 0x90, 0xf1, 0x63, 0x8e, 0x49, 0xf7, 0x15, 0x78,
177 0x21, 0xcc, 0x45, 0xe6, 0x86, 0xb2, 0xd8, 0xb0,
178 0x2e, 0x5a, 0xb0, 0x58, 0xd3, 0xb6, 0x11, 0x40,
179 0xae, 0x81, 0x1f, 0x6b, 0x7a, 0xaf, 0x40, 0x50,
180 0xf9, 0x2e, 0x81, 0x8b, 0xec, 0x26, 0x11, 0x3f,
181 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01,
182 0x53, 0x30, 0x82, 0x01, 0x4f, 0x30, 0x1d, 0x06,
183 0x03, 0x55, 0x1d, 0x25, 0x04, 0x16, 0x30, 0x14,
184 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07,
185 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05,
186 0x05, 0x07, 0x03, 0x02, 0x30, 0x21, 0x06, 0x03,
187 0x55, 0x1d, 0x11, 0x04, 0x1a, 0x30, 0x18, 0x82,
188 0x0b, 0x2a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
189 0x65, 0x2e, 0x6e, 0x6f, 0x82, 0x09, 0x67, 0x6f,
190 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x6e, 0x6f, 0x30,
191 0x68, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05,
192 0x07, 0x01, 0x01, 0x04, 0x5c, 0x30, 0x5a, 0x30,
193 0x2b, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05,
194 0x07, 0x30, 0x02, 0x86, 0x1f, 0x68, 0x74, 0x74,
195 0x70, 0x3a, 0x2f, 0x2f, 0x70, 0x6b, 0x69, 0x2e,
196 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63,
197 0x6f, 0x6d, 0x2f, 0x47, 0x49, 0x41, 0x47, 0x32,
198 0x2e, 0x63, 0x72, 0x74, 0x30, 0x2b, 0x06, 0x08,
199 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01,
200 0x86, 0x1f, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f,
201 0x2f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x73,
202 0x31, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
203 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x63, 0x73,
204 0x70, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e,
205 0x04, 0x16, 0x04, 0x14, 0xc6, 0x53, 0x87, 0x42,
206 0x2d, 0xc8, 0xee, 0x7a, 0x62, 0x1e, 0x83, 0xdb,
207 0x0d, 0xe2, 0x32, 0xeb, 0x8b, 0xaf, 0x69, 0x40,
208 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01,
209 0x01, 0xff, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1f,
210 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30,
211 0x16, 0x80, 0x14, 0x4a, 0xdd, 0x06, 0x16, 0x1b,
212 0xbc, 0xf6, 0x68, 0xb5, 0x76, 0xf5, 0x81, 0xb6,
213 0xbb, 0x62, 0x1a, 0xba, 0x5a, 0x81, 0x2f, 0x30,
214 0x21, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x1a,
215 0x30, 0x18, 0x30, 0x0c, 0x06, 0x0a, 0x2b, 0x06,
216 0x01, 0x04, 0x01, 0xd6, 0x79, 0x02, 0x05, 0x01,
217 0x30, 0x08, 0x06, 0x06, 0x67, 0x81, 0x0c, 0x01,
218 0x02, 0x02, 0x30, 0x30, 0x06, 0x03, 0x55, 0x1d,
219 0x1f, 0x04, 0x29, 0x30, 0x27, 0x30, 0x25, 0xa0,
220 0x23, 0xa0, 0x21, 0x86, 0x1f, 0x68, 0x74, 0x74,
221 0x70, 0x3a, 0x2f, 0x2f, 0x70, 0x6b, 0x69, 0x2e,
222 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63,
223 0x6f, 0x6d, 0x2f, 0x47, 0x49, 0x41, 0x47, 0x32,
224 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x0d, 0x06, 0x09,
225 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
226 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00,
227 0x7b, 0x27, 0x00, 0x46, 0x8f, 0xfd, 0x5b, 0xff,
228 0xcb, 0x05, 0x9b, 0xf7, 0xf1, 0x68, 0xf6, 0x9a,
229 0x7b, 0xba, 0x53, 0xdf, 0x63, 0xed, 0x11, 0x94,
230 0x39, 0xf2, 0xd0, 0x20, 0xcd, 0xa3, 0xc4, 0x98,
231 0xa5, 0x10, 0x74, 0xe7, 0x10, 0x6d, 0x07, 0xf8,
232 0x33, 0x87, 0x05, 0x43, 0x0e, 0x64, 0x77, 0x09,
233 0x18, 0x4f, 0x38, 0x2e, 0x45, 0xae, 0xa8, 0x34,
234 0x3a, 0xa8, 0x33, 0xac, 0x9d, 0xdd, 0x25, 0x91,
235 0x59, 0x43, 0xbe, 0x0f, 0x87, 0x16, 0x2f, 0xb5,
236 0x27, 0xfd, 0xce, 0x2f, 0x35, 0x5d, 0x12, 0xa1,
237 0x66, 0xac, 0xf7, 0x95, 0x38, 0x0f, 0xe5, 0xb1,
238 0x18, 0x18, 0xe6, 0x80, 0x52, 0x31, 0x8a, 0x66,
239 0x02, 0x52, 0x1a, 0xa4, 0x32, 0x6a, 0x61, 0x05,
240 0xcf, 0x1d, 0xf9, 0x90, 0x73, 0xf0, 0xeb, 0x20,
241 0x31, 0x7b, 0x2e, 0xc0, 0xb0, 0xfb, 0x5c, 0xcc,
242 0xdc, 0x76, 0x55, 0x72, 0xaf, 0xb1, 0x05, 0xf4,
243 0xad, 0xf9, 0xd7, 0x73, 0x5c, 0x2c, 0xbf, 0x0d,
244 0x84, 0x18, 0x01, 0x1d, 0x4d, 0x08, 0xa9, 0x4e,
245 0x37, 0xb7, 0x58, 0xc4, 0x05, 0x0e, 0x65, 0x63,
246 0xd2, 0x88, 0x02, 0xf5, 0x82, 0x17, 0x08, 0xd5,
247 0x8f, 0x80, 0xc7, 0x82, 0x29, 0xbb, 0xe1, 0x04,
248 0xbe, 0xf6, 0xe1, 0x8c, 0xbc, 0x3a, 0xf8, 0xf9,
249 0x56, 0xda, 0xdc, 0x8e, 0xc6, 0xe6, 0x63, 0x98,
250 0x12, 0x08, 0x41, 0x2c, 0x9d, 0x7c, 0x82, 0x0d,
251 0x1e, 0xea, 0xba, 0xde, 0x32, 0x09, 0xda, 0x52,
252 0x24, 0x4f, 0xcc, 0xb6, 0x09, 0x33, 0x8b, 0x00,
253 0xf9, 0x83, 0xb3, 0xc6, 0xa4, 0x90, 0x49, 0x83,
254 0x2d, 0x36, 0xd9, 0x11, 0x78, 0xd0, 0x62, 0x9f,
255 0xc4, 0x8f, 0x84, 0xba, 0x7f, 0xaa, 0x04, 0xf1,
256 0xd9, 0xa4, 0xad, 0x5d, 0x63, 0xee, 0x72, 0xc6,
257 0x4d, 0xd1, 0x4b, 0x41, 0x8f, 0x40, 0x0f, 0x7d,
258 0xcd, 0xb8, 0x2e, 0x5b, 0x6e, 0x21, 0xc9, 0x3d
259 };
260
261 Flow f;
262 SSLState *ssl_state = NULL;
263 TcpSession ssn;
264 Packet *p1 = NULL;
265 Packet *p2 = NULL;
266 Packet *p3 = NULL;
267 ThreadVars tv;
268 DetectEngineThreadCtx *det_ctx = NULL;
269 AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc();
270
271 memset(&tv, 0, sizeof(ThreadVars));
272 memset(&f, 0, sizeof(Flow));
273 memset(&ssn, 0, sizeof(TcpSession));
274
275 p1 = UTHBuildPacketReal(client_hello, sizeof(client_hello), IPPROTO_TCP,
276 "192.168.1.5", "192.168.1.1", 51251, 443);
277 p2 = UTHBuildPacketReal(server_hello, sizeof(server_hello), IPPROTO_TCP,
278 "192.168.1.1", "192.168.1.5", 443, 51251);
279 p3 = UTHBuildPacketReal(certificate, sizeof(certificate), IPPROTO_TCP,
280 "192.168.1.1", "192.168.1.5", 443, 51251);
281
282 FLOW_INITIALIZE(&f);
283 f.flags |= FLOW_IPV4;
284 f.proto = IPPROTO_TCP;
285 f.protomap = FlowGetProtoMapping(f.proto);
286 f.alproto = ALPROTO_TLS;
287
288 p1->flow = &f;
289 p1->flags |= PKT_HAS_FLOW | PKT_STREAM_EST;
290 p1->flowflags |= FLOW_PKT_TOSERVER;
291 p1->flowflags |= FLOW_PKT_ESTABLISHED;
292 p1->pcap_cnt = 1;
293
294 p2->flow = &f;
295 p2->flags |= PKT_HAS_FLOW | PKT_STREAM_EST;
296 p2->flowflags |= FLOW_PKT_TOCLIENT;
297 p2->flowflags |= FLOW_PKT_ESTABLISHED;
298 p2->pcap_cnt = 2;
299
300 p3->flow = &f;
301 p3->flags |= PKT_HAS_FLOW | PKT_STREAM_EST;
302 p3->flowflags |= FLOW_PKT_TOCLIENT;
303 p3->flowflags |= FLOW_PKT_ESTABLISHED;
304 p3->pcap_cnt = 3;
305
306 StreamTcpInitConfig(true);
307
308 DetectEngineCtx *de_ctx = DetectEngineCtxInit();
309 FAIL_IF_NULL(de_ctx);
310
311 de_ctx->mpm_matcher = mpm_default_matcher;
312 de_ctx->flags |= DE_QUIET;
313
314 Signature *s = DetectEngineAppendSig(de_ctx, "alert tls any any -> any any "
315 "(msg:\"Test tls.cert_fingerprint\"; "
316 "tls.cert_fingerprint; "
317 "content:\"4a:a3:66:76:82:cb:6b:23:bb:c3:58:47:23:a4:63:a7:78:a4:a1:18\"; "
318 "sid:1;)");
319 FAIL_IF_NULL(s);
320
321 SigGroupBuild(de_ctx);
322 DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
323
324 int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS,
325 STREAM_TOSERVER, client_hello,
326 sizeof(client_hello));
327
328 FAIL_IF(r != 0);
329
330 ssl_state = f.alstate;
331 FAIL_IF_NULL(ssl_state);
332
333 SigMatchSignatures(&tv, de_ctx, det_ctx, p1);
334
335 FAIL_IF(PacketAlertCheck(p1, 1));
336
337 r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, STREAM_TOCLIENT,
338 server_hello, sizeof(server_hello));
339
340 FAIL_IF(r != 0);
341
342 SigMatchSignatures(&tv, de_ctx, det_ctx, p2);
343
344 FAIL_IF(PacketAlertCheck(p2, 1));
345
346 r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, STREAM_TOCLIENT,
347 certificate, sizeof(certificate));
348
349 FAIL_IF(r != 0);
350
351 SigMatchSignatures(&tv, de_ctx, det_ctx, p3);
352
353 FAIL_IF_NOT(PacketAlertCheck(p3, 1));
354
355 AppLayerParserThreadCtxFree(alp_tctx);
356 DetectEngineThreadCtxDeinit(&tv, det_ctx);
357 SigGroupCleanup(de_ctx);
358 DetectEngineCtxFree(de_ctx);
359 StreamTcpFreeConfig(true);
360 FLOW_DESTROY(&f);
361 UTHFreePacket(p1);
362 UTHFreePacket(p2);
363 UTHFreePacket(p3);
364
365 PASS;
366}
367
368static void DetectTlsFingerprintRegisterTests(void)
369{
370 UtRegisterTest("DetectTlsFingerprintTest01", DetectTlsFingerprintTest01);
371 UtRegisterTest("DetectTlsFingerprintTest02", DetectTlsFingerprintTest02);
372}
AppLayerParserThreadCtxAlloc
AppLayerParserThreadCtx * AppLayerParserThreadCtxAlloc(void)
Gets a new app layer protocol's parser thread context.
Definition app-layer-parser.c:297
AppLayerParserThreadCtxFree
void AppLayerParserThreadCtxFree(AppLayerParserThreadCtx *tctx)
Destroys the app layer parser thread context obtained using AppLayerParserThreadCtxAlloc().
Definition app-layer-parser.c:324
AppLayerParserParse
int AppLayerParserParse(ThreadVars *tv, AppLayerParserThreadCtx *alp_tctx, Flow *f, AppProto alproto, uint8_t flags, const uint8_t *input, uint32_t input_len)
Definition app-layer-parser.c:1291
ALPROTO_TLS
@ ALPROTO_TLS
Definition app-layer-protos.h:39
PKT_HAS_FLOW
#define PKT_HAS_FLOW
Definition decode.h:1266
PKT_STREAM_EST
#define PKT_STREAM_EST
Definition decode.h:1262
PacketAlertCheck
int PacketAlertCheck(Packet *p, uint32_t sid)
Check if a certain sid alerted, this is used in the test functions.
Definition detect-engine-alert.c:142
DetectBufferGetFirstSigMatch
SigMatch * DetectBufferGetFirstSigMatch(const Signature *s, const uint32_t buf_id)
Definition detect-engine-buffer.c:157
SigGroupBuild
int SigGroupBuild(DetectEngineCtx *de_ctx)
Convert the signature list into the runtime match structure.
Definition detect-engine-build.c:2204
SigGroupCleanup
int SigGroupCleanup(DetectEngineCtx *de_ctx)
Definition detect-engine-build.c:2275
DetectEngineCtxInit
DetectEngineCtx * DetectEngineCtxInit(void)
Definition detect-engine.c:2602
DetectEngineCtxFree
void DetectEngineCtxFree(DetectEngineCtx *)
Free a DetectEngineCtx::
Definition detect-engine.c:2641
DetectEngineAppendSig
Signature * DetectEngineAppendSig(DetectEngineCtx *, const char *)
Parse and append a Signature into the Detection Engine Context signature list.
Definition detect-parse.c:3437
DetectEngineThreadCtxInit
TmEcode DetectEngineThreadCtxInit(ThreadVars *tv, void *initdata, void **data)
initialize thread specific detection engine context
Definition detect-engine.c:3372
DetectEngineThreadCtxDeinit
TmEcode DetectEngineThreadCtxDeinit(ThreadVars *tv, void *data)
Definition detect-engine.c:3608
SigMatchSignatures
void SigMatchSignatures(ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, Packet *p)
wrapper for old tests
Definition detect.c:2420
DE_QUIET
#define DE_QUIET
Definition detect.h:330
DETECT_SM_LIST_MATCH
@ DETECT_SM_LIST_MATCH
Definition detect.h:117
FlowGetProtoMapping
uint8_t FlowGetProtoMapping(uint8_t proto)
Function to map the protocol to the defined FLOW_PROTO_* enumeration.
Definition flow-util.c:99
FLOW_INITIALIZE
#define FLOW_INITIALIZE(f)
Definition flow-util.h:38
FLOW_DESTROY
#define FLOW_DESTROY(f)
Definition flow-util.h:119
FLOW_PKT_TOSERVER
#define FLOW_PKT_TOSERVER
Definition flow.h:233
FLOW_PKT_ESTABLISHED
#define FLOW_PKT_ESTABLISHED
Definition flow.h:235
FLOW_IPV4
#define FLOW_IPV4
Definition flow.h:100
FLOW_PKT_TOCLIENT
#define FLOW_PKT_TOCLIENT
Definition flow.h:234
alp_tctx
AppLayerParserThreadCtx * alp_tctx
Definition fuzz_applayerparserparse.c:23
tv
ThreadVars * tv
Definition fuzz_decodepcapfile.c:32
de_ctx
DetectEngineCtx * de_ctx
Definition fuzz_siginit.c:18
FAIL_IF_NULL
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
Definition util-unittest.h:89
UtRegisterTest
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
Definition util-unittest.c:103
FAIL_IF_NOT
#define FAIL_IF_NOT(expr)
Fail a test if expression evaluates to false.
Definition util-unittest.h:82
PASS
#define PASS
Pass the test.
Definition util-unittest.h:105
FAIL_IF
#define FAIL_IF(expr)
Fail a test if expression evaluates to true.
Definition util-unittest.h:71
FAIL_IF_NOT_NULL
#define FAIL_IF_NOT_NULL(expr)
Fail a test if expression evaluates to non-NULL.
Definition util-unittest.h:96
StreamTcpFreeConfig
void StreamTcpFreeConfig(bool quiet)
Definition stream-tcp.c:859
StreamTcpInitConfig
void StreamTcpInitConfig(bool)
To initialize the stream global configuration data.
Definition stream-tcp.c:488
AppLayerParserThreadCtx_
Definition app-layer-parser.c:60
DetectEngineCtx_
main detection engine ctx
Definition detect.h:932
DetectEngineCtx_::mpm_matcher
uint8_t mpm_matcher
Definition detect.h:935
DetectEngineCtx_::flags
uint8_t flags
Definition detect.h:934
DetectEngineThreadCtx_
Definition detect.h:1244
Flow_
Flow data structure.
Definition flow.h:356
Flow_::proto
uint8_t proto
Definition flow.h:378
Flow_::flags
uint32_t flags
Definition flow.h:421
Flow_::alproto
AppProto alproto
application level protocol
Definition flow.h:450
Flow_::alstate
void * alstate
Definition flow.h:479
Flow_::protomap
uint8_t protomap
Definition flow.h:445
Packet_
Definition decode.h:501
Packet_::flowflags
uint8_t flowflags
Definition decode.h:532
Packet_::pcap_cnt
uint64_t pcap_cnt
Definition decode.h:626
Packet_::flow
struct Flow_ * flow
Definition decode.h:546
Packet_::flags
uint32_t flags
Definition decode.h:544
SSLState_
SSLv[2.0|3.[0|1|2|3]] state structure.
Definition app-layer-ssl.h:227
SigMatch_
a single match condition for a signature
Definition detect.h:356
SigMatch_::type
uint16_t type
Definition detect.h:357
SigMatch_::next
struct SigMatch_ * next
Definition detect.h:360
SignatureInitData_::smlists
struct SigMatch_ * smlists[DETECT_SM_LIST_MAX]
Definition detect.h:642
Signature_
Signature container.
Definition detect.h:668
Signature_::init_data
SignatureInitData * init_data
Definition detect.h:747
TcpSession_
Definition stream-tcp-private.h:283
ThreadVars_
Per thread variable structure.
Definition threadvars.h:58
mpm_default_matcher
uint8_t mpm_default_matcher
Definition util-mpm.c:48
UTHBuildPacketReal
Packet * UTHBuildPacketReal(uint8_t *payload, uint16_t payload_len, uint8_t ipproto, const char *src, const char *dst, uint16_t sport, uint16_t dport)
UTHBuildPacketReal is a function that create tcp/udp packets for unittests specifying ip and port sou...
Definition util-unittest-helper.c:260
UTHFreePacket
void UTHFreePacket(Packet *p)
UTHFreePacket: function to release the allocated data from UTHBuildPacket and the packet itself.
Definition util-unittest-helper.c:473