suricata
detect-tls-cert-fingerprint.c
Go to the documentation of this file.
1 /* Copyright (C) 2019 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Mats Klepsland <mats.klepsland@gmail.com>
22  *
23  */
24 
25 /**
26  * \test Test that a signature containing tls_cert_fingerprint is correctly parsed
27  * and that the keyword is registered.
28  */
29 static int DetectTlsFingerprintTest01(void)
30 {
32  FAIL_IF_NULL(de_ctx);
33 
34  de_ctx->flags |= DE_QUIET;
35  de_ctx->sig_list = SigInit(de_ctx, "alert tls any any -> any any "
36  "(msg:\"Testing tls.cert_fingerprint\"; "
37  "tls.cert_fingerprint; "
38  "content:\"11:22:33:44:55:66:77:88:99:00:11:22:33:44:55:66:77:88:99:00\"; "
39  "sid:1;)");
40  FAIL_IF_NULL(de_ctx->sig_list);
41 
42  /* sm should not be in the MATCH list */
43  SigMatch *sm = de_ctx->sig_list->sm_lists[DETECT_SM_LIST_MATCH];
44  FAIL_IF_NOT_NULL(sm);
45 
46  sm = de_ctx->sig_list->sm_lists[g_tls_cert_fingerprint_buffer_id];
47  FAIL_IF_NULL(sm);
48 
49  FAIL_IF(sm->type != DETECT_CONTENT);
51 
52  SigGroupCleanup(de_ctx);
53  DetectEngineCtxFree(de_ctx);
54 
55  PASS;
56 }
57 
58 /**
59  * \test Test matching for fingerprint of a certificate.
60  */
61 static int DetectTlsFingerprintTest02(void)
62 {
63  /* client hello */
64  uint8_t client_hello[] = {
65  0x16, 0x03, 0x01, 0x00, 0xc8, 0x01, 0x00, 0x00,
66  0xc4, 0x03, 0x03, 0xd6, 0x08, 0x5a, 0xa2, 0x86,
67  0x5b, 0x85, 0xd4, 0x40, 0xab, 0xbe, 0xc0, 0xbc,
68  0x41, 0xf2, 0x26, 0xf0, 0xfe, 0x21, 0xee, 0x8b,
69  0x4c, 0x7e, 0x07, 0xc8, 0xec, 0xd2, 0x00, 0x46,
70  0x4c, 0xeb, 0xb7, 0x00, 0x00, 0x16, 0xc0, 0x2b,
71  0xc0, 0x2f, 0xc0, 0x0a, 0xc0, 0x09, 0xc0, 0x13,
72  0xc0, 0x14, 0x00, 0x33, 0x00, 0x39, 0x00, 0x2f,
73  0x00, 0x35, 0x00, 0x0a, 0x01, 0x00, 0x00, 0x85,
74  0x00, 0x00, 0x00, 0x12, 0x00, 0x10, 0x00, 0x00,
75  0x0d, 0x77, 0x77, 0x77, 0x2e, 0x67, 0x6f, 0x6f,
76  0x67, 0x6c, 0x65, 0x2e, 0x6e, 0x6f, 0xff, 0x01,
77  0x00, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x08, 0x00,
78  0x06, 0x00, 0x17, 0x00, 0x18, 0x00, 0x19, 0x00,
79  0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x23, 0x00,
80  0x00, 0x33, 0x74, 0x00, 0x00, 0x00, 0x10, 0x00,
81  0x29, 0x00, 0x27, 0x05, 0x68, 0x32, 0x2d, 0x31,
82  0x36, 0x05, 0x68, 0x32, 0x2d, 0x31, 0x35, 0x05,
83  0x68, 0x32, 0x2d, 0x31, 0x34, 0x02, 0x68, 0x32,
84  0x08, 0x73, 0x70, 0x64, 0x79, 0x2f, 0x33, 0x2e,
85  0x31, 0x08, 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31,
86  0x2e, 0x31, 0x00, 0x05, 0x00, 0x05, 0x01, 0x00,
87  0x00, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x16, 0x00,
88  0x14, 0x04, 0x01, 0x05, 0x01, 0x06, 0x01, 0x02,
89  0x01, 0x04, 0x03, 0x05, 0x03, 0x06, 0x03, 0x02,
90  0x03, 0x04, 0x02, 0x02, 0x02
91  };
92 
93  /* server hello */
94  uint8_t server_hello[] = {
95  0x16, 0x03, 0x03, 0x00, 0x48, 0x02, 0x00, 0x00,
96  0x44, 0x03, 0x03, 0x57, 0x91, 0xb8, 0x63, 0xdd,
97  0xdb, 0xbb, 0x23, 0xcf, 0x0b, 0x43, 0x02, 0x1d,
98  0x46, 0x11, 0x27, 0x5c, 0x98, 0xcf, 0x67, 0xe1,
99  0x94, 0x3d, 0x62, 0x7d, 0x38, 0x48, 0x21, 0x23,
100  0xa5, 0x62, 0x31, 0x00, 0xc0, 0x2f, 0x00, 0x00,
101  0x1c, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x00,
102  0x00, 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x10,
103  0x00, 0x05, 0x00, 0x03, 0x02, 0x68, 0x32, 0x00,
104  0x0b, 0x00, 0x02, 0x01, 0x00
105  };
106 
107  /* certificate */
108  uint8_t certificate[] = {
109  0x16, 0x03, 0x03, 0x04, 0x93, 0x0b, 0x00, 0x04,
110  0x8f, 0x00, 0x04, 0x8c, 0x00, 0x04, 0x89, 0x30,
111  0x82, 0x04, 0x85, 0x30, 0x82, 0x03, 0x6d, 0xa0,
112  0x03, 0x02, 0x01, 0x02, 0x02, 0x08, 0x5c, 0x19,
113  0xb7, 0xb1, 0x32, 0x3b, 0x1c, 0xa1, 0x30, 0x0d,
114  0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
115  0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x49, 0x31,
116  0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06,
117  0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11,
118  0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0a, 0x47,
119  0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x20, 0x49, 0x6e,
120  0x63, 0x31, 0x25, 0x30, 0x23, 0x06, 0x03, 0x55,
121  0x04, 0x03, 0x13, 0x1c, 0x47, 0x6f, 0x6f, 0x67,
122  0x6c, 0x65, 0x20, 0x49, 0x6e, 0x74, 0x65, 0x72,
123  0x6e, 0x65, 0x74, 0x20, 0x41, 0x75, 0x74, 0x68,
124  0x6f, 0x72, 0x69, 0x74, 0x79, 0x20, 0x47, 0x32,
125  0x30, 0x1e, 0x17, 0x0d, 0x31, 0x36, 0x30, 0x37,
126  0x31, 0x33, 0x31, 0x33, 0x32, 0x34, 0x35, 0x32,
127  0x5a, 0x17, 0x0d, 0x31, 0x36, 0x31, 0x30, 0x30,
128  0x35, 0x31, 0x33, 0x31, 0x36, 0x30, 0x30, 0x5a,
129  0x30, 0x65, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03,
130  0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31,
131  0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08,
132  0x0c, 0x0a, 0x43, 0x61, 0x6c, 0x69, 0x66, 0x6f,
133  0x72, 0x6e, 0x69, 0x61, 0x31, 0x16, 0x30, 0x14,
134  0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x0d, 0x4d,
135  0x6f, 0x75, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x20,
136  0x56, 0x69, 0x65, 0x77, 0x31, 0x13, 0x30, 0x11,
137  0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0a, 0x47,
138  0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x20, 0x49, 0x6e,
139  0x63, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55,
140  0x04, 0x03, 0x0c, 0x0b, 0x2a, 0x2e, 0x67, 0x6f,
141  0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x6e, 0x6f, 0x30,
142  0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a,
143  0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
144  0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30,
145  0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00,
146  0xa5, 0x0a, 0xb9, 0xb1, 0xca, 0x36, 0xd1, 0xae,
147  0x22, 0x38, 0x07, 0x06, 0xc9, 0x1a, 0x56, 0x4f,
148  0xbb, 0xdf, 0xa8, 0x6d, 0xbd, 0xee, 0x76, 0x16,
149  0xbc, 0x53, 0x3c, 0x03, 0x6a, 0x5c, 0x94, 0x50,
150  0x87, 0x2f, 0x28, 0xb4, 0x4e, 0xd5, 0x9b, 0x8f,
151  0xfe, 0x02, 0xde, 0x2a, 0x83, 0x01, 0xf9, 0x45,
152  0x61, 0x0e, 0x66, 0x0e, 0x24, 0x22, 0xe2, 0x59,
153  0x66, 0x0d, 0xd3, 0xe9, 0x77, 0x8a, 0x7e, 0x42,
154  0xaa, 0x5a, 0xf9, 0x05, 0xbf, 0x30, 0xc7, 0x03,
155  0x2b, 0xdc, 0xa6, 0x9c, 0xe0, 0x9f, 0x0d, 0xf1,
156  0x28, 0x19, 0xf8, 0xf2, 0x02, 0xfa, 0xbd, 0x62,
157  0xa0, 0xf3, 0x02, 0x2b, 0xcd, 0xf7, 0x09, 0x04,
158  0x3b, 0x52, 0xd8, 0x65, 0x4b, 0x4a, 0x70, 0xe4,
159  0x57, 0xc9, 0x2e, 0x2a, 0xf6, 0x9c, 0x6e, 0xd8,
160  0xde, 0x01, 0x52, 0xc9, 0x6f, 0xe9, 0xef, 0x82,
161  0xbc, 0x0b, 0x95, 0xb2, 0xef, 0xcb, 0x91, 0xa6,
162  0x0b, 0x2d, 0x14, 0xc6, 0x00, 0xa9, 0x33, 0x86,
163  0x64, 0x00, 0xd4, 0x92, 0x19, 0x53, 0x3d, 0xfd,
164  0xcd, 0xc6, 0x1a, 0xf2, 0x0e, 0x67, 0xc2, 0x1d,
165  0x2c, 0xe0, 0xe8, 0x29, 0x97, 0x1c, 0xb6, 0xc4,
166  0xb2, 0x02, 0x0c, 0x83, 0xb8, 0x60, 0x61, 0xf5,
167  0x61, 0x2d, 0x73, 0x5e, 0x85, 0x4d, 0xbd, 0x0d,
168  0xe7, 0x1a, 0x37, 0x56, 0x8d, 0xe5, 0x50, 0x0c,
169  0xc9, 0x64, 0x4c, 0x11, 0xea, 0xf3, 0xcb, 0x26,
170  0x34, 0xbd, 0x02, 0xf5, 0xc1, 0xfb, 0xa2, 0xec,
171  0x27, 0xbb, 0x60, 0xbe, 0x0b, 0xf6, 0xe7, 0x3c,
172  0x2d, 0xc9, 0xe7, 0xb0, 0x30, 0x28, 0x17, 0x3d,
173  0x90, 0xf1, 0x63, 0x8e, 0x49, 0xf7, 0x15, 0x78,
174  0x21, 0xcc, 0x45, 0xe6, 0x86, 0xb2, 0xd8, 0xb0,
175  0x2e, 0x5a, 0xb0, 0x58, 0xd3, 0xb6, 0x11, 0x40,
176  0xae, 0x81, 0x1f, 0x6b, 0x7a, 0xaf, 0x40, 0x50,
177  0xf9, 0x2e, 0x81, 0x8b, 0xec, 0x26, 0x11, 0x3f,
178  0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01,
179  0x53, 0x30, 0x82, 0x01, 0x4f, 0x30, 0x1d, 0x06,
180  0x03, 0x55, 0x1d, 0x25, 0x04, 0x16, 0x30, 0x14,
181  0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07,
182  0x03, 0x01, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05,
183  0x05, 0x07, 0x03, 0x02, 0x30, 0x21, 0x06, 0x03,
184  0x55, 0x1d, 0x11, 0x04, 0x1a, 0x30, 0x18, 0x82,
185  0x0b, 0x2a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
186  0x65, 0x2e, 0x6e, 0x6f, 0x82, 0x09, 0x67, 0x6f,
187  0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x6e, 0x6f, 0x30,
188  0x68, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05,
189  0x07, 0x01, 0x01, 0x04, 0x5c, 0x30, 0x5a, 0x30,
190  0x2b, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05,
191  0x07, 0x30, 0x02, 0x86, 0x1f, 0x68, 0x74, 0x74,
192  0x70, 0x3a, 0x2f, 0x2f, 0x70, 0x6b, 0x69, 0x2e,
193  0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63,
194  0x6f, 0x6d, 0x2f, 0x47, 0x49, 0x41, 0x47, 0x32,
195  0x2e, 0x63, 0x72, 0x74, 0x30, 0x2b, 0x06, 0x08,
196  0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01,
197  0x86, 0x1f, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f,
198  0x2f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x73,
199  0x31, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
200  0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x63, 0x73,
201  0x70, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e,
202  0x04, 0x16, 0x04, 0x14, 0xc6, 0x53, 0x87, 0x42,
203  0x2d, 0xc8, 0xee, 0x7a, 0x62, 0x1e, 0x83, 0xdb,
204  0x0d, 0xe2, 0x32, 0xeb, 0x8b, 0xaf, 0x69, 0x40,
205  0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01,
206  0x01, 0xff, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1f,
207  0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30,
208  0x16, 0x80, 0x14, 0x4a, 0xdd, 0x06, 0x16, 0x1b,
209  0xbc, 0xf6, 0x68, 0xb5, 0x76, 0xf5, 0x81, 0xb6,
210  0xbb, 0x62, 0x1a, 0xba, 0x5a, 0x81, 0x2f, 0x30,
211  0x21, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x1a,
212  0x30, 0x18, 0x30, 0x0c, 0x06, 0x0a, 0x2b, 0x06,
213  0x01, 0x04, 0x01, 0xd6, 0x79, 0x02, 0x05, 0x01,
214  0x30, 0x08, 0x06, 0x06, 0x67, 0x81, 0x0c, 0x01,
215  0x02, 0x02, 0x30, 0x30, 0x06, 0x03, 0x55, 0x1d,
216  0x1f, 0x04, 0x29, 0x30, 0x27, 0x30, 0x25, 0xa0,
217  0x23, 0xa0, 0x21, 0x86, 0x1f, 0x68, 0x74, 0x74,
218  0x70, 0x3a, 0x2f, 0x2f, 0x70, 0x6b, 0x69, 0x2e,
219  0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63,
220  0x6f, 0x6d, 0x2f, 0x47, 0x49, 0x41, 0x47, 0x32,
221  0x2e, 0x63, 0x72, 0x6c, 0x30, 0x0d, 0x06, 0x09,
222  0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
223  0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00,
224  0x7b, 0x27, 0x00, 0x46, 0x8f, 0xfd, 0x5b, 0xff,
225  0xcb, 0x05, 0x9b, 0xf7, 0xf1, 0x68, 0xf6, 0x9a,
226  0x7b, 0xba, 0x53, 0xdf, 0x63, 0xed, 0x11, 0x94,
227  0x39, 0xf2, 0xd0, 0x20, 0xcd, 0xa3, 0xc4, 0x98,
228  0xa5, 0x10, 0x74, 0xe7, 0x10, 0x6d, 0x07, 0xf8,
229  0x33, 0x87, 0x05, 0x43, 0x0e, 0x64, 0x77, 0x09,
230  0x18, 0x4f, 0x38, 0x2e, 0x45, 0xae, 0xa8, 0x34,
231  0x3a, 0xa8, 0x33, 0xac, 0x9d, 0xdd, 0x25, 0x91,
232  0x59, 0x43, 0xbe, 0x0f, 0x87, 0x16, 0x2f, 0xb5,
233  0x27, 0xfd, 0xce, 0x2f, 0x35, 0x5d, 0x12, 0xa1,
234  0x66, 0xac, 0xf7, 0x95, 0x38, 0x0f, 0xe5, 0xb1,
235  0x18, 0x18, 0xe6, 0x80, 0x52, 0x31, 0x8a, 0x66,
236  0x02, 0x52, 0x1a, 0xa4, 0x32, 0x6a, 0x61, 0x05,
237  0xcf, 0x1d, 0xf9, 0x90, 0x73, 0xf0, 0xeb, 0x20,
238  0x31, 0x7b, 0x2e, 0xc0, 0xb0, 0xfb, 0x5c, 0xcc,
239  0xdc, 0x76, 0x55, 0x72, 0xaf, 0xb1, 0x05, 0xf4,
240  0xad, 0xf9, 0xd7, 0x73, 0x5c, 0x2c, 0xbf, 0x0d,
241  0x84, 0x18, 0x01, 0x1d, 0x4d, 0x08, 0xa9, 0x4e,
242  0x37, 0xb7, 0x58, 0xc4, 0x05, 0x0e, 0x65, 0x63,
243  0xd2, 0x88, 0x02, 0xf5, 0x82, 0x17, 0x08, 0xd5,
244  0x8f, 0x80, 0xc7, 0x82, 0x29, 0xbb, 0xe1, 0x04,
245  0xbe, 0xf6, 0xe1, 0x8c, 0xbc, 0x3a, 0xf8, 0xf9,
246  0x56, 0xda, 0xdc, 0x8e, 0xc6, 0xe6, 0x63, 0x98,
247  0x12, 0x08, 0x41, 0x2c, 0x9d, 0x7c, 0x82, 0x0d,
248  0x1e, 0xea, 0xba, 0xde, 0x32, 0x09, 0xda, 0x52,
249  0x24, 0x4f, 0xcc, 0xb6, 0x09, 0x33, 0x8b, 0x00,
250  0xf9, 0x83, 0xb3, 0xc6, 0xa4, 0x90, 0x49, 0x83,
251  0x2d, 0x36, 0xd9, 0x11, 0x78, 0xd0, 0x62, 0x9f,
252  0xc4, 0x8f, 0x84, 0xba, 0x7f, 0xaa, 0x04, 0xf1,
253  0xd9, 0xa4, 0xad, 0x5d, 0x63, 0xee, 0x72, 0xc6,
254  0x4d, 0xd1, 0x4b, 0x41, 0x8f, 0x40, 0x0f, 0x7d,
255  0xcd, 0xb8, 0x2e, 0x5b, 0x6e, 0x21, 0xc9, 0x3d
256  };
257 
258  Flow f;
259  SSLState *ssl_state = NULL;
260  TcpSession ssn;
261  Packet *p1 = NULL;
262  Packet *p2 = NULL;
263  Packet *p3 = NULL;
264  ThreadVars tv;
265  DetectEngineThreadCtx *det_ctx = NULL;
267 
268  memset(&tv, 0, sizeof(ThreadVars));
269  memset(&f, 0, sizeof(Flow));
270  memset(&ssn, 0, sizeof(TcpSession));
271 
272  p1 = UTHBuildPacketReal(client_hello, sizeof(client_hello), IPPROTO_TCP,
273  "192.168.1.5", "192.168.1.1", 51251, 443);
274  p2 = UTHBuildPacketReal(server_hello, sizeof(server_hello), IPPROTO_TCP,
275  "192.168.1.1", "192.168.1.5", 443, 51251);
276  p3 = UTHBuildPacketReal(certificate, sizeof(certificate), IPPROTO_TCP,
277  "192.168.1.1", "192.168.1.5", 443, 51251);
278 
279  FLOW_INITIALIZE(&f);
280  f.flags |= FLOW_IPV4;
281  f.proto = IPPROTO_TCP;
283  f.alproto = ALPROTO_TLS;
284 
285  p1->flow = &f;
289  p1->pcap_cnt = 1;
290 
291  p2->flow = &f;
295  p2->pcap_cnt = 2;
296 
297  p3->flow = &f;
301  p3->pcap_cnt = 3;
302 
304 
306  FAIL_IF_NULL(de_ctx);
307 
309  de_ctx->flags |= DE_QUIET;
310 
311  Signature *s = DetectEngineAppendSig(de_ctx, "alert tls any any -> any any "
312  "(msg:\"Test tls.cert_fingerprint\"; "
313  "tls.cert_fingerprint; "
314  "content:\"4a:a3:66:76:82:cb:6b:23:bb:c3:58:47:23:a4:63:a7:78:a4:a1:18\"; "
315  "sid:1;)");
316  FAIL_IF_NULL(s);
317 
318  SigGroupBuild(de_ctx);
319  DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
320 
321  int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS,
322  STREAM_TOSERVER, client_hello,
323  sizeof(client_hello));
324 
325  FAIL_IF(r != 0);
326 
327  ssl_state = f.alstate;
328  FAIL_IF_NULL(ssl_state);
329 
330  SigMatchSignatures(&tv, de_ctx, det_ctx, p1);
331 
332  FAIL_IF(PacketAlertCheck(p1, 1));
333 
334  r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, STREAM_TOCLIENT,
335  server_hello, sizeof(server_hello));
336 
337  FAIL_IF(r != 0);
338 
339  SigMatchSignatures(&tv, de_ctx, det_ctx, p2);
340 
341  FAIL_IF(PacketAlertCheck(p2, 1));
342 
343  r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, STREAM_TOCLIENT,
344  certificate, sizeof(certificate));
345 
346  FAIL_IF(r != 0);
347 
348  SigMatchSignatures(&tv, de_ctx, det_ctx, p3);
349 
351 
352  AppLayerParserThreadCtxFree(alp_tctx);
353  DetectEngineThreadCtxDeinit(&tv, det_ctx);
354  SigGroupCleanup(de_ctx);
355  DetectEngineCtxFree(de_ctx);
357  FLOW_DESTROY(&f);
358  UTHFreePacket(p1);
359  UTHFreePacket(p2);
360  UTHFreePacket(p3);
361 
362  PASS;
363 }
364 
365 static void DetectTlsFingerprintRegisterTests(void)
366 {
367  UtRegisterTest("DetectTlsFingerprintTest01", DetectTlsFingerprintTest01);
368  UtRegisterTest("DetectTlsFingerprintTest02", DetectTlsFingerprintTest02);
369 }
Signature * DetectEngineAppendSig(DetectEngineCtx *de_ctx, const char *sigstr)
Parse and append a Signature into the Detection Engine Context signature list.
struct Flow_ * flow
Definition: decode.h:443
int PacketAlertCheck(Packet *p, uint32_t sid)
Check if a certain sid alerted, this is used in the test functions.
uint8_t proto
Definition: flow.h:344
#define PASS
Pass the test.
Signature * SigInit(DetectEngineCtx *, const char *)
Parses a signature and adds it to the Detection Engine Context.
Signature * sig_list
Definition: detect.h:730
#define FAIL_IF(expr)
Fail a test if expression evaluates to false.
Definition: util-unittest.h:71
void AppLayerParserThreadCtxFree(AppLayerParserThreadCtx *tctx)
Destroys the app layer parser thread context obtained using AppLayerParserThreadCtxAlloc().
uint8_t FlowGetProtoMapping(uint8_t proto)
Function to map the protocol to the defined FLOW_PROTO_* enumeration.
Definition: flow-util.c:95
#define FLOW_PKT_ESTABLISHED
Definition: flow.h:203
void StreamTcpFreeConfig(char quiet)
Definition: stream-tcp.c:669
uint64_t pcap_cnt
Definition: decode.h:561
TmEcode DetectEngineThreadCtxInit(ThreadVars *, void *, void **)
initialize thread specific detection engine context
Signature container.
Definition: detect.h:496
#define TRUE
struct SigMatch_ * next
Definition: detect.h:326
main detection engine ctx
Definition: detect.h:724
TmEcode DetectEngineThreadCtxDeinit(ThreadVars *, void *)
SSLv[2.0|3.[0|1|2|3]] state structure.
void * alstate
Definition: flow.h:438
#define DE_QUIET
Definition: detect.h:296
uint8_t flags
Definition: detect.h:725
#define FLOW_DESTROY(f)
Definition: flow-util.h:119
int SigGroupBuild(DetectEngineCtx *de_ctx)
Convert the signature list into the runtime match structure.
uint16_t mpm_matcher
Definition: detect.h:773
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
void SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, Packet *p)
wrapper for old tests
Definition: detect.c:1742
void StreamTcpInitConfig(char)
To initialize the stream global configuration data.
Definition: stream-tcp.c:365
Packet * UTHBuildPacketReal(uint8_t *payload, uint16_t payload_len, uint8_t ipproto, const char *src, const char *dst, uint16_t sport, uint16_t dport)
UTHBuildPacketReal is a function that create tcp/udp packets for unittests specifying ip and port sou...
uint8_t flowflags
Definition: decode.h:437
#define STREAM_TOCLIENT
Definition: stream.h:32
#define FLOW_PKT_TOSERVER
Definition: flow.h:201
AppLayerParserThreadCtx * AppLayerParserThreadCtxAlloc(void)
Gets a new app layer protocol&#39;s parser thread context.
#define FAIL_IF_NOT_NULL(expr)
Fail a test if expression evaluates to non-NULL.
Definition: util-unittest.h:96
int SigGroupCleanup(DetectEngineCtx *de_ctx)
uint8_t type
Definition: detect.h:323
int mpm_default_matcher
Definition: util-mpm.h:170
#define FLOW_INITIALIZE(f)
Definition: flow-util.h:39
#define STREAM_TOSERVER
Definition: stream.h:31
void UTHFreePacket(Packet *p)
UTHFreePacket: function to release the allocated data from UTHBuildPacket and the packet itself...
#define PKT_HAS_FLOW
Definition: decode.h:1092
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
Definition: util-unittest.h:89
Per thread variable structure.
Definition: threadvars.h:57
#define FLOW_PKT_TOCLIENT
Definition: flow.h:202
AppProto alproto
application level protocol
Definition: flow.h:409
uint32_t flags
Definition: decode.h:441
void DetectEngineCtxFree(DetectEngineCtx *)
Free a DetectEngineCtx::
uint8_t protomap
Definition: flow.h:404
Flow data structure.
Definition: flow.h:325
#define FLOW_IPV4
Definition: flow.h:94
uint32_t flags
Definition: flow.h:379
#define PKT_STREAM_EST
Definition: decode.h:1090
a single match condition for a signature
Definition: detect.h:322
#define FAIL_IF_NOT(expr)
Fail a test if expression to true.
Definition: util-unittest.h:82
int AppLayerParserParse(ThreadVars *tv, AppLayerParserThreadCtx *alp_tctx, Flow *f, AppProto alproto, uint8_t flags, uint8_t *input, uint32_t input_len)
DetectEngineCtx * DetectEngineCtxInit(void)