suricata
detect-tls-certs.c
Go to the documentation of this file.
1/* Copyright (C) 2019 Open Information Security Foundation
2 *
3 * You can copy, redistribute or modify this Program under the terms of
4 * the GNU General Public License version 2 as published by the Free
5 * Software Foundation.
6 *
7 * This program is distributed in the hope that it will be useful,
8 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 * GNU General Public License for more details.
11 *
12 * You should have received a copy of the GNU General Public License
13 * version 2 along with this program; if not, write to the Free Software
14 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15 * 02110-1301, USA.
16 */
17
18/**
19 * \file
20 *
21 * \author Mats Klepsland <mats.klepsland@gmail.com>
22 *
23 */
24
25#include "detect-engine-build.h"
26#include "detect-engine-alert.h"
27#include "app-layer-parser.h"
28
29/**
30 * \test Test that a signature containing tls.certs is correctly parsed
31 * and that the keyword is registered.
32 */
33static int DetectTlsCertsTest01(void)
34{
35 DetectEngineCtx *de_ctx = DetectEngineCtxInit();
36 FAIL_IF_NULL(de_ctx);
37 de_ctx->flags |= DE_QUIET;
38 Signature *s = DetectEngineAppendSig(de_ctx, "alert tls any any -> any any "
39 "(msg:\"Testing tls.certs\"; tls.certs; "
40 "content:\"|01 02 03 04 05|\"; sid:1;)");
41 FAIL_IF_NULL(de_ctx->sig_list);
42
43 /* sm should not be in the MATCH list */
44 SigMatch *sm = s->init_data->smlists[DETECT_SM_LIST_MATCH];
45 FAIL_IF_NOT_NULL(sm);
46
47 sm = DetectBufferGetFirstSigMatch(s, g_tls_certs_buffer_id);
48 FAIL_IF_NULL(sm);
49
50 FAIL_IF(sm->type != DETECT_CONTENT);
51 FAIL_IF_NOT_NULL(sm->next);
52
53 DetectEngineCtxFree(de_ctx);
54 PASS;
55}
56
57/**
58 * \test Test matching on bytes in a certificate
59 */
60static int DetectTlsCertsTest02(void)
61{
62 /* client hello */
63 uint8_t client_hello[] = {
64 0x16, 0x03, 0x01, 0x00, 0xc8, 0x01, 0x00, 0x00,
65 0xc4, 0x03, 0x03, 0xd6, 0x08, 0x5a, 0xa2, 0x86,
66 0x5b, 0x85, 0xd4, 0x40, 0xab, 0xbe, 0xc0, 0xbc,
67 0x41, 0xf2, 0x26, 0xf0, 0xfe, 0x21, 0xee, 0x8b,
68 0x4c, 0x7e, 0x07, 0xc8, 0xec, 0xd2, 0x00, 0x46,
69 0x4c, 0xeb, 0xb7, 0x00, 0x00, 0x16, 0xc0, 0x2b,
70 0xc0, 0x2f, 0xc0, 0x0a, 0xc0, 0x09, 0xc0, 0x13,
71 0xc0, 0x14, 0x00, 0x33, 0x00, 0x39, 0x00, 0x2f,
72 0x00, 0x35, 0x00, 0x0a, 0x01, 0x00, 0x00, 0x85,
73 0x00, 0x00, 0x00, 0x12, 0x00, 0x10, 0x00, 0x00,
74 0x0d, 0x77, 0x77, 0x77, 0x2e, 0x67, 0x6f, 0x6f,
75 0x67, 0x6c, 0x65, 0x2e, 0x6e, 0x6f, 0xff, 0x01,
76 0x00, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x08, 0x00,
77 0x06, 0x00, 0x17, 0x00, 0x18, 0x00, 0x19, 0x00,
78 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x23, 0x00,
79 0x00, 0x33, 0x74, 0x00, 0x00, 0x00, 0x10, 0x00,
80 0x29, 0x00, 0x27, 0x05, 0x68, 0x32, 0x2d, 0x31,
81 0x36, 0x05, 0x68, 0x32, 0x2d, 0x31, 0x35, 0x05,
82 0x68, 0x32, 0x2d, 0x31, 0x34, 0x02, 0x68, 0x32,
83 0x08, 0x73, 0x70, 0x64, 0x79, 0x2f, 0x33, 0x2e,
84 0x31, 0x08, 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31,
85 0x2e, 0x31, 0x00, 0x05, 0x00, 0x05, 0x01, 0x00,
86 0x00, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x16, 0x00,
87 0x14, 0x04, 0x01, 0x05, 0x01, 0x06, 0x01, 0x02,
88 0x01, 0x04, 0x03, 0x05, 0x03, 0x06, 0x03, 0x02,
89 0x03, 0x04, 0x02, 0x02, 0x02
90 };
91
92 /* server hello */
93 uint8_t server_hello[] = {
94 0x16, 0x03, 0x03, 0x00, 0x48, 0x02, 0x00, 0x00,
95 0x44, 0x03, 0x03, 0x57, 0x91, 0xb8, 0x63, 0xdd,
96 0xdb, 0xbb, 0x23, 0xcf, 0x0b, 0x43, 0x02, 0x1d,
97 0x46, 0x11, 0x27, 0x5c, 0x98, 0xcf, 0x67, 0xe1,
98 0x94, 0x3d, 0x62, 0x7d, 0x38, 0x48, 0x21, 0x23,
99 0xa5, 0x62, 0x31, 0x00, 0xc0, 0x2f, 0x00, 0x00,
100 0x1c, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x00,
101 0x00, 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x10,
102 0x00, 0x05, 0x00, 0x03, 0x02, 0x68, 0x32, 0x00,
103 0x0b, 0x00, 0x02, 0x01, 0x00
104 };
105
106 /* certificate */
107 uint8_t certificate[] = {
108 0x16, 0x03, 0x03, 0x04, 0x93, 0x0b, 0x00, 0x04,
109 0x8f, 0x00, 0x04, 0x8c, 0x00, 0x04, 0x89, 0x30,
110 0x82, 0x04, 0x85, 0x30, 0x82, 0x03, 0x6d, 0xa0,
111 0x03, 0x02, 0x01, 0x02, 0x02, 0x08, 0x5c, 0x19,
112 0xb7, 0xb1, 0x32, 0x3b, 0x1c, 0xa1, 0x30, 0x0d,
113 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
114 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x49, 0x31,
115 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06,
116 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11,
117 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0a, 0x47,
118 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x20, 0x49, 0x6e,
119 0x63, 0x31, 0x25, 0x30, 0x23, 0x06, 0x03, 0x55,
120 0x04, 0x03, 0x13, 0x1c, 0x47, 0x6f, 0x6f, 0x67,
121 0x6c, 0x65, 0x20, 0x49, 0x6e, 0x74, 0x65, 0x72,
122 0x6e, 0x65, 0x74, 0x20, 0x41, 0x75, 0x74, 0x68,
123 0x6f, 0x72, 0x69, 0x74, 0x79, 0x20, 0x47, 0x32,
124 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x36, 0x30, 0x37,
125 0x31, 0x33, 0x31, 0x33, 0x32, 0x34, 0x35, 0x32,
126 0x5a, 0x17, 0x0d, 0x31, 0x36, 0x31, 0x30, 0x30,
127 0x35, 0x31, 0x33, 0x31, 0x36, 0x30, 0x30, 0x5a,
128 0x30, 0x65, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03,
129 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31,
130 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08,
131 0x0c, 0x0a, 0x43, 0x61, 0x6c, 0x69, 0x66, 0x6f,
132 0x72, 0x6e, 0x69, 0x61, 0x31, 0x16, 0x30, 0x14,
133 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x0d, 0x4d,
134 0x6f, 0x75, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x20,
135 0x56, 0x69, 0x65, 0x77, 0x31, 0x13, 0x30, 0x11,
136 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0a, 0x47,
137 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x20, 0x49, 0x6e,
138 0x63, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55,
139 0x04, 0x03, 0x0c, 0x0b, 0x2a, 0x2e, 0x67, 0x6f,
140 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x6e, 0x6f, 0x30,
141 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a,
142 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
143 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30,
144 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00,
145 0xa5, 0x0a, 0xb9, 0xb1, 0xca, 0x36, 0xd1, 0xae,
146 0x22, 0x38, 0x07, 0x06, 0xc9, 0x1a, 0x56, 0x4f,
147 0xbb, 0xdf, 0xa8, 0x6d, 0xbd, 0xee, 0x76, 0x16,
148 0xbc, 0x53, 0x3c, 0x03, 0x6a, 0x5c, 0x94, 0x50,
149 0x87, 0x2f, 0x28, 0xb4, 0x4e, 0xd5, 0x9b, 0x8f,
150 0xfe, 0x02, 0xde, 0x2a, 0x83, 0x01, 0xf9, 0x45,
151 0x61, 0x0e, 0x66, 0x0e, 0x24, 0x22, 0xe2, 0x59,
152 0x66, 0x0d, 0xd3, 0xe9, 0x77, 0x8a, 0x7e, 0x42,
153 0xaa, 0x5a, 0xf9, 0x05, 0xbf, 0x30, 0xc7, 0x03,
154 0x2b, 0xdc, 0xa6, 0x9c, 0xe0, 0x9f, 0x0d, 0xf1,
155 0x28, 0x19, 0xf8, 0xf2, 0x02, 0xfa, 0xbd, 0x62,
156 0xa0, 0xf3, 0x02, 0x2b, 0xcd, 0xf7, 0x09, 0x04,
157 0x3b, 0x52, 0xd8, 0x65, 0x4b, 0x4a, 0x70, 0xe4,
158 0x57, 0xc9, 0x2e, 0x2a, 0xf6, 0x9c, 0x6e, 0xd8,
159 0xde, 0x01, 0x52, 0xc9, 0x6f, 0xe9, 0xef, 0x82,
160 0xbc, 0x0b, 0x95, 0xb2, 0xef, 0xcb, 0x91, 0xa6,
161 0x0b, 0x2d, 0x14, 0xc6, 0x00, 0xa9, 0x33, 0x86,
162 0x64, 0x00, 0xd4, 0x92, 0x19, 0x53, 0x3d, 0xfd,
163 0xcd, 0xc6, 0x1a, 0xf2, 0x0e, 0x67, 0xc2, 0x1d,
164 0x2c, 0xe0, 0xe8, 0x29, 0x97, 0x1c, 0xb6, 0xc4,
165 0xb2, 0x02, 0x0c, 0x83, 0xb8, 0x60, 0x61, 0xf5,
166 0x61, 0x2d, 0x73, 0x5e, 0x85, 0x4d, 0xbd, 0x0d,
167 0xe7, 0x1a, 0x37, 0x56, 0x8d, 0xe5, 0x50, 0x0c,
168 0xc9, 0x64, 0x4c, 0x11, 0xea, 0xf3, 0xcb, 0x26,
169 0x34, 0xbd, 0x02, 0xf5, 0xc1, 0xfb, 0xa2, 0xec,
170 0x27, 0xbb, 0x60, 0xbe, 0x0b, 0xf6, 0xe7, 0x3c,
171 0x2d, 0xc9, 0xe7, 0xb0, 0x30, 0x28, 0x17, 0x3d,
172 0x90, 0xf1, 0x63, 0x8e, 0x49, 0xf7, 0x15, 0x78,
173 0x21, 0xcc, 0x45, 0xe6, 0x86, 0xb2, 0xd8, 0xb0,
174 0x2e, 0x5a, 0xb0, 0x58, 0xd3, 0xb6, 0x11, 0x40,
175 0xae, 0x81, 0x1f, 0x6b, 0x7a, 0xaf, 0x40, 0x50,
176 0xf9, 0x2e, 0x81, 0x8b, 0xec, 0x26, 0x11, 0x3f,
177 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01,
178 0x53, 0x30, 0x82, 0x01, 0x4f, 0x30, 0x1d, 0x06,
179 0x03, 0x55, 0x1d, 0x25, 0x04, 0x16, 0x30, 0x14,
180 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07,
181 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05,
182 0x05, 0x07, 0x03, 0x02, 0x30, 0x21, 0x06, 0x03,
183 0x55, 0x1d, 0x11, 0x04, 0x1a, 0x30, 0x18, 0x82,
184 0x0b, 0x2a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
185 0x65, 0x2e, 0x6e, 0x6f, 0x82, 0x09, 0x67, 0x6f,
186 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x6e, 0x6f, 0x30,
187 0x68, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05,
188 0x07, 0x01, 0x01, 0x04, 0x5c, 0x30, 0x5a, 0x30,
189 0x2b, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05,
190 0x07, 0x30, 0x02, 0x86, 0x1f, 0x68, 0x74, 0x74,
191 0x70, 0x3a, 0x2f, 0x2f, 0x70, 0x6b, 0x69, 0x2e,
192 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63,
193 0x6f, 0x6d, 0x2f, 0x47, 0x49, 0x41, 0x47, 0x32,
194 0x2e, 0x63, 0x72, 0x74, 0x30, 0x2b, 0x06, 0x08,
195 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01,
196 0x86, 0x1f, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f,
197 0x2f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x73,
198 0x31, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
199 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x63, 0x73,
200 0x70, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e,
201 0x04, 0x16, 0x04, 0x14, 0xc6, 0x53, 0x87, 0x42,
202 0x2d, 0xc8, 0xee, 0x7a, 0x62, 0x1e, 0x83, 0xdb,
203 0x0d, 0xe2, 0x32, 0xeb, 0x8b, 0xaf, 0x69, 0x40,
204 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01,
205 0x01, 0xff, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1f,
206 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30,
207 0x16, 0x80, 0x14, 0x4a, 0xdd, 0x06, 0x16, 0x1b,
208 0xbc, 0xf6, 0x68, 0xb5, 0x76, 0xf5, 0x81, 0xb6,
209 0xbb, 0x62, 0x1a, 0xba, 0x5a, 0x81, 0x2f, 0x30,
210 0x21, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x1a,
211 0x30, 0x18, 0x30, 0x0c, 0x06, 0x0a, 0x2b, 0x06,
212 0x01, 0x04, 0x01, 0xd6, 0x79, 0x02, 0x05, 0x01,
213 0x30, 0x08, 0x06, 0x06, 0x67, 0x81, 0x0c, 0x01,
214 0x02, 0x02, 0x30, 0x30, 0x06, 0x03, 0x55, 0x1d,
215 0x1f, 0x04, 0x29, 0x30, 0x27, 0x30, 0x25, 0xa0,
216 0x23, 0xa0, 0x21, 0x86, 0x1f, 0x68, 0x74, 0x74,
217 0x70, 0x3a, 0x2f, 0x2f, 0x70, 0x6b, 0x69, 0x2e,
218 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63,
219 0x6f, 0x6d, 0x2f, 0x47, 0x49, 0x41, 0x47, 0x32,
220 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x0d, 0x06, 0x09,
221 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
222 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00,
223 0x7b, 0x27, 0x00, 0x46, 0x8f, 0xfd, 0x5b, 0xff,
224 0xcb, 0x05, 0x9b, 0xf7, 0xf1, 0x68, 0xf6, 0x9a,
225 0x7b, 0xba, 0x53, 0xdf, 0x63, 0xed, 0x11, 0x94,
226 0x39, 0xf2, 0xd0, 0x20, 0xcd, 0xa3, 0xc4, 0x98,
227 0xa5, 0x10, 0x74, 0xe7, 0x10, 0x6d, 0x07, 0xf8,
228 0x33, 0x87, 0x05, 0x43, 0x0e, 0x64, 0x77, 0x09,
229 0x18, 0x4f, 0x38, 0x2e, 0x45, 0xae, 0xa8, 0x34,
230 0x3a, 0xa8, 0x33, 0xac, 0x9d, 0xdd, 0x25, 0x91,
231 0x59, 0x43, 0xbe, 0x0f, 0x87, 0x16, 0x2f, 0xb5,
232 0x27, 0xfd, 0xce, 0x2f, 0x35, 0x5d, 0x12, 0xa1,
233 0x66, 0xac, 0xf7, 0x95, 0x38, 0x0f, 0xe5, 0xb1,
234 0x18, 0x18, 0xe6, 0x80, 0x52, 0x31, 0x8a, 0x66,
235 0x02, 0x52, 0x1a, 0xa4, 0x32, 0x6a, 0x61, 0x05,
236 0xcf, 0x1d, 0xf9, 0x90, 0x73, 0xf0, 0xeb, 0x20,
237 0x31, 0x7b, 0x2e, 0xc0, 0xb0, 0xfb, 0x5c, 0xcc,
238 0xdc, 0x76, 0x55, 0x72, 0xaf, 0xb1, 0x05, 0xf4,
239 0xad, 0xf9, 0xd7, 0x73, 0x5c, 0x2c, 0xbf, 0x0d,
240 0x84, 0x18, 0x01, 0x1d, 0x4d, 0x08, 0xa9, 0x4e,
241 0x37, 0xb7, 0x58, 0xc4, 0x05, 0x0e, 0x65, 0x63,
242 0xd2, 0x88, 0x02, 0xf5, 0x82, 0x17, 0x08, 0xd5,
243 0x8f, 0x80, 0xc7, 0x82, 0x29, 0xbb, 0xe1, 0x04,
244 0xbe, 0xf6, 0xe1, 0x8c, 0xbc, 0x3a, 0xf8, 0xf9,
245 0x56, 0xda, 0xdc, 0x8e, 0xc6, 0xe6, 0x63, 0x98,
246 0x12, 0x08, 0x41, 0x2c, 0x9d, 0x7c, 0x82, 0x0d,
247 0x1e, 0xea, 0xba, 0xde, 0x32, 0x09, 0xda, 0x52,
248 0x24, 0x4f, 0xcc, 0xb6, 0x09, 0x33, 0x8b, 0x00,
249 0xf9, 0x83, 0xb3, 0xc6, 0xa4, 0x90, 0x49, 0x83,
250 0x2d, 0x36, 0xd9, 0x11, 0x78, 0xd0, 0x62, 0x9f,
251 0xc4, 0x8f, 0x84, 0xba, 0x7f, 0xaa, 0x04, 0xf1,
252 0xd9, 0xa4, 0xad, 0x5d, 0x63, 0xee, 0x72, 0xc6,
253 0x4d, 0xd1, 0x4b, 0x41, 0x8f, 0x40, 0x0f, 0x7d,
254 0xcd, 0xb8, 0x2e, 0x5b, 0x6e, 0x21, 0xc9, 0x3d
255 };
256
257 Flow f;
258 SSLState *ssl_state = NULL;
259 TcpSession ssn;
260 Packet *p1 = NULL;
261 Packet *p2 = NULL;
262 Packet *p3 = NULL;
263 ThreadVars tv;
264 DetectEngineThreadCtx *det_ctx = NULL;
265 AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc();
266
267 memset(&tv, 0, sizeof(ThreadVars));
268 memset(&f, 0, sizeof(Flow));
269 memset(&ssn, 0, sizeof(TcpSession));
270
271 p1 = UTHBuildPacketReal(client_hello, sizeof(client_hello), IPPROTO_TCP,
272 "192.168.1.5", "192.168.1.1", 51251, 443);
273 p2 = UTHBuildPacketReal(server_hello, sizeof(server_hello), IPPROTO_TCP,
274 "192.168.1.1", "192.168.1.5", 443, 51251);
275 p3 = UTHBuildPacketReal(certificate, sizeof(certificate), IPPROTO_TCP,
276 "192.168.1.1", "192.168.1.5", 443, 51251);
277
278 FLOW_INITIALIZE(&f);
279 f.flags |= FLOW_IPV4;
280 f.proto = IPPROTO_TCP;
281 f.protomap = FlowGetProtoMapping(f.proto);
282 f.alproto = ALPROTO_TLS;
283
284 p1->flow = &f;
285 p1->flags |= PKT_HAS_FLOW | PKT_STREAM_EST;
286 p1->flowflags |= FLOW_PKT_TOSERVER;
287 p1->flowflags |= FLOW_PKT_ESTABLISHED;
288 p1->pcap_cnt = 1;
289
290 p2->flow = &f;
291 p2->flags |= PKT_HAS_FLOW | PKT_STREAM_EST;
292 p2->flowflags |= FLOW_PKT_TOCLIENT;
293 p2->flowflags |= FLOW_PKT_ESTABLISHED;
294 p2->pcap_cnt = 2;
295
296 p3->flow = &f;
297 p3->flags |= PKT_HAS_FLOW | PKT_STREAM_EST;
298 p3->flowflags |= FLOW_PKT_TOCLIENT;
299 p3->flowflags |= FLOW_PKT_ESTABLISHED;
300 p3->pcap_cnt = 3;
301
302 StreamTcpInitConfig(true);
303
304 DetectEngineCtx *de_ctx = DetectEngineCtxInit();
305 FAIL_IF_NULL(de_ctx);
306
307 de_ctx->mpm_matcher = mpm_default_matcher;
308 de_ctx->flags |= DE_QUIET;
309
310 Signature *s = DetectEngineAppendSig(de_ctx, "alert tls any any -> any any "
311 "(msg:\"Test tls.certs\"; tls.certs; "
312 "content:\"|06 09 2a 86 48|\"; sid:1;)");
313 FAIL_IF_NULL(s);
314
315 SigGroupBuild(de_ctx);
316 DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
317
318 int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS,
319 STREAM_TOSERVER, client_hello,
320 sizeof(client_hello));
321
322 FAIL_IF(r != 0);
323
324 ssl_state = f.alstate;
325 FAIL_IF_NULL(ssl_state);
326
327 SigMatchSignatures(&tv, de_ctx, det_ctx, p1);
328
329 FAIL_IF(PacketAlertCheck(p1, 1));
330
331 r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, STREAM_TOCLIENT,
332 server_hello, sizeof(server_hello));
333
334 FAIL_IF(r != 0);
335
336 SigMatchSignatures(&tv, de_ctx, det_ctx, p2);
337
338 FAIL_IF(PacketAlertCheck(p2, 1));
339
340 r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, STREAM_TOCLIENT,
341 certificate, sizeof(certificate));
342
343 FAIL_IF(r != 0);
344
345 SigMatchSignatures(&tv, de_ctx, det_ctx, p3);
346
347 FAIL_IF_NOT(PacketAlertCheck(p3, 1));
348 AppLayerParserThreadCtxFree(alp_tctx);
349 DetectEngineThreadCtxDeinit(&tv, det_ctx);
350 DetectEngineCtxFree(de_ctx);
351 StreamTcpFreeConfig(true);
352 FLOW_DESTROY(&f);
353 UTHFreePacket(p1);
354 UTHFreePacket(p2);
355 UTHFreePacket(p3);
356
357 PASS;
358}
359
360static void DetectTlsCertsRegisterTests(void)
361{
362 UtRegisterTest("DetectTlsCertsTest01", DetectTlsCertsTest01);
363 UtRegisterTest("DetectTlsCertsTest02", DetectTlsCertsTest02);
364}
AppLayerParserThreadCtxAlloc
AppLayerParserThreadCtx * AppLayerParserThreadCtxAlloc(void)
Gets a new app layer protocol's parser thread context.
Definition app-layer-parser.c:297
AppLayerParserThreadCtxFree
void AppLayerParserThreadCtxFree(AppLayerParserThreadCtx *tctx)
Destroys the app layer parser thread context obtained using AppLayerParserThreadCtxAlloc().
Definition app-layer-parser.c:324
AppLayerParserParse
int AppLayerParserParse(ThreadVars *tv, AppLayerParserThreadCtx *alp_tctx, Flow *f, AppProto alproto, uint8_t flags, const uint8_t *input, uint32_t input_len)
Definition app-layer-parser.c:1291
ALPROTO_TLS
@ ALPROTO_TLS
Definition app-layer-protos.h:39
PKT_HAS_FLOW
#define PKT_HAS_FLOW
Definition decode.h:1266
PKT_STREAM_EST
#define PKT_STREAM_EST
Definition decode.h:1262
PacketAlertCheck
int PacketAlertCheck(Packet *p, uint32_t sid)
Check if a certain sid alerted, this is used in the test functions.
Definition detect-engine-alert.c:142
DetectBufferGetFirstSigMatch
SigMatch * DetectBufferGetFirstSigMatch(const Signature *s, const uint32_t buf_id)
Definition detect-engine-buffer.c:157
SigGroupBuild
int SigGroupBuild(DetectEngineCtx *de_ctx)
Convert the signature list into the runtime match structure.
Definition detect-engine-build.c:2204
DetectEngineCtxInit
DetectEngineCtx * DetectEngineCtxInit(void)
Definition detect-engine.c:2602
DetectEngineCtxFree
void DetectEngineCtxFree(DetectEngineCtx *)
Free a DetectEngineCtx::
Definition detect-engine.c:2641
DetectEngineAppendSig
Signature * DetectEngineAppendSig(DetectEngineCtx *, const char *)
Parse and append a Signature into the Detection Engine Context signature list.
Definition detect-parse.c:3437
DetectEngineThreadCtxInit
TmEcode DetectEngineThreadCtxInit(ThreadVars *tv, void *initdata, void **data)
initialize thread specific detection engine context
Definition detect-engine.c:3372
DetectEngineThreadCtxDeinit
TmEcode DetectEngineThreadCtxDeinit(ThreadVars *tv, void *data)
Definition detect-engine.c:3608
SigMatchSignatures
void SigMatchSignatures(ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, Packet *p)
wrapper for old tests
Definition detect.c:2420
DE_QUIET
#define DE_QUIET
Definition detect.h:330
DETECT_SM_LIST_MATCH
@ DETECT_SM_LIST_MATCH
Definition detect.h:117
FlowGetProtoMapping
uint8_t FlowGetProtoMapping(uint8_t proto)
Function to map the protocol to the defined FLOW_PROTO_* enumeration.
Definition flow-util.c:99
FLOW_INITIALIZE
#define FLOW_INITIALIZE(f)
Definition flow-util.h:38
FLOW_DESTROY
#define FLOW_DESTROY(f)
Definition flow-util.h:119
FLOW_PKT_TOSERVER
#define FLOW_PKT_TOSERVER
Definition flow.h:233
FLOW_PKT_ESTABLISHED
#define FLOW_PKT_ESTABLISHED
Definition flow.h:235
FLOW_IPV4
#define FLOW_IPV4
Definition flow.h:100
FLOW_PKT_TOCLIENT
#define FLOW_PKT_TOCLIENT
Definition flow.h:234
alp_tctx
AppLayerParserThreadCtx * alp_tctx
Definition fuzz_applayerparserparse.c:23
tv
ThreadVars * tv
Definition fuzz_decodepcapfile.c:32
de_ctx
DetectEngineCtx * de_ctx
Definition fuzz_siginit.c:18
FAIL_IF_NULL
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
Definition util-unittest.h:89
UtRegisterTest
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
Definition util-unittest.c:103
FAIL_IF_NOT
#define FAIL_IF_NOT(expr)
Fail a test if expression evaluates to false.
Definition util-unittest.h:82
PASS
#define PASS
Pass the test.
Definition util-unittest.h:105
FAIL_IF
#define FAIL_IF(expr)
Fail a test if expression evaluates to true.
Definition util-unittest.h:71
FAIL_IF_NOT_NULL
#define FAIL_IF_NOT_NULL(expr)
Fail a test if expression evaluates to non-NULL.
Definition util-unittest.h:96
StreamTcpFreeConfig
void StreamTcpFreeConfig(bool quiet)
Definition stream-tcp.c:859
StreamTcpInitConfig
void StreamTcpInitConfig(bool)
To initialize the stream global configuration data.
Definition stream-tcp.c:488
AppLayerParserThreadCtx_
Definition app-layer-parser.c:60
DetectEngineCtx_
main detection engine ctx
Definition detect.h:932
DetectEngineCtx_::mpm_matcher
uint8_t mpm_matcher
Definition detect.h:935
DetectEngineCtx_::flags
uint8_t flags
Definition detect.h:934
DetectEngineCtx_::sig_list
Signature * sig_list
Definition detect.h:941
DetectEngineThreadCtx_
Definition detect.h:1244
Flow_
Flow data structure.
Definition flow.h:356
Flow_::proto
uint8_t proto
Definition flow.h:378
Flow_::flags
uint32_t flags
Definition flow.h:421
Flow_::alproto
AppProto alproto
application level protocol
Definition flow.h:450
Flow_::alstate
void * alstate
Definition flow.h:479
Flow_::protomap
uint8_t protomap
Definition flow.h:445
Packet_
Definition decode.h:501
Packet_::flowflags
uint8_t flowflags
Definition decode.h:532
Packet_::pcap_cnt
uint64_t pcap_cnt
Definition decode.h:626
Packet_::flow
struct Flow_ * flow
Definition decode.h:546
Packet_::flags
uint32_t flags
Definition decode.h:544
SSLState_
SSLv[2.0|3.[0|1|2|3]] state structure.
Definition app-layer-ssl.h:227
SigMatch_
a single match condition for a signature
Definition detect.h:356
SigMatch_::type
uint16_t type
Definition detect.h:357
SigMatch_::next
struct SigMatch_ * next
Definition detect.h:360
SignatureInitData_::smlists
struct SigMatch_ * smlists[DETECT_SM_LIST_MAX]
Definition detect.h:642
Signature_
Signature container.
Definition detect.h:668
Signature_::init_data
SignatureInitData * init_data
Definition detect.h:747
TcpSession_
Definition stream-tcp-private.h:283
ThreadVars_
Per thread variable structure.
Definition threadvars.h:58
mpm_default_matcher
uint8_t mpm_default_matcher
Definition util-mpm.c:48
UTHBuildPacketReal
Packet * UTHBuildPacketReal(uint8_t *payload, uint16_t payload_len, uint8_t ipproto, const char *src, const char *dst, uint16_t sport, uint16_t dport)
UTHBuildPacketReal is a function that create tcp/udp packets for unittests specifying ip and port sou...
Definition util-unittest-helper.c:260
UTHFreePacket
void UTHFreePacket(Packet *p)
UTHFreePacket: function to release the allocated data from UTHBuildPacket and the packet itself.
Definition util-unittest-helper.c:473