suricata
detect-tls-cert-validity.c
Go to the documentation of this file.
1/* Copyright (C) 2015-2019 Open Information Security Foundation
2 *
3 * You can copy, redistribute or modify this Program under the terms of
4 * the GNU General Public License version 2 as published by the Free
5 * Software Foundation.
6 *
7 * This program is distributed in the hope that it will be useful,
8 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 * GNU General Public License for more details.
11 *
12 * You should have received a copy of the GNU General Public License
13 * version 2 along with this program; if not, write to the Free Software
14 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15 * 02110-1301, USA.
16 */
17
18/**
19 * \file
20 *
21 * \author Mats Klepsland <mats.klepsland@gmail.com>
22 *
23 */
24
25#include "detect-engine-build.h"
26#include "detect-engine-alert.h"
27#include "app-layer-parser.h"
28
29/**
30 * \test This is a test for a valid value 1430000000.
31 *
32 * \retval 1 on success.
33 * \retval 0 on failure.
34 */
35static int ValidityTestParse01 (void)
36{
37 DetectTlsValidityData *dd = NULL;
38 dd = DetectTlsValidityParse("1430000000");
39 FAIL_IF_NULL(dd);
40 FAIL_IF_NOT(dd->epoch == 1430000000 && dd->mode == DETECT_TLS_VALIDITY_EQ);
41 DetectTlsValidityFree(NULL, dd);
42 PASS;
43}
44
45/**
46 * \test This is a test for a valid value >1430000000.
47 *
48 * \retval 1 on success.
49 * \retval 0 on failure.
50 */
51static int ValidityTestParse02 (void)
52{
53 DetectTlsValidityData *dd = NULL;
54 dd = DetectTlsValidityParse(">1430000000");
55 FAIL_IF_NULL(dd);
56 FAIL_IF_NOT(dd->epoch == 1430000000 && dd->mode == DETECT_TLS_VALIDITY_GT);
57 DetectTlsValidityFree(NULL, dd);
58 PASS;
59}
60
61/**
62 * \test This is a test for a valid value <1430000000.
63 *
64 * \retval 1 on success.
65 * \retval 0 on failure.
66 */
67static int ValidityTestParse03 (void)
68{
69 DetectTlsValidityData *dd = NULL;
70 dd = DetectTlsValidityParse("<1430000000");
71 FAIL_IF_NULL(dd);
72 FAIL_IF_NOT(dd->epoch == 1430000000 && dd->mode == DETECT_TLS_VALIDITY_LT);
73 DetectTlsValidityFree(NULL, dd);
74 PASS;
75}
76
77/**
78 * \test This is a test for a valid value 1430000000<>1470000000.
79 *
80 * \retval 1 on success.
81 * \retval 0 on failure.
82 */
83static int ValidityTestParse04 (void)
84{
85 DetectTlsValidityData *dd = NULL;
86 dd = DetectTlsValidityParse("1430000000<>1470000000");
87 FAIL_IF_NULL(dd);
88 FAIL_IF_NOT(dd->epoch == 1430000000 && dd->epoch2 == 1470000000 &&
89 dd->mode == DETECT_TLS_VALIDITY_RA);
90 DetectTlsValidityFree(NULL, dd);
91 PASS;
92}
93
94/**
95 * \test This is a test for a invalid value A.
96 *
97 * \retval 1 on success.
98 * \retval 0 on failure.
99 */
100static int ValidityTestParse05 (void)
101{
102 DetectTlsValidityData *dd = NULL;
103 dd = DetectTlsValidityParse("A");
104 FAIL_IF_NOT_NULL(dd);
105 PASS;
106}
107
108/**
109 * \test This is a test for a invalid value >1430000000<>1470000000.
110 *
111 * \retval 1 on success.
112 * \retval 0 on failure.
113 */
114static int ValidityTestParse06 (void)
115{
116 DetectTlsValidityData *dd = NULL;
117 dd = DetectTlsValidityParse(">1430000000<>1470000000");
118 FAIL_IF_NOT_NULL(dd);
119 PASS;
120}
121
122/**
123 * \test This is a test for a invalid value 1430000000<>.
124 *
125 * \retval 1 on success.
126 * \retval 0 on failure.
127 */
128static int ValidityTestParse07 (void)
129{
130 DetectTlsValidityData *dd = NULL;
131 dd = DetectTlsValidityParse("1430000000<>");
132 FAIL_IF_NOT_NULL(dd);
133 PASS;
134}
135
136/**
137 * \test This is a test for a invalid value <>1430000000.
138 *
139 * \retval 1 on success.
140 * \retval 0 on failure.
141 */
142static int ValidityTestParse08 (void)
143{
144 DetectTlsValidityData *dd = NULL;
145 dd = DetectTlsValidityParse("<>1430000000");
146 FAIL_IF_NOT_NULL(dd);
147 PASS;
148}
149
150/**
151 * \test This is a test for a invalid value "".
152 *
153 * \retval 1 on success.
154 * \retval 0 on failure.
155 */
156static int ValidityTestParse09 (void)
157{
158 DetectTlsValidityData *dd = NULL;
159 dd = DetectTlsValidityParse("");
160 FAIL_IF_NOT_NULL(dd);
161 PASS;
162}
163
164/**
165 * \test This is a test for a invalid value " ".
166 *
167 * \retval 1 on success.
168 * \retval 0 on failure.
169 */
170static int ValidityTestParse10 (void)
171{
172 DetectTlsValidityData *dd = NULL;
173 dd = DetectTlsValidityParse(" ");
174 FAIL_IF_NOT_NULL(dd);
175 PASS;
176}
177
178/**
179 * \test This is a test for a invalid value 1490000000<>1430000000.
180 *
181 * \retval 1 on success.
182 * \retval 0 on failure.
183 */
184static int ValidityTestParse11 (void)
185{
186 DetectTlsValidityData *dd = NULL;
187 dd = DetectTlsValidityParse("1490000000<>1430000000");
188 FAIL_IF_NOT_NULL(dd);
189 PASS;
190}
191
192/**
193 * \test This is a test for a valid value 1430000000 <> 1490000000.
194 *
195 * \retval 1 on success.
196 * \retval 0 on failure.
197 */
198static int ValidityTestParse12 (void)
199{
200 DetectTlsValidityData *dd = NULL;
201 dd = DetectTlsValidityParse("1430000000 <> 1490000000");
202 FAIL_IF_NULL(dd);
203 FAIL_IF_NOT(dd->epoch == 1430000000 && dd->epoch2 == 1490000000 &&
204 dd->mode == DETECT_TLS_VALIDITY_RA);
205 DetectTlsValidityFree(NULL, dd);
206 PASS;
207}
208
209/**
210 * \test This is a test for a valid value > 1430000000.
211 *
212 * \retval 1 on success.
213 * \retval 0 on failure.
214 */
215static int ValidityTestParse13 (void)
216{
217 DetectTlsValidityData *dd = NULL;
218 dd = DetectTlsValidityParse("> 1430000000 ");
219 FAIL_IF_NULL(dd);
220 FAIL_IF_NOT(dd->epoch == 1430000000 && dd->mode == DETECT_TLS_VALIDITY_GT);
221 DetectTlsValidityFree(NULL, dd);
222 PASS;
223}
224
225/**
226 * \test This is a test for a valid value < 1490000000.
227 *
228 * \retval 1 on success.
229 * \retval 0 on failure.
230 */
231static int ValidityTestParse14 (void)
232{
233 DetectTlsValidityData *dd = NULL;
234 dd = DetectTlsValidityParse("< 1490000000 ");
235 FAIL_IF_NULL(dd);
236 FAIL_IF_NOT(dd->epoch == 1490000000 && dd->mode == DETECT_TLS_VALIDITY_LT);
237 DetectTlsValidityFree(NULL, dd);
238 PASS;
239}
240
241/**
242 * \test This is a test for a valid value 1490000000.
243 *
244 * \retval 1 on success.
245 * \retval 0 on failure.
246 */
247static int ValidityTestParse15 (void)
248{
249 DetectTlsValidityData *dd = NULL;
250 dd = DetectTlsValidityParse(" 1490000000 ");
251 FAIL_IF_NULL(dd);
252 FAIL_IF_NOT(dd->epoch == 1490000000 && dd->mode == DETECT_TLS_VALIDITY_EQ);
253 DetectTlsValidityFree(NULL, dd);
254 PASS;
255}
256
257/**
258 * \test This is a test for a valid value 2015-10.
259 *
260 * \retval 1 on success.
261 * \retval 0 on failure.
262 */
263static int ValidityTestParse16 (void)
264{
265 DetectTlsValidityData *dd = NULL;
266 dd = DetectTlsValidityParse("2015-10");
267 FAIL_IF_NULL(dd);
268 FAIL_IF_NOT(dd->epoch == 1443657600 && dd->mode == DETECT_TLS_VALIDITY_EQ);
269 DetectTlsValidityFree(NULL, dd);
270 PASS;
271}
272
273/**
274 * \test This is a test for a valid value >2015-10-22.
275 *
276 * \retval 1 on success.
277 * \retval 0 on failure.
278 */
279static int ValidityTestParse17 (void)
280{
281 DetectTlsValidityData *dd = NULL;
282 dd = DetectTlsValidityParse(">2015-10-22");
283 FAIL_IF_NULL(dd);
284 FAIL_IF_NOT(dd->epoch == 1445472000 && dd->mode == DETECT_TLS_VALIDITY_GT);
285 DetectTlsValidityFree(NULL, dd);
286 PASS;
287}
288
289/**
290 * \test This is a test for a valid value <2015-10-22 23.
291 *
292 * \retval 1 on success.
293 * \retval 0 on failure.
294 */
295static int ValidityTestParse18 (void)
296{
297 DetectTlsValidityData *dd = NULL;
298 dd = DetectTlsValidityParse("<2015-10-22 23");
299 FAIL_IF_NULL(dd);
300 FAIL_IF_NOT(dd->epoch == 1445554800 && dd->mode == DETECT_TLS_VALIDITY_LT);
301 DetectTlsValidityFree(NULL, dd);
302 PASS;
303}
304
305/**
306 * \test This is a test for a valid value 2015-10-22 23:59.
307 *
308 * \retval 1 on success.
309 * \retval 0 on failure.
310 */
311static int ValidityTestParse19 (void)
312{
313 DetectTlsValidityData *dd = NULL;
314 dd = DetectTlsValidityParse("2015-10-22 23:59");
315 FAIL_IF_NULL(dd);
316 FAIL_IF_NOT(dd->epoch == 1445558340 && dd->mode == DETECT_TLS_VALIDITY_EQ);
317 DetectTlsValidityFree(NULL, dd);
318 PASS;
319}
320
321/**
322 * \test This is a test for a valid value 2015-10-22 23:59:59.
323 *
324 * \retval 1 on success.
325 * \retval 0 on failure.
326 */
327static int ValidityTestParse20 (void)
328{
329 DetectTlsValidityData *dd = NULL;
330 dd = DetectTlsValidityParse("2015-10-22 23:59:59");
331 FAIL_IF_NULL(dd);
332 FAIL_IF_NOT(dd->epoch == 1445558399 && dd->mode == DETECT_TLS_VALIDITY_EQ);
333 DetectTlsValidityFree(NULL, dd);
334 PASS;
335}
336
337/**
338 * \test This is a test for a valid value 2015-10-22T23.
339 *
340 * \retval 1 on success.
341 * \retval 0 on failure.
342 */
343static int ValidityTestParse21 (void)
344{
345 DetectTlsValidityData *dd = NULL;
346 dd = DetectTlsValidityParse("2015-10-22T23");
347 FAIL_IF_NULL(dd);
348 FAIL_IF_NOT(dd->epoch == 1445554800 && dd->mode == DETECT_TLS_VALIDITY_EQ);
349 DetectTlsValidityFree(NULL, dd);
350 PASS;
351}
352
353/**
354 * \test This is a test for a valid value 2015-10-22T23:59.
355 *
356 * \retval 1 on success.
357 * \retval 0 on failure.
358 */
359static int ValidityTestParse22 (void)
360{
361 DetectTlsValidityData *dd = NULL;
362 dd = DetectTlsValidityParse("2015-10-22T23:59");
363 FAIL_IF_NULL(dd);
364 FAIL_IF_NOT(dd->epoch == 1445558340 && dd->mode == DETECT_TLS_VALIDITY_EQ);
365 DetectTlsValidityFree(NULL, dd);
366 PASS;
367}
368
369/**
370 * \test This is a test for a valid value 2015-10-22T23:59:59.
371 *
372 * \retval 1 on success.
373 * \retval 0 on failure.
374 */
375static int ValidityTestParse23 (void)
376{
377 DetectTlsValidityData *dd = NULL;
378 dd = DetectTlsValidityParse("2015-10-22T23:59:59");
379 FAIL_IF_NULL(dd);
380 FAIL_IF_NOT(dd->epoch == 1445558399 && dd->mode == DETECT_TLS_VALIDITY_EQ);
381 DetectTlsValidityFree(NULL, dd);
382 PASS;
383}
384
385/**
386 * \test This is a test for a valid value of 1970-01-01T00:00:00
387 * that is at epoch 0, within the range of acceptable
388 * values (1950-2049) as per RFC 5280. (https://tools.ietf.org/html/rfc5280#section-4.1.2.5.1)
389 *
390 * \retval 1 on success.
391 * \retval 0 on failure.
392 */
393static int ValidityTestParse24(void)
394{
395 DetectTlsValidityData *dd = NULL;
396 dd = DetectTlsValidityParse("1970-01-01T00:00:00");
397 FAIL_IF_NULL(dd);
398 FAIL_IF_NOT(dd->epoch == 0 && dd->mode == DETECT_TLS_VALIDITY_EQ);
399 DetectTlsValidityFree(NULL, dd);
400 PASS;
401}
402
403/**
404 * \test This is a test for a valid value of 1965-10-22T23:59:59
405 * that is lower than epoch 0, but within the range of
406 * acceptable values (1950-2049) as per RFC 5280.
407 * (https://tools.ietf.org/html/rfc5280#section-4.1.2.5.1)
408 *
409 * \retval 1 on success.
410 * \retval 0 on failure.
411 */
412static int ValidityTestParse25(void)
413{
414 DetectTlsValidityData *dd = NULL;
415 dd = DetectTlsValidityParse("1969-12-31T23:59:59");
416 FAIL_IF_NULL(dd);
417 FAIL_IF_NOT(dd->epoch == -1 && dd->mode == DETECT_TLS_VALIDITY_EQ);
418 DetectTlsValidityFree(NULL, dd);
419 PASS;
420}
421
422/**
423 * \test Test matching on validity dates in a certificate.
424 *
425 * \retval 1 on success.
426 * \retval 0 on failure.
427 */
428static int ValidityTestDetect01(void)
429{
430 /* client hello */
431 uint8_t client_hello[] = {
432 0x16, 0x03, 0x01, 0x00, 0xc8, 0x01, 0x00, 0x00,
433 0xc4, 0x03, 0x03, 0xd6, 0x08, 0x5a, 0xa2, 0x86,
434 0x5b, 0x85, 0xd4, 0x40, 0xab, 0xbe, 0xc0, 0xbc,
435 0x41, 0xf2, 0x26, 0xf0, 0xfe, 0x21, 0xee, 0x8b,
436 0x4c, 0x7e, 0x07, 0xc8, 0xec, 0xd2, 0x00, 0x46,
437 0x4c, 0xeb, 0xb7, 0x00, 0x00, 0x16, 0xc0, 0x2b,
438 0xc0, 0x2f, 0xc0, 0x0a, 0xc0, 0x09, 0xc0, 0x13,
439 0xc0, 0x14, 0x00, 0x33, 0x00, 0x39, 0x00, 0x2f,
440 0x00, 0x35, 0x00, 0x0a, 0x01, 0x00, 0x00, 0x85,
441 0x00, 0x00, 0x00, 0x12, 0x00, 0x10, 0x00, 0x00,
442 0x0d, 0x77, 0x77, 0x77, 0x2e, 0x67, 0x6f, 0x6f,
443 0x67, 0x6c, 0x65, 0x2e, 0x6e, 0x6f, 0xff, 0x01,
444 0x00, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x08, 0x00,
445 0x06, 0x00, 0x17, 0x00, 0x18, 0x00, 0x19, 0x00,
446 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x23, 0x00,
447 0x00, 0x33, 0x74, 0x00, 0x00, 0x00, 0x10, 0x00,
448 0x29, 0x00, 0x27, 0x05, 0x68, 0x32, 0x2d, 0x31,
449 0x36, 0x05, 0x68, 0x32, 0x2d, 0x31, 0x35, 0x05,
450 0x68, 0x32, 0x2d, 0x31, 0x34, 0x02, 0x68, 0x32,
451 0x08, 0x73, 0x70, 0x64, 0x79, 0x2f, 0x33, 0x2e,
452 0x31, 0x08, 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31,
453 0x2e, 0x31, 0x00, 0x05, 0x00, 0x05, 0x01, 0x00,
454 0x00, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x16, 0x00,
455 0x14, 0x04, 0x01, 0x05, 0x01, 0x06, 0x01, 0x02,
456 0x01, 0x04, 0x03, 0x05, 0x03, 0x06, 0x03, 0x02,
457 0x03, 0x04, 0x02, 0x02, 0x02
458 };
459
460 /* server hello */
461 uint8_t server_hello[] = {
462 0x16, 0x03, 0x03, 0x00, 0x48, 0x02, 0x00, 0x00,
463 0x44, 0x03, 0x03, 0x57, 0x91, 0xb8, 0x63, 0xdd,
464 0xdb, 0xbb, 0x23, 0xcf, 0x0b, 0x43, 0x02, 0x1d,
465 0x46, 0x11, 0x27, 0x5c, 0x98, 0xcf, 0x67, 0xe1,
466 0x94, 0x3d, 0x62, 0x7d, 0x38, 0x48, 0x21, 0x23,
467 0xa5, 0x62, 0x31, 0x00, 0xc0, 0x2f, 0x00, 0x00,
468 0x1c, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x00,
469 0x00, 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x10,
470 0x00, 0x05, 0x00, 0x03, 0x02, 0x68, 0x32, 0x00,
471 0x0b, 0x00, 0x02, 0x01, 0x00
472 };
473
474 /* certificate */
475 uint8_t certificate[] = {
476 0x16, 0x03, 0x03, 0x04, 0x93, 0x0b, 0x00, 0x04,
477 0x8f, 0x00, 0x04, 0x8c, 0x00, 0x04, 0x89, 0x30,
478 0x82, 0x04, 0x85, 0x30, 0x82, 0x03, 0x6d, 0xa0,
479 0x03, 0x02, 0x01, 0x02, 0x02, 0x08, 0x5c, 0x19,
480 0xb7, 0xb1, 0x32, 0x3b, 0x1c, 0xa1, 0x30, 0x0d,
481 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
482 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x49, 0x31,
483 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06,
484 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11,
485 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0a, 0x47,
486 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x20, 0x49, 0x6e,
487 0x63, 0x31, 0x25, 0x30, 0x23, 0x06, 0x03, 0x55,
488 0x04, 0x03, 0x13, 0x1c, 0x47, 0x6f, 0x6f, 0x67,
489 0x6c, 0x65, 0x20, 0x49, 0x6e, 0x74, 0x65, 0x72,
490 0x6e, 0x65, 0x74, 0x20, 0x41, 0x75, 0x74, 0x68,
491 0x6f, 0x72, 0x69, 0x74, 0x79, 0x20, 0x47, 0x32,
492 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x36, 0x30, 0x37,
493 0x31, 0x33, 0x31, 0x33, 0x32, 0x34, 0x35, 0x32,
494 0x5a, 0x17, 0x0d, 0x31, 0x36, 0x31, 0x30, 0x30,
495 0x35, 0x31, 0x33, 0x31, 0x36, 0x30, 0x30, 0x5a,
496 0x30, 0x65, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03,
497 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31,
498 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08,
499 0x0c, 0x0a, 0x43, 0x61, 0x6c, 0x69, 0x66, 0x6f,
500 0x72, 0x6e, 0x69, 0x61, 0x31, 0x16, 0x30, 0x14,
501 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x0d, 0x4d,
502 0x6f, 0x75, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x20,
503 0x56, 0x69, 0x65, 0x77, 0x31, 0x13, 0x30, 0x11,
504 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0a, 0x47,
505 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x20, 0x49, 0x6e,
506 0x63, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55,
507 0x04, 0x03, 0x0c, 0x0b, 0x2a, 0x2e, 0x67, 0x6f,
508 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x6e, 0x6f, 0x30,
509 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a,
510 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
511 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30,
512 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00,
513 0xa5, 0x0a, 0xb9, 0xb1, 0xca, 0x36, 0xd1, 0xae,
514 0x22, 0x38, 0x07, 0x06, 0xc9, 0x1a, 0x56, 0x4f,
515 0xbb, 0xdf, 0xa8, 0x6d, 0xbd, 0xee, 0x76, 0x16,
516 0xbc, 0x53, 0x3c, 0x03, 0x6a, 0x5c, 0x94, 0x50,
517 0x87, 0x2f, 0x28, 0xb4, 0x4e, 0xd5, 0x9b, 0x8f,
518 0xfe, 0x02, 0xde, 0x2a, 0x83, 0x01, 0xf9, 0x45,
519 0x61, 0x0e, 0x66, 0x0e, 0x24, 0x22, 0xe2, 0x59,
520 0x66, 0x0d, 0xd3, 0xe9, 0x77, 0x8a, 0x7e, 0x42,
521 0xaa, 0x5a, 0xf9, 0x05, 0xbf, 0x30, 0xc7, 0x03,
522 0x2b, 0xdc, 0xa6, 0x9c, 0xe0, 0x9f, 0x0d, 0xf1,
523 0x28, 0x19, 0xf8, 0xf2, 0x02, 0xfa, 0xbd, 0x62,
524 0xa0, 0xf3, 0x02, 0x2b, 0xcd, 0xf7, 0x09, 0x04,
525 0x3b, 0x52, 0xd8, 0x65, 0x4b, 0x4a, 0x70, 0xe4,
526 0x57, 0xc9, 0x2e, 0x2a, 0xf6, 0x9c, 0x6e, 0xd8,
527 0xde, 0x01, 0x52, 0xc9, 0x6f, 0xe9, 0xef, 0x82,
528 0xbc, 0x0b, 0x95, 0xb2, 0xef, 0xcb, 0x91, 0xa6,
529 0x0b, 0x2d, 0x14, 0xc6, 0x00, 0xa9, 0x33, 0x86,
530 0x64, 0x00, 0xd4, 0x92, 0x19, 0x53, 0x3d, 0xfd,
531 0xcd, 0xc6, 0x1a, 0xf2, 0x0e, 0x67, 0xc2, 0x1d,
532 0x2c, 0xe0, 0xe8, 0x29, 0x97, 0x1c, 0xb6, 0xc4,
533 0xb2, 0x02, 0x0c, 0x83, 0xb8, 0x60, 0x61, 0xf5,
534 0x61, 0x2d, 0x73, 0x5e, 0x85, 0x4d, 0xbd, 0x0d,
535 0xe7, 0x1a, 0x37, 0x56, 0x8d, 0xe5, 0x50, 0x0c,
536 0xc9, 0x64, 0x4c, 0x11, 0xea, 0xf3, 0xcb, 0x26,
537 0x34, 0xbd, 0x02, 0xf5, 0xc1, 0xfb, 0xa2, 0xec,
538 0x27, 0xbb, 0x60, 0xbe, 0x0b, 0xf6, 0xe7, 0x3c,
539 0x2d, 0xc9, 0xe7, 0xb0, 0x30, 0x28, 0x17, 0x3d,
540 0x90, 0xf1, 0x63, 0x8e, 0x49, 0xf7, 0x15, 0x78,
541 0x21, 0xcc, 0x45, 0xe6, 0x86, 0xb2, 0xd8, 0xb0,
542 0x2e, 0x5a, 0xb0, 0x58, 0xd3, 0xb6, 0x11, 0x40,
543 0xae, 0x81, 0x1f, 0x6b, 0x7a, 0xaf, 0x40, 0x50,
544 0xf9, 0x2e, 0x81, 0x8b, 0xec, 0x26, 0x11, 0x3f,
545 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01,
546 0x53, 0x30, 0x82, 0x01, 0x4f, 0x30, 0x1d, 0x06,
547 0x03, 0x55, 0x1d, 0x25, 0x04, 0x16, 0x30, 0x14,
548 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07,
549 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05,
550 0x05, 0x07, 0x03, 0x02, 0x30, 0x21, 0x06, 0x03,
551 0x55, 0x1d, 0x11, 0x04, 0x1a, 0x30, 0x18, 0x82,
552 0x0b, 0x2a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
553 0x65, 0x2e, 0x6e, 0x6f, 0x82, 0x09, 0x67, 0x6f,
554 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x6e, 0x6f, 0x30,
555 0x68, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05,
556 0x07, 0x01, 0x01, 0x04, 0x5c, 0x30, 0x5a, 0x30,
557 0x2b, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05,
558 0x07, 0x30, 0x02, 0x86, 0x1f, 0x68, 0x74, 0x74,
559 0x70, 0x3a, 0x2f, 0x2f, 0x70, 0x6b, 0x69, 0x2e,
560 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63,
561 0x6f, 0x6d, 0x2f, 0x47, 0x49, 0x41, 0x47, 0x32,
562 0x2e, 0x63, 0x72, 0x74, 0x30, 0x2b, 0x06, 0x08,
563 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01,
564 0x86, 0x1f, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f,
565 0x2f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x73,
566 0x31, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
567 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x63, 0x73,
568 0x70, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e,
569 0x04, 0x16, 0x04, 0x14, 0xc6, 0x53, 0x87, 0x42,
570 0x2d, 0xc8, 0xee, 0x7a, 0x62, 0x1e, 0x83, 0xdb,
571 0x0d, 0xe2, 0x32, 0xeb, 0x8b, 0xaf, 0x69, 0x40,
572 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01,
573 0x01, 0xff, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1f,
574 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30,
575 0x16, 0x80, 0x14, 0x4a, 0xdd, 0x06, 0x16, 0x1b,
576 0xbc, 0xf6, 0x68, 0xb5, 0x76, 0xf5, 0x81, 0xb6,
577 0xbb, 0x62, 0x1a, 0xba, 0x5a, 0x81, 0x2f, 0x30,
578 0x21, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x1a,
579 0x30, 0x18, 0x30, 0x0c, 0x06, 0x0a, 0x2b, 0x06,
580 0x01, 0x04, 0x01, 0xd6, 0x79, 0x02, 0x05, 0x01,
581 0x30, 0x08, 0x06, 0x06, 0x67, 0x81, 0x0c, 0x01,
582 0x02, 0x02, 0x30, 0x30, 0x06, 0x03, 0x55, 0x1d,
583 0x1f, 0x04, 0x29, 0x30, 0x27, 0x30, 0x25, 0xa0,
584 0x23, 0xa0, 0x21, 0x86, 0x1f, 0x68, 0x74, 0x74,
585 0x70, 0x3a, 0x2f, 0x2f, 0x70, 0x6b, 0x69, 0x2e,
586 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63,
587 0x6f, 0x6d, 0x2f, 0x47, 0x49, 0x41, 0x47, 0x32,
588 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x0d, 0x06, 0x09,
589 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
590 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00,
591 0x7b, 0x27, 0x00, 0x46, 0x8f, 0xfd, 0x5b, 0xff,
592 0xcb, 0x05, 0x9b, 0xf7, 0xf1, 0x68, 0xf6, 0x9a,
593 0x7b, 0xba, 0x53, 0xdf, 0x63, 0xed, 0x11, 0x94,
594 0x39, 0xf2, 0xd0, 0x20, 0xcd, 0xa3, 0xc4, 0x98,
595 0xa5, 0x10, 0x74, 0xe7, 0x10, 0x6d, 0x07, 0xf8,
596 0x33, 0x87, 0x05, 0x43, 0x0e, 0x64, 0x77, 0x09,
597 0x18, 0x4f, 0x38, 0x2e, 0x45, 0xae, 0xa8, 0x34,
598 0x3a, 0xa8, 0x33, 0xac, 0x9d, 0xdd, 0x25, 0x91,
599 0x59, 0x43, 0xbe, 0x0f, 0x87, 0x16, 0x2f, 0xb5,
600 0x27, 0xfd, 0xce, 0x2f, 0x35, 0x5d, 0x12, 0xa1,
601 0x66, 0xac, 0xf7, 0x95, 0x38, 0x0f, 0xe5, 0xb1,
602 0x18, 0x18, 0xe6, 0x80, 0x52, 0x31, 0x8a, 0x66,
603 0x02, 0x52, 0x1a, 0xa4, 0x32, 0x6a, 0x61, 0x05,
604 0xcf, 0x1d, 0xf9, 0x90, 0x73, 0xf0, 0xeb, 0x20,
605 0x31, 0x7b, 0x2e, 0xc0, 0xb0, 0xfb, 0x5c, 0xcc,
606 0xdc, 0x76, 0x55, 0x72, 0xaf, 0xb1, 0x05, 0xf4,
607 0xad, 0xf9, 0xd7, 0x73, 0x5c, 0x2c, 0xbf, 0x0d,
608 0x84, 0x18, 0x01, 0x1d, 0x4d, 0x08, 0xa9, 0x4e,
609 0x37, 0xb7, 0x58, 0xc4, 0x05, 0x0e, 0x65, 0x63,
610 0xd2, 0x88, 0x02, 0xf5, 0x82, 0x17, 0x08, 0xd5,
611 0x8f, 0x80, 0xc7, 0x82, 0x29, 0xbb, 0xe1, 0x04,
612 0xbe, 0xf6, 0xe1, 0x8c, 0xbc, 0x3a, 0xf8, 0xf9,
613 0x56, 0xda, 0xdc, 0x8e, 0xc6, 0xe6, 0x63, 0x98,
614 0x12, 0x08, 0x41, 0x2c, 0x9d, 0x7c, 0x82, 0x0d,
615 0x1e, 0xea, 0xba, 0xde, 0x32, 0x09, 0xda, 0x52,
616 0x24, 0x4f, 0xcc, 0xb6, 0x09, 0x33, 0x8b, 0x00,
617 0xf9, 0x83, 0xb3, 0xc6, 0xa4, 0x90, 0x49, 0x83,
618 0x2d, 0x36, 0xd9, 0x11, 0x78, 0xd0, 0x62, 0x9f,
619 0xc4, 0x8f, 0x84, 0xba, 0x7f, 0xaa, 0x04, 0xf1,
620 0xd9, 0xa4, 0xad, 0x5d, 0x63, 0xee, 0x72, 0xc6,
621 0x4d, 0xd1, 0x4b, 0x41, 0x8f, 0x40, 0x0f, 0x7d,
622 0xcd, 0xb8, 0x2e, 0x5b, 0x6e, 0x21, 0xc9, 0x3d
623 };
624
625 Flow f;
626 SSLState *ssl_state = NULL;
627 TcpSession ssn;
628 Packet *p1 = NULL;
629 Packet *p2 = NULL;
630 Packet *p3 = NULL;
631 ThreadVars tv;
632 DetectEngineThreadCtx *det_ctx = NULL;
633 AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc();
634
635 memset(&tv, 0, sizeof(ThreadVars));
636 memset(&f, 0, sizeof(Flow));
637 memset(&ssn, 0, sizeof(TcpSession));
638
639 p1 = UTHBuildPacketReal(client_hello, sizeof(client_hello), IPPROTO_TCP,
640 "192.168.1.5", "192.168.1.1", 51251, 443);
641 p2 = UTHBuildPacketReal(server_hello, sizeof(server_hello), IPPROTO_TCP,
642 "192.168.1.1", "192.168.1.5", 443, 51251);
643 p3 = UTHBuildPacketReal(certificate, sizeof(certificate), IPPROTO_TCP,
644 "192.168.1.1", "192.168.1.5", 443, 51251);
645
646 FLOW_INITIALIZE(&f);
647 f.flags |= FLOW_IPV4;
648 f.proto = IPPROTO_TCP;
649 f.protomap = FlowGetProtoMapping(f.proto);
650 f.alproto = ALPROTO_TLS;
651
652 p1->flow = &f;
653 p1->flags |= PKT_HAS_FLOW | PKT_STREAM_EST;
654 p1->flowflags |= FLOW_PKT_TOSERVER;
655 p1->flowflags |= FLOW_PKT_ESTABLISHED;
656 p1->pcap_cnt = 1;
657
658 p2->flow = &f;
659 p2->flags |= PKT_HAS_FLOW | PKT_STREAM_EST;
660 p2->flowflags |= FLOW_PKT_TOCLIENT;
661 p2->flowflags |= FLOW_PKT_ESTABLISHED;
662 p2->pcap_cnt = 2;
663
664 p3->flow = &f;
665 p3->flags |= PKT_HAS_FLOW | PKT_STREAM_EST;
666 p3->flowflags |= FLOW_PKT_TOCLIENT;
667 p3->flowflags |= FLOW_PKT_ESTABLISHED;
668 p3->pcap_cnt = 3;
669
670 StreamTcpInitConfig(true);
671
672 DetectEngineCtx *de_ctx = DetectEngineCtxInit();
673 FAIL_IF_NULL(de_ctx);
674
675 de_ctx->flags |= DE_QUIET;
676
677 Signature *s = DetectEngineAppendSig(de_ctx, "alert tls any any -> any any "
678 "(msg:\"Test tls_cert_notbefore\"; "
679 "tls_cert_notbefore:<2016-07-20; sid:1;)");
680 FAIL_IF_NULL(s);
681
682 s = DetectEngineAppendSig(de_ctx, "alert tls any any -> any any "
683 "(msg:\"Test tls_cert_notafter\"; "
684 "tls_cert_notafter:>2016-09-01; sid:2;)");
685 FAIL_IF_NULL(s);
686
687 SigGroupBuild(de_ctx);
688 DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
689
690 int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS,
691 STREAM_TOSERVER, client_hello,
692 sizeof(client_hello));
693
694 FAIL_IF(r != 0);
695
696 ssl_state = f.alstate;
697 FAIL_IF_NULL(ssl_state);
698
699 SigMatchSignatures(&tv, de_ctx, det_ctx, p1);
700
701 FAIL_IF(PacketAlertCheck(p1, 1));
702 FAIL_IF(PacketAlertCheck(p1, 2));
703
704 r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, STREAM_TOCLIENT,
705 server_hello, sizeof(server_hello));
706
707 FAIL_IF(r != 0);
708
709 SigMatchSignatures(&tv, de_ctx, det_ctx, p2);
710
711 FAIL_IF(PacketAlertCheck(p2, 1));
712 FAIL_IF(PacketAlertCheck(p2, 2));
713
714 r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, STREAM_TOCLIENT,
715 certificate, sizeof(certificate));
716
717 FAIL_IF(r != 0);
718
719 SigMatchSignatures(&tv, de_ctx, det_ctx, p3);
720
721 FAIL_IF_NOT(PacketAlertCheck(p3, 1));
722 FAIL_IF_NOT(PacketAlertCheck(p3, 2));
723
724 AppLayerParserThreadCtxFree(alp_tctx);
725 DetectEngineThreadCtxDeinit(&tv, det_ctx);
726 DetectEngineCtxFree(de_ctx);
727
728 StreamTcpFreeConfig(true);
729 FLOW_DESTROY(&f);
730 UTHFreePacket(p1);
731 UTHFreePacket(p2);
732 UTHFreePacket(p3);
733
734 PASS;
735}
736
737/**
738 * \test Test matching on an expired certificate.
739 *
740 * Traffic from expired.badssl.com
741 *
742 * \retval 1 on success.
743 * \retval 0 on failure.
744 */
745static int ExpiredTestDetect01(void)
746{
747 /* client hello */
748 uint8_t client_hello[] = {
749 0x16, 0x03, 0x03, 0x00, 0x5a, 0x01, 0x00, 0x00,
750 0x56, 0x03, 0x03, 0x62, 0x87, 0xa4, 0x11, 0x3e,
751 0x11, 0x32, 0x7d, 0xbc, 0x5b, 0x63, 0xb7, 0xaf,
752 0x55, 0x8d, 0x46, 0x5b, 0x8f, 0xac, 0x50, 0x02,
753 0x90, 0xe3, 0x55, 0x03, 0xfe, 0xad, 0xa6, 0x92,
754 0x56, 0x75, 0xf9, 0x00, 0x00, 0x08, 0x00, 0x35,
755 0x00, 0x2f, 0x00, 0x0a, 0x00, 0xff, 0x01, 0x00,
756 0x00, 0x25, 0x00, 0x00, 0x00, 0x17, 0x00, 0x15,
757 0x00, 0x00, 0x12, 0x65, 0x78, 0x70, 0x69, 0x72,
758 0x65, 0x64, 0x2e, 0x62, 0x61, 0x64, 0x73, 0x73,
759 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x00, 0x0d, 0x00,
760 0x06, 0x00, 0x04, 0x04, 0x01, 0x02, 0x01
761 };
762
763 /* server hello */
764 uint8_t server_hello[] = {
765 0x16, 0x03, 0x03, 0x00, 0x55, 0x02, 0x00, 0x00,
766 0x51, 0x03, 0x03, 0x22, 0xa1, 0xd8, 0xd0, 0x3c,
767 0x8d, 0x32, 0x7e, 0x4f, 0x60, 0x27, 0xf6, 0x0c,
768 0x99, 0x7a, 0x8e, 0x6e, 0x52, 0xa5, 0xf4, 0x20,
769 0x2e, 0xa1, 0xa4, 0x0b, 0xd5, 0x80, 0x9b, 0xec,
770 0xbd, 0x2c, 0x6c, 0x20, 0x7a, 0x9b, 0xcc, 0x6b,
771 0xbf, 0x3d, 0xfc, 0x7c, 0x31, 0x78, 0x65, 0x1e,
772 0xcc, 0x41, 0x0b, 0x8b, 0x3d, 0x4e, 0xde, 0x45,
773 0xe5, 0x20, 0xf5, 0xbd, 0x8e, 0x99, 0xce, 0xc2,
774 0xad, 0x88, 0x08, 0x27, 0x00, 0x2f, 0x00, 0x00,
775 0x09, 0x00, 0x00, 0x00, 0x00, 0xff, 0x01, 0x00,
776 0x01, 0x00
777 };
778
779 /* certificate */
780 uint8_t certificate[] = {
781 0x16, 0x03, 0x03, 0x05, 0x59, 0x0b, 0x00, 0x05,
782 0x55, 0x00, 0x05, 0x52, 0x00, 0x05, 0x4f, 0x30,
783 0x82, 0x05, 0x4b, 0x30, 0x82, 0x04, 0x33, 0xa0,
784 0x03, 0x02, 0x01, 0x02, 0x02, 0x10, 0x4a, 0xe7,
785 0x95, 0x49, 0xfa, 0x9a, 0xbe, 0x3f, 0x10, 0x0f,
786 0x17, 0xa4, 0x78, 0xe1, 0x69, 0x09, 0x30, 0x0d,
787 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
788 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x81, 0x90,
789 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04,
790 0x06, 0x13, 0x02, 0x47, 0x42, 0x31, 0x1b, 0x30,
791 0x19, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x12,
792 0x47, 0x72, 0x65, 0x61, 0x74, 0x65, 0x72, 0x20,
793 0x4d, 0x61, 0x6e, 0x63, 0x68, 0x65, 0x73, 0x74,
794 0x65, 0x72, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03,
795 0x55, 0x04, 0x07, 0x13, 0x07, 0x53, 0x61, 0x6c,
796 0x66, 0x6f, 0x72, 0x64, 0x31, 0x1a, 0x30, 0x18,
797 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x11, 0x43,
798 0x4f, 0x4d, 0x4f, 0x44, 0x4f, 0x20, 0x43, 0x41,
799 0x20, 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x65, 0x64,
800 0x31, 0x36, 0x30, 0x34, 0x06, 0x03, 0x55, 0x04,
801 0x03, 0x13, 0x2d, 0x43, 0x4f, 0x4d, 0x4f, 0x44,
802 0x4f, 0x20, 0x52, 0x53, 0x41, 0x20, 0x44, 0x6f,
803 0x6d, 0x61, 0x69, 0x6e, 0x20, 0x56, 0x61, 0x6c,
804 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20,
805 0x53, 0x65, 0x63, 0x75, 0x72, 0x65, 0x20, 0x53,
806 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x43, 0x41,
807 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x35, 0x30, 0x34,
808 0x30, 0x39, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30,
809 0x5a, 0x17, 0x0d, 0x31, 0x35, 0x30, 0x34, 0x31,
810 0x32, 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5a,
811 0x30, 0x59, 0x31, 0x21, 0x30, 0x1f, 0x06, 0x03,
812 0x55, 0x04, 0x0b, 0x13, 0x18, 0x44, 0x6f, 0x6d,
813 0x61, 0x69, 0x6e, 0x20, 0x43, 0x6f, 0x6e, 0x74,
814 0x72, 0x6f, 0x6c, 0x20, 0x56, 0x61, 0x6c, 0x69,
815 0x64, 0x61, 0x74, 0x65, 0x64, 0x31, 0x1d, 0x30,
816 0x1b, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x14,
817 0x50, 0x6f, 0x73, 0x69, 0x74, 0x69, 0x76, 0x65,
818 0x53, 0x53, 0x4c, 0x20, 0x57, 0x69, 0x6c, 0x64,
819 0x63, 0x61, 0x72, 0x64, 0x31, 0x15, 0x30, 0x13,
820 0x06, 0x03, 0x55, 0x04, 0x03, 0x14, 0x0c, 0x2a,
821 0x2e, 0x62, 0x61, 0x64, 0x73, 0x73, 0x6c, 0x2e,
822 0x63, 0x6f, 0x6d, 0x30, 0x82, 0x01, 0x22, 0x30,
823 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
824 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82,
825 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02,
826 0x82, 0x01, 0x01, 0x00, 0xc2, 0x04, 0xec, 0xf8,
827 0x8c, 0xee, 0x04, 0xc2, 0xb3, 0xd8, 0x50, 0xd5,
828 0x70, 0x58, 0xcc, 0x93, 0x18, 0xeb, 0x5c, 0xa8,
829 0x68, 0x49, 0xb0, 0x22, 0xb5, 0xf9, 0x95, 0x9e,
830 0xb1, 0x2b, 0x2c, 0x76, 0x3e, 0x6c, 0xc0, 0x4b,
831 0x60, 0x4c, 0x4c, 0xea, 0xb2, 0xb4, 0xc0, 0x0f,
832 0x80, 0xb6, 0xb0, 0xf9, 0x72, 0xc9, 0x86, 0x02,
833 0xf9, 0x5c, 0x41, 0x5d, 0x13, 0x2b, 0x7f, 0x71,
834 0xc4, 0x4b, 0xbc, 0xe9, 0x94, 0x2e, 0x50, 0x37,
835 0xa6, 0x67, 0x1c, 0x61, 0x8c, 0xf6, 0x41, 0x42,
836 0xc5, 0x46, 0xd3, 0x16, 0x87, 0x27, 0x9f, 0x74,
837 0xeb, 0x0a, 0x9d, 0x11, 0x52, 0x26, 0x21, 0x73,
838 0x6c, 0x84, 0x4c, 0x79, 0x55, 0xe4, 0xd1, 0x6b,
839 0xe8, 0x06, 0x3d, 0x48, 0x15, 0x52, 0xad, 0xb3,
840 0x28, 0xdb, 0xaa, 0xff, 0x6e, 0xff, 0x60, 0x95,
841 0x4a, 0x77, 0x6b, 0x39, 0xf1, 0x24, 0xd1, 0x31,
842 0xb6, 0xdd, 0x4d, 0xc0, 0xc4, 0xfc, 0x53, 0xb9,
843 0x6d, 0x42, 0xad, 0xb5, 0x7c, 0xfe, 0xae, 0xf5,
844 0x15, 0xd2, 0x33, 0x48, 0xe7, 0x22, 0x71, 0xc7,
845 0xc2, 0x14, 0x7a, 0x6c, 0x28, 0xea, 0x37, 0x4a,
846 0xdf, 0xea, 0x6c, 0xb5, 0x72, 0xb4, 0x7e, 0x5a,
847 0xa2, 0x16, 0xdc, 0x69, 0xb1, 0x57, 0x44, 0xdb,
848 0x0a, 0x12, 0xab, 0xde, 0xc3, 0x0f, 0x47, 0x74,
849 0x5c, 0x41, 0x22, 0xe1, 0x9a, 0xf9, 0x1b, 0x93,
850 0xe6, 0xad, 0x22, 0x06, 0x29, 0x2e, 0xb1, 0xba,
851 0x49, 0x1c, 0x0c, 0x27, 0x9e, 0xa3, 0xfb, 0x8b,
852 0xf7, 0x40, 0x72, 0x00, 0xac, 0x92, 0x08, 0xd9,
853 0x8c, 0x57, 0x84, 0x53, 0x81, 0x05, 0xcb, 0xe6,
854 0xfe, 0x6b, 0x54, 0x98, 0x40, 0x27, 0x85, 0xc7,
855 0x10, 0xbb, 0x73, 0x70, 0xef, 0x69, 0x18, 0x41,
856 0x07, 0x45, 0x55, 0x7c, 0xf9, 0x64, 0x3f, 0x3d,
857 0x2c, 0xc3, 0xa9, 0x7c, 0xeb, 0x93, 0x1a, 0x4c,
858 0x86, 0xd1, 0xca, 0x85, 0x02, 0x03, 0x01, 0x00,
859 0x01, 0xa3, 0x82, 0x01, 0xd5, 0x30, 0x82, 0x01,
860 0xd1, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23,
861 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x90, 0xaf,
862 0x6a, 0x3a, 0x94, 0x5a, 0x0b, 0xd8, 0x90, 0xea,
863 0x12, 0x56, 0x73, 0xdf, 0x43, 0xb4, 0x3a, 0x28,
864 0xda, 0xe7, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d,
865 0x0e, 0x04, 0x16, 0x04, 0x14, 0x9d, 0xee, 0xc1,
866 0x7b, 0x81, 0x0b, 0x3a, 0x47, 0x69, 0x71, 0x18,
867 0x7d, 0x11, 0x37, 0x93, 0xbc, 0xa5, 0x1b, 0x3f,
868 0xfb, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f,
869 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x05,
870 0xa0, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13,
871 0x01, 0x01, 0xff, 0x04, 0x02, 0x30, 0x00, 0x30,
872 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, 0x16,
873 0x30, 0x14, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05,
874 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06,
875 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x4f,
876 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x48, 0x30,
877 0x46, 0x30, 0x3a, 0x06, 0x0b, 0x2b, 0x06, 0x01,
878 0x04, 0x01, 0xb2, 0x31, 0x01, 0x02, 0x02, 0x07,
879 0x30, 0x2b, 0x30, 0x29, 0x06, 0x08, 0x2b, 0x06,
880 0x01, 0x05, 0x05, 0x07, 0x02, 0x01, 0x16, 0x1d,
881 0x68, 0x74, 0x74, 0x70, 0x73, 0x3a, 0x2f, 0x2f,
882 0x73, 0x65, 0x63, 0x75, 0x72, 0x65, 0x2e, 0x63,
883 0x6f, 0x6d, 0x6f, 0x64, 0x6f, 0x2e, 0x63, 0x6f,
884 0x6d, 0x2f, 0x43, 0x50, 0x53, 0x30, 0x08, 0x06,
885 0x06, 0x67, 0x81, 0x0c, 0x01, 0x02, 0x01, 0x30,
886 0x54, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x4d,
887 0x30, 0x4b, 0x30, 0x49, 0xa0, 0x47, 0xa0, 0x45,
888 0x86, 0x43, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f,
889 0x2f, 0x63, 0x72, 0x6c, 0x2e, 0x63, 0x6f, 0x6d,
890 0x6f, 0x64, 0x6f, 0x63, 0x61, 0x2e, 0x63, 0x6f,
891 0x6d, 0x2f, 0x43, 0x4f, 0x4d, 0x4f, 0x44, 0x4f,
892 0x52, 0x53, 0x41, 0x44, 0x6f, 0x6d, 0x61, 0x69,
893 0x6e, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74,
894 0x69, 0x6f, 0x6e, 0x53, 0x65, 0x63, 0x75, 0x72,
895 0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x43,
896 0x41, 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x81, 0x85,
897 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07,
898 0x01, 0x01, 0x04, 0x79, 0x30, 0x77, 0x30, 0x4f,
899 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07,
900 0x30, 0x02, 0x86, 0x43, 0x68, 0x74, 0x74, 0x70,
901 0x3a, 0x2f, 0x2f, 0x63, 0x72, 0x74, 0x2e, 0x63,
902 0x6f, 0x6d, 0x6f, 0x64, 0x6f, 0x63, 0x61, 0x2e,
903 0x63, 0x6f, 0x6d, 0x2f, 0x43, 0x4f, 0x4d, 0x4f,
904 0x44, 0x4f, 0x52, 0x53, 0x41, 0x44, 0x6f, 0x6d,
905 0x61, 0x69, 0x6e, 0x56, 0x61, 0x6c, 0x69, 0x64,
906 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x65, 0x63,
907 0x75, 0x72, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65,
908 0x72, 0x43, 0x41, 0x2e, 0x63, 0x72, 0x74, 0x30,
909 0x24, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05,
910 0x07, 0x30, 0x01, 0x86, 0x18, 0x68, 0x74, 0x74,
911 0x70, 0x3a, 0x2f, 0x2f, 0x6f, 0x63, 0x73, 0x70,
912 0x2e, 0x63, 0x6f, 0x6d, 0x6f, 0x64, 0x6f, 0x63,
913 0x61, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x23, 0x06,
914 0x03, 0x55, 0x1d, 0x11, 0x04, 0x1c, 0x30, 0x1a,
915 0x82, 0x0c, 0x2a, 0x2e, 0x62, 0x61, 0x64, 0x73,
916 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0a,
917 0x62, 0x61, 0x64, 0x73, 0x73, 0x6c, 0x2e, 0x63,
918 0x6f, 0x6d, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86,
919 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05,
920 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x6a, 0x7a,
921 0xf1, 0xda, 0xff, 0x03, 0x07, 0x72, 0x78, 0xc5,
922 0x66, 0xa1, 0x4f, 0x46, 0x43, 0x0e, 0x5f, 0x14,
923 0x21, 0x8c, 0x75, 0x1a, 0xeb, 0x36, 0xe0, 0x1f,
924 0xa4, 0x10, 0x15, 0xec, 0xda, 0x33, 0x25, 0x7c,
925 0x3b, 0xb5, 0x0a, 0xc7, 0x01, 0x38, 0x3d, 0x27,
926 0xfd, 0x58, 0xd9, 0xcc, 0xea, 0x2d, 0x69, 0x39,
927 0x7c, 0xbe, 0x97, 0xef, 0x0b, 0xd6, 0x0b, 0x58,
928 0xe7, 0x8c, 0x7f, 0xbf, 0xb3, 0x4c, 0x1d, 0xf3,
929 0xb7, 0x90, 0x80, 0xa6, 0x36, 0x7c, 0x14, 0x5b,
930 0xec, 0x07, 0x2d, 0x02, 0x3e, 0x1b, 0x5b, 0x63,
931 0x5b, 0x15, 0xab, 0x00, 0xfa, 0x1f, 0x3b, 0x19,
932 0x2d, 0xdf, 0xe2, 0x23, 0x10, 0x11, 0x07, 0x7e,
933 0x72, 0x7f, 0xe2, 0xbf, 0xb7, 0x00, 0x1b, 0x98,
934 0x2f, 0x2c, 0x3f, 0xce, 0x85, 0x9a, 0x27, 0x8c,
935 0x10, 0x22, 0x08, 0x41, 0x2b, 0x8a, 0x3e, 0x82,
936 0x4e, 0xfc, 0xdd, 0x21, 0xc6, 0x56, 0x74, 0x70,
937 0xa4, 0x34, 0xf2, 0xb1, 0x40, 0x9e, 0x2b, 0x58,
938 0xa2, 0x59, 0x0f, 0x1d, 0x48, 0xef, 0xeb, 0x11,
939 0x3e, 0xc1, 0x4a, 0x9e, 0xbc, 0x65, 0x55, 0x6d,
940 0xc6, 0xa3, 0xef, 0xd5, 0xd4, 0x96, 0xcd, 0xf1,
941 0xae, 0x27, 0xf7, 0xa4, 0x57, 0x14, 0x3c, 0x94,
942 0x41, 0x05, 0x7a, 0x8b, 0xa1, 0x37, 0x47, 0xd7,
943 0xf5, 0x7d, 0xdc, 0xfa, 0xce, 0x6f, 0x31, 0xa2,
944 0xb0, 0x8c, 0xea, 0xcc, 0x12, 0x9b, 0x22, 0xf1,
945 0x34, 0x70, 0xcf, 0x7d, 0x75, 0x4a, 0x8b, 0x68,
946 0x29, 0x0c, 0x1e, 0xe9, 0x96, 0xa8, 0xcf, 0xb0,
947 0x12, 0x1f, 0x5c, 0x2a, 0xee, 0x67, 0x2f, 0x7f,
948 0xbd, 0x73, 0xf3, 0x5a, 0x01, 0x22, 0x0c, 0x70,
949 0xfa, 0xcd, 0x45, 0xef, 0x78, 0x5c, 0xce, 0x0d,
950 0xfa, 0x4e, 0xe1, 0xef, 0xce, 0x65, 0x9f, 0x47,
951 0x0c, 0x4f, 0xbb, 0x36, 0x44, 0x68, 0x56, 0x5c,
952 0x56, 0x59, 0xad, 0xaa, 0x8a, 0xbc,
953 };
954
955 Flow f;
956 SSLState *ssl_state = NULL;
957 TcpSession ssn;
958 Packet *p1 = NULL;
959 Packet *p2 = NULL;
960 Packet *p3 = NULL;
961 ThreadVars tv;
962 DetectEngineThreadCtx *det_ctx = NULL;
963 AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc();
964
965 memset(&tv, 0, sizeof(ThreadVars));
966 memset(&f, 0, sizeof(Flow));
967 memset(&ssn, 0, sizeof(TcpSession));
968
969 p1 = UTHBuildPacketReal(client_hello, sizeof(client_hello), IPPROTO_TCP,
970 "192.168.1.5", "192.168.1.1", 51251, 443);
971 p2 = UTHBuildPacketReal(server_hello, sizeof(server_hello), IPPROTO_TCP,
972 "192.168.1.1", "192.168.1.5", 443, 51251);
973 p3 = UTHBuildPacketReal(certificate, sizeof(certificate), IPPROTO_TCP,
974 "192.168.1.1", "192.168.1.5", 443, 51251);
975
976 FLOW_INITIALIZE(&f);
977 f.flags |= FLOW_IPV4;
978 f.proto = IPPROTO_TCP;
979 f.protomap = FlowGetProtoMapping(f.proto);
980 f.alproto = ALPROTO_TLS;
981
982 p1->flow = &f;
983 p1->flags |= PKT_HAS_FLOW | PKT_STREAM_EST;
984 p1->flowflags |= FLOW_PKT_TOSERVER;
985 p1->flowflags |= FLOW_PKT_ESTABLISHED;
986 p1->pcap_cnt = 1;
987
988 p2->flow = &f;
989 p2->flags |= PKT_HAS_FLOW | PKT_STREAM_EST;
990 p2->flowflags |= FLOW_PKT_TOCLIENT;
991 p2->flowflags |= FLOW_PKT_ESTABLISHED;
992 p2->pcap_cnt = 2;
993
994 p3->flow = &f;
995 p3->flags |= PKT_HAS_FLOW | PKT_STREAM_EST;
996 p3->flowflags |= FLOW_PKT_TOCLIENT;
997 p3->flowflags |= FLOW_PKT_ESTABLISHED;
998 p3->pcap_cnt = 3;
999
1000 f.lastts = SCTIME_FROM_SECS(1474978656L); /* 2016-09-27 */
1001
1002 StreamTcpInitConfig(true);
1003
1004 DetectEngineCtx *de_ctx = DetectEngineCtxInit();
1005 FAIL_IF_NULL(de_ctx);
1006
1007 de_ctx->flags |= DE_QUIET;
1008
1009 Signature *s = DetectEngineAppendSig(de_ctx, "alert tls any any -> any any "
1010 "(msg:\"Test tls_cert_expired\"; "
1011 "tls_cert_expired; sid:1;)");
1012 FAIL_IF_NULL(s);
1013
1014 SigGroupBuild(de_ctx);
1015 DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
1016
1017 int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER,
1018 client_hello, sizeof(client_hello));
1019
1020 FAIL_IF(r != 0);
1021
1022 ssl_state = f.alstate;
1023 FAIL_IF_NULL(ssl_state);
1024
1025 SigMatchSignatures(&tv, de_ctx, det_ctx, p1);
1026
1027 FAIL_IF(PacketAlertCheck(p1, 1));
1028
1029 r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, STREAM_TOCLIENT,
1030 server_hello, sizeof(server_hello));
1031
1032 FAIL_IF(r != 0);
1033
1034 SigMatchSignatures(&tv, de_ctx, det_ctx, p2);
1035
1036 FAIL_IF(PacketAlertCheck(p2, 1));
1037
1038 r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, STREAM_TOCLIENT,
1039 certificate, sizeof(certificate));
1040
1041 FAIL_IF(r != 0);
1042
1043 SigMatchSignatures(&tv, de_ctx, det_ctx, p3);
1044
1045 FAIL_IF_NOT(PacketAlertCheck(p3, 1));
1046
1047 AppLayerParserThreadCtxFree(alp_tctx);
1048 DetectEngineThreadCtxDeinit(&tv, det_ctx);
1049 DetectEngineCtxFree(de_ctx);
1050
1051 StreamTcpFreeConfig(true);
1052 FLOW_DESTROY(&f);
1053 UTHFreePacket(p1);
1054 UTHFreePacket(p2);
1055 UTHFreePacket(p3);
1056
1057 PASS;
1058}
1059
1060/**
1061 * \test Test matching on a valid TLS certificate.
1062 *
1063 * \retval 1 on success.
1064 * \retval 0 on failure.
1065 */
1066static int ValidTestDetect01(void)
1067{
1068 /* client hello */
1069 uint8_t client_hello[] = {
1070 0x16, 0x03, 0x01, 0x00, 0xc8, 0x01, 0x00, 0x00,
1071 0xc4, 0x03, 0x03, 0xd6, 0x08, 0x5a, 0xa2, 0x86,
1072 0x5b, 0x85, 0xd4, 0x40, 0xab, 0xbe, 0xc0, 0xbc,
1073 0x41, 0xf2, 0x26, 0xf0, 0xfe, 0x21, 0xee, 0x8b,
1074 0x4c, 0x7e, 0x07, 0xc8, 0xec, 0xd2, 0x00, 0x46,
1075 0x4c, 0xeb, 0xb7, 0x00, 0x00, 0x16, 0xc0, 0x2b,
1076 0xc0, 0x2f, 0xc0, 0x0a, 0xc0, 0x09, 0xc0, 0x13,
1077 0xc0, 0x14, 0x00, 0x33, 0x00, 0x39, 0x00, 0x2f,
1078 0x00, 0x35, 0x00, 0x0a, 0x01, 0x00, 0x00, 0x85,
1079 0x00, 0x00, 0x00, 0x12, 0x00, 0x10, 0x00, 0x00,
1080 0x0d, 0x77, 0x77, 0x77, 0x2e, 0x67, 0x6f, 0x6f,
1081 0x67, 0x6c, 0x65, 0x2e, 0x6e, 0x6f, 0xff, 0x01,
1082 0x00, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x08, 0x00,
1083 0x06, 0x00, 0x17, 0x00, 0x18, 0x00, 0x19, 0x00,
1084 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x23, 0x00,
1085 0x00, 0x33, 0x74, 0x00, 0x00, 0x00, 0x10, 0x00,
1086 0x29, 0x00, 0x27, 0x05, 0x68, 0x32, 0x2d, 0x31,
1087 0x36, 0x05, 0x68, 0x32, 0x2d, 0x31, 0x35, 0x05,
1088 0x68, 0x32, 0x2d, 0x31, 0x34, 0x02, 0x68, 0x32,
1089 0x08, 0x73, 0x70, 0x64, 0x79, 0x2f, 0x33, 0x2e,
1090 0x31, 0x08, 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31,
1091 0x2e, 0x31, 0x00, 0x05, 0x00, 0x05, 0x01, 0x00,
1092 0x00, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x16, 0x00,
1093 0x14, 0x04, 0x01, 0x05, 0x01, 0x06, 0x01, 0x02,
1094 0x01, 0x04, 0x03, 0x05, 0x03, 0x06, 0x03, 0x02,
1095 0x03, 0x04, 0x02, 0x02, 0x02
1096 };
1097
1098 /* server hello */
1099 uint8_t server_hello[] = {
1100 0x16, 0x03, 0x03, 0x00, 0x48, 0x02, 0x00, 0x00,
1101 0x44, 0x03, 0x03, 0x57, 0x91, 0xb8, 0x63, 0xdd,
1102 0xdb, 0xbb, 0x23, 0xcf, 0x0b, 0x43, 0x02, 0x1d,
1103 0x46, 0x11, 0x27, 0x5c, 0x98, 0xcf, 0x67, 0xe1,
1104 0x94, 0x3d, 0x62, 0x7d, 0x38, 0x48, 0x21, 0x23,
1105 0xa5, 0x62, 0x31, 0x00, 0xc0, 0x2f, 0x00, 0x00,
1106 0x1c, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x00,
1107 0x00, 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x10,
1108 0x00, 0x05, 0x00, 0x03, 0x02, 0x68, 0x32, 0x00,
1109 0x0b, 0x00, 0x02, 0x01, 0x00
1110 };
1111
1112 /* certificate */
1113 uint8_t certificate[] = {
1114 0x16, 0x03, 0x03, 0x04, 0x93, 0x0b, 0x00, 0x04,
1115 0x8f, 0x00, 0x04, 0x8c, 0x00, 0x04, 0x89, 0x30,
1116 0x82, 0x04, 0x85, 0x30, 0x82, 0x03, 0x6d, 0xa0,
1117 0x03, 0x02, 0x01, 0x02, 0x02, 0x08, 0x5c, 0x19,
1118 0xb7, 0xb1, 0x32, 0x3b, 0x1c, 0xa1, 0x30, 0x0d,
1119 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
1120 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x49, 0x31,
1121 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06,
1122 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11,
1123 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0a, 0x47,
1124 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x20, 0x49, 0x6e,
1125 0x63, 0x31, 0x25, 0x30, 0x23, 0x06, 0x03, 0x55,
1126 0x04, 0x03, 0x13, 0x1c, 0x47, 0x6f, 0x6f, 0x67,
1127 0x6c, 0x65, 0x20, 0x49, 0x6e, 0x74, 0x65, 0x72,
1128 0x6e, 0x65, 0x74, 0x20, 0x41, 0x75, 0x74, 0x68,
1129 0x6f, 0x72, 0x69, 0x74, 0x79, 0x20, 0x47, 0x32,
1130 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x36, 0x30, 0x37,
1131 0x31, 0x33, 0x31, 0x33, 0x32, 0x34, 0x35, 0x32,
1132 0x5a, 0x17, 0x0d, 0x31, 0x36, 0x31, 0x30, 0x30,
1133 0x35, 0x31, 0x33, 0x31, 0x36, 0x30, 0x30, 0x5a,
1134 0x30, 0x65, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03,
1135 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31,
1136 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08,
1137 0x0c, 0x0a, 0x43, 0x61, 0x6c, 0x69, 0x66, 0x6f,
1138 0x72, 0x6e, 0x69, 0x61, 0x31, 0x16, 0x30, 0x14,
1139 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x0d, 0x4d,
1140 0x6f, 0x75, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x20,
1141 0x56, 0x69, 0x65, 0x77, 0x31, 0x13, 0x30, 0x11,
1142 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0a, 0x47,
1143 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x20, 0x49, 0x6e,
1144 0x63, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55,
1145 0x04, 0x03, 0x0c, 0x0b, 0x2a, 0x2e, 0x67, 0x6f,
1146 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x6e, 0x6f, 0x30,
1147 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a,
1148 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
1149 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30,
1150 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00,
1151 0xa5, 0x0a, 0xb9, 0xb1, 0xca, 0x36, 0xd1, 0xae,
1152 0x22, 0x38, 0x07, 0x06, 0xc9, 0x1a, 0x56, 0x4f,
1153 0xbb, 0xdf, 0xa8, 0x6d, 0xbd, 0xee, 0x76, 0x16,
1154 0xbc, 0x53, 0x3c, 0x03, 0x6a, 0x5c, 0x94, 0x50,
1155 0x87, 0x2f, 0x28, 0xb4, 0x4e, 0xd5, 0x9b, 0x8f,
1156 0xfe, 0x02, 0xde, 0x2a, 0x83, 0x01, 0xf9, 0x45,
1157 0x61, 0x0e, 0x66, 0x0e, 0x24, 0x22, 0xe2, 0x59,
1158 0x66, 0x0d, 0xd3, 0xe9, 0x77, 0x8a, 0x7e, 0x42,
1159 0xaa, 0x5a, 0xf9, 0x05, 0xbf, 0x30, 0xc7, 0x03,
1160 0x2b, 0xdc, 0xa6, 0x9c, 0xe0, 0x9f, 0x0d, 0xf1,
1161 0x28, 0x19, 0xf8, 0xf2, 0x02, 0xfa, 0xbd, 0x62,
1162 0xa0, 0xf3, 0x02, 0x2b, 0xcd, 0xf7, 0x09, 0x04,
1163 0x3b, 0x52, 0xd8, 0x65, 0x4b, 0x4a, 0x70, 0xe4,
1164 0x57, 0xc9, 0x2e, 0x2a, 0xf6, 0x9c, 0x6e, 0xd8,
1165 0xde, 0x01, 0x52, 0xc9, 0x6f, 0xe9, 0xef, 0x82,
1166 0xbc, 0x0b, 0x95, 0xb2, 0xef, 0xcb, 0x91, 0xa6,
1167 0x0b, 0x2d, 0x14, 0xc6, 0x00, 0xa9, 0x33, 0x86,
1168 0x64, 0x00, 0xd4, 0x92, 0x19, 0x53, 0x3d, 0xfd,
1169 0xcd, 0xc6, 0x1a, 0xf2, 0x0e, 0x67, 0xc2, 0x1d,
1170 0x2c, 0xe0, 0xe8, 0x29, 0x97, 0x1c, 0xb6, 0xc4,
1171 0xb2, 0x02, 0x0c, 0x83, 0xb8, 0x60, 0x61, 0xf5,
1172 0x61, 0x2d, 0x73, 0x5e, 0x85, 0x4d, 0xbd, 0x0d,
1173 0xe7, 0x1a, 0x37, 0x56, 0x8d, 0xe5, 0x50, 0x0c,
1174 0xc9, 0x64, 0x4c, 0x11, 0xea, 0xf3, 0xcb, 0x26,
1175 0x34, 0xbd, 0x02, 0xf5, 0xc1, 0xfb, 0xa2, 0xec,
1176 0x27, 0xbb, 0x60, 0xbe, 0x0b, 0xf6, 0xe7, 0x3c,
1177 0x2d, 0xc9, 0xe7, 0xb0, 0x30, 0x28, 0x17, 0x3d,
1178 0x90, 0xf1, 0x63, 0x8e, 0x49, 0xf7, 0x15, 0x78,
1179 0x21, 0xcc, 0x45, 0xe6, 0x86, 0xb2, 0xd8, 0xb0,
1180 0x2e, 0x5a, 0xb0, 0x58, 0xd3, 0xb6, 0x11, 0x40,
1181 0xae, 0x81, 0x1f, 0x6b, 0x7a, 0xaf, 0x40, 0x50,
1182 0xf9, 0x2e, 0x81, 0x8b, 0xec, 0x26, 0x11, 0x3f,
1183 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01,
1184 0x53, 0x30, 0x82, 0x01, 0x4f, 0x30, 0x1d, 0x06,
1185 0x03, 0x55, 0x1d, 0x25, 0x04, 0x16, 0x30, 0x14,
1186 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07,
1187 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05,
1188 0x05, 0x07, 0x03, 0x02, 0x30, 0x21, 0x06, 0x03,
1189 0x55, 0x1d, 0x11, 0x04, 0x1a, 0x30, 0x18, 0x82,
1190 0x0b, 0x2a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
1191 0x65, 0x2e, 0x6e, 0x6f, 0x82, 0x09, 0x67, 0x6f,
1192 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x6e, 0x6f, 0x30,
1193 0x68, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05,
1194 0x07, 0x01, 0x01, 0x04, 0x5c, 0x30, 0x5a, 0x30,
1195 0x2b, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05,
1196 0x07, 0x30, 0x02, 0x86, 0x1f, 0x68, 0x74, 0x74,
1197 0x70, 0x3a, 0x2f, 0x2f, 0x70, 0x6b, 0x69, 0x2e,
1198 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63,
1199 0x6f, 0x6d, 0x2f, 0x47, 0x49, 0x41, 0x47, 0x32,
1200 0x2e, 0x63, 0x72, 0x74, 0x30, 0x2b, 0x06, 0x08,
1201 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01,
1202 0x86, 0x1f, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f,
1203 0x2f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x73,
1204 0x31, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
1205 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x63, 0x73,
1206 0x70, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e,
1207 0x04, 0x16, 0x04, 0x14, 0xc6, 0x53, 0x87, 0x42,
1208 0x2d, 0xc8, 0xee, 0x7a, 0x62, 0x1e, 0x83, 0xdb,
1209 0x0d, 0xe2, 0x32, 0xeb, 0x8b, 0xaf, 0x69, 0x40,
1210 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01,
1211 0x01, 0xff, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1f,
1212 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30,
1213 0x16, 0x80, 0x14, 0x4a, 0xdd, 0x06, 0x16, 0x1b,
1214 0xbc, 0xf6, 0x68, 0xb5, 0x76, 0xf5, 0x81, 0xb6,
1215 0xbb, 0x62, 0x1a, 0xba, 0x5a, 0x81, 0x2f, 0x30,
1216 0x21, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x1a,
1217 0x30, 0x18, 0x30, 0x0c, 0x06, 0x0a, 0x2b, 0x06,
1218 0x01, 0x04, 0x01, 0xd6, 0x79, 0x02, 0x05, 0x01,
1219 0x30, 0x08, 0x06, 0x06, 0x67, 0x81, 0x0c, 0x01,
1220 0x02, 0x02, 0x30, 0x30, 0x06, 0x03, 0x55, 0x1d,
1221 0x1f, 0x04, 0x29, 0x30, 0x27, 0x30, 0x25, 0xa0,
1222 0x23, 0xa0, 0x21, 0x86, 0x1f, 0x68, 0x74, 0x74,
1223 0x70, 0x3a, 0x2f, 0x2f, 0x70, 0x6b, 0x69, 0x2e,
1224 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63,
1225 0x6f, 0x6d, 0x2f, 0x47, 0x49, 0x41, 0x47, 0x32,
1226 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x0d, 0x06, 0x09,
1227 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
1228 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00,
1229 0x7b, 0x27, 0x00, 0x46, 0x8f, 0xfd, 0x5b, 0xff,
1230 0xcb, 0x05, 0x9b, 0xf7, 0xf1, 0x68, 0xf6, 0x9a,
1231 0x7b, 0xba, 0x53, 0xdf, 0x63, 0xed, 0x11, 0x94,
1232 0x39, 0xf2, 0xd0, 0x20, 0xcd, 0xa3, 0xc4, 0x98,
1233 0xa5, 0x10, 0x74, 0xe7, 0x10, 0x6d, 0x07, 0xf8,
1234 0x33, 0x87, 0x05, 0x43, 0x0e, 0x64, 0x77, 0x09,
1235 0x18, 0x4f, 0x38, 0x2e, 0x45, 0xae, 0xa8, 0x34,
1236 0x3a, 0xa8, 0x33, 0xac, 0x9d, 0xdd, 0x25, 0x91,
1237 0x59, 0x43, 0xbe, 0x0f, 0x87, 0x16, 0x2f, 0xb5,
1238 0x27, 0xfd, 0xce, 0x2f, 0x35, 0x5d, 0x12, 0xa1,
1239 0x66, 0xac, 0xf7, 0x95, 0x38, 0x0f, 0xe5, 0xb1,
1240 0x18, 0x18, 0xe6, 0x80, 0x52, 0x31, 0x8a, 0x66,
1241 0x02, 0x52, 0x1a, 0xa4, 0x32, 0x6a, 0x61, 0x05,
1242 0xcf, 0x1d, 0xf9, 0x90, 0x73, 0xf0, 0xeb, 0x20,
1243 0x31, 0x7b, 0x2e, 0xc0, 0xb0, 0xfb, 0x5c, 0xcc,
1244 0xdc, 0x76, 0x55, 0x72, 0xaf, 0xb1, 0x05, 0xf4,
1245 0xad, 0xf9, 0xd7, 0x73, 0x5c, 0x2c, 0xbf, 0x0d,
1246 0x84, 0x18, 0x01, 0x1d, 0x4d, 0x08, 0xa9, 0x4e,
1247 0x37, 0xb7, 0x58, 0xc4, 0x05, 0x0e, 0x65, 0x63,
1248 0xd2, 0x88, 0x02, 0xf5, 0x82, 0x17, 0x08, 0xd5,
1249 0x8f, 0x80, 0xc7, 0x82, 0x29, 0xbb, 0xe1, 0x04,
1250 0xbe, 0xf6, 0xe1, 0x8c, 0xbc, 0x3a, 0xf8, 0xf9,
1251 0x56, 0xda, 0xdc, 0x8e, 0xc6, 0xe6, 0x63, 0x98,
1252 0x12, 0x08, 0x41, 0x2c, 0x9d, 0x7c, 0x82, 0x0d,
1253 0x1e, 0xea, 0xba, 0xde, 0x32, 0x09, 0xda, 0x52,
1254 0x24, 0x4f, 0xcc, 0xb6, 0x09, 0x33, 0x8b, 0x00,
1255 0xf9, 0x83, 0xb3, 0xc6, 0xa4, 0x90, 0x49, 0x83,
1256 0x2d, 0x36, 0xd9, 0x11, 0x78, 0xd0, 0x62, 0x9f,
1257 0xc4, 0x8f, 0x84, 0xba, 0x7f, 0xaa, 0x04, 0xf1,
1258 0xd9, 0xa4, 0xad, 0x5d, 0x63, 0xee, 0x72, 0xc6,
1259 0x4d, 0xd1, 0x4b, 0x41, 0x8f, 0x40, 0x0f, 0x7d,
1260 0xcd, 0xb8, 0x2e, 0x5b, 0x6e, 0x21, 0xc9, 0x3d
1261 };
1262
1263 Flow f;
1264 SSLState *ssl_state = NULL;
1265 TcpSession ssn;
1266 Packet *p1 = NULL;
1267 Packet *p2 = NULL;
1268 Packet *p3 = NULL;
1269 ThreadVars tv;
1270 DetectEngineThreadCtx *det_ctx = NULL;
1271 AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc();
1272
1273 memset(&tv, 0, sizeof(ThreadVars));
1274 memset(&f, 0, sizeof(Flow));
1275 memset(&ssn, 0, sizeof(TcpSession));
1276
1277 p1 = UTHBuildPacketReal(client_hello, sizeof(client_hello), IPPROTO_TCP,
1278 "192.168.1.5", "192.168.1.1", 51251, 443);
1279 p2 = UTHBuildPacketReal(server_hello, sizeof(server_hello), IPPROTO_TCP,
1280 "192.168.1.1", "192.168.1.5", 443, 51251);
1281 p3 = UTHBuildPacketReal(certificate, sizeof(certificate), IPPROTO_TCP,
1282 "192.168.1.1", "192.168.1.5", 443, 51251);
1283
1284 FLOW_INITIALIZE(&f);
1285 f.flags |= FLOW_IPV4;
1286 f.proto = IPPROTO_TCP;
1287 f.protomap = FlowGetProtoMapping(f.proto);
1288 f.alproto = ALPROTO_TLS;
1289
1290 p1->flow = &f;
1291 p1->flags |= PKT_HAS_FLOW | PKT_STREAM_EST;
1292 p1->flowflags |= FLOW_PKT_TOSERVER;
1293 p1->flowflags |= FLOW_PKT_ESTABLISHED;
1294 p1->pcap_cnt = 1;
1295
1296 p2->flow = &f;
1297 p2->flags |= PKT_HAS_FLOW | PKT_STREAM_EST;
1298 p2->flowflags |= FLOW_PKT_TOCLIENT;
1299 p2->flowflags |= FLOW_PKT_ESTABLISHED;
1300 p2->pcap_cnt = 2;
1301
1302 p3->flow = &f;
1303 p3->flags |= PKT_HAS_FLOW | PKT_STREAM_EST;
1304 p3->flowflags |= FLOW_PKT_TOCLIENT;
1305 p3->flowflags |= FLOW_PKT_ESTABLISHED;
1306 p3->pcap_cnt = 3;
1307
1308 f.lastts = SCTIME_FROM_SECS(1474978656L); /* 2016-09-27 */
1309
1310 StreamTcpInitConfig(true);
1311
1312 DetectEngineCtx *de_ctx = DetectEngineCtxInit();
1313 FAIL_IF_NULL(de_ctx);
1314
1315 de_ctx->flags |= DE_QUIET;
1316
1317 Signature *s = DetectEngineAppendSig(de_ctx, "alert tls any any -> any any "
1318 "(msg:\"Test tls_cert_valid\"; "
1319 "tls_cert_valid; sid:1;)");
1320 FAIL_IF_NULL(s);
1321
1322 SigGroupBuild(de_ctx);
1323 DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
1324
1325 int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER,
1326 client_hello, sizeof(client_hello));
1327
1328 FAIL_IF(r != 0);
1329
1330 ssl_state = f.alstate;
1331 FAIL_IF_NULL(ssl_state);
1332
1333 SigMatchSignatures(&tv, de_ctx, det_ctx, p1);
1334
1335 FAIL_IF(PacketAlertCheck(p1, 1));
1336
1337 r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, STREAM_TOCLIENT,
1338 server_hello, sizeof(server_hello));
1339
1340 FAIL_IF(r != 0);
1341
1342 SigMatchSignatures(&tv, de_ctx, det_ctx, p2);
1343
1344 FAIL_IF(PacketAlertCheck(p2, 1));
1345
1346 r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, STREAM_TOCLIENT,
1347 certificate, sizeof(certificate));
1348
1349 FAIL_IF(r != 0);
1350
1351 SigMatchSignatures(&tv, de_ctx, det_ctx, p3);
1352
1353 FAIL_IF_NOT(PacketAlertCheck(p3, 1));
1354
1355 AppLayerParserThreadCtxFree(alp_tctx);
1356 DetectEngineThreadCtxDeinit(&tv, det_ctx);
1357 DetectEngineCtxFree(de_ctx);
1358
1359 StreamTcpFreeConfig(true);
1360 FLOW_DESTROY(&f);
1361 UTHFreePacket(p1);
1362 UTHFreePacket(p2);
1363 UTHFreePacket(p3);
1364
1365 PASS;
1366}
1367
1368/**
1369 * \brief Register unit tests for tls_cert_notbefore.
1370 */
1371void TlsNotBeforeRegisterTests(void)
1372{
1373 UtRegisterTest("ValidityTestParse01", ValidityTestParse01);
1374 UtRegisterTest("ValidityTestParse03", ValidityTestParse03);
1375 UtRegisterTest("ValidityTestParse05", ValidityTestParse05);
1376 UtRegisterTest("ValidityTestParse07", ValidityTestParse07);
1377 UtRegisterTest("ValidityTestParse09", ValidityTestParse09);
1378 UtRegisterTest("ValidityTestParse11", ValidityTestParse11);
1379 UtRegisterTest("ValidityTestParse13", ValidityTestParse13);
1380 UtRegisterTest("ValidityTestParse15", ValidityTestParse15);
1381 UtRegisterTest("ValidityTestParse17", ValidityTestParse17);
1382 UtRegisterTest("ValidityTestParse19", ValidityTestParse19);
1383 UtRegisterTest("ValidityTestParse21", ValidityTestParse21);
1384 UtRegisterTest("ValidityTestParse23", ValidityTestParse23);
1385 UtRegisterTest("ValidityTestParse24", ValidityTestParse24);
1386 UtRegisterTest("ValidityTestParse25", ValidityTestParse25);
1387 UtRegisterTest("ValidityTestDetect01", ValidityTestDetect01);
1388}
1389
1390/**
1391 * \brief Register unit tests for tls_cert_notafter.
1392 */
1393void TlsNotAfterRegisterTests(void)
1394{
1395 UtRegisterTest("ValidityTestParse02", ValidityTestParse02);
1396 UtRegisterTest("ValidityTestParse04", ValidityTestParse04);
1397 UtRegisterTest("ValidityTestParse06", ValidityTestParse06);
1398 UtRegisterTest("ValidityTestParse08", ValidityTestParse08);
1399 UtRegisterTest("ValidityTestParse10", ValidityTestParse10);
1400 UtRegisterTest("ValidityTestParse12", ValidityTestParse12);
1401 UtRegisterTest("ValidityTestParse14", ValidityTestParse14);
1402 UtRegisterTest("ValidityTestParse16", ValidityTestParse16);
1403 UtRegisterTest("ValidityTestParse18", ValidityTestParse18);
1404 UtRegisterTest("ValidityTestParse20", ValidityTestParse20);
1405 UtRegisterTest("ValidityTestParse22", ValidityTestParse22);
1406}
1407
1408/**
1409 * \brief Register unit tests for tls_cert_expired
1410 */
1411void TlsExpiredRegisterTests(void)
1412{
1413 UtRegisterTest("ExpiredTestDetect01", ExpiredTestDetect01);
1414}
1415
1416/**
1417 * \brief Register unit tests for tls_cert_valid
1418 */
1419void TlsValidRegisterTests(void)
1420{
1421 UtRegisterTest("ValidTestDetect01", ValidTestDetect01);
1422}
AppLayerParserThreadCtxAlloc
AppLayerParserThreadCtx * AppLayerParserThreadCtxAlloc(void)
Gets a new app layer protocol's parser thread context.
Definition app-layer-parser.c:297
AppLayerParserThreadCtxFree
void AppLayerParserThreadCtxFree(AppLayerParserThreadCtx *tctx)
Destroys the app layer parser thread context obtained using AppLayerParserThreadCtxAlloc().
Definition app-layer-parser.c:324
AppLayerParserParse
int AppLayerParserParse(ThreadVars *tv, AppLayerParserThreadCtx *alp_tctx, Flow *f, AppProto alproto, uint8_t flags, const uint8_t *input, uint32_t input_len)
Definition app-layer-parser.c:1291
ALPROTO_TLS
@ ALPROTO_TLS
Definition app-layer-protos.h:39
PKT_HAS_FLOW
#define PKT_HAS_FLOW
Definition decode.h:1266
PKT_STREAM_EST
#define PKT_STREAM_EST
Definition decode.h:1262
PacketAlertCheck
int PacketAlertCheck(Packet *p, uint32_t sid)
Check if a certain sid alerted, this is used in the test functions.
Definition detect-engine-alert.c:142
SigGroupBuild
int SigGroupBuild(DetectEngineCtx *de_ctx)
Convert the signature list into the runtime match structure.
Definition detect-engine-build.c:2204
DetectEngineCtxInit
DetectEngineCtx * DetectEngineCtxInit(void)
Definition detect-engine.c:2602
DetectEngineCtxFree
void DetectEngineCtxFree(DetectEngineCtx *)
Free a DetectEngineCtx::
Definition detect-engine.c:2641
DetectEngineAppendSig
Signature * DetectEngineAppendSig(DetectEngineCtx *, const char *)
Parse and append a Signature into the Detection Engine Context signature list.
Definition detect-parse.c:3437
DetectEngineThreadCtxInit
TmEcode DetectEngineThreadCtxInit(ThreadVars *tv, void *initdata, void **data)
initialize thread specific detection engine context
Definition detect-engine.c:3372
DetectEngineThreadCtxDeinit
TmEcode DetectEngineThreadCtxDeinit(ThreadVars *tv, void *data)
Definition detect-engine.c:3608
DETECT_TLS_VALIDITY_EQ
#define DETECT_TLS_VALIDITY_EQ
Definition detect-tls-cert-validity.h:27
DETECT_TLS_VALIDITY_GT
#define DETECT_TLS_VALIDITY_GT
Definition detect-tls-cert-validity.h:29
DETECT_TLS_VALIDITY_LT
#define DETECT_TLS_VALIDITY_LT
Definition detect-tls-cert-validity.h:28
DETECT_TLS_VALIDITY_RA
#define DETECT_TLS_VALIDITY_RA
Definition detect-tls-cert-validity.h:30
SigMatchSignatures
void SigMatchSignatures(ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, Packet *p)
wrapper for old tests
Definition detect.c:2420
DE_QUIET
#define DE_QUIET
Definition detect.h:330
FlowGetProtoMapping
uint8_t FlowGetProtoMapping(uint8_t proto)
Function to map the protocol to the defined FLOW_PROTO_* enumeration.
Definition flow-util.c:99
FLOW_INITIALIZE
#define FLOW_INITIALIZE(f)
Definition flow-util.h:38
FLOW_DESTROY
#define FLOW_DESTROY(f)
Definition flow-util.h:119
FLOW_PKT_TOSERVER
#define FLOW_PKT_TOSERVER
Definition flow.h:233
FLOW_PKT_ESTABLISHED
#define FLOW_PKT_ESTABLISHED
Definition flow.h:235
FLOW_IPV4
#define FLOW_IPV4
Definition flow.h:100
FLOW_PKT_TOCLIENT
#define FLOW_PKT_TOCLIENT
Definition flow.h:234
alp_tctx
AppLayerParserThreadCtx * alp_tctx
Definition fuzz_applayerparserparse.c:23
tv
ThreadVars * tv
Definition fuzz_decodepcapfile.c:32
de_ctx
DetectEngineCtx * de_ctx
Definition fuzz_siginit.c:18
FAIL_IF_NULL
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
Definition util-unittest.h:89
UtRegisterTest
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
Definition util-unittest.c:103
FAIL_IF_NOT
#define FAIL_IF_NOT(expr)
Fail a test if expression evaluates to false.
Definition util-unittest.h:82
PASS
#define PASS
Pass the test.
Definition util-unittest.h:105
FAIL_IF
#define FAIL_IF(expr)
Fail a test if expression evaluates to true.
Definition util-unittest.h:71
FAIL_IF_NOT_NULL
#define FAIL_IF_NOT_NULL(expr)
Fail a test if expression evaluates to non-NULL.
Definition util-unittest.h:96
StreamTcpFreeConfig
void StreamTcpFreeConfig(bool quiet)
Definition stream-tcp.c:859
StreamTcpInitConfig
void StreamTcpInitConfig(bool)
To initialize the stream global configuration data.
Definition stream-tcp.c:488
AppLayerParserThreadCtx_
Definition app-layer-parser.c:60
DetectEngineCtx_
main detection engine ctx
Definition detect.h:932
DetectEngineCtx_::flags
uint8_t flags
Definition detect.h:934
DetectEngineThreadCtx_
Definition detect.h:1244
DetectTlsValidityData_
Definition detect-tls-cert-validity.h:41
DetectTlsValidityData_::mode
uint8_t mode
Definition detect-tls-cert-validity.h:44
DetectTlsValidityData_::epoch
time_t epoch
Definition detect-tls-cert-validity.h:42
DetectTlsValidityData_::epoch2
time_t epoch2
Definition detect-tls-cert-validity.h:43
Flow_
Flow data structure.
Definition flow.h:356
Flow_::proto
uint8_t proto
Definition flow.h:378
Flow_::flags
uint32_t flags
Definition flow.h:421
Flow_::alproto
AppProto alproto
application level protocol
Definition flow.h:450
Flow_::alstate
void * alstate
Definition flow.h:479
Flow_::lastts
SCTime_t lastts
Definition flow.h:410
Flow_::protomap
uint8_t protomap
Definition flow.h:445
Packet_
Definition decode.h:501
Packet_::flowflags
uint8_t flowflags
Definition decode.h:532
Packet_::pcap_cnt
uint64_t pcap_cnt
Definition decode.h:626
Packet_::flow
struct Flow_ * flow
Definition decode.h:546
Packet_::flags
uint32_t flags
Definition decode.h:544
SSLState_
SSLv[2.0|3.[0|1|2|3]] state structure.
Definition app-layer-ssl.h:227
Signature_
Signature container.
Definition detect.h:668
TcpSession_
Definition stream-tcp-private.h:283
ThreadVars_
Per thread variable structure.
Definition threadvars.h:58
SCTIME_FROM_SECS
#define SCTIME_FROM_SECS(s)
Definition util-time.h:69
UTHBuildPacketReal
Packet * UTHBuildPacketReal(uint8_t *payload, uint16_t payload_len, uint8_t ipproto, const char *src, const char *dst, uint16_t sport, uint16_t dport)
UTHBuildPacketReal is a function that create tcp/udp packets for unittests specifying ip and port sou...
Definition util-unittest-helper.c:260
UTHFreePacket
void UTHFreePacket(Packet *p)
UTHFreePacket: function to release the allocated data from UTHBuildPacket and the packet itself.
Definition util-unittest-helper.c:473