suricata
detect-tls-cert-serial.c
Go to the documentation of this file.
1/* Copyright (C) 2019 Open Information Security Foundation
2 *
3 * You can copy, redistribute or modify this Program under the terms of
4 * the GNU General Public License version 2 as published by the Free
5 * Software Foundation.
6 *
7 * This program is distributed in the hope that it will be useful,
8 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 * GNU General Public License for more details.
11 *
12 * You should have received a copy of the GNU General Public License
13 * version 2 along with this program; if not, write to the Free Software
14 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15 * 02110-1301, USA.
16 */
17
18/**
19 * \file
20 *
21 * \author Mats Klepsland <mats.klepsland@gmail.com>
22 *
23 */
24
25#include "detect-engine-build.h"
26#include "detect-engine-alert.h"
27#include "app-layer-parser.h"
28
29/**
30 * \test Test that a signature containing tls.cert_serial is correctly parsed
31 * and that the keyword is registered.
32 */
33static int DetectTlsSerialTest01(void)
34{
35 DetectEngineCtx *de_ctx = DetectEngineCtxInit();
36 FAIL_IF_NULL(de_ctx);
37 de_ctx->flags |= DE_QUIET;
38
39 Signature *s = DetectEngineAppendSig(de_ctx, "alert tls any any -> any any "
40 "(msg:\"Testing tls.cert_serial\"; "
41 "tls.cert_serial; content:\"XX:XX:XX\"; sid:1;)");
42 FAIL_IF_NULL(s);
43
44 /* sm should not be in the MATCH list */
45 SigMatch *sm = s->init_data->smlists[DETECT_SM_LIST_MATCH];
46 FAIL_IF_NOT_NULL(sm);
47
48 sm = DetectBufferGetFirstSigMatch(s, g_tls_cert_serial_buffer_id);
49 FAIL_IF_NULL(sm);
50
51 FAIL_IF(sm->type != DETECT_CONTENT);
52 FAIL_IF_NOT_NULL(sm->next);
53
54 DetectEngineCtxFree(de_ctx);
55 PASS;
56}
57
58/**
59 * \test Test matching for serial in a certificate.
60 */
61static int DetectTlsSerialTest02(void)
62{
63 /* client hello */
64 uint8_t client_hello[] = {
65 0x16, 0x03, 0x01, 0x00, 0xc8, 0x01, 0x00, 0x00,
66 0xc4, 0x03, 0x03, 0xd6, 0x08, 0x5a, 0xa2, 0x86,
67 0x5b, 0x85, 0xd4, 0x40, 0xab, 0xbe, 0xc0, 0xbc,
68 0x41, 0xf2, 0x26, 0xf0, 0xfe, 0x21, 0xee, 0x8b,
69 0x4c, 0x7e, 0x07, 0xc8, 0xec, 0xd2, 0x00, 0x46,
70 0x4c, 0xeb, 0xb7, 0x00, 0x00, 0x16, 0xc0, 0x2b,
71 0xc0, 0x2f, 0xc0, 0x0a, 0xc0, 0x09, 0xc0, 0x13,
72 0xc0, 0x14, 0x00, 0x33, 0x00, 0x39, 0x00, 0x2f,
73 0x00, 0x35, 0x00, 0x0a, 0x01, 0x00, 0x00, 0x85,
74 0x00, 0x00, 0x00, 0x12, 0x00, 0x10, 0x00, 0x00,
75 0x0d, 0x77, 0x77, 0x77, 0x2e, 0x67, 0x6f, 0x6f,
76 0x67, 0x6c, 0x65, 0x2e, 0x6e, 0x6f, 0xff, 0x01,
77 0x00, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x08, 0x00,
78 0x06, 0x00, 0x17, 0x00, 0x18, 0x00, 0x19, 0x00,
79 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x23, 0x00,
80 0x00, 0x33, 0x74, 0x00, 0x00, 0x00, 0x10, 0x00,
81 0x29, 0x00, 0x27, 0x05, 0x68, 0x32, 0x2d, 0x31,
82 0x36, 0x05, 0x68, 0x32, 0x2d, 0x31, 0x35, 0x05,
83 0x68, 0x32, 0x2d, 0x31, 0x34, 0x02, 0x68, 0x32,
84 0x08, 0x73, 0x70, 0x64, 0x79, 0x2f, 0x33, 0x2e,
85 0x31, 0x08, 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31,
86 0x2e, 0x31, 0x00, 0x05, 0x00, 0x05, 0x01, 0x00,
87 0x00, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x16, 0x00,
88 0x14, 0x04, 0x01, 0x05, 0x01, 0x06, 0x01, 0x02,
89 0x01, 0x04, 0x03, 0x05, 0x03, 0x06, 0x03, 0x02,
90 0x03, 0x04, 0x02, 0x02, 0x02
91 };
92
93 /* server hello */
94 uint8_t server_hello[] = {
95 0x16, 0x03, 0x03, 0x00, 0x48, 0x02, 0x00, 0x00,
96 0x44, 0x03, 0x03, 0x57, 0x91, 0xb8, 0x63, 0xdd,
97 0xdb, 0xbb, 0x23, 0xcf, 0x0b, 0x43, 0x02, 0x1d,
98 0x46, 0x11, 0x27, 0x5c, 0x98, 0xcf, 0x67, 0xe1,
99 0x94, 0x3d, 0x62, 0x7d, 0x38, 0x48, 0x21, 0x23,
100 0xa5, 0x62, 0x31, 0x00, 0xc0, 0x2f, 0x00, 0x00,
101 0x1c, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x00,
102 0x00, 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x10,
103 0x00, 0x05, 0x00, 0x03, 0x02, 0x68, 0x32, 0x00,
104 0x0b, 0x00, 0x02, 0x01, 0x00
105 };
106
107 /* certificate */
108 uint8_t certificate[] = {
109 0x16, 0x03, 0x03, 0x04, 0x93, 0x0b, 0x00, 0x04,
110 0x8f, 0x00, 0x04, 0x8c, 0x00, 0x04, 0x89, 0x30,
111 0x82, 0x04, 0x85, 0x30, 0x82, 0x03, 0x6d, 0xa0,
112 0x03, 0x02, 0x01, 0x02, 0x02, 0x08, 0x5c, 0x19,
113 0xb7, 0xb1, 0x32, 0x3b, 0x1c, 0xa1, 0x30, 0x0d,
114 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
115 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x49, 0x31,
116 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06,
117 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11,
118 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0a, 0x47,
119 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x20, 0x49, 0x6e,
120 0x63, 0x31, 0x25, 0x30, 0x23, 0x06, 0x03, 0x55,
121 0x04, 0x03, 0x13, 0x1c, 0x47, 0x6f, 0x6f, 0x67,
122 0x6c, 0x65, 0x20, 0x49, 0x6e, 0x74, 0x65, 0x72,
123 0x6e, 0x65, 0x74, 0x20, 0x41, 0x75, 0x74, 0x68,
124 0x6f, 0x72, 0x69, 0x74, 0x79, 0x20, 0x47, 0x32,
125 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x36, 0x30, 0x37,
126 0x31, 0x33, 0x31, 0x33, 0x32, 0x34, 0x35, 0x32,
127 0x5a, 0x17, 0x0d, 0x31, 0x36, 0x31, 0x30, 0x30,
128 0x35, 0x31, 0x33, 0x31, 0x36, 0x30, 0x30, 0x5a,
129 0x30, 0x65, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03,
130 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31,
131 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08,
132 0x0c, 0x0a, 0x43, 0x61, 0x6c, 0x69, 0x66, 0x6f,
133 0x72, 0x6e, 0x69, 0x61, 0x31, 0x16, 0x30, 0x14,
134 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x0d, 0x4d,
135 0x6f, 0x75, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x20,
136 0x56, 0x69, 0x65, 0x77, 0x31, 0x13, 0x30, 0x11,
137 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0a, 0x47,
138 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x20, 0x49, 0x6e,
139 0x63, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55,
140 0x04, 0x03, 0x0c, 0x0b, 0x2a, 0x2e, 0x67, 0x6f,
141 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x6e, 0x6f, 0x30,
142 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a,
143 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
144 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30,
145 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00,
146 0xa5, 0x0a, 0xb9, 0xb1, 0xca, 0x36, 0xd1, 0xae,
147 0x22, 0x38, 0x07, 0x06, 0xc9, 0x1a, 0x56, 0x4f,
148 0xbb, 0xdf, 0xa8, 0x6d, 0xbd, 0xee, 0x76, 0x16,
149 0xbc, 0x53, 0x3c, 0x03, 0x6a, 0x5c, 0x94, 0x50,
150 0x87, 0x2f, 0x28, 0xb4, 0x4e, 0xd5, 0x9b, 0x8f,
151 0xfe, 0x02, 0xde, 0x2a, 0x83, 0x01, 0xf9, 0x45,
152 0x61, 0x0e, 0x66, 0x0e, 0x24, 0x22, 0xe2, 0x59,
153 0x66, 0x0d, 0xd3, 0xe9, 0x77, 0x8a, 0x7e, 0x42,
154 0xaa, 0x5a, 0xf9, 0x05, 0xbf, 0x30, 0xc7, 0x03,
155 0x2b, 0xdc, 0xa6, 0x9c, 0xe0, 0x9f, 0x0d, 0xf1,
156 0x28, 0x19, 0xf8, 0xf2, 0x02, 0xfa, 0xbd, 0x62,
157 0xa0, 0xf3, 0x02, 0x2b, 0xcd, 0xf7, 0x09, 0x04,
158 0x3b, 0x52, 0xd8, 0x65, 0x4b, 0x4a, 0x70, 0xe4,
159 0x57, 0xc9, 0x2e, 0x2a, 0xf6, 0x9c, 0x6e, 0xd8,
160 0xde, 0x01, 0x52, 0xc9, 0x6f, 0xe9, 0xef, 0x82,
161 0xbc, 0x0b, 0x95, 0xb2, 0xef, 0xcb, 0x91, 0xa6,
162 0x0b, 0x2d, 0x14, 0xc6, 0x00, 0xa9, 0x33, 0x86,
163 0x64, 0x00, 0xd4, 0x92, 0x19, 0x53, 0x3d, 0xfd,
164 0xcd, 0xc6, 0x1a, 0xf2, 0x0e, 0x67, 0xc2, 0x1d,
165 0x2c, 0xe0, 0xe8, 0x29, 0x97, 0x1c, 0xb6, 0xc4,
166 0xb2, 0x02, 0x0c, 0x83, 0xb8, 0x60, 0x61, 0xf5,
167 0x61, 0x2d, 0x73, 0x5e, 0x85, 0x4d, 0xbd, 0x0d,
168 0xe7, 0x1a, 0x37, 0x56, 0x8d, 0xe5, 0x50, 0x0c,
169 0xc9, 0x64, 0x4c, 0x11, 0xea, 0xf3, 0xcb, 0x26,
170 0x34, 0xbd, 0x02, 0xf5, 0xc1, 0xfb, 0xa2, 0xec,
171 0x27, 0xbb, 0x60, 0xbe, 0x0b, 0xf6, 0xe7, 0x3c,
172 0x2d, 0xc9, 0xe7, 0xb0, 0x30, 0x28, 0x17, 0x3d,
173 0x90, 0xf1, 0x63, 0x8e, 0x49, 0xf7, 0x15, 0x78,
174 0x21, 0xcc, 0x45, 0xe6, 0x86, 0xb2, 0xd8, 0xb0,
175 0x2e, 0x5a, 0xb0, 0x58, 0xd3, 0xb6, 0x11, 0x40,
176 0xae, 0x81, 0x1f, 0x6b, 0x7a, 0xaf, 0x40, 0x50,
177 0xf9, 0x2e, 0x81, 0x8b, 0xec, 0x26, 0x11, 0x3f,
178 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01,
179 0x53, 0x30, 0x82, 0x01, 0x4f, 0x30, 0x1d, 0x06,
180 0x03, 0x55, 0x1d, 0x25, 0x04, 0x16, 0x30, 0x14,
181 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07,
182 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05,
183 0x05, 0x07, 0x03, 0x02, 0x30, 0x21, 0x06, 0x03,
184 0x55, 0x1d, 0x11, 0x04, 0x1a, 0x30, 0x18, 0x82,
185 0x0b, 0x2a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
186 0x65, 0x2e, 0x6e, 0x6f, 0x82, 0x09, 0x67, 0x6f,
187 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x6e, 0x6f, 0x30,
188 0x68, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05,
189 0x07, 0x01, 0x01, 0x04, 0x5c, 0x30, 0x5a, 0x30,
190 0x2b, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05,
191 0x07, 0x30, 0x02, 0x86, 0x1f, 0x68, 0x74, 0x74,
192 0x70, 0x3a, 0x2f, 0x2f, 0x70, 0x6b, 0x69, 0x2e,
193 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63,
194 0x6f, 0x6d, 0x2f, 0x47, 0x49, 0x41, 0x47, 0x32,
195 0x2e, 0x63, 0x72, 0x74, 0x30, 0x2b, 0x06, 0x08,
196 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01,
197 0x86, 0x1f, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f,
198 0x2f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x73,
199 0x31, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
200 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x63, 0x73,
201 0x70, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e,
202 0x04, 0x16, 0x04, 0x14, 0xc6, 0x53, 0x87, 0x42,
203 0x2d, 0xc8, 0xee, 0x7a, 0x62, 0x1e, 0x83, 0xdb,
204 0x0d, 0xe2, 0x32, 0xeb, 0x8b, 0xaf, 0x69, 0x40,
205 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01,
206 0x01, 0xff, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1f,
207 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30,
208 0x16, 0x80, 0x14, 0x4a, 0xdd, 0x06, 0x16, 0x1b,
209 0xbc, 0xf6, 0x68, 0xb5, 0x76, 0xf5, 0x81, 0xb6,
210 0xbb, 0x62, 0x1a, 0xba, 0x5a, 0x81, 0x2f, 0x30,
211 0x21, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x1a,
212 0x30, 0x18, 0x30, 0x0c, 0x06, 0x0a, 0x2b, 0x06,
213 0x01, 0x04, 0x01, 0xd6, 0x79, 0x02, 0x05, 0x01,
214 0x30, 0x08, 0x06, 0x06, 0x67, 0x81, 0x0c, 0x01,
215 0x02, 0x02, 0x30, 0x30, 0x06, 0x03, 0x55, 0x1d,
216 0x1f, 0x04, 0x29, 0x30, 0x27, 0x30, 0x25, 0xa0,
217 0x23, 0xa0, 0x21, 0x86, 0x1f, 0x68, 0x74, 0x74,
218 0x70, 0x3a, 0x2f, 0x2f, 0x70, 0x6b, 0x69, 0x2e,
219 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63,
220 0x6f, 0x6d, 0x2f, 0x47, 0x49, 0x41, 0x47, 0x32,
221 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x0d, 0x06, 0x09,
222 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
223 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00,
224 0x7b, 0x27, 0x00, 0x46, 0x8f, 0xfd, 0x5b, 0xff,
225 0xcb, 0x05, 0x9b, 0xf7, 0xf1, 0x68, 0xf6, 0x9a,
226 0x7b, 0xba, 0x53, 0xdf, 0x63, 0xed, 0x11, 0x94,
227 0x39, 0xf2, 0xd0, 0x20, 0xcd, 0xa3, 0xc4, 0x98,
228 0xa5, 0x10, 0x74, 0xe7, 0x10, 0x6d, 0x07, 0xf8,
229 0x33, 0x87, 0x05, 0x43, 0x0e, 0x64, 0x77, 0x09,
230 0x18, 0x4f, 0x38, 0x2e, 0x45, 0xae, 0xa8, 0x34,
231 0x3a, 0xa8, 0x33, 0xac, 0x9d, 0xdd, 0x25, 0x91,
232 0x59, 0x43, 0xbe, 0x0f, 0x87, 0x16, 0x2f, 0xb5,
233 0x27, 0xfd, 0xce, 0x2f, 0x35, 0x5d, 0x12, 0xa1,
234 0x66, 0xac, 0xf7, 0x95, 0x38, 0x0f, 0xe5, 0xb1,
235 0x18, 0x18, 0xe6, 0x80, 0x52, 0x31, 0x8a, 0x66,
236 0x02, 0x52, 0x1a, 0xa4, 0x32, 0x6a, 0x61, 0x05,
237 0xcf, 0x1d, 0xf9, 0x90, 0x73, 0xf0, 0xeb, 0x20,
238 0x31, 0x7b, 0x2e, 0xc0, 0xb0, 0xfb, 0x5c, 0xcc,
239 0xdc, 0x76, 0x55, 0x72, 0xaf, 0xb1, 0x05, 0xf4,
240 0xad, 0xf9, 0xd7, 0x73, 0x5c, 0x2c, 0xbf, 0x0d,
241 0x84, 0x18, 0x01, 0x1d, 0x4d, 0x08, 0xa9, 0x4e,
242 0x37, 0xb7, 0x58, 0xc4, 0x05, 0x0e, 0x65, 0x63,
243 0xd2, 0x88, 0x02, 0xf5, 0x82, 0x17, 0x08, 0xd5,
244 0x8f, 0x80, 0xc7, 0x82, 0x29, 0xbb, 0xe1, 0x04,
245 0xbe, 0xf6, 0xe1, 0x8c, 0xbc, 0x3a, 0xf8, 0xf9,
246 0x56, 0xda, 0xdc, 0x8e, 0xc6, 0xe6, 0x63, 0x98,
247 0x12, 0x08, 0x41, 0x2c, 0x9d, 0x7c, 0x82, 0x0d,
248 0x1e, 0xea, 0xba, 0xde, 0x32, 0x09, 0xda, 0x52,
249 0x24, 0x4f, 0xcc, 0xb6, 0x09, 0x33, 0x8b, 0x00,
250 0xf9, 0x83, 0xb3, 0xc6, 0xa4, 0x90, 0x49, 0x83,
251 0x2d, 0x36, 0xd9, 0x11, 0x78, 0xd0, 0x62, 0x9f,
252 0xc4, 0x8f, 0x84, 0xba, 0x7f, 0xaa, 0x04, 0xf1,
253 0xd9, 0xa4, 0xad, 0x5d, 0x63, 0xee, 0x72, 0xc6,
254 0x4d, 0xd1, 0x4b, 0x41, 0x8f, 0x40, 0x0f, 0x7d,
255 0xcd, 0xb8, 0x2e, 0x5b, 0x6e, 0x21, 0xc9, 0x3d
256 };
257
258 Flow f;
259 SSLState *ssl_state = NULL;
260 TcpSession ssn;
261 Packet *p1 = NULL;
262 Packet *p2 = NULL;
263 Packet *p3 = NULL;
264 ThreadVars tv;
265 DetectEngineThreadCtx *det_ctx = NULL;
266 AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc();
267
268 memset(&tv, 0, sizeof(ThreadVars));
269 memset(&f, 0, sizeof(Flow));
270 memset(&ssn, 0, sizeof(TcpSession));
271
272 p1 = UTHBuildPacketReal(client_hello, sizeof(client_hello), IPPROTO_TCP,
273 "192.168.1.5", "192.168.1.1", 51251, 443);
274 p2 = UTHBuildPacketReal(server_hello, sizeof(server_hello), IPPROTO_TCP,
275 "192.168.1.1", "192.168.1.5", 443, 51251);
276 p3 = UTHBuildPacketReal(certificate, sizeof(certificate), IPPROTO_TCP,
277 "192.168.1.1", "192.168.1.5", 443, 51251);
278
279 FLOW_INITIALIZE(&f);
280 f.flags |= FLOW_IPV4;
281 f.proto = IPPROTO_TCP;
282 f.protomap = FlowGetProtoMapping(f.proto);
283 f.alproto = ALPROTO_TLS;
284
285 p1->flow = &f;
286 p1->flags |= PKT_HAS_FLOW | PKT_STREAM_EST;
287 p1->flowflags |= FLOW_PKT_TOSERVER;
288 p1->flowflags |= FLOW_PKT_ESTABLISHED;
289 p1->pcap_cnt = 1;
290
291 p2->flow = &f;
292 p2->flags |= PKT_HAS_FLOW | PKT_STREAM_EST;
293 p2->flowflags |= FLOW_PKT_TOCLIENT;
294 p2->flowflags |= FLOW_PKT_ESTABLISHED;
295 p2->pcap_cnt = 2;
296
297 p3->flow = &f;
298 p3->flags |= PKT_HAS_FLOW | PKT_STREAM_EST;
299 p3->flowflags |= FLOW_PKT_TOCLIENT;
300 p3->flowflags |= FLOW_PKT_ESTABLISHED;
301 p3->pcap_cnt = 3;
302
303 StreamTcpInitConfig(true);
304
305 DetectEngineCtx *de_ctx = DetectEngineCtxInit();
306 FAIL_IF_NULL(de_ctx);
307
308 de_ctx->mpm_matcher = mpm_default_matcher;
309 de_ctx->flags |= DE_QUIET;
310
311 Signature *s = DetectEngineAppendSig(de_ctx, "alert tls any any -> any any "
312 "(msg:\"Test tls.cert_serial\"; "
313 "tls.cert_serial; "
314 "content:\"5C:19:B7:B1:32:3B:1C:A1\"; "
315 "sid:1;)");
316 FAIL_IF_NULL(s);
317
318 SigGroupBuild(de_ctx);
319 DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
320
321 int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS,
322 STREAM_TOSERVER, client_hello,
323 sizeof(client_hello));
324
325 FAIL_IF(r != 0);
326
327 ssl_state = f.alstate;
328 FAIL_IF_NULL(ssl_state);
329
330 SigMatchSignatures(&tv, de_ctx, det_ctx, p1);
331
332 FAIL_IF(PacketAlertCheck(p1, 1));
333
334 r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, STREAM_TOCLIENT,
335 server_hello, sizeof(server_hello));
336
337 FAIL_IF(r != 0);
338
339 SigMatchSignatures(&tv, de_ctx, det_ctx, p2);
340
341 FAIL_IF(PacketAlertCheck(p2, 1));
342
343 r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, STREAM_TOCLIENT,
344 certificate, sizeof(certificate));
345
346 FAIL_IF(r != 0);
347
348 SigMatchSignatures(&tv, de_ctx, det_ctx, p3);
349
350 FAIL_IF_NOT(PacketAlertCheck(p3, 1));
351
352 if (alp_tctx != NULL)
353 AppLayerParserThreadCtxFree(alp_tctx);
354 if (det_ctx != NULL)
355 DetectEngineThreadCtxDeinit(&tv, det_ctx);
356 if (de_ctx != NULL)
357 SigGroupCleanup(de_ctx);
358 if (de_ctx != NULL)
359 DetectEngineCtxFree(de_ctx);
360
361 StreamTcpFreeConfig(true);
362 FLOW_DESTROY(&f);
363 UTHFreePacket(p1);
364 UTHFreePacket(p2);
365 UTHFreePacket(p3);
366
367 PASS;
368}
369
370static void DetectTlsSerialRegisterTests(void)
371{
372 UtRegisterTest("DetectTlsSerialTest01", DetectTlsSerialTest01);
373 UtRegisterTest("DetectTlsSerialTest02", DetectTlsSerialTest02);
374}
AppLayerParserThreadCtxAlloc
AppLayerParserThreadCtx * AppLayerParserThreadCtxAlloc(void)
Gets a new app layer protocol's parser thread context.
Definition app-layer-parser.c:297
AppLayerParserThreadCtxFree
void AppLayerParserThreadCtxFree(AppLayerParserThreadCtx *tctx)
Destroys the app layer parser thread context obtained using AppLayerParserThreadCtxAlloc().
Definition app-layer-parser.c:324
AppLayerParserParse
int AppLayerParserParse(ThreadVars *tv, AppLayerParserThreadCtx *alp_tctx, Flow *f, AppProto alproto, uint8_t flags, const uint8_t *input, uint32_t input_len)
Definition app-layer-parser.c:1291
ALPROTO_TLS
@ ALPROTO_TLS
Definition app-layer-protos.h:39
PKT_HAS_FLOW
#define PKT_HAS_FLOW
Definition decode.h:1266
PKT_STREAM_EST
#define PKT_STREAM_EST
Definition decode.h:1262
PacketAlertCheck
int PacketAlertCheck(Packet *p, uint32_t sid)
Check if a certain sid alerted, this is used in the test functions.
Definition detect-engine-alert.c:142
DetectBufferGetFirstSigMatch
SigMatch * DetectBufferGetFirstSigMatch(const Signature *s, const uint32_t buf_id)
Definition detect-engine-buffer.c:157
SigGroupBuild
int SigGroupBuild(DetectEngineCtx *de_ctx)
Convert the signature list into the runtime match structure.
Definition detect-engine-build.c:2204
SigGroupCleanup
int SigGroupCleanup(DetectEngineCtx *de_ctx)
Definition detect-engine-build.c:2275
DetectEngineCtxInit
DetectEngineCtx * DetectEngineCtxInit(void)
Definition detect-engine.c:2602
DetectEngineCtxFree
void DetectEngineCtxFree(DetectEngineCtx *)
Free a DetectEngineCtx::
Definition detect-engine.c:2641
DetectEngineAppendSig
Signature * DetectEngineAppendSig(DetectEngineCtx *, const char *)
Parse and append a Signature into the Detection Engine Context signature list.
Definition detect-parse.c:3437
DetectEngineThreadCtxInit
TmEcode DetectEngineThreadCtxInit(ThreadVars *tv, void *initdata, void **data)
initialize thread specific detection engine context
Definition detect-engine.c:3372
DetectEngineThreadCtxDeinit
TmEcode DetectEngineThreadCtxDeinit(ThreadVars *tv, void *data)
Definition detect-engine.c:3608
SigMatchSignatures
void SigMatchSignatures(ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, Packet *p)
wrapper for old tests
Definition detect.c:2420
DE_QUIET
#define DE_QUIET
Definition detect.h:330
DETECT_SM_LIST_MATCH
@ DETECT_SM_LIST_MATCH
Definition detect.h:117
FlowGetProtoMapping
uint8_t FlowGetProtoMapping(uint8_t proto)
Function to map the protocol to the defined FLOW_PROTO_* enumeration.
Definition flow-util.c:99
FLOW_INITIALIZE
#define FLOW_INITIALIZE(f)
Definition flow-util.h:38
FLOW_DESTROY
#define FLOW_DESTROY(f)
Definition flow-util.h:119
FLOW_PKT_TOSERVER
#define FLOW_PKT_TOSERVER
Definition flow.h:233
FLOW_PKT_ESTABLISHED
#define FLOW_PKT_ESTABLISHED
Definition flow.h:235
FLOW_IPV4
#define FLOW_IPV4
Definition flow.h:100
FLOW_PKT_TOCLIENT
#define FLOW_PKT_TOCLIENT
Definition flow.h:234
alp_tctx
AppLayerParserThreadCtx * alp_tctx
Definition fuzz_applayerparserparse.c:23
tv
ThreadVars * tv
Definition fuzz_decodepcapfile.c:32
de_ctx
DetectEngineCtx * de_ctx
Definition fuzz_siginit.c:18
FAIL_IF_NULL
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
Definition util-unittest.h:89
UtRegisterTest
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
Definition util-unittest.c:103
FAIL_IF_NOT
#define FAIL_IF_NOT(expr)
Fail a test if expression evaluates to false.
Definition util-unittest.h:82
PASS
#define PASS
Pass the test.
Definition util-unittest.h:105
FAIL_IF
#define FAIL_IF(expr)
Fail a test if expression evaluates to true.
Definition util-unittest.h:71
FAIL_IF_NOT_NULL
#define FAIL_IF_NOT_NULL(expr)
Fail a test if expression evaluates to non-NULL.
Definition util-unittest.h:96
StreamTcpFreeConfig
void StreamTcpFreeConfig(bool quiet)
Definition stream-tcp.c:859
StreamTcpInitConfig
void StreamTcpInitConfig(bool)
To initialize the stream global configuration data.
Definition stream-tcp.c:488
AppLayerParserThreadCtx_
Definition app-layer-parser.c:60
DetectEngineCtx_
main detection engine ctx
Definition detect.h:932
DetectEngineCtx_::mpm_matcher
uint8_t mpm_matcher
Definition detect.h:935
DetectEngineCtx_::flags
uint8_t flags
Definition detect.h:934
DetectEngineThreadCtx_
Definition detect.h:1244
Flow_
Flow data structure.
Definition flow.h:356
Flow_::proto
uint8_t proto
Definition flow.h:378
Flow_::flags
uint32_t flags
Definition flow.h:421
Flow_::alproto
AppProto alproto
application level protocol
Definition flow.h:450
Flow_::alstate
void * alstate
Definition flow.h:479
Flow_::protomap
uint8_t protomap
Definition flow.h:445
Packet_
Definition decode.h:501
Packet_::flowflags
uint8_t flowflags
Definition decode.h:532
Packet_::pcap_cnt
uint64_t pcap_cnt
Definition decode.h:626
Packet_::flow
struct Flow_ * flow
Definition decode.h:546
Packet_::flags
uint32_t flags
Definition decode.h:544
SSLState_
SSLv[2.0|3.[0|1|2|3]] state structure.
Definition app-layer-ssl.h:227
SigMatch_
a single match condition for a signature
Definition detect.h:356
SigMatch_::type
uint16_t type
Definition detect.h:357
SigMatch_::next
struct SigMatch_ * next
Definition detect.h:360
SignatureInitData_::smlists
struct SigMatch_ * smlists[DETECT_SM_LIST_MAX]
Definition detect.h:642
Signature_
Signature container.
Definition detect.h:668
Signature_::init_data
SignatureInitData * init_data
Definition detect.h:747
TcpSession_
Definition stream-tcp-private.h:283
ThreadVars_
Per thread variable structure.
Definition threadvars.h:58
mpm_default_matcher
uint8_t mpm_default_matcher
Definition util-mpm.c:48
UTHBuildPacketReal
Packet * UTHBuildPacketReal(uint8_t *payload, uint16_t payload_len, uint8_t ipproto, const char *src, const char *dst, uint16_t sport, uint16_t dport)
UTHBuildPacketReal is a function that create tcp/udp packets for unittests specifying ip and port sou...
Definition util-unittest-helper.c:260
UTHFreePacket
void UTHFreePacket(Packet *p)
UTHFreePacket: function to release the allocated data from UTHBuildPacket and the packet itself.
Definition util-unittest-helper.c:473