File: tsk_hashdb_i.h

package info (click to toggle)
sleuthkit 4.11.1%2Bdfsg-1
  • links: PTS, VCS
  • area: main
  • in suites: bookworm
  • size: 18,388 kB
  • sloc: ansic: 143,074; cpp: 33,286; java: 32,933; sh: 4,342; xml: 2,197; makefile: 436; python: 270
file content (158 lines) | stat: -rw-r--r-- 7,180 bytes parent folder | download | duplicates (5) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
 
/*
* The Sleuth Kit
*
* Brian Carrier [carrier <at> sleuthkit [dot] org]
* Copyright (c) 2003-2014 Brian Carrier.  All rights reserved
*/

/**
* \file tsk_hashdb_i.h
* Contains the internal library definitions for the hash database functions.  This should
* be included by the code in the hash database library.
*/

#ifndef _TSK_HASHDB_I_H
#define _TSK_HASHDB_I_H

// Include the other internal TSK header files
#include "tsk/base/tsk_base_i.h"

// include the external header file
#include "tsk_hashdb.h"

#include <string.h>
#include <ctype.h>
#include <wchar.h>

#include <sys/types.h>
#include <sys/stat.h>

#include <locale.h>

#ifdef TSK_WIN32
#include <io.h>
#include <fcntl.h>
#endif

#ifdef __cplusplus
extern "C" {
#endif

#define TSK_HDB_MAXLEN	512     ///< Default buffer size used in many places

#define TSK_HDB_OFF_LEN 16      ///< Number of digits used in offset field in index

    /**
    * Get the length of an index file line - 2 for comma and newline 
    */
#define TSK_HDB_IDX_LEN(x) \
    ( TSK_HDB_HTYPE_LEN(x) + TSK_HDB_OFF_LEN + 2)

    /**
    * Strings used in index header.  It is one longer than a 
    * sha-1 hash - so that it always sorts to the top */
#define TSK_HDB_IDX_HEAD_TYPE_STR	"00000000000000000000000000000000000000000"
#define TSK_HDB_IDX_HEAD_NAME_STR	"00000000000000000000000000000000000000001"

    // "Base" hash database functions.
    extern void hdb_base_db_name_from_path(TSK_HDB_INFO *);
    extern uint8_t hdb_info_base_open(TSK_HDB_INFO *, const TSK_TCHAR *);
    extern const TSK_TCHAR *hdb_base_get_db_path(TSK_HDB_INFO *);
    extern const char *hdb_base_get_display_name(TSK_HDB_INFO *);
    extern uint8_t hdb_base_uses_external_indexes();
    extern const TSK_TCHAR *hdb_base_get_index_path(TSK_HDB_INFO *, TSK_HDB_HTYPE_ENUM);
    extern uint8_t hdb_base_has_index(TSK_HDB_INFO *, TSK_HDB_HTYPE_ENUM);
    extern uint8_t hdb_base_make_index(TSK_HDB_INFO *, TSK_TCHAR *);
    extern uint8_t hdb_base_open_index(TSK_HDB_INFO *, TSK_HDB_HTYPE_ENUM);
    extern int8_t hdb_base_lookup_str(TSK_HDB_INFO *, const char *, TSK_HDB_FLAG_ENUM, TSK_HDB_LOOKUP_FN, void *);
    extern int8_t hdb_base_lookup_bin(TSK_HDB_INFO *, uint8_t *, uint8_t, TSK_HDB_FLAG_ENUM, TSK_HDB_LOOKUP_FN, void *);
    extern int8_t hdb_base_lookup_verbose_str(TSK_HDB_INFO *, const char *, void *);
    extern uint8_t hdb_base_accepts_updates();
    extern uint8_t hdb_base_add_entry(TSK_HDB_INFO *, const char *, const char *, const char *, const char *, const char *);
    extern uint8_t hdb_base_begin_transaction(TSK_HDB_INFO *);
    extern uint8_t hdb_base_commit_transaction(TSK_HDB_INFO *);
    extern uint8_t hdb_base_rollback_transaction(TSK_HDB_INFO *);
    extern void hdb_info_base_close(TSK_HDB_INFO *);

    // Hash database functions common to all text format hash databases
    // (NSRL, md5sum, EnCase, HashKeeper, index only). These databases have
    // external indexes. 
    extern TSK_HDB_BINSRCH_INFO *hdb_binsrch_open(FILE *, const TSK_TCHAR *);
    extern uint8_t hdb_binsrch_uses_external_indexes();
    extern const TSK_TCHAR *hdb_binsrch_get_index_path(TSK_HDB_INFO *, TSK_HDB_HTYPE_ENUM);
    extern uint8_t hdb_binsrch_has_index(TSK_HDB_INFO*, TSK_HDB_HTYPE_ENUM);
    extern uint8_t hdb_binsrch_open_idx(TSK_HDB_INFO *, TSK_HDB_HTYPE_ENUM);
    extern uint8_t hdb_binsrch_idx_initialize(TSK_HDB_BINSRCH_INFO *, TSK_TCHAR *);
    extern uint8_t hdb_binsrch_idx_add_entry_str(TSK_HDB_BINSRCH_INFO *, char *, TSK_OFF_T);
    extern uint8_t hdb_binsrch_idx_add_entry_bin(TSK_HDB_BINSRCH_INFO *, 
        unsigned char *, int, TSK_OFF_T);
    extern uint8_t hdb_binsrch_idx_finalize(TSK_HDB_BINSRCH_INFO *);
    extern int8_t hdb_binsrch_lookup_str(TSK_HDB_INFO *, const char *, 
        TSK_HDB_FLAG_ENUM, TSK_HDB_LOOKUP_FN, void *);
    extern int8_t hdb_binsrch_lookup_bin(TSK_HDB_INFO *, uint8_t *, 
        uint8_t, TSK_HDB_FLAG_ENUM, 
        TSK_HDB_LOOKUP_FN, void *);
    extern int8_t hdb_binsrch_lookup_verbose_str(TSK_HDB_INFO *, const char *, void *);
    extern uint8_t hdb_binsrch_accepts_updates();
    extern void hdb_binsrch_close(TSK_HDB_INFO *) ;

    // Hash database functions for NSRL hash databases. 
    extern uint8_t nsrl_test(FILE *);
    extern TSK_HDB_INFO *nsrl_open(FILE *, const TSK_TCHAR *);
    extern uint8_t nsrl_makeindex(TSK_HDB_INFO *, TSK_TCHAR * htype);
    extern uint8_t nsrl_getentry(TSK_HDB_INFO *, const char *, TSK_OFF_T,
        TSK_HDB_FLAG_ENUM, TSK_HDB_LOOKUP_FN,
        void *);

    // Hash database functions for hash databases generated using md5Sum. 
    extern uint8_t md5sum_test(FILE *);
    extern TSK_HDB_INFO *md5sum_open(FILE *, const TSK_TCHAR *);
    extern uint8_t md5sum_makeindex(TSK_HDB_INFO *, TSK_TCHAR * htype);
    extern uint8_t md5sum_getentry(TSK_HDB_INFO *, const char *, TSK_OFF_T,
        TSK_HDB_FLAG_ENUM, TSK_HDB_LOOKUP_FN,
        void *);

    // Hash database functions for hash databases generated using EnCase. 
    extern uint8_t encase_test(FILE *);
    extern TSK_HDB_INFO *encase_open(FILE *, const TSK_TCHAR *);
    extern uint8_t encase_make_index(TSK_HDB_INFO *, TSK_TCHAR * htype);
    extern uint8_t encase_get_entry(TSK_HDB_INFO *, const char *, TSK_OFF_T,
        TSK_HDB_FLAG_ENUM, TSK_HDB_LOOKUP_FN,
        void *);

    // Hash database functions for hash databases generated using HashKeeper. 
    extern uint8_t hk_test(FILE *);
    extern TSK_HDB_INFO *hk_open(FILE *, const TSK_TCHAR *);
    extern uint8_t hk_makeindex(TSK_HDB_INFO *, TSK_TCHAR * htype);
    extern uint8_t hk_getentry(TSK_HDB_INFO *, const char *, TSK_OFF_T,
        TSK_HDB_FLAG_ENUM, TSK_HDB_LOOKUP_FN,
        void *);

    // Hash database functions for external index files standing in for the 
    // original hash databases. 
    extern TSK_HDB_INFO *idxonly_open(const TSK_TCHAR *, const TSK_TCHAR *);
    extern const TSK_TCHAR *idxonly_get_db_path(TSK_HDB_INFO *);
    extern uint8_t idxonly_makeindex(TSK_HDB_INFO *, TSK_TCHAR *);
    extern uint8_t idxonly_getentry(TSK_HDB_INFO *, const char *,
        TSK_OFF_T, TSK_HDB_FLAG_ENUM,
        TSK_HDB_LOOKUP_FN, void *);

    // Hash database functions for SQLite hash databases.
    extern uint8_t sqlite_hdb_is_sqlite_file(FILE *);
    extern uint8_t sqlite_hdb_create_db(TSK_TCHAR*);
    extern TSK_HDB_INFO *sqlite_hdb_open(TSK_TCHAR *);
    extern int8_t sqlite_hdb_lookup_str(TSK_HDB_INFO *, const char *, TSK_HDB_FLAG_ENUM, TSK_HDB_LOOKUP_FN, void *);
    extern int8_t sqlite_hdb_lookup_bin(TSK_HDB_INFO *, uint8_t *, uint8_t, TSK_HDB_FLAG_ENUM, TSK_HDB_LOOKUP_FN, void *);
    extern int8_t sqlite_hdb_lookup_verbose_str(TSK_HDB_INFO *, const char *, void *);
    extern int8_t sqlite_hdb_lookup_verbose_bin(TSK_HDB_INFO *, uint8_t *, uint8_t, void *);
    extern uint8_t sqlite_hdb_add_entry(TSK_HDB_INFO *, const char *, 
        const char *, const char *, const char *, const char *);
    extern uint8_t sqlite_hdb_begin_transaction(TSK_HDB_INFO *);
    extern uint8_t sqlite_hdb_commit_transaction(TSK_HDB_INFO *);
    extern uint8_t sqlite_hdb_rollback_transaction(TSK_HDB_INFO *);
    extern void sqlite_hdb_close(TSK_HDB_INFO *);

#ifdef __cplusplus
}
#endif
#endif