suricata
util-lua-hassh.c
Go to the documentation of this file.
1 /* Copyright (C) 2020 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 
19 /**
20  * \file
21  *
22  * \author Vadym Malakhatko <v.malakhatko@sirinsoftware.com>
23  *
24  */
25 
26 #include "suricata-common.h"
27 #include "debug.h"
28 #include "detect.h"
29 #include "pkt-var.h"
30 #include "conf.h"
31 
32 #include "threads.h"
33 #include "threadvars.h"
34 #include "tm-threads.h"
35 
36 #include "util-print.h"
37 #include "util-unittest.h"
38 
39 #include "util-debug.h"
40 
41 #include "output.h"
42 #include "app-layer.h"
43 #include "app-layer-parser.h"
44 #include "app-layer-ssl.h"
45 #include "util-privs.h"
46 #include "util-buffer.h"
47 #include "util-proto-name.h"
48 #include "util-logopenfile.h"
49 #include "util-time.h"
50 
51 #ifdef HAVE_LUA
52 
53 #include <lua.h>
54 #include <lualib.h>
55 #include <lauxlib.h>
56 
57 #include "util-lua.h"
58 #include "util-lua-common.h"
59 #include "util-lua-hassh.h"
60 
61 static int GetHasshServerString(lua_State *luastate, const Flow *f)
62 {
63  void *state = FlowGetAppState(f);
64  if (state == NULL)
65  return LuaCallbackError(luastate, "error: no app layer state");
66 
67  const uint8_t *hassh_server_string = NULL;
68  uint32_t b_len = 0;
69 
70  void *tx = rs_ssh_state_get_tx(state, 0);
71  if (rs_ssh_tx_get_hassh_string(tx, &hassh_server_string, &b_len, STREAM_TOCLIENT) != 1)
72  return LuaCallbackError(luastate, "error: no server hassh string");
73  if (hassh_server_string == NULL || b_len == 0) {
74  return LuaCallbackError(luastate, "error: no server hassh string");
75  }
76 
77  return LuaPushStringBuffer(luastate, hassh_server_string, b_len);
78 }
79 
80 static int HasshServerGetString(lua_State *luastate)
81 {
82  int r;
83 
84  if (!(LuaStateNeedProto(luastate, ALPROTO_SSH)))
85  return LuaCallbackError(luastate, "error: protocol is not ssh");
86 
87  Flow *f = LuaStateGetFlow(luastate);
88  if (f == NULL)
89  return LuaCallbackError(luastate, "internal error: no ssh flow");
90 
91  r = GetHasshServerString(luastate, f);
92 
93  return r;
94 }
95 
96 static int GetHasshServer(lua_State *luastate, const Flow *f)
97 {
98  void *state = FlowGetAppState(f);
99  if (state == NULL)
100  return LuaCallbackError(luastate, "error: no ssh app layer state");
101 
102  const uint8_t *hassh_server = NULL;
103  uint32_t b_len = 0;
104 
105  void *tx = rs_ssh_state_get_tx(state, 0);
106  if (rs_ssh_tx_get_hassh(tx, &hassh_server, &b_len, STREAM_TOCLIENT) != 1)
107  return LuaCallbackError(luastate, "error: no server hassh");
108  if (hassh_server == NULL || b_len == 0) {
109  return LuaCallbackError(luastate, "error: no server hassh");
110  }
111 
112  return LuaPushStringBuffer(luastate, hassh_server, b_len);
113 }
114 
115 static int HasshServerGet(lua_State *luastate)
116 {
117  int r;
118 
119  if (!(LuaStateNeedProto(luastate, ALPROTO_SSH)))
120  return LuaCallbackError(luastate, "error: protocol is not ssh");
121 
122  Flow *f = LuaStateGetFlow(luastate);
123  if (f == NULL)
124  return LuaCallbackError(luastate, "internal error: no ssh flow");
125 
126  r = GetHasshServer(luastate, f);
127 
128  return r;
129 }
130 
131 static int GetHasshString(lua_State *luastate, const Flow *f)
132 {
133  void *state = FlowGetAppState(f);
134  if (state == NULL)
135  return LuaCallbackError(luastate, "error: no app layer state");
136 
137  const uint8_t *hassh_string = NULL;
138  uint32_t b_len = 0;
139 
140  void *tx = rs_ssh_state_get_tx(state, 0);
141  if (rs_ssh_tx_get_hassh_string(tx, &hassh_string, &b_len, STREAM_TOSERVER) != 1)
142  return LuaCallbackError(luastate, "error: no client hassh_string");
143  if (hassh_string == NULL || b_len == 0) {
144  return LuaCallbackError(luastate, "error: no client hassh_string");
145  }
146 
147  return LuaPushStringBuffer(luastate, hassh_string, b_len);
148 }
149 
150 static int HasshGetString(lua_State *luastate)
151 {
152  int r;
153 
154  if (!(LuaStateNeedProto(luastate, ALPROTO_SSH)))
155  return LuaCallbackError(luastate, "error: protocol is not ssh");
156 
157  Flow *f = LuaStateGetFlow(luastate);
158  if (f == NULL)
159  return LuaCallbackError(luastate, "internal error: no ssh flow");
160 
161  r = GetHasshString(luastate, f);
162 
163  return r;
164 }
165 
166 static int GetHassh(lua_State *luastate, const Flow *f)
167 {
168  void *state = FlowGetAppState(f);
169  if (state == NULL)
170  return LuaCallbackError(luastate, "error: no app layer state");
171 
172  const uint8_t *hassh = NULL;
173  uint32_t b_len = 0;
174 
175  void *tx = rs_ssh_state_get_tx(state, 0);
176  if (rs_ssh_tx_get_hassh(tx, &hassh, &b_len, STREAM_TOSERVER) != 1)
177  return LuaCallbackError(luastate, "error: no client hassh");
178  if (hassh == NULL || b_len == 0) {
179  return LuaCallbackError(luastate, "error: no client hassh");
180  }
181 
182  return LuaPushStringBuffer(luastate, hassh, b_len);
183 }
184 
185 static int HasshGet(lua_State *luastate)
186 {
187  int r;
188 
189  if (!(LuaStateNeedProto(luastate, ALPROTO_SSH)))
190  return LuaCallbackError(luastate, "error: protocol is not ssh");
191 
192  Flow *f = LuaStateGetFlow(luastate);
193  if (f == NULL)
194  return LuaCallbackError(luastate, "internal error: no sshflow");
195 
196  r = GetHassh(luastate, f);
197 
198  return r;
199 }
200 
201 /** *\brief Register Hassh Lua extensions */
202 int LuaRegisterHasshFunctions(lua_State *luastate)
203 {
204 
205  lua_pushcfunction(luastate, HasshGet);
206  lua_setglobal(luastate, "HasshGet");
207 
208  lua_pushcfunction(luastate, HasshGetString);
209  lua_setglobal(luastate, "HasshGetString");
210 
211  lua_pushcfunction(luastate, HasshServerGet);
212  lua_setglobal(luastate, "HasshServerGet");
213 
214  lua_pushcfunction(luastate, HasshServerGetString);
215  lua_setglobal(luastate, "HasshServerGetString");
216 
217  return 0;
218 }
219 
220 #endif /* HAVE_LUA */
lua_State
void lua_State
Definition: util-lua.h:31
tm-threads.h
util-lua-hassh.h
util-lua-common.h
util-lua.h
threads.h
Flow_
Flow data structure.
Definition: flow.h:353
util-privs.h
ALPROTO_SSH
@ ALPROTO_SSH
Definition: app-layer-protos.h:34
util-unittest.h
FlowGetAppState
void * FlowGetAppState(const Flow *f)
Definition: flow.c:1129
util-debug.h
util-print.h
detect.h
pkt-var.h
util-time.h
app-layer-parser.h
conf.h
util-proto-name.h
suricata-common.h
threadvars.h
util-logopenfile.h
util-buffer.h
app-layer-ssl.h
debug.h
output.h
app-layer.h