suricata
util-lua-hassh.c
Go to the documentation of this file.
1 /* Copyright (C) 2020 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 
19 /**
20  * \file
21  *
22  * \author Vadym Malakhatko <v.malakhatko@sirinsoftware.com>
23  *
24  */
25 
26 #include "suricata-common.h"
27 #include "detect.h"
28 #include "pkt-var.h"
29 #include "conf.h"
30 
31 #include "threads.h"
32 #include "threadvars.h"
33 #include "tm-threads.h"
34 
35 #include "util-print.h"
36 #include "util-unittest.h"
37 
38 #include "util-debug.h"
39 
40 #include "output.h"
41 #include "app-layer.h"
42 #include "app-layer-parser.h"
43 #include "app-layer-ssl.h"
44 #include "util-privs.h"
45 #include "util-buffer.h"
46 #include "util-proto-name.h"
47 #include "util-logopenfile.h"
48 #include "util-time.h"
49 
50 #ifdef HAVE_LUA
51 
52 #include <lua.h>
53 #include <lualib.h>
54 #include <lauxlib.h>
55 
56 #include "util-lua.h"
57 #include "util-lua-common.h"
58 #include "util-lua-hassh.h"
59 
60 static int GetHasshServerString(lua_State *luastate, const Flow *f)
61 {
62  void *state = FlowGetAppState(f);
63  if (state == NULL)
64  return LuaCallbackError(luastate, "error: no app layer state");
65 
66  const uint8_t *hassh_server_string = NULL;
67  uint32_t b_len = 0;
68 
69  void *tx = rs_ssh_state_get_tx(state, 0);
70  if (rs_ssh_tx_get_hassh_string(tx, &hassh_server_string, &b_len, STREAM_TOCLIENT) != 1)
71  return LuaCallbackError(luastate, "error: no server hassh string");
72  if (hassh_server_string == NULL || b_len == 0) {
73  return LuaCallbackError(luastate, "error: no server hassh string");
74  }
75 
76  return LuaPushStringBuffer(luastate, hassh_server_string, b_len);
77 }
78 
79 static int HasshServerGetString(lua_State *luastate)
80 {
81  int r;
82 
83  if (!(LuaStateNeedProto(luastate, ALPROTO_SSH)))
84  return LuaCallbackError(luastate, "error: protocol is not ssh");
85 
86  Flow *f = LuaStateGetFlow(luastate);
87  if (f == NULL)
88  return LuaCallbackError(luastate, "internal error: no ssh flow");
89 
90  r = GetHasshServerString(luastate, f);
91 
92  return r;
93 }
94 
95 static int GetHasshServer(lua_State *luastate, const Flow *f)
96 {
97  void *state = FlowGetAppState(f);
98  if (state == NULL)
99  return LuaCallbackError(luastate, "error: no ssh app layer state");
100 
101  const uint8_t *hassh_server = NULL;
102  uint32_t b_len = 0;
103 
104  void *tx = rs_ssh_state_get_tx(state, 0);
105  if (rs_ssh_tx_get_hassh(tx, &hassh_server, &b_len, STREAM_TOCLIENT) != 1)
106  return LuaCallbackError(luastate, "error: no server hassh");
107  if (hassh_server == NULL || b_len == 0) {
108  return LuaCallbackError(luastate, "error: no server hassh");
109  }
110 
111  return LuaPushStringBuffer(luastate, hassh_server, b_len);
112 }
113 
114 static int HasshServerGet(lua_State *luastate)
115 {
116  int r;
117 
118  if (!(LuaStateNeedProto(luastate, ALPROTO_SSH)))
119  return LuaCallbackError(luastate, "error: protocol is not ssh");
120 
121  Flow *f = LuaStateGetFlow(luastate);
122  if (f == NULL)
123  return LuaCallbackError(luastate, "internal error: no ssh flow");
124 
125  r = GetHasshServer(luastate, f);
126 
127  return r;
128 }
129 
130 static int GetHasshString(lua_State *luastate, const Flow *f)
131 {
132  void *state = FlowGetAppState(f);
133  if (state == NULL)
134  return LuaCallbackError(luastate, "error: no app layer state");
135 
136  const uint8_t *hassh_string = NULL;
137  uint32_t b_len = 0;
138 
139  void *tx = rs_ssh_state_get_tx(state, 0);
140  if (rs_ssh_tx_get_hassh_string(tx, &hassh_string, &b_len, STREAM_TOSERVER) != 1)
141  return LuaCallbackError(luastate, "error: no client hassh_string");
142  if (hassh_string == NULL || b_len == 0) {
143  return LuaCallbackError(luastate, "error: no client hassh_string");
144  }
145 
146  return LuaPushStringBuffer(luastate, hassh_string, b_len);
147 }
148 
149 static int HasshGetString(lua_State *luastate)
150 {
151  int r;
152 
153  if (!(LuaStateNeedProto(luastate, ALPROTO_SSH)))
154  return LuaCallbackError(luastate, "error: protocol is not ssh");
155 
156  Flow *f = LuaStateGetFlow(luastate);
157  if (f == NULL)
158  return LuaCallbackError(luastate, "internal error: no ssh flow");
159 
160  r = GetHasshString(luastate, f);
161 
162  return r;
163 }
164 
165 static int GetHassh(lua_State *luastate, const Flow *f)
166 {
167  void *state = FlowGetAppState(f);
168  if (state == NULL)
169  return LuaCallbackError(luastate, "error: no app layer state");
170 
171  const uint8_t *hassh = NULL;
172  uint32_t b_len = 0;
173 
174  void *tx = rs_ssh_state_get_tx(state, 0);
175  if (rs_ssh_tx_get_hassh(tx, &hassh, &b_len, STREAM_TOSERVER) != 1)
176  return LuaCallbackError(luastate, "error: no client hassh");
177  if (hassh == NULL || b_len == 0) {
178  return LuaCallbackError(luastate, "error: no client hassh");
179  }
180 
181  return LuaPushStringBuffer(luastate, hassh, b_len);
182 }
183 
184 static int HasshGet(lua_State *luastate)
185 {
186  int r;
187 
188  if (!(LuaStateNeedProto(luastate, ALPROTO_SSH)))
189  return LuaCallbackError(luastate, "error: protocol is not ssh");
190 
191  Flow *f = LuaStateGetFlow(luastate);
192  if (f == NULL)
193  return LuaCallbackError(luastate, "internal error: no sshflow");
194 
195  r = GetHassh(luastate, f);
196 
197  return r;
198 }
199 
200 /** *\brief Register Hassh Lua extensions */
201 int LuaRegisterHasshFunctions(lua_State *luastate)
202 {
203 
204  lua_pushcfunction(luastate, HasshGet);
205  lua_setglobal(luastate, "HasshGet");
206 
207  lua_pushcfunction(luastate, HasshGetString);
208  lua_setglobal(luastate, "HasshGetString");
209 
210  lua_pushcfunction(luastate, HasshServerGet);
211  lua_setglobal(luastate, "HasshServerGet");
212 
213  lua_pushcfunction(luastate, HasshServerGetString);
214  lua_setglobal(luastate, "HasshServerGetString");
215 
216  return 0;
217 }
218 
219 #endif /* HAVE_LUA */
tm-threads.h
util-lua-hassh.h
util-lua-common.h
util-lua.h
threads.h
Flow_
Flow data structure.
Definition: flow.h:351
util-privs.h
ALPROTO_SSH
@ ALPROTO_SSH
Definition: app-layer-protos.h:34
util-unittest.h
util-debug.h
util-print.h
detect.h
pkt-var.h
util-time.h
app-layer-parser.h
conf.h
util-proto-name.h
suricata-common.h
lua_State
void lua_State
Definition: suricata-common.h:500
threadvars.h
util-logopenfile.h
util-buffer.h
app-layer-ssl.h
output.h
app-layer.h