29 static int DetectTlsFingerprintTest01(
void)
36 "(msg:\"Testing tls.cert_fingerprint\"; " 37 "tls.cert_fingerprint; " 38 "content:\"11:22:33:44:55:66:77:88:99:00:11:22:33:44:55:66:77:88:99:00\"; " 46 sm = de_ctx->
sig_list->sm_lists[g_tls_cert_fingerprint_buffer_id];
61 static int DetectTlsFingerprintTest02(
void)
64 uint8_t client_hello[] = {
65 0x16, 0x03, 0x01, 0x00, 0xc8, 0x01, 0x00, 0x00,
66 0xc4, 0x03, 0x03, 0xd6, 0x08, 0x5a, 0xa2, 0x86,
67 0x5b, 0x85, 0xd4, 0x40, 0xab, 0xbe, 0xc0, 0xbc,
68 0x41, 0xf2, 0x26, 0xf0, 0xfe, 0x21, 0xee, 0x8b,
69 0x4c, 0x7e, 0x07, 0xc8, 0xec, 0xd2, 0x00, 0x46,
70 0x4c, 0xeb, 0xb7, 0x00, 0x00, 0x16, 0xc0, 0x2b,
71 0xc0, 0x2f, 0xc0, 0x0a, 0xc0, 0x09, 0xc0, 0x13,
72 0xc0, 0x14, 0x00, 0x33, 0x00, 0x39, 0x00, 0x2f,
73 0x00, 0x35, 0x00, 0x0a, 0x01, 0x00, 0x00, 0x85,
74 0x00, 0x00, 0x00, 0x12, 0x00, 0x10, 0x00, 0x00,
75 0x0d, 0x77, 0x77, 0x77, 0x2e, 0x67, 0x6f, 0x6f,
76 0x67, 0x6c, 0x65, 0x2e, 0x6e, 0x6f, 0xff, 0x01,
77 0x00, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x08, 0x00,
78 0x06, 0x00, 0x17, 0x00, 0x18, 0x00, 0x19, 0x00,
79 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x23, 0x00,
80 0x00, 0x33, 0x74, 0x00, 0x00, 0x00, 0x10, 0x00,
81 0x29, 0x00, 0x27, 0x05, 0x68, 0x32, 0x2d, 0x31,
82 0x36, 0x05, 0x68, 0x32, 0x2d, 0x31, 0x35, 0x05,
83 0x68, 0x32, 0x2d, 0x31, 0x34, 0x02, 0x68, 0x32,
84 0x08, 0x73, 0x70, 0x64, 0x79, 0x2f, 0x33, 0x2e,
85 0x31, 0x08, 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31,
86 0x2e, 0x31, 0x00, 0x05, 0x00, 0x05, 0x01, 0x00,
87 0x00, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x16, 0x00,
88 0x14, 0x04, 0x01, 0x05, 0x01, 0x06, 0x01, 0x02,
89 0x01, 0x04, 0x03, 0x05, 0x03, 0x06, 0x03, 0x02,
90 0x03, 0x04, 0x02, 0x02, 0x02
94 uint8_t server_hello[] = {
95 0x16, 0x03, 0x03, 0x00, 0x48, 0x02, 0x00, 0x00,
96 0x44, 0x03, 0x03, 0x57, 0x91, 0xb8, 0x63, 0xdd,
97 0xdb, 0xbb, 0x23, 0xcf, 0x0b, 0x43, 0x02, 0x1d,
98 0x46, 0x11, 0x27, 0x5c, 0x98, 0xcf, 0x67, 0xe1,
99 0x94, 0x3d, 0x62, 0x7d, 0x38, 0x48, 0x21, 0x23,
100 0xa5, 0x62, 0x31, 0x00, 0xc0, 0x2f, 0x00, 0x00,
101 0x1c, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x00,
102 0x00, 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x10,
103 0x00, 0x05, 0x00, 0x03, 0x02, 0x68, 0x32, 0x00,
104 0x0b, 0x00, 0x02, 0x01, 0x00
108 uint8_t certificate[] = {
109 0x16, 0x03, 0x03, 0x04, 0x93, 0x0b, 0x00, 0x04,
110 0x8f, 0x00, 0x04, 0x8c, 0x00, 0x04, 0x89, 0x30,
111 0x82, 0x04, 0x85, 0x30, 0x82, 0x03, 0x6d, 0xa0,
112 0x03, 0x02, 0x01, 0x02, 0x02, 0x08, 0x5c, 0x19,
113 0xb7, 0xb1, 0x32, 0x3b, 0x1c, 0xa1, 0x30, 0x0d,
114 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
115 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x49, 0x31,
116 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06,
117 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11,
118 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0a, 0x47,
119 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x20, 0x49, 0x6e,
120 0x63, 0x31, 0x25, 0x30, 0x23, 0x06, 0x03, 0x55,
121 0x04, 0x03, 0x13, 0x1c, 0x47, 0x6f, 0x6f, 0x67,
122 0x6c, 0x65, 0x20, 0x49, 0x6e, 0x74, 0x65, 0x72,
123 0x6e, 0x65, 0x74, 0x20, 0x41, 0x75, 0x74, 0x68,
124 0x6f, 0x72, 0x69, 0x74, 0x79, 0x20, 0x47, 0x32,
125 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x36, 0x30, 0x37,
126 0x31, 0x33, 0x31, 0x33, 0x32, 0x34, 0x35, 0x32,
127 0x5a, 0x17, 0x0d, 0x31, 0x36, 0x31, 0x30, 0x30,
128 0x35, 0x31, 0x33, 0x31, 0x36, 0x30, 0x30, 0x5a,
129 0x30, 0x65, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03,
130 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31,
131 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08,
132 0x0c, 0x0a, 0x43, 0x61, 0x6c, 0x69, 0x66, 0x6f,
133 0x72, 0x6e, 0x69, 0x61, 0x31, 0x16, 0x30, 0x14,
134 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x0d, 0x4d,
135 0x6f, 0x75, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x20,
136 0x56, 0x69, 0x65, 0x77, 0x31, 0x13, 0x30, 0x11,
137 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0a, 0x47,
138 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x20, 0x49, 0x6e,
139 0x63, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55,
140 0x04, 0x03, 0x0c, 0x0b, 0x2a, 0x2e, 0x67, 0x6f,
141 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x6e, 0x6f, 0x30,
142 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a,
143 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
144 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30,
145 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00,
146 0xa5, 0x0a, 0xb9, 0xb1, 0xca, 0x36, 0xd1, 0xae,
147 0x22, 0x38, 0x07, 0x06, 0xc9, 0x1a, 0x56, 0x4f,
148 0xbb, 0xdf, 0xa8, 0x6d, 0xbd, 0xee, 0x76, 0x16,
149 0xbc, 0x53, 0x3c, 0x03, 0x6a, 0x5c, 0x94, 0x50,
150 0x87, 0x2f, 0x28, 0xb4, 0x4e, 0xd5, 0x9b, 0x8f,
151 0xfe, 0x02, 0xde, 0x2a, 0x83, 0x01, 0xf9, 0x45,
152 0x61, 0x0e, 0x66, 0x0e, 0x24, 0x22, 0xe2, 0x59,
153 0x66, 0x0d, 0xd3, 0xe9, 0x77, 0x8a, 0x7e, 0x42,
154 0xaa, 0x5a, 0xf9, 0x05, 0xbf, 0x30, 0xc7, 0x03,
155 0x2b, 0xdc, 0xa6, 0x9c, 0xe0, 0x9f, 0x0d, 0xf1,
156 0x28, 0x19, 0xf8, 0xf2, 0x02, 0xfa, 0xbd, 0x62,
157 0xa0, 0xf3, 0x02, 0x2b, 0xcd, 0xf7, 0x09, 0x04,
158 0x3b, 0x52, 0xd8, 0x65, 0x4b, 0x4a, 0x70, 0xe4,
159 0x57, 0xc9, 0x2e, 0x2a, 0xf6, 0x9c, 0x6e, 0xd8,
160 0xde, 0x01, 0x52, 0xc9, 0x6f, 0xe9, 0xef, 0x82,
161 0xbc, 0x0b, 0x95, 0xb2, 0xef, 0xcb, 0x91, 0xa6,
162 0x0b, 0x2d, 0x14, 0xc6, 0x00, 0xa9, 0x33, 0x86,
163 0x64, 0x00, 0xd4, 0x92, 0x19, 0x53, 0x3d, 0xfd,
164 0xcd, 0xc6, 0x1a, 0xf2, 0x0e, 0x67, 0xc2, 0x1d,
165 0x2c, 0xe0, 0xe8, 0x29, 0x97, 0x1c, 0xb6, 0xc4,
166 0xb2, 0x02, 0x0c, 0x83, 0xb8, 0x60, 0x61, 0xf5,
167 0x61, 0x2d, 0x73, 0x5e, 0x85, 0x4d, 0xbd, 0x0d,
168 0xe7, 0x1a, 0x37, 0x56, 0x8d, 0xe5, 0x50, 0x0c,
169 0xc9, 0x64, 0x4c, 0x11, 0xea, 0xf3, 0xcb, 0x26,
170 0x34, 0xbd, 0x02, 0xf5, 0xc1, 0xfb, 0xa2, 0xec,
171 0x27, 0xbb, 0x60, 0xbe, 0x0b, 0xf6, 0xe7, 0x3c,
172 0x2d, 0xc9, 0xe7, 0xb0, 0x30, 0x28, 0x17, 0x3d,
173 0x90, 0xf1, 0x63, 0x8e, 0x49, 0xf7, 0x15, 0x78,
174 0x21, 0xcc, 0x45, 0xe6, 0x86, 0xb2, 0xd8, 0xb0,
175 0x2e, 0x5a, 0xb0, 0x58, 0xd3, 0xb6, 0x11, 0x40,
176 0xae, 0x81, 0x1f, 0x6b, 0x7a, 0xaf, 0x40, 0x50,
177 0xf9, 0x2e, 0x81, 0x8b, 0xec, 0x26, 0x11, 0x3f,
178 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01,
179 0x53, 0x30, 0x82, 0x01, 0x4f, 0x30, 0x1d, 0x06,
180 0x03, 0x55, 0x1d, 0x25, 0x04, 0x16, 0x30, 0x14,
181 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07,
182 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05,
183 0x05, 0x07, 0x03, 0x02, 0x30, 0x21, 0x06, 0x03,
184 0x55, 0x1d, 0x11, 0x04, 0x1a, 0x30, 0x18, 0x82,
185 0x0b, 0x2a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
186 0x65, 0x2e, 0x6e, 0x6f, 0x82, 0x09, 0x67, 0x6f,
187 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x6e, 0x6f, 0x30,
188 0x68, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05,
189 0x07, 0x01, 0x01, 0x04, 0x5c, 0x30, 0x5a, 0x30,
190 0x2b, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05,
191 0x07, 0x30, 0x02, 0x86, 0x1f, 0x68, 0x74, 0x74,
192 0x70, 0x3a, 0x2f, 0x2f, 0x70, 0x6b, 0x69, 0x2e,
193 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63,
194 0x6f, 0x6d, 0x2f, 0x47, 0x49, 0x41, 0x47, 0x32,
195 0x2e, 0x63, 0x72, 0x74, 0x30, 0x2b, 0x06, 0x08,
196 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01,
197 0x86, 0x1f, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f,
198 0x2f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x73,
199 0x31, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
200 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x63, 0x73,
201 0x70, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e,
202 0x04, 0x16, 0x04, 0x14, 0xc6, 0x53, 0x87, 0x42,
203 0x2d, 0xc8, 0xee, 0x7a, 0x62, 0x1e, 0x83, 0xdb,
204 0x0d, 0xe2, 0x32, 0xeb, 0x8b, 0xaf, 0x69, 0x40,
205 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01,
206 0x01, 0xff, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1f,
207 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30,
208 0x16, 0x80, 0x14, 0x4a, 0xdd, 0x06, 0x16, 0x1b,
209 0xbc, 0xf6, 0x68, 0xb5, 0x76, 0xf5, 0x81, 0xb6,
210 0xbb, 0x62, 0x1a, 0xba, 0x5a, 0x81, 0x2f, 0x30,
211 0x21, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x1a,
212 0x30, 0x18, 0x30, 0x0c, 0x06, 0x0a, 0x2b, 0x06,
213 0x01, 0x04, 0x01, 0xd6, 0x79, 0x02, 0x05, 0x01,
214 0x30, 0x08, 0x06, 0x06, 0x67, 0x81, 0x0c, 0x01,
215 0x02, 0x02, 0x30, 0x30, 0x06, 0x03, 0x55, 0x1d,
216 0x1f, 0x04, 0x29, 0x30, 0x27, 0x30, 0x25, 0xa0,
217 0x23, 0xa0, 0x21, 0x86, 0x1f, 0x68, 0x74, 0x74,
218 0x70, 0x3a, 0x2f, 0x2f, 0x70, 0x6b, 0x69, 0x2e,
219 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63,
220 0x6f, 0x6d, 0x2f, 0x47, 0x49, 0x41, 0x47, 0x32,
221 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x0d, 0x06, 0x09,
222 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
223 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00,
224 0x7b, 0x27, 0x00, 0x46, 0x8f, 0xfd, 0x5b, 0xff,
225 0xcb, 0x05, 0x9b, 0xf7, 0xf1, 0x68, 0xf6, 0x9a,
226 0x7b, 0xba, 0x53, 0xdf, 0x63, 0xed, 0x11, 0x94,
227 0x39, 0xf2, 0xd0, 0x20, 0xcd, 0xa3, 0xc4, 0x98,
228 0xa5, 0x10, 0x74, 0xe7, 0x10, 0x6d, 0x07, 0xf8,
229 0x33, 0x87, 0x05, 0x43, 0x0e, 0x64, 0x77, 0x09,
230 0x18, 0x4f, 0x38, 0x2e, 0x45, 0xae, 0xa8, 0x34,
231 0x3a, 0xa8, 0x33, 0xac, 0x9d, 0xdd, 0x25, 0x91,
232 0x59, 0x43, 0xbe, 0x0f, 0x87, 0x16, 0x2f, 0xb5,
233 0x27, 0xfd, 0xce, 0x2f, 0x35, 0x5d, 0x12, 0xa1,
234 0x66, 0xac, 0xf7, 0x95, 0x38, 0x0f, 0xe5, 0xb1,
235 0x18, 0x18, 0xe6, 0x80, 0x52, 0x31, 0x8a, 0x66,
236 0x02, 0x52, 0x1a, 0xa4, 0x32, 0x6a, 0x61, 0x05,
237 0xcf, 0x1d, 0xf9, 0x90, 0x73, 0xf0, 0xeb, 0x20,
238 0x31, 0x7b, 0x2e, 0xc0, 0xb0, 0xfb, 0x5c, 0xcc,
239 0xdc, 0x76, 0x55, 0x72, 0xaf, 0xb1, 0x05, 0xf4,
240 0xad, 0xf9, 0xd7, 0x73, 0x5c, 0x2c, 0xbf, 0x0d,
241 0x84, 0x18, 0x01, 0x1d, 0x4d, 0x08, 0xa9, 0x4e,
242 0x37, 0xb7, 0x58, 0xc4, 0x05, 0x0e, 0x65, 0x63,
243 0xd2, 0x88, 0x02, 0xf5, 0x82, 0x17, 0x08, 0xd5,
244 0x8f, 0x80, 0xc7, 0x82, 0x29, 0xbb, 0xe1, 0x04,
245 0xbe, 0xf6, 0xe1, 0x8c, 0xbc, 0x3a, 0xf8, 0xf9,
246 0x56, 0xda, 0xdc, 0x8e, 0xc6, 0xe6, 0x63, 0x98,
247 0x12, 0x08, 0x41, 0x2c, 0x9d, 0x7c, 0x82, 0x0d,
248 0x1e, 0xea, 0xba, 0xde, 0x32, 0x09, 0xda, 0x52,
249 0x24, 0x4f, 0xcc, 0xb6, 0x09, 0x33, 0x8b, 0x00,
250 0xf9, 0x83, 0xb3, 0xc6, 0xa4, 0x90, 0x49, 0x83,
251 0x2d, 0x36, 0xd9, 0x11, 0x78, 0xd0, 0x62, 0x9f,
252 0xc4, 0x8f, 0x84, 0xba, 0x7f, 0xaa, 0x04, 0xf1,
253 0xd9, 0xa4, 0xad, 0x5d, 0x63, 0xee, 0x72, 0xc6,
254 0x4d, 0xd1, 0x4b, 0x41, 0x8f, 0x40, 0x0f, 0x7d,
255 0xcd, 0xb8, 0x2e, 0x5b, 0x6e, 0x21, 0xc9, 0x3d
269 memset(&f, 0,
sizeof(
Flow));
273 "192.168.1.5",
"192.168.1.1", 51251, 443);
275 "192.168.1.1",
"192.168.1.5", 443, 51251);
277 "192.168.1.1",
"192.168.1.5", 443, 51251);
281 f.
proto = IPPROTO_TCP;
312 "(msg:\"Test tls.cert_fingerprint\"; " 313 "tls.cert_fingerprint; " 314 "content:\"4a:a3:66:76:82:cb:6b:23:bb:c3:58:47:23:a4:63:a7:78:a4:a1:18\"; " 323 sizeof(client_hello));
335 server_hello,
sizeof(server_hello));
344 certificate,
sizeof(certificate));
365 static void DetectTlsFingerprintRegisterTests(
void)
367 UtRegisterTest(
"DetectTlsFingerprintTest01", DetectTlsFingerprintTest01);
368 UtRegisterTest(
"DetectTlsFingerprintTest02", DetectTlsFingerprintTest02);
Signature * DetectEngineAppendSig(DetectEngineCtx *de_ctx, const char *sigstr)
Parse and append a Signature into the Detection Engine Context signature list.
int PacketAlertCheck(Packet *p, uint32_t sid)
Check if a certain sid alerted, this is used in the test functions.
#define PASS
Pass the test.
Signature * SigInit(DetectEngineCtx *, const char *)
Parses a signature and adds it to the Detection Engine Context.
#define FAIL_IF(expr)
Fail a test if expression evaluates to false.
void AppLayerParserThreadCtxFree(AppLayerParserThreadCtx *tctx)
Destroys the app layer parser thread context obtained using AppLayerParserThreadCtxAlloc().
uint8_t FlowGetProtoMapping(uint8_t proto)
Function to map the protocol to the defined FLOW_PROTO_* enumeration.
#define FLOW_PKT_ESTABLISHED
void StreamTcpFreeConfig(char quiet)
TmEcode DetectEngineThreadCtxInit(ThreadVars *, void *, void **)
initialize thread specific detection engine context
main detection engine ctx
TmEcode DetectEngineThreadCtxDeinit(ThreadVars *, void *)
SSLv[2.0|3.[0|1|2|3]] state structure.
int SigGroupBuild(DetectEngineCtx *de_ctx)
Convert the signature list into the runtime match structure.
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
void SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, Packet *p)
wrapper for old tests
void StreamTcpInitConfig(char)
To initialize the stream global configuration data.
Packet * UTHBuildPacketReal(uint8_t *payload, uint16_t payload_len, uint8_t ipproto, const char *src, const char *dst, uint16_t sport, uint16_t dport)
UTHBuildPacketReal is a function that create tcp/udp packets for unittests specifying ip and port sou...
#define FLOW_PKT_TOSERVER
AppLayerParserThreadCtx * AppLayerParserThreadCtxAlloc(void)
Gets a new app layer protocol's parser thread context.
#define FAIL_IF_NOT_NULL(expr)
Fail a test if expression evaluates to non-NULL.
int SigGroupCleanup(DetectEngineCtx *de_ctx)
int AppLayerParserParse(ThreadVars *tv, AppLayerParserThreadCtx *alp_tctx, Flow *f, AppProto alproto, uint8_t flags, const uint8_t *input, uint32_t input_len)
#define FLOW_INITIALIZE(f)
void UTHFreePacket(Packet *p)
UTHFreePacket: function to release the allocated data from UTHBuildPacket and the packet itself...
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
Per thread variable structure.
#define FLOW_PKT_TOCLIENT
AppProto alproto
application level protocol
void DetectEngineCtxFree(DetectEngineCtx *)
Free a DetectEngineCtx::
a single match condition for a signature
#define FAIL_IF_NOT(expr)
Fail a test if expression to true.
DetectEngineCtx * DetectEngineCtxInit(void)