suricata
util-lua-tls.c
Go to the documentation of this file.
1 /* Copyright (C) 2014 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 
19 /**
20  * \file
21  *
22  * \author Eric Leblond <eric@regit.org>
23  *
24  */
25 
26 #include "suricata-common.h"
27 #include "debug.h"
28 #include "detect.h"
29 #include "pkt-var.h"
30 #include "conf.h"
31 
32 #include "threads.h"
33 #include "threadvars.h"
34 #include "tm-threads.h"
35 
36 #include "util-print.h"
37 #include "util-unittest.h"
38 
39 #include "util-debug.h"
40 
41 #include "output.h"
42 #include "app-layer.h"
43 #include "app-layer-parser.h"
44 #include "app-layer-ssl.h"
45 #include "util-privs.h"
46 #include "util-buffer.h"
47 #include "util-proto-name.h"
48 #include "util-logopenfile.h"
49 #include "util-time.h"
50 
51 #ifdef HAVE_LUA
52 
53 #include <lua.h>
54 #include <lualib.h>
55 #include <lauxlib.h>
56 
57 #include "util-lua.h"
58 #include "util-lua-common.h"
59 #include "util-lua-tls.h"
60 
61 static int GetCertNotBefore(lua_State *luastate, const Flow *f, int direction)
62 {
63  void *state = FlowGetAppState(f);
64  if (state == NULL)
65  return LuaCallbackError(luastate, "error: no app layer state");
66 
67  SSLState *ssl_state = (SSLState *)state;
68  SSLStateConnp *connp = NULL;
69 
70  if (direction) {
71  connp = &ssl_state->client_connp;
72  } else {
73  connp = &ssl_state->server_connp;
74  }
75 
76  if (connp->cert0_not_before == 0)
77  return LuaCallbackError(luastate, "error: no certificate NotBefore");
78 
79  int r = LuaPushInteger(luastate, connp->cert0_not_before);
80 
81  return r;
82 }
83 
84 static int TlsGetCertNotBefore(lua_State *luastate)
85 {
86  int r;
87 
88  if (!(LuaStateNeedProto(luastate, ALPROTO_TLS)))
89  return LuaCallbackError(luastate, "error: protocol not tls");
90 
91  int direction = LuaStateGetDirection(luastate);
92 
93  Flow *f = LuaStateGetFlow(luastate);
94  if (f == NULL)
95  return LuaCallbackError(luastate, "internal error: no flow");
96 
97  r = GetCertNotBefore(luastate, f, direction);
98 
99  return r;
100 }
101 
102 static int GetCertNotAfter(lua_State *luastate, const Flow *f, int direction)
103 {
104  void *state = FlowGetAppState(f);
105  if (state == NULL)
106  return LuaCallbackError(luastate, "error: no app layer state");
107 
108  SSLState *ssl_state = (SSLState *)state;
109  SSLStateConnp *connp = NULL;
110 
111  if (direction) {
112  connp = &ssl_state->client_connp;
113  } else {
114  connp = &ssl_state->server_connp;
115  }
116 
117  if (connp->cert0_not_after == 0)
118  return LuaCallbackError(luastate, "error: no certificate NotAfter");
119 
120  int r = LuaPushInteger(luastate, connp->cert0_not_after);
121 
122  return r;
123 }
124 
125 static int TlsGetCertNotAfter(lua_State *luastate)
126 {
127  int r;
128 
129  if (!(LuaStateNeedProto(luastate, ALPROTO_TLS)))
130  return LuaCallbackError(luastate, "error: protocol not tls");
131 
132  int direction = LuaStateGetDirection(luastate);
133 
134  Flow *f = LuaStateGetFlow(luastate);
135  if (f == NULL)
136  return LuaCallbackError(luastate, "internal error: no flow");
137 
138  r = GetCertNotAfter(luastate, f, direction);
139 
140  return r;
141 }
142 
143 static int GetCertInfo(lua_State *luastate, const Flow *f, int direction)
144 {
145  void *state = FlowGetAppState(f);
146  if (state == NULL)
147  return LuaCallbackError(luastate, "error: no app layer state");
148 
149  SSLState *ssl_state = (SSLState *)state;
150  SSLStateConnp *connp = NULL;
151 
152  if (direction) {
153  connp = &ssl_state->client_connp;
154  } else {
155  connp = &ssl_state->server_connp;
156  }
157 
158  if (connp->cert0_subject == NULL)
159  return LuaCallbackError(luastate, "error: no cert");
160 
161  /* tls.version */
162  char ssl_version[SSL_VERSION_MAX_STRLEN];
163  SSLVersionToString(ssl_state->server_connp.version, ssl_version);
164 
165  int r = LuaPushStringBuffer(luastate, (uint8_t *)ssl_version, strlen(ssl_version));
166  r += LuaPushStringBuffer(luastate, (uint8_t *)connp->cert0_subject, strlen(connp->cert0_subject));
167  r += LuaPushStringBuffer(luastate, (uint8_t *)connp->cert0_issuerdn, strlen(connp->cert0_issuerdn));
168  r += LuaPushStringBuffer(luastate, (uint8_t *)connp->cert0_fingerprint, strlen(connp->cert0_fingerprint));
169  return r;
170 }
171 
172 static int TlsGetCertInfo(lua_State *luastate)
173 {
174  int r;
175 
176  if (!(LuaStateNeedProto(luastate, ALPROTO_TLS)))
177  return LuaCallbackError(luastate, "error: protocol not tls");
178 
179  int direction = LuaStateGetDirection(luastate);
180 
181  Flow *f = LuaStateGetFlow(luastate);
182  if (f == NULL)
183  return LuaCallbackError(luastate, "internal error: no flow");
184 
185  r = GetCertInfo(luastate, f, direction);
186 
187  return r;
188 }
189 
190 static int GetAgreedVersion(lua_State *luastate, const Flow *f)
191 {
192  void *state = FlowGetAppState(f);
193  if (state == NULL)
194  return LuaCallbackError(luastate, "error: no app layer state");
195 
196  SSLState *ssl_state = (SSLState *)state;
197 
198  char ssl_version[SSL_VERSION_MAX_STRLEN];
199  SSLVersionToString(ssl_state->server_connp.version, ssl_version);
200 
201  return LuaPushStringBuffer(luastate, (uint8_t *)ssl_version,
202  strlen(ssl_version));
203 }
204 
205 static int TlsGetVersion(lua_State *luastate)
206 {
207  int r;
208 
209  if (!(LuaStateNeedProto(luastate, ALPROTO_TLS)))
210  return LuaCallbackError(luastate, "error: protocol not tls");
211 
212  Flow *f = LuaStateGetFlow(luastate);
213  if (f == NULL)
214  return LuaCallbackError(luastate, "internal error: no flow");
215 
216  r = GetAgreedVersion(luastate, f);
217 
218  return r;
219 }
220 
221 static int GetSNI(lua_State *luastate, const Flow *f)
222 {
223  void *state = FlowGetAppState(f);
224  if (state == NULL)
225  return LuaCallbackError(luastate, "error: no app layer state");
226 
227  SSLState *ssl_state = (SSLState *)state;
228 
229  if (ssl_state->client_connp.sni == NULL)
230  return LuaCallbackError(luastate, "error: no server name indication");
231 
232  return LuaPushStringBuffer(luastate, (uint8_t *)ssl_state->client_connp.sni,
233  strlen(ssl_state->client_connp.sni));
234 }
235 
236 static int TlsGetSNI(lua_State *luastate)
237 {
238  int r;
239 
240  if (!(LuaStateNeedProto(luastate, ALPROTO_TLS)))
241  return LuaCallbackError(luastate, "error: protocol not tls");
242 
243  Flow *f = LuaStateGetFlow(luastate);
244  if (f == NULL)
245  return LuaCallbackError(luastate, "internal error: no flow");
246 
247  r = GetSNI(luastate, f);
248 
249  return r;
250 }
251 
252 static int GetCertSerial(lua_State *luastate, const Flow *f)
253 {
254  void *state = FlowGetAppState(f);
255  if (state == NULL)
256  return LuaCallbackError(luastate, "error: no app layer state");
257 
258  SSLState *ssl_state = (SSLState *)state;
259 
260  if (ssl_state->server_connp.cert0_serial == NULL)
261  return LuaCallbackError(luastate, "error: no certificate serial");
262 
263  return LuaPushStringBuffer(luastate,
264  (uint8_t *)ssl_state->server_connp.cert0_serial,
265  strlen(ssl_state->server_connp.cert0_serial));
266 }
267 
268 static int TlsGetCertSerial(lua_State *luastate)
269 {
270  int r;
271 
272  if (!(LuaStateNeedProto(luastate, ALPROTO_TLS)))
273  return LuaCallbackError(luastate, "error: protocol not tls");
274 
275  Flow *f = LuaStateGetFlow(luastate);
276  if (f == NULL)
277  return LuaCallbackError(luastate, "internal error: no flow");
278 
279  r = GetCertSerial(luastate, f);
280 
281  return r;
282 }
283 
284 static int GetCertChain(lua_State *luastate, const Flow *f, int direction)
285 {
286  void *state = FlowGetAppState(f);
287  if (state == NULL)
288  return LuaCallbackError(luastate, "error: no app layer state");
289 
290  SSLState *ssl_state = (SSLState *)state;
291  SSLStateConnp *connp = NULL;
292 
293  if (direction) {
294  connp = &ssl_state->client_connp;
295  } else {
296  connp = &ssl_state->server_connp;
297  }
298 
299  uint32_t u = 0;
300  lua_newtable(luastate);
301  SSLCertsChain *cert = NULL;
302  TAILQ_FOREACH(cert, &connp->certs, next)
303  {
304  lua_pushinteger(luastate, u++);
305 
306  lua_newtable(luastate);
307 
308  lua_pushstring(luastate, "length");
309  lua_pushinteger(luastate, cert->cert_len);
310  lua_settable(luastate, -3);
311 
312  lua_pushstring(luastate, "data");
313  LuaPushStringBuffer(luastate, cert->cert_data, cert->cert_len);
314 
315  lua_settable(luastate, -3);
316  lua_settable(luastate, -3);
317  }
318 
319  return 1;
320 }
321 
322 static int TlsGetCertChain(lua_State *luastate)
323 {
324  int r;
325 
326  if (!(LuaStateNeedProto(luastate, ALPROTO_TLS)))
327  return LuaCallbackError(luastate, "error: protocol not tls");
328 
329  int direction = LuaStateGetDirection(luastate);
330 
331  Flow *f = LuaStateGetFlow(luastate);
332  if (f == NULL)
333  return LuaCallbackError(luastate, "internal error: no flow");
334 
335  r = GetCertChain(luastate, f, direction);
336 
337  return r;
338 }
339 
340 /** \brief register tls lua extensions in a luastate */
341 int LuaRegisterTlsFunctions(lua_State *luastate)
342 {
343  /* registration of the callbacks */
344  lua_pushcfunction(luastate, TlsGetCertNotBefore);
345  lua_setglobal(luastate, "TlsGetCertNotBefore");
346 
347  lua_pushcfunction(luastate, TlsGetCertNotAfter);
348  lua_setglobal(luastate, "TlsGetCertNotAfter");
349 
350  lua_pushcfunction(luastate, TlsGetVersion);
351  lua_setglobal(luastate, "TlsGetVersion");
352 
353  lua_pushcfunction(luastate, TlsGetCertInfo);
354  lua_setglobal(luastate, "TlsGetCertInfo");
355 
356  lua_pushcfunction(luastate, TlsGetSNI);
357  lua_setglobal(luastate, "TlsGetSNI");
358 
359  lua_pushcfunction(luastate, TlsGetCertSerial);
360  lua_setglobal(luastate, "TlsGetCertSerial");
361 
362  lua_pushcfunction(luastate, TlsGetCertChain);
363  lua_setglobal(luastate, "TlsGetCertChain");
364 
365  return 0;
366 }
367 
368 #endif /* HAVE_LUA */
char * cert0_subject
time_t cert0_not_before
#define TAILQ_FOREACH(var, head, field)
Definition: queue.h:350
struct HtpBodyChunk_ * next
uint16_t version
char * cert0_fingerprint
SSLStateConnp server_connp
time_t cert0_not_after
void SSLVersionToString(uint16_t version, char *buffer)
#define SSL_VERSION_MAX_STRLEN
SSLv[2.0|3.[0|1|2|3]] state structure.
uint32_t cert_len
uint8_t * cert_data
void * FlowGetAppState(const Flow *f)
Definition: flow.c:1068
Flow data structure.
Definition: flow.h:325
SSLStateConnp client_connp
char * cert0_issuerdn