From: Vadym Malakhatko Date: Tue, 30 Jun 2020 11:14:52 +0000 (+0300) Subject: lua: add functions to get hassh parameters X-Git-Tag: suricata-6.0.0-beta1~254 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8a8212d0f663ad990e94f8b502ce94cb27ac6343;p=thirdparty%2Fsuricata.git lua: add functions to get hassh parameters --- diff --git a/src/Makefile.am b/src/Makefile.am index 1e84d85955..2b1bf986c2 100755 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -480,6 +480,7 @@ util-lua-http.c util-lua-http.h \ util-lua-ja3.c util-lua-ja3.h \ util-lua-tls.c util-lua-tls.h \ util-lua-ssh.c util-lua-ssh.h \ +util-lua-hassh.c util-lua-hassh.h \ util-lua-smtp.c util-lua-smtp.h \ util-magic.c util-magic.h \ util-memcmp.c util-memcmp.h \ diff --git a/src/detect-lua-extensions.c b/src/detect-lua-extensions.c index b9b38a74e6..e298d71a49 100644 --- a/src/detect-lua-extensions.c +++ b/src/detect-lua-extensions.c @@ -69,6 +69,7 @@ #include "util-lua-ja3.h" #include "util-lua-tls.h" #include "util-lua-ssh.h" +#include "util-lua-hassh.h" #include "util-lua-smtp.h" #include "util-lua-dnp3.h" #include "detect-lua-extensions.h" @@ -536,6 +537,7 @@ int LuaRegisterExtensions(lua_State *lua_state) LuaRegisterJa3Functions(lua_state); LuaRegisterTlsFunctions(lua_state); LuaRegisterSshFunctions(lua_state); + LuaRegisterHasshFunctions(lua_state); LuaRegisterSmtpFunctions(lua_state); LuaRegisterDNP3Functions(lua_state); return 0; diff --git a/src/output-lua.c b/src/output-lua.c index 4c1cfe9ba1..c929b60a56 100644 --- a/src/output-lua.c +++ b/src/output-lua.c @@ -63,6 +63,7 @@ #include "util-lua-ja3.h" #include "util-lua-tls.h" #include "util-lua-ssh.h" +#include "util-lua-hassh.h" #include "util-lua-smtp.h" #define MODULE_NAME "LuaLog" @@ -637,6 +638,7 @@ static lua_State *LuaScriptSetup(const char *filename) LuaRegisterJa3Functions(luastate); LuaRegisterTlsFunctions(luastate); LuaRegisterSshFunctions(luastate); + LuaRegisterHasshFunctions(luastate); LuaRegisterSmtpFunctions(luastate); if (lua_pcall(luastate, 0, 0, 0) != 0) { diff --git a/src/util-lua-hassh.c b/src/util-lua-hassh.c new file mode 100644 index 0000000000..f5bf12f4be --- /dev/null +++ b/src/util-lua-hassh.c @@ -0,0 +1,220 @@ +/* Copyright (C) 2020 Open Information Security Foundation + * + * You can copy, redistribute or modify this Program under the terms of + * the GNU General Public License version 2 as published by the Free + * Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * version 2 along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA. + */ + + +/** + * \file + * + * \author Vadym Malakhatko + * + */ + +#include "suricata-common.h" +#include "debug.h" +#include "detect.h" +#include "pkt-var.h" +#include "conf.h" + +#include "threads.h" +#include "threadvars.h" +#include "tm-threads.h" + +#include "util-print.h" +#include "util-unittest.h" + +#include "util-debug.h" + +#include "output.h" +#include "app-layer.h" +#include "app-layer-parser.h" +#include "app-layer-ssl.h" +#include "util-privs.h" +#include "util-buffer.h" +#include "util-proto-name.h" +#include "util-logopenfile.h" +#include "util-time.h" + +#ifdef HAVE_LUA + +#include +#include +#include + +#include "util-lua.h" +#include "util-lua-common.h" +#include "util-lua-hassh.h" + +static int GetHasshServerString(lua_State *luastate, const Flow *f) +{ + void *state = FlowGetAppState(f); + if (state == NULL) + return LuaCallbackError(luastate, "error: no app layer state"); + + const uint8_t *hassh_server_string = NULL; + uint32_t b_len = 0; + + void *tx = rs_ssh_state_get_tx(state, 0); + if (rs_ssh_tx_get_hassh_string(tx, &hassh_server_string, &b_len, STREAM_TOCLIENT) != 1) + return LuaCallbackError(luastate, "error: no server hassh string"); + if (hassh_server_string == NULL || b_len == 0) { + return LuaCallbackError(luastate, "error: no server hassh string"); + } + + return LuaPushStringBuffer(luastate, hassh_server_string, b_len); +} + +static int HasshServerGetString(lua_State *luastate) +{ + int r; + + if (!(LuaStateNeedProto(luastate, ALPROTO_SSH))) + return LuaCallbackError(luastate, "error: protocol is not ssh"); + + Flow *f = LuaStateGetFlow(luastate); + if (f == NULL) + return LuaCallbackError(luastate, "internal error: no ssh flow"); + + r = GetHasshServerString(luastate, f); + + return r; +} + +static int GetHasshServer(lua_State *luastate, const Flow *f) +{ + void *state = FlowGetAppState(f); + if (state == NULL) + return LuaCallbackError(luastate, "error: no ssh app layer state"); + + const uint8_t *hassh_server = NULL; + uint32_t b_len = 0; + + void *tx = rs_ssh_state_get_tx(state, 0); + if (rs_ssh_tx_get_hassh(tx, &hassh_server, &b_len, STREAM_TOCLIENT) != 1) + return LuaCallbackError(luastate, "error: no server hassh"); + if (hassh_server == NULL || b_len == 0) { + return LuaCallbackError(luastate, "error: no server hassh"); + } + + return LuaPushStringBuffer(luastate, hassh_server, b_len); +} + +static int HasshServerGet(lua_State *luastate) +{ + int r; + + if (!(LuaStateNeedProto(luastate, ALPROTO_SSH))) + return LuaCallbackError(luastate, "error: protocol is not ssh"); + + Flow *f = LuaStateGetFlow(luastate); + if (f == NULL) + return LuaCallbackError(luastate, "internal error: no ssh flow"); + + r = GetHasshServer(luastate, f); + + return r; +} + +static int GetHasshString(lua_State *luastate, const Flow *f) +{ + void *state = FlowGetAppState(f); + if (state == NULL) + return LuaCallbackError(luastate, "error: no app layer state"); + + const uint8_t *hassh_string = NULL; + uint32_t b_len = 0; + + void *tx = rs_ssh_state_get_tx(state, 0); + if (rs_ssh_tx_get_hassh_string(tx, &hassh_string, &b_len, STREAM_TOSERVER) != 1) + return LuaCallbackError(luastate, "error: no client hassh_string"); + if (hassh_string == NULL || b_len == 0) { + return LuaCallbackError(luastate, "error: no client hassh_string"); + } + + return LuaPushStringBuffer(luastate, hassh_string, b_len); +} + +static int HasshGetString(lua_State *luastate) +{ + int r; + + if (!(LuaStateNeedProto(luastate, ALPROTO_SSH))) + return LuaCallbackError(luastate, "error: protocol is not ssh"); + + Flow *f = LuaStateGetFlow(luastate); + if (f == NULL) + return LuaCallbackError(luastate, "internal error: no ssh flow"); + + r = GetHasshString(luastate, f); + + return r; +} + +static int GetHassh(lua_State *luastate, const Flow *f) +{ + void *state = FlowGetAppState(f); + if (state == NULL) + return LuaCallbackError(luastate, "error: no app layer state"); + + const uint8_t *hassh = NULL; + uint32_t b_len = 0; + + void *tx = rs_ssh_state_get_tx(state, 0); + if (rs_ssh_tx_get_hassh(tx, &hassh, &b_len, STREAM_TOSERVER) != 1) + return LuaCallbackError(luastate, "error: no client hassh"); + if (hassh == NULL || b_len == 0) { + return LuaCallbackError(luastate, "error: no client hassh"); + } + + return LuaPushStringBuffer(luastate, hassh, b_len); +} + +static int HasshGet(lua_State *luastate) +{ + int r; + + if (!(LuaStateNeedProto(luastate, ALPROTO_SSH))) + return LuaCallbackError(luastate, "error: protocol is not ssh"); + + Flow *f = LuaStateGetFlow(luastate); + if (f == NULL) + return LuaCallbackError(luastate, "internal error: no sshflow"); + + r = GetHassh(luastate, f); + + return r; +} + +/** *\brief Register Hassh Lua extensions */ +int LuaRegisterHasshFunctions(lua_State *luastate) +{ + + lua_pushcfunction(luastate, HasshGet); + lua_setglobal(luastate, "HasshGet"); + + lua_pushcfunction(luastate, HasshGetString); + lua_setglobal(luastate, "HasshGetString"); + + lua_pushcfunction(luastate, HasshServerGet); + lua_setglobal(luastate, "HasshServerGet"); + + lua_pushcfunction(luastate, HasshServerGetString); + lua_setglobal(luastate, "HasshServerGetString"); + + return 0; +} + +#endif /* HAVE_LUA */ diff --git a/src/util-lua-hassh.h b/src/util-lua-hassh.h new file mode 100644 index 0000000000..96e8ae6efd --- /dev/null +++ b/src/util-lua-hassh.h @@ -0,0 +1,33 @@ +/* Copyright (C) 2020 Open Information Security Foundation + * + * You can copy, redistribute or modify this Program under the terms of + * the GNU General Public License version 2 as published by the Free + * Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * version 2 along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA. + */ + +/** + * \file + * + * \author Vadym Malakhatko + */ + +#ifndef __UTIL_LUA_HASSH_H__ +#define __UTIL_LUA_HASSH_H__ + +#ifdef HAVE_LUA + +int LuaRegisterHasshFunctions(lua_State *luastate); + +#endif /* HAVE_LUA */ + +#endif /* __UTIL_LUA_HASSH_H__ */