TEST(SHA512Test, test_sha512_short_msg) {
ASSERT_EQ(SHA512_SHORT_MSG.size(), SHA512_SHORT_MSG_HEXDIGEST.size());
for ( unsigned int i = 0; i < SHA512_SHORT_MSG.size(); ++i ) {
auto sha512 = SHA512(unhexlify(SHA512_SHORT_MSG[i]));
EXPECT_EQ(sha512.hexdigest(), SHA512_SHORT_MSG_HEXDIGEST[i]);
}
}
static unsigned char *
verify_ec(br_x509_pkey *pk, const char *file, const char *sigfile)
{
char hexbuf[br_sha512_SIZE * 2 + 2];
unsigned char rhbuf[br_sha512_SIZE];
char *hex;
br_sha256_context ctx;
unsigned char *fcp, *scp;
size_t flen, slen, plen;
pem_object *po;
const br_ec_impl *ec;
br_ecdsa_vrfy vrfy;
if ((fcp = read_file(file, &flen)) == NULL)
return (NULL);
if ((scp = read_file(sigfile, &slen)) == NULL) {
free(fcp);
return (NULL);
}
if ((po = decode_pem(scp, slen, &plen)) == NULL) {
free(fcp);
free(scp);
return (NULL);
}
br_sha256_init(&ctx);
br_sha256_update(&ctx, fcp, flen);
br_sha256_out(&ctx, rhbuf);
hex = hexdigest(hexbuf, sizeof(hexbuf), rhbuf, br_sha256_SIZE);
/* now hash that */
if (hex) {
br_sha256_init(&ctx);
br_sha256_update(&ctx, hex, strlen(hex));
br_sha256_out(&ctx, rhbuf);
}
ec = br_ec_get_default();
vrfy = br_ecdsa_vrfy_asn1_get_default();
if (!vrfy(ec, rhbuf, br_sha256_SIZE, &pk->key.ec, po->data,
po->data_len)) {
free(fcp);
fcp = NULL;
}
free(scp);
return (fcp);
}
/**
* @brief verify hash matches
*
* We have finished hashing a file,
* see if we got the desired result.
*
* @param[in] ctx
* pointer to hash context
*
* @param[in] md
* pointer to hash class
*
* @param[in] path
* name of the file we are checking
*
* @param[in] want
* the expected result
*
* @param[in] hlen
* size of hash output
*
* @return 0 on success
*/
int
ve_check_hash(br_hash_compat_context *ctx, const br_hash_class *md,
const char *path, const char *want, size_t hlen)
{
char hexbuf[br_sha512_SIZE * 2 + 2];
unsigned char hbuf[br_sha512_SIZE];
char *hex;
int rc;
int n;
md->out(&ctx->vtable, hbuf);
#ifdef VE_PCR_SUPPORT
ve_pcr_update(hbuf, hlen);
#endif
hex = hexdigest(hexbuf, sizeof(hexbuf), hbuf, hlen);
if (!hex)
return (VE_FINGERPRINT_WRONG);
n = 2*hlen;
if ((rc = strncmp(hex, want, n))) {
ve_error_set("%s: %.*s != %.*s", path, n, hex, n, want);
rc = VE_FINGERPRINT_WRONG;
}
return (rc ? rc : VE_FINGERPRINT_OK);
}
static uint8_t
process_tsk_file(TSK_FS_FILE * fs_file, const char *path)
{
/* Use a flag to determine if a file is generically fit for plugins. */
bool can_run_plugin;
/* Make sure that the SleuthKit structures are properly set */
if (fs_file->name == NULL)
return 1;
if (fs_file->meta == NULL && opt_debug)
printf("File: %s %s has no meta\n", path, fs_file->name->name);
/* SleuthKit meta types are defined in tsk_fs.h.*/
if (opt_debug) printf("Processing %s%s type=%s (0x%x) \n",
path, fs_file->name->name,
tsk_fs_name_type_str[fs_file->name->type],fs_file->name->type);
/* Recover the filename from the fs_dent, if it is provided */
content ci(fs_file->fs_info->img_info); // where the content will go
ci.evidence_dirname = path;
ci.set_filename(fs_file->name->name);
/* If we are filtering and we have a filename, see if we want this file. */
if (ci.name_filtered()) return 0;
/* Looks like we are processing */
if(a) a->new_row(); // tell ARFF we are starting a new row
if(x) x->push("fileobject"); // tell XML we are starting a new XML object
if(opt_parent_tracking)
{
if(fs_file->name->par_addr) {
if(x)
{
x->push("parent_object");
file_info("inode", fs_file->name->par_addr);
if(x) x->pop();
}
if((t||a) && !opt_body_file)
{
file_info("parent_inode", fs_file->name->par_addr);
}
}
}
if(fs_file->meta != NULL)
{
/* Get the content if needed */
if(ci.need_file_walk() && (opt_maxgig==0 || fs_file->meta->size/1000000000 < opt_maxgig)) {
int myflags = TSK_FS_FILE_WALK_FLAG_NOID;
if (opt_no_data) myflags |= TSK_FS_FILE_WALK_FLAG_AONLY;
if (tsk_fs_file_walk (fs_file, (TSK_FS_FILE_WALK_FLAG_ENUM) myflags, file_act, (void *) &ci)) {
// ignore errors from deleted files that were being recovered
//if (tsk_errno != TSK_ERR_FS_RECOVER) {
if (tsk_error_get_errno() != TSK_ERR_FS_RECOVER) {
if(opt_debug) {
fprintf(stderr,"Processing: %s/%s (%" PRIuINUM ")\n", path,
fs_file->name->name, fs_file->meta->addr);
tsk_error_print(stderr);
}
}
tsk_error_reset();
}
}
}
if(file_count_max && file_count>file_count_max) return TSK_WALK_STOP;
file_count++;
/* Send through to the plugin if we were doing that.
* Currently results only go to ARFF file, not to the XML file.
*/
/* Finally output the informaton */
if(opt_body_file && (fs_file->meta != NULL)) {
char ls[64];
tsk_fs_meta_make_ls(fs_file->meta,ls,sizeof(ls));
fprintf(t,"%s|%s|%" PRId64 "|%s|%d|%d|%" PRId64 "|%d|%d|%d|%d\n",
ci.h_md5.final().hexdigest().c_str(),ci.filename().c_str(),fs_file->meta->addr,
ls,fs_file->meta->uid,fs_file->meta->gid,
fs_file->meta->size,
(uint32_t)(fs_file->meta->atime),
(uint32_t)fs_file->meta->mtime,
(uint32_t)fs_file->meta->ctime,
(uint32_t)fs_file->meta->crtime);
return TSK_WALK_CONT;
}
