From: Victor Julien Date: Thu, 11 Aug 2022 13:25:11 +0000 (+0200) Subject: tls: remove incomplete tests X-Git-Tag: suricata-7.0.0-beta1~200 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=214e466b29b941e8805ac1531089607f9dae06b5;p=thirdparty%2Fsuricata.git tls: remove incomplete tests These tests are incompatible with the incomplete API usage and should have been pcap based tests in the first place. --- diff --git a/src/Makefile.am b/src/Makefile.am index e7a81d9733..e5a855486b 100755 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1255,11 +1255,6 @@ EXTRA_DIST = \ tests/detect-tls-cert-subject.c \ tests/detect-tls-cert-validity.c \ tests/detect-tls-certs.c \ - tests/detect-tls-ja3-hash.c \ - tests/detect-tls-ja3-string.c \ - tests/detect-tls-ja3s-hash.c \ - tests/detect-tls-ja3s-string.c \ - tests/detect-tls-sni.c \ tests/detect-tls-version.c \ tests/detect.c \ tests/stream-tcp.c diff --git a/src/app-layer-ssl.c b/src/app-layer-ssl.c index 8d98334f55..e09905ba18 100644 --- a/src/app-layer-ssl.c +++ b/src/app-layer-ssl.c @@ -2958,9 +2958,6 @@ void RegisterSSLParsers(void) "still on.", proto_name); } -#ifdef UNITTESTS - AppLayerParserRegisterProtocolUnittests(IPPROTO_TCP, ALPROTO_TLS, SSLParserRegisterTests); -#endif return; } @@ -2988,2355 +2985,3 @@ bool SSLJA3IsEnabled(void) } return false; } - -/***************************************Unittests******************************/ - -#ifdef UNITTESTS - -/** - *\test Send a get request in one chunk. - */ -static int SSLParserTest01(void) -{ - Flow f; - uint8_t tlsbuf[] = { 0x16, 0x03, 0x01 }; - uint32_t tlslen = sizeof(tlsbuf); - TcpSession ssn; - AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); - - memset(&f, 0, sizeof(f)); - memset(&ssn, 0, sizeof(ssn)); - - FLOW_INITIALIZE(&f); - f.protoctx = (void *)&ssn; - f.proto = IPPROTO_TCP; - f.alproto = ALPROTO_TLS; - - StreamTcpInitConfig(true); - - int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, - STREAM_TOSERVER | STREAM_EOF, tlsbuf, tlslen); - FAIL_IF(r != 0); - - SSLState *ssl_state = f.alstate; - FAIL_IF_NULL(ssl_state); - - FAIL_IF(ssl_state->client_connp.content_type != 0x16); - - FAIL_IF(ssl_state->client_connp.version != TLS_VERSION_10); - - AppLayerParserThreadCtxFree(alp_tctx); - StreamTcpFreeConfig(true); - FLOW_DESTROY(&f); - - PASS; -} - -/** \test Send a get request in two chunks. */ -static int SSLParserTest02(void) -{ - Flow f; - uint8_t tlsbuf1[] = { 0x16 }; - uint32_t tlslen1 = sizeof(tlsbuf1); - uint8_t tlsbuf2[] = { 0x03, 0x01 }; - uint32_t tlslen2 = sizeof(tlsbuf2); - TcpSession ssn; - AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); - - memset(&f, 0, sizeof(f)); - memset(&ssn, 0, sizeof(ssn)); - FLOW_INITIALIZE(&f); - f.protoctx = (void *)&ssn; - f.proto = IPPROTO_TCP; - f.alproto = ALPROTO_TLS; - - StreamTcpInitConfig(true); - - int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, - STREAM_TOSERVER, tlsbuf1, tlslen1); - FAIL_IF(r != 0); - - r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, - tlsbuf2, tlslen2); - FAIL_IF(r != 0); - - SSLState *ssl_state = f.alstate; - FAIL_IF_NULL(ssl_state); - - FAIL_IF(ssl_state->client_connp.content_type != 0x16); - - FAIL_IF(ssl_state->client_connp.version != TLS_VERSION_10); - - AppLayerParserThreadCtxFree(alp_tctx); - StreamTcpFreeConfig(true); - FLOW_DESTROY(&f); - - PASS; -} - -/** \test Send a get request in three chunks. */ -static int SSLParserTest03(void) -{ - Flow f; - uint8_t tlsbuf1[] = { 0x16 }; - uint32_t tlslen1 = sizeof(tlsbuf1); - uint8_t tlsbuf2[] = { 0x03 }; - uint32_t tlslen2 = sizeof(tlsbuf2); - uint8_t tlsbuf3[] = { 0x01 }; - uint32_t tlslen3 = sizeof(tlsbuf3); - TcpSession ssn; - AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); - - memset(&f, 0, sizeof(f)); - memset(&ssn, 0, sizeof(ssn)); - FLOW_INITIALIZE(&f); - f.protoctx = (void *)&ssn; - f.proto = IPPROTO_TCP; - f.alproto = ALPROTO_TLS; - - StreamTcpInitConfig(true); - - int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, - STREAM_TOSERVER, tlsbuf1, tlslen1); - FAIL_IF(r != 0); - - r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, - tlsbuf2, tlslen2); - FAIL_IF(r != 0); - - r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, - tlsbuf3, tlslen3); - FAIL_IF(r != 0); - - SSLState *ssl_state = f.alstate; - FAIL_IF_NULL(ssl_state); - - FAIL_IF(ssl_state->client_connp.content_type != 0x16); - - FAIL_IF(ssl_state->client_connp.version != TLS_VERSION_10); - - AppLayerParserThreadCtxFree(alp_tctx); - StreamTcpFreeConfig(true); - FLOW_DESTROY(&f); - - PASS; -} - -/** \test Send a get request in three chunks + more data. */ -static int SSLParserTest04(void) -{ - Flow f; - uint8_t tlsbuf1[] = { 0x16 }; - uint32_t tlslen1 = sizeof(tlsbuf1); - uint8_t tlsbuf2[] = { 0x03 }; - uint32_t tlslen2 = sizeof(tlsbuf2); - uint8_t tlsbuf3[] = { 0x01 }; - uint32_t tlslen3 = sizeof(tlsbuf3); - uint8_t tlsbuf4[] = { 0x01, 0x00, 0x00, 0xad, 0x03, 0x01 }; - uint32_t tlslen4 = sizeof(tlsbuf4); - TcpSession ssn; - AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); - - memset(&f, 0, sizeof(f)); - memset(&ssn, 0, sizeof(ssn)); - FLOW_INITIALIZE(&f); - f.protoctx = (void *)&ssn; - f.proto = IPPROTO_TCP; - f.alproto = ALPROTO_TLS; - - StreamTcpInitConfig(true); - - int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, - STREAM_TOSERVER, tlsbuf1, tlslen1); - FAIL_IF(r != 0); - - r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, - tlsbuf2, tlslen2); - FAIL_IF(r != 0); - - r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, - tlsbuf3, tlslen3); - FAIL_IF(r != 0); - - r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, - tlsbuf4, tlslen4); - FAIL_IF(r != 0); - - SSLState *ssl_state = f.alstate; - FAIL_IF_NULL(ssl_state); - - FAIL_IF(ssl_state->client_connp.content_type != 0x16); - - FAIL_IF(ssl_state->client_connp.version != TLS_VERSION_10); - - AppLayerParserThreadCtxFree(alp_tctx); - StreamTcpFreeConfig(true); - FLOW_DESTROY(&f); - - PASS; -} - -#if 0 -/** \test Test the setting up of no reassembly and no payload inspection flag - * after detection of the TLS handshake completion */ -static int SSLParserTest05(void) -{ - int result = 1; - Flow f; - uint8_t tlsbuf[] = { 0x16, 0x03, 0x01, 0x00, 0x01 }; - uint32_t tlslen = sizeof(tlsbuf); - TcpSession ssn; - AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); - - memset(&f, 0, sizeof(f)); - memset(&ssn, 0, sizeof(ssn)); - FLOW_INITIALIZE(&f); - f.protoctx = (void *)&ssn; - f.proto = IPPROTO_TCP; - f.alproto = ALPROTO_TLS; - - StreamTcpInitConfig(true); - - int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf, tlslen); - if (r != 0) { - printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); - result = 0; - goto end; - } - - r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOCLIENT, tlsbuf, tlslen); - if (r != 0) { - printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); - result = 0; - goto end; - } - - tlsbuf[0] = 0x14; - - r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf, tlslen); - if (r != 0) { - printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); - result = 0; - goto end; - } - - tlsbuf[0] = 0x14; - - r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOCLIENT, tlsbuf, tlslen); - if (r != 0) { - printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); - result = 0; - goto end; - } - - tlsbuf[0] = 0x17; - - r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf, tlslen); - if (r != 0) { - printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); - result = 0; - goto end; - } - - SSLState *ssl_state = f.alstate; - if (ssl_state == NULL) { - printf("no tls state: "); - result = 0; - goto end; - } - - if (ssl_state->client_connp.content_type != 0x17) { - printf("expected content_type %" PRIu8 ", got %" PRIu8 ": ", 0x17, - ssl_state->client_connp.content_type); - result = 0; - goto end; - } - - if (ssl_state->client_connp.version != TLS_VERSION_10) { - printf("expected version %04" PRIu16 ", got %04" PRIu16 ": ", - TLS_VERSION_10, ssl_state->client_connp.client_version); - result = 0; - goto end; - } - - AppLayerParserStateStore *parser_state_store = (AppLayerParserStateStore *) - ssn.alparser; - AppLayerParserState *parser_state = &parser_state_store->to_server; - - if (!(parser_state->flags & APP_LAYER_PARSER_NO_INSPECTION) && - !(ssn.client.flags & STREAMTCP_STREAM_FLAG_NOREASSEMBLY) && - !(ssn.server.flags & STREAMTCP_STREAM_FLAG_NOREASSEMBLY)) - { - printf("The flags should be set\n"); - result = 0; - goto end; - } - - if (!(f.flags & FLOW_NOPAYLOAD_INSPECTION)) { - printf("The flags should be set\n"); - result = 0; - goto end; - } - -end: - if (alp_tctx != NULL) - AppLayerParserThreadCtxFree(alp_tctx); - StreamTcpFreeConfig(true); - FLOW_DESTROY(&f); - return result; -} -#endif - -#if 0 -/** \test Test the setting up of no reassembly and no payload inspection flag - * after detection of the valid TLS handshake completion, the rouge - * 0x17 packet will not be considered in the detection process */ -static int SSLParserTest06(void) -{ - int result = 1; - Flow f; - uint8_t tlsbuf[] = { 0x16, 0x03, 0x01, 0x00, 0x01 }; - uint32_t tlslen = sizeof(tlsbuf); - TcpSession ssn; - AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); - - memset(&f, 0, sizeof(f)); - memset(&ssn, 0, sizeof(ssn)); - FLOW_INITIALIZE(&f); - f.protoctx = (void *)&ssn; - f.proto = IPPROTO_TCP; - f.alproto = ALPROTO_TLS; - - StreamTcpInitConfig(true); - - int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf, tlslen); - if (r != 0) { - printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); - result = 0; - goto end; - } - - r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOCLIENT, tlsbuf, tlslen); - if (r != 0) { - printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); - result = 0; - goto end; - } - - tlsbuf[0] = 0x14; - - r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf, tlslen); - if (r != 0) { - printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); - result = 0; - goto end; - } - - tlsbuf[0] = 0x17; - - r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf, tlslen); - if (r != 0) { - printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); - result = 0; - goto end; - } - - SSLState *ssl_state = f.alstate; - if (ssl_state == NULL) { - printf("no tls state: "); - result = 0; - goto end; - } - - if (ssl_state->client_connp.content_type != 0x17) { - printf("expected content_type %" PRIu8 ", got %" PRIu8 ": ", 0x17, - ssl_state->client_connp._content_type); - result = 0; - goto end; - } - - if (ssl_state->client_connp.version != TLS_VERSION_10) { - printf("expected version %04" PRIu16 ", got %04" PRIu16 ": ", - TLS_VERSION_10, ssl_state->client_connp.version); - result = 0; - goto end; - } - - AppLayerParserStateStore *parser_state_store = (AppLayerParserStateStore *) - ssn.alparser; - AppLayerParserState *parser_state = &parser_state_store->to_server; - - if ((parser_state->flags & APP_LAYER_PARSER_NO_INSPECTION) || - (ssn.client.flags & STREAMTCP_STREAM_FLAG_NOREASSEMBLY) || - (ssn.server.flags & STREAMTCP_STREAM_FLAG_NOREASSEMBLY)) { - printf("The flags should not be set\n"); - result = 0; - goto end; - } - - tlsbuf[0] = 0x14; - - r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOCLIENT, tlsbuf, tlslen); - if (r != 0) { - printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); - result = 0; - goto end; - } - - tlsbuf[0] = 0x17; - - r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf, tlslen); - if (r != 0) { - printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); - result = 0; - goto end; - } - - if (!(parser_state->flags & APP_LAYER_PARSER_NO_INSPECTION) && - !(ssn.client.flags & STREAMTCP_STREAM_FLAG_NOREASSEMBLY) && - !(ssn.server.flags & STREAMTCP_STREAM_FLAG_NOREASSEMBLY)) { - printf("The flags should be set\n"); - result = 0; - goto end; - } - - if (!(f.flags & FLOW_NOPAYLOAD_INSPECTION)) { - printf("The flags should be set\n"); - result = 0; - goto end; - } - -end: - if (alp_tctx != NULL) - AppLayerParserThreadCtxFree(alp_tctx); - StreamTcpFreeConfig(true); - FLOW_DESTROY(&f); - return result; -} -#endif - -/** \test multimsg test */ -static int SSLParserMultimsgTest01(void) -{ - Flow f; - /* 3 msgs */ - uint8_t tlsbuf1[] = { - 0x16, 0x03, 0x01, 0x00, 0x86, 0x10, 0x00, 0x00, - 0x82, 0x00, 0x80, 0xd3, 0x6f, 0x1f, 0x63, 0x82, - 0x8d, 0x75, 0x77, 0x8c, 0x91, 0xbc, 0xa1, 0x3d, - 0xbb, 0xe1, 0xb5, 0xd3, 0x31, 0x92, 0x59, 0x2b, - 0x2c, 0x43, 0x96, 0xa3, 0xaa, 0x23, 0x92, 0xd0, - 0x91, 0x2a, 0x5e, 0x10, 0x5b, 0xc8, 0xc1, 0xe2, - 0xd3, 0x5c, 0x8b, 0x8c, 0x91, 0x9e, 0xc2, 0xf2, - 0x9c, 0x3c, 0x4f, 0x37, 0x1e, 0x20, 0x5e, 0x33, - 0xd5, 0xf0, 0xd6, 0xaf, 0x89, 0xf5, 0xcc, 0xb2, - 0xcf, 0xc1, 0x60, 0x3a, 0x46, 0xd5, 0x4e, 0x2a, - 0xb6, 0x6a, 0xb9, 0xfc, 0x32, 0x8b, 0xe0, 0x6e, - 0xa0, 0xed, 0x25, 0xa0, 0xa4, 0x82, 0x81, 0x73, - 0x90, 0xbf, 0xb5, 0xde, 0xeb, 0x51, 0x8d, 0xde, - 0x5b, 0x6f, 0x94, 0xee, 0xba, 0xe5, 0x69, 0xfa, - 0x1a, 0x80, 0x30, 0x54, 0xeb, 0x12, 0x01, 0xb9, - 0xfe, 0xbf, 0x82, 0x95, 0x01, 0x7b, 0xb0, 0x97, - 0x14, 0xc2, 0x06, 0x3c, 0x69, 0xfb, 0x1c, 0x66, - 0x47, 0x17, 0xd9, 0x14, 0x03, 0x01, 0x00, 0x01, - 0x01, 0x16, 0x03, 0x01, 0x00, 0x30, 0xf6, 0xbc, - 0x0d, 0x6f, 0xe8, 0xbb, 0xaa, 0xbf, 0x14, 0xeb, - 0x7b, 0xcc, 0x6c, 0x28, 0xb0, 0xfc, 0xa6, 0x01, - 0x2a, 0x97, 0x96, 0x17, 0x5e, 0xe8, 0xb4, 0x4e, - 0x78, 0xc9, 0x04, 0x65, 0x53, 0xb6, 0x93, 0x3d, - 0xeb, 0x44, 0xee, 0x86, 0xf9, 0x80, 0x49, 0x45, - 0x21, 0x34, 0xd1, 0xee, 0xc8, 0x9c - }; - uint32_t tlslen1 = sizeof(tlsbuf1); - TcpSession ssn; - AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); - - memset(&f, 0, sizeof(f)); - memset(&ssn, 0, sizeof(ssn)); - FLOW_INITIALIZE(&f); - f.protoctx = (void *)&ssn; - f.proto = IPPROTO_TCP; - f.alproto = ALPROTO_TLS; - - StreamTcpInitConfig(true); - - int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, - STREAM_TOSERVER, tlsbuf1, tlslen1); - FAIL_IF(r != 0); - - SSLState *ssl_state = f.alstate; - FAIL_IF_NULL(ssl_state); - - FAIL_IF(ssl_state->client_connp.content_type != 0x16); - - FAIL_IF(ssl_state->client_connp.version != TLS_VERSION_10); - - AppLayerParserThreadCtxFree(alp_tctx); - StreamTcpFreeConfig(true); - FLOW_DESTROY(&f); - - PASS; -} - -/** \test multimsg test server */ -static int SSLParserMultimsgTest02(void) -{ - Flow f; - /* 3 msgs */ - uint8_t tlsbuf1[] = { - 0x16, 0x03, 0x01, 0x00, 0x86, 0x10, 0x00, 0x00, - 0x82, 0x00, 0x80, 0xd3, 0x6f, 0x1f, 0x63, 0x82, - 0x8d, 0x75, 0x77, 0x8c, 0x91, 0xbc, 0xa1, 0x3d, - 0xbb, 0xe1, 0xb5, 0xd3, 0x31, 0x92, 0x59, 0x2b, - 0x2c, 0x43, 0x96, 0xa3, 0xaa, 0x23, 0x92, 0xd0, - 0x91, 0x2a, 0x5e, 0x10, 0x5b, 0xc8, 0xc1, 0xe2, - 0xd3, 0x5c, 0x8b, 0x8c, 0x91, 0x9e, 0xc2, 0xf2, - 0x9c, 0x3c, 0x4f, 0x37, 0x1e, 0x20, 0x5e, 0x33, - 0xd5, 0xf0, 0xd6, 0xaf, 0x89, 0xf5, 0xcc, 0xb2, - 0xcf, 0xc1, 0x60, 0x3a, 0x46, 0xd5, 0x4e, 0x2a, - 0xb6, 0x6a, 0xb9, 0xfc, 0x32, 0x8b, 0xe0, 0x6e, - 0xa0, 0xed, 0x25, 0xa0, 0xa4, 0x82, 0x81, 0x73, - 0x90, 0xbf, 0xb5, 0xde, 0xeb, 0x51, 0x8d, 0xde, - 0x5b, 0x6f, 0x94, 0xee, 0xba, 0xe5, 0x69, 0xfa, - 0x1a, 0x80, 0x30, 0x54, 0xeb, 0x12, 0x01, 0xb9, - 0xfe, 0xbf, 0x82, 0x95, 0x01, 0x7b, 0xb0, 0x97, - 0x14, 0xc2, 0x06, 0x3c, 0x69, 0xfb, 0x1c, 0x66, - 0x47, 0x17, 0xd9, 0x14, 0x03, 0x01, 0x00, 0x01, - 0x01, 0x16, 0x03, 0x01, 0x00, 0x30, 0xf6, 0xbc, - 0x0d, 0x6f, 0xe8, 0xbb, 0xaa, 0xbf, 0x14, 0xeb, - 0x7b, 0xcc, 0x6c, 0x28, 0xb0, 0xfc, 0xa6, 0x01, - 0x2a, 0x97, 0x96, 0x17, 0x5e, 0xe8, 0xb4, 0x4e, - 0x78, 0xc9, 0x04, 0x65, 0x53, 0xb6, 0x93, 0x3d, - 0xeb, 0x44, 0xee, 0x86, 0xf9, 0x80, 0x49, 0x45, - 0x21, 0x34, 0xd1, 0xee, 0xc8, 0x9c - }; - uint32_t tlslen1 = sizeof(tlsbuf1); - TcpSession ssn; - AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); - - memset(&f, 0, sizeof(f)); - memset(&ssn, 0, sizeof(ssn)); - FLOW_INITIALIZE(&f); - f.protoctx = (void *)&ssn; - f.proto = IPPROTO_TCP; - f.alproto = ALPROTO_TLS; - - StreamTcpInitConfig(true); - - int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, - STREAM_TOCLIENT, tlsbuf1, tlslen1); - FAIL_IF(r != 0); - - SSLState *ssl_state = f.alstate; - FAIL_IF_NULL(ssl_state); - - FAIL_IF(ssl_state->server_connp.content_type != 0x16); - - FAIL_IF(ssl_state->server_connp.version != 0x0301); - - AppLayerParserThreadCtxFree(alp_tctx); - StreamTcpFreeConfig(true); - FLOW_DESTROY(&f); - - PASS; -} - -/** - * \test Test the detection of SSLv3 protocol from the given packet - */ -static int SSLParserTest07(void) -{ - Flow f; - uint8_t tlsbuf[] = { 0x16, 0x03, 0x00, 0x00, 0x4c, 0x01, - 0x00, 0x00, 0x48, 0x03, 0x00, 0x57, 0x04, 0x9f, - 0x8c, 0x66, 0x61, 0xf6, 0x3d, 0x4f, 0xbf, 0xbb, - 0xa7, 0x47, 0x21, 0x76, 0x6c, 0x21, 0x08, 0x9f, - 0xef, 0x3d, 0x0e, 0x5f, 0x65, 0x1a, 0xe1, 0x93, - 0xb8, 0xaf, 0xd2, 0x82, 0xbd, 0x00, 0x00, 0x06, - 0x00, 0x0a, 0x00, 0x16, 0x00, 0xff, 0x01, 0x00, - 0x00, 0x19, 0x00, 0x00, 0x00, 0x15, 0x00, 0x13, - 0x00, 0x00, 0x10, 0x61, 0x62, 0x63, 0x64, 0x65, - 0x66, 0x67, 0x68, 0x2e, 0x65, 0x66, 0x67, 0x68, - 0x2e, 0x6e, 0x6f }; - uint32_t tlslen = sizeof(tlsbuf); - TcpSession ssn; - AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); - - memset(&f, 0, sizeof(f)); - memset(&ssn, 0, sizeof(ssn)); - FLOW_INITIALIZE(&f); - f.protoctx = (void *)&ssn; - f.proto = IPPROTO_TCP; - f.alproto = ALPROTO_TLS; - - StreamTcpInitConfig(true); - - int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, - STREAM_TOSERVER, tlsbuf, tlslen); - FAIL_IF(r != 0); - - SSLState *ssl_state = f.alstate; - FAIL_IF_NULL(ssl_state); - - FAIL_IF(ssl_state->client_connp.content_type != 0x16); - - FAIL_IF(ssl_state->client_connp.version != SSL_VERSION_3); - - AppLayerParserThreadCtxFree(alp_tctx); - StreamTcpFreeConfig(true); - FLOW_DESTROY(&f); - - PASS; -} - -#if 0 -/** \test Test the setting up of no reassembly and no payload inspection flag - * after detection of the SSLv3 handshake completion */ -static int SSLParserTest08(void) -{ - int result = 1; - Flow f; - uint8_t tlsbuf[] = { 0x16, 0x03, 0x00, 0x00, 0x01 }; - uint32_t tlslen = sizeof(tlsbuf); - TcpSession ssn; - AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); - - memset(&f, 0, sizeof(f)); - memset(&ssn, 0, sizeof(ssn)); - FLOW_INITIALIZE(&f); - f.protoctx = (void *)&ssn; - f.proto = IPPROTO_TCP; - f.alproto = ALPROTO_TLS; - - StreamTcpInitConfig(true); - - int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf, tlslen); - if (r != 0) { - printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); - result = 0; - goto end; - } - - r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOCLIENT, tlsbuf, tlslen); - if (r != 0) { - printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); - result = 0; - goto end; - } - - tlsbuf[0] = 0x14; - - r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf, tlslen); - if (r != 0) { - printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); - result = 0; - goto end; - } - - tlsbuf[0] = 0x14; - - r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOCLIENT, tlsbuf, tlslen); - if (r != 0) { - printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); - result = 0; - goto end; - } - - tlsbuf[0] = 0x17; - - r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf, tlslen); - if (r != 0) { - printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); - result = 0; - goto end; - } - - SSLState *ssl_state = f.alstate; - if (ssl_state == NULL) { - printf("no tls state: "); - result = 0; - goto end; - } - - if (ssl_state->client_connp.content_type != 0x17) { - printf("expected content_type %" PRIu8 ", got %" PRIu8 ": ", 0x17, - ssl_state->client_connp.content_type); - result = 0; - goto end; - } - - if (ssl_state->client_connp.version != SSL_VERSION_3) { - printf("expected version %04" PRIu16 ", got %04" PRIu16 ": ", - SSL_VERSION_3, ssl_state->client_connp.version); - result = 0; - goto end; - } - - AppLayerParserStateStore *parser_state_store = (AppLayerParserStateStore *) - ssn.alparser; - AppLayerParserState *parser_state = &parser_state_store->to_server; - - if (!(parser_state->flags & APP_LAYER_PARSER_NO_INSPECTION) && - !(ssn.client.flags & STREAMTCP_STREAM_FLAG_NOREASSEMBLY) && - !(ssn.server.flags & STREAMTCP_STREAM_FLAG_NOREASSEMBLY)) { - printf("The flags should be set\n"); - result = 0; - goto end; - } - - if (!(f.flags & FLOW_NOPAYLOAD_INSPECTION)) { - printf("The flags should be set\n"); - result = 0; - goto end; - } - -end: - if (alp_tctx != NULL) - AppLayerParserThreadCtxFree(alp_tctx); - StreamTcpFreeConfig(true); - FLOW_DESTROY(&f); - return result; -} - -#endif - -/** - * \test Tests the parser for handling fragmented records. - */ -static int SSLParserTest09(void) -{ - Flow f; - uint8_t buf1[] = { - 0x16, - }; - uint32_t buf1_len = sizeof(buf1); - - uint8_t buf2[] = { - 0x03, 0x00, 0x00, 0x4c, 0x01, - 0x00, 0x00, 0x48, 0x03, 0x00, 0x57, 0x04, 0x9f, - 0x8c, 0x66, 0x61, 0xf6, 0x3d, 0x4f, 0xbf, 0xbb, - 0xa7, 0x47, 0x21, 0x76, 0x6c, 0x21, 0x08, 0x9f, - 0xef, 0x3d, 0x0e, 0x5f, 0x65, 0x1a, 0xe1, 0x93, - 0xb8, 0xaf, 0xd2, 0x82, 0xbd, 0x00, 0x00, 0x06, - 0x00, 0x0a, 0x00, 0x16, 0x00, 0xff, 0x01, 0x00, - 0x00, 0x19, 0x00, 0x00, 0x00, 0x15, 0x00, 0x13, - 0x00, 0x00, 0x10, 0x61, 0x62, 0x63, 0x64, 0x65, - 0x66, 0x67, 0x68, 0x2e, 0x65, 0x66, 0x67, 0x68, - 0x2e, 0x6e, 0x6f - }; - uint32_t buf2_len = sizeof(buf2); - TcpSession ssn; - AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); - - memset(&f, 0, sizeof(f)); - memset(&ssn, 0, sizeof(ssn)); - FLOW_INITIALIZE(&f); - f.protoctx = (void *)&ssn; - f.proto = IPPROTO_TCP; - f.alproto = ALPROTO_TLS; - - StreamTcpInitConfig(true); - - int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, - STREAM_TOSERVER, buf1, buf1_len); - FAIL_IF(r != 0); - - r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, - buf2, buf2_len); - FAIL_IF(r != 0); - - SSLState *ssl_state = f.alstate; - FAIL_IF_NULL(ssl_state); - - FAIL_IF(ssl_state->client_connp.content_type != 0x16); - - FAIL_IF(ssl_state->client_connp.version != SSL_VERSION_3); - - AppLayerParserThreadCtxFree(alp_tctx); - StreamTcpFreeConfig(true); - FLOW_DESTROY(&f); - - PASS; -} - -/** - * \test Tests the parser for handling fragmented records. - */ -static int SSLParserTest10(void) -{ - Flow f; - uint8_t buf1[] = { - 0x16, 0x03, - }; - uint32_t buf1_len = sizeof(buf1); - - uint8_t buf2[] = { - 0x00, 0x00, 0x4c, 0x01, - 0x00, 0x00, 0x48, 0x03, 0x00, 0x57, 0x04, 0x9f, - 0x8c, 0x66, 0x61, 0xf6, 0x3d, 0x4f, 0xbf, 0xbb, - 0xa7, 0x47, 0x21, 0x76, 0x6c, 0x21, 0x08, 0x9f, - 0xef, 0x3d, 0x0e, 0x5f, 0x65, 0x1a, 0xe1, 0x93, - 0xb8, 0xaf, 0xd2, 0x82, 0xbd, 0x00, 0x00, 0x06, - 0x00, 0x0a, 0x00, 0x16, 0x00, 0xff, 0x01, 0x00, - 0x00, 0x19, 0x00, 0x00, 0x00, 0x15, 0x00, 0x13, - 0x00, 0x00, 0x10, 0x61, 0x62, 0x63, 0x64, 0x65, - 0x66, 0x67, 0x68, 0x2e, 0x65, 0x66, 0x67, 0x68, - 0x2e, 0x6e, 0x6f - }; - uint32_t buf2_len = sizeof(buf2); - TcpSession ssn; - AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); - - memset(&f, 0, sizeof(f)); - memset(&ssn, 0, sizeof(ssn)); - FLOW_INITIALIZE(&f); - f.protoctx = (void *)&ssn; - f.proto = IPPROTO_TCP; - f.alproto = ALPROTO_TLS; - - StreamTcpInitConfig(true); - - int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, - STREAM_TOSERVER, buf1, buf1_len); - FAIL_IF(r != 0); - - r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, - buf2, buf2_len); - FAIL_IF(r != 0); - - SSLState *ssl_state = f.alstate; - FAIL_IF_NULL(ssl_state); - - FAIL_IF(ssl_state->client_connp.content_type != 0x16); - - FAIL_IF(ssl_state->client_connp.version != SSL_VERSION_3); - - AppLayerParserThreadCtxFree(alp_tctx); - StreamTcpFreeConfig(true); - FLOW_DESTROY(&f); - - PASS; -} - -/** - * \test Tests the parser for handling fragmented records. - */ -static int SSLParserTest11(void) -{ - Flow f; - uint8_t buf1[] = { - 0x16, 0x03, 0x00, 0x00, 0x4c, 0x01, - }; - uint32_t buf1_len = sizeof(buf1); - - uint8_t buf2[] = { - 0x00, 0x00, 0x48, 0x03, 0x00, 0x57, 0x04, 0x9f, - 0x8c, 0x66, 0x61, 0xf6, 0x3d, 0x4f, 0xbf, 0xbb, - 0xa7, 0x47, 0x21, 0x76, 0x6c, 0x21, 0x08, 0x9f, - 0xef, 0x3d, 0x0e, 0x5f, 0x65, 0x1a, 0xe1, 0x93, - 0xb8, 0xaf, 0xd2, 0x82, 0xbd, 0x00, 0x00, 0x06, - 0x00, 0x0a, 0x00, 0x16, 0x00, 0xff, 0x01, 0x00, - 0x00, 0x19, 0x00, 0x00, 0x00, 0x15, 0x00, 0x13, - 0x00, 0x00, 0x10, 0x61, 0x62, 0x63, 0x64, 0x65, - 0x66, 0x67, 0x68, 0x2e, 0x65, 0x66, 0x67, 0x68, - 0x2e, 0x6e, 0x6f - }; - uint32_t buf2_len = sizeof(buf2); - TcpSession ssn; - AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); - - memset(&f, 0, sizeof(f)); - memset(&ssn, 0, sizeof(ssn)); - FLOW_INITIALIZE(&f); - f.protoctx = (void *)&ssn; - f.proto = IPPROTO_TCP; - f.alproto = ALPROTO_TLS; - - StreamTcpInitConfig(true); - - int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, - STREAM_TOSERVER, buf1, buf1_len); - FAIL_IF(r != 0); - - r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, - buf2, buf2_len); - FAIL_IF(r != 0); - - SSLState *ssl_state = f.alstate; - FAIL_IF_NULL(ssl_state); - - FAIL_IF(ssl_state->client_connp.content_type != 0x16); - - FAIL_IF(ssl_state->client_connp.version != SSL_VERSION_3); - - AppLayerParserThreadCtxFree(alp_tctx); - StreamTcpFreeConfig(true); - FLOW_DESTROY(&f); - - PASS; -} - -/** - * \test Tests the parser for handling fragmented records. - */ -static int SSLParserTest12(void) -{ - Flow f; - uint8_t buf1[] = { - 0x16, 0x03, 0x00, 0x00, 0x4c, 0x01, - }; - uint32_t buf1_len = sizeof(buf1); - - uint8_t buf2[] = { - 0x00, 0x00, 0x48, - }; - uint32_t buf2_len = sizeof(buf2); - - uint8_t buf3[] = { - 0x03, 0x00, 0x57, 0x04, 0x9f, - 0x8c, 0x66, 0x61, 0xf6, 0x3d, 0x4f, 0xbf, 0xbb, - 0xa7, 0x47, 0x21, 0x76, 0x6c, 0x21, 0x08, 0x9f, - 0xef, 0x3d, 0x0e, 0x5f, 0x65, 0x1a, 0xe1, 0x93, - 0xb8, 0xaf, 0xd2, 0x82, 0xbd, 0x00, 0x00, 0x06, - 0x00, 0x0a, 0x00, 0x16, 0x00, 0xff, 0x01, 0x00, - 0x00, 0x19, 0x00, 0x00, 0x00, 0x15, 0x00, 0x13, - 0x00, 0x00, 0x10, 0x61, 0x62, 0x63, 0x64, 0x65, - 0x66, 0x67, 0x68, 0x2e, 0x65, 0x66, 0x67, 0x68, - 0x2e, 0x6e, 0x6f - }; - uint32_t buf3_len = sizeof(buf2); - TcpSession ssn; - AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); - - memset(&f, 0, sizeof(f)); - memset(&ssn, 0, sizeof(ssn)); - FLOW_INITIALIZE(&f); - f.protoctx = (void *)&ssn; - f.proto = IPPROTO_TCP; - f.alproto = ALPROTO_TLS; - - StreamTcpInitConfig(true); - - int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, - STREAM_TOSERVER, buf1, buf1_len); - FAIL_IF(r != 0); - - r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, - buf2, buf2_len); - FAIL_IF(r != 0); - - r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, - buf3, buf3_len); - FAIL_IF(r != 0); - - SSLState *ssl_state = f.alstate; - FAIL_IF_NULL(ssl_state); - - FAIL_IF(ssl_state->client_connp.content_type != 0x16); - - FAIL_IF(ssl_state->client_connp.version != SSL_VERSION_3); - - AppLayerParserThreadCtxFree(alp_tctx); - StreamTcpFreeConfig(true); - FLOW_DESTROY(&f); - - PASS; -} - -/** - * \test Tests the parser for handling fragmented records. - */ -static int SSLParserTest13(void) -{ - Flow f; - uint8_t buf1[] = { - 0x16, 0x03, 0x00, 0x00, 0x4c, 0x01, - }; - uint32_t buf1_len = sizeof(buf1); - - uint8_t buf2[] = { - 0x00, 0x00, 0x48, - }; - uint32_t buf2_len = sizeof(buf2); - - uint8_t buf3[] = { - 0x03, 0x00, 0x57, 0x04, 0x9f, - 0x8c, 0x66, 0x61, 0xf6, 0x3d, 0x4f, - }; - uint32_t buf3_len = sizeof(buf3); - - uint8_t buf4[] = { - 0xbf, 0xbb, - 0xa7, 0x47, 0x21, 0x76, 0x6c, 0x21, 0x08, 0x9f, - 0xef, 0x3d, 0x0e, 0x5f, 0x65, 0x1a, 0xe1, 0x93, - 0xb8, 0xaf, 0xd2, 0x82, 0xbd, 0x00, 0x00, 0x06, - 0x00, 0x0a, 0x00, 0x16, 0x00, 0xff, 0x01, 0x00, - 0x00, 0x19, 0x00, 0x00, 0x00, 0x15, 0x00, 0x13, - 0x00, 0x00, 0x10, 0x61, 0x62, 0x63, 0x64, 0x65, - 0x66, 0x67, 0x68, 0x2e, 0x65, 0x66, 0x67, 0x68, - 0x2e, 0x6e, 0x6f - }; - uint32_t buf4_len = sizeof(buf4); - TcpSession ssn; - AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); - - memset(&f, 0, sizeof(f)); - memset(&ssn, 0, sizeof(ssn)); - FLOW_INITIALIZE(&f); - f.protoctx = (void *)&ssn; - f.proto = IPPROTO_TCP; - f.alproto = ALPROTO_TLS; - - StreamTcpInitConfig(true); - - int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, - STREAM_TOSERVER, buf1, buf1_len); - FAIL_IF(r != 0); - - r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, - buf2, buf2_len); - FAIL_IF(r != 0); - - r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, - buf3, buf3_len); - FAIL_IF(r != 0); - - r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, - buf4, buf4_len); - FAIL_IF(r != 0); - - SSLState *ssl_state = f.alstate; - FAIL_IF_NULL(ssl_state); - - FAIL_IF(ssl_state->client_connp.content_type != 0x16); - - FAIL_IF(ssl_state->client_connp.version != SSL_VERSION_3); - - AppLayerParserThreadCtxFree(alp_tctx); - StreamTcpFreeConfig(true); - FLOW_DESTROY(&f); - - PASS; -} - -/** - * \test Tests the parser for handling fragmented records. - */ -static int SSLParserTest14(void) -{ - Flow f; - - uint8_t buf1[] = { - 0x16, 0x03, 0x00, 0x00, 0x00, - }; - uint32_t buf1_len = sizeof(buf1); - - uint8_t buf2[] = { - 0x16, 0x03, 0x00, 0x00, 0x00, - }; - uint32_t buf2_len = sizeof(buf2); - - TcpSession ssn; - AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); - - memset(&f, 0, sizeof(f)); - memset(&ssn, 0, sizeof(ssn)); - FLOW_INITIALIZE(&f); - f.protoctx = (void *)&ssn; - f.proto = IPPROTO_TCP; - f.alproto = ALPROTO_TLS; - - StreamTcpInitConfig(true); - - int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, - STREAM_TOSERVER, buf1, buf1_len); - FAIL_IF(r != 0); - - r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, - buf2, buf2_len); - FAIL_IF(r != 0); - - SSLState *ssl_state = f.alstate; - FAIL_IF_NULL(ssl_state); - - AppLayerParserThreadCtxFree(alp_tctx); - StreamTcpFreeConfig(true); - FLOW_DESTROY(&f); - - PASS; -} - -/** - * \test Tests the parser for handling fragmented records. - */ -static int SSLParserTest15(void) -{ - Flow f; - - uint8_t buf1[] = { - 0x16, 0x03, 0x00, 0x00, 0x01, 0x01, - }; - uint32_t buf1_len = sizeof(buf1); - - TcpSession ssn; - AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); - - memset(&f, 0, sizeof(f)); - memset(&ssn, 0, sizeof(ssn)); - FLOW_INITIALIZE(&f); - f.protoctx = (void *)&ssn; - f.proto = IPPROTO_TCP; - f.alproto = ALPROTO_TLS; - - StreamTcpInitConfig(true); - - int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, - STREAM_TOSERVER, buf1, buf1_len); - FAIL_IF(r == 0); - - AppLayerParserThreadCtxFree(alp_tctx); - StreamTcpFreeConfig(true); - FLOW_DESTROY(&f); - - PASS; -} - -/** - * \test Tests the parser for handling fragmented records. - */ -static int SSLParserTest16(void) -{ - Flow f; - - uint8_t buf1[] = { - 0x16, 0x03, 0x00, 0x00, 0x02, 0x01, 0x00 - }; - uint32_t buf1_len = sizeof(buf1); - - TcpSession ssn; - AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); - - memset(&f, 0, sizeof(f)); - memset(&ssn, 0, sizeof(ssn)); - FLOW_INITIALIZE(&f); - f.protoctx = (void *)&ssn; - f.proto = IPPROTO_TCP; - f.alproto = ALPROTO_TLS; - - StreamTcpInitConfig(true); - - int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, - STREAM_TOSERVER, buf1, buf1_len); - FAIL_IF(r == 0); - - AppLayerParserThreadCtxFree(alp_tctx); - StreamTcpFreeConfig(true); - FLOW_DESTROY(&f); - - PASS; -} - -/** - * \test Tests the parser for handling fragmented records. - */ -static int SSLParserTest17(void) -{ - Flow f; - - uint8_t buf1[] = { - 0x16, 0x03, 0x00, 0x00, 0x03, 0x01, 0x00, 0x00 - }; - uint32_t buf1_len = sizeof(buf1); - - TcpSession ssn; - AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); - - memset(&f, 0, sizeof(f)); - memset(&ssn, 0, sizeof(ssn)); - FLOW_INITIALIZE(&f); - f.protoctx = (void *)&ssn; - f.proto = IPPROTO_TCP; - f.alproto = ALPROTO_TLS; - - StreamTcpInitConfig(true); - - int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, - STREAM_TOSERVER, buf1, buf1_len); - FAIL_IF(r == 0); - - AppLayerParserThreadCtxFree(alp_tctx); - StreamTcpFreeConfig(true); - FLOW_DESTROY(&f); - - PASS; -} - -/** - * \test Tests the parser for handling fragmented records. - */ -static int SSLParserTest18(void) -{ - Flow f; - - uint8_t buf1[] = { - 0x16, 0x03, 0x00, 0x00, 0x04, 0x01, 0x00, 0x00, - 0x6b, - }; - uint32_t buf1_len = sizeof(buf1); - - uint8_t buf2[] = { - 0x16, 0x03, 0x00, 0x00, 0x00, - }; - uint32_t buf2_len = sizeof(buf2); - - TcpSession ssn; - AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); - - memset(&f, 0, sizeof(f)); - memset(&ssn, 0, sizeof(ssn)); - FLOW_INITIALIZE(&f); - f.protoctx = (void *)&ssn; - f.proto = IPPROTO_TCP; - f.alproto = ALPROTO_TLS; - - StreamTcpInitConfig(true); - - int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, - STREAM_TOSERVER, buf1, buf1_len); - FAIL_IF(r != 0); - - r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, - buf2, buf2_len); - FAIL_IF(r != 0); - - SSLState *ssl_state = f.alstate; - FAIL_IF_NULL(ssl_state); - - AppLayerParserThreadCtxFree(alp_tctx); - StreamTcpFreeConfig(true); - FLOW_DESTROY(&f); - - PASS; -} - -/** - * \test Tests the parser for handling fragmented records. - */ -static int SSLParserTest19(void) -{ - Flow f; - - uint8_t buf1[] = { - 0x16, 0x03, 0x00, 0x00, 0x04, 0x01, 0x00, 0x00, - 0x6b, 0x16, 0x03, 0x00, 0x00, 0x00, - }; - uint32_t buf1_len = sizeof(buf1); - - TcpSession ssn; - AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); - - memset(&f, 0, sizeof(f)); - memset(&ssn, 0, sizeof(ssn)); - FLOW_INITIALIZE(&f); - f.protoctx = (void *)&ssn; - f.proto = IPPROTO_TCP; - f.alproto = ALPROTO_TLS; - - StreamTcpInitConfig(true); - - int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, - STREAM_TOSERVER, buf1, buf1_len); - FAIL_IF(r != 0); - - SSLState *ssl_state = f.alstate; - FAIL_IF_NULL(ssl_state); - - AppLayerParserThreadCtxFree(alp_tctx); - StreamTcpFreeConfig(true); - FLOW_DESTROY(&f); - - PASS; -} - -/** - * \test Tests the parser for handling fragmented records. - */ -static int SSLParserTest20(void) -{ - Flow f; - - uint8_t buf1[] = { - 0x16, 0x03, 0x00, 0x00, 0x03, 0x01, 0x00, 0x00, - 0x16, 0x03, 0x00, 0x00, 0x00, - }; - uint32_t buf1_len = sizeof(buf1); - - TcpSession ssn; - AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); - - memset(&f, 0, sizeof(f)); - memset(&ssn, 0, sizeof(ssn)); - FLOW_INITIALIZE(&f); - f.protoctx = (void *)&ssn; - f.proto = IPPROTO_TCP; - f.alproto = ALPROTO_TLS; - - StreamTcpInitConfig(true); - - int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, - STREAM_TOSERVER, buf1, buf1_len); - FAIL_IF(r == 0); - - AppLayerParserThreadCtxFree(alp_tctx); - StreamTcpFreeConfig(true); - FLOW_DESTROY(&f); - - PASS; -} - -/** - * \test SSLv2 Record parsing. - */ -static int SSLParserTest21(void) -{ - Flow f; - uint8_t buf[] = { - 0x80, 0x31, 0x01, 0x00, 0x02, 0x00, 0x00, 0x00, - 0x01, - }; - uint32_t buf_len = sizeof(buf); - - TcpSession ssn; - AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); - - memset(&f, 0, sizeof(f)); - memset(&ssn, 0, sizeof(ssn)); - - FLOW_INITIALIZE(&f); - f.protoctx = (void *)&ssn; - f.proto = IPPROTO_TCP; - f.alproto = ALPROTO_TLS; - - StreamTcpInitConfig(true); - - int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, - STREAM_TOSERVER | STREAM_EOF, buf, buf_len); - FAIL_IF(r != 0); - - SSLState *app_state = f.alstate; - FAIL_IF_NULL(app_state); - - FAIL_IF(app_state->client_connp.content_type != SSLV2_MT_CLIENT_HELLO); - - FAIL_IF(app_state->client_connp.version != SSL_VERSION_2); - - AppLayerParserThreadCtxFree(alp_tctx); - StreamTcpFreeConfig(true); - FLOW_DESTROY(&f); - - PASS; -} - -/** - * \test SSLv2 Record parsing. - */ -static int SSLParserTest22(void) -{ - Flow f; - uint8_t buf[] = { - 0x80, 0x31, 0x04, 0x00, 0x01, 0x00, - 0x02, 0x00, 0x00, 0x00, 0x10, 0x07, 0x00, 0xc0, - 0x05, 0x00, 0x80, 0x03, 0x00, 0x80, 0x01, 0x00, - 0x80, 0x08, 0x00, 0x80, 0x06, 0x00, 0x40, 0x04, - 0x00, 0x80, 0x02, 0x00, 0x80, 0x76, 0x64, 0x75, - 0x2d, 0xa7, 0x98, 0xfe, 0xc9, 0x12, 0x92, 0xc1, - 0x2f, 0x34, 0x84, 0x20, 0xc5}; - uint32_t buf_len = sizeof(buf); - TcpSession ssn; - AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); - - //AppLayerDetectProtoThreadInit(); - - memset(&f, 0, sizeof(f)); - memset(&ssn, 0, sizeof(ssn)); - - FLOW_INITIALIZE(&f); - f.protoctx = (void *)&ssn; - f.proto = IPPROTO_TCP; - f.alproto = ALPROTO_TLS; - - StreamTcpInitConfig(true); - - int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, - STREAM_TOCLIENT | STREAM_EOF, buf, buf_len); - FAIL_IF(r != 0); - - SSLState *app_state = f.alstate; - FAIL_IF_NULL(app_state); - - FAIL_IF(app_state->server_connp.content_type != SSLV2_MT_SERVER_HELLO); - - FAIL_IF(app_state->server_connp.version != SSL_VERSION_2); - - AppLayerParserThreadCtxFree(alp_tctx); - StreamTcpFreeConfig(true); - FLOW_DESTROY(&f); - - PASS; -} - -/** - * \test SSLv2 Record parsing. - */ -static int SSLParserTest23(void) -{ - Flow f; - uint8_t chello_buf[] = { - 0x80, 0x67, 0x01, 0x03, 0x00, 0x00, 0x4e, 0x00, - 0x00, 0x00, 0x10, 0x01, 0x00, 0x80, 0x03, 0x00, - 0x80, 0x07, 0x00, 0xc0, 0x06, 0x00, 0x40, 0x02, - 0x00, 0x80, 0x04, 0x00, 0x80, 0x00, 0x00, 0x39, - 0x00, 0x00, 0x38, 0x00, 0x00, 0x35, 0x00, 0x00, - 0x33, 0x00, 0x00, 0x32, 0x00, 0x00, 0x04, 0x00, - 0x00, 0x05, 0x00, 0x00, 0x2f, 0x00, 0x00, 0x16, - 0x00, 0x00, 0x13, 0x00, 0xfe, 0xff, 0x00, 0x00, - 0x0a, 0x00, 0x00, 0x15, 0x00, 0x00, 0x12, 0x00, - 0xfe, 0xfe, 0x00, 0x00, 0x09, 0x00, 0x00, 0x64, - 0x00, 0x00, 0x62, 0x00, 0x00, 0x03, 0x00, 0x00, - 0x06, 0xa8, 0xb8, 0x93, 0xbb, 0x90, 0xe9, 0x2a, - 0xa2, 0x4d, 0x6d, 0xcc, 0x1c, 0xe7, 0x2a, 0x80, - 0x21 - }; - uint32_t chello_buf_len = sizeof(chello_buf); - - uint8_t shello_buf[] = { - 0x16, 0x03, 0x00, 0x00, 0x4a, 0x02, - 0x00, 0x00, 0x46, 0x03, 0x00, 0x44, 0x4c, 0x94, - 0x8f, 0xfe, 0x81, 0xed, 0x93, 0x65, 0x02, 0x88, - 0xa3, 0xf8, 0xeb, 0x63, 0x86, 0x0e, 0x2c, 0xf6, - 0x8d, 0xd0, 0x0f, 0x2c, 0x2a, 0xd6, 0x4f, 0xcd, - 0x2d, 0x3c, 0x16, 0xd7, 0xd6, 0x20, 0xa0, 0xfb, - 0x60, 0x86, 0x3d, 0x1e, 0x76, 0xf3, 0x30, 0xfe, - 0x0b, 0x01, 0xfd, 0x1a, 0x01, 0xed, 0x95, 0xf6, - 0x7b, 0x8e, 0xc0, 0xd4, 0x27, 0xbf, 0xf0, 0x6e, - 0xc7, 0x56, 0xb1, 0x47, 0xce, 0x98, 0x00, 0x35, - 0x00, 0x16, 0x03, 0x00, 0x03, 0x44, 0x0b, 0x00, - 0x03, 0x40, 0x00, 0x03, 0x3d, 0x00, 0x03, 0x3a, - 0x30, 0x82, 0x03, 0x36, 0x30, 0x82, 0x02, 0x9f, - 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x01, 0x01, - 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, - 0xf7, 0x0d, 0x01, 0x01, 0x04, 0x05, 0x00, 0x30, - 0x81, 0xa9, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, - 0x55, 0x04, 0x06, 0x13, 0x02, 0x58, 0x59, 0x31, - 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x08, - 0x13, 0x0c, 0x53, 0x6e, 0x61, 0x6b, 0x65, 0x20, - 0x44, 0x65, 0x73, 0x65, 0x72, 0x74, 0x31, 0x13, - 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, - 0x0a, 0x53, 0x6e, 0x61, 0x6b, 0x65, 0x20, 0x54, - 0x6f, 0x77, 0x6e, 0x31, 0x17, 0x30, 0x15, 0x06, - 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0e, 0x53, 0x6e, - 0x61, 0x6b, 0x65, 0x20, 0x4f, 0x69, 0x6c, 0x2c, - 0x20, 0x4c, 0x74, 0x64, 0x31, 0x1e, 0x30, 0x1c, - 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x15, 0x43, - 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, - 0x74, 0x65, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, - 0x72, 0x69, 0x74, 0x79, 0x31, 0x15, 0x30, 0x13, - 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0c, 0x53, - 0x6e, 0x61, 0x6b, 0x65, 0x20, 0x4f, 0x69, 0x6c, - 0x20, 0x43, 0x41, 0x31, 0x1e, 0x30, 0x1c, 0x06, - 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, - 0x09, 0x01, 0x16, 0x0f, 0x63, 0x61, 0x40, 0x73, - 0x6e, 0x61, 0x6b, 0x65, 0x6f, 0x69, 0x6c, 0x2e, - 0x64, 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x30, - 0x33, 0x30, 0x33, 0x30, 0x35, 0x31, 0x36, 0x34, - 0x37, 0x34, 0x35, 0x5a, 0x17, 0x0d, 0x30, 0x38, - 0x30, 0x33, 0x30, 0x33, 0x31, 0x36, 0x34, 0x37, - 0x34, 0x35, 0x5a, 0x30, 0x81, 0xa7, 0x31, 0x0b, - 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, - 0x02, 0x58, 0x59, 0x31, 0x15, 0x30, 0x13, 0x06, - 0x03, 0x55, 0x04, 0x08, 0x13, 0x0c, 0x53, 0x6e, - 0x61, 0x6b, 0x65, 0x20, 0x44, 0x65, 0x73, 0x65, - 0x72, 0x74, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, - 0x55, 0x04, 0x07, 0x13, 0x0a, 0x53, 0x6e, 0x61, - 0x6b, 0x65, 0x20, 0x54, 0x6f, 0x77, 0x6e, 0x31, - 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x0a, - 0x13, 0x0e, 0x53, 0x6e, 0x61, 0x6b, 0x65, 0x20, - 0x4f, 0x69, 0x6c, 0x2c, 0x20, 0x4c, 0x74, 0x64, - 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, - 0x0b, 0x13, 0x0e, 0x57, 0x65, 0x62, 0x73, 0x65, - 0x72, 0x76, 0x65, 0x72, 0x20, 0x54, 0x65, 0x61, - 0x6d, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, - 0x04, 0x03, 0x13, 0x10, 0x77, 0x77, 0x77, 0x2e, - 0x73, 0x6e, 0x61, 0x6b, 0x65, 0x6f, 0x69, 0x6c, - 0x2e, 0x64, 0x6f, 0x6d, 0x31, 0x1f, 0x30, 0x1d, - 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, - 0x01, 0x09, 0x01, 0x16, 0x10, 0x77, 0x77, 0x77, - 0x40, 0x73, 0x6e, 0x61, 0x6b, 0x65, 0x6f, 0x69, - 0x6c, 0x2e, 0x64, 0x6f, 0x6d, 0x30, 0x81, 0x9f, - 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, - 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, - 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, - 0x81, 0x00, 0xa4, 0x6e, 0x53, 0x14, 0x0a, 0xde, - 0x2c, 0xe3, 0x60, 0x55, 0x9a, 0xf2, 0x42, 0xa6, - 0xaf, 0x47, 0x12, 0x2f, 0x17, 0xce, 0xfa, 0xba, - 0xdc, 0x4e, 0x63, 0x56, 0x34, 0xb9, 0xba, 0x73, - 0x4b, 0x78, 0x44, 0x3d, 0xc6, 0x6c, 0x69, 0xa4, - 0x25, 0xb3, 0x61, 0x02, 0x9d, 0x09, 0x04, 0x3f, - 0x72, 0x3d, 0xd8, 0x27, 0xd3, 0xb0, 0x5a, 0x45, - 0x77, 0xb7, 0x36, 0xe4, 0x26, 0x23, 0xcc, 0x12, - 0xb8, 0xae, 0xde, 0xa7, 0xb6, 0x3a, 0x82, 0x3c, - 0x7c, 0x24, 0x59, 0x0a, 0xf8, 0x96, 0x43, 0x8b, - 0xa3, 0x29, 0x36, 0x3f, 0x91, 0x7f, 0x5d, 0xc7, - 0x23, 0x94, 0x29, 0x7f, 0x0a, 0xce, 0x0a, 0xbd, - 0x8d, 0x9b, 0x2f, 0x19, 0x17, 0xaa, 0xd5, 0x8e, - 0xec, 0x66, 0xa2, 0x37, 0xeb, 0x3f, 0x57, 0x53, - 0x3c, 0xf2, 0xaa, 0xbb, 0x79, 0x19, 0x4b, 0x90, - 0x7e, 0xa7, 0xa3, 0x99, 0xfe, 0x84, 0x4c, 0x89, - 0xf0, 0x3d, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, - 0x6e, 0x30, 0x6c, 0x30, 0x1b, 0x06, 0x03, 0x55, - 0x1d, 0x11, 0x04, 0x14, 0x30, 0x12, 0x81, 0x10, - 0x77, 0x77, 0x77, 0x40, 0x73, 0x6e, 0x61, 0x6b, - 0x65, 0x6f, 0x69, 0x6c, 0x2e, 0x64, 0x6f, 0x6d, - 0x30, 0x3a, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, - 0x86, 0xf8, 0x42, 0x01, 0x0d, 0x04, 0x2d, 0x16, - 0x2b, 0x6d, 0x6f, 0x64, 0x5f, 0x73, 0x73, 0x6c, - 0x20, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, - 0x65, 0x64, 0x20, 0x63, 0x75, 0x73, 0x74, 0x6f, - 0x6d, 0x20, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, - 0x20, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, - 0x63, 0x61, 0x74, 0x65, 0x30, 0x11, 0x06, 0x09, - 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42, 0x01, - 0x01, 0x04, 0x04, 0x03, 0x02, 0x06, 0x40, 0x30, - 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, - 0x0d, 0x01, 0x01, 0x04, 0x05, 0x00, 0x03, 0x81, - 0x81, 0x00, 0xae, 0x79, 0x79, 0x22, 0x90, 0x75, - 0xfd, 0xa6, 0xd5, 0xc4, 0xb8, 0xc4, 0x99, 0x4e, - 0x1c, 0x05, 0x7c, 0x91, 0x59, 0xbe, 0x89, 0x0d, - 0x3d, 0xc6, 0x8c, 0xa3, 0xcf, 0xf6, 0xba, 0x23, - 0xdf, 0xb8, 0xae, 0x44, 0x68, 0x8a, 0x8f, 0xb9, - 0x8b, 0xcb, 0x12, 0xda, 0xe6, 0xa2, 0xca, 0xa5, - 0xa6, 0x55, 0xd9, 0xd2, 0xa1, 0xad, 0xba, 0x9b, - 0x2c, 0x44, 0x95, 0x1d, 0x4a, 0x90, 0x59, 0x7f, - 0x83, 0xae, 0x81, 0x5e, 0x3f, 0x92, 0xe0, 0x14, - 0x41, 0x82, 0x4e, 0x7f, 0x53, 0xfd, 0x10, 0x23, - 0xeb, 0x8a, 0xeb, 0xe9, 0x92, 0xea, 0x61, 0xf2, - 0x8e, 0x19, 0xa1, 0xd3, 0x49, 0xc0, 0x84, 0x34, - 0x1e, 0x2e, 0x6e, 0xf6, 0x98, 0xe2, 0x87, 0x53, - 0xd6, 0x55, 0xd9, 0x1a, 0x8a, 0x92, 0x5c, 0xad, - 0xdc, 0x1e, 0x1c, 0x30, 0xa7, 0x65, 0x9d, 0xc2, - 0x4f, 0x60, 0xd2, 0x6f, 0xdb, 0xe0, 0x9f, 0x9e, - 0xbc, 0x41, 0x16, 0x03, 0x00, 0x00, 0x04, 0x0e, - 0x00, 0x00, 0x00 - }; - uint32_t shello_buf_len = sizeof(shello_buf); - - uint8_t client_change_cipher_spec_buf[] = { - 0x16, 0x03, 0x00, 0x00, 0x84, 0x10, 0x00, 0x00, - 0x80, 0x65, 0x51, 0x2d, 0xa6, 0xd4, 0xa7, 0x38, - 0xdf, 0xac, 0x79, 0x1f, 0x0b, 0xd9, 0xb2, 0x61, - 0x7d, 0x73, 0x88, 0x32, 0xd9, 0xf2, 0x62, 0x3a, - 0x8b, 0x11, 0x04, 0x75, 0xca, 0x42, 0xff, 0x4e, - 0xd9, 0xcc, 0xb9, 0xfa, 0x86, 0xf3, 0x16, 0x2f, - 0x09, 0x73, 0x51, 0x66, 0xaa, 0x29, 0xcd, 0x80, - 0x61, 0x0f, 0xe8, 0x13, 0xce, 0x5b, 0x8e, 0x0a, - 0x23, 0xf8, 0x91, 0x5e, 0x5f, 0x54, 0x70, 0x80, - 0x8e, 0x7b, 0x28, 0xef, 0xb6, 0x69, 0xb2, 0x59, - 0x85, 0x74, 0x98, 0xe2, 0x7e, 0xd8, 0xcc, 0x76, - 0x80, 0xe1, 0xb6, 0x45, 0x4d, 0xc7, 0xcd, 0x84, - 0xce, 0xb4, 0x52, 0x79, 0x74, 0xcd, 0xe6, 0xd7, - 0xd1, 0x9c, 0xad, 0xef, 0x63, 0x6c, 0x0f, 0xf7, - 0x05, 0xe4, 0x4d, 0x1a, 0xd3, 0xcb, 0x9c, 0xd2, - 0x51, 0xb5, 0x61, 0xcb, 0xff, 0x7c, 0xee, 0xc7, - 0xbc, 0x5e, 0x15, 0xa3, 0xf2, 0x52, 0x0f, 0xbb, - 0x32, 0x14, 0x03, 0x00, 0x00, 0x01, 0x01, 0x16, - 0x03, 0x00, 0x00, 0x40, 0xa9, 0xd8, 0xd7, 0x35, - 0xbc, 0x39, 0x56, 0x98, 0xad, 0x87, 0x61, 0x2a, - 0xc4, 0x8f, 0xcc, 0x03, 0xcb, 0x93, 0x80, 0x81, - 0xb0, 0x4a, 0xc4, 0xd2, 0x09, 0x71, 0x3e, 0x90, - 0x3c, 0x8d, 0xe0, 0x95, 0x44, 0xfe, 0x56, 0xd1, - 0x7e, 0x88, 0xe2, 0x48, 0xfd, 0x76, 0x70, 0x76, - 0xe2, 0xcd, 0x06, 0xd0, 0xf3, 0x9d, 0x13, 0x79, - 0x67, 0x1e, 0x37, 0xf6, 0x98, 0xbe, 0x59, 0x18, - 0x4c, 0xfc, 0x75, 0x56 - }; - uint32_t client_change_cipher_spec_buf_len = - sizeof(client_change_cipher_spec_buf); - - uint8_t server_change_cipher_spec_buf[] = { - 0x14, 0x03, 0x00, 0x00, 0x01, 0x01, 0x16, 0x03, - 0x00, 0x00, 0x40, 0xce, 0x7c, 0x92, 0x43, 0x59, - 0xcc, 0x3d, 0x90, 0x91, 0x9c, 0x58, 0xf0, 0x7a, - 0xce, 0xae, 0x0d, 0x08, 0xe0, 0x76, 0xb4, 0x86, - 0xb1, 0x15, 0x5b, 0x32, 0xb8, 0x77, 0x53, 0xe7, - 0xa6, 0xf9, 0xd0, 0x95, 0x5f, 0xaa, 0x07, 0xc3, - 0x96, 0x7c, 0xc9, 0x88, 0xc2, 0x7a, 0x20, 0x89, - 0x4f, 0xeb, 0xeb, 0xb6, 0x19, 0xef, 0xaa, 0x27, - 0x73, 0x9d, 0xa6, 0xb4, 0x9f, 0xeb, 0x34, 0xe2, - 0x4d, 0x9f, 0x6b - }; - uint32_t server_change_cipher_spec_buf_len = - sizeof(server_change_cipher_spec_buf); - - uint8_t toserver_app_data_buf[] = { - 0x17, 0x03, 0x00, 0x01, 0xb0, 0x4a, 0xc3, 0x3e, - 0x9d, 0x77, 0x78, 0x01, 0x2c, 0xb4, 0xbc, 0x4c, - 0x9a, 0x84, 0xd7, 0xb9, 0x90, 0x0c, 0x21, 0x10, - 0xf0, 0xfa, 0x00, 0x7c, 0x16, 0xbb, 0x77, 0xfb, - 0x72, 0x42, 0x4f, 0xad, 0x50, 0x4a, 0xd0, 0xaa, - 0x6f, 0xaa, 0x44, 0x6c, 0x62, 0x94, 0x1b, 0xc5, - 0xfe, 0xe9, 0x1c, 0x5e, 0xde, 0x85, 0x0b, 0x0e, - 0x05, 0xe4, 0x18, 0x6e, 0xd2, 0xd3, 0xb5, 0x20, - 0xab, 0x81, 0xfd, 0x18, 0x9a, 0x73, 0xb8, 0xd7, - 0xef, 0xc3, 0xdd, 0x74, 0xd7, 0x9c, 0x1e, 0x6f, - 0x21, 0x6d, 0xf8, 0x24, 0xca, 0x3c, 0x70, 0x78, - 0x36, 0x12, 0x7a, 0x8a, 0x9c, 0xac, 0x4e, 0x1c, - 0xa8, 0xfb, 0x27, 0x30, 0xba, 0x9a, 0xf4, 0x2f, - 0x0a, 0xab, 0x80, 0x6a, 0xa1, 0x60, 0x74, 0xf0, - 0xe3, 0x91, 0x84, 0xe7, 0x90, 0x88, 0xcc, 0xf0, - 0x95, 0x7b, 0x0a, 0x22, 0xf2, 0xf9, 0x27, 0xe0, - 0xdd, 0x38, 0x0c, 0xfd, 0xe9, 0x03, 0x71, 0xdc, - 0x70, 0xa4, 0x6e, 0xdf, 0xe3, 0x72, 0x9e, 0xa1, - 0xf0, 0xc9, 0x00, 0xd6, 0x03, 0x55, 0x6a, 0x67, - 0x5d, 0x9c, 0xb8, 0x75, 0x01, 0xb0, 0x01, 0x9f, - 0xe6, 0xd2, 0x44, 0x18, 0xbc, 0xca, 0x7a, 0x10, - 0x39, 0xa6, 0xcf, 0x15, 0xc7, 0xf5, 0x35, 0xd4, - 0xb3, 0x6d, 0x91, 0x23, 0x84, 0x99, 0xba, 0xb0, - 0x7e, 0xd0, 0xc9, 0x4c, 0xbf, 0x3f, 0x33, 0x68, - 0x37, 0xb7, 0x7d, 0x44, 0xb0, 0x0b, 0x2c, 0x0f, - 0xd0, 0x75, 0xa2, 0x6b, 0x5b, 0xe1, 0x9f, 0xd4, - 0x69, 0x9a, 0x14, 0xc8, 0x29, 0xb7, 0xd9, 0x10, - 0xbb, 0x99, 0x30, 0x9a, 0xfb, 0xcc, 0x13, 0x1f, - 0x76, 0x4e, 0xe6, 0xdf, 0x14, 0xaa, 0xd5, 0x60, - 0xbf, 0x91, 0x49, 0x0d, 0x64, 0x42, 0x29, 0xa8, - 0x64, 0x27, 0xd4, 0x5e, 0x1b, 0x18, 0x03, 0xa8, - 0x73, 0xd6, 0x05, 0x6e, 0xf7, 0x50, 0xb0, 0x09, - 0x6b, 0x69, 0x7a, 0x12, 0x28, 0x58, 0xef, 0x5a, - 0x86, 0x11, 0xde, 0x71, 0x71, 0x9f, 0xca, 0xbd, - 0x79, 0x2a, 0xc2, 0xe5, 0x9b, 0x5e, 0x32, 0xe7, - 0xcb, 0x97, 0x6e, 0xa0, 0xea, 0xa4, 0xa4, 0x6a, - 0x32, 0xf9, 0x37, 0x39, 0xd8, 0x37, 0x6d, 0x63, - 0xf3, 0x08, 0x1c, 0xdd, 0x06, 0xdd, 0x2c, 0x2b, - 0x9f, 0x04, 0x88, 0x5f, 0x36, 0x42, 0xc1, 0xb1, - 0xc7, 0xe8, 0x2d, 0x5d, 0xa4, 0x6c, 0xe5, 0x60, - 0x94, 0xae, 0xd0, 0x90, 0x1e, 0x88, 0xa0, 0x87, - 0x52, 0xfb, 0xed, 0x97, 0xa5, 0x25, 0x5a, 0xb7, - 0x55, 0xc5, 0x13, 0x07, 0x85, 0x27, 0x40, 0xed, - 0xb8, 0xa0, 0x26, 0x13, 0x44, 0x0c, 0xfc, 0xcc, - 0x5a, 0x09, 0xe5, 0x44, 0xb5, 0x63, 0xa1, 0x43, - 0x51, 0x23, 0x4f, 0x17, 0x21, 0x89, 0x2e, 0x58, - 0xfd, 0xf9, 0x63, 0x74, 0x04, 0x70, 0x1e, 0x7d, - 0xd0, 0x66, 0xba, 0x40, 0x5e, 0x45, 0xdc, 0x39, - 0x7c, 0x53, 0x0f, 0xa8, 0x38, 0xb2, 0x13, 0x99, - 0x27, 0xd9, 0x4a, 0x51, 0xe9, 0x9f, 0x2a, 0x92, - 0xbb, 0x9c, 0x90, 0xab, 0xfd, 0xf1, 0xb7, 0x40, - 0x05, 0xa9, 0x7a, 0x20, 0x63, 0x36, 0xc1, 0xef, - 0xb9, 0xad, 0xa2, 0xe0, 0x1d, 0x20, 0x4f, 0xb2, - 0x34, 0xbd, 0xea, 0x07, 0xac, 0x21, 0xce, 0xf6, - 0x8a, 0xa2, 0x9e, 0xcd, 0xfa - }; - uint32_t toserver_app_data_buf_len = sizeof(toserver_app_data_buf); - - TcpSession ssn; - AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); - - //AppLayerDetectProtoThreadInit(); - - memset(&f, 0, sizeof(f)); - memset(&ssn, 0, sizeof(ssn)); - - FLOW_INITIALIZE(&f); - f.protoctx = (void *)&ssn; - f.proto = IPPROTO_TCP; - f.alproto = ALPROTO_TLS; - - StreamTcpInitConfig(true); - - int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, - STREAM_TOSERVER | STREAM_START, chello_buf, - chello_buf_len); - FAIL_IF(r != 0); - - SSLState *app_state = f.alstate; - FAIL_IF_NULL(app_state); - - FAIL_IF(app_state->client_connp.content_type != SSLV2_MT_CLIENT_HELLO); - - FAIL_IF(app_state->client_connp.version != SSL_VERSION_2); - - FAIL_IF((app_state->flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) == 0); - FAIL_IF((app_state->flags & SSL_AL_FLAG_SSL_CLIENT_HS) == 0); - FAIL_IF((app_state->flags & SSL_AL_FLAG_SSL_NO_SESSION_ID) == 0); - - r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, STREAM_TOCLIENT, - shello_buf, shello_buf_len); - FAIL_IF(r != 0); - - FAIL_IF(app_state->server_connp.content_type != SSLV3_HANDSHAKE_PROTOCOL); - - FAIL_IF(app_state->server_connp.version != SSL_VERSION_3); - - FAIL_IF((app_state->flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) == 0); - FAIL_IF((app_state->flags & SSL_AL_FLAG_SSL_CLIENT_HS) == 0); - FAIL_IF((app_state->flags & SSL_AL_FLAG_SSL_NO_SESSION_ID) == 0); - FAIL_IF((app_state->flags & SSL_AL_FLAG_STATE_SERVER_HELLO) == 0); - - r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, - client_change_cipher_spec_buf, - client_change_cipher_spec_buf_len); - FAIL_IF(r != 0); - - /* with multiple records the client content type hold the type from the last - * record */ - FAIL_IF(app_state->client_connp.content_type != SSLV3_HANDSHAKE_PROTOCOL); - - FAIL_IF((app_state->flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) == 0); - FAIL_IF((app_state->flags & SSL_AL_FLAG_SSL_CLIENT_HS) == 0); - FAIL_IF((app_state->flags & SSL_AL_FLAG_SSL_NO_SESSION_ID) == 0); - FAIL_IF((app_state->flags & SSL_AL_FLAG_STATE_SERVER_HELLO) == 0); - FAIL_IF((app_state->flags & SSL_AL_FLAG_STATE_CLIENT_KEYX) == 0); - FAIL_IF((app_state->flags & SSL_AL_FLAG_CLIENT_CHANGE_CIPHER_SPEC) == 0); - FAIL_IF((app_state->flags & SSL_AL_FLAG_CHANGE_CIPHER_SPEC) == 0); - - r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, STREAM_TOCLIENT, - server_change_cipher_spec_buf, - server_change_cipher_spec_buf_len); - FAIL_IF(r != 0); - - /* with multiple records the serve content type hold the type from the last - * record */ - FAIL_IF(app_state->server_connp.content_type != SSLV3_HANDSHAKE_PROTOCOL); - - FAIL_IF(app_state->server_connp.version != SSL_VERSION_3); - - FAIL_IF((app_state->flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) == 0); - FAIL_IF((app_state->flags & SSL_AL_FLAG_SSL_CLIENT_HS) == 0); - FAIL_IF((app_state->flags & SSL_AL_FLAG_SSL_NO_SESSION_ID) == 0); - FAIL_IF((app_state->flags & SSL_AL_FLAG_STATE_SERVER_HELLO) == 0); - FAIL_IF((app_state->flags & SSL_AL_FLAG_STATE_CLIENT_KEYX) == 0); - FAIL_IF((app_state->flags & SSL_AL_FLAG_CLIENT_CHANGE_CIPHER_SPEC) == 0); - FAIL_IF((app_state->flags & SSL_AL_FLAG_SERVER_CHANGE_CIPHER_SPEC) == 0); - FAIL_IF((app_state->flags & SSL_AL_FLAG_CHANGE_CIPHER_SPEC) == 0); - - r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, - toserver_app_data_buf, toserver_app_data_buf_len); - FAIL_IF(r != 0); - - FAIL_IF(app_state->client_connp.content_type != SSLV3_APPLICATION_PROTOCOL); - - FAIL_IF((app_state->flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) == 0); - FAIL_IF((app_state->flags & SSL_AL_FLAG_SSL_CLIENT_HS) == 0); - FAIL_IF((app_state->flags & SSL_AL_FLAG_SSL_NO_SESSION_ID) == 0); - FAIL_IF((app_state->flags & SSL_AL_FLAG_STATE_SERVER_HELLO) == 0); - FAIL_IF((app_state->flags & SSL_AL_FLAG_STATE_CLIENT_KEYX) == 0); - FAIL_IF((app_state->flags & SSL_AL_FLAG_CLIENT_CHANGE_CIPHER_SPEC) == 0); - FAIL_IF((app_state->flags & SSL_AL_FLAG_SERVER_CHANGE_CIPHER_SPEC) == 0); - FAIL_IF((app_state->flags & SSL_AL_FLAG_CHANGE_CIPHER_SPEC) == 0); - - FAIL_IF_NOT(f.flags & FLOW_NOPAYLOAD_INSPECTION); - - if (alp_tctx != NULL) - AppLayerParserThreadCtxFree(alp_tctx); - StreamTcpFreeConfig(true); - FLOW_DESTROY(&f); - - PASS; -} - -/** - * \test Tests the parser for handling fragmented records. - */ -static int SSLParserTest24(void) -{ - Flow f; - uint8_t buf1[] = { - 0x16, 0x03, 0x00, 0x00, 0x6f, 0x01, 0x00, 0x00, - 0x6b, 0x03, - }; - uint32_t buf1_len = sizeof(buf1); - - uint8_t buf2[] = { - 0x00, 0x4b, 0x2f, 0xdc, - 0x4e, 0xe6, 0x95, 0xf1, 0xa0, 0xc7, 0xcf, 0x8e, - 0xf6, 0xeb, 0x22, 0x6d, 0xce, 0x9c, 0x44, 0xfb, - 0xc8, 0xa0, 0x44, 0x31, 0x15, 0x4c, 0xe9, 0x97, - 0xa7, 0xa1, 0xfe, 0xea, 0xcc, 0x20, 0x4b, 0x5d, - 0xfb, 0xa5, 0x63, 0x7a, 0x73, 0x95, 0xf7, 0xff, - 0x42, 0xac, 0x8f, 0x46, 0xed, 0xe4, 0xb1, 0x35, - 0x35, 0x78, 0x1a, 0x9d, 0xaf, 0x10, 0xc5, 0x52, - 0xf3, 0x7b, 0xfb, 0xb5, 0xe9, 0xa8, 0x00, 0x24, - 0x00, 0x88, 0x00, 0x87, 0x00, 0x39, 0x00, 0x38, - 0x00, 0x84, 0x00, 0x35, 0x00, 0x45, 0x00, 0x44, - 0x00, 0x33, 0x00, 0x32, 0x00, 0x96, 0x00, 0x41, - 0x00, 0x2f, 0x00, 0x16, 0x00, 0x13, 0xfe, 0xff, - 0x00, 0x0a, 0x00, 0x02, 0x01, 0x00 - }; - uint32_t buf2_len = sizeof(buf2); - TcpSession ssn; - AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); - - memset(&f, 0, sizeof(f)); - memset(&ssn, 0, sizeof(ssn)); - FLOW_INITIALIZE(&f); - f.protoctx = (void *)&ssn; - f.proto = IPPROTO_TCP; - f.alproto = ALPROTO_TLS; - - StreamTcpInitConfig(true); - - int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, - STREAM_TOSERVER, buf1, buf1_len); - FAIL_IF(r != 0); - - r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, - buf2, buf2_len); - FAIL_IF(r != 0); - - SSLState *ssl_state = f.alstate; - FAIL_IF_NULL(ssl_state); - - FAIL_IF(ssl_state->client_connp.content_type != 0x16); - - FAIL_IF(ssl_state->client_connp.version != SSL_VERSION_3); - - AppLayerParserThreadCtxFree(alp_tctx); - StreamTcpFreeConfig(true); - FLOW_DESTROY(&f); - - PASS; -} - -/** - * \test Test for bug #955 and CVE-2013-5919. The data is from the - * pcap that was used to report this issue. - */ -static int SSLParserTest25(void) -{ - Flow f; - uint8_t client_hello[] = { - 0x16, 0x03, 0x01, 0x00, 0xd3, 0x01, 0x00, 0x00, - 0xcf, 0x03, 0x01, 0x51, 0x60, 0xc2, 0x15, 0x36, - 0x73, 0xf5, 0xb8, 0x58, 0x55, 0x3b, 0x68, 0x12, - 0x7d, 0xe3, 0x28, 0xa3, 0xe1, 0x02, 0x79, 0x2d, - 0x12, 0xe1, 0xf4, 0x24, 0x12, 0xa2, 0x9e, 0xf1, - 0x08, 0x49, 0x68, 0x20, 0x0e, 0x96, 0x46, 0x3d, - 0x84, 0x5a, 0xc6, 0x55, 0xeb, 0x3b, 0x53, 0x77, - 0xf4, 0x8e, 0xf4, 0xd2, 0x8b, 0xec, 0xd6, 0x99, - 0x63, 0x64, 0x62, 0xf8, 0x3f, 0x3b, 0xd5, 0x35, - 0x45, 0x1b, 0x16, 0xac, 0x00, 0x46, 0x00, 0x04, - 0x00, 0x05, 0x00, 0x2f, 0x00, 0x35, 0xc0, 0x02, - 0xc0, 0x04, 0xc0, 0x05, 0xc0, 0x0c, 0xc0, 0x0e, - 0xc0, 0x0f, 0xc0, 0x07, 0xc0, 0x09, 0xc0, 0x0a, - 0xc0, 0x11, 0xc0, 0x13, 0xc0, 0x14, 0x00, 0x33, - 0x00, 0x39, 0x00, 0x32, 0x00, 0x38, 0x00, 0x0a, - 0xc0, 0x03, 0xc0, 0x0d, 0xc0, 0x08, 0xc0, 0x12, - 0x00, 0x16, 0x00, 0x13, 0x00, 0x09, 0x00, 0x15, - 0x00, 0x12, 0x00, 0x03, 0x00, 0x08, 0x00, 0x14, - 0x00, 0x11, 0x00, 0xff, 0x01, 0x00, 0x00, 0x40, - 0x00, 0x0b, 0x00, 0x04, 0x03, 0x00, 0x01, 0x02, - 0x00, 0x0a, 0x00, 0x34, 0x00, 0x32, 0x00, 0x0e, - 0x00, 0x0d, 0x00, 0x19, 0x00, 0x0b, 0x00, 0x0c, - 0x00, 0x18, 0x00, 0x09, 0x00, 0x0a, 0x00, 0x16, - 0x00, 0x17, 0x00, 0x08, 0x00, 0x06, 0x00, 0x07, - 0x00, 0x14, 0x00, 0x15, 0x00, 0x04, 0x00, 0x05, - 0x00, 0x12, 0x00, 0x13, 0x00, 0x01, 0x00, 0x02, - 0x00, 0x03, 0x00, 0x0f, 0x00, 0x10, 0x00, 0x11 - }; - uint32_t client_hello_len = sizeof(client_hello); - - uint8_t server_hello_certificate_done[] = { - 0x16, 0x03, 0x01, 0x00, 0x51, 0x02, 0x00, 0x00, - 0x4d, 0x03, 0x01, 0x51, 0x60, 0xc2, 0x17, 0xb7, - 0x81, 0xaa, 0x27, 0xa1, 0xd5, 0xfa, 0x14, 0xc1, - 0xe0, 0x05, 0xab, 0x75, 0xf2, 0x51, 0xe7, 0x6e, - 0xe6, 0xf9, 0xc4, 0x8f, 0x16, 0x08, 0x26, 0x6c, - 0x1b, 0x86, 0x90, 0x20, 0x0a, 0x38, 0x90, 0x2d, - 0x17, 0x7d, 0xb7, 0x6b, 0x6b, 0xe5, 0xeb, 0x61, - 0x90, 0x35, 0xf8, 0xcd, 0xb1, 0x2a, 0x69, 0x6e, - 0x0e, 0x3e, 0x5f, 0x90, 0xdc, 0x2f, 0x51, 0x45, - 0x68, 0x63, 0xe3, 0xb3, 0x00, 0x05, 0x00, 0x00, - 0x05, 0xff, 0x01, 0x00, 0x01, 0x00, 0x16, 0x03, - 0x01, 0x07, 0x60, 0x0b, 0x00, 0x07, 0x5c, 0x00, - 0x07, 0x59, 0x00, 0x03, 0xcc, 0x30, 0x82, 0x03, - 0xc8, 0x30, 0x82, 0x03, 0x31, 0xa0, 0x03, 0x02, - 0x01, 0x02, 0x02, 0x10, 0x01, 0x7f, 0x77, 0xde, - 0xb3, 0xbc, 0xbb, 0x23, 0x5d, 0x44, 0xcc, 0xc7, - 0xdb, 0xa6, 0x2e, 0x72, 0x30, 0x0d, 0x06, 0x09, - 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, - 0x05, 0x05, 0x00, 0x30, 0x81, 0xba, 0x31, 0x1f, - 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, - 0x16, 0x56, 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, - 0x6e, 0x20, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, - 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x31, - 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x0b, - 0x13, 0x0e, 0x56, 0x65, 0x72, 0x69, 0x53, 0x69, - 0x67, 0x6e, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, - 0x31, 0x33, 0x30, 0x31, 0x06, 0x03, 0x55, 0x04, - 0x0b, 0x13, 0x2a, 0x56, 0x65, 0x72, 0x69, 0x53, - 0x69, 0x67, 0x6e, 0x20, 0x49, 0x6e, 0x74, 0x65, - 0x72, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x61, - 0x6c, 0x20, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, - 0x20, 0x43, 0x41, 0x20, 0x2d, 0x20, 0x43, 0x6c, - 0x61, 0x73, 0x73, 0x20, 0x33, 0x31, 0x49, 0x30, - 0x47, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x40, - 0x77, 0x77, 0x77, 0x2e, 0x76, 0x65, 0x72, 0x69, - 0x73, 0x69, 0x67, 0x6e, 0x2e, 0x63, 0x6f, 0x6d, - 0x2f, 0x43, 0x50, 0x53, 0x20, 0x49, 0x6e, 0x63, - 0x6f, 0x72, 0x70, 0x2e, 0x62, 0x79, 0x20, 0x52, - 0x65, 0x66, 0x2e, 0x20, 0x4c, 0x49, 0x41, 0x42, - 0x49, 0x4c, 0x49, 0x54, 0x59, 0x20, 0x4c, 0x54, - 0x44, 0x2e, 0x28, 0x63, 0x29, 0x39, 0x37, 0x20, - 0x56, 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, - 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x32, 0x30, 0x36, - 0x32, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, - 0x5a, 0x17, 0x0d, 0x31, 0x33, 0x31, 0x32, 0x33, - 0x31, 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5a, - 0x30, 0x68, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, - 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, - 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, - 0x13, 0x0a, 0x43, 0x61, 0x6c, 0x69, 0x66, 0x6f, - 0x72, 0x6e, 0x69, 0x61, 0x31, 0x12, 0x30, 0x10, - 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x09, 0x50, - 0x61, 0x6c, 0x6f, 0x20, 0x41, 0x6c, 0x74, 0x6f, - 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, - 0x0a, 0x13, 0x0e, 0x46, 0x61, 0x63, 0x65, 0x62, - 0x6f, 0x6f, 0x6b, 0x2c, 0x20, 0x49, 0x6e, 0x63, - 0x2e, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, - 0x04, 0x02, 0x14, 0x0e, 0x2a, 0x2e, 0x66, 0x61, - 0x63, 0x65, 0x62, 0x6f, 0x6f, 0x6b, 0x2e, 0x63, - 0x6f, 0x6d, 0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, - 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, - 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, - 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xae, - 0x94, 0xb1, 0x71, 0xe2, 0xde, 0xcc, 0xc1, 0x69, - 0x3e, 0x05, 0x10, 0x63, 0x24, 0x01, 0x02, 0xe0, - 0x68, 0x9a, 0xe8, 0x3c, 0x39, 0xb6, 0xb3, 0xe7, - 0x4b, 0x97, 0xd4, 0x8d, 0x7b, 0x23, 0x68, 0x91, - 0x00, 0xb0, 0xb4, 0x96, 0xee, 0x62, 0xf0, 0xe6, - 0xd3, 0x56, 0xbc, 0xf4, 0xaa, 0x0f, 0x50, 0x64, - 0x34, 0x02, 0xf5, 0xd1, 0x76, 0x6a, 0xa9, 0x72, - 0x83, 0x5a, 0x75, 0x64, 0x72, 0x3f, 0x39, 0xbb, - 0xef, 0x52, 0x90, 0xde, 0xd9, 0xbc, 0xdb, 0xf9, - 0xd3, 0xd5, 0x5d, 0xfa, 0xd2, 0x3a, 0xa0, 0x3d, - 0xc6, 0x04, 0xc5, 0x4d, 0x29, 0xcf, 0x1d, 0x4b, - 0x3b, 0xdb, 0xd1, 0xa8, 0x09, 0xcf, 0xae, 0x47, - 0xb4, 0x4c, 0x7e, 0xae, 0x17, 0xc5, 0x10, 0x9b, - 0xee, 0x24, 0xa9, 0xcf, 0x4a, 0x8d, 0x91, 0x1b, - 0xb0, 0xfd, 0x04, 0x15, 0xae, 0x4c, 0x3f, 0x43, - 0x0a, 0xa1, 0x2a, 0x55, 0x7e, 0x2a, 0xe1, 0x02, - 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x1e, - 0x30, 0x82, 0x01, 0x1a, 0x30, 0x09, 0x06, 0x03, - 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, - 0x44, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x3d, - 0x30, 0x3b, 0x30, 0x39, 0x06, 0x0b, 0x60, 0x86, - 0x48, 0x01, 0x86, 0xf8, 0x45, 0x01, 0x07, 0x17, - 0x03, 0x30, 0x2a, 0x30, 0x28, 0x06, 0x08, 0x2b, - 0x06, 0x01, 0x05, 0x05, 0x07, 0x00, 0x01, 0x16, - 0x1c, 0x68, 0x74, 0x74, 0x70, 0x73, 0x3a, 0x2f, - 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x76, 0x65, 0x72, - 0x69, 0x73, 0x69, 0x67, 0x6e, 0x2e, 0x63, 0x6f, - 0x6d, 0x2f, 0x72, 0x70, 0x61, 0x30, 0x3c, 0x06, - 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x35, 0x30, 0x33, - 0x30, 0x31, 0xa0, 0x2f, 0xa0, 0x2d, 0x86, 0x2b, - 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x53, - 0x56, 0x52, 0x49, 0x6e, 0x74, 0x6c, 0x2d, 0x63, - 0x72, 0x6c, 0x2e, 0x76, 0x65, 0x72, 0x69, 0x73, - 0x69, 0x67, 0x6e, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, - 0x53, 0x56, 0x52, 0x49, 0x6e, 0x74, 0x6c, 0x2e, - 0x63, 0x72, 0x6c, 0x30, 0x1d, 0x06, 0x03, 0x55, - 0x1d, 0x25, 0x04, 0x16, 0x30, 0x14, 0x06, 0x08, - 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, - 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, - 0x03, 0x02, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x1d, - 0x0f, 0x04, 0x04, 0x03, 0x02, 0x05, 0xa0, 0x30, - 0x34, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, - 0x07, 0x01, 0x01, 0x04, 0x28, 0x30, 0x26, 0x30, - 0x24, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, - 0x07, 0x30, 0x01, 0x86, 0x18, 0x68, 0x74, 0x74, - 0x70, 0x3a, 0x2f, 0x2f, 0x6f, 0x63, 0x73, 0x70, - 0x2e, 0x76, 0x65, 0x72, 0x69, 0x73, 0x69, 0x67, - 0x6e, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x27, 0x06, - 0x03, 0x55, 0x1d, 0x11, 0x04, 0x20, 0x30, 0x1e, - 0x82, 0x0e, 0x2a, 0x2e, 0x66, 0x61, 0x63, 0x65, - 0x62, 0x6f, 0x6f, 0x6b, 0x2e, 0x63, 0x6f, 0x6d, - 0x82, 0x0c, 0x66, 0x61, 0x63, 0x65, 0x62, 0x6f, - 0x6f, 0x6b, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x0d, - 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, - 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x81, 0x81, - 0x00, 0x5b, 0x6c, 0x2b, 0x75, 0xf8, 0xed, 0x30, - 0xaa, 0x51, 0xaa, 0xd3, 0x6a, 0xba, 0x59, 0x5e, - 0x55, 0x51, 0x41, 0x95, 0x1f, 0x81, 0xa5, 0x3b, - 0x44, 0x79, 0x10, 0xac, 0x1f, 0x76, 0xff, 0x78, - 0xfc, 0x27, 0x81, 0x61, 0x6b, 0x58, 0xf3, 0x12, - 0x2a, 0xfc, 0x1c, 0x87, 0x01, 0x04, 0x25, 0xe9, - 0xed, 0x43, 0xdf, 0x1a, 0x7b, 0xa6, 0x49, 0x80, - 0x60, 0x67, 0xe2, 0x68, 0x8a, 0xf0, 0x3d, 0xb5, - 0x8c, 0x7d, 0xf4, 0xee, 0x03, 0x30, 0x9a, 0x6a, - 0xfc, 0x24, 0x7c, 0xcb, 0x13, 0x4d, 0xc3, 0x3e, - 0x54, 0xc6, 0xbc, 0x1d, 0x51, 0x33, 0xa5, 0x32, - 0xa7, 0x32, 0x73, 0xb1, 0xd7, 0x9c, 0xad, 0xc0, - 0x8e, 0x7e, 0x1a, 0x83, 0x11, 0x6d, 0x34, 0x52, - 0x33, 0x40, 0xb0, 0x30, 0x54, 0x27, 0xa2, 0x17, - 0x42, 0x82, 0x7c, 0x98, 0x91, 0x66, 0x98, 0xee, - 0x7e, 0xaf, 0x8c, 0x3b, 0xdd, 0x71, 0x70, 0x08, - 0x17, 0x00, 0x03, 0x87, 0x30, 0x82, 0x03, 0x83, - 0x30, 0x82, 0x02, 0xec, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x10, 0x46, 0xfc, 0xeb, 0xba, 0xb4, - 0xd0, 0x2f, 0x0f, 0x92, 0x60, 0x98, 0x23, 0x3f, - 0x93, 0x07, 0x8f, 0x30, 0x0d, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, - 0x05, 0x00, 0x30, 0x5f, 0x31, 0x0b, 0x30, 0x09, - 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, - 0x53, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, - 0x04, 0x0a, 0x13, 0x0e, 0x56, 0x65, 0x72, 0x69, - 0x53, 0x69, 0x67, 0x6e, 0x2c, 0x20, 0x49, 0x6e, - 0x63, 0x2e, 0x31, 0x37, 0x30, 0x35, 0x06, 0x03, - 0x55, 0x04, 0x0b, 0x13, 0x2e, 0x43, 0x6c, 0x61, - 0x73, 0x73, 0x20, 0x33, 0x20, 0x50, 0x75, 0x62, - 0x6c, 0x69, 0x63, 0x20, 0x50, 0x72, 0x69, 0x6d, - 0x61, 0x72, 0x79, 0x20, 0x43, 0x65, 0x72, 0x74, - 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x20, 0x41, 0x75, 0x64, 0x68, 0x6f, 0x72, - 0x69, 0x74, 0x79, 0x30, 0x1e, 0x17, 0x0d, 0x39, - 0x37, 0x30, 0x34, 0x31, 0x37, 0x30, 0x30, 0x30, - 0x30, 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x31, 0x36, - 0x31, 0x30, 0x32, 0x34, 0x32, 0x33, 0x35, 0x39, - 0x35, 0x39, 0x5a, 0x30, 0x81, 0xba, 0x31, 0x1f, - 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, - 0x16, 0x56, 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, - 0x6e, 0x20, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, - 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x31, - 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x0b, - 0x13, 0x0e, 0x56, 0x65, 0x72, 0x69, 0x53, 0x69, - 0x67, 0x6e, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, - 0x31, 0x33, 0x30, 0x31, 0x06, 0x03, 0x55, 0x04, - 0x0b, 0x13, 0x2a, 0x56, 0x65, 0x72, 0x69, 0x53, - 0x69, 0x67, 0x6e, 0x20, 0x49, 0x6e, 0x74, 0x65, - 0x72, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x61, - 0x6c, 0x20, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, - 0x20, 0x43, 0x41, 0x20, 0x2d, 0x20, 0x43, 0x6c, - 0x61, 0x73, 0x73, 0x20, 0x33, 0x31, 0x49, 0x30, - 0x47, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x40, - 0x77, 0x77, 0x77, 0x2e, 0x76, 0x65, 0x72, 0x69, - 0x73, 0x69, - 0x67, 0x6e, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x43, - 0x50, 0x53, 0x20, 0x49, 0x6e, 0x63, 0x6f, 0x72, - 0x70, 0x2e, 0x62, 0x79, 0x20, 0x52, 0x65, 0x66, - 0x2e, 0x20, 0x4c, 0x49, 0x41, 0x42, 0x49, 0x4c, - 0x49, 0x54, 0x59, 0x20, 0x4c, 0x54, 0x44, 0x2e, - 0x28, 0x63, 0x29, 0x39, 0x37, 0x20, 0x56, 0x65, - 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x30, 0x81, - 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, - 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, - 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02, - 0x81, 0x81, 0x00, 0xd8, 0x82, 0x80, 0xe8, 0xd6, - 0x19, 0x02, 0x7d, 0x1f, 0x85, 0x18, 0x39, 0x25, - 0xa2, 0x65, 0x2b, 0xe1, 0xbf, 0xd4, 0x05, 0xd3, - 0xbc, 0xe6, 0x36, 0x3b, 0xaa, 0xf0, 0x4c, 0x6c, - 0x5b, 0xb6, 0xe7, 0xaa, 0x3c, 0x73, 0x45, 0x55, - 0xb2, 0xf1, 0xbd, 0xea, 0x97, 0x42, 0xed, 0x9a, - 0x34, 0x0a, 0x15, 0xd4, 0xa9, 0x5c, 0xf5, 0x40, - 0x25, 0xdd, 0xd9, 0x07, 0xc1, 0x32, 0xb2, 0x75, - 0x6c, 0xc4, 0xca, 0xbb, 0xa3, 0xfe, 0x56, 0x27, - 0x71, 0x43, 0xaa, 0x63, 0xf5, 0x30, 0x3e, 0x93, - 0x28, 0xe5, 0xfa, 0xf1, 0x09, 0x3b, 0xf3, 0xb7, - 0x4d, 0x4e, 0x39, 0xf7, 0x5c, 0x49, 0x5a, 0xb8, - 0xc1, 0x1d, 0xd3, 0xb2, 0x8a, 0xfe, 0x70, 0x30, - 0x95, 0x42, 0xcb, 0xfe, 0x2b, 0x51, 0x8b, 0x5a, - 0x3c, 0x3a, 0xf9, 0x22, 0x4f, 0x90, 0xb2, 0x02, - 0xa7, 0x53, 0x9c, 0x4f, 0x34, 0xe7, 0xab, 0x04, - 0xb2, 0x7b, 0x6f, 0x02, 0x03, 0x01, 0x00, 0x01, - 0xa3, 0x81, 0xe3, 0x30, 0x81, 0xe0, 0x30, 0x0f, - 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x08, 0x30, - 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x00, 0x30, - 0x44, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x3d, - 0x30, 0x3b, 0x30, 0x39, 0x06, 0x0b, 0x60, 0x86, - 0x48, 0x01, 0x86, 0xf8, 0x45, 0x01, 0x07, 0x01, - 0x01, 0x30, 0x2a, 0x30, 0x28, 0x06, 0x08, 0x2b, - 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x01, 0x16, - 0x1c, 0x68, 0x74, 0x74, 0x70, 0x73, 0x3a, 0x2f, - 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x76, 0x65, 0x72, - 0x69, 0x73, 0x69, 0x67, 0x6e, 0x2e, 0x63, 0x6f, - 0x6d, 0x2f, 0x43, 0x50, 0x53, 0x30, 0x34, 0x06, - 0x03, 0x55, 0x1d, 0x25, 0x04, 0x2d, 0x30, 0x2b, - 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, - 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, - 0x05, 0x07, 0x03, 0x02, 0x06, 0x09, 0x60, 0x86, - 0x48, 0x01, 0x86, 0xf8, 0x42, 0x04, 0x01, 0x06, - 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x45, - 0x01, 0x08, 0x01, 0x30, 0x0b, 0x06, 0x03, 0x55, - 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, - 0x30, 0x11, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, - 0x86, 0xf8, 0x42, 0x01, 0x01, 0x04, 0x04, 0x03, - 0x02, 0x01, 0x06, 0x30, 0x31, 0x06, 0x03, 0x55, - 0x1d, 0x1f, 0x04, 0x2a, 0x30, 0x28, 0x30, 0x26, - 0xa0, 0x24, 0xa0, 0x22, 0x86, 0x20, 0x68, 0x74, - 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x72, 0x6c, - 0x2e, 0x76, 0x65, 0x72, 0x69, 0x73, 0x69, 0x67, - 0x6e, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x63, - 0x61, 0x33, 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x0d, - 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, - 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x81, 0x81, - 0x00, 0x40, 0x8e, 0x49, 0x97, 0x96, 0x8a, 0x73, - 0xdd, 0x8e, 0x4d, 0xef, 0x3e, 0x61, 0xb7, 0xca, - 0xa0, 0x62, 0xad, 0xf4, 0x0e, 0x0a, 0xbb, 0x75, - 0x3d, 0xe2, 0x6e, 0xd8, 0x2c, 0xc7, 0xbf, 0xf4, - 0xb9, 0x8c, 0x36, 0x9b, 0xca, 0xa2, 0xd0, 0x9c, - 0x72, 0x46, 0x39, 0xf6, 0xa6, 0x82, 0x03, 0x65, - 0x11, 0xc4, 0xbc, 0xbf, 0x2d, 0xa6, 0xf5, 0xd9, - 0x3b, 0x0a, 0xb5, 0x98, 0xfa, 0xb3, 0x78, 0xb9, - 0x1e, 0xf2, 0x2b, 0x4c, 0x62, 0xd5, 0xfd, 0xb2, - 0x7a, 0x1d, 0xdf, 0x33, 0xfd, 0x73, 0xf9, 0xa5, - 0xd8, 0x2d, 0x8c, 0x2a, 0xea, 0xd1, 0xfc, 0xb0, - 0x28, 0xb6, 0xe9, 0x49, 0x48, 0x13, 0x4b, 0x83, - 0x8a, 0x1b, 0x48, 0x7b, 0x24, 0xf7, 0x38, 0xde, - 0x6f, 0x41, 0x54, 0xb8, 0xab, 0x57, 0x6b, 0x06, - 0xdf, 0xc7, 0xa2, 0xd4, 0xa9, 0xf6, 0xf1, 0x36, - 0x62, 0x80, 0x88, 0xf2, 0x8b, 0x75, 0xd6, 0x80, - 0x75, 0x16, 0x03, 0x01, 0x00, 0x04, 0x0e, 0x00, - 0x00, 0x00 - }; - uint32_t server_hello_certificate_done_len = sizeof(server_hello_certificate_done); - - uint8_t client_key_exchange_cipher_enc_hs[] = { - 0x16, 0x03, 0x01, 0x00, 0x86, 0x10, 0x00, 0x00, - 0x80, 0x00, 0x80, 0x14, 0x2b, 0x2f, 0x9f, 0x02, - 0x1d, 0x4e, 0x0d, 0xa7, 0x41, 0x0f, 0x99, 0xc5, - 0xe9, 0x49, 0x22, 0x14, 0xa0, 0x42, 0x7b, 0xb4, - 0x6d, 0x4f, 0x82, 0x3c, 0x3a, 0x6e, 0xed, 0xd5, - 0x6e, 0x72, 0x71, 0xae, 0x00, 0x4a, 0x9a, 0xc9, - 0x0e, 0x2d, 0x08, 0xa2, 0xd3, 0x3a, 0xb0, 0xb2, - 0x1a, 0x56, 0x01, 0x7c, 0x9a, 0xfa, 0xfb, 0x1a, - 0xd7, 0x7e, 0x20, 0x68, 0x51, 0xd0, 0xfe, 0xd9, - 0xdc, 0xa7, 0x0b, 0xeb, 0x1a, 0xb6, 0xd3, 0xc7, - 0x17, 0x1f, 0xf3, 0x6e, 0x91, 0xdd, 0x06, 0x0d, - 0x48, 0xde, 0xcd, 0x0c, 0x36, 0x8c, 0x83, 0x29, - 0x9a, 0x40, 0x03, 0xcd, 0xf3, 0x1b, 0xdb, 0xd8, - 0x44, 0x6b, 0x75, 0xf3, 0x5a, 0x9f, 0x26, 0x1a, - 0xc4, 0x16, 0x35, 0x8f, 0xc1, 0x15, 0x19, 0xa9, - 0xdf, 0x07, 0xa9, 0xe5, 0x56, 0x45, 0x6d, 0xca, - 0x20, 0x3c, 0xcf, 0x8e, 0xbe, 0x44, 0x68, 0x73, - 0xc8, 0x0b, 0xc7, 0x14, 0x03, 0x01, 0x00, 0x01, - 0x01, 0x16, 0x03, 0x01, 0x00, 0x24, 0xf9, 0x7e, - 0x28, 0x77, 0xa9, 0x9a, 0x08, 0x0c, 0x2e, 0xa9, - 0x09, 0x15, 0x27, 0xcd, 0x93, 0x5f, 0xc0, 0x32, - 0x0a, 0x8d, 0x62, 0xd3, 0x54, 0x79, 0x6b, 0x51, - 0xd7, 0xba, 0x02, 0xd6, 0xdb, 0x66, 0xe8, 0x97, - 0x5d, 0x7a - }; - uint32_t client_key_exchange_cipher_enc_hs_len = sizeof(client_key_exchange_cipher_enc_hs); - - TcpSession ssn; - AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); - - memset(&f, 0, sizeof(f)); - memset(&ssn, 0, sizeof(ssn)); - FLOW_INITIALIZE(&f); - f.protoctx = (void *)&ssn; - f.proto = IPPROTO_TCP; - f.alproto = ALPROTO_TLS; - - StreamTcpInitConfig(true); - - int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, - STREAM_TOSERVER, client_hello, - client_hello_len); - FAIL_IF(r != 0); - - SSLState *ssl_state = f.alstate; - FAIL_IF_NULL(ssl_state); - - FAIL_IF(ssl_state->client_connp.bytes_processed != 0); - - r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, STREAM_TOCLIENT, - server_hello_certificate_done, - server_hello_certificate_done_len); - FAIL_IF(r != 0); - - FAIL_IF(ssl_state->client_connp.bytes_processed != 0); - - r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, - client_key_exchange_cipher_enc_hs, - client_key_exchange_cipher_enc_hs_len); - FAIL_IF(r != 0); - - AppLayerParserThreadCtxFree(alp_tctx); - StreamTcpFreeConfig(true); - FLOW_DESTROY(&f); - - PASS; -} - -static int SSLParserTest26(void) -{ - Flow f; - uint8_t client_hello[] = { - 0x16, 0x03, 0x01, 0x02, 0x0e, 0x01, 0x00, 0x02, - 0x0a, 0x03, 0x03, 0x58, 0x36, 0x15, 0x03, 0x8e, - 0x07, 0xf9, 0xad, 0x2a, 0xb7, 0x56, 0xbf, 0xe2, - 0xa2, 0xf8, 0x21, 0xe0, 0xbb, 0x69, 0xc2, 0xd6, - 0x76, 0xe6, 0x77, 0xfe, 0x09, 0xff, 0x8e, 0xac, - 0x80, 0xb5, 0x27, 0x20, 0xb7, 0xbb, 0x90, 0x35, - 0x7a, 0xdd, 0xd9, 0x67, 0xdf, 0x79, 0xd6, 0x16, - 0x90, 0xf6, 0xd7, 0x5c, 0xd3, 0x07, 0x19, 0x20, - 0x01, 0x39, 0x76, 0x25, 0x12, 0x32, 0x71, 0xa1, - 0x84, 0x8d, 0x2d, 0xea, 0x00, 0x88, 0xc0, 0x30, - 0xc0, 0x2c, 0xc0, 0x28, 0xc0, 0x24, 0xc0, 0x14, - 0xc0, 0x0a, 0x00, 0xa3, 0x00, 0x9f, 0x00, 0x6b, - 0x00, 0x6a, 0x00, 0x39, 0x00, 0x38, 0x00, 0x88, - 0x00, 0x87, 0xc0, 0x32, 0xc0, 0x2e, 0xc0, 0x2a, - 0xc0, 0x26, 0xc0, 0x0f, 0xc0, 0x05, 0x00, 0x9d, - 0x00, 0x3d, 0x00, 0x35, 0x00, 0x84, 0xc0, 0x12, - 0xc0, 0x08, 0x00, 0x16, 0x00, 0x13, 0xc0, 0x0d, - 0xc0, 0x03, 0x00, 0x0a, 0xc0, 0x2f, 0xc0, 0x2b, - 0xc0, 0x27, 0xc0, 0x23, 0xc0, 0x13, 0xc0, 0x09, - 0x00, 0xa2, 0x00, 0x9e, 0x00, 0x67, 0x00, 0x40, - 0x00, 0x33, 0x00, 0x32, 0x00, 0x9a, 0x00, 0x99, - 0x00, 0x45, 0x00, 0x44, 0xc0, 0x31, 0xc0, 0x2d, - 0xc0, 0x29, 0xc0, 0x25, 0xc0, 0x0e, 0xc0, 0x04, - 0x00, 0x9c, 0x00, 0x3c, 0x00, 0x2f, 0x00, 0x96, - 0x00, 0x41, 0xc0, 0x11, 0xc0, 0x07, 0xc0, 0x0c, - 0xc0, 0x02, 0x00, 0x05, 0x00, 0x04, 0x00, 0x15, - 0x00, 0x12, 0x00, 0x09, 0x00, 0xff, 0x01, 0x00, - 0x01, 0x39, 0x00, 0x00, 0x00, 0x14, 0x00, 0x12, - 0x00, 0x00, 0x0f, 0x77, 0x77, 0x77, 0x2e, 0x79, - 0x6f, 0x75, 0x74, 0x75, 0x62, 0x65, 0x2e, 0x63, - 0x6f, 0x6d, 0x00, 0x0b, 0x00, 0x04, 0x03, 0x00, - 0x01, 0x02, 0x00, 0x0a, 0x00, 0x34, 0x00, 0x32, - 0x00, 0x0e, 0x00, 0x0d, 0x00, 0x19, 0x00, 0x0b, - 0x00, 0x0c, 0x00, 0x18, 0x00, 0x09, 0x00, 0x0a, - 0x00, 0x16, 0x00, 0x17, 0x00, 0x08, 0x00, 0x06, - 0x00, 0x07, 0x00, 0x14, 0x00, 0x15, 0x00, 0x04, - 0x00, 0x05, 0x00, 0x12, 0x00, 0x13, 0x00, 0x01, - 0x00, 0x02, 0x00, 0x03, 0x00, 0x0f, 0x00, 0x10, - 0x00, 0x11, 0x00, 0x23, 0x00, 0xb4, 0x05, 0x6c, - 0xfa, 0x27, 0x6f, 0x12, 0x2f, 0x2a, 0xe5, 0x56, - 0xcb, 0x42, 0x62, 0x44, 0xf2, 0xd7, 0xd1, 0x05, - 0x87, 0xd4, 0x52, 0x02, 0x10, 0x85, 0xa4, 0xa6, - 0x82, 0x6f, 0x6d, 0x7b, 0xaf, 0x11, 0xbe, 0x21, - 0x7e, 0x7c, 0x36, 0x03, 0x20, 0x29, 0xd8, 0xf9, - 0xe5, 0x2b, 0xe2, 0x26, 0xb2, 0x27, 0xc7, 0xb9, - 0xda, 0x59, 0xd7, 0xdc, 0xfd, 0x74, 0x74, 0x76, - 0xd0, 0x5e, 0xe4, 0xfe, 0x9d, 0xb7, 0x1b, 0x13, - 0x81, 0xce, 0x63, 0x75, 0x2b, 0x2f, 0x98, 0x3a, - 0x84, 0x46, 0xd3, 0x0c, 0xb3, 0x01, 0xdb, 0x62, - 0x51, 0x97, 0x92, 0x1c, 0xa5, 0x94, 0x60, 0xef, - 0xa6, 0xd8, 0xb2, 0x2f, 0x02, 0x42, 0x5c, 0xac, - 0xb4, 0xd9, 0x10, 0x2f, 0x7e, 0x89, 0xab, 0xa5, - 0xd7, 0x56, 0x6d, 0x03, 0xd2, 0x5f, 0x20, 0x2c, - 0xb6, 0x99, 0x2b, 0x66, 0xbd, 0xd4, 0xde, 0x53, - 0x76, 0x5c, 0x78, 0xf0, 0xe9, 0x6d, 0xa5, 0xc3, - 0x1a, 0x9e, 0x61, 0xb2, 0x45, 0xb0, 0xb3, 0x61, - 0xee, 0xa1, 0x07, 0xab, 0x2f, 0x84, 0xea, 0x43, - 0x76, 0x4b, 0x3d, 0xb0, 0xbe, 0xa4, 0xb4, 0x21, - 0xe1, 0xd3, 0xfd, 0x91, 0xe2, 0xe7, 0xf3, 0x38, - 0x9c, 0x56, 0x5f, 0xa1, 0xde, 0xa8, 0x2f, 0x0a, - 0x49, 0x6d, 0x44, 0x8e, 0xb7, 0xef, 0x4a, 0x6f, - 0x79, 0xb2, 0x00, 0x0d, 0x00, 0x20, 0x00, 0x1e, - 0x06, 0x01, 0x06, 0x02, 0x06, 0x03, 0x05, 0x01, - 0x05, 0x02, 0x05, 0x03, 0x04, 0x01, 0x04, 0x02, - 0x04, 0x03, 0x03, 0x01, 0x03, 0x02, 0x03, 0x03, - 0x02, 0x01, 0x02, 0x02, 0x02, 0x03, 0x00, 0x0f, - 0x00, 0x01, 0x01 - }; - uint32_t client_hello_len = sizeof(client_hello); - - uint8_t server_hello_change_cipher_spec[] = { - 0x16, 0x03, 0x03, 0x00, 0x57, 0x02, 0x00, 0x00, - 0x53, 0x03, 0x03, 0x58, 0x36, 0x15, 0x03, 0x9f, - 0x3b, 0xf3, 0x11, 0x96, 0x2b, 0xc3, 0xae, 0x91, - 0x8c, 0x5f, 0x8b, 0x3f, 0x90, 0xbd, 0xa9, 0x26, - 0x26, 0xb2, 0xfd, 0x12, 0xc5, 0xc5, 0x7b, 0xe4, - 0xd1, 0x3e, 0x81, 0x20, 0xb7, 0xbb, 0x90, 0x35, - 0x7a, 0xdd, 0xd9, 0x67, 0xdf, 0x79, 0xd6, 0x16, - 0x90, 0xf6, 0xd7, 0x5c, 0xd3, 0x07, 0x19, 0x20, - 0x01, 0x39, 0x76, 0x25, 0x12, 0x32, 0x71, 0xa1, - 0x84, 0x8d, 0x2d, 0xea, 0xc0, 0x2b, 0x00, 0x00, - 0x0b, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x0b, - 0x00, 0x02, 0x01, 0x00, 0x14, 0x03, 0x03, 0x00, - 0x01, 0x01, 0x16, 0x03, 0x03, 0x00, 0x28, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, - 0x66, 0xfe, 0x07, 0x08, 0x33, 0x4d, 0xc2, 0x83, - 0x8e, 0x05, 0x8b, 0xf8, 0xd1, 0xb1, 0xa7, 0x16, - 0x4b, 0x42, 0x5c, 0x3a, 0xa4, 0x31, 0x0f, 0xba, - 0x84, 0x06, 0xcb, 0x9d, 0xc6, 0xc4, 0x66 - }; - uint32_t server_hello_change_cipher_spec_len = sizeof(server_hello_change_cipher_spec); - - TcpSession ssn; - AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); - - memset(&f, 0, sizeof(f)); - memset(&ssn, 0, sizeof(ssn)); - FLOW_INITIALIZE(&f); - f.protoctx = (void *)&ssn; - f.proto = IPPROTO_TCP; - f.alproto = ALPROTO_TLS; - - StreamTcpInitConfig(true); - - int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, - STREAM_TOSERVER, client_hello, - client_hello_len); - FAIL_IF(r != 0); - - SSLState *ssl_state = f.alstate; - FAIL_IF_NULL(ssl_state); - - FAIL_IF((ssl_state->flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) == 0); - FAIL_IF_NULL(ssl_state->client_connp.session_id); - - r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, STREAM_TOCLIENT, - server_hello_change_cipher_spec, - server_hello_change_cipher_spec_len); - FAIL_IF(r != 0); - - FAIL_IF((ssl_state->flags & SSL_AL_FLAG_SERVER_CHANGE_CIPHER_SPEC) == 0); - FAIL_IF((ssl_state->flags & SSL_AL_FLAG_SESSION_RESUMED) == 0); - - AppLayerParserThreadCtxFree(alp_tctx); - StreamTcpFreeConfig(true); - FLOW_DESTROY(&f); - - PASS; -} - -#endif /* UNITTESTS */ - -void SSLParserRegisterTests(void) -{ -#ifdef UNITTESTS - UtRegisterTest("SSLParserTest01", SSLParserTest01); - UtRegisterTest("SSLParserTest02", SSLParserTest02); - UtRegisterTest("SSLParserTest03", SSLParserTest03); - UtRegisterTest("SSLParserTest04", SSLParserTest04); - /* Updated by Anoop Saldanha. Faulty tests. Disable it for now */ - //UtRegisterTest("SSLParserTest05", SSLParserTest05, 1); - //UtRegisterTest("SSLParserTest06", SSLParserTest06, 1); - UtRegisterTest("SSLParserTest07", SSLParserTest07); - //UtRegisterTest("SSLParserTest08", SSLParserTest08, 1); - UtRegisterTest("SSLParserTest09", SSLParserTest09); - UtRegisterTest("SSLParserTest10", SSLParserTest10); - UtRegisterTest("SSLParserTest11", SSLParserTest11); - UtRegisterTest("SSLParserTest12", SSLParserTest12); - UtRegisterTest("SSLParserTest13", SSLParserTest13); - - UtRegisterTest("SSLParserTest14", SSLParserTest14); - UtRegisterTest("SSLParserTest15", SSLParserTest15); - UtRegisterTest("SSLParserTest16", SSLParserTest16); - UtRegisterTest("SSLParserTest17", SSLParserTest17); - UtRegisterTest("SSLParserTest18", SSLParserTest18); - UtRegisterTest("SSLParserTest19", SSLParserTest19); - UtRegisterTest("SSLParserTest20", SSLParserTest20); - UtRegisterTest("SSLParserTest21", SSLParserTest21); - UtRegisterTest("SSLParserTest22", SSLParserTest22); - UtRegisterTest("SSLParserTest23", SSLParserTest23); - UtRegisterTest("SSLParserTest24", SSLParserTest24); - UtRegisterTest("SSLParserTest25", SSLParserTest25); - UtRegisterTest("SSLParserTest26", SSLParserTest26); - - UtRegisterTest("SSLParserMultimsgTest01", SSLParserMultimsgTest01); - UtRegisterTest("SSLParserMultimsgTest02", SSLParserMultimsgTest02); -#endif /* UNITTESTS */ - - return; -} diff --git a/src/detect-tls-ja3-hash.c b/src/detect-tls-ja3-hash.c index 081ed2155e..03a8f2f9de 100644 --- a/src/detect-tls-ja3-hash.c +++ b/src/detect-tls-ja3-hash.c @@ -58,9 +58,6 @@ #include "util-unittest-helper.h" static int DetectTlsJa3HashSetup(DetectEngineCtx *, Signature *, const char *); -#ifdef UNITTESTS -static void DetectTlsJa3HashRegisterTests(void); -#endif static InspectionBuffer *GetData(DetectEngineThreadCtx *det_ctx, const DetectEngineTransforms *transforms, Flow *f, const uint8_t flow_flags, @@ -81,9 +78,6 @@ void DetectTlsJa3HashRegister(void) sigmatch_table[DETECT_AL_TLS_JA3_HASH].desc = "sticky buffer to match the JA3 hash buffer"; sigmatch_table[DETECT_AL_TLS_JA3_HASH].url = "/rules/ja3-keywords.html#ja3-hash"; sigmatch_table[DETECT_AL_TLS_JA3_HASH].Setup = DetectTlsJa3HashSetup; -#ifdef UNITTESTS - sigmatch_table[DETECT_AL_TLS_JA3_HASH].RegisterTests = DetectTlsJa3HashRegisterTests; -#endif sigmatch_table[DETECT_AL_TLS_JA3_HASH].flags |= SIGMATCH_NOOPT; sigmatch_table[DETECT_AL_TLS_JA3_HASH].flags |= SIGMATCH_INFO_STICKY_BUFFER; @@ -219,7 +213,3 @@ static void DetectTlsJa3HashSetupCallback(const DetectEngineCtx *de_ctx, } } } - -#ifdef UNITTESTS -#include "tests/detect-tls-ja3-hash.c" -#endif diff --git a/src/detect-tls-ja3-string.c b/src/detect-tls-ja3-string.c index 449114862c..80eb1d6861 100644 --- a/src/detect-tls-ja3-string.c +++ b/src/detect-tls-ja3-string.c @@ -58,9 +58,6 @@ #include "util-unittest-helper.h" static int DetectTlsJa3StringSetup(DetectEngineCtx *, Signature *, const char *); -#ifdef UNITTESTS -static void DetectTlsJa3StringRegisterTests(void); -#endif static InspectionBuffer *GetData(DetectEngineThreadCtx *det_ctx, const DetectEngineTransforms *transforms, Flow *f, const uint8_t flow_flags, @@ -97,9 +94,6 @@ void DetectTlsJa3StringRegister(void) sigmatch_table[DETECT_AL_TLS_JA3_STRING].desc = "sticky buffer to match the JA3 string buffer"; sigmatch_table[DETECT_AL_TLS_JA3_STRING].url = "/rules/ja3-keywords.html#ja3-string"; sigmatch_table[DETECT_AL_TLS_JA3_STRING].Setup = DetectTlsJa3StringSetup; -#ifdef UNITTESTS - sigmatch_table[DETECT_AL_TLS_JA3_STRING].RegisterTests = DetectTlsJa3StringRegisterTests; -#endif sigmatch_table[DETECT_AL_TLS_JA3_STRING].flags |= SIGMATCH_NOOPT; sigmatch_table[DETECT_AL_TLS_JA3_STRING].flags |= SIGMATCH_INFO_STICKY_BUFFER; @@ -176,7 +170,3 @@ static InspectionBuffer *GetData(DetectEngineThreadCtx *det_ctx, return buffer; } - -#ifdef UNITTESTS -#include "tests/detect-tls-ja3-string.c" -#endif diff --git a/src/detect-tls-ja3s-hash.c b/src/detect-tls-ja3s-hash.c index 341f3eb353..b6d7611f30 100644 --- a/src/detect-tls-ja3s-hash.c +++ b/src/detect-tls-ja3s-hash.c @@ -58,9 +58,6 @@ #include "util-unittest-helper.h" static int DetectTlsJa3SHashSetup(DetectEngineCtx *, Signature *, const char *); -#ifdef UNITTESTS -static void DetectTlsJa3SHashRegisterTests(void); -#endif static InspectionBuffer *GetData(DetectEngineThreadCtx *det_ctx, const DetectEngineTransforms *transforms, Flow *f, const uint8_t flow_flags, @@ -80,9 +77,6 @@ void DetectTlsJa3SHashRegister(void) sigmatch_table[DETECT_AL_TLS_JA3S_HASH].desc = "sticky buffer to match the JA3S hash buffer"; sigmatch_table[DETECT_AL_TLS_JA3S_HASH].url = "/rules/ja3-keywords.html#ja3s-hash"; sigmatch_table[DETECT_AL_TLS_JA3S_HASH].Setup = DetectTlsJa3SHashSetup; -#ifdef UNITTESTS - sigmatch_table[DETECT_AL_TLS_JA3S_HASH].RegisterTests = DetectTlsJa3SHashRegisterTests; -#endif sigmatch_table[DETECT_AL_TLS_JA3S_HASH].flags |= SIGMATCH_NOOPT; sigmatch_table[DETECT_AL_TLS_JA3S_HASH].flags |= SIGMATCH_INFO_STICKY_BUFFER; @@ -217,7 +211,3 @@ static void DetectTlsJa3SHashSetupCallback(const DetectEngineCtx *de_ctx, } } } - -#ifdef UNITTESTS -#include "tests/detect-tls-ja3s-hash.c" -#endif diff --git a/src/detect-tls-ja3s-string.c b/src/detect-tls-ja3s-string.c index b580065118..0b33eda47b 100644 --- a/src/detect-tls-ja3s-string.c +++ b/src/detect-tls-ja3s-string.c @@ -58,9 +58,6 @@ #include "util-unittest-helper.h" static int DetectTlsJa3SStringSetup(DetectEngineCtx *, Signature *, const char *); -#ifdef UNITTESTS -static void DetectTlsJa3SStringRegisterTests(void); -#endif static InspectionBuffer *GetData(DetectEngineThreadCtx *det_ctx, const DetectEngineTransforms *transforms, Flow *f, const uint8_t flow_flags, @@ -97,9 +94,6 @@ void DetectTlsJa3SStringRegister(void) "sticky buffer to match the JA3S string buffer"; sigmatch_table[DETECT_AL_TLS_JA3S_STRING].url = "/rules/ja3-keywords.html#ja3s-string"; sigmatch_table[DETECT_AL_TLS_JA3S_STRING].Setup = DetectTlsJa3SStringSetup; -#ifdef UNITTESTS - sigmatch_table[DETECT_AL_TLS_JA3S_STRING].RegisterTests = DetectTlsJa3SStringRegisterTests; -#endif sigmatch_table[DETECT_AL_TLS_JA3S_STRING].flags |= SIGMATCH_NOOPT; sigmatch_table[DETECT_AL_TLS_JA3S_STRING].flags |= SIGMATCH_INFO_STICKY_BUFFER; @@ -176,7 +170,3 @@ static InspectionBuffer *GetData(DetectEngineThreadCtx *det_ctx, return buffer; } - -#ifdef UNITTESTS -#include "tests/detect-tls-ja3s-string.c" -#endif diff --git a/src/detect-tls-sni.c b/src/detect-tls-sni.c index 288bec40a8..2f31390033 100644 --- a/src/detect-tls-sni.c +++ b/src/detect-tls-sni.c @@ -54,9 +54,6 @@ #include "util-unittest-helper.h" static int DetectTlsSniSetup(DetectEngineCtx *, Signature *, const char *); -#ifdef UNITTESTS -static void DetectTlsSniRegisterTests(void); -#endif static InspectionBuffer *GetData(DetectEngineThreadCtx *det_ctx, const DetectEngineTransforms *transforms, Flow *f, const uint8_t flow_flags, @@ -74,9 +71,6 @@ void DetectTlsSniRegister(void) "sticky buffer to match specifically and only on the TLS SNI buffer"; sigmatch_table[DETECT_AL_TLS_SNI].url = "/rules/tls-keywords.html#tls-sni"; sigmatch_table[DETECT_AL_TLS_SNI].Setup = DetectTlsSniSetup; -#ifdef UNITTESTS - sigmatch_table[DETECT_AL_TLS_SNI].RegisterTests = DetectTlsSniRegisterTests; -#endif sigmatch_table[DETECT_AL_TLS_SNI].flags |= SIGMATCH_NOOPT; sigmatch_table[DETECT_AL_TLS_SNI].flags |= SIGMATCH_INFO_STICKY_BUFFER; @@ -135,7 +129,3 @@ static InspectionBuffer *GetData(DetectEngineThreadCtx *det_ctx, return buffer; } - -#ifdef UNITTESTS -#include "tests/detect-tls-sni.c" -#endif diff --git a/src/tests/detect-ssl-state.c b/src/tests/detect-ssl-state.c index eba25b07d2..6be8ea8d89 100644 --- a/src/tests/detect-ssl-state.c +++ b/src/tests/detect-ssl-state.c @@ -89,411 +89,6 @@ static int DetectSslStateTest06(void) PASS; } -/** - * \test Test a valid dce_iface entry for a bind and bind_ack - */ -static int DetectSslStateTest07(void) -{ - uint8_t chello_buf[] = { - 0x80, 0x67, 0x01, 0x03, 0x00, 0x00, 0x4e, 0x00, - 0x00, 0x00, 0x10, 0x01, 0x00, 0x80, 0x03, 0x00, - 0x80, 0x07, 0x00, 0xc0, 0x06, 0x00, 0x40, 0x02, - 0x00, 0x80, 0x04, 0x00, 0x80, 0x00, 0x00, 0x39, - 0x00, 0x00, 0x38, 0x00, 0x00, 0x35, 0x00, 0x00, - 0x33, 0x00, 0x00, 0x32, 0x00, 0x00, 0x04, 0x00, - 0x00, 0x05, 0x00, 0x00, 0x2f, 0x00, 0x00, 0x16, - 0x00, 0x00, 0x13, 0x00, 0xfe, 0xff, 0x00, 0x00, - 0x0a, 0x00, 0x00, 0x15, 0x00, 0x00, 0x12, 0x00, - 0xfe, 0xfe, 0x00, 0x00, 0x09, 0x00, 0x00, 0x64, - 0x00, 0x00, 0x62, 0x00, 0x00, 0x03, 0x00, 0x00, - 0x06, 0xa8, 0xb8, 0x93, 0xbb, 0x90, 0xe9, 0x2a, - 0xa2, 0x4d, 0x6d, 0xcc, 0x1c, 0xe7, 0x2a, 0x80, - 0x21 - }; - uint32_t chello_buf_len = sizeof(chello_buf); - - uint8_t shello_buf[] = { - 0x16, 0x03, 0x00, 0x00, 0x4a, 0x02, - 0x00, 0x00, 0x46, 0x03, 0x00, 0x44, 0x4c, 0x94, - 0x8f, 0xfe, 0x81, 0xed, 0x93, 0x65, 0x02, 0x88, - 0xa3, 0xf8, 0xeb, 0x63, 0x86, 0x0e, 0x2c, 0xf6, - 0x8d, 0xd0, 0x0f, 0x2c, 0x2a, 0xd6, 0x4f, 0xcd, - 0x2d, 0x3c, 0x16, 0xd7, 0xd6, 0x20, 0xa0, 0xfb, - 0x60, 0x86, 0x3d, 0x1e, 0x76, 0xf3, 0x30, 0xfe, - 0x0b, 0x01, 0xfd, 0x1a, 0x01, 0xed, 0x95, 0xf6, - 0x7b, 0x8e, 0xc0, 0xd4, 0x27, 0xbf, 0xf0, 0x6e, - 0xc7, 0x56, 0xb1, 0x47, 0xce, 0x98, 0x00, 0x35, - 0x00, 0x16, 0x03, 0x00, 0x03, 0x44, 0x0b, 0x00, - 0x03, 0x40, 0x00, 0x03, 0x3d, 0x00, 0x03, 0x3a, - 0x30, 0x82, 0x03, 0x36, 0x30, 0x82, 0x02, 0x9f, - 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x01, 0x01, - 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, - 0xf7, 0x0d, 0x01, 0x01, 0x04, 0x05, 0x00, 0x30, - 0x81, 0xa9, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, - 0x55, 0x04, 0x06, 0x13, 0x02, 0x58, 0x59, 0x31, - 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x08, - 0x13, 0x0c, 0x53, 0x6e, 0x61, 0x6b, 0x65, 0x20, - 0x44, 0x65, 0x73, 0x65, 0x72, 0x74, 0x31, 0x13, - 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, - 0x0a, 0x53, 0x6e, 0x61, 0x6b, 0x65, 0x20, 0x54, - 0x6f, 0x77, 0x6e, 0x31, 0x17, 0x30, 0x15, 0x06, - 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0e, 0x53, 0x6e, - 0x61, 0x6b, 0x65, 0x20, 0x4f, 0x69, 0x6c, 0x2c, - 0x20, 0x4c, 0x74, 0x64, 0x31, 0x1e, 0x30, 0x1c, - 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x15, 0x43, - 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, - 0x74, 0x65, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, - 0x72, 0x69, 0x74, 0x79, 0x31, 0x15, 0x30, 0x13, - 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0c, 0x53, - 0x6e, 0x61, 0x6b, 0x65, 0x20, 0x4f, 0x69, 0x6c, - 0x20, 0x43, 0x41, 0x31, 0x1e, 0x30, 0x1c, 0x06, - 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, - 0x09, 0x01, 0x16, 0x0f, 0x63, 0x61, 0x40, 0x73, - 0x6e, 0x61, 0x6b, 0x65, 0x6f, 0x69, 0x6c, 0x2e, - 0x64, 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x30, - 0x33, 0x30, 0x33, 0x30, 0x35, 0x31, 0x36, 0x34, - 0x37, 0x34, 0x35, 0x5a, 0x17, 0x0d, 0x30, 0x38, - 0x30, 0x33, 0x30, 0x33, 0x31, 0x36, 0x34, 0x37, - 0x34, 0x35, 0x5a, 0x30, 0x81, 0xa7, 0x31, 0x0b, - 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, - 0x02, 0x58, 0x59, 0x31, 0x15, 0x30, 0x13, 0x06, - 0x03, 0x55, 0x04, 0x08, 0x13, 0x0c, 0x53, 0x6e, - 0x61, 0x6b, 0x65, 0x20, 0x44, 0x65, 0x73, 0x65, - 0x72, 0x74, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, - 0x55, 0x04, 0x07, 0x13, 0x0a, 0x53, 0x6e, 0x61, - 0x6b, 0x65, 0x20, 0x54, 0x6f, 0x77, 0x6e, 0x31, - 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x0a, - 0x13, 0x0e, 0x53, 0x6e, 0x61, 0x6b, 0x65, 0x20, - 0x4f, 0x69, 0x6c, 0x2c, 0x20, 0x4c, 0x74, 0x64, - 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, - 0x0b, 0x13, 0x0e, 0x57, 0x65, 0x62, 0x73, 0x65, - 0x72, 0x76, 0x65, 0x72, 0x20, 0x54, 0x65, 0x61, - 0x6d, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, - 0x04, 0x03, 0x13, 0x10, 0x77, 0x77, 0x77, 0x2e, - 0x73, 0x6e, 0x61, 0x6b, 0x65, 0x6f, 0x69, 0x6c, - 0x2e, 0x64, 0x6f, 0x6d, 0x31, 0x1f, 0x30, 0x1d, - 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, - 0x01, 0x09, 0x01, 0x16, 0x10, 0x77, 0x77, 0x77, - 0x40, 0x73, 0x6e, 0x61, 0x6b, 0x65, 0x6f, 0x69, - 0x6c, 0x2e, 0x64, 0x6f, 0x6d, 0x30, 0x81, 0x9f, - 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, - 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, - 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, - 0x81, 0x00, 0xa4, 0x6e, 0x53, 0x14, 0x0a, 0xde, - 0x2c, 0xe3, 0x60, 0x55, 0x9a, 0xf2, 0x42, 0xa6, - 0xaf, 0x47, 0x12, 0x2f, 0x17, 0xce, 0xfa, 0xba, - 0xdc, 0x4e, 0x63, 0x56, 0x34, 0xb9, 0xba, 0x73, - 0x4b, 0x78, 0x44, 0x3d, 0xc6, 0x6c, 0x69, 0xa4, - 0x25, 0xb3, 0x61, 0x02, 0x9d, 0x09, 0x04, 0x3f, - 0x72, 0x3d, 0xd8, 0x27, 0xd3, 0xb0, 0x5a, 0x45, - 0x77, 0xb7, 0x36, 0xe4, 0x26, 0x23, 0xcc, 0x12, - 0xb8, 0xae, 0xde, 0xa7, 0xb6, 0x3a, 0x82, 0x3c, - 0x7c, 0x24, 0x59, 0x0a, 0xf8, 0x96, 0x43, 0x8b, - 0xa3, 0x29, 0x36, 0x3f, 0x91, 0x7f, 0x5d, 0xc7, - 0x23, 0x94, 0x29, 0x7f, 0x0a, 0xce, 0x0a, 0xbd, - 0x8d, 0x9b, 0x2f, 0x19, 0x17, 0xaa, 0xd5, 0x8e, - 0xec, 0x66, 0xa2, 0x37, 0xeb, 0x3f, 0x57, 0x53, - 0x3c, 0xf2, 0xaa, 0xbb, 0x79, 0x19, 0x4b, 0x90, - 0x7e, 0xa7, 0xa3, 0x99, 0xfe, 0x84, 0x4c, 0x89, - 0xf0, 0x3d, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, - 0x6e, 0x30, 0x6c, 0x30, 0x1b, 0x06, 0x03, 0x55, - 0x1d, 0x11, 0x04, 0x14, 0x30, 0x12, 0x81, 0x10, - 0x77, 0x77, 0x77, 0x40, 0x73, 0x6e, 0x61, 0x6b, - 0x65, 0x6f, 0x69, 0x6c, 0x2e, 0x64, 0x6f, 0x6d, - 0x30, 0x3a, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, - 0x86, 0xf8, 0x42, 0x01, 0x0d, 0x04, 0x2d, 0x16, - 0x2b, 0x6d, 0x6f, 0x64, 0x5f, 0x73, 0x73, 0x6c, - 0x20, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, - 0x65, 0x64, 0x20, 0x63, 0x75, 0x73, 0x74, 0x6f, - 0x6d, 0x20, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, - 0x20, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, - 0x63, 0x61, 0x74, 0x65, 0x30, 0x11, 0x06, 0x09, - 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42, 0x01, - 0x01, 0x04, 0x04, 0x03, 0x02, 0x06, 0x40, 0x30, - 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, - 0x0d, 0x01, 0x01, 0x04, 0x05, 0x00, 0x03, 0x81, - 0x81, 0x00, 0xae, 0x79, 0x79, 0x22, 0x90, 0x75, - 0xfd, 0xa6, 0xd5, 0xc4, 0xb8, 0xc4, 0x99, 0x4e, - 0x1c, 0x05, 0x7c, 0x91, 0x59, 0xbe, 0x89, 0x0d, - 0x3d, 0xc6, 0x8c, 0xa3, 0xcf, 0xf6, 0xba, 0x23, - 0xdf, 0xb8, 0xae, 0x44, 0x68, 0x8a, 0x8f, 0xb9, - 0x8b, 0xcb, 0x12, 0xda, 0xe6, 0xa2, 0xca, 0xa5, - 0xa6, 0x55, 0xd9, 0xd2, 0xa1, 0xad, 0xba, 0x9b, - 0x2c, 0x44, 0x95, 0x1d, 0x4a, 0x90, 0x59, 0x7f, - 0x83, 0xae, 0x81, 0x5e, 0x3f, 0x92, 0xe0, 0x14, - 0x41, 0x82, 0x4e, 0x7f, 0x53, 0xfd, 0x10, 0x23, - 0xeb, 0x8a, 0xeb, 0xe9, 0x92, 0xea, 0x61, 0xf2, - 0x8e, 0x19, 0xa1, 0xd3, 0x49, 0xc0, 0x84, 0x34, - 0x1e, 0x2e, 0x6e, 0xf6, 0x98, 0xe2, 0x87, 0x53, - 0xd6, 0x55, 0xd9, 0x1a, 0x8a, 0x92, 0x5c, 0xad, - 0xdc, 0x1e, 0x1c, 0x30, 0xa7, 0x65, 0x9d, 0xc2, - 0x4f, 0x60, 0xd2, 0x6f, 0xdb, 0xe0, 0x9f, 0x9e, - 0xbc, 0x41, 0x16, 0x03, 0x00, 0x00, 0x04, 0x0e, - 0x00, 0x00, 0x00 - }; - uint32_t shello_buf_len = sizeof(shello_buf); - - uint8_t client_change_cipher_spec_buf[] = { - 0x16, 0x03, 0x00, 0x00, 0x84, 0x10, 0x00, 0x00, - 0x80, 0x65, 0x51, 0x2d, 0xa6, 0xd4, 0xa7, 0x38, - 0xdf, 0xac, 0x79, 0x1f, 0x0b, 0xd9, 0xb2, 0x61, - 0x7d, 0x73, 0x88, 0x32, 0xd9, 0xf2, 0x62, 0x3a, - 0x8b, 0x11, 0x04, 0x75, 0xca, 0x42, 0xff, 0x4e, - 0xd9, 0xcc, 0xb9, 0xfa, 0x86, 0xf3, 0x16, 0x2f, - 0x09, 0x73, 0x51, 0x66, 0xaa, 0x29, 0xcd, 0x80, - 0x61, 0x0f, 0xe8, 0x13, 0xce, 0x5b, 0x8e, 0x0a, - 0x23, 0xf8, 0x91, 0x5e, 0x5f, 0x54, 0x70, 0x80, - 0x8e, 0x7b, 0x28, 0xef, 0xb6, 0x69, 0xb2, 0x59, - 0x85, 0x74, 0x98, 0xe2, 0x7e, 0xd8, 0xcc, 0x76, - 0x80, 0xe1, 0xb6, 0x45, 0x4d, 0xc7, 0xcd, 0x84, - 0xce, 0xb4, 0x52, 0x79, 0x74, 0xcd, 0xe6, 0xd7, - 0xd1, 0x9c, 0xad, 0xef, 0x63, 0x6c, 0x0f, 0xf7, - 0x05, 0xe4, 0x4d, 0x1a, 0xd3, 0xcb, 0x9c, 0xd2, - 0x51, 0xb5, 0x61, 0xcb, 0xff, 0x7c, 0xee, 0xc7, - 0xbc, 0x5e, 0x15, 0xa3, 0xf2, 0x52, 0x0f, 0xbb, - 0x32, 0x14, 0x03, 0x00, 0x00, 0x01, 0x01, 0x16, - 0x03, 0x00, 0x00, 0x40, 0xa9, 0xd8, 0xd7, 0x35, - 0xbc, 0x39, 0x56, 0x98, 0xad, 0x87, 0x61, 0x2a, - 0xc4, 0x8f, 0xcc, 0x03, 0xcb, 0x93, 0x80, 0x81, - 0xb0, 0x4a, 0xc4, 0xd2, 0x09, 0x71, 0x3e, 0x90, - 0x3c, 0x8d, 0xe0, 0x95, 0x44, 0xfe, 0x56, 0xd1, - 0x7e, 0x88, 0xe2, 0x48, 0xfd, 0x76, 0x70, 0x76, - 0xe2, 0xcd, 0x06, 0xd0, 0xf3, 0x9d, 0x13, 0x79, - 0x67, 0x1e, 0x37, 0xf6, 0x98, 0xbe, 0x59, 0x18, - 0x4c, 0xfc, 0x75, 0x56 - }; - uint32_t client_change_cipher_spec_buf_len = - sizeof(client_change_cipher_spec_buf); - - uint8_t server_change_cipher_spec_buf[] = { - 0x14, 0x03, 0x00, 0x00, 0x01, 0x01, 0x16, 0x03, - 0x00, 0x00, 0x40, 0xce, 0x7c, 0x92, 0x43, 0x59, - 0xcc, 0x3d, 0x90, 0x91, 0x9c, 0x58, 0xf0, 0x7a, - 0xce, 0xae, 0x0d, 0x08, 0xe0, 0x76, 0xb4, 0x86, - 0xb1, 0x15, 0x5b, 0x32, 0xb8, 0x77, 0x53, 0xe7, - 0xa6, 0xf9, 0xd0, 0x95, 0x5f, 0xaa, 0x07, 0xc3, - 0x96, 0x7c, 0xc9, 0x88, 0xc2, 0x7a, 0x20, 0x89, - 0x4f, 0xeb, 0xeb, 0xb6, 0x19, 0xef, 0xaa, 0x27, - 0x73, 0x9d, 0xa6, 0xb4, 0x9f, 0xeb, 0x34, 0xe2, - 0x4d, 0x9f, 0x6b - }; - uint32_t server_change_cipher_spec_buf_len = - sizeof(server_change_cipher_spec_buf); - - uint8_t toserver_app_data_buf[] = { - 0x17, 0x03, 0x00, 0x01, 0xb0, 0x4a, 0xc3, 0x3e, - 0x9d, 0x77, 0x78, 0x01, 0x2c, 0xb4, 0xbc, 0x4c, - 0x9a, 0x84, 0xd7, 0xb9, 0x90, 0x0c, 0x21, 0x10, - 0xf0, 0xfa, 0x00, 0x7c, 0x16, 0xbb, 0x77, 0xfb, - 0x72, 0x42, 0x4f, 0xad, 0x50, 0x4a, 0xd0, 0xaa, - 0x6f, 0xaa, 0x44, 0x6c, 0x62, 0x94, 0x1b, 0xc5, - 0xfe, 0xe9, 0x1c, 0x5e, 0xde, 0x85, 0x0b, 0x0e, - 0x05, 0xe4, 0x18, 0x6e, 0xd2, 0xd3, 0xb5, 0x20, - 0xab, 0x81, 0xfd, 0x18, 0x9a, 0x73, 0xb8, 0xd7, - 0xef, 0xc3, 0xdd, 0x74, 0xd7, 0x9c, 0x1e, 0x6f, - 0x21, 0x6d, 0xf8, 0x24, 0xca, 0x3c, 0x70, 0x78, - 0x36, 0x12, 0x7a, 0x8a, 0x9c, 0xac, 0x4e, 0x1c, - 0xa8, 0xfb, 0x27, 0x30, 0xba, 0x9a, 0xf4, 0x2f, - 0x0a, 0xab, 0x80, 0x6a, 0xa1, 0x60, 0x74, 0xf0, - 0xe3, 0x91, 0x84, 0xe7, 0x90, 0x88, 0xcc, 0xf0, - 0x95, 0x7b, 0x0a, 0x22, 0xf2, 0xf9, 0x27, 0xe0, - 0xdd, 0x38, 0x0c, 0xfd, 0xe9, 0x03, 0x71, 0xdc, - 0x70, 0xa4, 0x6e, 0xdf, 0xe3, 0x72, 0x9e, 0xa1, - 0xf0, 0xc9, 0x00, 0xd6, 0x03, 0x55, 0x6a, 0x67, - 0x5d, 0x9c, 0xb8, 0x75, 0x01, 0xb0, 0x01, 0x9f, - 0xe6, 0xd2, 0x44, 0x18, 0xbc, 0xca, 0x7a, 0x10, - 0x39, 0xa6, 0xcf, 0x15, 0xc7, 0xf5, 0x35, 0xd4, - 0xb3, 0x6d, 0x91, 0x23, 0x84, 0x99, 0xba, 0xb0, - 0x7e, 0xd0, 0xc9, 0x4c, 0xbf, 0x3f, 0x33, 0x68, - 0x37, 0xb7, 0x7d, 0x44, 0xb0, 0x0b, 0x2c, 0x0f, - 0xd0, 0x75, 0xa2, 0x6b, 0x5b, 0xe1, 0x9f, 0xd4, - 0x69, 0x9a, 0x14, 0xc8, 0x29, 0xb7, 0xd9, 0x10, - 0xbb, 0x99, 0x30, 0x9a, 0xfb, 0xcc, 0x13, 0x1f, - 0x76, 0x4e, 0xe6, 0xdf, 0x14, 0xaa, 0xd5, 0x60, - 0xbf, 0x91, 0x49, 0x0d, 0x64, 0x42, 0x29, 0xa8, - 0x64, 0x27, 0xd4, 0x5e, 0x1b, 0x18, 0x03, 0xa8, - 0x73, 0xd6, 0x05, 0x6e, 0xf7, 0x50, 0xb0, 0x09, - 0x6b, 0x69, 0x7a, 0x12, 0x28, 0x58, 0xef, 0x5a, - 0x86, 0x11, 0xde, 0x71, 0x71, 0x9f, 0xca, 0xbd, - 0x79, 0x2a, 0xc2, 0xe5, 0x9b, 0x5e, 0x32, 0xe7, - 0xcb, 0x97, 0x6e, 0xa0, 0xea, 0xa4, 0xa4, 0x6a, - 0x32, 0xf9, 0x37, 0x39, 0xd8, 0x37, 0x6d, 0x63, - 0xf3, 0x08, 0x1c, 0xdd, 0x06, 0xdd, 0x2c, 0x2b, - 0x9f, 0x04, 0x88, 0x5f, 0x36, 0x42, 0xc1, 0xb1, - 0xc7, 0xe8, 0x2d, 0x5d, 0xa4, 0x6c, 0xe5, 0x60, - 0x94, 0xae, 0xd0, 0x90, 0x1e, 0x88, 0xa0, 0x87, - 0x52, 0xfb, 0xed, 0x97, 0xa5, 0x25, 0x5a, 0xb7, - 0x55, 0xc5, 0x13, 0x07, 0x85, 0x27, 0x40, 0xed, - 0xb8, 0xa0, 0x26, 0x13, 0x44, 0x0c, 0xfc, 0xcc, - 0x5a, 0x09, 0xe5, 0x44, 0xb5, 0x63, 0xa1, 0x43, - 0x51, 0x23, 0x4f, 0x17, 0x21, 0x89, 0x2e, 0x58, - 0xfd, 0xf9, 0x63, 0x74, 0x04, 0x70, 0x1e, 0x7d, - 0xd0, 0x66, 0xba, 0x40, 0x5e, 0x45, 0xdc, 0x39, - 0x7c, 0x53, 0x0f, 0xa8, 0x38, 0xb2, 0x13, 0x99, - 0x27, 0xd9, 0x4a, 0x51, 0xe9, 0x9f, 0x2a, 0x92, - 0xbb, 0x9c, 0x90, 0xab, 0xfd, 0xf1, 0xb7, 0x40, - 0x05, 0xa9, 0x7a, 0x20, 0x63, 0x36, 0xc1, 0xef, - 0xb9, 0xad, 0xa2, 0xe0, 0x1d, 0x20, 0x4f, 0xb2, - 0x34, 0xbd, 0xea, 0x07, 0xac, 0x21, 0xce, 0xf6, - 0x8a, 0xa2, 0x9e, 0xcd, 0xfa - }; - uint32_t toserver_app_data_buf_len = sizeof(toserver_app_data_buf); - - Signature *s = NULL; - ThreadVars th_v; - Packet *p = NULL; - Flow f; - TcpSession ssn; - DetectEngineThreadCtx *det_ctx = NULL; - DetectEngineCtx *de_ctx = NULL; - SSLState *ssl_state = NULL; - int r = 0; - AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); - - memset(&th_v, 0, sizeof(th_v)); - memset(&p, 0, sizeof(p)); - memset(&f, 0, sizeof(f)); - memset(&ssn, 0, sizeof(ssn)); - - p = UTHBuildPacket(NULL, 0, IPPROTO_TCP); - - FLOW_INITIALIZE(&f); - f.protoctx = (void *)&ssn; - f.proto = IPPROTO_TCP; - p->flow = &f; - p->flags |= PKT_HAS_FLOW|PKT_STREAM_EST; - p->flowflags |= FLOW_PKT_TOSERVER; - p->flowflags |= FLOW_PKT_ESTABLISHED; - f.alproto = ALPROTO_TLS; - - StreamTcpInitConfig(true); - - de_ctx = DetectEngineCtxInit(); - FAIL_IF_NULL(de_ctx); - - de_ctx->flags |= DE_QUIET; - - s = DetectEngineAppendSig(de_ctx, "alert tcp any any -> any any " - "(msg:\"ssl state\"; ssl_state:client_hello; " - "sid:1;)"); - FAIL_IF_NULL(s); - - s = DetectEngineAppendSig(de_ctx, "alert tcp any any -> any any " - "(msg:\"ssl state\"; " - "ssl_state:server_hello; " - "sid:2;)"); - FAIL_IF_NULL(s); - - s = DetectEngineAppendSig(de_ctx, "alert tcp any any -> any any " - "(msg:\"ssl state\"; " - "ssl_state:client_keyx; " - "sid:3;)"); - FAIL_IF_NULL(s); - - s = DetectEngineAppendSig(de_ctx, "alert tcp any any -> any any " - "(msg:\"ssl state\"; " - "ssl_state:server_keyx; " - "sid:4;)"); - FAIL_IF_NULL(s); - - s = DetectEngineAppendSig(de_ctx, "alert tcp any any -> any any " - "(msg:\"ssl state\"; " - "ssl_state:!client_hello; " - "sid:5;)"); - FAIL_IF_NULL(s); - - SigGroupBuild(de_ctx); - DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); - - r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, - STREAM_TOSERVER | STREAM_START, chello_buf, - chello_buf_len); - FAIL_IF(r != 0); - - ssl_state = f.alstate; - FAIL_IF(ssl_state == NULL); - - /* do detect */ - p->alerts.cnt = 0; - SigMatchSignatures(&th_v, de_ctx, det_ctx, p); - - FAIL_IF(!PacketAlertCheck(p, 1)); - FAIL_IF(PacketAlertCheck(p, 2)); - FAIL_IF(PacketAlertCheck(p, 3)); - FAIL_IF(PacketAlertCheck(p, 4)); - FAIL_IF(PacketAlertCheck(p, 5)); - - r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, STREAM_TOCLIENT, - shello_buf, shello_buf_len); - FAIL_IF(r != 0); - - /* do detect */ - p->alerts.cnt = 0; - p->flowflags = (FLOW_PKT_TOCLIENT | FLOW_PKT_ESTABLISHED); - - SigMatchSignatures(&th_v, de_ctx, det_ctx, p); - - FAIL_IF(PacketAlertCheck(p, 1)); - FAIL_IF(!PacketAlertCheck(p, 2)); - FAIL_IF(PacketAlertCheck(p, 3)); - FAIL_IF(PacketAlertCheck(p, 4)); - FAIL_IF(!PacketAlertCheck(p, 5)); - - r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, - client_change_cipher_spec_buf, - client_change_cipher_spec_buf_len); - FAIL_IF(r != 0); - - /* do detect */ - p->alerts.cnt = 0; - SigMatchSignatures(&th_v, de_ctx, det_ctx, p); - - FAIL_IF(PacketAlertCheck(p, 1)); - FAIL_IF(PacketAlertCheck(p, 2)); - FAIL_IF(!PacketAlertCheck(p, 3)); - FAIL_IF(PacketAlertCheck(p, 4)); - - r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, STREAM_TOCLIENT, - server_change_cipher_spec_buf, - server_change_cipher_spec_buf_len); - FAIL_IF(r != 0); - - /* do detect */ - p->alerts.cnt = 0; - SigMatchSignatures(&th_v, de_ctx, det_ctx, p); - - FAIL_IF(PacketAlertCheck(p, 1)); - FAIL_IF(PacketAlertCheck(p, 2)); - FAIL_IF(PacketAlertCheck(p, 3)); - FAIL_IF(PacketAlertCheck(p, 4)); - - r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, - toserver_app_data_buf, toserver_app_data_buf_len); - FAIL_IF(r != 0); - - /* do detect */ - p->alerts.cnt = 0; - SigMatchSignatures(&th_v, de_ctx, det_ctx, p); - - FAIL_IF(PacketAlertCheck(p, 1)); - FAIL_IF(PacketAlertCheck(p, 2)); - FAIL_IF(PacketAlertCheck(p, 3)); - FAIL_IF(PacketAlertCheck(p, 4)); - - if (alp_tctx != NULL) - AppLayerParserThreadCtxFree(alp_tctx); - SigGroupCleanup(de_ctx); - SigCleanSignatures(de_ctx); - - DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx); - DetectEngineCtxFree(de_ctx); - - StreamTcpFreeConfig(true); - FLOW_DESTROY(&f); - UTHFreePackets(&p, 1); - PASS; -} - /** * \brief Test that the "|" character still works as a separate for * compatibility with older Suricata rules. @@ -536,7 +131,6 @@ static void DetectSslStateRegisterTests(void) UtRegisterTest("DetectSslStateTest04", DetectSslStateTest04); UtRegisterTest("DetectSslStateTest05", DetectSslStateTest05); UtRegisterTest("DetectSslStateTest06", DetectSslStateTest06); - UtRegisterTest("DetectSslStateTest07", DetectSslStateTest07); UtRegisterTest("DetectSslStateTest08", DetectSslStateTest08); UtRegisterTest("DetectSslStateTestParseNegate", DetectSslStateTestParseNegate); diff --git a/src/tests/detect-ssl-version.c b/src/tests/detect-ssl-version.c index 3923ff8d67..d4a5297655 100644 --- a/src/tests/detect-ssl-version.c +++ b/src/tests/detect-ssl-version.c @@ -84,182 +84,6 @@ static int DetectSslVersionTestParse03(void) PASS; } -#include "stream-tcp-reassemble.h" - -/** \test Send a get request in three chunks + more data. */ -static int DetectSslVersionTestDetect01(void) -{ - Flow f; - uint8_t sslbuf1[] = { 0x16 }; - uint32_t ssllen1 = sizeof(sslbuf1); - uint8_t sslbuf2[] = { 0x03 }; - uint32_t ssllen2 = sizeof(sslbuf2); - uint8_t sslbuf3[] = { 0x01 }; - uint32_t ssllen3 = sizeof(sslbuf3); - uint8_t sslbuf4[] = { 0x01, 0x00, 0x00, 0xad, 0x03, 0x01 }; - uint32_t ssllen4 = sizeof(sslbuf4); - TcpSession ssn; - Packet *p = NULL; - Signature *s = NULL; - ThreadVars th_v; - DetectEngineThreadCtx *det_ctx = NULL; - AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); - - memset(&th_v, 0, sizeof(th_v)); - memset(&f, 0, sizeof(f)); - memset(&ssn, 0, sizeof(ssn)); - - p = UTHBuildPacket(NULL, 0, IPPROTO_TCP); - - FLOW_INITIALIZE(&f); - f.protoctx = (void *)&ssn; - f.proto = IPPROTO_TCP; - p->flow = &f; - p->flowflags |= FLOW_PKT_TOSERVER; - p->flowflags |= FLOW_PKT_ESTABLISHED; - p->flags |= PKT_HAS_FLOW | PKT_STREAM_EST; - f.alproto = ALPROTO_TLS; - - StreamTcpInitConfig(true); - - DetectEngineCtx *de_ctx = DetectEngineCtxInit(); - FAIL_IF_NULL(de_ctx); - - de_ctx->flags |= DE_QUIET; - - s = de_ctx->sig_list = SigInit(de_ctx,"alert tls any any -> any any (msg:\"TLS\"; ssl_version:tls1.0; sid:1;)"); - FAIL_IF_NULL(s); - - SigGroupBuild(de_ctx); - DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); - - int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, - STREAM_TOSERVER, sslbuf1, ssllen1); - FAIL_IF(r != 0); - - r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, - sslbuf2, ssllen2); - FAIL_IF(r != 0); - - r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, - sslbuf3, ssllen3); - FAIL_IF(r != 0); - - r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, - sslbuf4, ssllen4); - FAIL_IF(r != 0); - - SSLState *app_state = f.alstate; - FAIL_IF_NULL(app_state); - - FAIL_IF(app_state->client_connp.content_type != 0x16); - - FAIL_IF(app_state->client_connp.version != TLS_VERSION_10); - - SCLogDebug("app_state is at %p, app_state->server_connp.version 0x%02X app_state->client_connp.version 0x%02X", - app_state, app_state->server_connp.version, app_state->client_connp.version); - - /* do detect */ - SigMatchSignatures(&th_v, de_ctx, det_ctx, p); - - FAIL_IF_NOT(PacketAlertCheck(p, 1)); - - AppLayerParserThreadCtxFree(alp_tctx); - DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx); - DetectEngineCtxFree(de_ctx); - - StreamTcpFreeConfig(true); - FLOW_DESTROY(&f); - - UTHFreePackets(&p, 1); - - PASS; -} - -static int DetectSslVersionTestDetect02(void) -{ - Flow f; - uint8_t sslbuf1[] = { 0x16 }; - uint32_t ssllen1 = sizeof(sslbuf1); - uint8_t sslbuf2[] = { 0x03 }; - uint32_t ssllen2 = sizeof(sslbuf2); - uint8_t sslbuf3[] = { 0x01 }; - uint32_t ssllen3 = sizeof(sslbuf3); - uint8_t sslbuf4[] = { 0x01, 0x00, 0x00, 0xad, 0x03, 0x02 }; - uint32_t ssllen4 = sizeof(sslbuf4); - TcpSession ssn; - Packet *p = NULL; - Signature *s = NULL; - ThreadVars th_v; - DetectEngineThreadCtx *det_ctx = NULL; - AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); - - memset(&th_v, 0, sizeof(th_v)); - memset(&f, 0, sizeof(f)); - memset(&ssn, 0, sizeof(ssn)); - - p = UTHBuildPacket(NULL, 0, IPPROTO_TCP); - - FLOW_INITIALIZE(&f); - f.protoctx = (void *)&ssn; - f.proto = IPPROTO_TCP; - p->flow = &f; - p->flowflags |= FLOW_PKT_TOSERVER; - p->flowflags |= FLOW_PKT_ESTABLISHED; - p->flags |= PKT_HAS_FLOW | PKT_STREAM_EST; - f.alproto = ALPROTO_TLS; - - StreamTcpInitConfig(true); - - DetectEngineCtx *de_ctx = DetectEngineCtxInit(); - FAIL_IF_NULL(de_ctx); - - de_ctx->flags |= DE_QUIET; - - s = de_ctx->sig_list = SigInit(de_ctx,"alert tls any any -> any any (msg:\"TLS\"; ssl_version:tls1.0; sid:1;)"); - FAIL_IF_NULL(s); - - SigGroupBuild(de_ctx); - DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); - - int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, - STREAM_TOSERVER, sslbuf1, ssllen1); - FAIL_IF(r != 0); - - r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, - sslbuf2, ssllen2); - FAIL_IF(r != 0); - - r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, - sslbuf3, ssllen3); - FAIL_IF(r != 0); - - r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, - sslbuf4, ssllen4); - FAIL_IF(r != 0); - - SSLState *app_state = f.alstate; - FAIL_IF_NULL(app_state); - - FAIL_IF(app_state->client_connp.content_type != 0x16); - - FAIL_IF(app_state->client_connp.version != TLS_VERSION_10); - - /* do detect */ - SigMatchSignatures(&th_v, de_ctx, det_ctx, p); - - FAIL_IF_NOT(PacketAlertCheck(p, 1)); - - AppLayerParserThreadCtxFree(alp_tctx); - DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx); - DetectEngineCtxFree(de_ctx); - StreamTcpFreeConfig(true); - FLOW_DESTROY(&f); - UTHFreePackets(&p, 1); - - PASS; -} - /** * \brief this function registers unit tests for DetectSslVersion */ @@ -268,8 +92,4 @@ static void DetectSslVersionRegisterTests(void) UtRegisterTest("DetectSslVersionTestParse01", DetectSslVersionTestParse01); UtRegisterTest("DetectSslVersionTestParse02", DetectSslVersionTestParse02); UtRegisterTest("DetectSslVersionTestParse03", DetectSslVersionTestParse03); - UtRegisterTest("DetectSslVersionTestDetect01", - DetectSslVersionTestDetect01); - UtRegisterTest("DetectSslVersionTestDetect02", - DetectSslVersionTestDetect02); } diff --git a/src/tests/detect-tls-ja3-hash.c b/src/tests/detect-tls-ja3-hash.c deleted file mode 100644 index 1a562fe709..0000000000 --- a/src/tests/detect-tls-ja3-hash.c +++ /dev/null @@ -1,220 +0,0 @@ -/* Copyright (C) 2019 Open Information Security Foundation - * - * You can copy, redistribute or modify this Program under the terms of - * the GNU General Public License version 2 as published by the Free - * Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * version 2 along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA - * 02110-1301, USA. - */ - -/** - * \file - * - * \author Mats Klepsland - * - */ - -#include "detect-engine-build.h" -#include "app-layer-parser.h" - -/** - * \test Test matching on a simple client hello packet - */ -static int DetectTlsJa3HashTest01(void) -{ - /* Client hello */ - uint8_t buf[] = { 0x16, 0x03, 0x03, 0x00, 0x84, 0x01, 0x00, 0x00, 0x7E, - 0x03, 0x03, 0x57, 0x04, 0x9F, 0x5D, 0xC9, 0x5C, 0x87, - 0xAE, 0xF2, 0xA7, 0x4A, 0xFC, 0x59, 0x78, 0x23, 0x31, - 0x61, 0x2D, 0x29, 0x92, 0xB6, 0x70, 0xA5, 0xA1, 0xFC, - 0x0E, 0x79, 0xFE, 0xC3, 0x97, 0x37, 0xC0, 0x00, 0x00, - 0x44, 0x00, 0x04, 0x00, 0x05, 0x00, 0x0A, 0x00, 0x0D, - 0x00, 0x10, 0x00, 0x13, 0x00, 0x16, 0x00, 0x2F, 0x00, - 0x30, 0x00, 0x31, 0x00, 0x32, 0x00, 0x33, 0x00, 0x35, - 0x00, 0x36, 0x00, 0x37, 0x00, 0x38, 0x00, 0x39, 0x00, - 0x3C, 0x00, 0x3D, 0x00, 0x3E, 0x00, 0x3F, 0x00, 0x40, - 0x00, 0x41, 0x00, 0x44, 0x00, 0x45, 0x00, 0x66, 0x00, - 0x67, 0x00, 0x68, 0x00, 0x69, 0x00, 0x6A, 0x00, 0x6B, - 0x00, 0x84, 0x00, 0x87, 0x00, 0xFF, 0x01, 0x00, 0x00, - 0x13, 0x00, 0x00, 0x00, 0x0F, 0x00, 0x0D, 0x00, 0x00, - 0x0A, 0x67, 0x6F, 0x6F, 0x67, 0x6C, 0x65, 0x2E, 0x63, - 0x6F, 0x6D, }; - - - Flow f; - SSLState *ssl_state = NULL; - Packet *p = NULL; - ThreadVars tv; - DetectEngineThreadCtx *det_ctx = NULL; - TcpSession ssn; - AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); - - memset(&tv, 0, sizeof(ThreadVars)); - memset(&f, 0, sizeof(Flow)); - memset(&ssn, 0, sizeof(TcpSession)); - - p = UTHBuildPacketReal(buf, sizeof(buf), IPPROTO_TCP, - "192.168.1.5", "192.168.1.1", - 41424, 443); - - FLOW_INITIALIZE(&f); - f.protoctx = (void *)&ssn; - f.flags |= FLOW_IPV4; - f.proto = IPPROTO_TCP; - f.protomap = FlowGetProtoMapping(f.proto); - - p->flow = &f; - p->flags |= PKT_HAS_FLOW|PKT_STREAM_EST; - p->flowflags |= FLOW_PKT_TOSERVER|FLOW_PKT_ESTABLISHED; - f.alproto = ALPROTO_TLS; - - StreamTcpInitConfig(true); - - DetectEngineCtx *de_ctx = DetectEngineCtxInit(); - FAIL_IF_NULL(de_ctx); - - de_ctx->mpm_matcher = mpm_default_matcher; - de_ctx->flags |= DE_QUIET; - - Signature *s = DetectEngineAppendSig(de_ctx, "alert tls any any -> any any " - "(msg:\"Test ja3.hash\"; ja3.hash; " - "content:\"e7eca2baf4458d095b7f45da28c16c34\"; " - "sid:1;)"); - FAIL_IF_NULL(s); - - SigGroupBuild(de_ctx); - DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); - - int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, - STREAM_TOSERVER, buf, sizeof(buf)); - FAIL_IF(r != 0); - - ssl_state = f.alstate; - FAIL_IF_NULL(ssl_state); - - FAIL_IF_NULL(ssl_state->client_connp.ja3_hash); - - SigMatchSignatures(&tv, de_ctx, det_ctx, p); - - FAIL_IF_NOT(PacketAlertCheck(p, 1)); - - AppLayerParserThreadCtxFree(alp_tctx); - DetectEngineThreadCtxDeinit(&tv, det_ctx); - DetectEngineCtxFree(de_ctx); - - StreamTcpFreeConfig(true); - FLOW_DESTROY(&f); - UTHFreePacket(p); - - PASS; -} - -/** - * \test Test matching on a simple client hello packet - */ -static int DetectTlsJa3HashTest02(void) -{ - /* Client hello */ - uint8_t buf[] = { 0x16, 0x03, 0x01, 0x00, 0xc0, 0x01, 0x00, 0x00, 0xbc, - 0x03, 0x03, 0x03, 0xb7, 0x16, 0x16, 0x5a, 0xe7, 0xc1, - 0xbd, 0x46, 0x2f, 0xff, 0xf3, 0x68, 0xb8, 0x6f, 0x6e, - 0x93, 0xdf, 0x06, 0x6a, 0xa7, 0x2d, 0xa0, 0xea, 0x9f, - 0x48, 0xb5, 0xe7, 0x91, 0x20, 0xd7, 0x25, 0x00, 0x00, - 0x1c, 0x0a, 0x0a, 0xc0, 0x2b, 0xc0, 0x2f, 0xc0, 0x2c, - 0xc0, 0x30, 0xcc, 0xa9, 0xcc, 0xa8, 0xc0, 0x13, 0xc0, - 0x14, 0x00, 0x9c, 0x00, 0x9d, 0x00, 0x2f, 0x00, 0x35, - 0x00, 0x0a, 0x01, 0x00, 0x00, 0x77, 0x1a, 0x1a, 0x00, - 0x00, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, - 0x12, 0x00, 0x10, 0x00, 0x00, 0x0d, 0x77, 0x77, 0x77, - 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x6e, - 0x6f, 0x00, 0x17, 0x00, 0x00, 0x00, 0x23, 0x00, 0x00, - 0x00, 0x0d, 0x00, 0x14, 0x00, 0x12, 0x04, 0x03, 0x08, - 0x04, 0x04, 0x01, 0x05, 0x03, 0x08, 0x05, 0x05, 0x01, - 0x08, 0x06, 0x06, 0x01, 0x02, 0x01, 0x00, 0x05, 0x00, - 0x05, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x12, 0x00, - 0x00, 0x00, 0x10, 0x00, 0x0e, 0x00, 0x0c, 0x02, 0x68, - 0x32, 0x08, 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, - 0x31, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x0a, - 0x00, 0x0a, 0x00, 0x08, 0xba, 0xba, 0x00, 0x1d, 0x00, - 0x17, 0x00, 0x18, 0x0a, 0x0a, 0x00, 0x01, 0x00 }; - - Flow f; - SSLState *ssl_state = NULL; - ThreadVars tv; - DetectEngineThreadCtx *det_ctx = NULL; - TcpSession ssn; - AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); - - memset(&tv, 0, sizeof(ThreadVars)); - memset(&f, 0, sizeof(Flow)); - memset(&ssn, 0, sizeof(TcpSession)); - - Packet *p = UTHBuildPacketReal(buf, sizeof(buf), IPPROTO_TCP, - "192.168.1.5", "192.168.1.1", - 41424, 443); - - FLOW_INITIALIZE(&f); - f.protoctx = (void *)&ssn; - f.flags |= FLOW_IPV4; - f.proto = IPPROTO_TCP; - f.protomap = FlowGetProtoMapping(f.proto); - - p->flow = &f; - p->flags |= PKT_HAS_FLOW|PKT_STREAM_EST; - p->flowflags |= FLOW_PKT_TOSERVER|FLOW_PKT_ESTABLISHED; - f.alproto = ALPROTO_TLS; - - StreamTcpInitConfig(true); - - DetectEngineCtx *de_ctx = DetectEngineCtxInit(); - FAIL_IF_NULL(de_ctx); - - de_ctx->mpm_matcher = mpm_default_matcher; - de_ctx->flags |= DE_QUIET; - - Signature *s = DetectEngineAppendSig(de_ctx, "alert tls any any -> any any " - "(msg:\"Test ja3.hash\"; ja3.hash; " - "content:\"bc6c386f480ee97b9d9e52d472b772d8\"; " - "sid:1;)"); - FAIL_IF_NULL(s); - - SigGroupBuild(de_ctx); - DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); - - int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, - STREAM_TOSERVER, buf, sizeof(buf)); - FAIL_IF(r != 0); - - ssl_state = f.alstate; - FAIL_IF_NULL(ssl_state); - - FAIL_IF_NULL(ssl_state->client_connp.ja3_hash); - - SigMatchSignatures(&tv, de_ctx, det_ctx, p); - - FAIL_IF_NOT(PacketAlertCheck(p, 1)); - - AppLayerParserThreadCtxFree(alp_tctx); - DetectEngineThreadCtxDeinit(&tv, det_ctx); - DetectEngineCtxFree(de_ctx); - - StreamTcpFreeConfig(true); - FLOW_DESTROY(&f); - UTHFreePacket(p); - - PASS; -} - -static void DetectTlsJa3HashRegisterTests(void) -{ - UtRegisterTest("DetectTlsJa3HashTest01", DetectTlsJa3HashTest01); - UtRegisterTest("DetectTlsJa3HashTest02", DetectTlsJa3HashTest02); -} diff --git a/src/tests/detect-tls-ja3-string.c b/src/tests/detect-tls-ja3-string.c deleted file mode 100644 index ef3dcef0ff..0000000000 --- a/src/tests/detect-tls-ja3-string.c +++ /dev/null @@ -1,123 +0,0 @@ -/* Copyright (C) 2019 Open Information Security Foundation - * - * You can copy, redistribute or modify this Program under the terms of - * the GNU General Public License version 2 as published by the Free - * Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * version 2 along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA - * 02110-1301, USA. - */ - -/** - * \file - * - * \author Mats Klepsland - * - */ - -#include "detect-engine-build.h" -#include "app-layer-parser.h" - -/** - * \test Test matching on a simple client hello packet - */ -static int DetectTlsJa3StringTest01(void) -{ - /* Client hello */ - uint8_t buf[] = { 0x16, 0x03, 0x03, 0x00, 0x84, 0x01, 0x00, 0x00, 0x7E, - 0x03, 0x03, 0x57, 0x04, 0x9F, 0x5D, 0xC9, 0x5C, 0x87, - 0xAE, 0xF2, 0xA7, 0x4A, 0xFC, 0x59, 0x78, 0x23, 0x31, - 0x61, 0x2D, 0x29, 0x92, 0xB6, 0x70, 0xA5, 0xA1, 0xFC, - 0x0E, 0x79, 0xFE, 0xC3, 0x97, 0x37, 0xC0, 0x00, 0x00, - 0x44, 0x00, 0x04, 0x00, 0x05, 0x00, 0x0A, 0x00, 0x0D, - 0x00, 0x10, 0x00, 0x13, 0x00, 0x16, 0x00, 0x2F, 0x00, - 0x30, 0x00, 0x31, 0x00, 0x32, 0x00, 0x33, 0x00, 0x35, - 0x00, 0x36, 0x00, 0x37, 0x00, 0x38, 0x00, 0x39, 0x00, - 0x3C, 0x00, 0x3D, 0x00, 0x3E, 0x00, 0x3F, 0x00, 0x40, - 0x00, 0x41, 0x00, 0x44, 0x00, 0x45, 0x00, 0x66, 0x00, - 0x67, 0x00, 0x68, 0x00, 0x69, 0x00, 0x6A, 0x00, 0x6B, - 0x00, 0x84, 0x00, 0x87, 0x00, 0xFF, 0x01, 0x00, 0x00, - 0x13, 0x00, 0x00, 0x00, 0x0F, 0x00, 0x0D, 0x00, 0x00, - 0x0A, 0x67, 0x6F, 0x6F, 0x67, 0x6C, 0x65, 0x2E, 0x63, - 0x6F, 0x6D, }; - - - Flow f; - SSLState *ssl_state = NULL; - ThreadVars tv; - DetectEngineThreadCtx *det_ctx = NULL; - TcpSession ssn; - AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); - - memset(&tv, 0, sizeof(ThreadVars)); - memset(&f, 0, sizeof(Flow)); - memset(&ssn, 0, sizeof(TcpSession)); - - Packet *p = UTHBuildPacketReal(buf, sizeof(buf), IPPROTO_TCP, - "192.168.1.5", "192.168.1.1", - 41424, 443); - - FLOW_INITIALIZE(&f); - f.protoctx = (void *)&ssn; - f.flags |= FLOW_IPV4; - f.proto = IPPROTO_TCP; - f.protomap = FlowGetProtoMapping(f.proto); - - p->flow = &f; - p->flags |= PKT_HAS_FLOW|PKT_STREAM_EST; - p->flowflags |= FLOW_PKT_TOSERVER|FLOW_PKT_ESTABLISHED; - f.alproto = ALPROTO_TLS; - - StreamTcpInitConfig(true); - - DetectEngineCtx *de_ctx = DetectEngineCtxInit(); - FAIL_IF_NULL(de_ctx); - - de_ctx->mpm_matcher = mpm_default_matcher; - de_ctx->flags |= DE_QUIET; - - Signature *s = DetectEngineAppendSig(de_ctx, "alert tls any any -> any any " - "(msg:\"Test ja3.string\"; ja3.string; " - "content:\"-65-68-69-102-103-104-105-106-107-132-135-255,0,,\"; " - "sid:1;)"); - FAIL_IF_NULL(s); - - SigGroupBuild(de_ctx); - DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); - - int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, - STREAM_TOSERVER, buf, sizeof(buf)); - FAIL_IF(r != 0); - - ssl_state = f.alstate; - FAIL_IF_NULL(ssl_state); - - FAIL_IF_NULL(ssl_state->client_connp.ja3_str); - FAIL_IF_NULL(ssl_state->client_connp.ja3_str->data); - - SigMatchSignatures(&tv, de_ctx, det_ctx, p); - - FAIL_IF_NOT(PacketAlertCheck(p, 1)); - - AppLayerParserThreadCtxFree(alp_tctx); - DetectEngineThreadCtxDeinit(&tv, det_ctx); - DetectEngineCtxFree(de_ctx); - - StreamTcpFreeConfig(true); - FLOW_DESTROY(&f); - UTHFreePacket(p); - - PASS; -} - -static void DetectTlsJa3StringRegisterTests(void) -{ - UtRegisterTest("DetectTlsJa3StringTest01", DetectTlsJa3StringTest01); -} diff --git a/src/tests/detect-tls-ja3s-hash.c b/src/tests/detect-tls-ja3s-hash.c deleted file mode 100644 index cf9fedec27..0000000000 --- a/src/tests/detect-tls-ja3s-hash.c +++ /dev/null @@ -1,169 +0,0 @@ -/* Copyright (C) 2019 Open Information Security Foundation - * - * You can copy, redistribute or modify this Program under the terms of - * the GNU General Public License version 2 as published by the Free - * Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * version 2 along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA - * 02110-1301, USA. - */ - -/** - * \file - * - * \author Mats Klepsland - * - */ - -#include "detect-engine-build.h" -#include "app-layer-parser.h" - -/** - * \test Test matching on a JA3S hash from a ServerHello record - */ -static int DetectTlsJa3SHashTest01(void) -{ - /* client hello */ - uint8_t client_hello[] = { - 0x16, 0x03, 0x01, 0x00, 0xc8, 0x01, 0x00, 0x00, - 0xc4, 0x03, 0x03, 0xd6, 0x08, 0x5a, 0xa2, 0x86, - 0x5b, 0x85, 0xd4, 0x40, 0xab, 0xbe, 0xc0, 0xbc, - 0x41, 0xf2, 0x26, 0xf0, 0xfe, 0x21, 0xee, 0x8b, - 0x4c, 0x7e, 0x07, 0xc8, 0xec, 0xd2, 0x00, 0x46, - 0x4c, 0xeb, 0xb7, 0x00, 0x00, 0x16, 0xc0, 0x2b, - 0xc0, 0x2f, 0xc0, 0x0a, 0xc0, 0x09, 0xc0, 0x13, - 0xc0, 0x14, 0x00, 0x33, 0x00, 0x39, 0x00, 0x2f, - 0x00, 0x35, 0x00, 0x0a, 0x01, 0x00, 0x00, 0x85, - 0x00, 0x00, 0x00, 0x12, 0x00, 0x10, 0x00, 0x00, - 0x0d, 0x77, 0x77, 0x77, 0x2e, 0x67, 0x6f, 0x6f, - 0x67, 0x6c, 0x65, 0x2e, 0x6e, 0x6f, 0xff, 0x01, - 0x00, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x08, 0x00, - 0x06, 0x00, 0x17, 0x00, 0x18, 0x00, 0x19, 0x00, - 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x23, 0x00, - 0x00, 0x33, 0x74, 0x00, 0x00, 0x00, 0x10, 0x00, - 0x29, 0x00, 0x27, 0x05, 0x68, 0x32, 0x2d, 0x31, - 0x36, 0x05, 0x68, 0x32, 0x2d, 0x31, 0x35, 0x05, - 0x68, 0x32, 0x2d, 0x31, 0x34, 0x02, 0x68, 0x32, - 0x08, 0x73, 0x70, 0x64, 0x79, 0x2f, 0x33, 0x2e, - 0x31, 0x08, 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, - 0x2e, 0x31, 0x00, 0x05, 0x00, 0x05, 0x01, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x16, 0x00, - 0x14, 0x04, 0x01, 0x05, 0x01, 0x06, 0x01, 0x02, - 0x01, 0x04, 0x03, 0x05, 0x03, 0x06, 0x03, 0x02, - 0x03, 0x04, 0x02, 0x02, 0x02 - }; - - /* server hello */ - uint8_t server_hello[] = { - 0x16, 0x03, 0x03, 0x00, 0x48, 0x02, 0x00, 0x00, - 0x44, 0x03, 0x03, 0x57, 0x91, 0xb8, 0x63, 0xdd, - 0xdb, 0xbb, 0x23, 0xcf, 0x0b, 0x43, 0x02, 0x1d, - 0x46, 0x11, 0x27, 0x5c, 0x98, 0xcf, 0x67, 0xe1, - 0x94, 0x3d, 0x62, 0x7d, 0x38, 0x48, 0x21, 0x23, - 0xa5, 0x62, 0x31, 0x00, 0xc0, 0x2f, 0x00, 0x00, - 0x1c, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x10, - 0x00, 0x05, 0x00, 0x03, 0x02, 0x68, 0x32, 0x00, - 0x0b, 0x00, 0x02, 0x01, 0x00 - }; - - Flow f; - SSLState *ssl_state = NULL; - TcpSession ssn; - Packet *p1 = NULL; - Packet *p2 = NULL; - ThreadVars tv; - DetectEngineThreadCtx *det_ctx = NULL; - AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); - - memset(&tv, 0, sizeof(ThreadVars)); - memset(&f, 0, sizeof(Flow)); - memset(&ssn, 0, sizeof(TcpSession)); - - p1 = UTHBuildPacketReal(client_hello, sizeof(client_hello), IPPROTO_TCP, - "192.168.1.5", "192.168.1.1", 51251, 443); - p2 = UTHBuildPacketReal(server_hello, sizeof(server_hello), IPPROTO_TCP, - "192.168.1.1", "192.168.1.5", 443, 51251); - - FLOW_INITIALIZE(&f); - f.flags |= FLOW_IPV4; - f.proto = IPPROTO_TCP; - f.protomap = FlowGetProtoMapping(f.proto); - f.alproto = ALPROTO_TLS; - - p1->flow = &f; - p1->flags |= PKT_HAS_FLOW | PKT_STREAM_EST; - p1->flowflags |= FLOW_PKT_TOSERVER; - p1->flowflags |= FLOW_PKT_ESTABLISHED; - p1->pcap_cnt = 1; - - p2->flow = &f; - p2->flags |= PKT_HAS_FLOW | PKT_STREAM_EST; - p2->flowflags |= FLOW_PKT_TOCLIENT; - p2->flowflags |= FLOW_PKT_ESTABLISHED; - p2->pcap_cnt = 2; - - StreamTcpInitConfig(true); - - DetectEngineCtx *de_ctx = DetectEngineCtxInit(); - FAIL_IF_NULL(de_ctx); - - de_ctx->mpm_matcher = mpm_default_matcher; - de_ctx->flags |= DE_QUIET; - - Signature *s = DetectEngineAppendSig(de_ctx, "alert tls any any -> any any " - "(msg:\"Test ja3s.hash\"; " - "ja3s.hash; " - "content:\"8217013c502e3461d19c75bb02a12aaf\"; " - "sid:1;)"); - FAIL_IF_NULL(s); - - SigGroupBuild(de_ctx); - DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); - - int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, - STREAM_TOSERVER, client_hello, - sizeof(client_hello)); - - FAIL_IF(r != 0); - - ssl_state = f.alstate; - FAIL_IF_NULL(ssl_state); - - SigMatchSignatures(&tv, de_ctx, det_ctx, p1); - - FAIL_IF(PacketAlertCheck(p1, 1)); - - r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, STREAM_TOCLIENT, - server_hello, sizeof(server_hello)); - - FAIL_IF(r != 0); - - FAIL_IF_NULL(ssl_state->server_connp.ja3_hash); - - SigMatchSignatures(&tv, de_ctx, det_ctx, p2); - - FAIL_IF_NOT(PacketAlertCheck(p2, 1)); - - AppLayerParserThreadCtxFree(alp_tctx); - DetectEngineThreadCtxDeinit(&tv, det_ctx); - DetectEngineCtxFree(de_ctx); - StreamTcpFreeConfig(true); - FLOW_DESTROY(&f); - UTHFreePacket(p1); - UTHFreePacket(p2); - - PASS; -} - -void DetectTlsJa3SHashRegisterTests(void) -{ - UtRegisterTest("DetectTlsJa3SHashTest01", DetectTlsJa3SHashTest01); -} diff --git a/src/tests/detect-tls-ja3s-string.c b/src/tests/detect-tls-ja3s-string.c deleted file mode 100644 index e61ccb7bd3..0000000000 --- a/src/tests/detect-tls-ja3s-string.c +++ /dev/null @@ -1,162 +0,0 @@ -/* Copyright (C) 2019 Open Information Security Foundation - * - * You can copy, redistribute or modify this Program under the terms of - * the GNU General Public License version 2 as published by the Free - * Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * version 2 along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA - * 02110-1301, USA. - */ - -#include "detect-engine-build.h" -#include "app-layer-parser.h" - -/** - * \test Test matching on a simple client hello packet - */ -static int DetectTlsJa3SStringTest01(void) -{ - /* client hello */ - uint8_t client_hello[] = { - 0x16, 0x03, 0x01, 0x00, 0xc8, 0x01, 0x00, 0x00, - 0xc4, 0x03, 0x03, 0xd6, 0x08, 0x5a, 0xa2, 0x86, - 0x5b, 0x85, 0xd4, 0x40, 0xab, 0xbe, 0xc0, 0xbc, - 0x41, 0xf2, 0x26, 0xf0, 0xfe, 0x21, 0xee, 0x8b, - 0x4c, 0x7e, 0x07, 0xc8, 0xec, 0xd2, 0x00, 0x46, - 0x4c, 0xeb, 0xb7, 0x00, 0x00, 0x16, 0xc0, 0x2b, - 0xc0, 0x2f, 0xc0, 0x0a, 0xc0, 0x09, 0xc0, 0x13, - 0xc0, 0x14, 0x00, 0x33, 0x00, 0x39, 0x00, 0x2f, - 0x00, 0x35, 0x00, 0x0a, 0x01, 0x00, 0x00, 0x85, - 0x00, 0x00, 0x00, 0x12, 0x00, 0x10, 0x00, 0x00, - 0x0d, 0x77, 0x77, 0x77, 0x2e, 0x67, 0x6f, 0x6f, - 0x67, 0x6c, 0x65, 0x2e, 0x6e, 0x6f, 0xff, 0x01, - 0x00, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x08, 0x00, - 0x06, 0x00, 0x17, 0x00, 0x18, 0x00, 0x19, 0x00, - 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x23, 0x00, - 0x00, 0x33, 0x74, 0x00, 0x00, 0x00, 0x10, 0x00, - 0x29, 0x00, 0x27, 0x05, 0x68, 0x32, 0x2d, 0x31, - 0x36, 0x05, 0x68, 0x32, 0x2d, 0x31, 0x35, 0x05, - 0x68, 0x32, 0x2d, 0x31, 0x34, 0x02, 0x68, 0x32, - 0x08, 0x73, 0x70, 0x64, 0x79, 0x2f, 0x33, 0x2e, - 0x31, 0x08, 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, - 0x2e, 0x31, 0x00, 0x05, 0x00, 0x05, 0x01, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x16, 0x00, - 0x14, 0x04, 0x01, 0x05, 0x01, 0x06, 0x01, 0x02, - 0x01, 0x04, 0x03, 0x05, 0x03, 0x06, 0x03, 0x02, - 0x03, 0x04, 0x02, 0x02, 0x02 - }; - - /* server hello */ - uint8_t server_hello[] = { - 0x16, 0x03, 0x03, 0x00, 0x48, 0x02, 0x00, 0x00, - 0x44, 0x03, 0x03, 0x57, 0x91, 0xb8, 0x63, 0xdd, - 0xdb, 0xbb, 0x23, 0xcf, 0x0b, 0x43, 0x02, 0x1d, - 0x46, 0x11, 0x27, 0x5c, 0x98, 0xcf, 0x67, 0xe1, - 0x94, 0x3d, 0x62, 0x7d, 0x38, 0x48, 0x21, 0x23, - 0xa5, 0x62, 0x31, 0x00, 0xc0, 0x2f, 0x00, 0x00, - 0x1c, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x10, - 0x00, 0x05, 0x00, 0x03, 0x02, 0x68, 0x32, 0x00, - 0x0b, 0x00, 0x02, 0x01, 0x00 - }; - - Flow f; - SSLState *ssl_state = NULL; - TcpSession ssn; - Packet *p1 = NULL; - Packet *p2 = NULL; - ThreadVars tv; - DetectEngineThreadCtx *det_ctx = NULL; - AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); - - memset(&tv, 0, sizeof(ThreadVars)); - memset(&f, 0, sizeof(Flow)); - memset(&ssn, 0, sizeof(TcpSession)); - - p1 = UTHBuildPacketReal(client_hello, sizeof(client_hello), IPPROTO_TCP, - "192.168.1.5", "192.168.1.1", 51251, 443); - p2 = UTHBuildPacketReal(server_hello, sizeof(server_hello), IPPROTO_TCP, - "192.168.1.1", "192.168.1.5", 443, 51251); - - FLOW_INITIALIZE(&f); - f.flags |= FLOW_IPV4; - f.proto = IPPROTO_TCP; - f.protomap = FlowGetProtoMapping(f.proto); - f.alproto = ALPROTO_TLS; - - p1->flow = &f; - p1->flags |= PKT_HAS_FLOW | PKT_STREAM_EST; - p1->flowflags |= FLOW_PKT_TOSERVER; - p1->flowflags |= FLOW_PKT_ESTABLISHED; - p1->pcap_cnt = 1; - - p2->flow = &f; - p2->flags |= PKT_HAS_FLOW | PKT_STREAM_EST; - p2->flowflags |= FLOW_PKT_TOCLIENT; - p2->flowflags |= FLOW_PKT_ESTABLISHED; - p2->pcap_cnt = 2; - - StreamTcpInitConfig(true); - - DetectEngineCtx *de_ctx = DetectEngineCtxInit(); - FAIL_IF_NULL(de_ctx); - - de_ctx->mpm_matcher = mpm_default_matcher; - de_ctx->flags |= DE_QUIET; - - Signature *s = DetectEngineAppendSig(de_ctx, "alert tls any any -> any any " - "(msg:\"Test ja3s_hash\"; " - "ja3s.string; " - "content:\"771,49199,65281-0-35-16-11\"; " - "sid:1;)"); - FAIL_IF_NULL(s); - - SigGroupBuild(de_ctx); - DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); - - int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, - STREAM_TOSERVER, client_hello, - sizeof(client_hello)); - - FAIL_IF(r != 0); - - ssl_state = f.alstate; - FAIL_IF_NULL(ssl_state); - - SigMatchSignatures(&tv, de_ctx, det_ctx, p1); - - FAIL_IF(PacketAlertCheck(p1, 1)); - - r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, STREAM_TOCLIENT, - server_hello, sizeof(server_hello)); - - FAIL_IF(r != 0); - - FAIL_IF_NULL(ssl_state->server_connp.ja3_str); - - SigMatchSignatures(&tv, de_ctx, det_ctx, p2); - - FAIL_IF_NOT(PacketAlertCheck(p2, 1)); - - AppLayerParserThreadCtxFree(alp_tctx); - DetectEngineThreadCtxDeinit(&tv, det_ctx); - DetectEngineCtxFree(de_ctx); - StreamTcpFreeConfig(true); - FLOW_DESTROY(&f); - UTHFreePacket(p1); - UTHFreePacket(p2); - - PASS; -} - -static void DetectTlsJa3SStringRegisterTests(void) -{ - UtRegisterTest("DetectTlsJa3SStringTest01", DetectTlsJa3SStringTest01); -} diff --git a/src/tests/detect-tls-sni.c b/src/tests/detect-tls-sni.c deleted file mode 100644 index a9b45e894e..0000000000 --- a/src/tests/detect-tls-sni.c +++ /dev/null @@ -1,216 +0,0 @@ -/* Copyright (C) 2007-2019 Open Information Security Foundation - * - * You can copy, redistribute or modify this Program under the terms of - * the GNU General Public License version 2 as published by the Free - * Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * version 2 along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA - * 02110-1301, USA. - */ - -/** - * \file - * - * \author Mats Klepsland - * - */ - -#include "detect-engine-build.h" -#include "app-layer-parser.h" - -/** - * \test Test matching on a simple google.com SNI - */ -static int DetectTlsSniTest01(void) -{ - /* client hello */ - uint8_t buf[] = { 0x16, 0x03, 0x03, 0x00, 0x84, 0x01, 0x00, 0x00, 0x7E, - 0x03, 0x03, 0x57, 0x04, 0x9F, 0x5D, 0xC9, 0x5C, 0x87, - 0xAE, 0xF2, 0xA7, 0x4A, 0xFC, 0x59, 0x78, 0x23, 0x31, - 0x61, 0x2D, 0x29, 0x92, 0xB6, 0x70, 0xA5, 0xA1, 0xFC, - 0x0E, 0x79, 0xFE, 0xC3, 0x97, 0x37, 0xC0, 0x00, 0x00, - 0x44, 0x00, 0x04, 0x00, 0x05, 0x00, 0x0A, 0x00, 0x0D, - 0x00, 0x10, 0x00, 0x13, 0x00, 0x16, 0x00, 0x2F, 0x00, - 0x30, 0x00, 0x31, 0x00, 0x32, 0x00, 0x33, 0x00, 0x35, - 0x00, 0x36, 0x00, 0x37, 0x00, 0x38, 0x00, 0x39, 0x00, - 0x3C, 0x00, 0x3D, 0x00, 0x3E, 0x00, 0x3F, 0x00, 0x40, - 0x00, 0x41, 0x00, 0x44, 0x00, 0x45, 0x00, 0x66, 0x00, - 0x67, 0x00, 0x68, 0x00, 0x69, 0x00, 0x6A, 0x00, 0x6B, - 0x00, 0x84, 0x00, 0x87, 0x00, 0xFF, 0x01, 0x00, 0x00, - 0x13, 0x00, 0x00, 0x00, 0x0F, 0x00, 0x0D, 0x00, 0x00, - 0x0A, 0x67, 0x6F, 0x6F, 0x67, 0x6C, 0x65, 0x2E, 0x63, - 0x6F, 0x6D, }; - - Flow f; - SSLState *ssl_state = NULL; - ThreadVars tv; - DetectEngineThreadCtx *det_ctx = NULL; - TcpSession ssn; - AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); - - memset(&tv, 0, sizeof(ThreadVars)); - memset(&f, 0, sizeof(Flow)); - memset(&ssn, 0, sizeof(TcpSession)); - - Packet *p = UTHBuildPacketReal(buf, sizeof(buf), IPPROTO_TCP, - "192.168.1.5", "192.168.1.1", - 41424, 443); - - FLOW_INITIALIZE(&f); - f.protoctx = (void *)&ssn; - f.flags |= FLOW_IPV4; - f.proto = IPPROTO_TCP; - f.protomap = FlowGetProtoMapping(f.proto); - - p->flow = &f; - p->flags |= PKT_HAS_FLOW|PKT_STREAM_EST; - p->flowflags |= FLOW_PKT_TOSERVER|FLOW_PKT_ESTABLISHED; - f.alproto = ALPROTO_TLS; - - StreamTcpInitConfig(true); - - DetectEngineCtx *de_ctx = DetectEngineCtxInit(); - FAIL_IF_NULL(de_ctx); - - de_ctx->mpm_matcher = mpm_default_matcher; - de_ctx->flags |= DE_QUIET; - - Signature *s = DetectEngineAppendSig(de_ctx, "alert tls any any -> any any " - "(msg:\"Test tls.sni option\"; " - "tls.sni; content:\"google.com\"; sid:1;)"); - FAIL_IF_NULL(s); - - SigGroupBuild(de_ctx); - DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); - - int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, - STREAM_TOSERVER, buf, sizeof(buf)); - FAIL_IF(r != 0); - - ssl_state = f.alstate; - FAIL_IF_NULL(ssl_state); - - /* do detect */ - SigMatchSignatures(&tv, de_ctx, det_ctx, p); - - FAIL_IF_NOT(PacketAlertCheck(p, 1)); - - AppLayerParserThreadCtxFree(alp_tctx); - DetectEngineThreadCtxDeinit(&tv, det_ctx); - DetectEngineCtxFree(de_ctx); - - StreamTcpFreeConfig(true); - FLOW_DESTROY(&f); - UTHFreePacket(p); - - PASS; -} - -/** - * \test Test matching on a simple google.com SNI with pcre - */ -static int DetectTlsSniTest02(void) -{ - /* client hello */ - uint8_t buf[] = { 0x16, 0x03, 0x03, 0x00, 0x84, 0x01, 0x00, 0x00, 0x7E, - 0x03, 0x03, 0x57, 0x04, 0x9F, 0x5D, 0xC9, 0x5C, 0x87, - 0xAE, 0xF2, 0xA7, 0x4A, 0xFC, 0x59, 0x78, 0x23, 0x31, - 0x61, 0x2D, 0x29, 0x92, 0xB6, 0x70, 0xA5, 0xA1, 0xFC, - 0x0E, 0x79, 0xFE, 0xC3, 0x97, 0x37, 0xC0, 0x00, 0x00, - 0x44, 0x00, 0x04, 0x00, 0x05, 0x00, 0x0A, 0x00, 0x0D, - 0x00, 0x10, 0x00, 0x13, 0x00, 0x16, 0x00, 0x2F, 0x00, - 0x30, 0x00, 0x31, 0x00, 0x32, 0x00, 0x33, 0x00, 0x35, - 0x00, 0x36, 0x00, 0x37, 0x00, 0x38, 0x00, 0x39, 0x00, - 0x3C, 0x00, 0x3D, 0x00, 0x3E, 0x00, 0x3F, 0x00, 0x40, - 0x00, 0x41, 0x00, 0x44, 0x00, 0x45, 0x00, 0x66, 0x00, - 0x67, 0x00, 0x68, 0x00, 0x69, 0x00, 0x6A, 0x00, 0x6B, - 0x00, 0x84, 0x00, 0x87, 0x00, 0xFF, 0x01, 0x00, 0x00, - 0x13, 0x00, 0x00, 0x00, 0x0F, 0x00, 0x0D, 0x00, 0x00, - 0x0A, 0x67, 0x6F, 0x6F, 0x67, 0x6C, 0x65, 0x2E, 0x63, - 0x6F, 0x6D, }; - - Flow f; - SSLState *ssl_state = NULL; - ThreadVars tv; - DetectEngineThreadCtx *det_ctx = NULL; - TcpSession ssn; - AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); - - memset(&tv, 0, sizeof(ThreadVars)); - memset(&f, 0, sizeof(Flow)); - memset(&ssn, 0, sizeof(TcpSession)); - - Packet *p = UTHBuildPacketReal(buf, sizeof(buf), IPPROTO_TCP, - "192.168.1.5", "192.168.1.1", - 41424, 443); - - FLOW_INITIALIZE(&f); - f.protoctx = (void *)&ssn; - f.flags |= FLOW_IPV4; - f.proto = IPPROTO_TCP; - f.protomap = FlowGetProtoMapping(f.proto); - - p->flow = &f; - p->flags |= PKT_HAS_FLOW|PKT_STREAM_EST; - p->flowflags |= FLOW_PKT_TOSERVER|FLOW_PKT_ESTABLISHED; - f.alproto = ALPROTO_TLS; - - StreamTcpInitConfig(true); - - DetectEngineCtx *de_ctx = DetectEngineCtxInit(); - FAIL_IF_NULL(de_ctx); - - de_ctx->mpm_matcher = mpm_default_matcher; - de_ctx->flags |= DE_QUIET; - - Signature *s = DetectEngineAppendSig(de_ctx, "alert tls any any -> any any " - "(msg:\"Test tls.sni option\"; " - "tls.sni; content:\"google\"; nocase; " - "pcre:\"/google\\.com$/i\"; sid:1;)"); - FAIL_IF_NULL(s); - - s = DetectEngineAppendSig(de_ctx, "alert tls any any -> any any " - "(msg:\"Test tls.sni option\"; " - "tls.sni; content:\"google\"; nocase; " - "pcre:\"/^\\.[a-z]{2,3}$/iR\"; sid:2;)"); - FAIL_IF_NULL(s); - - SigGroupBuild(de_ctx); - DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); - - int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, - STREAM_TOSERVER, buf, sizeof(buf)); - FAIL_IF(r != 0); - - ssl_state = f.alstate; - FAIL_IF_NULL(ssl_state); - - /* do detect */ - SigMatchSignatures(&tv, de_ctx, det_ctx, p); - - FAIL_IF_NOT(PacketAlertCheck(p, 1)); - FAIL_IF_NOT(PacketAlertCheck(p, 2)); - - AppLayerParserThreadCtxFree(alp_tctx); - DetectEngineThreadCtxDeinit(&tv, det_ctx); - DetectEngineCtxFree(de_ctx); - - StreamTcpFreeConfig(true); - FLOW_DESTROY(&f); - UTHFreePacket(p); - - PASS; -} - -static void DetectTlsSniRegisterTests(void) -{ - UtRegisterTest("DetectTlsSniTest01", DetectTlsSniTest01); - UtRegisterTest("DetectTlsSniTest02", DetectTlsSniTest02); -} diff --git a/src/tests/detect-tls-version.c b/src/tests/detect-tls-version.c index a0a42909d4..3f55faa89c 100644 --- a/src/tests/detect-tls-version.c +++ b/src/tests/detect-tls-version.c @@ -53,192 +53,6 @@ static int DetectTlsVersionTestParse02 (void) PASS; } -#include "stream-tcp-reassemble.h" - -/** \test Send a get request in three chunks + more data. */ -static int DetectTlsVersionTestDetect01(void) -{ - Flow f; - uint8_t tlsbuf1[] = { 0x16 }; - uint32_t tlslen1 = sizeof(tlsbuf1); - uint8_t tlsbuf2[] = { 0x03 }; - uint32_t tlslen2 = sizeof(tlsbuf2); - uint8_t tlsbuf3[] = { 0x01 }; - uint32_t tlslen3 = sizeof(tlsbuf3); - uint8_t tlsbuf4[] = { 0x01, 0x00, 0x00, 0xad, 0x03, 0x01 }; - uint32_t tlslen4 = sizeof(tlsbuf4); - TcpSession ssn; - Packet *p = NULL; - Signature *s = NULL; - ThreadVars th_v; - DetectEngineThreadCtx *det_ctx = NULL; - AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); - - memset(&th_v, 0, sizeof(th_v)); - memset(&f, 0, sizeof(f)); - memset(&ssn, 0, sizeof(ssn)); - - p = UTHBuildPacket(NULL, 0, IPPROTO_TCP); - - FLOW_INITIALIZE(&f); - f.protoctx = (void *)&ssn; - f.proto = IPPROTO_TCP; - p->flow = &f; - p->flowflags |= FLOW_PKT_TOSERVER; - p->flowflags |= FLOW_PKT_ESTABLISHED; - p->flags |= PKT_HAS_FLOW|PKT_STREAM_EST; - f.alproto = ALPROTO_TLS; - - StreamTcpInitConfig(true); - - DetectEngineCtx *de_ctx = DetectEngineCtxInit(); - FAIL_IF_NULL(de_ctx); - - de_ctx->flags |= DE_QUIET; - - s = de_ctx->sig_list = SigInit(de_ctx,"alert tls any any -> any any (msg:\"TLS\"; tls.version:1.0; sid:1;)"); - FAIL_IF_NULL(s); - - SigGroupBuild(de_ctx); - DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); - - int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, - STREAM_TOSERVER, tlsbuf1, tlslen1); - FAIL_IF(r != 0); - - r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, - tlsbuf2, tlslen2); - FAIL_IF(r != 0); - - r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, - tlsbuf3, tlslen3); - FAIL_IF(r != 0); - - r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, - tlsbuf4, tlslen4); - FAIL_IF(r != 0); - - SSLState *ssl_state = f.alstate; - FAIL_IF_NULL(ssl_state); - - FAIL_IF(ssl_state->client_connp.content_type != 0x16); - - FAIL_IF(ssl_state->client_connp.version != TLS_VERSION_10); - - SCLogDebug("ssl_state is at %p, ssl_state->server_version 0x%02X " - "ssl_state->client_version 0x%02X", - ssl_state, ssl_state->server_connp.version, - ssl_state->client_connp.version); - - /* do detect */ - SigMatchSignatures(&th_v, de_ctx, det_ctx, p); - - FAIL_IF_NOT(PacketAlertCheck(p, 1)); - - AppLayerParserThreadCtxFree(alp_tctx); - SigGroupCleanup(de_ctx); - SigCleanSignatures(de_ctx); - - DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx); - DetectEngineCtxFree(de_ctx); - - StreamTcpFreeConfig(true); - FLOW_DESTROY(&f); - - UTHFreePackets(&p, 1); - - PASS; -} - -static int DetectTlsVersionTestDetect02(void) -{ - Flow f; - uint8_t tlsbuf1[] = { 0x16 }; - uint32_t tlslen1 = sizeof(tlsbuf1); - uint8_t tlsbuf2[] = { 0x03 }; - uint32_t tlslen2 = sizeof(tlsbuf2); - uint8_t tlsbuf3[] = { 0x01 }; - uint32_t tlslen3 = sizeof(tlsbuf3); - uint8_t tlsbuf4[] = { 0x01, 0x00, 0x00, 0xad, 0x03, 0x02 }; - uint32_t tlslen4 = sizeof(tlsbuf4); - TcpSession ssn; - Packet *p = NULL; - Signature *s = NULL; - ThreadVars th_v; - DetectEngineThreadCtx *det_ctx = NULL; - AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); - - memset(&th_v, 0, sizeof(th_v)); - memset(&f, 0, sizeof(f)); - memset(&ssn, 0, sizeof(ssn)); - - p = UTHBuildPacket(NULL, 0, IPPROTO_TCP); - - FLOW_INITIALIZE(&f); - f.protoctx = (void *)&ssn; - f.proto = IPPROTO_TCP; - p->flow = &f; - p->flowflags |= FLOW_PKT_TOSERVER; - p->flowflags |= FLOW_PKT_ESTABLISHED; - p->flags |= PKT_HAS_FLOW|PKT_STREAM_EST; - f.alproto = ALPROTO_TLS; - - StreamTcpInitConfig(true); - - DetectEngineCtx *de_ctx = DetectEngineCtxInit(); - FAIL_IF_NULL(de_ctx); - - de_ctx->flags |= DE_QUIET; - - s = de_ctx->sig_list = SigInit(de_ctx,"alert tls any any -> any any (msg:\"TLS\"; tls.version:1.0; sid:1;)"); - FAIL_IF_NULL(s); - - SigGroupBuild(de_ctx); - DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); - - int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, - STREAM_TOSERVER, tlsbuf1, tlslen1); - FAIL_IF(r != 0); - - r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, - tlsbuf2, tlslen2); - FAIL_IF(r != 0); - - r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, - tlsbuf3, tlslen3); - FAIL_IF(r != 0); - - r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, - tlsbuf4, tlslen4); - FAIL_IF(r != 0); - - SSLState *ssl_state = f.alstate; - FAIL_IF_NULL(ssl_state); - - FAIL_IF(ssl_state->client_connp.content_type != 0x16); - - FAIL_IF(ssl_state->client_connp.version != TLS_VERSION_10); - - /* do detect */ - SigMatchSignatures(&th_v, de_ctx, det_ctx, p); - - FAIL_IF_NOT(PacketAlertCheck(p, 1)); - - AppLayerParserThreadCtxFree(alp_tctx); - SigGroupCleanup(de_ctx); - SigCleanSignatures(de_ctx); - - DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx); - DetectEngineCtxFree(de_ctx); - - StreamTcpFreeConfig(true); - FLOW_DESTROY(&f); - - UTHFreePackets(&p, 1); - - PASS; -} - /** * \brief this function registers unit tests for DetectTlsVersion */ @@ -246,8 +60,4 @@ static void DetectTlsVersionRegisterTests(void) { UtRegisterTest("DetectTlsVersionTestParse01", DetectTlsVersionTestParse01); UtRegisterTest("DetectTlsVersionTestParse02", DetectTlsVersionTestParse02); - UtRegisterTest("DetectTlsVersionTestDetect01", - DetectTlsVersionTestDetect01); - UtRegisterTest("DetectTlsVersionTestDetect02", - DetectTlsVersionTestDetect02); }