suricata
detect-tls-certs.c
Go to the documentation of this file.
1 /* Copyright (C) 2019 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Mats Klepsland <mats.klepsland@gmail.com>
22  *
23  */
24 
25 /**
26  * \test Test that a signature containing tls.certs is correctly parsed
27  * and that the keyword is registred.
28  */
29 static int DetectTlsCertsTest01(void)
30 {
32  FAIL_IF_NULL(de_ctx);
33 
34  de_ctx->flags |= DE_QUIET;
35  de_ctx->sig_list = SigInit(de_ctx, "alert tls any any -> any any "
36  "(msg:\"Testing tls.certs\"; tls.certs; "
37  "content:\"|01 02 03 04 05|\"; sid:1;)");
38  FAIL_IF_NULL(de_ctx->sig_list);
39 
40  /* sm should not be in the MATCH list */
41  SigMatch *sm = de_ctx->sig_list->sm_lists[DETECT_SM_LIST_MATCH];
42  FAIL_IF_NOT_NULL(sm);
43 
44  sm = de_ctx->sig_list->sm_lists[g_tls_certs_buffer_id];
45  FAIL_IF_NULL(sm);
46 
47  FAIL_IF(sm->type != DETECT_CONTENT);
49 
50  SigCleanSignatures(de_ctx);
51  DetectEngineCtxFree(de_ctx);
52 
53  PASS;
54 }
55 
56 /**
57  * \test Test matching on bytes in a certificate
58  */
59 static int DetectTlsCertsTest02(void)
60 {
61  /* client hello */
62  uint8_t client_hello[] = {
63  0x16, 0x03, 0x01, 0x00, 0xc8, 0x01, 0x00, 0x00,
64  0xc4, 0x03, 0x03, 0xd6, 0x08, 0x5a, 0xa2, 0x86,
65  0x5b, 0x85, 0xd4, 0x40, 0xab, 0xbe, 0xc0, 0xbc,
66  0x41, 0xf2, 0x26, 0xf0, 0xfe, 0x21, 0xee, 0x8b,
67  0x4c, 0x7e, 0x07, 0xc8, 0xec, 0xd2, 0x00, 0x46,
68  0x4c, 0xeb, 0xb7, 0x00, 0x00, 0x16, 0xc0, 0x2b,
69  0xc0, 0x2f, 0xc0, 0x0a, 0xc0, 0x09, 0xc0, 0x13,
70  0xc0, 0x14, 0x00, 0x33, 0x00, 0x39, 0x00, 0x2f,
71  0x00, 0x35, 0x00, 0x0a, 0x01, 0x00, 0x00, 0x85,
72  0x00, 0x00, 0x00, 0x12, 0x00, 0x10, 0x00, 0x00,
73  0x0d, 0x77, 0x77, 0x77, 0x2e, 0x67, 0x6f, 0x6f,
74  0x67, 0x6c, 0x65, 0x2e, 0x6e, 0x6f, 0xff, 0x01,
75  0x00, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x08, 0x00,
76  0x06, 0x00, 0x17, 0x00, 0x18, 0x00, 0x19, 0x00,
77  0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x23, 0x00,
78  0x00, 0x33, 0x74, 0x00, 0x00, 0x00, 0x10, 0x00,
79  0x29, 0x00, 0x27, 0x05, 0x68, 0x32, 0x2d, 0x31,
80  0x36, 0x05, 0x68, 0x32, 0x2d, 0x31, 0x35, 0x05,
81  0x68, 0x32, 0x2d, 0x31, 0x34, 0x02, 0x68, 0x32,
82  0x08, 0x73, 0x70, 0x64, 0x79, 0x2f, 0x33, 0x2e,
83  0x31, 0x08, 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31,
84  0x2e, 0x31, 0x00, 0x05, 0x00, 0x05, 0x01, 0x00,
85  0x00, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x16, 0x00,
86  0x14, 0x04, 0x01, 0x05, 0x01, 0x06, 0x01, 0x02,
87  0x01, 0x04, 0x03, 0x05, 0x03, 0x06, 0x03, 0x02,
88  0x03, 0x04, 0x02, 0x02, 0x02
89  };
90 
91  /* server hello */
92  uint8_t server_hello[] = {
93  0x16, 0x03, 0x03, 0x00, 0x48, 0x02, 0x00, 0x00,
94  0x44, 0x03, 0x03, 0x57, 0x91, 0xb8, 0x63, 0xdd,
95  0xdb, 0xbb, 0x23, 0xcf, 0x0b, 0x43, 0x02, 0x1d,
96  0x46, 0x11, 0x27, 0x5c, 0x98, 0xcf, 0x67, 0xe1,
97  0x94, 0x3d, 0x62, 0x7d, 0x38, 0x48, 0x21, 0x23,
98  0xa5, 0x62, 0x31, 0x00, 0xc0, 0x2f, 0x00, 0x00,
99  0x1c, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x00,
100  0x00, 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x10,
101  0x00, 0x05, 0x00, 0x03, 0x02, 0x68, 0x32, 0x00,
102  0x0b, 0x00, 0x02, 0x01, 0x00
103  };
104 
105  /* certificate */
106  uint8_t certificate[] = {
107  0x16, 0x03, 0x03, 0x04, 0x93, 0x0b, 0x00, 0x04,
108  0x8f, 0x00, 0x04, 0x8c, 0x00, 0x04, 0x89, 0x30,
109  0x82, 0x04, 0x85, 0x30, 0x82, 0x03, 0x6d, 0xa0,
110  0x03, 0x02, 0x01, 0x02, 0x02, 0x08, 0x5c, 0x19,
111  0xb7, 0xb1, 0x32, 0x3b, 0x1c, 0xa1, 0x30, 0x0d,
112  0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
113  0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x49, 0x31,
114  0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06,
115  0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11,
116  0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0a, 0x47,
117  0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x20, 0x49, 0x6e,
118  0x63, 0x31, 0x25, 0x30, 0x23, 0x06, 0x03, 0x55,
119  0x04, 0x03, 0x13, 0x1c, 0x47, 0x6f, 0x6f, 0x67,
120  0x6c, 0x65, 0x20, 0x49, 0x6e, 0x74, 0x65, 0x72,
121  0x6e, 0x65, 0x74, 0x20, 0x41, 0x75, 0x74, 0x68,
122  0x6f, 0x72, 0x69, 0x74, 0x79, 0x20, 0x47, 0x32,
123  0x30, 0x1e, 0x17, 0x0d, 0x31, 0x36, 0x30, 0x37,
124  0x31, 0x33, 0x31, 0x33, 0x32, 0x34, 0x35, 0x32,
125  0x5a, 0x17, 0x0d, 0x31, 0x36, 0x31, 0x30, 0x30,
126  0x35, 0x31, 0x33, 0x31, 0x36, 0x30, 0x30, 0x5a,
127  0x30, 0x65, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03,
128  0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31,
129  0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08,
130  0x0c, 0x0a, 0x43, 0x61, 0x6c, 0x69, 0x66, 0x6f,
131  0x72, 0x6e, 0x69, 0x61, 0x31, 0x16, 0x30, 0x14,
132  0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x0d, 0x4d,
133  0x6f, 0x75, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x20,
134  0x56, 0x69, 0x65, 0x77, 0x31, 0x13, 0x30, 0x11,
135  0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0a, 0x47,
136  0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x20, 0x49, 0x6e,
137  0x63, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55,
138  0x04, 0x03, 0x0c, 0x0b, 0x2a, 0x2e, 0x67, 0x6f,
139  0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x6e, 0x6f, 0x30,
140  0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a,
141  0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
142  0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30,
143  0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00,
144  0xa5, 0x0a, 0xb9, 0xb1, 0xca, 0x36, 0xd1, 0xae,
145  0x22, 0x38, 0x07, 0x06, 0xc9, 0x1a, 0x56, 0x4f,
146  0xbb, 0xdf, 0xa8, 0x6d, 0xbd, 0xee, 0x76, 0x16,
147  0xbc, 0x53, 0x3c, 0x03, 0x6a, 0x5c, 0x94, 0x50,
148  0x87, 0x2f, 0x28, 0xb4, 0x4e, 0xd5, 0x9b, 0x8f,
149  0xfe, 0x02, 0xde, 0x2a, 0x83, 0x01, 0xf9, 0x45,
150  0x61, 0x0e, 0x66, 0x0e, 0x24, 0x22, 0xe2, 0x59,
151  0x66, 0x0d, 0xd3, 0xe9, 0x77, 0x8a, 0x7e, 0x42,
152  0xaa, 0x5a, 0xf9, 0x05, 0xbf, 0x30, 0xc7, 0x03,
153  0x2b, 0xdc, 0xa6, 0x9c, 0xe0, 0x9f, 0x0d, 0xf1,
154  0x28, 0x19, 0xf8, 0xf2, 0x02, 0xfa, 0xbd, 0x62,
155  0xa0, 0xf3, 0x02, 0x2b, 0xcd, 0xf7, 0x09, 0x04,
156  0x3b, 0x52, 0xd8, 0x65, 0x4b, 0x4a, 0x70, 0xe4,
157  0x57, 0xc9, 0x2e, 0x2a, 0xf6, 0x9c, 0x6e, 0xd8,
158  0xde, 0x01, 0x52, 0xc9, 0x6f, 0xe9, 0xef, 0x82,
159  0xbc, 0x0b, 0x95, 0xb2, 0xef, 0xcb, 0x91, 0xa6,
160  0x0b, 0x2d, 0x14, 0xc6, 0x00, 0xa9, 0x33, 0x86,
161  0x64, 0x00, 0xd4, 0x92, 0x19, 0x53, 0x3d, 0xfd,
162  0xcd, 0xc6, 0x1a, 0xf2, 0x0e, 0x67, 0xc2, 0x1d,
163  0x2c, 0xe0, 0xe8, 0x29, 0x97, 0x1c, 0xb6, 0xc4,
164  0xb2, 0x02, 0x0c, 0x83, 0xb8, 0x60, 0x61, 0xf5,
165  0x61, 0x2d, 0x73, 0x5e, 0x85, 0x4d, 0xbd, 0x0d,
166  0xe7, 0x1a, 0x37, 0x56, 0x8d, 0xe5, 0x50, 0x0c,
167  0xc9, 0x64, 0x4c, 0x11, 0xea, 0xf3, 0xcb, 0x26,
168  0x34, 0xbd, 0x02, 0xf5, 0xc1, 0xfb, 0xa2, 0xec,
169  0x27, 0xbb, 0x60, 0xbe, 0x0b, 0xf6, 0xe7, 0x3c,
170  0x2d, 0xc9, 0xe7, 0xb0, 0x30, 0x28, 0x17, 0x3d,
171  0x90, 0xf1, 0x63, 0x8e, 0x49, 0xf7, 0x15, 0x78,
172  0x21, 0xcc, 0x45, 0xe6, 0x86, 0xb2, 0xd8, 0xb0,
173  0x2e, 0x5a, 0xb0, 0x58, 0xd3, 0xb6, 0x11, 0x40,
174  0xae, 0x81, 0x1f, 0x6b, 0x7a, 0xaf, 0x40, 0x50,
175  0xf9, 0x2e, 0x81, 0x8b, 0xec, 0x26, 0x11, 0x3f,
176  0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01,
177  0x53, 0x30, 0x82, 0x01, 0x4f, 0x30, 0x1d, 0x06,
178  0x03, 0x55, 0x1d, 0x25, 0x04, 0x16, 0x30, 0x14,
179  0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07,
180  0x03, 0x01, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05,
181  0x05, 0x07, 0x03, 0x02, 0x30, 0x21, 0x06, 0x03,
182  0x55, 0x1d, 0x11, 0x04, 0x1a, 0x30, 0x18, 0x82,
183  0x0b, 0x2a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
184  0x65, 0x2e, 0x6e, 0x6f, 0x82, 0x09, 0x67, 0x6f,
185  0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x6e, 0x6f, 0x30,
186  0x68, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05,
187  0x07, 0x01, 0x01, 0x04, 0x5c, 0x30, 0x5a, 0x30,
188  0x2b, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05,
189  0x07, 0x30, 0x02, 0x86, 0x1f, 0x68, 0x74, 0x74,
190  0x70, 0x3a, 0x2f, 0x2f, 0x70, 0x6b, 0x69, 0x2e,
191  0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63,
192  0x6f, 0x6d, 0x2f, 0x47, 0x49, 0x41, 0x47, 0x32,
193  0x2e, 0x63, 0x72, 0x74, 0x30, 0x2b, 0x06, 0x08,
194  0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01,
195  0x86, 0x1f, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f,
196  0x2f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x73,
197  0x31, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
198  0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x63, 0x73,
199  0x70, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e,
200  0x04, 0x16, 0x04, 0x14, 0xc6, 0x53, 0x87, 0x42,
201  0x2d, 0xc8, 0xee, 0x7a, 0x62, 0x1e, 0x83, 0xdb,
202  0x0d, 0xe2, 0x32, 0xeb, 0x8b, 0xaf, 0x69, 0x40,
203  0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01,
204  0x01, 0xff, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1f,
205  0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30,
206  0x16, 0x80, 0x14, 0x4a, 0xdd, 0x06, 0x16, 0x1b,
207  0xbc, 0xf6, 0x68, 0xb5, 0x76, 0xf5, 0x81, 0xb6,
208  0xbb, 0x62, 0x1a, 0xba, 0x5a, 0x81, 0x2f, 0x30,
209  0x21, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x1a,
210  0x30, 0x18, 0x30, 0x0c, 0x06, 0x0a, 0x2b, 0x06,
211  0x01, 0x04, 0x01, 0xd6, 0x79, 0x02, 0x05, 0x01,
212  0x30, 0x08, 0x06, 0x06, 0x67, 0x81, 0x0c, 0x01,
213  0x02, 0x02, 0x30, 0x30, 0x06, 0x03, 0x55, 0x1d,
214  0x1f, 0x04, 0x29, 0x30, 0x27, 0x30, 0x25, 0xa0,
215  0x23, 0xa0, 0x21, 0x86, 0x1f, 0x68, 0x74, 0x74,
216  0x70, 0x3a, 0x2f, 0x2f, 0x70, 0x6b, 0x69, 0x2e,
217  0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63,
218  0x6f, 0x6d, 0x2f, 0x47, 0x49, 0x41, 0x47, 0x32,
219  0x2e, 0x63, 0x72, 0x6c, 0x30, 0x0d, 0x06, 0x09,
220  0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
221  0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00,
222  0x7b, 0x27, 0x00, 0x46, 0x8f, 0xfd, 0x5b, 0xff,
223  0xcb, 0x05, 0x9b, 0xf7, 0xf1, 0x68, 0xf6, 0x9a,
224  0x7b, 0xba, 0x53, 0xdf, 0x63, 0xed, 0x11, 0x94,
225  0x39, 0xf2, 0xd0, 0x20, 0xcd, 0xa3, 0xc4, 0x98,
226  0xa5, 0x10, 0x74, 0xe7, 0x10, 0x6d, 0x07, 0xf8,
227  0x33, 0x87, 0x05, 0x43, 0x0e, 0x64, 0x77, 0x09,
228  0x18, 0x4f, 0x38, 0x2e, 0x45, 0xae, 0xa8, 0x34,
229  0x3a, 0xa8, 0x33, 0xac, 0x9d, 0xdd, 0x25, 0x91,
230  0x59, 0x43, 0xbe, 0x0f, 0x87, 0x16, 0x2f, 0xb5,
231  0x27, 0xfd, 0xce, 0x2f, 0x35, 0x5d, 0x12, 0xa1,
232  0x66, 0xac, 0xf7, 0x95, 0x38, 0x0f, 0xe5, 0xb1,
233  0x18, 0x18, 0xe6, 0x80, 0x52, 0x31, 0x8a, 0x66,
234  0x02, 0x52, 0x1a, 0xa4, 0x32, 0x6a, 0x61, 0x05,
235  0xcf, 0x1d, 0xf9, 0x90, 0x73, 0xf0, 0xeb, 0x20,
236  0x31, 0x7b, 0x2e, 0xc0, 0xb0, 0xfb, 0x5c, 0xcc,
237  0xdc, 0x76, 0x55, 0x72, 0xaf, 0xb1, 0x05, 0xf4,
238  0xad, 0xf9, 0xd7, 0x73, 0x5c, 0x2c, 0xbf, 0x0d,
239  0x84, 0x18, 0x01, 0x1d, 0x4d, 0x08, 0xa9, 0x4e,
240  0x37, 0xb7, 0x58, 0xc4, 0x05, 0x0e, 0x65, 0x63,
241  0xd2, 0x88, 0x02, 0xf5, 0x82, 0x17, 0x08, 0xd5,
242  0x8f, 0x80, 0xc7, 0x82, 0x29, 0xbb, 0xe1, 0x04,
243  0xbe, 0xf6, 0xe1, 0x8c, 0xbc, 0x3a, 0xf8, 0xf9,
244  0x56, 0xda, 0xdc, 0x8e, 0xc6, 0xe6, 0x63, 0x98,
245  0x12, 0x08, 0x41, 0x2c, 0x9d, 0x7c, 0x82, 0x0d,
246  0x1e, 0xea, 0xba, 0xde, 0x32, 0x09, 0xda, 0x52,
247  0x24, 0x4f, 0xcc, 0xb6, 0x09, 0x33, 0x8b, 0x00,
248  0xf9, 0x83, 0xb3, 0xc6, 0xa4, 0x90, 0x49, 0x83,
249  0x2d, 0x36, 0xd9, 0x11, 0x78, 0xd0, 0x62, 0x9f,
250  0xc4, 0x8f, 0x84, 0xba, 0x7f, 0xaa, 0x04, 0xf1,
251  0xd9, 0xa4, 0xad, 0x5d, 0x63, 0xee, 0x72, 0xc6,
252  0x4d, 0xd1, 0x4b, 0x41, 0x8f, 0x40, 0x0f, 0x7d,
253  0xcd, 0xb8, 0x2e, 0x5b, 0x6e, 0x21, 0xc9, 0x3d
254  };
255 
256  Flow f;
257  SSLState *ssl_state = NULL;
258  TcpSession ssn;
259  Packet *p1 = NULL;
260  Packet *p2 = NULL;
261  Packet *p3 = NULL;
262  ThreadVars tv;
263  DetectEngineThreadCtx *det_ctx = NULL;
265 
266  memset(&tv, 0, sizeof(ThreadVars));
267  memset(&f, 0, sizeof(Flow));
268  memset(&ssn, 0, sizeof(TcpSession));
269 
270  p1 = UTHBuildPacketReal(client_hello, sizeof(client_hello), IPPROTO_TCP,
271  "192.168.1.5", "192.168.1.1", 51251, 443);
272  p2 = UTHBuildPacketReal(server_hello, sizeof(server_hello), IPPROTO_TCP,
273  "192.168.1.1", "192.168.1.5", 443, 51251);
274  p3 = UTHBuildPacketReal(certificate, sizeof(certificate), IPPROTO_TCP,
275  "192.168.1.1", "192.168.1.5", 443, 51251);
276 
277  FLOW_INITIALIZE(&f);
278  f.flags |= FLOW_IPV4;
279  f.proto = IPPROTO_TCP;
281  f.alproto = ALPROTO_TLS;
282 
283  p1->flow = &f;
287  p1->pcap_cnt = 1;
288 
289  p2->flow = &f;
293  p2->pcap_cnt = 2;
294 
295  p3->flow = &f;
299  p3->pcap_cnt = 3;
300 
302 
304  FAIL_IF_NULL(de_ctx);
305 
307  de_ctx->flags |= DE_QUIET;
308 
309  Signature *s = DetectEngineAppendSig(de_ctx, "alert tls any any -> any any "
310  "(msg:\"Test tls.certs\"; tls.certs; "
311  "content:\"|06 09 2a 86 48|\"; sid:1;)");
312  FAIL_IF_NULL(s);
313 
314  SigGroupBuild(de_ctx);
315  DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
316 
317  int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS,
318  STREAM_TOSERVER, client_hello,
319  sizeof(client_hello));
320 
321  FAIL_IF(r != 0);
322 
323  ssl_state = f.alstate;
324  FAIL_IF_NULL(ssl_state);
325 
326  SigMatchSignatures(&tv, de_ctx, det_ctx, p1);
327 
328  FAIL_IF(PacketAlertCheck(p1, 1));
329 
330  r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, STREAM_TOCLIENT,
331  server_hello, sizeof(server_hello));
332 
333  FAIL_IF(r != 0);
334 
335  SigMatchSignatures(&tv, de_ctx, det_ctx, p2);
336 
337  FAIL_IF(PacketAlertCheck(p2, 1));
338 
339  r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, STREAM_TOCLIENT,
340  certificate, sizeof(certificate));
341 
342  FAIL_IF(r != 0);
343 
344  SigMatchSignatures(&tv, de_ctx, det_ctx, p3);
345 
347  AppLayerParserThreadCtxFree(alp_tctx);
348  DetectEngineThreadCtxDeinit(&tv, det_ctx);
349  DetectEngineCtxFree(de_ctx);
351  FLOW_DESTROY(&f);
352  UTHFreePacket(p1);
353  UTHFreePacket(p2);
354  UTHFreePacket(p3);
355 
356  PASS;
357 }
358 
359 static void DetectTlsCertsRegisterTests(void)
360 {
361  UtRegisterTest("DetectTlsCertsTest01", DetectTlsCertsTest01);
362  UtRegisterTest("DetectTlsCertsTest02", DetectTlsCertsTest02);
363 }
Signature * DetectEngineAppendSig(DetectEngineCtx *de_ctx, const char *sigstr)
Parse and append a Signature into the Detection Engine Context signature list.
struct Flow_ * flow
Definition: decode.h:443
int PacketAlertCheck(Packet *p, uint32_t sid)
Check if a certain sid alerted, this is used in the test functions.
uint8_t proto
Definition: flow.h:344
#define PASS
Pass the test.
Signature * SigInit(DetectEngineCtx *, const char *)
Parses a signature and adds it to the Detection Engine Context.
Signature * sig_list
Definition: detect.h:730
#define FAIL_IF(expr)
Fail a test if expression evaluates to false.
Definition: util-unittest.h:71
void AppLayerParserThreadCtxFree(AppLayerParserThreadCtx *tctx)
Destroys the app layer parser thread context obtained using AppLayerParserThreadCtxAlloc().
uint8_t FlowGetProtoMapping(uint8_t proto)
Function to map the protocol to the defined FLOW_PROTO_* enumeration.
Definition: flow-util.c:95
#define FLOW_PKT_ESTABLISHED
Definition: flow.h:203
void SigCleanSignatures(DetectEngineCtx *de_ctx)
void StreamTcpFreeConfig(char quiet)
Definition: stream-tcp.c:669
uint64_t pcap_cnt
Definition: decode.h:561
TmEcode DetectEngineThreadCtxInit(ThreadVars *, void *, void **)
initialize thread specific detection engine context
Signature container.
Definition: detect.h:496
#define TRUE
struct SigMatch_ * next
Definition: detect.h:326
main detection engine ctx
Definition: detect.h:724
TmEcode DetectEngineThreadCtxDeinit(ThreadVars *, void *)
SSLv[2.0|3.[0|1|2|3]] state structure.
void * alstate
Definition: flow.h:438
#define DE_QUIET
Definition: detect.h:296
uint8_t flags
Definition: detect.h:725
#define FLOW_DESTROY(f)
Definition: flow-util.h:119
int SigGroupBuild(DetectEngineCtx *de_ctx)
Convert the signature list into the runtime match structure.
uint16_t mpm_matcher
Definition: detect.h:773
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
void SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, Packet *p)
wrapper for old tests
Definition: detect.c:1742
void StreamTcpInitConfig(char)
To initialize the stream global configuration data.
Definition: stream-tcp.c:365
Packet * UTHBuildPacketReal(uint8_t *payload, uint16_t payload_len, uint8_t ipproto, const char *src, const char *dst, uint16_t sport, uint16_t dport)
UTHBuildPacketReal is a function that create tcp/udp packets for unittests specifying ip and port sou...
uint8_t flowflags
Definition: decode.h:437
#define STREAM_TOCLIENT
Definition: stream.h:32
#define FLOW_PKT_TOSERVER
Definition: flow.h:201
AppLayerParserThreadCtx * AppLayerParserThreadCtxAlloc(void)
Gets a new app layer protocol&#39;s parser thread context.
#define FAIL_IF_NOT_NULL(expr)
Fail a test if expression evaluates to non-NULL.
Definition: util-unittest.h:96
uint8_t type
Definition: detect.h:323
int mpm_default_matcher
Definition: util-mpm.h:170
#define FLOW_INITIALIZE(f)
Definition: flow-util.h:39
#define STREAM_TOSERVER
Definition: stream.h:31
void UTHFreePacket(Packet *p)
UTHFreePacket: function to release the allocated data from UTHBuildPacket and the packet itself...
#define PKT_HAS_FLOW
Definition: decode.h:1092
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
Definition: util-unittest.h:89
Per thread variable structure.
Definition: threadvars.h:57
#define FLOW_PKT_TOCLIENT
Definition: flow.h:202
AppProto alproto
application level protocol
Definition: flow.h:409
uint32_t flags
Definition: decode.h:441
void DetectEngineCtxFree(DetectEngineCtx *)
Free a DetectEngineCtx::
uint8_t protomap
Definition: flow.h:404
Flow data structure.
Definition: flow.h:325
#define FLOW_IPV4
Definition: flow.h:94
uint32_t flags
Definition: flow.h:379
#define PKT_STREAM_EST
Definition: decode.h:1090
a single match condition for a signature
Definition: detect.h:322
#define FAIL_IF_NOT(expr)
Fail a test if expression to true.
Definition: util-unittest.h:82
int AppLayerParserParse(ThreadVars *tv, AppLayerParserThreadCtx *alp_tctx, Flow *f, AppProto alproto, uint8_t flags, uint8_t *input, uint32_t input_len)
DetectEngineCtx * DetectEngineCtxInit(void)