suricata
detect-tls-cert-serial.c
Go to the documentation of this file.
1 /* Copyright (C) 2019 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Mats Klepsland <mats.klepsland@gmail.com>
22  *
23  */
24 
25 #include "detect-engine-build.h"
26 #include "detect-engine-alert.h"
27 #include "app-layer-parser.h"
28 
29 /**
30  * \test Test that a signature containing tls.cert_serial is correctly parsed
31  * and that the keyword is registered.
32  */
33 static int DetectTlsSerialTest01(void)
34 {
35  DetectEngineCtx *de_ctx = DetectEngineCtxInit();
36  FAIL_IF_NULL(de_ctx);
37  de_ctx->flags |= DE_QUIET;
38 
39  Signature *s = DetectEngineAppendSig(de_ctx, "alert tls any any -> any any "
40  "(msg:\"Testing tls.cert_serial\"; "
41  "tls.cert_serial; content:\"XX:XX:XX\"; sid:1;)");
42  FAIL_IF_NULL(s);
43 
44  /* sm should not be in the MATCH list */
45  SigMatch *sm = s->init_data->smlists[DETECT_SM_LIST_MATCH];
46  FAIL_IF_NOT_NULL(sm);
47 
48  sm = DetectBufferGetFirstSigMatch(s, g_tls_cert_serial_buffer_id);
49  FAIL_IF_NULL(sm);
50 
51  FAIL_IF(sm->type != DETECT_CONTENT);
52  FAIL_IF_NOT_NULL(sm->next);
53 
54  DetectEngineCtxFree(de_ctx);
55  PASS;
56 }
57 
58 /**
59  * \test Test matching for serial in a certificate.
60  */
61 static int DetectTlsSerialTest02(void)
62 {
63  /* client hello */
64  uint8_t client_hello[] = {
65  0x16, 0x03, 0x01, 0x00, 0xc8, 0x01, 0x00, 0x00,
66  0xc4, 0x03, 0x03, 0xd6, 0x08, 0x5a, 0xa2, 0x86,
67  0x5b, 0x85, 0xd4, 0x40, 0xab, 0xbe, 0xc0, 0xbc,
68  0x41, 0xf2, 0x26, 0xf0, 0xfe, 0x21, 0xee, 0x8b,
69  0x4c, 0x7e, 0x07, 0xc8, 0xec, 0xd2, 0x00, 0x46,
70  0x4c, 0xeb, 0xb7, 0x00, 0x00, 0x16, 0xc0, 0x2b,
71  0xc0, 0x2f, 0xc0, 0x0a, 0xc0, 0x09, 0xc0, 0x13,
72  0xc0, 0x14, 0x00, 0x33, 0x00, 0x39, 0x00, 0x2f,
73  0x00, 0x35, 0x00, 0x0a, 0x01, 0x00, 0x00, 0x85,
74  0x00, 0x00, 0x00, 0x12, 0x00, 0x10, 0x00, 0x00,
75  0x0d, 0x77, 0x77, 0x77, 0x2e, 0x67, 0x6f, 0x6f,
76  0x67, 0x6c, 0x65, 0x2e, 0x6e, 0x6f, 0xff, 0x01,
77  0x00, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x08, 0x00,
78  0x06, 0x00, 0x17, 0x00, 0x18, 0x00, 0x19, 0x00,
79  0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x23, 0x00,
80  0x00, 0x33, 0x74, 0x00, 0x00, 0x00, 0x10, 0x00,
81  0x29, 0x00, 0x27, 0x05, 0x68, 0x32, 0x2d, 0x31,
82  0x36, 0x05, 0x68, 0x32, 0x2d, 0x31, 0x35, 0x05,
83  0x68, 0x32, 0x2d, 0x31, 0x34, 0x02, 0x68, 0x32,
84  0x08, 0x73, 0x70, 0x64, 0x79, 0x2f, 0x33, 0x2e,
85  0x31, 0x08, 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31,
86  0x2e, 0x31, 0x00, 0x05, 0x00, 0x05, 0x01, 0x00,
87  0x00, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x16, 0x00,
88  0x14, 0x04, 0x01, 0x05, 0x01, 0x06, 0x01, 0x02,
89  0x01, 0x04, 0x03, 0x05, 0x03, 0x06, 0x03, 0x02,
90  0x03, 0x04, 0x02, 0x02, 0x02
91  };
92 
93  /* server hello */
94  uint8_t server_hello[] = {
95  0x16, 0x03, 0x03, 0x00, 0x48, 0x02, 0x00, 0x00,
96  0x44, 0x03, 0x03, 0x57, 0x91, 0xb8, 0x63, 0xdd,
97  0xdb, 0xbb, 0x23, 0xcf, 0x0b, 0x43, 0x02, 0x1d,
98  0x46, 0x11, 0x27, 0x5c, 0x98, 0xcf, 0x67, 0xe1,
99  0x94, 0x3d, 0x62, 0x7d, 0x38, 0x48, 0x21, 0x23,
100  0xa5, 0x62, 0x31, 0x00, 0xc0, 0x2f, 0x00, 0x00,
101  0x1c, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x00,
102  0x00, 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x10,
103  0x00, 0x05, 0x00, 0x03, 0x02, 0x68, 0x32, 0x00,
104  0x0b, 0x00, 0x02, 0x01, 0x00
105  };
106 
107  /* certificate */
108  uint8_t certificate[] = {
109  0x16, 0x03, 0x03, 0x04, 0x93, 0x0b, 0x00, 0x04,
110  0x8f, 0x00, 0x04, 0x8c, 0x00, 0x04, 0x89, 0x30,
111  0x82, 0x04, 0x85, 0x30, 0x82, 0x03, 0x6d, 0xa0,
112  0x03, 0x02, 0x01, 0x02, 0x02, 0x08, 0x5c, 0x19,
113  0xb7, 0xb1, 0x32, 0x3b, 0x1c, 0xa1, 0x30, 0x0d,
114  0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
115  0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x49, 0x31,
116  0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06,
117  0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11,
118  0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0a, 0x47,
119  0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x20, 0x49, 0x6e,
120  0x63, 0x31, 0x25, 0x30, 0x23, 0x06, 0x03, 0x55,
121  0x04, 0x03, 0x13, 0x1c, 0x47, 0x6f, 0x6f, 0x67,
122  0x6c, 0x65, 0x20, 0x49, 0x6e, 0x74, 0x65, 0x72,
123  0x6e, 0x65, 0x74, 0x20, 0x41, 0x75, 0x74, 0x68,
124  0x6f, 0x72, 0x69, 0x74, 0x79, 0x20, 0x47, 0x32,
125  0x30, 0x1e, 0x17, 0x0d, 0x31, 0x36, 0x30, 0x37,
126  0x31, 0x33, 0x31, 0x33, 0x32, 0x34, 0x35, 0x32,
127  0x5a, 0x17, 0x0d, 0x31, 0x36, 0x31, 0x30, 0x30,
128  0x35, 0x31, 0x33, 0x31, 0x36, 0x30, 0x30, 0x5a,
129  0x30, 0x65, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03,
130  0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31,
131  0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08,
132  0x0c, 0x0a, 0x43, 0x61, 0x6c, 0x69, 0x66, 0x6f,
133  0x72, 0x6e, 0x69, 0x61, 0x31, 0x16, 0x30, 0x14,
134  0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x0d, 0x4d,
135  0x6f, 0x75, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x20,
136  0x56, 0x69, 0x65, 0x77, 0x31, 0x13, 0x30, 0x11,
137  0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0a, 0x47,
138  0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x20, 0x49, 0x6e,
139  0x63, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55,
140  0x04, 0x03, 0x0c, 0x0b, 0x2a, 0x2e, 0x67, 0x6f,
141  0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x6e, 0x6f, 0x30,
142  0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a,
143  0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
144  0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30,
145  0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00,
146  0xa5, 0x0a, 0xb9, 0xb1, 0xca, 0x36, 0xd1, 0xae,
147  0x22, 0x38, 0x07, 0x06, 0xc9, 0x1a, 0x56, 0x4f,
148  0xbb, 0xdf, 0xa8, 0x6d, 0xbd, 0xee, 0x76, 0x16,
149  0xbc, 0x53, 0x3c, 0x03, 0x6a, 0x5c, 0x94, 0x50,
150  0x87, 0x2f, 0x28, 0xb4, 0x4e, 0xd5, 0x9b, 0x8f,
151  0xfe, 0x02, 0xde, 0x2a, 0x83, 0x01, 0xf9, 0x45,
152  0x61, 0x0e, 0x66, 0x0e, 0x24, 0x22, 0xe2, 0x59,
153  0x66, 0x0d, 0xd3, 0xe9, 0x77, 0x8a, 0x7e, 0x42,
154  0xaa, 0x5a, 0xf9, 0x05, 0xbf, 0x30, 0xc7, 0x03,
155  0x2b, 0xdc, 0xa6, 0x9c, 0xe0, 0x9f, 0x0d, 0xf1,
156  0x28, 0x19, 0xf8, 0xf2, 0x02, 0xfa, 0xbd, 0x62,
157  0xa0, 0xf3, 0x02, 0x2b, 0xcd, 0xf7, 0x09, 0x04,
158  0x3b, 0x52, 0xd8, 0x65, 0x4b, 0x4a, 0x70, 0xe4,
159  0x57, 0xc9, 0x2e, 0x2a, 0xf6, 0x9c, 0x6e, 0xd8,
160  0xde, 0x01, 0x52, 0xc9, 0x6f, 0xe9, 0xef, 0x82,
161  0xbc, 0x0b, 0x95, 0xb2, 0xef, 0xcb, 0x91, 0xa6,
162  0x0b, 0x2d, 0x14, 0xc6, 0x00, 0xa9, 0x33, 0x86,
163  0x64, 0x00, 0xd4, 0x92, 0x19, 0x53, 0x3d, 0xfd,
164  0xcd, 0xc6, 0x1a, 0xf2, 0x0e, 0x67, 0xc2, 0x1d,
165  0x2c, 0xe0, 0xe8, 0x29, 0x97, 0x1c, 0xb6, 0xc4,
166  0xb2, 0x02, 0x0c, 0x83, 0xb8, 0x60, 0x61, 0xf5,
167  0x61, 0x2d, 0x73, 0x5e, 0x85, 0x4d, 0xbd, 0x0d,
168  0xe7, 0x1a, 0x37, 0x56, 0x8d, 0xe5, 0x50, 0x0c,
169  0xc9, 0x64, 0x4c, 0x11, 0xea, 0xf3, 0xcb, 0x26,
170  0x34, 0xbd, 0x02, 0xf5, 0xc1, 0xfb, 0xa2, 0xec,
171  0x27, 0xbb, 0x60, 0xbe, 0x0b, 0xf6, 0xe7, 0x3c,
172  0x2d, 0xc9, 0xe7, 0xb0, 0x30, 0x28, 0x17, 0x3d,
173  0x90, 0xf1, 0x63, 0x8e, 0x49, 0xf7, 0x15, 0x78,
174  0x21, 0xcc, 0x45, 0xe6, 0x86, 0xb2, 0xd8, 0xb0,
175  0x2e, 0x5a, 0xb0, 0x58, 0xd3, 0xb6, 0x11, 0x40,
176  0xae, 0x81, 0x1f, 0x6b, 0x7a, 0xaf, 0x40, 0x50,
177  0xf9, 0x2e, 0x81, 0x8b, 0xec, 0x26, 0x11, 0x3f,
178  0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01,
179  0x53, 0x30, 0x82, 0x01, 0x4f, 0x30, 0x1d, 0x06,
180  0x03, 0x55, 0x1d, 0x25, 0x04, 0x16, 0x30, 0x14,
181  0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07,
182  0x03, 0x01, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05,
183  0x05, 0x07, 0x03, 0x02, 0x30, 0x21, 0x06, 0x03,
184  0x55, 0x1d, 0x11, 0x04, 0x1a, 0x30, 0x18, 0x82,
185  0x0b, 0x2a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
186  0x65, 0x2e, 0x6e, 0x6f, 0x82, 0x09, 0x67, 0x6f,
187  0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x6e, 0x6f, 0x30,
188  0x68, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05,
189  0x07, 0x01, 0x01, 0x04, 0x5c, 0x30, 0x5a, 0x30,
190  0x2b, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05,
191  0x07, 0x30, 0x02, 0x86, 0x1f, 0x68, 0x74, 0x74,
192  0x70, 0x3a, 0x2f, 0x2f, 0x70, 0x6b, 0x69, 0x2e,
193  0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63,
194  0x6f, 0x6d, 0x2f, 0x47, 0x49, 0x41, 0x47, 0x32,
195  0x2e, 0x63, 0x72, 0x74, 0x30, 0x2b, 0x06, 0x08,
196  0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01,
197  0x86, 0x1f, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f,
198  0x2f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x73,
199  0x31, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
200  0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x63, 0x73,
201  0x70, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e,
202  0x04, 0x16, 0x04, 0x14, 0xc6, 0x53, 0x87, 0x42,
203  0x2d, 0xc8, 0xee, 0x7a, 0x62, 0x1e, 0x83, 0xdb,
204  0x0d, 0xe2, 0x32, 0xeb, 0x8b, 0xaf, 0x69, 0x40,
205  0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01,
206  0x01, 0xff, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1f,
207  0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30,
208  0x16, 0x80, 0x14, 0x4a, 0xdd, 0x06, 0x16, 0x1b,
209  0xbc, 0xf6, 0x68, 0xb5, 0x76, 0xf5, 0x81, 0xb6,
210  0xbb, 0x62, 0x1a, 0xba, 0x5a, 0x81, 0x2f, 0x30,
211  0x21, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x1a,
212  0x30, 0x18, 0x30, 0x0c, 0x06, 0x0a, 0x2b, 0x06,
213  0x01, 0x04, 0x01, 0xd6, 0x79, 0x02, 0x05, 0x01,
214  0x30, 0x08, 0x06, 0x06, 0x67, 0x81, 0x0c, 0x01,
215  0x02, 0x02, 0x30, 0x30, 0x06, 0x03, 0x55, 0x1d,
216  0x1f, 0x04, 0x29, 0x30, 0x27, 0x30, 0x25, 0xa0,
217  0x23, 0xa0, 0x21, 0x86, 0x1f, 0x68, 0x74, 0x74,
218  0x70, 0x3a, 0x2f, 0x2f, 0x70, 0x6b, 0x69, 0x2e,
219  0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63,
220  0x6f, 0x6d, 0x2f, 0x47, 0x49, 0x41, 0x47, 0x32,
221  0x2e, 0x63, 0x72, 0x6c, 0x30, 0x0d, 0x06, 0x09,
222  0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
223  0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00,
224  0x7b, 0x27, 0x00, 0x46, 0x8f, 0xfd, 0x5b, 0xff,
225  0xcb, 0x05, 0x9b, 0xf7, 0xf1, 0x68, 0xf6, 0x9a,
226  0x7b, 0xba, 0x53, 0xdf, 0x63, 0xed, 0x11, 0x94,
227  0x39, 0xf2, 0xd0, 0x20, 0xcd, 0xa3, 0xc4, 0x98,
228  0xa5, 0x10, 0x74, 0xe7, 0x10, 0x6d, 0x07, 0xf8,
229  0x33, 0x87, 0x05, 0x43, 0x0e, 0x64, 0x77, 0x09,
230  0x18, 0x4f, 0x38, 0x2e, 0x45, 0xae, 0xa8, 0x34,
231  0x3a, 0xa8, 0x33, 0xac, 0x9d, 0xdd, 0x25, 0x91,
232  0x59, 0x43, 0xbe, 0x0f, 0x87, 0x16, 0x2f, 0xb5,
233  0x27, 0xfd, 0xce, 0x2f, 0x35, 0x5d, 0x12, 0xa1,
234  0x66, 0xac, 0xf7, 0x95, 0x38, 0x0f, 0xe5, 0xb1,
235  0x18, 0x18, 0xe6, 0x80, 0x52, 0x31, 0x8a, 0x66,
236  0x02, 0x52, 0x1a, 0xa4, 0x32, 0x6a, 0x61, 0x05,
237  0xcf, 0x1d, 0xf9, 0x90, 0x73, 0xf0, 0xeb, 0x20,
238  0x31, 0x7b, 0x2e, 0xc0, 0xb0, 0xfb, 0x5c, 0xcc,
239  0xdc, 0x76, 0x55, 0x72, 0xaf, 0xb1, 0x05, 0xf4,
240  0xad, 0xf9, 0xd7, 0x73, 0x5c, 0x2c, 0xbf, 0x0d,
241  0x84, 0x18, 0x01, 0x1d, 0x4d, 0x08, 0xa9, 0x4e,
242  0x37, 0xb7, 0x58, 0xc4, 0x05, 0x0e, 0x65, 0x63,
243  0xd2, 0x88, 0x02, 0xf5, 0x82, 0x17, 0x08, 0xd5,
244  0x8f, 0x80, 0xc7, 0x82, 0x29, 0xbb, 0xe1, 0x04,
245  0xbe, 0xf6, 0xe1, 0x8c, 0xbc, 0x3a, 0xf8, 0xf9,
246  0x56, 0xda, 0xdc, 0x8e, 0xc6, 0xe6, 0x63, 0x98,
247  0x12, 0x08, 0x41, 0x2c, 0x9d, 0x7c, 0x82, 0x0d,
248  0x1e, 0xea, 0xba, 0xde, 0x32, 0x09, 0xda, 0x52,
249  0x24, 0x4f, 0xcc, 0xb6, 0x09, 0x33, 0x8b, 0x00,
250  0xf9, 0x83, 0xb3, 0xc6, 0xa4, 0x90, 0x49, 0x83,
251  0x2d, 0x36, 0xd9, 0x11, 0x78, 0xd0, 0x62, 0x9f,
252  0xc4, 0x8f, 0x84, 0xba, 0x7f, 0xaa, 0x04, 0xf1,
253  0xd9, 0xa4, 0xad, 0x5d, 0x63, 0xee, 0x72, 0xc6,
254  0x4d, 0xd1, 0x4b, 0x41, 0x8f, 0x40, 0x0f, 0x7d,
255  0xcd, 0xb8, 0x2e, 0x5b, 0x6e, 0x21, 0xc9, 0x3d
256  };
257 
258  Flow f;
259  SSLState *ssl_state = NULL;
260  TcpSession ssn;
261  Packet *p1 = NULL;
262  Packet *p2 = NULL;
263  Packet *p3 = NULL;
264  ThreadVars tv;
265  DetectEngineThreadCtx *det_ctx = NULL;
266  AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc();
267 
268  memset(&tv, 0, sizeof(ThreadVars));
269  memset(&f, 0, sizeof(Flow));
270  memset(&ssn, 0, sizeof(TcpSession));
271 
272  p1 = UTHBuildPacketReal(client_hello, sizeof(client_hello), IPPROTO_TCP,
273  "192.168.1.5", "192.168.1.1", 51251, 443);
274  p2 = UTHBuildPacketReal(server_hello, sizeof(server_hello), IPPROTO_TCP,
275  "192.168.1.1", "192.168.1.5", 443, 51251);
276  p3 = UTHBuildPacketReal(certificate, sizeof(certificate), IPPROTO_TCP,
277  "192.168.1.1", "192.168.1.5", 443, 51251);
278 
279  FLOW_INITIALIZE(&f);
280  f.flags |= FLOW_IPV4;
281  f.proto = IPPROTO_TCP;
282  f.protomap = FlowGetProtoMapping(f.proto);
283  f.alproto = ALPROTO_TLS;
284 
285  p1->flow = &f;
286  p1->flags |= PKT_HAS_FLOW | PKT_STREAM_EST;
287  p1->flowflags |= FLOW_PKT_TOSERVER;
288  p1->flowflags |= FLOW_PKT_ESTABLISHED;
289  p1->pcap_cnt = 1;
290 
291  p2->flow = &f;
292  p2->flags |= PKT_HAS_FLOW | PKT_STREAM_EST;
293  p2->flowflags |= FLOW_PKT_TOCLIENT;
294  p2->flowflags |= FLOW_PKT_ESTABLISHED;
295  p2->pcap_cnt = 2;
296 
297  p3->flow = &f;
298  p3->flags |= PKT_HAS_FLOW | PKT_STREAM_EST;
299  p3->flowflags |= FLOW_PKT_TOCLIENT;
300  p3->flowflags |= FLOW_PKT_ESTABLISHED;
301  p3->pcap_cnt = 3;
302 
303  StreamTcpInitConfig(true);
304 
305  DetectEngineCtx *de_ctx = DetectEngineCtxInit();
306  FAIL_IF_NULL(de_ctx);
307 
308  de_ctx->mpm_matcher = mpm_default_matcher;
309  de_ctx->flags |= DE_QUIET;
310 
311  Signature *s = DetectEngineAppendSig(de_ctx, "alert tls any any -> any any "
312  "(msg:\"Test tls.cert_serial\"; "
313  "tls.cert_serial; "
314  "content:\"5C:19:B7:B1:32:3B:1C:A1\"; "
315  "sid:1;)");
316  FAIL_IF_NULL(s);
317 
318  SigGroupBuild(de_ctx);
319  DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
320 
321  int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS,
322  STREAM_TOSERVER, client_hello,
323  sizeof(client_hello));
324 
325  FAIL_IF(r != 0);
326 
327  ssl_state = f.alstate;
328  FAIL_IF_NULL(ssl_state);
329 
330  SigMatchSignatures(&tv, de_ctx, det_ctx, p1);
331 
332  FAIL_IF(PacketAlertCheck(p1, 1));
333 
334  r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, STREAM_TOCLIENT,
335  server_hello, sizeof(server_hello));
336 
337  FAIL_IF(r != 0);
338 
339  SigMatchSignatures(&tv, de_ctx, det_ctx, p2);
340 
341  FAIL_IF(PacketAlertCheck(p2, 1));
342 
343  r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, STREAM_TOCLIENT,
344  certificate, sizeof(certificate));
345 
346  FAIL_IF(r != 0);
347 
348  SigMatchSignatures(&tv, de_ctx, det_ctx, p3);
349 
350  FAIL_IF_NOT(PacketAlertCheck(p3, 1));
351 
352  if (alp_tctx != NULL)
353  AppLayerParserThreadCtxFree(alp_tctx);
354  if (det_ctx != NULL)
355  DetectEngineThreadCtxDeinit(&tv, det_ctx);
356  if (de_ctx != NULL)
357  SigGroupCleanup(de_ctx);
358  if (de_ctx != NULL)
359  DetectEngineCtxFree(de_ctx);
360 
361  StreamTcpFreeConfig(true);
362  FLOW_DESTROY(&f);
363  UTHFreePacket(p1);
364  UTHFreePacket(p2);
365  UTHFreePacket(p3);
366 
367  PASS;
368 }
369 
370 static void DetectTlsSerialRegisterTests(void)
371 {
372  UtRegisterTest("DetectTlsSerialTest01", DetectTlsSerialTest01);
373  UtRegisterTest("DetectTlsSerialTest02", DetectTlsSerialTest02);
374 }
SSLState_
SSLv[2.0|3.[0|1|2|3]] state structure.
Definition: app-layer-ssl.h:284
FAIL_IF_NULL
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
Definition: util-unittest.h:89
SignatureInitData_::smlists
struct SigMatch_ * smlists[DETECT_SM_LIST_MAX]
Definition: detect.h:542
PKT_HAS_FLOW
#define PKT_HAS_FLOW
Definition: decode.h:1007
UtRegisterTest
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
Definition: util-unittest.c:103
DETECT_CONTENT
@ DETECT_CONTENT
Definition: detect-engine-register.h:62
ALPROTO_TLS
@ ALPROTO_TLS
Definition: app-layer-protos.h:33
Packet_::pcap_cnt
uint64_t pcap_cnt
Definition: decode.h:595
Flow_::proto
uint8_t proto
Definition: flow.h:365
PacketAlertCheck
int PacketAlertCheck(Packet *p, uint32_t sid)
Check if a certain sid alerted, this is used in the test functions.
Definition: detect-engine-alert.c:141
Packet_::flags
uint32_t flags
Definition: decode.h:464
Flow_
Flow data structure.
Definition: flow.h:343
Flow_::protomap
uint8_t protomap
Definition: flow.h:437
DetectEngineCtx_
main detection engine ctx
Definition: detect.h:801
DetectEngineCtxFree
void DetectEngineCtxFree(DetectEngineCtx *)
Free a DetectEngineCtx::
Definition: detect-engine.c:2588
AppLayerParserThreadCtxFree
void AppLayerParserThreadCtxFree(AppLayerParserThreadCtx *tctx)
Destroys the app layer parser thread context obtained using AppLayerParserThreadCtxAlloc().
Definition: app-layer-parser.c:314
FLOW_PKT_TOSERVER
#define FLOW_PKT_TOSERVER
Definition: flow.h:218
DE_QUIET
#define DE_QUIET
Definition: detect.h:290
mpm_default_matcher
uint8_t mpm_default_matcher
Definition: util-mpm.c:49
SigMatchSignatures
void SigMatchSignatures(ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, Packet *p)
wrapper for old tests
Definition: detect.c:1822
DetectEngineAppendSig
Signature * DetectEngineAppendSig(DetectEngineCtx *, const char *)
Parse and append a Signature into the Detection Engine Context signature list.
Definition: detect-parse.c:2493
Packet_::flowflags
uint8_t flowflags
Definition: decode.h:460
UTHBuildPacketReal
Packet * UTHBuildPacketReal(uint8_t *payload, uint16_t payload_len, uint8_t ipproto, const char *src, const char *dst, uint16_t sport, uint16_t dport)
UTHBuildPacketReal is a function that create tcp/udp packets for unittests specifying ip and port sou...
Definition: util-unittest-helper.c:244
FLOW_IPV4
#define FLOW_IPV4
Definition: flow.h:96
FAIL_IF_NOT
#define FAIL_IF_NOT(expr)
Fail a test if expression evaluates to false.
Definition: util-unittest.h:82
StreamTcpInitConfig
void StreamTcpInitConfig(bool)
To initialize the stream global configuration data.
Definition: stream-tcp.c:359
FLOW_INITIALIZE
#define FLOW_INITIALIZE(f)
Definition: flow-util.h:38
FAIL_IF_NOT_NULL
#define FAIL_IF_NOT_NULL(expr)
Fail a test if expression evaluates to non-NULL.
Definition: util-unittest.h:96
PASS
#define PASS
Pass the test.
Definition: util-unittest.h:105
de_ctx
DetectEngineCtx * de_ctx
Definition: fuzz_siginit.c:17
DetectEngineThreadCtx_
Definition: detect.h:1032
alp_tctx
AppLayerParserThreadCtx * alp_tctx
Definition: fuzz_applayerparserparse.c:22
ThreadVars_
Per thread variable structure.
Definition: threadvars.h:57
SigMatch_::next
struct SigMatch_ * next
Definition: detect.h:320
DetectEngineCtx_::mpm_matcher
uint8_t mpm_matcher
Definition: detect.h:849
DETECT_SM_LIST_MATCH
@ DETECT_SM_LIST_MATCH
Definition: detect.h:79
app-layer-parser.h
SigGroupCleanup
int SigGroupCleanup(DetectEngineCtx *de_ctx)
Definition: detect-engine-build.c:2003
FlowGetProtoMapping
uint8_t FlowGetProtoMapping(uint8_t proto)
Function to map the protocol to the defined FLOW_PROTO_* enumeration.
Definition: flow-util.c:98
Packet_
Definition: decode.h:429
detect-engine-build.h
detect-engine-alert.h
Signature_::init_data
SignatureInitData * init_data
Definition: detect.h:628
FLOW_PKT_TOCLIENT
#define FLOW_PKT_TOCLIENT
Definition: flow.h:219
SigGroupBuild
int SigGroupBuild(DetectEngineCtx *de_ctx)
Convert the signature list into the runtime match structure.
Definition: detect-engine-build.c:1934
AppLayerParserThreadCtxAlloc
AppLayerParserThreadCtx * AppLayerParserThreadCtxAlloc(void)
Gets a new app layer protocol's parser thread context.
Definition: app-layer-parser.c:293
Packet_::flow
struct Flow_ * flow
Definition: decode.h:466
DetectEngineThreadCtxInit
TmEcode DetectEngineThreadCtxInit(ThreadVars *, void *, void **)
initialize thread specific detection engine context
Definition: detect-engine.c:3300
FAIL_IF
#define FAIL_IF(expr)
Fail a test if expression evaluates to true.
Definition: util-unittest.h:71
StreamTcpFreeConfig
void StreamTcpFreeConfig(bool quiet)
Definition: stream-tcp.c:695
AppLayerParserParse
int AppLayerParserParse(ThreadVars *tv, AppLayerParserThreadCtx *alp_tctx, Flow *f, AppProto alproto, uint8_t flags, const uint8_t *input, uint32_t input_len)
Definition: app-layer-parser.c:1307
DetectEngineThreadCtxDeinit
TmEcode DetectEngineThreadCtxDeinit(ThreadVars *, void *)
Definition: detect-engine.c:3514
SigMatch_::type
uint16_t type
Definition: detect.h:317
DetectBufferGetFirstSigMatch
SigMatch * DetectBufferGetFirstSigMatch(const Signature *s, const uint32_t buf_id)
Definition: detect-engine.c:1355
tv
ThreadVars * tv
Definition: fuzz_decodepcapfile.c:32
UTHFreePacket
void UTHFreePacket(Packet *p)
UTHFreePacket: function to release the allocated data from UTHBuildPacket and the packet itself.
Definition: util-unittest-helper.c:485
Flow_::alstate
void * alstate
Definition: flow.h:468
Flow_::flags
uint32_t flags
Definition: flow.h:413
Signature_
Signature container.
Definition: detect.h:557
SigMatch_
a single match condition for a signature
Definition: detect.h:316
FLOW_PKT_ESTABLISHED
#define FLOW_PKT_ESTABLISHED
Definition: flow.h:220
DetectEngineCtxInit
DetectEngineCtx * DetectEngineCtxInit(void)
Definition: detect-engine.c:2549
DetectEngineCtx_::flags
uint8_t flags
Definition: detect.h:848
AppLayerParserThreadCtx_
Definition: app-layer-parser.c:66
TcpSession_
Definition: stream-tcp-private.h:283
Flow_::alproto
AppProto alproto
application level protocol
Definition: flow.h:442
FLOW_DESTROY
#define FLOW_DESTROY(f)
Definition: flow-util.h:127
PKT_STREAM_EST
#define PKT_STREAM_EST
Definition: decode.h:1004