diff options
author | 2015-09-09 22:21:41 -0700 | |
---|---|---|
committer | 2015-09-09 22:21:41 -0700 | |
commit | 8879b125d26e8db1a5633de5a9c692eb2d1c4f83 (patch) | |
tree | c7259d85a991b83dfa85ab2e339360669fc1f58e /framework/src/suricata/src/util-lua-tls.c | |
parent | 13d05bc8458758ee39cb829098241e89616717ee (diff) |
suricata checkin based on commit id a4bce14770beee46a537eda3c3f6e8e8565d5d0a
Change-Id: I9a214fa0ee95e58fc640e50bd604dac7f42db48f
Diffstat (limited to 'framework/src/suricata/src/util-lua-tls.c')
-rw-r--r-- | framework/src/suricata/src/util-lua-tls.c | 145 |
1 files changed, 145 insertions, 0 deletions
diff --git a/framework/src/suricata/src/util-lua-tls.c b/framework/src/suricata/src/util-lua-tls.c new file mode 100644 index 00000000..8816d5d5 --- /dev/null +++ b/framework/src/suricata/src/util-lua-tls.c @@ -0,0 +1,145 @@ +/* Copyright (C) 2014 Open Information Security Foundation + * + * You can copy, redistribute or modify this Program under the terms of + * the GNU General Public License version 2 as published by the Free + * Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * version 2 along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA. + */ + + +/** + * \file + * + * \author Eric Leblond <eric@regit.org> + * + */ + +#include "suricata-common.h" +#include "debug.h" +#include "detect.h" +#include "pkt-var.h" +#include "conf.h" + +#include "threads.h" +#include "threadvars.h" +#include "tm-threads.h" + +#include "util-print.h" +#include "util-unittest.h" + +#include "util-debug.h" + +#include "output.h" +#include "app-layer.h" +#include "app-layer-parser.h" +#include "app-layer-ssl.h" +#include "util-privs.h" +#include "util-buffer.h" +#include "util-proto-name.h" +#include "util-logopenfile.h" +#include "util-time.h" + +#ifdef HAVE_LUA + +#include <lua.h> +#include <lualib.h> +#include <lauxlib.h> + +#include "util-lua.h" +#include "util-lua-common.h" + +static int GetCertInfo(lua_State *luastate, const Flow *f, int direction) +{ + void *state = FlowGetAppState(f); + if (state == NULL) + return LuaCallbackError(luastate, "error: no app layer state"); + + SSLState *ssl_state = (SSLState *)state; + SSLStateConnp *connp = NULL; + + if (direction) { + connp = &ssl_state->client_connp; + } else { + connp = &ssl_state->server_connp; + } + + if (connp->cert0_subject == NULL) + return LuaCallbackError(luastate, "error: no cert"); + + /* tls.version */ + char ssl_version[32] = ""; + switch (ssl_state->server_connp.version) { + case TLS_VERSION_UNKNOWN: + snprintf(ssl_version, sizeof(ssl_version), "UNDETERMINED"); + break; + case SSL_VERSION_2: + snprintf(ssl_version, sizeof(ssl_version), "SSLv2"); + break; + case SSL_VERSION_3: + snprintf(ssl_version, sizeof(ssl_version), "SSLv3"); + break; + case TLS_VERSION_10: + snprintf(ssl_version, sizeof(ssl_version), "TLSv1"); + break; + case TLS_VERSION_11: + snprintf(ssl_version, sizeof(ssl_version), "TLS 1.1"); + break; + case TLS_VERSION_12: + snprintf(ssl_version, sizeof(ssl_version), "TLS 1.2"); + break; + default: + snprintf(ssl_version, sizeof(ssl_version), "0x%04x", + ssl_state->server_connp.version); + break; + } + + int r = LuaPushStringBuffer(luastate, (uint8_t *)ssl_version, strlen(ssl_version)); + r += LuaPushStringBuffer(luastate, (uint8_t *)connp->cert0_subject, strlen(connp->cert0_subject)); + r += LuaPushStringBuffer(luastate, (uint8_t *)connp->cert0_issuerdn, strlen(connp->cert0_issuerdn)); + r += LuaPushStringBuffer(luastate, (uint8_t *)connp->cert0_fingerprint, strlen(connp->cert0_fingerprint)); + return r; +} + +static int TlsGetCertInfo(lua_State *luastate) +{ + int r; + + if (!(LuaStateNeedProto(luastate, ALPROTO_TLS))) + return LuaCallbackError(luastate, "error: protocol not tls"); + + int direction = LuaStateGetDirection(luastate); + + int lock_hint = 0; + Flow *f = LuaStateGetFlow(luastate, &lock_hint); + if (f == NULL) + return LuaCallbackError(luastate, "internal error: no flow"); + + if (lock_hint == LUA_FLOW_NOT_LOCKED_BY_PARENT) { + FLOWLOCK_RDLOCK(f); + r = GetCertInfo(luastate, f, direction); + FLOWLOCK_UNLOCK(f); + } else { + r = GetCertInfo(luastate, f, direction); + } + return r; +} + +/** \brief register tls lua extensions in a luastate */ +int LuaRegisterTlsFunctions(lua_State *luastate) +{ + /* registration of the callbacks */ + lua_pushcfunction(luastate, TlsGetCertInfo); + lua_setglobal(luastate, "TlsGetCertInfo"); + return 0; +} + +#endif /* HAVE_LUA */ |