suricata checkin based on commit id a4bce14770beee46a537eda3c3f6e8e8565d5d0a

Change-Id: I9a214fa0ee95e58fc640e50bd604dac7f42db48f
author: Ashlee Young <ashlee@onosfw.com> 2015-09-09 22:21:41 -0700
committer: Ashlee Young <ashlee@onosfw.com> 2015-09-09 22:21:41 -0700
commit: 8879b125d26e8db1a5633de5a9c692eb2d1c4f83 (patch)
tree: c7259d85a991b83dfa85ab2e339360669fc1f58e /framework/src/suricata/src/util-lua-tls.c
parent: 13d05bc8458758ee39cb829098241e89616717ee (diff)
1 files changed, 145 insertions, 0 deletions
diff --git a/framework/src/suricata/src/util-lua-tls.c b/framework/src/suricata/src/util-lua-tls.c
new file mode 100644
index 00000000..8816d5d5
--- /dev/null
+++ b/framework/src/suricata/src/util-lua-tls.c
@@ -0,0 +1,145 @@
+/* Copyright (C) 2014 Open Information Security Foundation
+ *
+ * You can copy, redistribute or modify this Program under the terms of
+ * the GNU General Public License version 2 as published by the Free
+ * Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * version 2 along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ */
+
+
+/**
+ * \file
+ *
+ * \author Eric Leblond <eric@regit.org>
+ *
+ */
+
+#include "suricata-common.h"
+#include "debug.h"
+#include "detect.h"
+#include "pkt-var.h"
+#include "conf.h"
+
+#include "threads.h"
+#include "threadvars.h"
+#include "tm-threads.h"
+
+#include "util-print.h"
+#include "util-unittest.h"
+
+#include "util-debug.h"
+
+#include "output.h"
+#include "app-layer.h"
+#include "app-layer-parser.h"
+#include "app-layer-ssl.h"
+#include "util-privs.h"
+#include "util-buffer.h"
+#include "util-proto-name.h"
+#include "util-logopenfile.h"
+#include "util-time.h"
+
+#ifdef HAVE_LUA
+
+#include <lua.h>
+#include <lualib.h>
+#include <lauxlib.h>
+
+#include "util-lua.h"
+#include "util-lua-common.h"
+
+static int GetCertInfo(lua_State *luastate, const Flow *f, int direction)
+{
+    void *state = FlowGetAppState(f);
+    if (state == NULL)
+        return LuaCallbackError(luastate, "error: no app layer state");
+
+    SSLState *ssl_state = (SSLState *)state;
+    SSLStateConnp *connp = NULL;
+
+    if (direction) {
+        connp = &ssl_state->client_connp;
+    } else {
+        connp = &ssl_state->server_connp;
+    }
+
+    if (connp->cert0_subject == NULL)
+        return LuaCallbackError(luastate, "error: no cert");
+
+    /* tls.version */
+    char ssl_version[32] = "";
+    switch (ssl_state->server_connp.version) {
+        case TLS_VERSION_UNKNOWN:
+            snprintf(ssl_version, sizeof(ssl_version), "UNDETERMINED");
+            break;
+        case SSL_VERSION_2:
+            snprintf(ssl_version, sizeof(ssl_version), "SSLv2");
+            break;
+        case SSL_VERSION_3:
+            snprintf(ssl_version, sizeof(ssl_version), "SSLv3");
+            break;
+        case TLS_VERSION_10:
+            snprintf(ssl_version, sizeof(ssl_version), "TLSv1");
+            break;
+        case TLS_VERSION_11:
+            snprintf(ssl_version, sizeof(ssl_version), "TLS 1.1");
+            break;
+        case TLS_VERSION_12:
+            snprintf(ssl_version, sizeof(ssl_version), "TLS 1.2");
+            break;
+        default:
+            snprintf(ssl_version, sizeof(ssl_version), "0x%04x",
+                     ssl_state->server_connp.version);
+            break;
+    }
+
+    int r = LuaPushStringBuffer(luastate, (uint8_t *)ssl_version, strlen(ssl_version));
+    r += LuaPushStringBuffer(luastate, (uint8_t *)connp->cert0_subject, strlen(connp->cert0_subject));
+    r += LuaPushStringBuffer(luastate, (uint8_t *)connp->cert0_issuerdn, strlen(connp->cert0_issuerdn));
+    r += LuaPushStringBuffer(luastate, (uint8_t *)connp->cert0_fingerprint, strlen(connp->cert0_fingerprint));
+    return r;
+}
+
+static int TlsGetCertInfo(lua_State *luastate)
+{
+    int r;
+
+    if (!(LuaStateNeedProto(luastate, ALPROTO_TLS)))
+        return LuaCallbackError(luastate, "error: protocol not tls");
+
+    int direction = LuaStateGetDirection(luastate);
+
+    int lock_hint = 0;
+    Flow *f = LuaStateGetFlow(luastate, &lock_hint);
+    if (f == NULL)
+        return LuaCallbackError(luastate, "internal error: no flow");
+
+    if (lock_hint == LUA_FLOW_NOT_LOCKED_BY_PARENT) {
+        FLOWLOCK_RDLOCK(f);
+        r = GetCertInfo(luastate, f, direction);
+        FLOWLOCK_UNLOCK(f);
+    } else {
+        r = GetCertInfo(luastate, f, direction);
+    }
+    return r;
+}
+
+/** \brief register tls lua extensions in a luastate */
+int LuaRegisterTlsFunctions(lua_State *luastate)
+{
+    /* registration of the callbacks */
+    lua_pushcfunction(luastate, TlsGetCertInfo);
+    lua_setglobal(luastate, "TlsGetCertInfo");
+    return 0;
+}
+
+#endif /* HAVE_LUA */
author	Ashlee Young <ashlee@onosfw.com>	2015-09-09 22:21:41 -0700
committer	Ashlee Young <ashlee@onosfw.com>	2015-09-09 22:21:41 -0700
commit	8879b125d26e8db1a5633de5a9c692eb2d1c4f83 (patch)
tree	c7259d85a991b83dfa85ab2e339360669fc1f58e /framework/src/suricata/src/util-lua-tls.c
parent	13d05bc8458758ee39cb829098241e89616717ee (diff)