From: Philippe Antoine Date: Tue, 29 Oct 2024 13:27:59 +0000 (+0100) Subject: transforms: move hash transforms to rust X-Git-Tag: suricata-8.0.0-beta1~731 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0e5b49d20feb9a89e658697ac0980f594c4793f9;p=thirdparty%2Fsuricata.git transforms: move hash transforms to rust md5, sha1 and sha256 Ticket: 7229 --- diff --git a/rust/src/detect/transforms/hash.rs b/rust/src/detect/transforms/hash.rs new file mode 100644 index 0000000000..76922f678b --- /dev/null +++ b/rust/src/detect/transforms/hash.rs @@ -0,0 +1,239 @@ +/* Copyright (C) 2024 Open Information Security Foundation + * + * You can copy, redistribute or modify this Program under the terms of + * the GNU General Public License version 2 as published by the Free + * Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * version 2 along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA. + */ + +use super::{ + DetectHelperTransformRegister, DetectSignatureAddTransform, InspectionBufferCheckAndExpand, + InspectionBufferLength, InspectionBufferPtr, InspectionBufferTruncate, SCTransformTableElmt, +}; +use crate::detect::SIGMATCH_NOOPT; +use crate::ffi::hashing::{G_DISABLE_HASHING, SC_SHA1_LEN, SC_SHA256_LEN}; +use digest::{Digest, Update}; +use md5::Md5; +use sha1::Sha1; +use sha2::Sha256; + +use std::os::raw::{c_int, c_void}; +use std::ptr; + +static mut G_TRANSFORM_MD5_ID: c_int = 0; +static mut G_TRANSFORM_SHA1_ID: c_int = 0; +static mut G_TRANSFORM_SHA256_ID: c_int = 0; + +const SC_MD5_LEN: usize = 16; + +#[no_mangle] +unsafe extern "C" fn md5_setup( + _de: *mut c_void, s: *mut c_void, _raw: *const std::os::raw::c_char, +) -> c_int { + if unsafe { G_DISABLE_HASHING } { + SCLogError!("MD5 hashing has been disabled, needed for to_md5 keyword"); + return -1; + } + return DetectSignatureAddTransform(s, G_TRANSFORM_MD5_ID, ptr::null_mut()); +} + +fn md5_transform_do(input: &[u8], output: &mut [u8]) { + Md5::new().chain(input).finalize_into(output.into()); +} + +#[no_mangle] +unsafe extern "C" fn md5_transform(buffer: *mut c_void, _ctx: *mut c_void) { + let input = InspectionBufferPtr(buffer); + let input_len = InspectionBufferLength(buffer); + if input.is_null() || input_len == 0 { + return; + } + let input = build_slice!(input, input_len as usize); + + let output = InspectionBufferCheckAndExpand(buffer, SC_MD5_LEN as u32); + if output.is_null() { + // allocation failure + return; + } + let output = std::slice::from_raw_parts_mut(output, SC_MD5_LEN); + + md5_transform_do(input, output); + + InspectionBufferTruncate(buffer, SC_MD5_LEN as u32); +} + +#[no_mangle] +pub unsafe extern "C" fn DetectTransformMd5Register() { + let kw = SCTransformTableElmt { + name: b"to_md5\0".as_ptr() as *const libc::c_char, + desc: b"convert to md5 hash of the buffer\0".as_ptr() as *const libc::c_char, + url: b"/rules/transforms.html#to-md5\0".as_ptr() as *const libc::c_char, + Setup: md5_setup, + flags: SIGMATCH_NOOPT, + Transform: md5_transform, + Free: None, + TransformValidate: None, + }; + unsafe { + G_TRANSFORM_MD5_ID = DetectHelperTransformRegister(&kw); + if G_TRANSFORM_MD5_ID < 0 { + SCLogWarning!("Failed registering transform md5"); + } + } +} + +#[no_mangle] +unsafe extern "C" fn sha1_setup( + _de: *mut c_void, s: *mut c_void, _raw: *const std::os::raw::c_char, +) -> c_int { + if unsafe { G_DISABLE_HASHING } { + SCLogError!("SHA1 hashing has been disabled, needed for to_sha1 keyword"); + return -1; + } + return DetectSignatureAddTransform(s, G_TRANSFORM_SHA1_ID, ptr::null_mut()); +} + +fn sha1_transform_do(input: &[u8], output: &mut [u8]) { + Sha1::new().chain(input).finalize_into(output.into()); +} + +#[no_mangle] +unsafe extern "C" fn sha1_transform(buffer: *mut c_void, _ctx: *mut c_void) { + let input = InspectionBufferPtr(buffer); + let input_len = InspectionBufferLength(buffer); + if input.is_null() || input_len == 0 { + return; + } + let input = build_slice!(input, input_len as usize); + + let output = InspectionBufferCheckAndExpand(buffer, SC_SHA1_LEN as u32); + if output.is_null() { + // allocation failure + return; + } + let output = std::slice::from_raw_parts_mut(output, SC_SHA1_LEN); + + sha1_transform_do(input, output); + + InspectionBufferTruncate(buffer, SC_SHA1_LEN as u32); +} + +#[no_mangle] +pub unsafe extern "C" fn DetectTransformSha1Register() { + let kw = SCTransformTableElmt { + name: b"to_sha1\0".as_ptr() as *const libc::c_char, + desc: b"convert to sha1 hash of the buffer\0".as_ptr() as *const libc::c_char, + url: b"/rules/transforms.html#to-sha1\0".as_ptr() as *const libc::c_char, + Setup: sha1_setup, + flags: SIGMATCH_NOOPT, + Transform: sha1_transform, + Free: None, + TransformValidate: None, + }; + unsafe { + G_TRANSFORM_SHA1_ID = DetectHelperTransformRegister(&kw); + if G_TRANSFORM_SHA1_ID < 0 { + SCLogWarning!("Failed registering transform sha1"); + } + } +} + +#[no_mangle] +unsafe extern "C" fn sha256_setup( + _de: *mut c_void, s: *mut c_void, _raw: *const std::os::raw::c_char, +) -> c_int { + if unsafe { G_DISABLE_HASHING } { + SCLogError!("SHA256 hashing has been disabled, needed for to_sha256 keyword"); + return -1; + } + return DetectSignatureAddTransform(s, G_TRANSFORM_SHA256_ID, ptr::null_mut()); +} + +fn sha256_transform_do(input: &[u8], output: &mut [u8]) { + Sha256::new().chain(input).finalize_into(output.into()); +} + +#[no_mangle] +unsafe extern "C" fn sha256_transform(buffer: *mut c_void, _ctx: *mut c_void) { + let input = InspectionBufferPtr(buffer); + let input_len = InspectionBufferLength(buffer); + if input.is_null() || input_len == 0 { + return; + } + let input = build_slice!(input, input_len as usize); + + let output = InspectionBufferCheckAndExpand(buffer, SC_SHA256_LEN as u32); + if output.is_null() { + // allocation failure + return; + } + let output = std::slice::from_raw_parts_mut(output, SC_SHA256_LEN); + + sha256_transform_do(input, output); + + InspectionBufferTruncate(buffer, SC_SHA256_LEN as u32); +} + +#[no_mangle] +pub unsafe extern "C" fn DetectTransformSha256Register() { + let kw = SCTransformTableElmt { + name: b"to_sha256\0".as_ptr() as *const libc::c_char, + desc: b"convert to sha256 hash of the buffer\0".as_ptr() as *const libc::c_char, + url: b"/rules/transforms.html#to-sha256\0".as_ptr() as *const libc::c_char, + Setup: sha256_setup, + flags: SIGMATCH_NOOPT, + Transform: sha256_transform, + Free: None, + TransformValidate: None, + }; + unsafe { + G_TRANSFORM_SHA256_ID = DetectHelperTransformRegister(&kw); + if G_TRANSFORM_SHA256_ID < 0 { + SCLogWarning!("Failed registering transform sha256"); + } + } +} + +#[cfg(test)] +mod tests { + use super::*; + + #[test] + fn test_md5_transform() { + let buf = b" A B C D "; + let mut out = vec![0; SC_MD5_LEN]; + md5_transform_do(buf, &mut out); + assert_eq!( + out, + b"\xe0\x59\xf8\x30\x43\x69\x58\xb6\x45\x82\x8c\xc2\x33\xc2\x47\x13" + ); + } + + #[test] + fn test_sha1_transform() { + let buf = b" A B C D "; + let mut out = vec![0; SC_SHA1_LEN]; + sha1_transform_do(buf, &mut out); + assert_eq!( + out, + b"\xc8\xdc\x44\x97\xf7\xe0\x55\xf8\x6b\x88\x90\x52\x08\x2c\x0c\x7b\xdc\xc9\xc8\x89" + ); + } + + #[test] + fn test_sha256_transform() { + let buf = b" A B C D "; + let mut out = vec![0; SC_SHA256_LEN]; + sha256_transform_do(buf, &mut out); + assert_eq!(out, b"\xd6\xbf\x7d\x8d\x69\x53\x02\x4d\x0d\x84\x5c\x99\x9b\xae\x93\xcc\xac\x68\xea\xab\x9a\xc9\x77\xd0\xfd\x30\x6a\xf5\x9a\x3d\xe4\x3a"); + } +} diff --git a/rust/src/detect/transforms/mod.rs b/rust/src/detect/transforms/mod.rs index 120a8ff54e..56f5e01839 100644 --- a/rust/src/detect/transforms/mod.rs +++ b/rust/src/detect/transforms/mod.rs @@ -22,6 +22,7 @@ use std::os::raw::{c_char, c_int, c_void}; pub mod compress_whitespace; pub mod dotprefix; pub mod strip_whitespace; +pub mod hash; #[repr(C)] #[allow(non_snake_case)] diff --git a/rust/src/ffi/hashing.rs b/rust/src/ffi/hashing.rs index 59c7c9d3e9..0a62772c1c 100644 --- a/rust/src/ffi/hashing.rs +++ b/rust/src/ffi/hashing.rs @@ -205,6 +205,13 @@ unsafe fn finalize(digest: D, out: *mut u8, len: u32) { output.copy_from_slice(&result); } +pub static mut G_DISABLE_HASHING: bool = false; + +#[no_mangle] +pub unsafe extern "C" fn SCDisableHashing() { + G_DISABLE_HASHING = true; +} + #[cfg(test)] mod test { use super::*; diff --git a/src/Makefile.am b/src/Makefile.am index bb86a0cde1..66900005e9 100755 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -308,10 +308,7 @@ noinst_HEADERS = \ detect-transform-base64.h \ detect-transform-casechange.h \ detect-transform-header-lowercase.h \ - detect-transform-md5.h \ detect-transform-pcrexform.h \ - detect-transform-sha1.h \ - detect-transform-sha256.h \ detect-transform-strip-pseudo-headers.h \ detect-transform-urldecode.h \ detect-transform-xor.h \ @@ -874,10 +871,7 @@ libsuricata_c_a_SOURCES = \ detect-transform-base64.c \ detect-transform-casechange.c \ detect-transform-header-lowercase.c \ - detect-transform-md5.c \ detect-transform-pcrexform.c \ - detect-transform-sha1.c \ - detect-transform-sha256.c \ detect-transform-strip-pseudo-headers.c \ detect-transform-urldecode.c \ detect-transform-xor.c \ diff --git a/src/detect-engine-register.c b/src/detect-engine-register.c index e6ef73e7f8..fde0aac7ac 100644 --- a/src/detect-engine-register.c +++ b/src/detect-engine-register.c @@ -216,9 +216,6 @@ #include "detect-engine-content-inspection.h" #include "detect-transform-strip-pseudo-headers.h" -#include "detect-transform-md5.h" -#include "detect-transform-sha1.h" -#include "detect-transform-sha256.h" #include "detect-transform-pcrexform.h" #include "detect-transform-urldecode.h" #include "detect-transform-xor.h" diff --git a/src/detect-transform-md5.c b/src/detect-transform-md5.c deleted file mode 100644 index 9e6ee1986a..0000000000 --- a/src/detect-transform-md5.c +++ /dev/null @@ -1,115 +0,0 @@ -/* Copyright (C) 2007-2020 Open Information Security Foundation - * - * You can copy, redistribute or modify this Program under the terms of - * the GNU General Public License version 2 as published by the Free - * Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * version 2 along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA - * 02110-1301, USA. - */ - -/** - * \file - * - * \author Victor Julien - * - * Implements the to_md5 transformation keyword - */ - -#include "suricata-common.h" - -#include "detect.h" -#include "detect-engine.h" -#include "detect-engine-prefilter.h" -#include "detect-parse.h" -#include "detect-transform-md5.h" - -#include "util-unittest.h" -#include "util-print.h" -#include "rust.h" - -static int DetectTransformToMd5Setup (DetectEngineCtx *, Signature *, const char *); -#ifdef UNITTESTS -static void DetectTransformToMd5RegisterTests(void); -#endif -static void TransformToMd5(InspectionBuffer *buffer, void *options); - -void DetectTransformMd5Register(void) -{ - sigmatch_table[DETECT_TRANSFORM_MD5].name = "to_md5"; - sigmatch_table[DETECT_TRANSFORM_MD5].desc = - "convert to md5 hash of the buffer"; - sigmatch_table[DETECT_TRANSFORM_MD5].url = - "/rules/transforms.html#to-md5"; - sigmatch_table[DETECT_TRANSFORM_MD5].Setup = - DetectTransformToMd5Setup; - sigmatch_table[DETECT_TRANSFORM_MD5].Transform = - TransformToMd5; -#ifdef UNITTESTS - sigmatch_table[DETECT_TRANSFORM_MD5].RegisterTests = - DetectTransformToMd5RegisterTests; -#endif - sigmatch_table[DETECT_TRANSFORM_MD5].flags |= SIGMATCH_NOOPT; -} - -/** - * \internal - * \brief Apply the nocase keyword to the last pattern match, either content or uricontent - * \param det_ctx detection engine ctx - * \param s signature - * \param nullstr should be null - * \retval 0 ok - * \retval -1 failure - */ -static int DetectTransformToMd5Setup (DetectEngineCtx *de_ctx, Signature *s, const char *nullstr) -{ - SCEnter(); - if (g_disable_hashing) { - SCLogError("MD5 hashing has been disabled, " - "needed for to_md5 keyword"); - SCReturnInt(-1); - } - int r = DetectSignatureAddTransform(s, DETECT_TRANSFORM_MD5, NULL); - SCReturnInt(r); -} - -static void TransformToMd5(InspectionBuffer *buffer, void *options) -{ - const uint8_t *input = buffer->inspect; - const uint32_t input_len = buffer->inspect_len; - uint8_t output[SC_MD5_LEN]; - - //PrintRawDataFp(stdout, input, input_len); - SCMd5HashBuffer(input, input_len, output, sizeof(output)); - InspectionBufferCopy(buffer, output, sizeof(output)); -} - -#ifdef UNITTESTS -static int DetectTransformToMd5Test01(void) -{ - const uint8_t *input = (const uint8_t *)" A B C D "; - uint32_t input_len = strlen((char *)input); - - InspectionBuffer buffer; - InspectionBufferInit(&buffer, 8); - InspectionBufferSetup(NULL, -1, &buffer, input, input_len); - PrintRawDataFp(stdout, buffer.inspect, buffer.inspect_len); - TransformToMd5(&buffer, NULL); - PrintRawDataFp(stdout, buffer.inspect, buffer.inspect_len); - InspectionBufferFree(&buffer); - PASS; -} - -static void DetectTransformToMd5RegisterTests(void) -{ - UtRegisterTest("DetectTransformToMd5Test01", - DetectTransformToMd5Test01); -} -#endif diff --git a/src/detect-transform-md5.h b/src/detect-transform-md5.h deleted file mode 100644 index 284c66ac63..0000000000 --- a/src/detect-transform-md5.h +++ /dev/null @@ -1,30 +0,0 @@ -/* Copyright (C) 2017 Open Information Security Foundation - * - * You can copy, redistribute or modify this Program under the terms of - * the GNU General Public License version 2 as published by the Free - * Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * version 2 along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA - * 02110-1301, USA. - */ - -/** - * \file - * - * \author Victor Julien - */ - -#ifndef SURICATA_DETECT_TRANSFORM_MD5_H -#define SURICATA_DETECT_TRANSFORM_MD5_H - -/* prototypes */ -void DetectTransformMd5Register (void); - -#endif /* SURICATA_DETECT_TRANSFORM_MD5_H */ diff --git a/src/detect-transform-sha1.c b/src/detect-transform-sha1.c deleted file mode 100644 index 927b25e97a..0000000000 --- a/src/detect-transform-sha1.c +++ /dev/null @@ -1,116 +0,0 @@ -/* Copyright (C) 2007-2020 Open Information Security Foundation - * - * You can copy, redistribute or modify this Program under the terms of - * the GNU General Public License version 2 as published by the Free - * Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * version 2 along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA - * 02110-1301, USA. - */ - -/** - * \file - * - * \author Victor Julien - * - * Implements the sha1 transformation keyword - */ - -#include "suricata-common.h" - -#include "detect.h" -#include "detect-engine.h" -#include "detect-engine-prefilter.h" -#include "detect-parse.h" -#include "detect-transform-sha1.h" - -#include "util-unittest.h" -#include "util-print.h" - -#include "rust.h" - -static int DetectTransformToSha1Setup (DetectEngineCtx *, Signature *, const char *); -#ifdef UNITTESTS -static void DetectTransformToSha1RegisterTests(void); -#endif -static void TransformToSha1(InspectionBuffer *buffer, void *options); - -void DetectTransformSha1Register(void) -{ - sigmatch_table[DETECT_TRANSFORM_SHA1].name = "to_sha1"; - sigmatch_table[DETECT_TRANSFORM_SHA1].desc = - "convert to sha1 hash of the buffer"; - sigmatch_table[DETECT_TRANSFORM_SHA1].url = - "/rules/transforms.html#to-sha1"; - sigmatch_table[DETECT_TRANSFORM_SHA1].Setup = - DetectTransformToSha1Setup; - sigmatch_table[DETECT_TRANSFORM_SHA1].Transform = - TransformToSha1; -#ifdef UNITTESTS - sigmatch_table[DETECT_TRANSFORM_SHA1].RegisterTests = - DetectTransformToSha1RegisterTests; -#endif - sigmatch_table[DETECT_TRANSFORM_SHA1].flags |= SIGMATCH_NOOPT; -} - -/** - * \internal - * \brief Apply the nocase keyword to the last pattern match, either content or uricontent - * \param det_ctx detection engine ctx - * \param s signature - * \param nullstr should be null - * \retval 0 ok - * \retval -1 failure - */ -static int DetectTransformToSha1Setup (DetectEngineCtx *de_ctx, Signature *s, const char *nullstr) -{ - SCEnter(); - if (g_disable_hashing) { - SCLogError("SHA1 hashing has been disabled, " - "needed for to_sha1 keyword"); - SCReturnInt(-1); - } - int r = DetectSignatureAddTransform(s, DETECT_TRANSFORM_SHA1, NULL); - SCReturnInt(r); -} - -static void TransformToSha1(InspectionBuffer *buffer, void *options) -{ - const uint8_t *input = buffer->inspect; - const uint32_t input_len = buffer->inspect_len; - uint8_t output[SC_SHA1_LEN]; - - //PrintRawDataFp(stdout, input, input_len); - SCSha1HashBuffer(input, input_len, output, sizeof(output)); - InspectionBufferCopy(buffer, output, sizeof(output)); -} - -#ifdef UNITTESTS -static int DetectTransformToSha1Test01(void) -{ - const uint8_t *input = (const uint8_t *)" A B C D "; - uint32_t input_len = strlen((char *)input); - - InspectionBuffer buffer; - InspectionBufferInit(&buffer, 8); - InspectionBufferSetup(NULL, -1, &buffer, input, input_len); - PrintRawDataFp(stdout, buffer.inspect, buffer.inspect_len); - TransformToSha1(&buffer, NULL); - PrintRawDataFp(stdout, buffer.inspect, buffer.inspect_len); - InspectionBufferFree(&buffer); - PASS; -} - -static void DetectTransformToSha1RegisterTests(void) -{ - UtRegisterTest("DetectTransformToSha1Test01", - DetectTransformToSha1Test01); -} -#endif diff --git a/src/detect-transform-sha1.h b/src/detect-transform-sha1.h deleted file mode 100644 index c0b40bac21..0000000000 --- a/src/detect-transform-sha1.h +++ /dev/null @@ -1,30 +0,0 @@ -/* Copyright (C) 2017 Open Information Security Foundation - * - * You can copy, redistribute or modify this Program under the terms of - * the GNU General Public License version 2 as published by the Free - * Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * version 2 along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA - * 02110-1301, USA. - */ - -/** - * \file - * - * \author Victor Julien - */ - -#ifndef SURICATA_DETECT_TRANSFORM_SHA1_H -#define SURICATA_DETECT_TRANSFORM_SHA1_H - -/* prototypes */ -void DetectTransformSha1Register (void); - -#endif /* SURICATA_DETECT_TRANSFORM_SHA1_H */ diff --git a/src/detect-transform-sha256.c b/src/detect-transform-sha256.c deleted file mode 100644 index 3eeb582a83..0000000000 --- a/src/detect-transform-sha256.c +++ /dev/null @@ -1,116 +0,0 @@ -/* Copyright (C) 2007-2020 Open Information Security Foundation - * - * You can copy, redistribute or modify this Program under the terms of - * the GNU General Public License version 2 as published by the Free - * Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * version 2 along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA - * 02110-1301, USA. - */ - -/** - * \file - * - * \author Victor Julien - * - * Implements the nocase keyword - */ - -#include "suricata-common.h" - -#include "detect.h" -#include "detect-engine.h" -#include "detect-engine-prefilter.h" -#include "detect-parse.h" -#include "detect-transform-sha256.h" - -#include "util-unittest.h" -#include "util-print.h" - -#include "rust.h" - -static int DetectTransformToSha256Setup (DetectEngineCtx *, Signature *, const char *); -#ifdef UNITTESTS -static void DetectTransformToSha256RegisterTests(void); -#endif -static void TransformToSha256(InspectionBuffer *buffer, void *options); - -void DetectTransformSha256Register(void) -{ - sigmatch_table[DETECT_TRANSFORM_SHA256].name = "to_sha256"; - sigmatch_table[DETECT_TRANSFORM_SHA256].desc = - "convert to sha256 hash of the buffer"; - sigmatch_table[DETECT_TRANSFORM_SHA256].url = - "/rules/transforms.html#to-sha256"; - sigmatch_table[DETECT_TRANSFORM_SHA256].Setup = - DetectTransformToSha256Setup; - sigmatch_table[DETECT_TRANSFORM_SHA256].Transform = - TransformToSha256; -#ifdef UNITTESTS - sigmatch_table[DETECT_TRANSFORM_SHA256].RegisterTests = - DetectTransformToSha256RegisterTests; -#endif - sigmatch_table[DETECT_TRANSFORM_SHA256].flags |= SIGMATCH_NOOPT; -} - -/** - * \internal - * \brief Apply the nocase keyword to the last pattern match, either content or uricontent - * \param det_ctx detection engine ctx - * \param s signature - * \param nullstr should be null - * \retval 0 ok - * \retval -1 failure - */ -static int DetectTransformToSha256Setup (DetectEngineCtx *de_ctx, Signature *s, const char *nullstr) -{ - SCEnter(); - if (g_disable_hashing) { - SCLogError("SHA256 hashing has been disabled, " - "needed for to_sha256 keyword"); - SCReturnInt(-1); - } - int r = DetectSignatureAddTransform(s, DETECT_TRANSFORM_SHA256, NULL); - SCReturnInt(r); -} - -static void TransformToSha256(InspectionBuffer *buffer, void *options) -{ - const uint8_t *input = buffer->inspect; - const uint32_t input_len = buffer->inspect_len; - uint8_t output[SC_SHA256_LEN]; - - //PrintRawDataFp(stdout, input, input_len); - SCSha256HashBuffer(input, input_len, output, sizeof(output)); - InspectionBufferCopy(buffer, output, sizeof(output)); -} - -#ifdef UNITTESTS -static int DetectTransformToSha256Test01(void) -{ - const uint8_t *input = (const uint8_t *)" A B C D "; - uint32_t input_len = strlen((char *)input); - - InspectionBuffer buffer; - InspectionBufferInit(&buffer, 8); - InspectionBufferSetup(NULL, -1, &buffer, input, input_len); - PrintRawDataFp(stdout, buffer.inspect, buffer.inspect_len); - TransformToSha256(&buffer, NULL); - PrintRawDataFp(stdout, buffer.inspect, buffer.inspect_len); - InspectionBufferFree(&buffer); - PASS; -} - -static void DetectTransformToSha256RegisterTests(void) -{ - UtRegisterTest("DetectTransformToSha256Test01", - DetectTransformToSha256Test01); -} -#endif diff --git a/src/detect-transform-sha256.h b/src/detect-transform-sha256.h deleted file mode 100644 index 536b896bbb..0000000000 --- a/src/detect-transform-sha256.h +++ /dev/null @@ -1,30 +0,0 @@ -/* Copyright (C) 2017 Open Information Security Foundation - * - * You can copy, redistribute or modify this Program under the terms of - * the GNU General Public License version 2 as published by the Free - * Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * version 2 along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA - * 02110-1301, USA. - */ - -/** - * \file - * - * \author Victor Julien - */ - -#ifndef SURICATA_DETECT_TRANSFORM_SHA256_H -#define SURICATA_DETECT_TRANSFORM_SHA256_H - -/* prototypes */ -void DetectTransformSha256Register (void); - -#endif /* SURICATA_DETECT_TRANSFORM_SHA256_H */ diff --git a/src/suricata.c b/src/suricata.c index 49505f94ba..6bdd6edb90 100644 --- a/src/suricata.c +++ b/src/suricata.c @@ -1601,6 +1601,8 @@ TmEcode SCParseCommandLine(int argc, char **argv) g_detect_disabled = suri->disabled_detect = 1; } else if (strcmp((long_opts[option_index]).name, "disable-hashing") == 0) { g_disable_hashing = true; + // for rust + SCDisableHashing(); } else if (strcmp((long_opts[option_index]).name, "fatal-unittests") == 0) { #ifdef UNITTESTS unittests_fatal = 1;