util-lua-tls_8c_source.html

 /* Copyright (C) 2014 Open Information Security Foundation
  *
  * You can copy, redistribute or modify this Program under the terms of
  * the GNU General Public License version 2 as published by the Free
  * Software Foundation.
  *
  * This program is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License for more details.
  *
  * You should have received a copy of the GNU General Public License
  * version 2 along with this program; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
  * 02110-1301, USA.
  */


 /**
  * \file
  *
  * \author Eric Leblond <eric@regit.org>
  *
  */

 #include "suricata-common.h"
 #include "debug.h"
 #include "detect.h"
 #include "pkt-var.h"
 #include "conf.h"

 #include "threads.h"
 #include "threadvars.h"
 #include "tm-threads.h"

 #include "util-print.h"
 #include "util-unittest.h"

 #include "util-debug.h"

 #include "output.h"
 #include "app-layer.h"
 #include "app-layer-parser.h"
 #include "app-layer-ssl.h"
 #include "util-privs.h"
 #include "util-buffer.h"
 #include "util-proto-name.h"
 #include "util-logopenfile.h"
 #include "util-time.h"

 #ifdef HAVE_LUA

 #include <lua.h>
 #include <lualib.h>
 #include <lauxlib.h>

 #include "util-lua.h"
 #include "util-lua-common.h"
 #include "util-lua-tls.h"

 static int GetCertNotBefore(lua_State *luastate, const Flow *f, int direction)
 {
     void *state = FlowGetAppState(f);
     if (state == NULL)
         return LuaCallbackError(luastate, "error: no app layer state");

     SSLState *ssl_state = (SSLState *)state;
     SSLStateConnp *connp = NULL;

     if (direction) {
         connp = &ssl_state->client_connp;
     } else {
         connp = &ssl_state->server_connp;
     }

     if (connp->cert0_not_before == 0)
         return LuaCallbackError(luastate, "error: no certificate NotBefore");

     int r = LuaPushInteger(luastate, connp->cert0_not_before);

     return r;
 }

 static int TlsGetCertNotBefore(lua_State *luastate)
 {
     int r;

     if (!(LuaStateNeedProto(luastate, ALPROTO_TLS)))
         return LuaCallbackError(luastate, "error: protocol not tls");

     int direction = LuaStateGetDirection(luastate);

     Flow *f = LuaStateGetFlow(luastate);
     if (f == NULL)
         return LuaCallbackError(luastate, "internal error: no flow");

     r = GetCertNotBefore(luastate, f, direction);

     return r;
 }

 static int GetCertNotAfter(lua_State *luastate, const Flow *f, int direction)
 {
     void *state = FlowGetAppState(f);
     if (state == NULL)
         return LuaCallbackError(luastate, "error: no app layer state");

     SSLState *ssl_state = (SSLState *)state;
     SSLStateConnp *connp = NULL;

     if (direction) {
         connp = &ssl_state->client_connp;
     } else {
         connp = &ssl_state->server_connp;
     }

     if (connp->cert0_not_after == 0)
         return LuaCallbackError(luastate, "error: no certificate NotAfter");

     int r = LuaPushInteger(luastate, connp->cert0_not_after);

     return r;
 }

 static int TlsGetCertNotAfter(lua_State *luastate)
 {
     int r;

     if (!(LuaStateNeedProto(luastate, ALPROTO_TLS)))
         return LuaCallbackError(luastate, "error: protocol not tls");

     int direction = LuaStateGetDirection(luastate);

     Flow *f = LuaStateGetFlow(luastate);
     if (f == NULL)
         return LuaCallbackError(luastate, "internal error: no flow");

     r = GetCertNotAfter(luastate, f, direction);

     return r;
 }

 static int GetCertInfo(lua_State *luastate, const Flow *f, int direction)
 {
     void *state = FlowGetAppState(f);
     if (state == NULL)
         return LuaCallbackError(luastate, "error: no app layer state");

     SSLState *ssl_state = (SSLState *)state;
     SSLStateConnp *connp = NULL;

     if (direction) {
         connp = &ssl_state->client_connp;
     } else {
         connp = &ssl_state->server_connp;
     }

     if (connp->cert0_subject == NULL)
         return LuaCallbackError(luastate, "error: no cert");

     /* tls.version */
     char ssl_version[SSL_VERSION_MAX_STRLEN];
     SSLVersionToString(ssl_state->server_connp.version, ssl_version);

     int r = LuaPushStringBuffer(luastate, (uint8_t *)ssl_version, strlen(ssl_version));
     r += LuaPushStringBuffer(luastate, (uint8_t *)connp->cert0_subject, strlen(connp->cert0_subject));
     r += LuaPushStringBuffer(luastate, (uint8_t *)connp->cert0_issuerdn, strlen(connp->cert0_issuerdn));
     r += LuaPushStringBuffer(luastate, (uint8_t *)connp->cert0_fingerprint, strlen(connp->cert0_fingerprint));
     return r;
 }

 static int TlsGetCertInfo(lua_State *luastate)
 {
     int r;

     if (!(LuaStateNeedProto(luastate, ALPROTO_TLS)))
         return LuaCallbackError(luastate, "error: protocol not tls");

     int direction = LuaStateGetDirection(luastate);

     Flow *f = LuaStateGetFlow(luastate);
     if (f == NULL)
         return LuaCallbackError(luastate, "internal error: no flow");

     r = GetCertInfo(luastate, f, direction);

     return r;
 }

 static int GetAgreedVersion(lua_State *luastate, const Flow *f)
 {
     void *state = FlowGetAppState(f);
     if (state == NULL)
         return LuaCallbackError(luastate, "error: no app layer state");

     SSLState *ssl_state = (SSLState *)state;

     char ssl_version[SSL_VERSION_MAX_STRLEN];
     SSLVersionToString(ssl_state->server_connp.version, ssl_version);

     return LuaPushStringBuffer(luastate, (uint8_t *)ssl_version,
                                strlen(ssl_version));
 }

 static int TlsGetVersion(lua_State *luastate)
 {
     int r;

     if (!(LuaStateNeedProto(luastate, ALPROTO_TLS)))
         return LuaCallbackError(luastate, "error: protocol not tls");

     Flow *f = LuaStateGetFlow(luastate);
     if (f == NULL)
         return LuaCallbackError(luastate, "internal error: no flow");

     r = GetAgreedVersion(luastate, f);

     return r;
 }

 static int GetSNI(lua_State *luastate, const Flow *f)
 {
     void *state = FlowGetAppState(f);
     if (state == NULL)
         return LuaCallbackError(luastate, "error: no app layer state");

     SSLState *ssl_state = (SSLState *)state;

     if (ssl_state->client_connp.sni == NULL)
         return LuaCallbackError(luastate, "error: no server name indication");

     return LuaPushStringBuffer(luastate, (uint8_t *)ssl_state->client_connp.sni,
                                strlen(ssl_state->client_connp.sni));
 }

 static int TlsGetSNI(lua_State *luastate)
 {
     int r;

     if (!(LuaStateNeedProto(luastate, ALPROTO_TLS)))
         return LuaCallbackError(luastate, "error: protocol not tls");

     Flow *f = LuaStateGetFlow(luastate);
     if (f == NULL)
         return LuaCallbackError(luastate, "internal error: no flow");

     r = GetSNI(luastate, f);

     return r;
 }

 static int GetCertSerial(lua_State *luastate, const Flow *f)
 {
     void *state = FlowGetAppState(f);
     if (state == NULL)
         return LuaCallbackError(luastate, "error: no app layer state");

     SSLState *ssl_state = (SSLState *)state;

     if (ssl_state->server_connp.cert0_serial == NULL)
         return LuaCallbackError(luastate, "error: no certificate serial");

     return LuaPushStringBuffer(luastate,
                                (uint8_t *)ssl_state->server_connp.cert0_serial,
                                strlen(ssl_state->server_connp.cert0_serial));
 }

 static int TlsGetCertSerial(lua_State *luastate)
 {
     int r;

     if (!(LuaStateNeedProto(luastate, ALPROTO_TLS)))
         return LuaCallbackError(luastate, "error: protocol not tls");

     Flow *f = LuaStateGetFlow(luastate);
     if (f == NULL)
         return LuaCallbackError(luastate, "internal error: no flow");

     r = GetCertSerial(luastate, f);

     return r;
 }

 static int GetCertChain(lua_State *luastate, const Flow *f, int direction)
 {
     void *state = FlowGetAppState(f);
     if (state == NULL)
         return LuaCallbackError(luastate, "error: no app layer state");

     SSLState *ssl_state = (SSLState *)state;
     SSLStateConnp *connp = NULL;

     if (direction) {
         connp = &ssl_state->client_connp;
     } else {
         connp = &ssl_state->server_connp;
     }

     uint32_t u = 0;
     lua_newtable(luastate);
     SSLCertsChain *cert = NULL;
     TAILQ_FOREACH(cert, &connp->certs, next)
     {
         lua_pushinteger(luastate, u++);

         lua_newtable(luastate);

         lua_pushstring(luastate, "length");
         lua_pushinteger(luastate, cert->cert_len);
         lua_settable(luastate, -3);

         lua_pushstring(luastate, "data");
         LuaPushStringBuffer(luastate, cert->cert_data, cert->cert_len);

         lua_settable(luastate, -3);
         lua_settable(luastate, -3);
     }

     return 1;
 }

 static int TlsGetCertChain(lua_State *luastate)
 {
     int r;

     if (!(LuaStateNeedProto(luastate, ALPROTO_TLS)))
         return LuaCallbackError(luastate, "error: protocol not tls");

     int direction = LuaStateGetDirection(luastate);

     Flow *f = LuaStateGetFlow(luastate);
     if (f == NULL)
         return LuaCallbackError(luastate, "internal error: no flow");

     r = GetCertChain(luastate, f, direction);

     return r;
 }

 /** \brief register tls lua extensions in a luastate */
 int LuaRegisterTlsFunctions(lua_State *luastate)
 {
     /* registration of the callbacks */
     lua_pushcfunction(luastate, TlsGetCertNotBefore);
     lua_setglobal(luastate, "TlsGetCertNotBefore");

     lua_pushcfunction(luastate, TlsGetCertNotAfter);
     lua_setglobal(luastate, "TlsGetCertNotAfter");

     lua_pushcfunction(luastate, TlsGetVersion);
     lua_setglobal(luastate, "TlsGetVersion");

     lua_pushcfunction(luastate, TlsGetCertInfo);
     lua_setglobal(luastate, "TlsGetCertInfo");

     lua_pushcfunction(luastate, TlsGetSNI);
     lua_setglobal(luastate, "TlsGetSNI");

     lua_pushcfunction(luastate, TlsGetCertSerial);
     lua_setglobal(luastate, "TlsGetCertSerial");

     lua_pushcfunction(luastate, TlsGetCertChain);
     lua_setglobal(luastate, "TlsGetCertChain");

     return 0;
 }

 #endif /* HAVE_LUA */
pkt-var.h

SSLStateConnp_::cert0_subject
char * cert0_subject
Definition: app-layer-ssl.h:195

SSLStateConnp_::cert0_not_before
time_t cert0_not_before
Definition: app-layer-ssl.h:198

output.h

TAILQ_FOREACH
#define TAILQ_FOREACH(var, head, field)
Definition: queue.h:350

next
struct HtpBodyChunk_ * next
Definition: app-layer-htp.h:515

SSLStateConnp_::version
uint16_t version
Definition: app-layer-ssl.h:182

debug.h

SSLStateConnp_::cert0_fingerprint
char * cert0_fingerprint
Definition: app-layer-ssl.h:200

SSLState_::server_connp
SSLStateConnp server_connp
Definition: app-layer-ssl.h:249

SSLStateConnp_::cert0_not_after
time_t cert0_not_after
Definition: app-layer-ssl.h:199

util-unittest.h

SSLStateConnp_::sni
char * sni
Definition: app-layer-ssl.h:203

SSLVersionToString
void SSLVersionToString(uint16_t version, char *buffer)
Definition: app-layer-ssl.c:266

SSL_VERSION_MAX_STRLEN
#define SSL_VERSION_MAX_STRLEN
Definition: app-layer-ssl.h:132

SSLState_
SSLv[2.0|3.[0|1|2|3]] state structure.
Definition: app-layer-ssl.h:226

util-privs.h

threads.h

SSLStateConnp_
Definition: app-layer-ssl.h:172

util-lua.h

util-debug.h

suricata-common.h

util-print.h

util-time.h

app-layer-ssl.h

util-proto-name.h

SSLCertsChain_::cert_len
uint32_t cert_len
Definition: app-layer-ssl.h:167

util-logopenfile.h

threadvars.h

SSLCertsChain_::cert_data
uint8_t * cert_data
Definition: app-layer-ssl.h:166

FlowGetAppState
void * FlowGetAppState(const Flow *f)
Definition: flow.c:1065

util-lua-tls.h

app-layer.h

tm-threads.h

SSLCertsChain_
Definition: app-layer-ssl.h:165

Flow_
Flow data structure.
Definition: flow.h:325

util-lua-common.h

app-layer-parser.h

SSLState_::client_connp
SSLStateConnp client_connp
Definition: app-layer-ssl.h:248

ALPROTO_TLS
Definition: app-layer-protos.h:33

SSLStateConnp_::cert0_issuerdn
char * cert0_issuerdn
Definition: app-layer-ssl.h:196

SSLStateConnp_::cert0_serial
char * cert0_serial
Definition: app-layer-ssl.h:197

util-buffer.h

conf.h

detect.h