transforms: move hash transforms to rust

md5, sha1 and sha256 Ticket: 7229
9 months ago · 0e5b49d20f
parent 71da38e702
commit 0e5b49d20f
12 changed files with 249 additions and 446 deletions
--- a/rust/src/detect/transforms/hash.rs
+++ b/rust/src/detect/transforms/hash.rs
@ -0,0 +1,239 @@
+/* Copyright (C) 2024 Open Information Security Foundation
+ *
+ * You can copy, redistribute or modify this Program under the terms of
+ * the GNU General Public License version 2 as published by the Free
+ * Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * version 2 along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ */
+
+use super::{
+    DetectHelperTransformRegister, DetectSignatureAddTransform, InspectionBufferCheckAndExpand,
+    InspectionBufferLength, InspectionBufferPtr, InspectionBufferTruncate, SCTransformTableElmt,
+};
+use crate::detect::SIGMATCH_NOOPT;
+use crate::ffi::hashing::{G_DISABLE_HASHING, SC_SHA1_LEN, SC_SHA256_LEN};
+use digest::{Digest, Update};
+use md5::Md5;
+use sha1::Sha1;
+use sha2::Sha256;
+
+use std::os::raw::{c_int, c_void};
+use std::ptr;
+
+static mut G_TRANSFORM_MD5_ID: c_int = 0;
+static mut G_TRANSFORM_SHA1_ID: c_int = 0;
+static mut G_TRANSFORM_SHA256_ID: c_int = 0;
+
+const SC_MD5_LEN: usize = 16;
+
+#[no_mangle]
+unsafe extern "C" fn md5_setup(
+    _de: *mut c_void, s: *mut c_void, _raw: *const std::os::raw::c_char,
+) -> c_int {
+    if unsafe { G_DISABLE_HASHING } {
+        SCLogError!("MD5 hashing has been disabled, needed for to_md5 keyword");
+        return -1;
+    }
+    return DetectSignatureAddTransform(s, G_TRANSFORM_MD5_ID, ptr::null_mut());
+}
+
+fn md5_transform_do(input: &[u8], output: &mut [u8]) {
+    Md5::new().chain(input).finalize_into(output.into());
+}
+
+#[no_mangle]
+unsafe extern "C" fn md5_transform(buffer: *mut c_void, _ctx: *mut c_void) {
+    let input = InspectionBufferPtr(buffer);
+    let input_len = InspectionBufferLength(buffer);
+    if input.is_null() || input_len == 0 {
+        return;
+    }
+    let input = build_slice!(input, input_len as usize);
+
+    let output = InspectionBufferCheckAndExpand(buffer, SC_MD5_LEN as u32);
+    if output.is_null() {
+        // allocation failure
+        return;
+    }
+    let output = std::slice::from_raw_parts_mut(output, SC_MD5_LEN);
+
+    md5_transform_do(input, output);
+
+    InspectionBufferTruncate(buffer, SC_MD5_LEN as u32);
+}
+
+#[no_mangle]
+pub unsafe extern "C" fn DetectTransformMd5Register() {
+    let kw = SCTransformTableElmt {
+        name: b"to_md5\0".as_ptr() as *const libc::c_char,
+        desc: b"convert to md5 hash of the buffer\0".as_ptr() as *const libc::c_char,
+        url: b"/rules/transforms.html#to-md5\0".as_ptr() as *const libc::c_char,
+        Setup: md5_setup,
+        flags: SIGMATCH_NOOPT,
+        Transform: md5_transform,
+        Free: None,
+        TransformValidate: None,
+    };
+    unsafe {
+        G_TRANSFORM_MD5_ID = DetectHelperTransformRegister(&kw);
+        if G_TRANSFORM_MD5_ID < 0 {
+            SCLogWarning!("Failed registering transform md5");
+        }
+    }
+}
+
+#[no_mangle]
+unsafe extern "C" fn sha1_setup(
+    _de: *mut c_void, s: *mut c_void, _raw: *const std::os::raw::c_char,
+) -> c_int {
+    if unsafe { G_DISABLE_HASHING } {
+        SCLogError!("SHA1 hashing has been disabled, needed for to_sha1 keyword");
+        return -1;
+    }
+    return DetectSignatureAddTransform(s, G_TRANSFORM_SHA1_ID, ptr::null_mut());
+}
+
+fn sha1_transform_do(input: &[u8], output: &mut [u8]) {
+    Sha1::new().chain(input).finalize_into(output.into());
+}
+
+#[no_mangle]
+unsafe extern "C" fn sha1_transform(buffer: *mut c_void, _ctx: *mut c_void) {
+    let input = InspectionBufferPtr(buffer);
+    let input_len = InspectionBufferLength(buffer);
+    if input.is_null() || input_len == 0 {
+        return;
+    }
+    let input = build_slice!(input, input_len as usize);
+
+    let output = InspectionBufferCheckAndExpand(buffer, SC_SHA1_LEN as u32);
+    if output.is_null() {
+        // allocation failure
+        return;
+    }
+    let output = std::slice::from_raw_parts_mut(output, SC_SHA1_LEN);
+
+    sha1_transform_do(input, output);
+
+    InspectionBufferTruncate(buffer, SC_SHA1_LEN as u32);
+}
+
+#[no_mangle]
+pub unsafe extern "C" fn DetectTransformSha1Register() {
+    let kw = SCTransformTableElmt {
+        name: b"to_sha1\0".as_ptr() as *const libc::c_char,
+        desc: b"convert to sha1 hash of the buffer\0".as_ptr() as *const libc::c_char,
+        url: b"/rules/transforms.html#to-sha1\0".as_ptr() as *const libc::c_char,
+        Setup: sha1_setup,
+        flags: SIGMATCH_NOOPT,
+        Transform: sha1_transform,
+        Free: None,
+        TransformValidate: None,
+    };
+    unsafe {
+        G_TRANSFORM_SHA1_ID = DetectHelperTransformRegister(&kw);
+        if G_TRANSFORM_SHA1_ID < 0 {
+            SCLogWarning!("Failed registering transform sha1");
+        }
+    }
+}
+
+#[no_mangle]
+unsafe extern "C" fn sha256_setup(
+    _de: *mut c_void, s: *mut c_void, _raw: *const std::os::raw::c_char,
+) -> c_int {
+    if unsafe { G_DISABLE_HASHING } {
+        SCLogError!("SHA256 hashing has been disabled, needed for to_sha256 keyword");
+        return -1;
+    }
+    return DetectSignatureAddTransform(s, G_TRANSFORM_SHA256_ID, ptr::null_mut());
+}
+
+fn sha256_transform_do(input: &[u8], output: &mut [u8]) {
+    Sha256::new().chain(input).finalize_into(output.into());
+}
+
+#[no_mangle]
+unsafe extern "C" fn sha256_transform(buffer: *mut c_void, _ctx: *mut c_void) {
+    let input = InspectionBufferPtr(buffer);
+    let input_len = InspectionBufferLength(buffer);
+    if input.is_null() || input_len == 0 {
+        return;
+    }
+    let input = build_slice!(input, input_len as usize);
+
+    let output = InspectionBufferCheckAndExpand(buffer, SC_SHA256_LEN as u32);
+    if output.is_null() {
+        // allocation failure
+        return;
+    }
+    let output = std::slice::from_raw_parts_mut(output, SC_SHA256_LEN);
+
+    sha256_transform_do(input, output);
+
+    InspectionBufferTruncate(buffer, SC_SHA256_LEN as u32);
+}
+
+#[no_mangle]
+pub unsafe extern "C" fn DetectTransformSha256Register() {
+    let kw = SCTransformTableElmt {
+        name: b"to_sha256\0".as_ptr() as *const libc::c_char,
+        desc: b"convert to sha256 hash of the buffer\0".as_ptr() as *const libc::c_char,
+        url: b"/rules/transforms.html#to-sha256\0".as_ptr() as *const libc::c_char,
+        Setup: sha256_setup,
+        flags: SIGMATCH_NOOPT,
+        Transform: sha256_transform,
+        Free: None,
+        TransformValidate: None,
+    };
+    unsafe {
+        G_TRANSFORM_SHA256_ID = DetectHelperTransformRegister(&kw);
+        if G_TRANSFORM_SHA256_ID < 0 {
+            SCLogWarning!("Failed registering transform sha256");
+        }
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn test_md5_transform() {
+        let buf = b" A B C D ";
+        let mut out = vec![0; SC_MD5_LEN];
+        md5_transform_do(buf, &mut out);
+        assert_eq!(
+            out,
+            b"\xe0\x59\xf8\x30\x43\x69\x58\xb6\x45\x82\x8c\xc2\x33\xc2\x47\x13"
+        );
+    }
+
+    #[test]
+    fn test_sha1_transform() {
+        let buf = b" A B C D ";
+        let mut out = vec![0; SC_SHA1_LEN];
+        sha1_transform_do(buf, &mut out);
+        assert_eq!(
+            out,
+            b"\xc8\xdc\x44\x97\xf7\xe0\x55\xf8\x6b\x88\x90\x52\x08\x2c\x0c\x7b\xdc\xc9\xc8\x89"
+        );
+    }
+
+    #[test]
+    fn test_sha256_transform() {
+        let buf = b" A B C D ";
+        let mut out = vec![0; SC_SHA256_LEN];
+        sha256_transform_do(buf, &mut out);
+        assert_eq!(out, b"\xd6\xbf\x7d\x8d\x69\x53\x02\x4d\x0d\x84\x5c\x99\x9b\xae\x93\xcc\xac\x68\xea\xab\x9a\xc9\x77\xd0\xfd\x30\x6a\xf5\x9a\x3d\xe4\x3a");
+    }
+}
--- a/rust/src/detect/transforms/mod.rs
+++ b/rust/src/detect/transforms/mod.rs
@ -22,6 +22,7 @@ use std::os::raw::{c_char, c_int, c_void};
 pub mod compress_whitespace;
 pub mod dotprefix;
 pub mod strip_whitespace;
+pub mod hash;

 #[repr(C)]
 #[allow(non_snake_case)]
--- a/rust/src/ffi/hashing.rs
+++ b/rust/src/ffi/hashing.rs
@ -205,6 +205,13 @@ unsafe fn finalize<D: Digest>(digest: D, out: *mut u8, len: u32) {
    output.copy_from_slice(&result);
 }

+pub static mut G_DISABLE_HASHING: bool = false;
+
+#[no_mangle]
+pub unsafe extern "C" fn SCDisableHashing() {
+    G_DISABLE_HASHING = true;
+}
+
 #[cfg(test)]
 mod test {
    use super::*;
--- a/src/Makefile.am
+++ b/src/Makefile.am
@ -308,10 +308,7 @@ noinst_HEADERS = \
 	detect-transform-base64.h \
 	detect-transform-casechange.h \
 	detect-transform-header-lowercase.h \
-	detect-transform-md5.h \
 	detect-transform-pcrexform.h \
-	detect-transform-sha1.h \
-	detect-transform-sha256.h \
 	detect-transform-strip-pseudo-headers.h \
 	detect-transform-urldecode.h \
 	detect-transform-xor.h \
@ -874,10 +871,7 @@ libsuricata_c_a_SOURCES = \
 	detect-transform-base64.c \
 	detect-transform-casechange.c \
 	detect-transform-header-lowercase.c \
-	detect-transform-md5.c \
 	detect-transform-pcrexform.c \
-	detect-transform-sha1.c \
-	detect-transform-sha256.c \
 	detect-transform-strip-pseudo-headers.c \
 	detect-transform-urldecode.c \
 	detect-transform-xor.c \
--- a/src/detect-engine-register.c
+++ b/src/detect-engine-register.c
@ -216,9 +216,6 @@
 #include "detect-engine-content-inspection.h"

 #include "detect-transform-strip-pseudo-headers.h"
-#include "detect-transform-md5.h"
-#include "detect-transform-sha1.h"
-#include "detect-transform-sha256.h"
 #include "detect-transform-pcrexform.h"
 #include "detect-transform-urldecode.h"
 #include "detect-transform-xor.h"
--- a/src/detect-transform-md5.c
+++ b/src/detect-transform-md5.c
@ -1,115 +0,0 @@
-/* Copyright (C) 2007-2020 Open Information Security Foundation
- *
- * You can copy, redistribute or modify this Program under the terms of
- * the GNU General Public License version 2 as published by the Free
- * Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * version 2 along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
- * 02110-1301, USA.
- */
-
-/**
- * \file
- *
- * \author Victor Julien <victor@inliniac.net>
- *
- * Implements the to_md5 transformation keyword
- */
-
-#include "suricata-common.h"
-
-#include "detect.h"
-#include "detect-engine.h"
-#include "detect-engine-prefilter.h"
-#include "detect-parse.h"
-#include "detect-transform-md5.h"
-
-#include "util-unittest.h"
-#include "util-print.h"
-#include "rust.h"
-
-static int DetectTransformToMd5Setup (DetectEngineCtx *, Signature *, const char *);
-#ifdef UNITTESTS
-static void DetectTransformToMd5RegisterTests(void);
-#endif
-static void TransformToMd5(InspectionBuffer *buffer, void *options);
-
-void DetectTransformMd5Register(void)
-{
-    sigmatch_table[DETECT_TRANSFORM_MD5].name = "to_md5";
-    sigmatch_table[DETECT_TRANSFORM_MD5].desc =
-        "convert to md5 hash of the buffer";
-    sigmatch_table[DETECT_TRANSFORM_MD5].url =
-        "/rules/transforms.html#to-md5";
-    sigmatch_table[DETECT_TRANSFORM_MD5].Setup =
-        DetectTransformToMd5Setup;
-    sigmatch_table[DETECT_TRANSFORM_MD5].Transform =
-        TransformToMd5;
-#ifdef UNITTESTS
-    sigmatch_table[DETECT_TRANSFORM_MD5].RegisterTests =
-        DetectTransformToMd5RegisterTests;
-#endif
-    sigmatch_table[DETECT_TRANSFORM_MD5].flags |= SIGMATCH_NOOPT;
-}
-
-/**
- *  \internal
- *  \brief Apply the nocase keyword to the last pattern match, either content or uricontent
- *  \param det_ctx detection engine ctx
- *  \param s signature
- *  \param nullstr should be null
- *  \retval 0 ok
- *  \retval -1 failure
- */
-static int DetectTransformToMd5Setup (DetectEngineCtx *de_ctx, Signature *s, const char *nullstr)
-{
-    SCEnter();
-    if (g_disable_hashing) {
-        SCLogError("MD5 hashing has been disabled, "
-                   "needed for to_md5 keyword");
-        SCReturnInt(-1);
-    }
-    int r = DetectSignatureAddTransform(s, DETECT_TRANSFORM_MD5, NULL);
-    SCReturnInt(r);
-}
-
-static void TransformToMd5(InspectionBuffer *buffer, void *options)
-{
-    const uint8_t *input = buffer->inspect;
-    const uint32_t input_len = buffer->inspect_len;
-    uint8_t output[SC_MD5_LEN];
-
-    //PrintRawDataFp(stdout, input, input_len);
-    SCMd5HashBuffer(input, input_len, output, sizeof(output));
-    InspectionBufferCopy(buffer, output, sizeof(output));
-}
-
-#ifdef UNITTESTS
-static int DetectTransformToMd5Test01(void)
-{
-    const uint8_t *input = (const uint8_t *)" A B C D ";
-    uint32_t input_len = strlen((char *)input);
-
-    InspectionBuffer buffer;
-    InspectionBufferInit(&buffer, 8);
-    InspectionBufferSetup(NULL, -1, &buffer, input, input_len);
-    PrintRawDataFp(stdout, buffer.inspect, buffer.inspect_len);
-    TransformToMd5(&buffer, NULL);
-    PrintRawDataFp(stdout, buffer.inspect, buffer.inspect_len);
-    InspectionBufferFree(&buffer);
-    PASS;
-}
-
-static void DetectTransformToMd5RegisterTests(void)
-{
-    UtRegisterTest("DetectTransformToMd5Test01",
-            DetectTransformToMd5Test01);
-}
-#endif
--- a/src/detect-transform-md5.h
+++ b/src/detect-transform-md5.h
@ -1,30 +0,0 @@
-/* Copyright (C) 2017 Open Information Security Foundation
- *
- * You can copy, redistribute or modify this Program under the terms of
- * the GNU General Public License version 2 as published by the Free
- * Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * version 2 along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
- * 02110-1301, USA.
- */
-
-/**
- * \file
- *
- * \author Victor Julien <victor@inliniac.net>
- */
-
-#ifndef SURICATA_DETECT_TRANSFORM_MD5_H
-#define SURICATA_DETECT_TRANSFORM_MD5_H
-
-/* prototypes */
-void DetectTransformMd5Register (void);
-
-#endif /* SURICATA_DETECT_TRANSFORM_MD5_H */
--- a/src/detect-transform-sha1.c
+++ b/src/detect-transform-sha1.c
@ -1,116 +0,0 @@
-/* Copyright (C) 2007-2020 Open Information Security Foundation
- *
- * You can copy, redistribute or modify this Program under the terms of
- * the GNU General Public License version 2 as published by the Free
- * Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * version 2 along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
- * 02110-1301, USA.
- */
-
-/**
- * \file
- *
- * \author Victor Julien <victor@inliniac.net>
- *
- * Implements the sha1 transformation keyword
- */
-
-#include "suricata-common.h"
-
-#include "detect.h"
-#include "detect-engine.h"
-#include "detect-engine-prefilter.h"
-#include "detect-parse.h"
-#include "detect-transform-sha1.h"
-
-#include "util-unittest.h"
-#include "util-print.h"
-
-#include "rust.h"
-
-static int DetectTransformToSha1Setup (DetectEngineCtx *, Signature *, const char *);
-#ifdef UNITTESTS
-static void DetectTransformToSha1RegisterTests(void);
-#endif
-static void TransformToSha1(InspectionBuffer *buffer, void *options);
-
-void DetectTransformSha1Register(void)
-{
-    sigmatch_table[DETECT_TRANSFORM_SHA1].name = "to_sha1";
-    sigmatch_table[DETECT_TRANSFORM_SHA1].desc =
-        "convert to sha1 hash of the buffer";
-    sigmatch_table[DETECT_TRANSFORM_SHA1].url =
-        "/rules/transforms.html#to-sha1";
-    sigmatch_table[DETECT_TRANSFORM_SHA1].Setup =
-        DetectTransformToSha1Setup;
-    sigmatch_table[DETECT_TRANSFORM_SHA1].Transform =
-        TransformToSha1;
-#ifdef UNITTESTS
-    sigmatch_table[DETECT_TRANSFORM_SHA1].RegisterTests =
-        DetectTransformToSha1RegisterTests;
-#endif
-    sigmatch_table[DETECT_TRANSFORM_SHA1].flags |= SIGMATCH_NOOPT;
-}
-
-/**
- *  \internal
- *  \brief Apply the nocase keyword to the last pattern match, either content or uricontent
- *  \param det_ctx detection engine ctx
- *  \param s signature
- *  \param nullstr should be null
- *  \retval 0 ok
- *  \retval -1 failure
- */
-static int DetectTransformToSha1Setup (DetectEngineCtx *de_ctx, Signature *s, const char *nullstr)
-{
-    SCEnter();
-    if (g_disable_hashing) {
-        SCLogError("SHA1 hashing has been disabled, "
-                   "needed for to_sha1 keyword");
-        SCReturnInt(-1);
-    }
-    int r = DetectSignatureAddTransform(s, DETECT_TRANSFORM_SHA1, NULL);
-    SCReturnInt(r);
-}
-
-static void TransformToSha1(InspectionBuffer *buffer, void *options)
-{
-    const uint8_t *input = buffer->inspect;
-    const uint32_t input_len = buffer->inspect_len;
-    uint8_t output[SC_SHA1_LEN];
-
-    //PrintRawDataFp(stdout, input, input_len);
-    SCSha1HashBuffer(input, input_len, output, sizeof(output));
-    InspectionBufferCopy(buffer, output, sizeof(output));
-}
-
-#ifdef UNITTESTS
-static int DetectTransformToSha1Test01(void)
-{
-    const uint8_t *input = (const uint8_t *)" A B C D ";
-    uint32_t input_len = strlen((char *)input);
-
-    InspectionBuffer buffer;
-    InspectionBufferInit(&buffer, 8);
-    InspectionBufferSetup(NULL, -1, &buffer, input, input_len);
-    PrintRawDataFp(stdout, buffer.inspect, buffer.inspect_len);
-    TransformToSha1(&buffer, NULL);
-    PrintRawDataFp(stdout, buffer.inspect, buffer.inspect_len);
-    InspectionBufferFree(&buffer);
-    PASS;
-}
-
-static void DetectTransformToSha1RegisterTests(void)
-{
-    UtRegisterTest("DetectTransformToSha1Test01",
-            DetectTransformToSha1Test01);
-}
-#endif
--- a/src/detect-transform-sha1.h
+++ b/src/detect-transform-sha1.h
@ -1,30 +0,0 @@
-/* Copyright (C) 2017 Open Information Security Foundation
- *
- * You can copy, redistribute or modify this Program under the terms of
- * the GNU General Public License version 2 as published by the Free
- * Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * version 2 along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
- * 02110-1301, USA.
- */
-
-/**
- * \file
- *
- * \author Victor Julien <victor@inliniac.net>
- */
-
-#ifndef SURICATA_DETECT_TRANSFORM_SHA1_H
-#define SURICATA_DETECT_TRANSFORM_SHA1_H
-
-/* prototypes */
-void DetectTransformSha1Register (void);
-
-#endif /* SURICATA_DETECT_TRANSFORM_SHA1_H */
--- a/src/detect-transform-sha256.c
+++ b/src/detect-transform-sha256.c
@ -1,116 +0,0 @@
-/* Copyright (C) 2007-2020 Open Information Security Foundation
- *
- * You can copy, redistribute or modify this Program under the terms of
- * the GNU General Public License version 2 as published by the Free
- * Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * version 2 along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
- * 02110-1301, USA.
- */
-
-/**
- * \file
- *
- * \author Victor Julien <victor@inliniac.net>
- *
- * Implements the nocase keyword
- */
-
-#include "suricata-common.h"
-
-#include "detect.h"
-#include "detect-engine.h"
-#include "detect-engine-prefilter.h"
-#include "detect-parse.h"
-#include "detect-transform-sha256.h"
-
-#include "util-unittest.h"
-#include "util-print.h"
-
-#include "rust.h"
-
-static int DetectTransformToSha256Setup (DetectEngineCtx *, Signature *, const char *);
-#ifdef UNITTESTS
-static void DetectTransformToSha256RegisterTests(void);
-#endif
-static void TransformToSha256(InspectionBuffer *buffer, void *options);
-
-void DetectTransformSha256Register(void)
-{
-    sigmatch_table[DETECT_TRANSFORM_SHA256].name = "to_sha256";
-    sigmatch_table[DETECT_TRANSFORM_SHA256].desc =
-        "convert to sha256 hash of the buffer";
-    sigmatch_table[DETECT_TRANSFORM_SHA256].url =
-        "/rules/transforms.html#to-sha256";
-    sigmatch_table[DETECT_TRANSFORM_SHA256].Setup =
-        DetectTransformToSha256Setup;
-    sigmatch_table[DETECT_TRANSFORM_SHA256].Transform =
-        TransformToSha256;
-#ifdef UNITTESTS
-    sigmatch_table[DETECT_TRANSFORM_SHA256].RegisterTests =
-        DetectTransformToSha256RegisterTests;
-#endif
-    sigmatch_table[DETECT_TRANSFORM_SHA256].flags |= SIGMATCH_NOOPT;
-}
-
-/**
- *  \internal
- *  \brief Apply the nocase keyword to the last pattern match, either content or uricontent
- *  \param det_ctx detection engine ctx
- *  \param s signature
- *  \param nullstr should be null
- *  \retval 0 ok
- *  \retval -1 failure
- */
-static int DetectTransformToSha256Setup (DetectEngineCtx *de_ctx, Signature *s, const char *nullstr)
-{
-    SCEnter();
-    if (g_disable_hashing) {
-        SCLogError("SHA256 hashing has been disabled, "
-                   "needed for to_sha256 keyword");
-        SCReturnInt(-1);
-    }
-    int r = DetectSignatureAddTransform(s, DETECT_TRANSFORM_SHA256, NULL);
-    SCReturnInt(r);
-}
-
-static void TransformToSha256(InspectionBuffer *buffer, void *options)
-{
-    const uint8_t *input = buffer->inspect;
-    const uint32_t input_len = buffer->inspect_len;
-    uint8_t output[SC_SHA256_LEN];
-
-    //PrintRawDataFp(stdout, input, input_len);
-    SCSha256HashBuffer(input, input_len, output, sizeof(output));
-    InspectionBufferCopy(buffer, output, sizeof(output));
-}
-
-#ifdef UNITTESTS
-static int DetectTransformToSha256Test01(void)
-{
-    const uint8_t *input = (const uint8_t *)" A B C D ";
-    uint32_t input_len = strlen((char *)input);
-
-    InspectionBuffer buffer;
-    InspectionBufferInit(&buffer, 8);
-    InspectionBufferSetup(NULL, -1, &buffer, input, input_len);
-    PrintRawDataFp(stdout, buffer.inspect, buffer.inspect_len);
-    TransformToSha256(&buffer, NULL);
-    PrintRawDataFp(stdout, buffer.inspect, buffer.inspect_len);
-    InspectionBufferFree(&buffer);
-    PASS;
-}
-
-static void DetectTransformToSha256RegisterTests(void)
-{
-    UtRegisterTest("DetectTransformToSha256Test01",
-            DetectTransformToSha256Test01);
-}
-#endif
--- a/src/detect-transform-sha256.h
+++ b/src/detect-transform-sha256.h
@ -1,30 +0,0 @@
-/* Copyright (C) 2017 Open Information Security Foundation
- *
- * You can copy, redistribute or modify this Program under the terms of
- * the GNU General Public License version 2 as published by the Free
- * Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * version 2 along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
- * 02110-1301, USA.
- */
-
-/**
- * \file
- *
- * \author Victor Julien <victor@inliniac.net>
- */
-
-#ifndef SURICATA_DETECT_TRANSFORM_SHA256_H
-#define SURICATA_DETECT_TRANSFORM_SHA256_H
-
-/* prototypes */
-void DetectTransformSha256Register (void);
-
-#endif /* SURICATA_DETECT_TRANSFORM_SHA256_H */
--- a/src/suricata.c
+++ b/src/suricata.c
@ -1601,6 +1601,8 @@ TmEcode SCParseCommandLine(int argc, char **argv)
                g_detect_disabled = suri->disabled_detect = 1;
            } else if (strcmp((long_opts[option_index]).name, "disable-hashing") == 0) {
                g_disable_hashing = true;
+                // for rust
+                SCDisableHashing();
            } else if (strcmp((long_opts[option_index]).name, "fatal-unittests") == 0) {
 #ifdef UNITTESTS
                unittests_fatal = 1;