suricata
util-lua-hassh.c
Go to the documentation of this file.
1 /* Copyright (C) 2020 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 
19 /**
20  * \file
21  *
22  * \author Vadym Malakhatko <v.malakhatko@sirinsoftware.com>
23  *
24  */
25 
26 #include "suricata-common.h"
27 #include "detect.h"
28 #include "pkt-var.h"
29 #include "conf.h"
30 
31 #include "threads.h"
32 #include "threadvars.h"
33 #include "tm-threads.h"
34 
35 #include "util-print.h"
36 #include "util-unittest.h"
37 
38 #include "util-debug.h"
39 
40 #include "output.h"
41 #include "app-layer.h"
42 #include "app-layer-parser.h"
43 #include "app-layer-ssl.h"
44 #include "util-privs.h"
45 #include "util-buffer.h"
46 #include "util-proto-name.h"
47 #include "util-logopenfile.h"
48 #include "util-time.h"
49 
50 #include "lua.h"
51 #include "lualib.h"
52 #include "lauxlib.h"
53 
54 #include "util-lua.h"
55 #include "util-lua-common.h"
56 #include "util-lua-hassh.h"
57 
58 static int GetHasshServerString(lua_State *luastate, const Flow *f)
59 {
60  void *state = FlowGetAppState(f);
61  if (state == NULL)
62  return LuaCallbackError(luastate, "error: no app layer state");
63 
64  const uint8_t *hassh_server_string = NULL;
65  uint32_t b_len = 0;
66 
67  void *tx = rs_ssh_state_get_tx(state, 0);
68  if (rs_ssh_tx_get_hassh_string(tx, &hassh_server_string, &b_len, STREAM_TOCLIENT) != 1)
69  return LuaCallbackError(luastate, "error: no server hassh string");
70  if (hassh_server_string == NULL || b_len == 0) {
71  return LuaCallbackError(luastate, "error: no server hassh string");
72  }
73 
74  return LuaPushStringBuffer(luastate, hassh_server_string, b_len);
75 }
76 
77 static int HasshServerGetString(lua_State *luastate)
78 {
79  int r;
80 
81  if (!(LuaStateNeedProto(luastate, ALPROTO_SSH)))
82  return LuaCallbackError(luastate, "error: protocol is not ssh");
83 
84  Flow *f = LuaStateGetFlow(luastate);
85  if (f == NULL)
86  return LuaCallbackError(luastate, "internal error: no ssh flow");
87 
88  r = GetHasshServerString(luastate, f);
89 
90  return r;
91 }
92 
93 static int GetHasshServer(lua_State *luastate, const Flow *f)
94 {
95  void *state = FlowGetAppState(f);
96  if (state == NULL)
97  return LuaCallbackError(luastate, "error: no ssh app layer state");
98 
99  const uint8_t *hassh_server = NULL;
100  uint32_t b_len = 0;
101 
102  void *tx = rs_ssh_state_get_tx(state, 0);
103  if (rs_ssh_tx_get_hassh(tx, &hassh_server, &b_len, STREAM_TOCLIENT) != 1)
104  return LuaCallbackError(luastate, "error: no server hassh");
105  if (hassh_server == NULL || b_len == 0) {
106  return LuaCallbackError(luastate, "error: no server hassh");
107  }
108 
109  return LuaPushStringBuffer(luastate, hassh_server, b_len);
110 }
111 
112 static int HasshServerGet(lua_State *luastate)
113 {
114  int r;
115 
116  if (!(LuaStateNeedProto(luastate, ALPROTO_SSH)))
117  return LuaCallbackError(luastate, "error: protocol is not ssh");
118 
119  Flow *f = LuaStateGetFlow(luastate);
120  if (f == NULL)
121  return LuaCallbackError(luastate, "internal error: no ssh flow");
122 
123  r = GetHasshServer(luastate, f);
124 
125  return r;
126 }
127 
128 static int GetHasshString(lua_State *luastate, const Flow *f)
129 {
130  void *state = FlowGetAppState(f);
131  if (state == NULL)
132  return LuaCallbackError(luastate, "error: no app layer state");
133 
134  const uint8_t *hassh_string = NULL;
135  uint32_t b_len = 0;
136 
137  void *tx = rs_ssh_state_get_tx(state, 0);
138  if (rs_ssh_tx_get_hassh_string(tx, &hassh_string, &b_len, STREAM_TOSERVER) != 1)
139  return LuaCallbackError(luastate, "error: no client hassh_string");
140  if (hassh_string == NULL || b_len == 0) {
141  return LuaCallbackError(luastate, "error: no client hassh_string");
142  }
143 
144  return LuaPushStringBuffer(luastate, hassh_string, b_len);
145 }
146 
147 static int HasshGetString(lua_State *luastate)
148 {
149  int r;
150 
151  if (!(LuaStateNeedProto(luastate, ALPROTO_SSH)))
152  return LuaCallbackError(luastate, "error: protocol is not ssh");
153 
154  Flow *f = LuaStateGetFlow(luastate);
155  if (f == NULL)
156  return LuaCallbackError(luastate, "internal error: no ssh flow");
157 
158  r = GetHasshString(luastate, f);
159 
160  return r;
161 }
162 
163 static int GetHassh(lua_State *luastate, const Flow *f)
164 {
165  void *state = FlowGetAppState(f);
166  if (state == NULL)
167  return LuaCallbackError(luastate, "error: no app layer state");
168 
169  const uint8_t *hassh = NULL;
170  uint32_t b_len = 0;
171 
172  void *tx = rs_ssh_state_get_tx(state, 0);
173  if (rs_ssh_tx_get_hassh(tx, &hassh, &b_len, STREAM_TOSERVER) != 1)
174  return LuaCallbackError(luastate, "error: no client hassh");
175  if (hassh == NULL || b_len == 0) {
176  return LuaCallbackError(luastate, "error: no client hassh");
177  }
178 
179  return LuaPushStringBuffer(luastate, hassh, b_len);
180 }
181 
182 static int HasshGet(lua_State *luastate)
183 {
184  int r;
185 
186  if (!(LuaStateNeedProto(luastate, ALPROTO_SSH)))
187  return LuaCallbackError(luastate, "error: protocol is not ssh");
188 
189  Flow *f = LuaStateGetFlow(luastate);
190  if (f == NULL)
191  return LuaCallbackError(luastate, "internal error: no sshflow");
192 
193  r = GetHassh(luastate, f);
194 
195  return r;
196 }
197 
198 /** *\brief Register Hassh Lua extensions */
199 int LuaRegisterHasshFunctions(lua_State *luastate)
200 {
201 
202  lua_pushcfunction(luastate, HasshGet);
203  lua_setglobal(luastate, "HasshGet");
204 
205  lua_pushcfunction(luastate, HasshGetString);
206  lua_setglobal(luastate, "HasshGetString");
207 
208  lua_pushcfunction(luastate, HasshServerGet);
209  lua_setglobal(luastate, "HasshServerGet");
210 
211  lua_pushcfunction(luastate, HasshServerGetString);
212  lua_setglobal(luastate, "HasshServerGetString");
213 
214  return 0;
215 }
tm-threads.h
util-lua-hassh.h
util-lua-common.h
util-lua.h
LuaCallbackError
int LuaCallbackError(lua_State *luastate, const char *msg)
Definition: util-lua-common.c:59
threads.h
Flow_
Flow data structure.
Definition: flow.h:356
util-privs.h
ALPROTO_SSH
@ ALPROTO_SSH
Definition: app-layer-protos.h:34
util-unittest.h
lua_State
struct lua_State lua_State
Definition: suricata-common.h:506
util-debug.h
LuaRegisterHasshFunctions
int LuaRegisterHasshFunctions(lua_State *luastate)
Register Hassh Lua extensions.
Definition: util-lua-hassh.c:199
util-print.h
detect.h
pkt-var.h
util-time.h
app-layer-parser.h
conf.h
util-proto-name.h
suricata-common.h
threadvars.h
util-logopenfile.h
util-buffer.h
LuaStateGetFlow
Flow * LuaStateGetFlow(lua_State *luastate)
get flow pointer from lua state
Definition: util-lua.c:161
LuaStateNeedProto
int LuaStateNeedProto(lua_State *luastate, AppProto alproto)
Definition: util-lua-common.c:995
app-layer-ssl.h
output.h
LuaPushStringBuffer
int LuaPushStringBuffer(lua_State *luastate, const uint8_t *input, size_t input_len)
Definition: util-lua.c:319
app-layer.h