-/* Copyright (C) 2017 Open Information Security Foundation
+/* Copyright (C) 2017-2022 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
PrefilterGenericMpmRegister, GetData, ALPROTO_TLS,
TLS_STATE_CERT_READY);
+ DetectAppLayerInspectEngineRegister2("tls.cert_fingerprint", ALPROTO_TLS, SIG_FLAG_TOSERVER,
+ TLS_STATE_CERT_READY, DetectEngineInspectBufferGeneric, GetData);
+
+ DetectAppLayerMpmRegister2("tls.cert_fingerprint", SIG_FLAG_TOSERVER, 2,
+ PrefilterGenericMpmRegister, GetData, ALPROTO_TLS, TLS_STATE_CERT_READY);
+
DetectBufferTypeSetDescriptionByName("tls.cert_fingerprint",
"TLS certificate fingerprint");
InspectionBuffer *buffer = InspectionBufferGet(det_ctx, list_id);
if (buffer->inspect == NULL) {
const SSLState *ssl_state = (SSLState *)f->alstate;
+ const SSLStateConnp *connp;
+
+ if (flow_flags & STREAM_TOSERVER) {
+ connp = &ssl_state->client_connp;
+ } else {
+ connp = &ssl_state->server_connp;
+ }
- if (ssl_state->server_connp.cert0_fingerprint == NULL) {
+ if (connp->cert0_fingerprint == NULL) {
return NULL;
}
- const uint32_t data_len = strlen(ssl_state->server_connp.cert0_fingerprint);
- const uint8_t *data = (uint8_t *)ssl_state->server_connp.cert0_fingerprint;
+ const uint32_t data_len = strlen(connp->cert0_fingerprint);
+ const uint8_t *data = (uint8_t *)connp->cert0_fingerprint;
InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len);
InspectionBufferApplyTransforms(buffer, transforms);
-/* Copyright (C) 2007-2016 Open Information Security Foundation
+/* Copyright (C) 2007-2022 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
sigmatch_table[DETECT_AL_TLS_CERT_ISSUER].flags |= SIGMATCH_NOOPT;
sigmatch_table[DETECT_AL_TLS_CERT_ISSUER].flags |= SIGMATCH_INFO_STICKY_BUFFER;
+ DetectAppLayerInspectEngineRegister2("tls.cert_issuer", ALPROTO_TLS, SIG_FLAG_TOSERVER,
+ TLS_STATE_CERT_READY, DetectEngineInspectBufferGeneric, GetData);
+
+ DetectAppLayerMpmRegister2("tls.cert_issuer", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister,
+ GetData, ALPROTO_TLS, TLS_STATE_CERT_READY);
+
DetectAppLayerInspectEngineRegister2("tls.cert_issuer", ALPROTO_TLS,
SIG_FLAG_TOCLIENT, TLS_STATE_CERT_READY,
DetectEngineInspectBufferGeneric, GetData);
InspectionBuffer *buffer = InspectionBufferGet(det_ctx, list_id);
if (buffer->inspect == NULL) {
const SSLState *ssl_state = (SSLState *)f->alstate;
+ const SSLStateConnp *connp;
+ if (flow_flags & STREAM_TOSERVER) {
+ connp = &ssl_state->client_connp;
+ } else {
+ connp = &ssl_state->server_connp;
+ }
- if (ssl_state->server_connp.cert0_issuerdn == NULL) {
+ if (connp->cert0_issuerdn == NULL) {
return NULL;
}
- const uint32_t data_len = strlen(ssl_state->server_connp.cert0_issuerdn);
- const uint8_t *data = (uint8_t *)ssl_state->server_connp.cert0_issuerdn;
+ const uint32_t data_len = strlen(connp->cert0_issuerdn);
+ const uint8_t *data = (uint8_t *)connp->cert0_issuerdn;
InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len);
InspectionBufferApplyTransforms(buffer, transforms);
-/* Copyright (C) 2017 Open Information Security Foundation
+/* Copyright (C) 2017-2022 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
PrefilterGenericMpmRegister, GetData, ALPROTO_TLS,
TLS_STATE_CERT_READY);
+ DetectAppLayerInspectEngineRegister2("tls.cert_serial", ALPROTO_TLS, SIG_FLAG_TOSERVER,
+ TLS_STATE_CERT_READY, DetectEngineInspectBufferGeneric, GetData);
+
+ DetectAppLayerMpmRegister2("tls.cert_serial", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister,
+ GetData, ALPROTO_TLS, TLS_STATE_CERT_READY);
+
DetectBufferTypeSetDescriptionByName("tls.cert_serial",
"TLS certificate serial number");
InspectionBuffer *buffer = InspectionBufferGet(det_ctx, list_id);
if (buffer->inspect == NULL) {
const SSLState *ssl_state = (SSLState *)f->alstate;
+ const SSLStateConnp *connp;
+
+ if (flow_flags & STREAM_TOSERVER) {
+ connp = &ssl_state->client_connp;
+ } else {
+ connp = &ssl_state->server_connp;
+ }
- if (ssl_state->server_connp.cert0_serial == NULL) {
+ if (connp->cert0_serial == NULL) {
return NULL;
}
- const uint32_t data_len = strlen(ssl_state->server_connp.cert0_serial);
- const uint8_t *data = (uint8_t *)ssl_state->server_connp.cert0_serial;
+ const uint32_t data_len = strlen(connp->cert0_serial);
+ const uint8_t *data = (uint8_t *)connp->cert0_serial;
InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len);
InspectionBufferApplyTransforms(buffer, transforms);
-/* Copyright (C) 2007-2016 Open Information Security Foundation
+/* Copyright (C) 2007-2022 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
sigmatch_table[DETECT_AL_TLS_CERT_SUBJECT].flags |= SIGMATCH_NOOPT;
sigmatch_table[DETECT_AL_TLS_CERT_SUBJECT].flags |= SIGMATCH_INFO_STICKY_BUFFER;
- DetectAppLayerInspectEngineRegister2("tls.cert_subject", ALPROTO_TLS,
- SIG_FLAG_TOCLIENT, TLS_STATE_CERT_READY,
- DetectEngineInspectBufferGeneric, GetData);
+ DetectAppLayerInspectEngineRegister2("tls.cert_subject", ALPROTO_TLS, SIG_FLAG_TOSERVER,
+ TLS_STATE_CERT_READY, DetectEngineInspectBufferGeneric, GetData);
+
+ DetectAppLayerMpmRegister2("tls.cert_subject", SIG_FLAG_TOSERVER, 2,
+ PrefilterGenericMpmRegister, GetData, ALPROTO_TLS, TLS_STATE_CERT_READY);
+
+ DetectAppLayerInspectEngineRegister2("tls.cert_subject", ALPROTO_TLS, SIG_FLAG_TOCLIENT,
+ TLS_STATE_CERT_READY, DetectEngineInspectBufferGeneric, GetData);
DetectAppLayerMpmRegister2("tls.cert_subject", SIG_FLAG_TOCLIENT, 2,
PrefilterGenericMpmRegister, GetData, ALPROTO_TLS,
InspectionBuffer *buffer = InspectionBufferGet(det_ctx, list_id);
if (buffer->inspect == NULL) {
const SSLState *ssl_state = (SSLState *)f->alstate;
+ const SSLStateConnp *connp;
+
+ if (flow_flags & STREAM_TOSERVER) {
+ connp = &ssl_state->client_connp;
+ } else {
+ connp = &ssl_state->server_connp;
+ }
- if (ssl_state->server_connp.cert0_subject == NULL) {
+ if (connp->cert0_subject == NULL) {
return NULL;
}
- const uint32_t data_len = strlen(ssl_state->server_connp.cert0_subject);
- const uint8_t *data = (uint8_t *)ssl_state->server_connp.cert0_subject;
+ const uint32_t data_len = strlen(connp->cert0_subject);
+ const uint8_t *data = (uint8_t *)connp->cert0_subject;
InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len);
InspectionBufferApplyTransforms(buffer, transforms);
PrefilterMpmTlsCertsRegister, NULL, ALPROTO_TLS,
TLS_STATE_CERT_READY);
+ DetectAppLayerInspectEngineRegister2("tls.certs", ALPROTO_TLS, SIG_FLAG_TOSERVER,
+ TLS_STATE_CERT_READY, DetectEngineInspectTlsCerts, NULL);
+
+ DetectAppLayerMpmRegister2("tls.certs", SIG_FLAG_TOSERVER, 2, PrefilterMpmTlsCertsRegister,
+ NULL, ALPROTO_TLS, TLS_STATE_CERT_READY);
+
DetectBufferTypeSetDescriptionByName("tls.certs", "TLS certificate");
g_tls_certs_buffer_id = DetectBufferTypeGetByName("tls.certs");
return NULL;
const SSLState *ssl_state = (SSLState *)f->alstate;
+ const SSLStateConnp *connp;
+
+ if (f->flags & STREAM_TOSERVER) {
+ connp = &ssl_state->client_connp;
+ } else {
+ connp = &ssl_state->server_connp;
+ }
- if (TAILQ_EMPTY(&ssl_state->server_connp.certs)) {
+ if (TAILQ_EMPTY(&connp->certs)) {
return NULL;
}
if (cbdata->cert == NULL) {
- cbdata->cert = TAILQ_FIRST(&ssl_state->server_connp.certs);
+ cbdata->cert = TAILQ_FIRST(&connp->certs);
} else {
cbdata->cert = TAILQ_NEXT(cbdata->cert, next);
}
DetectAppLayerInspectEngineRegister2("tls_cert", ALPROTO_TLS, SIG_FLAG_TOCLIENT,
TLS_STATE_CERT_READY, DetectEngineInspectGenericList, NULL);
+
+ DetectAppLayerInspectEngineRegister2("tls_cert", ALPROTO_TLS, SIG_FLAG_TOSERVER,
+ TLS_STATE_CERT_READY, DetectEngineInspectGenericList, NULL);
}
/**
SCReturnInt(0);
}
- ssl_state->server_connp.cert_log_flag |= SSL_TLS_LOG_PEM;
+ SSLStateConnp *connp;
+
+ if (p->flow->flags & STREAM_TOSERVER) {
+ connp = &ssl_state->client_connp;
+ } else {
+ connp = &ssl_state->server_connp;
+ }
+
+ connp->cert_log_flag |= SSL_TLS_LOG_PEM;
SCReturnInt(1);
}
projects / thirdparty / suricata.git / commitdiff
