suricata
detect-tls-cert-serial.c
Go to the documentation of this file.
1 /* Copyright (C) 2019 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Mats Klepsland <mats.klepsland@gmail.com>
22  *
23  */
24 
25 #include "detect-engine-build.h"
26 #include "detect-engine-alert.h"
27 #include "app-layer-parser.h"
28 
29 /**
30  * \test Test that a signature containing tls.cert_serial is correctly parsed
31  * and that the keyword is registered.
32  */
33 static int DetectTlsSerialTest01(void)
34 {
35  DetectEngineCtx *de_ctx = DetectEngineCtxInit();
36  FAIL_IF_NULL(de_ctx);
37 
38  de_ctx->flags |= DE_QUIET;
39  de_ctx->sig_list = SigInit(de_ctx, "alert tls any any -> any any "
40  "(msg:\"Testing tls.cert_serial\"; "
41  "tls.cert_serial; content:\"XX:XX:XX\"; sid:1;)");
42  FAIL_IF_NULL(de_ctx->sig_list);
43 
44  /* sm should not be in the MATCH list */
45  SigMatch *sm = de_ctx->sig_list->sm_lists[DETECT_SM_LIST_MATCH];
46  FAIL_IF_NOT_NULL(sm);
47 
48  sm = de_ctx->sig_list->sm_lists[g_tls_cert_serial_buffer_id];
49  FAIL_IF_NULL(sm);
50 
51  FAIL_IF(sm->type != DETECT_CONTENT);
52  FAIL_IF_NOT_NULL(sm->next);
53 
54  SigGroupCleanup(de_ctx);
55  DetectEngineCtxFree(de_ctx);
56 
57  PASS;
58 }
59 
60 /**
61  * \test Test matching for serial in a certificate.
62  */
63 static int DetectTlsSerialTest02(void)
64 {
65  /* client hello */
66  uint8_t client_hello[] = {
67  0x16, 0x03, 0x01, 0x00, 0xc8, 0x01, 0x00, 0x00,
68  0xc4, 0x03, 0x03, 0xd6, 0x08, 0x5a, 0xa2, 0x86,
69  0x5b, 0x85, 0xd4, 0x40, 0xab, 0xbe, 0xc0, 0xbc,
70  0x41, 0xf2, 0x26, 0xf0, 0xfe, 0x21, 0xee, 0x8b,
71  0x4c, 0x7e, 0x07, 0xc8, 0xec, 0xd2, 0x00, 0x46,
72  0x4c, 0xeb, 0xb7, 0x00, 0x00, 0x16, 0xc0, 0x2b,
73  0xc0, 0x2f, 0xc0, 0x0a, 0xc0, 0x09, 0xc0, 0x13,
74  0xc0, 0x14, 0x00, 0x33, 0x00, 0x39, 0x00, 0x2f,
75  0x00, 0x35, 0x00, 0x0a, 0x01, 0x00, 0x00, 0x85,
76  0x00, 0x00, 0x00, 0x12, 0x00, 0x10, 0x00, 0x00,
77  0x0d, 0x77, 0x77, 0x77, 0x2e, 0x67, 0x6f, 0x6f,
78  0x67, 0x6c, 0x65, 0x2e, 0x6e, 0x6f, 0xff, 0x01,
79  0x00, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x08, 0x00,
80  0x06, 0x00, 0x17, 0x00, 0x18, 0x00, 0x19, 0x00,
81  0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x23, 0x00,
82  0x00, 0x33, 0x74, 0x00, 0x00, 0x00, 0x10, 0x00,
83  0x29, 0x00, 0x27, 0x05, 0x68, 0x32, 0x2d, 0x31,
84  0x36, 0x05, 0x68, 0x32, 0x2d, 0x31, 0x35, 0x05,
85  0x68, 0x32, 0x2d, 0x31, 0x34, 0x02, 0x68, 0x32,
86  0x08, 0x73, 0x70, 0x64, 0x79, 0x2f, 0x33, 0x2e,
87  0x31, 0x08, 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31,
88  0x2e, 0x31, 0x00, 0x05, 0x00, 0x05, 0x01, 0x00,
89  0x00, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x16, 0x00,
90  0x14, 0x04, 0x01, 0x05, 0x01, 0x06, 0x01, 0x02,
91  0x01, 0x04, 0x03, 0x05, 0x03, 0x06, 0x03, 0x02,
92  0x03, 0x04, 0x02, 0x02, 0x02
93  };
94 
95  /* server hello */
96  uint8_t server_hello[] = {
97  0x16, 0x03, 0x03, 0x00, 0x48, 0x02, 0x00, 0x00,
98  0x44, 0x03, 0x03, 0x57, 0x91, 0xb8, 0x63, 0xdd,
99  0xdb, 0xbb, 0x23, 0xcf, 0x0b, 0x43, 0x02, 0x1d,
100  0x46, 0x11, 0x27, 0x5c, 0x98, 0xcf, 0x67, 0xe1,
101  0x94, 0x3d, 0x62, 0x7d, 0x38, 0x48, 0x21, 0x23,
102  0xa5, 0x62, 0x31, 0x00, 0xc0, 0x2f, 0x00, 0x00,
103  0x1c, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x00,
104  0x00, 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x10,
105  0x00, 0x05, 0x00, 0x03, 0x02, 0x68, 0x32, 0x00,
106  0x0b, 0x00, 0x02, 0x01, 0x00
107  };
108 
109  /* certificate */
110  uint8_t certificate[] = {
111  0x16, 0x03, 0x03, 0x04, 0x93, 0x0b, 0x00, 0x04,
112  0x8f, 0x00, 0x04, 0x8c, 0x00, 0x04, 0x89, 0x30,
113  0x82, 0x04, 0x85, 0x30, 0x82, 0x03, 0x6d, 0xa0,
114  0x03, 0x02, 0x01, 0x02, 0x02, 0x08, 0x5c, 0x19,
115  0xb7, 0xb1, 0x32, 0x3b, 0x1c, 0xa1, 0x30, 0x0d,
116  0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
117  0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x49, 0x31,
118  0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06,
119  0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11,
120  0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0a, 0x47,
121  0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x20, 0x49, 0x6e,
122  0x63, 0x31, 0x25, 0x30, 0x23, 0x06, 0x03, 0x55,
123  0x04, 0x03, 0x13, 0x1c, 0x47, 0x6f, 0x6f, 0x67,
124  0x6c, 0x65, 0x20, 0x49, 0x6e, 0x74, 0x65, 0x72,
125  0x6e, 0x65, 0x74, 0x20, 0x41, 0x75, 0x74, 0x68,
126  0x6f, 0x72, 0x69, 0x74, 0x79, 0x20, 0x47, 0x32,
127  0x30, 0x1e, 0x17, 0x0d, 0x31, 0x36, 0x30, 0x37,
128  0x31, 0x33, 0x31, 0x33, 0x32, 0x34, 0x35, 0x32,
129  0x5a, 0x17, 0x0d, 0x31, 0x36, 0x31, 0x30, 0x30,
130  0x35, 0x31, 0x33, 0x31, 0x36, 0x30, 0x30, 0x5a,
131  0x30, 0x65, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03,
132  0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31,
133  0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08,
134  0x0c, 0x0a, 0x43, 0x61, 0x6c, 0x69, 0x66, 0x6f,
135  0x72, 0x6e, 0x69, 0x61, 0x31, 0x16, 0x30, 0x14,
136  0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x0d, 0x4d,
137  0x6f, 0x75, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x20,
138  0x56, 0x69, 0x65, 0x77, 0x31, 0x13, 0x30, 0x11,
139  0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0a, 0x47,
140  0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x20, 0x49, 0x6e,
141  0x63, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55,
142  0x04, 0x03, 0x0c, 0x0b, 0x2a, 0x2e, 0x67, 0x6f,
143  0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x6e, 0x6f, 0x30,
144  0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a,
145  0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
146  0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30,
147  0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00,
148  0xa5, 0x0a, 0xb9, 0xb1, 0xca, 0x36, 0xd1, 0xae,
149  0x22, 0x38, 0x07, 0x06, 0xc9, 0x1a, 0x56, 0x4f,
150  0xbb, 0xdf, 0xa8, 0x6d, 0xbd, 0xee, 0x76, 0x16,
151  0xbc, 0x53, 0x3c, 0x03, 0x6a, 0x5c, 0x94, 0x50,
152  0x87, 0x2f, 0x28, 0xb4, 0x4e, 0xd5, 0x9b, 0x8f,
153  0xfe, 0x02, 0xde, 0x2a, 0x83, 0x01, 0xf9, 0x45,
154  0x61, 0x0e, 0x66, 0x0e, 0x24, 0x22, 0xe2, 0x59,
155  0x66, 0x0d, 0xd3, 0xe9, 0x77, 0x8a, 0x7e, 0x42,
156  0xaa, 0x5a, 0xf9, 0x05, 0xbf, 0x30, 0xc7, 0x03,
157  0x2b, 0xdc, 0xa6, 0x9c, 0xe0, 0x9f, 0x0d, 0xf1,
158  0x28, 0x19, 0xf8, 0xf2, 0x02, 0xfa, 0xbd, 0x62,
159  0xa0, 0xf3, 0x02, 0x2b, 0xcd, 0xf7, 0x09, 0x04,
160  0x3b, 0x52, 0xd8, 0x65, 0x4b, 0x4a, 0x70, 0xe4,
161  0x57, 0xc9, 0x2e, 0x2a, 0xf6, 0x9c, 0x6e, 0xd8,
162  0xde, 0x01, 0x52, 0xc9, 0x6f, 0xe9, 0xef, 0x82,
163  0xbc, 0x0b, 0x95, 0xb2, 0xef, 0xcb, 0x91, 0xa6,
164  0x0b, 0x2d, 0x14, 0xc6, 0x00, 0xa9, 0x33, 0x86,
165  0x64, 0x00, 0xd4, 0x92, 0x19, 0x53, 0x3d, 0xfd,
166  0xcd, 0xc6, 0x1a, 0xf2, 0x0e, 0x67, 0xc2, 0x1d,
167  0x2c, 0xe0, 0xe8, 0x29, 0x97, 0x1c, 0xb6, 0xc4,
168  0xb2, 0x02, 0x0c, 0x83, 0xb8, 0x60, 0x61, 0xf5,
169  0x61, 0x2d, 0x73, 0x5e, 0x85, 0x4d, 0xbd, 0x0d,
170  0xe7, 0x1a, 0x37, 0x56, 0x8d, 0xe5, 0x50, 0x0c,
171  0xc9, 0x64, 0x4c, 0x11, 0xea, 0xf3, 0xcb, 0x26,
172  0x34, 0xbd, 0x02, 0xf5, 0xc1, 0xfb, 0xa2, 0xec,
173  0x27, 0xbb, 0x60, 0xbe, 0x0b, 0xf6, 0xe7, 0x3c,
174  0x2d, 0xc9, 0xe7, 0xb0, 0x30, 0x28, 0x17, 0x3d,
175  0x90, 0xf1, 0x63, 0x8e, 0x49, 0xf7, 0x15, 0x78,
176  0x21, 0xcc, 0x45, 0xe6, 0x86, 0xb2, 0xd8, 0xb0,
177  0x2e, 0x5a, 0xb0, 0x58, 0xd3, 0xb6, 0x11, 0x40,
178  0xae, 0x81, 0x1f, 0x6b, 0x7a, 0xaf, 0x40, 0x50,
179  0xf9, 0x2e, 0x81, 0x8b, 0xec, 0x26, 0x11, 0x3f,
180  0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01,
181  0x53, 0x30, 0x82, 0x01, 0x4f, 0x30, 0x1d, 0x06,
182  0x03, 0x55, 0x1d, 0x25, 0x04, 0x16, 0x30, 0x14,
183  0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07,
184  0x03, 0x01, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05,
185  0x05, 0x07, 0x03, 0x02, 0x30, 0x21, 0x06, 0x03,
186  0x55, 0x1d, 0x11, 0x04, 0x1a, 0x30, 0x18, 0x82,
187  0x0b, 0x2a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
188  0x65, 0x2e, 0x6e, 0x6f, 0x82, 0x09, 0x67, 0x6f,
189  0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x6e, 0x6f, 0x30,
190  0x68, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05,
191  0x07, 0x01, 0x01, 0x04, 0x5c, 0x30, 0x5a, 0x30,
192  0x2b, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05,
193  0x07, 0x30, 0x02, 0x86, 0x1f, 0x68, 0x74, 0x74,
194  0x70, 0x3a, 0x2f, 0x2f, 0x70, 0x6b, 0x69, 0x2e,
195  0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63,
196  0x6f, 0x6d, 0x2f, 0x47, 0x49, 0x41, 0x47, 0x32,
197  0x2e, 0x63, 0x72, 0x74, 0x30, 0x2b, 0x06, 0x08,
198  0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01,
199  0x86, 0x1f, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f,
200  0x2f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x73,
201  0x31, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
202  0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x63, 0x73,
203  0x70, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e,
204  0x04, 0x16, 0x04, 0x14, 0xc6, 0x53, 0x87, 0x42,
205  0x2d, 0xc8, 0xee, 0x7a, 0x62, 0x1e, 0x83, 0xdb,
206  0x0d, 0xe2, 0x32, 0xeb, 0x8b, 0xaf, 0x69, 0x40,
207  0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01,
208  0x01, 0xff, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1f,
209  0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30,
210  0x16, 0x80, 0x14, 0x4a, 0xdd, 0x06, 0x16, 0x1b,
211  0xbc, 0xf6, 0x68, 0xb5, 0x76, 0xf5, 0x81, 0xb6,
212  0xbb, 0x62, 0x1a, 0xba, 0x5a, 0x81, 0x2f, 0x30,
213  0x21, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x1a,
214  0x30, 0x18, 0x30, 0x0c, 0x06, 0x0a, 0x2b, 0x06,
215  0x01, 0x04, 0x01, 0xd6, 0x79, 0x02, 0x05, 0x01,
216  0x30, 0x08, 0x06, 0x06, 0x67, 0x81, 0x0c, 0x01,
217  0x02, 0x02, 0x30, 0x30, 0x06, 0x03, 0x55, 0x1d,
218  0x1f, 0x04, 0x29, 0x30, 0x27, 0x30, 0x25, 0xa0,
219  0x23, 0xa0, 0x21, 0x86, 0x1f, 0x68, 0x74, 0x74,
220  0x70, 0x3a, 0x2f, 0x2f, 0x70, 0x6b, 0x69, 0x2e,
221  0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63,
222  0x6f, 0x6d, 0x2f, 0x47, 0x49, 0x41, 0x47, 0x32,
223  0x2e, 0x63, 0x72, 0x6c, 0x30, 0x0d, 0x06, 0x09,
224  0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
225  0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00,
226  0x7b, 0x27, 0x00, 0x46, 0x8f, 0xfd, 0x5b, 0xff,
227  0xcb, 0x05, 0x9b, 0xf7, 0xf1, 0x68, 0xf6, 0x9a,
228  0x7b, 0xba, 0x53, 0xdf, 0x63, 0xed, 0x11, 0x94,
229  0x39, 0xf2, 0xd0, 0x20, 0xcd, 0xa3, 0xc4, 0x98,
230  0xa5, 0x10, 0x74, 0xe7, 0x10, 0x6d, 0x07, 0xf8,
231  0x33, 0x87, 0x05, 0x43, 0x0e, 0x64, 0x77, 0x09,
232  0x18, 0x4f, 0x38, 0x2e, 0x45, 0xae, 0xa8, 0x34,
233  0x3a, 0xa8, 0x33, 0xac, 0x9d, 0xdd, 0x25, 0x91,
234  0x59, 0x43, 0xbe, 0x0f, 0x87, 0x16, 0x2f, 0xb5,
235  0x27, 0xfd, 0xce, 0x2f, 0x35, 0x5d, 0x12, 0xa1,
236  0x66, 0xac, 0xf7, 0x95, 0x38, 0x0f, 0xe5, 0xb1,
237  0x18, 0x18, 0xe6, 0x80, 0x52, 0x31, 0x8a, 0x66,
238  0x02, 0x52, 0x1a, 0xa4, 0x32, 0x6a, 0x61, 0x05,
239  0xcf, 0x1d, 0xf9, 0x90, 0x73, 0xf0, 0xeb, 0x20,
240  0x31, 0x7b, 0x2e, 0xc0, 0xb0, 0xfb, 0x5c, 0xcc,
241  0xdc, 0x76, 0x55, 0x72, 0xaf, 0xb1, 0x05, 0xf4,
242  0xad, 0xf9, 0xd7, 0x73, 0x5c, 0x2c, 0xbf, 0x0d,
243  0x84, 0x18, 0x01, 0x1d, 0x4d, 0x08, 0xa9, 0x4e,
244  0x37, 0xb7, 0x58, 0xc4, 0x05, 0x0e, 0x65, 0x63,
245  0xd2, 0x88, 0x02, 0xf5, 0x82, 0x17, 0x08, 0xd5,
246  0x8f, 0x80, 0xc7, 0x82, 0x29, 0xbb, 0xe1, 0x04,
247  0xbe, 0xf6, 0xe1, 0x8c, 0xbc, 0x3a, 0xf8, 0xf9,
248  0x56, 0xda, 0xdc, 0x8e, 0xc6, 0xe6, 0x63, 0x98,
249  0x12, 0x08, 0x41, 0x2c, 0x9d, 0x7c, 0x82, 0x0d,
250  0x1e, 0xea, 0xba, 0xde, 0x32, 0x09, 0xda, 0x52,
251  0x24, 0x4f, 0xcc, 0xb6, 0x09, 0x33, 0x8b, 0x00,
252  0xf9, 0x83, 0xb3, 0xc6, 0xa4, 0x90, 0x49, 0x83,
253  0x2d, 0x36, 0xd9, 0x11, 0x78, 0xd0, 0x62, 0x9f,
254  0xc4, 0x8f, 0x84, 0xba, 0x7f, 0xaa, 0x04, 0xf1,
255  0xd9, 0xa4, 0xad, 0x5d, 0x63, 0xee, 0x72, 0xc6,
256  0x4d, 0xd1, 0x4b, 0x41, 0x8f, 0x40, 0x0f, 0x7d,
257  0xcd, 0xb8, 0x2e, 0x5b, 0x6e, 0x21, 0xc9, 0x3d
258  };
259 
260  Flow f;
261  SSLState *ssl_state = NULL;
262  TcpSession ssn;
263  Packet *p1 = NULL;
264  Packet *p2 = NULL;
265  Packet *p3 = NULL;
266  ThreadVars tv;
267  DetectEngineThreadCtx *det_ctx = NULL;
268  AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc();
269 
270  memset(&tv, 0, sizeof(ThreadVars));
271  memset(&f, 0, sizeof(Flow));
272  memset(&ssn, 0, sizeof(TcpSession));
273 
274  p1 = UTHBuildPacketReal(client_hello, sizeof(client_hello), IPPROTO_TCP,
275  "192.168.1.5", "192.168.1.1", 51251, 443);
276  p2 = UTHBuildPacketReal(server_hello, sizeof(server_hello), IPPROTO_TCP,
277  "192.168.1.1", "192.168.1.5", 443, 51251);
278  p3 = UTHBuildPacketReal(certificate, sizeof(certificate), IPPROTO_TCP,
279  "192.168.1.1", "192.168.1.5", 443, 51251);
280 
281  FLOW_INITIALIZE(&f);
282  f.flags |= FLOW_IPV4;
283  f.proto = IPPROTO_TCP;
284  f.protomap = FlowGetProtoMapping(f.proto);
285  f.alproto = ALPROTO_TLS;
286 
287  p1->flow = &f;
288  p1->flags |= PKT_HAS_FLOW | PKT_STREAM_EST;
289  p1->flowflags |= FLOW_PKT_TOSERVER;
290  p1->flowflags |= FLOW_PKT_ESTABLISHED;
291  p1->pcap_cnt = 1;
292 
293  p2->flow = &f;
294  p2->flags |= PKT_HAS_FLOW | PKT_STREAM_EST;
295  p2->flowflags |= FLOW_PKT_TOCLIENT;
296  p2->flowflags |= FLOW_PKT_ESTABLISHED;
297  p2->pcap_cnt = 2;
298 
299  p3->flow = &f;
300  p3->flags |= PKT_HAS_FLOW | PKT_STREAM_EST;
301  p3->flowflags |= FLOW_PKT_TOCLIENT;
302  p3->flowflags |= FLOW_PKT_ESTABLISHED;
303  p3->pcap_cnt = 3;
304 
305  StreamTcpInitConfig(true);
306 
307  DetectEngineCtx *de_ctx = DetectEngineCtxInit();
308  FAIL_IF_NULL(de_ctx);
309 
310  de_ctx->mpm_matcher = mpm_default_matcher;
311  de_ctx->flags |= DE_QUIET;
312 
313  Signature *s = DetectEngineAppendSig(de_ctx, "alert tls any any -> any any "
314  "(msg:\"Test tls.cert_serial\"; "
315  "tls.cert_serial; "
316  "content:\"5C:19:B7:B1:32:3B:1C:A1\"; "
317  "sid:1;)");
318  FAIL_IF_NULL(s);
319 
320  SigGroupBuild(de_ctx);
321  DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
322 
323  int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS,
324  STREAM_TOSERVER, client_hello,
325  sizeof(client_hello));
326 
327  FAIL_IF(r != 0);
328 
329  ssl_state = f.alstate;
330  FAIL_IF_NULL(ssl_state);
331 
332  SigMatchSignatures(&tv, de_ctx, det_ctx, p1);
333 
334  FAIL_IF(PacketAlertCheck(p1, 1));
335 
336  r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, STREAM_TOCLIENT,
337  server_hello, sizeof(server_hello));
338 
339  FAIL_IF(r != 0);
340 
341  SigMatchSignatures(&tv, de_ctx, det_ctx, p2);
342 
343  FAIL_IF(PacketAlertCheck(p2, 1));
344 
345  r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, STREAM_TOCLIENT,
346  certificate, sizeof(certificate));
347 
348  FAIL_IF(r != 0);
349 
350  SigMatchSignatures(&tv, de_ctx, det_ctx, p3);
351 
352  FAIL_IF_NOT(PacketAlertCheck(p3, 1));
353 
354  if (alp_tctx != NULL)
355  AppLayerParserThreadCtxFree(alp_tctx);
356  if (det_ctx != NULL)
357  DetectEngineThreadCtxDeinit(&tv, det_ctx);
358  if (de_ctx != NULL)
359  SigGroupCleanup(de_ctx);
360  if (de_ctx != NULL)
361  DetectEngineCtxFree(de_ctx);
362 
363  StreamTcpFreeConfig(true);
364  FLOW_DESTROY(&f);
365  UTHFreePacket(p1);
366  UTHFreePacket(p2);
367  UTHFreePacket(p3);
368 
369  PASS;
370 }
371 
372 static void DetectTlsSerialRegisterTests(void)
373 {
374  UtRegisterTest("DetectTlsSerialTest01", DetectTlsSerialTest01);
375  UtRegisterTest("DetectTlsSerialTest02", DetectTlsSerialTest02);
376 }
SSLState_
SSLv[2.0|3.[0|1|2|3]] state structure.
Definition: app-layer-ssl.h:288
FAIL_IF_NULL
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
Definition: util-unittest.h:89
PKT_HAS_FLOW
#define PKT_HAS_FLOW
Definition: decode.h:1003
UtRegisterTest
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
Definition: util-unittest.c:103
DETECT_CONTENT
@ DETECT_CONTENT
Definition: detect-engine-register.h:62
ALPROTO_TLS
@ ALPROTO_TLS
Definition: app-layer-protos.h:33
Packet_::pcap_cnt
uint64_t pcap_cnt
Definition: decode.h:594
Flow_::proto
uint8_t proto
Definition: flow.h:379
PacketAlertCheck
int PacketAlertCheck(Packet *p, uint32_t sid)
Check if a certain sid alerted, this is used in the test functions.
Definition: detect-engine-alert.c:141
Packet_::flags
uint32_t flags
Definition: decode.h:463
Flow_
Flow data structure.
Definition: flow.h:357
Flow_::protomap
uint8_t protomap
Definition: flow.h:451
DetectEngineCtx_
main detection engine ctx
Definition: detect.h:785
DetectEngineCtxFree
void DetectEngineCtxFree(DetectEngineCtx *)
Free a DetectEngineCtx::
Definition: detect-engine.c:2442
AppLayerParserThreadCtxFree
void AppLayerParserThreadCtxFree(AppLayerParserThreadCtx *tctx)
Destroys the app layer parser thread context obtained using AppLayerParserThreadCtxAlloc().
Definition: app-layer-parser.c:314
FLOW_PKT_TOSERVER
#define FLOW_PKT_TOSERVER
Definition: flow.h:227
DE_QUIET
#define DE_QUIET
Definition: detect.h:287
mpm_default_matcher
uint8_t mpm_default_matcher
Definition: util-mpm.c:49
SigMatchSignatures
void SigMatchSignatures(ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, Packet *p)
wrapper for old tests
Definition: detect.c:1809
DetectEngineAppendSig
Signature * DetectEngineAppendSig(DetectEngineCtx *, const char *)
Parse and append a Signature into the Detection Engine Context signature list.
Definition: detect-parse.c:2434
Packet_::flowflags
uint8_t flowflags
Definition: decode.h:459
UTHBuildPacketReal
Packet * UTHBuildPacketReal(uint8_t *payload, uint16_t payload_len, uint8_t ipproto, const char *src, const char *dst, uint16_t sport, uint16_t dport)
UTHBuildPacketReal is a function that create tcp/udp packets for unittests specifying ip and port sou...
Definition: util-unittest-helper.c:244
FLOW_IPV4
#define FLOW_IPV4
Definition: flow.h:97
FAIL_IF_NOT
#define FAIL_IF_NOT(expr)
Fail a test if expression evaluates to false.
Definition: util-unittest.h:82
StreamTcpInitConfig
void StreamTcpInitConfig(bool)
To initialize the stream global configuration data.
Definition: stream-tcp.c:356
FLOW_INITIALIZE
#define FLOW_INITIALIZE(f)
Definition: flow-util.h:40
FAIL_IF_NOT_NULL
#define FAIL_IF_NOT_NULL(expr)
Fail a test if expression evaluates to non-NULL.
Definition: util-unittest.h:96
PASS
#define PASS
Pass the test.
Definition: util-unittest.h:105
de_ctx
DetectEngineCtx * de_ctx
Definition: fuzz_siginit.c:17
DetectEngineThreadCtx_
Definition: detect.h:1025
alp_tctx
AppLayerParserThreadCtx * alp_tctx
Definition: fuzz_applayerparserparse.c:22
ThreadVars_
Per thread variable structure.
Definition: threadvars.h:57
SigMatch_::next
struct SigMatch_ * next
Definition: detect.h:317
DetectEngineCtx_::mpm_matcher
uint8_t mpm_matcher
Definition: detect.h:835
DETECT_SM_LIST_MATCH
@ DETECT_SM_LIST_MATCH
Definition: detect.h:78
SigInit
Signature * SigInit(DetectEngineCtx *de_ctx, const char *sigstr)
Parses a signature and adds it to the Detection Engine Context.
Definition: detect-parse.c:2129
app-layer-parser.h
SigGroupCleanup
int SigGroupCleanup(DetectEngineCtx *de_ctx)
Definition: detect-engine-build.c:2019
FlowGetProtoMapping
uint8_t FlowGetProtoMapping(uint8_t proto)
Function to map the protocol to the defined FLOW_PROTO_* enumeration.
Definition: flow-util.c:98
Packet_
Definition: decode.h:428
detect-engine-build.h
detect-engine-alert.h
FLOW_PKT_TOCLIENT
#define FLOW_PKT_TOCLIENT
Definition: flow.h:228
SigGroupBuild
int SigGroupBuild(DetectEngineCtx *de_ctx)
Convert the signature list into the runtime match structure.
Definition: detect-engine-build.c:1951
AppLayerParserThreadCtxAlloc
AppLayerParserThreadCtx * AppLayerParserThreadCtxAlloc(void)
Gets a new app layer protocol's parser thread context.
Definition: app-layer-parser.c:293
Packet_::flow
struct Flow_ * flow
Definition: decode.h:465
DetectEngineThreadCtxInit
TmEcode DetectEngineThreadCtxInit(ThreadVars *, void *, void **)
initialize thread specific detection engine context
Definition: detect-engine.c:3153
FAIL_IF
#define FAIL_IF(expr)
Fail a test if expression evaluates to true.
Definition: util-unittest.h:71
StreamTcpFreeConfig
void StreamTcpFreeConfig(bool quiet)
Definition: stream-tcp.c:668
AppLayerParserParse
int AppLayerParserParse(ThreadVars *tv, AppLayerParserThreadCtx *alp_tctx, Flow *f, AppProto alproto, uint8_t flags, const uint8_t *input, uint32_t input_len)
Definition: app-layer-parser.c:1323
DetectEngineThreadCtxDeinit
TmEcode DetectEngineThreadCtxDeinit(ThreadVars *, void *)
Definition: detect-engine.c:3367
SigMatch_::type
uint16_t type
Definition: detect.h:314
DetectEngineCtx_::sig_list
Signature * sig_list
Definition: detect.h:791
tv
ThreadVars * tv
Definition: fuzz_decodepcapfile.c:32
UTHFreePacket
void UTHFreePacket(Packet *p)
UTHFreePacket: function to release the allocated data from UTHBuildPacket and the packet itself.
Definition: util-unittest-helper.c:485
Flow_::alstate
void * alstate
Definition: flow.h:482
Flow_::flags
uint32_t flags
Definition: flow.h:427
Signature_
Signature container.
Definition: detect.h:540
SigMatch_
a single match condition for a signature
Definition: detect.h:313
FLOW_PKT_ESTABLISHED
#define FLOW_PKT_ESTABLISHED
Definition: flow.h:229
DetectEngineCtxInit
DetectEngineCtx * DetectEngineCtxInit(void)
Definition: detect-engine.c:2403
DetectEngineCtx_::flags
uint8_t flags
Definition: detect.h:786
AppLayerParserThreadCtx_
Definition: app-layer-parser.c:66
TcpSession_
Definition: stream-tcp-private.h:272
Flow_::alproto
AppProto alproto
application level protocol
Definition: flow.h:456
FLOW_DESTROY
#define FLOW_DESTROY(f)
Definition: flow-util.h:129
PKT_STREAM_EST
#define PKT_STREAM_EST
Definition: decode.h:1000