]> git.ipfire.org Git - people/ms/suricata.git/blob - src/app-layer-ssl.h
projects / people / ms / suricata.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
app-layer-ssl: fix memleak
[people/ms/suricata.git] / src / app-layer-ssl.h
1 /* Copyright (C) 2007-2012 Open Information Security Foundation
2 *
3 * You can copy, redistribute or modify this Program under the terms of
4 * the GNU General Public License version 2 as published by the Free
5 * Software Foundation.
6 *
7 * This program is distributed in the hope that it will be useful,
8 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 * GNU General Public License for more details.
11 *
12 * You should have received a copy of the GNU General Public License
13 * version 2 along with this program; if not, write to the Free Software
14 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15 * 02110-1301, USA.
16 */
17
18 /**
19 * \file
20 *
21 * \author Anoop Saldanha <anoopsaldanha@gmail.com>
22 * \author Pierre Chifflier <pierre.chifflier@ssi.gouv.fr>
23 *
24 */
25
26 #ifndef __APP_LAYER_SSL_H__
27 #define __APP_LAYER_SSL_H__
28
29 #include "decode-events.h"
30 #include "queue.h"
31
32 enum {
33 /* TLS protocol messages */
34 TLS_DECODER_EVENT_INVALID_SSLV2_HEADER,
35 TLS_DECODER_EVENT_INVALID_TLS_HEADER,
36 TLS_DECODER_EVENT_INVALID_RECORD_VERSION,
37 TLS_DECODER_EVENT_INVALID_RECORD_TYPE,
38 TLS_DECODER_EVENT_INVALID_HANDSHAKE_MESSAGE,
39 TLS_DECODER_EVENT_HEARTBEAT,
40 TLS_DECODER_EVENT_INVALID_HEARTBEAT,
41 TLS_DECODER_EVENT_OVERFLOW_HEARTBEAT,
42 TLS_DECODER_EVENT_DATALEAK_HEARTBEAT_MISMATCH,
43 TLS_DECODER_EVENT_MULTIPLE_SNI_EXTENSIONS,
44 TLS_DECODER_EVENT_INVALID_SNI_TYPE,
45 TLS_DECODER_EVENT_INVALID_SNI_LENGTH,
46 /* Certificates decoding messages */
47 TLS_DECODER_EVENT_INVALID_CERTIFICATE,
48 TLS_DECODER_EVENT_CERTIFICATE_MISSING_ELEMENT,
49 TLS_DECODER_EVENT_CERTIFICATE_UNKNOWN_ELEMENT,
50 TLS_DECODER_EVENT_CERTIFICATE_INVALID_LENGTH,
51 TLS_DECODER_EVENT_CERTIFICATE_INVALID_STRING,
52 TLS_DECODER_EVENT_ERROR_MSG_ENCOUNTERED,
53 TLS_DECODER_EVENT_INVALID_SSL_RECORD,
54 };
55
56 /* Flag to indicate that server will now on send encrypted msgs */
57 #define SSL_AL_FLAG_SERVER_CHANGE_CIPHER_SPEC 0x0001
58 /* Flag to indicate that client will now on send encrypted msgs */
59 #define SSL_AL_FLAG_CLIENT_CHANGE_CIPHER_SPEC 0x0002
60 #define SSL_AL_FLAG_CHANGE_CIPHER_SPEC 0x0004
61
62 /* SSL related flags */
63 #define SSL_AL_FLAG_SSL_CLIENT_HS 0x0008
64 #define SSL_AL_FLAG_SSL_SERVER_HS 0x0010
65 #define SSL_AL_FLAG_SSL_CLIENT_MASTER_KEY 0x0020
66 #define SSL_AL_FLAG_SSL_CLIENT_SSN_ENCRYPTED 0x0040
67 #define SSL_AL_FLAG_SSL_SERVER_SSN_ENCRYPTED 0x0080
68 #define SSL_AL_FLAG_SSL_NO_SESSION_ID 0x0100
69
70 /* flags specific to detect-ssl-state keyword */
71 #define SSL_AL_FLAG_STATE_CLIENT_HELLO 0x0200
72 #define SSL_AL_FLAG_STATE_SERVER_HELLO 0x0400
73 #define SSL_AL_FLAG_STATE_CLIENT_KEYX 0x0800
74 #define SSL_AL_FLAG_STATE_SERVER_KEYX 0x1000
75 #define SSL_AL_FLAG_STATE_UNKNOWN 0x2000
76
77 #define SSL_AL_FLAG_STATE_LOGGED 0x4000
78
79 /* flags specific to HeartBeat state */
80 #define SSL_AL_FLAG_HB_INFLIGHT 0x8000
81 #define SSL_AL_FLAG_HB_CLIENT_INIT 0x10000
82 #define SSL_AL_FLAG_HB_SERVER_INIT 0x20000
83
84 /* flags for file storage */
85 #define SSL_AL_FLAG_STATE_STORED 0x40000
86
87 #define SSL_AL_FLAG_STATE_LOGGED_LUA 0x80000
88
89 /* config flags */
90 #define SSL_TLS_LOG_PEM (1 << 0)
91
92 /* extensions */
93 #define SSL_EXTENSION_SNI 0x0000
94
95 /* SNI types */
96 #define SSL_SNI_TYPE_HOST_NAME 0
97
98 /* SSL versions. We'll use a unified format for all, with the top byte
99 * holding the major version and the lower byte the minor version */
100 enum {
101 TLS_VERSION_UNKNOWN = 0x0000,
102 SSL_VERSION_2 = 0x0200,
103 SSL_VERSION_3 = 0x0300,
104 TLS_VERSION_10 = 0x0301,
105 TLS_VERSION_11 = 0x0302,
106 TLS_VERSION_12 = 0x0303,
107 };
108
109 typedef struct SSLCertsChain_ {
110 uint8_t *cert_data;
111 uint32_t cert_len;
112 TAILQ_ENTRY(SSLCertsChain_) next;
113 } SSLCertsChain;
114
115
116 typedef struct SSLStateConnp_ {
117 /* record length */
118 uint32_t record_length;
119 /* record length's length for SSLv2 */
120 uint32_t record_lengths_length;
121
122 /* offset of the beginning of the current message (including header) */
123 uint32_t message_start;
124 uint32_t message_length;
125
126 uint16_t version;
127 uint8_t content_type;
128
129 uint8_t handshake_type;
130 uint32_t handshake_length;
131
132 /* the no of bytes processed in the currently parsed record */
133 uint16_t bytes_processed;
134 /* the no of bytes processed in the currently parsed handshake */
135 uint16_t hs_bytes_processed;
136
137 /* sslv2 client hello session id length */
138 uint16_t session_id_length;
139
140 char *cert0_subject;
141 char *cert0_issuerdn;
142 char *cert0_fingerprint;
143
144 /* ssl server name indication extension */
145 char *sni;
146
147 uint8_t *cert_input;
148 uint32_t cert_input_len;
149
150 TAILQ_HEAD(, SSLCertsChain_) certs;
151
152 uint32_t cert_log_flag;
153
154 /* buffer for the tls record.
155 * We use a malloced buffer, if the record is fragmented */
156 uint8_t *trec;
157 uint32_t trec_len;
158 uint32_t trec_pos;
159 } SSLStateConnp;
160
161 /**
162 * \brief SSLv[2.0|3.[0|1|2|3]] state structure.
163 *
164 * Structure to store the SSL state values.
165 */
166 typedef struct SSLState_ {
167 Flow *f;
168
169 /* holds some state flags we need */
170 uint32_t flags;
171
172 SSLStateConnp *curr_connp;
173
174 SSLStateConnp client_connp;
175 SSLStateConnp server_connp;
176
177 /* there might be a better place to store this*/
178 uint16_t hb_record_len;
179 } SSLState;
180
181 void RegisterSSLParsers(void);
182 void SSLParserRegisterTests(void);
183
184 #endif /* __APP_LAYER_SSL_H__ */
Michael's tree of suricata