suricata
detect-tls-cert-subject.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2019 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Mats Klepsland <mats.klepsland@gmail.com>
22  *
23  */
24 
25 /**
26  * \test Test that a signature containing a tls.cert_subject is correctly parsed
27  * and that the keyword is registered.
28  */
29 static int DetectTlsSubjectTest01(void)
30 {
32  FAIL_IF_NULL(de_ctx);
33 
34  de_ctx->flags |= DE_QUIET;
35  de_ctx->sig_list = SigInit(de_ctx, "alert tls any any -> any any "
36  "(msg:\"Testing tls.cert_subject\"; "
37  "tls.cert_subject; content:\"test\"; sid:1;)");
38  FAIL_IF_NULL(de_ctx->sig_list);
39 
40  /* sm should not be in the MATCH list */
41  SigMatch *sm = de_ctx->sig_list->sm_lists[DETECT_SM_LIST_MATCH];
42  FAIL_IF_NOT_NULL(sm);
43 
44  sm = de_ctx->sig_list->sm_lists[g_tls_cert_subject_buffer_id];
45  FAIL_IF_NULL(sm);
46 
47  FAIL_IF(sm->type != DETECT_CONTENT);
49 
50  SigGroupCleanup(de_ctx);
51  DetectEngineCtxFree(de_ctx);
52 
53  PASS;
54 }
55 
56 /**
57  * \test Test matching for google in the subject of a certificate
58  *
59  */
60 static int DetectTlsSubjectTest02(void)
61 {
62  /* client hello */
63  uint8_t client_hello[] = {
64  0x16, 0x03, 0x01, 0x00, 0xc8, 0x01, 0x00, 0x00,
65  0xc4, 0x03, 0x03, 0xd6, 0x08, 0x5a, 0xa2, 0x86,
66  0x5b, 0x85, 0xd4, 0x40, 0xab, 0xbe, 0xc0, 0xbc,
67  0x41, 0xf2, 0x26, 0xf0, 0xfe, 0x21, 0xee, 0x8b,
68  0x4c, 0x7e, 0x07, 0xc8, 0xec, 0xd2, 0x00, 0x46,
69  0x4c, 0xeb, 0xb7, 0x00, 0x00, 0x16, 0xc0, 0x2b,
70  0xc0, 0x2f, 0xc0, 0x0a, 0xc0, 0x09, 0xc0, 0x13,
71  0xc0, 0x14, 0x00, 0x33, 0x00, 0x39, 0x00, 0x2f,
72  0x00, 0x35, 0x00, 0x0a, 0x01, 0x00, 0x00, 0x85,
73  0x00, 0x00, 0x00, 0x12, 0x00, 0x10, 0x00, 0x00,
74  0x0d, 0x77, 0x77, 0x77, 0x2e, 0x67, 0x6f, 0x6f,
75  0x67, 0x6c, 0x65, 0x2e, 0x6e, 0x6f, 0xff, 0x01,
76  0x00, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x08, 0x00,
77  0x06, 0x00, 0x17, 0x00, 0x18, 0x00, 0x19, 0x00,
78  0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x23, 0x00,
79  0x00, 0x33, 0x74, 0x00, 0x00, 0x00, 0x10, 0x00,
80  0x29, 0x00, 0x27, 0x05, 0x68, 0x32, 0x2d, 0x31,
81  0x36, 0x05, 0x68, 0x32, 0x2d, 0x31, 0x35, 0x05,
82  0x68, 0x32, 0x2d, 0x31, 0x34, 0x02, 0x68, 0x32,
83  0x08, 0x73, 0x70, 0x64, 0x79, 0x2f, 0x33, 0x2e,
84  0x31, 0x08, 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31,
85  0x2e, 0x31, 0x00, 0x05, 0x00, 0x05, 0x01, 0x00,
86  0x00, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x16, 0x00,
87  0x14, 0x04, 0x01, 0x05, 0x01, 0x06, 0x01, 0x02,
88  0x01, 0x04, 0x03, 0x05, 0x03, 0x06, 0x03, 0x02,
89  0x03, 0x04, 0x02, 0x02, 0x02
90  };
91 
92  /* server hello */
93  uint8_t server_hello[] = {
94  0x16, 0x03, 0x03, 0x00, 0x48, 0x02, 0x00, 0x00,
95  0x44, 0x03, 0x03, 0x57, 0x91, 0xb8, 0x63, 0xdd,
96  0xdb, 0xbb, 0x23, 0xcf, 0x0b, 0x43, 0x02, 0x1d,
97  0x46, 0x11, 0x27, 0x5c, 0x98, 0xcf, 0x67, 0xe1,
98  0x94, 0x3d, 0x62, 0x7d, 0x38, 0x48, 0x21, 0x23,
99  0xa5, 0x62, 0x31, 0x00, 0xc0, 0x2f, 0x00, 0x00,
100  0x1c, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x00,
101  0x00, 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x10,
102  0x00, 0x05, 0x00, 0x03, 0x02, 0x68, 0x32, 0x00,
103  0x0b, 0x00, 0x02, 0x01, 0x00
104  };
105 
106  /* certificate */
107  uint8_t certificate[] = {
108  0x16, 0x03, 0x03, 0x04, 0x93, 0x0b, 0x00, 0x04,
109  0x8f, 0x00, 0x04, 0x8c, 0x00, 0x04, 0x89, 0x30,
110  0x82, 0x04, 0x85, 0x30, 0x82, 0x03, 0x6d, 0xa0,
111  0x03, 0x02, 0x01, 0x02, 0x02, 0x08, 0x5c, 0x19,
112  0xb7, 0xb1, 0x32, 0x3b, 0x1c, 0xa1, 0x30, 0x0d,
113  0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
114  0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x49, 0x31,
115  0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06,
116  0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11,
117  0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0a, 0x47,
118  0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x20, 0x49, 0x6e,
119  0x63, 0x31, 0x25, 0x30, 0x23, 0x06, 0x03, 0x55,
120  0x04, 0x03, 0x13, 0x1c, 0x47, 0x6f, 0x6f, 0x67,
121  0x6c, 0x65, 0x20, 0x49, 0x6e, 0x74, 0x65, 0x72,
122  0x6e, 0x65, 0x74, 0x20, 0x41, 0x75, 0x74, 0x68,
123  0x6f, 0x72, 0x69, 0x74, 0x79, 0x20, 0x47, 0x32,
124  0x30, 0x1e, 0x17, 0x0d, 0x31, 0x36, 0x30, 0x37,
125  0x31, 0x33, 0x31, 0x33, 0x32, 0x34, 0x35, 0x32,
126  0x5a, 0x17, 0x0d, 0x31, 0x36, 0x31, 0x30, 0x30,
127  0x35, 0x31, 0x33, 0x31, 0x36, 0x30, 0x30, 0x5a,
128  0x30, 0x65, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03,
129  0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31,
130  0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08,
131  0x0c, 0x0a, 0x43, 0x61, 0x6c, 0x69, 0x66, 0x6f,
132  0x72, 0x6e, 0x69, 0x61, 0x31, 0x16, 0x30, 0x14,
133  0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x0d, 0x4d,
134  0x6f, 0x75, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x20,
135  0x56, 0x69, 0x65, 0x77, 0x31, 0x13, 0x30, 0x11,
136  0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0a, 0x47,
137  0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x20, 0x49, 0x6e,
138  0x63, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55,
139  0x04, 0x03, 0x0c, 0x0b, 0x2a, 0x2e, 0x67, 0x6f,
140  0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x6e, 0x6f, 0x30,
141  0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a,
142  0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
143  0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30,
144  0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00,
145  0xa5, 0x0a, 0xb9, 0xb1, 0xca, 0x36, 0xd1, 0xae,
146  0x22, 0x38, 0x07, 0x06, 0xc9, 0x1a, 0x56, 0x4f,
147  0xbb, 0xdf, 0xa8, 0x6d, 0xbd, 0xee, 0x76, 0x16,
148  0xbc, 0x53, 0x3c, 0x03, 0x6a, 0x5c, 0x94, 0x50,
149  0x87, 0x2f, 0x28, 0xb4, 0x4e, 0xd5, 0x9b, 0x8f,
150  0xfe, 0x02, 0xde, 0x2a, 0x83, 0x01, 0xf9, 0x45,
151  0x61, 0x0e, 0x66, 0x0e, 0x24, 0x22, 0xe2, 0x59,
152  0x66, 0x0d, 0xd3, 0xe9, 0x77, 0x8a, 0x7e, 0x42,
153  0xaa, 0x5a, 0xf9, 0x05, 0xbf, 0x30, 0xc7, 0x03,
154  0x2b, 0xdc, 0xa6, 0x9c, 0xe0, 0x9f, 0x0d, 0xf1,
155  0x28, 0x19, 0xf8, 0xf2, 0x02, 0xfa, 0xbd, 0x62,
156  0xa0, 0xf3, 0x02, 0x2b, 0xcd, 0xf7, 0x09, 0x04,
157  0x3b, 0x52, 0xd8, 0x65, 0x4b, 0x4a, 0x70, 0xe4,
158  0x57, 0xc9, 0x2e, 0x2a, 0xf6, 0x9c, 0x6e, 0xd8,
159  0xde, 0x01, 0x52, 0xc9, 0x6f, 0xe9, 0xef, 0x82,
160  0xbc, 0x0b, 0x95, 0xb2, 0xef, 0xcb, 0x91, 0xa6,
161  0x0b, 0x2d, 0x14, 0xc6, 0x00, 0xa9, 0x33, 0x86,
162  0x64, 0x00, 0xd4, 0x92, 0x19, 0x53, 0x3d, 0xfd,
163  0xcd, 0xc6, 0x1a, 0xf2, 0x0e, 0x67, 0xc2, 0x1d,
164  0x2c, 0xe0, 0xe8, 0x29, 0x97, 0x1c, 0xb6, 0xc4,
165  0xb2, 0x02, 0x0c, 0x83, 0xb8, 0x60, 0x61, 0xf5,
166  0x61, 0x2d, 0x73, 0x5e, 0x85, 0x4d, 0xbd, 0x0d,
167  0xe7, 0x1a, 0x37, 0x56, 0x8d, 0xe5, 0x50, 0x0c,
168  0xc9, 0x64, 0x4c, 0x11, 0xea, 0xf3, 0xcb, 0x26,
169  0x34, 0xbd, 0x02, 0xf5, 0xc1, 0xfb, 0xa2, 0xec,
170  0x27, 0xbb, 0x60, 0xbe, 0x0b, 0xf6, 0xe7, 0x3c,
171  0x2d, 0xc9, 0xe7, 0xb0, 0x30, 0x28, 0x17, 0x3d,
172  0x90, 0xf1, 0x63, 0x8e, 0x49, 0xf7, 0x15, 0x78,
173  0x21, 0xcc, 0x45, 0xe6, 0x86, 0xb2, 0xd8, 0xb0,
174  0x2e, 0x5a, 0xb0, 0x58, 0xd3, 0xb6, 0x11, 0x40,
175  0xae, 0x81, 0x1f, 0x6b, 0x7a, 0xaf, 0x40, 0x50,
176  0xf9, 0x2e, 0x81, 0x8b, 0xec, 0x26, 0x11, 0x3f,
177  0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01,
178  0x53, 0x30, 0x82, 0x01, 0x4f, 0x30, 0x1d, 0x06,
179  0x03, 0x55, 0x1d, 0x25, 0x04, 0x16, 0x30, 0x14,
180  0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07,
181  0x03, 0x01, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05,
182  0x05, 0x07, 0x03, 0x02, 0x30, 0x21, 0x06, 0x03,
183  0x55, 0x1d, 0x11, 0x04, 0x1a, 0x30, 0x18, 0x82,
184  0x0b, 0x2a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
185  0x65, 0x2e, 0x6e, 0x6f, 0x82, 0x09, 0x67, 0x6f,
186  0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x6e, 0x6f, 0x30,
187  0x68, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05,
188  0x07, 0x01, 0x01, 0x04, 0x5c, 0x30, 0x5a, 0x30,
189  0x2b, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05,
190  0x07, 0x30, 0x02, 0x86, 0x1f, 0x68, 0x74, 0x74,
191  0x70, 0x3a, 0x2f, 0x2f, 0x70, 0x6b, 0x69, 0x2e,
192  0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63,
193  0x6f, 0x6d, 0x2f, 0x47, 0x49, 0x41, 0x47, 0x32,
194  0x2e, 0x63, 0x72, 0x74, 0x30, 0x2b, 0x06, 0x08,
195  0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01,
196  0x86, 0x1f, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f,
197  0x2f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x73,
198  0x31, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
199  0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x63, 0x73,
200  0x70, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e,
201  0x04, 0x16, 0x04, 0x14, 0xc6, 0x53, 0x87, 0x42,
202  0x2d, 0xc8, 0xee, 0x7a, 0x62, 0x1e, 0x83, 0xdb,
203  0x0d, 0xe2, 0x32, 0xeb, 0x8b, 0xaf, 0x69, 0x40,
204  0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01,
205  0x01, 0xff, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1f,
206  0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30,
207  0x16, 0x80, 0x14, 0x4a, 0xdd, 0x06, 0x16, 0x1b,
208  0xbc, 0xf6, 0x68, 0xb5, 0x76, 0xf5, 0x81, 0xb6,
209  0xbb, 0x62, 0x1a, 0xba, 0x5a, 0x81, 0x2f, 0x30,
210  0x21, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x1a,
211  0x30, 0x18, 0x30, 0x0c, 0x06, 0x0a, 0x2b, 0x06,
212  0x01, 0x04, 0x01, 0xd6, 0x79, 0x02, 0x05, 0x01,
213  0x30, 0x08, 0x06, 0x06, 0x67, 0x81, 0x0c, 0x01,
214  0x02, 0x02, 0x30, 0x30, 0x06, 0x03, 0x55, 0x1d,
215  0x1f, 0x04, 0x29, 0x30, 0x27, 0x30, 0x25, 0xa0,
216  0x23, 0xa0, 0x21, 0x86, 0x1f, 0x68, 0x74, 0x74,
217  0x70, 0x3a, 0x2f, 0x2f, 0x70, 0x6b, 0x69, 0x2e,
218  0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63,
219  0x6f, 0x6d, 0x2f, 0x47, 0x49, 0x41, 0x47, 0x32,
220  0x2e, 0x63, 0x72, 0x6c, 0x30, 0x0d, 0x06, 0x09,
221  0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
222  0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00,
223  0x7b, 0x27, 0x00, 0x46, 0x8f, 0xfd, 0x5b, 0xff,
224  0xcb, 0x05, 0x9b, 0xf7, 0xf1, 0x68, 0xf6, 0x9a,
225  0x7b, 0xba, 0x53, 0xdf, 0x63, 0xed, 0x11, 0x94,
226  0x39, 0xf2, 0xd0, 0x20, 0xcd, 0xa3, 0xc4, 0x98,
227  0xa5, 0x10, 0x74, 0xe7, 0x10, 0x6d, 0x07, 0xf8,
228  0x33, 0x87, 0x05, 0x43, 0x0e, 0x64, 0x77, 0x09,
229  0x18, 0x4f, 0x38, 0x2e, 0x45, 0xae, 0xa8, 0x34,
230  0x3a, 0xa8, 0x33, 0xac, 0x9d, 0xdd, 0x25, 0x91,
231  0x59, 0x43, 0xbe, 0x0f, 0x87, 0x16, 0x2f, 0xb5,
232  0x27, 0xfd, 0xce, 0x2f, 0x35, 0x5d, 0x12, 0xa1,
233  0x66, 0xac, 0xf7, 0x95, 0x38, 0x0f, 0xe5, 0xb1,
234  0x18, 0x18, 0xe6, 0x80, 0x52, 0x31, 0x8a, 0x66,
235  0x02, 0x52, 0x1a, 0xa4, 0x32, 0x6a, 0x61, 0x05,
236  0xcf, 0x1d, 0xf9, 0x90, 0x73, 0xf0, 0xeb, 0x20,
237  0x31, 0x7b, 0x2e, 0xc0, 0xb0, 0xfb, 0x5c, 0xcc,
238  0xdc, 0x76, 0x55, 0x72, 0xaf, 0xb1, 0x05, 0xf4,
239  0xad, 0xf9, 0xd7, 0x73, 0x5c, 0x2c, 0xbf, 0x0d,
240  0x84, 0x18, 0x01, 0x1d, 0x4d, 0x08, 0xa9, 0x4e,
241  0x37, 0xb7, 0x58, 0xc4, 0x05, 0x0e, 0x65, 0x63,
242  0xd2, 0x88, 0x02, 0xf5, 0x82, 0x17, 0x08, 0xd5,
243  0x8f, 0x80, 0xc7, 0x82, 0x29, 0xbb, 0xe1, 0x04,
244  0xbe, 0xf6, 0xe1, 0x8c, 0xbc, 0x3a, 0xf8, 0xf9,
245  0x56, 0xda, 0xdc, 0x8e, 0xc6, 0xe6, 0x63, 0x98,
246  0x12, 0x08, 0x41, 0x2c, 0x9d, 0x7c, 0x82, 0x0d,
247  0x1e, 0xea, 0xba, 0xde, 0x32, 0x09, 0xda, 0x52,
248  0x24, 0x4f, 0xcc, 0xb6, 0x09, 0x33, 0x8b, 0x00,
249  0xf9, 0x83, 0xb3, 0xc6, 0xa4, 0x90, 0x49, 0x83,
250  0x2d, 0x36, 0xd9, 0x11, 0x78, 0xd0, 0x62, 0x9f,
251  0xc4, 0x8f, 0x84, 0xba, 0x7f, 0xaa, 0x04, 0xf1,
252  0xd9, 0xa4, 0xad, 0x5d, 0x63, 0xee, 0x72, 0xc6,
253  0x4d, 0xd1, 0x4b, 0x41, 0x8f, 0x40, 0x0f, 0x7d,
254  0xcd, 0xb8, 0x2e, 0x5b, 0x6e, 0x21, 0xc9, 0x3d
255  };
256 
257  Flow f;
258  SSLState *ssl_state = NULL;
259  TcpSession ssn;
260  Packet *p1 = NULL;
261  Packet *p2 = NULL;
262  Packet *p3 = NULL;
263  ThreadVars tv;
264  DetectEngineThreadCtx *det_ctx = NULL;
266 
267  memset(&tv, 0, sizeof(ThreadVars));
268  memset(&f, 0, sizeof(Flow));
269  memset(&ssn, 0, sizeof(TcpSession));
270 
271  p1 = UTHBuildPacketReal(client_hello, sizeof(client_hello), IPPROTO_TCP,
272  "192.168.1.5", "192.168.1.1", 51251, 443);
273  p2 = UTHBuildPacketReal(server_hello, sizeof(server_hello), IPPROTO_TCP,
274  "192.168.1.1", "192.168.1.5", 443, 51251);
275  p3 = UTHBuildPacketReal(certificate, sizeof(certificate), IPPROTO_TCP,
276  "192.168.1.1", "192.168.1.5", 443, 51251);
277 
278  FLOW_INITIALIZE(&f);
279  f.flags |= FLOW_IPV4;
280  f.proto = IPPROTO_TCP;
282  f.alproto = ALPROTO_TLS;
283 
284  p1->flow = &f;
288  p1->pcap_cnt = 1;
289 
290  p2->flow = &f;
294  p2->pcap_cnt = 2;
295 
296  p3->flow = &f;
300  p3->pcap_cnt = 3;
301 
303 
305  FAIL_IF_NULL(de_ctx);
306 
308  de_ctx->flags |= DE_QUIET;
309 
310  Signature *s = DetectEngineAppendSig(de_ctx, "alert tls any any -> any any "
311  "(msg:\"Test tls.cert_subject\"; "
312  "tls.cert_subject; content:\"google\"; nocase; "
313  "sid:1;)");
314  FAIL_IF_NULL(s);
315 
316  SigGroupBuild(de_ctx);
317  DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
318 
319  int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS,
320  STREAM_TOSERVER, client_hello,
321  sizeof(client_hello));
322 
323  FAIL_IF(r != 0);
324 
325  ssl_state = f.alstate;
326  FAIL_IF_NULL(ssl_state);
327 
328  SigMatchSignatures(&tv, de_ctx, det_ctx, p1);
329 
330  FAIL_IF(PacketAlertCheck(p1, 1));
331 
332  r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, STREAM_TOCLIENT,
333  server_hello, sizeof(server_hello));
334 
335  FAIL_IF(r != 0);
336 
337  SigMatchSignatures(&tv, de_ctx, det_ctx, p2);
338 
339  FAIL_IF(PacketAlertCheck(p2, 1));
340 
341  r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, STREAM_TOCLIENT,
342  certificate, sizeof(certificate));
343 
344  FAIL_IF(r != 0);
345 
346  SigMatchSignatures(&tv, de_ctx, det_ctx, p3);
347 
349 
350  if (alp_tctx != NULL)
351  AppLayerParserThreadCtxFree(alp_tctx);
352  if (det_ctx != NULL)
353  DetectEngineThreadCtxDeinit(&tv, det_ctx);
354  if (de_ctx != NULL)
355  SigGroupCleanup(de_ctx);
356  if (de_ctx != NULL)
357  DetectEngineCtxFree(de_ctx);
358 
360  FLOW_DESTROY(&f);
361  UTHFreePacket(p1);
362  UTHFreePacket(p2);
363  UTHFreePacket(p3);
364 
365  PASS;
366 }
367 
368 static void DetectTlsSubjectRegisterTests(void)
369 {
370  UtRegisterTest("DetectTlsSubjectTest01", DetectTlsSubjectTest01);
371  UtRegisterTest("DetectTlsSubjectTest02", DetectTlsSubjectTest02);
372 }
Signature * DetectEngineAppendSig(DetectEngineCtx *de_ctx, const char *sigstr)
Parse and append a Signature into the Detection Engine Context signature list.
struct Flow_ * flow
Definition: decode.h:445
int PacketAlertCheck(Packet *p, uint32_t sid)
Check if a certain sid alerted, this is used in the test functions.
uint8_t proto
Definition: flow.h:344
#define PASS
Pass the test.
Signature * SigInit(DetectEngineCtx *, const char *)
Parses a signature and adds it to the Detection Engine Context.
Signature * sig_list
Definition: detect.h:767
#define FAIL_IF(expr)
Fail a test if expression evaluates to false.
Definition: util-unittest.h:71
void AppLayerParserThreadCtxFree(AppLayerParserThreadCtx *tctx)
Destroys the app layer parser thread context obtained using AppLayerParserThreadCtxAlloc().
uint8_t FlowGetProtoMapping(uint8_t proto)
Function to map the protocol to the defined FLOW_PROTO_* enumeration.
Definition: flow-util.c:95
#define FLOW_PKT_ESTABLISHED
Definition: flow.h:203
void StreamTcpFreeConfig(char quiet)
Definition: stream-tcp.c:669
uint64_t pcap_cnt
Definition: decode.h:561
TmEcode DetectEngineThreadCtxInit(ThreadVars *, void *, void **)
initialize thread specific detection engine context
Signature container.
Definition: detect.h:522
#define TRUE
struct SigMatch_ * next
Definition: detect.h:322
main detection engine ctx
Definition: detect.h:761
TmEcode DetectEngineThreadCtxDeinit(ThreadVars *, void *)
SSLv[2.0|3.[0|1|2|3]] state structure.
void * alstate
Definition: flow.h:438
#define DE_QUIET
Definition: detect.h:292
uint8_t flags
Definition: detect.h:762
#define FLOW_DESTROY(f)
Definition: flow-util.h:121
int SigGroupBuild(DetectEngineCtx *de_ctx)
Convert the signature list into the runtime match structure.
uint16_t mpm_matcher
Definition: detect.h:810
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
void SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, Packet *p)
wrapper for old tests
Definition: detect.c:1669
void StreamTcpInitConfig(char)
To initialize the stream global configuration data.
Definition: stream-tcp.c:365
Packet * UTHBuildPacketReal(uint8_t *payload, uint16_t payload_len, uint8_t ipproto, const char *src, const char *dst, uint16_t sport, uint16_t dport)
UTHBuildPacketReal is a function that create tcp/udp packets for unittests specifying ip and port sou...
uint8_t flowflags
Definition: decode.h:439
#define STREAM_TOCLIENT
Definition: stream.h:32
#define FLOW_PKT_TOSERVER
Definition: flow.h:201
AppLayerParserThreadCtx * AppLayerParserThreadCtxAlloc(void)
Gets a new app layer protocol&#39;s parser thread context.
#define FAIL_IF_NOT_NULL(expr)
Fail a test if expression evaluates to non-NULL.
Definition: util-unittest.h:96
int SigGroupCleanup(DetectEngineCtx *de_ctx)
uint8_t type
Definition: detect.h:319
int mpm_default_matcher
Definition: util-mpm.h:170
int AppLayerParserParse(ThreadVars *tv, AppLayerParserThreadCtx *alp_tctx, Flow *f, AppProto alproto, uint8_t flags, const uint8_t *input, uint32_t input_len)
#define FLOW_INITIALIZE(f)
Definition: flow-util.h:39
#define STREAM_TOSERVER
Definition: stream.h:31
void UTHFreePacket(Packet *p)
UTHFreePacket: function to release the allocated data from UTHBuildPacket and the packet itself...
#define PKT_HAS_FLOW
Definition: decode.h:1093
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
Definition: util-unittest.h:89
Per thread variable structure.
Definition: threadvars.h:57
#define FLOW_PKT_TOCLIENT
Definition: flow.h:202
AppProto alproto
application level protocol
Definition: flow.h:409
uint32_t flags
Definition: decode.h:443
void DetectEngineCtxFree(DetectEngineCtx *)
Free a DetectEngineCtx::
uint8_t protomap
Definition: flow.h:404
Flow data structure.
Definition: flow.h:325
#define FLOW_IPV4
Definition: flow.h:94
uint32_t flags
Definition: flow.h:379
#define PKT_STREAM_EST
Definition: decode.h:1091
a single match condition for a signature
Definition: detect.h:318
#define FAIL_IF_NOT(expr)
Fail a test if expression to true.
Definition: util-unittest.h:82
DetectEngineCtx * DetectEngineCtxInit(void)