예제 #1
0
TEST(SHA512Test, test_sha512_short_msg) {

    ASSERT_EQ(SHA512_SHORT_MSG.size(), SHA512_SHORT_MSG_HEXDIGEST.size());

    for ( unsigned int i = 0; i < SHA512_SHORT_MSG.size(); ++i ) {
        auto sha512 = SHA512(unhexlify(SHA512_SHORT_MSG[i]));
        EXPECT_EQ(sha512.hexdigest(), SHA512_SHORT_MSG_HEXDIGEST[i]);
    }
}
예제 #2
0
static unsigned char *
verify_ec(br_x509_pkey *pk, const char *file, const char *sigfile)
{
	char hexbuf[br_sha512_SIZE * 2 + 2];
	unsigned char rhbuf[br_sha512_SIZE];
	char *hex;
	br_sha256_context ctx;
	unsigned char *fcp, *scp;
	size_t flen, slen, plen;
	pem_object *po;
	const br_ec_impl *ec;
	br_ecdsa_vrfy vrfy;

	if ((fcp = read_file(file, &flen)) == NULL)
		return (NULL);
	if ((scp = read_file(sigfile, &slen)) == NULL) {
		free(fcp);
		return (NULL);
	}
	if ((po = decode_pem(scp, slen, &plen)) == NULL) {
		free(fcp);
		free(scp);
		return (NULL);
	}
	br_sha256_init(&ctx);
	br_sha256_update(&ctx, fcp, flen);
	br_sha256_out(&ctx, rhbuf);
	hex = hexdigest(hexbuf, sizeof(hexbuf), rhbuf, br_sha256_SIZE);
	/* now hash that */
	if (hex) {
		br_sha256_init(&ctx);
		br_sha256_update(&ctx, hex, strlen(hex));
		br_sha256_out(&ctx, rhbuf);
	}
	ec = br_ec_get_default();
	vrfy = br_ecdsa_vrfy_asn1_get_default();
	if (!vrfy(ec, rhbuf, br_sha256_SIZE, &pk->key.ec, po->data,
		po->data_len)) {
		free(fcp);
		fcp = NULL;
	}
	free(scp);
	return (fcp);
}
예제 #3
0
/**
 * @brief verify hash matches
 *
 * We have finished hashing a file,
 * see if we got the desired result.
 *
 * @param[in] ctx
 *	pointer to hash context
 *
 * @param[in] md
 *	pointer to hash class
 *
 * @param[in] path
 *	name of the file we are checking
 *
 * @param[in] want
 *	the expected result
 *
 * @param[in] hlen
 *	size of hash output
 *
 * @return 0 on success
 */
int
ve_check_hash(br_hash_compat_context *ctx, const br_hash_class *md,
    const char *path, const char *want, size_t hlen)
{
	char hexbuf[br_sha512_SIZE * 2 + 2];
	unsigned char hbuf[br_sha512_SIZE];
	char *hex;
	int rc;
	int n;

	md->out(&ctx->vtable, hbuf);
#ifdef VE_PCR_SUPPORT
	ve_pcr_update(hbuf, hlen);
#endif
	hex = hexdigest(hexbuf, sizeof(hexbuf), hbuf, hlen);
	if (!hex)
		return (VE_FINGERPRINT_WRONG);
	n = 2*hlen;
	if ((rc = strncmp(hex, want, n))) {
		ve_error_set("%s: %.*s != %.*s", path, n, hex, n, want);
		rc = VE_FINGERPRINT_WRONG;
	}
	return (rc ? rc : VE_FINGERPRINT_OK);
}
예제 #4
0
static uint8_t
process_tsk_file(TSK_FS_FILE * fs_file, const char *path)
{
    /* Use a flag to determine if a file is generically fit for plugins. */
    bool can_run_plugin;

    /* Make sure that the SleuthKit structures are properly set */
    if (fs_file->name == NULL)
        return 1;
    if (fs_file->meta == NULL && opt_debug)
        printf("File: %s %s  has no meta\n", path, fs_file->name->name);

    /* SleuthKit meta types are defined in tsk_fs.h.*/

    if (opt_debug) printf("Processing %s%s type=%s (0x%x) \n",
                              path, fs_file->name->name,
                              tsk_fs_name_type_str[fs_file->name->type],fs_file->name->type);

    /* Recover the filename from the fs_dent, if it is provided */
    content ci(fs_file->fs_info->img_info);	// where the content will go
    ci.evidence_dirname = path;
    ci.set_filename(fs_file->name->name);

    /* If we are filtering and we have a filename, see if we want this file. */
    if (ci.name_filtered()) return 0;

    /* Looks like we are processing */
    if(a) a->new_row();			// tell ARFF we are starting a new row
    if(x) x->push("fileobject"); 	// tell XML we are starting a new XML object
    if(opt_parent_tracking)
    {
        if(fs_file->name->par_addr) {
            if(x)
            {
                x->push("parent_object");
                file_info("inode", fs_file->name->par_addr);
                if(x) x->pop();
            }
            if((t||a) && !opt_body_file)
            {
                file_info("parent_inode", fs_file->name->par_addr);
            }
        }
    }

    if(fs_file->meta != NULL)
    {
        /* Get the content if needed */
        if(ci.need_file_walk() && (opt_maxgig==0 || fs_file->meta->size/1000000000 < opt_maxgig)) {
            int myflags = TSK_FS_FILE_WALK_FLAG_NOID;
            if (opt_no_data) myflags |= TSK_FS_FILE_WALK_FLAG_AONLY;
            if (tsk_fs_file_walk (fs_file, (TSK_FS_FILE_WALK_FLAG_ENUM) myflags, file_act, (void *) &ci)) {

                // ignore errors from deleted files that were being recovered
                //if (tsk_errno != TSK_ERR_FS_RECOVER) {
                if (tsk_error_get_errno() != TSK_ERR_FS_RECOVER) {
                    if(opt_debug) {
                        fprintf(stderr,"Processing: %s/%s (%" PRIuINUM ")\n", path,
                                fs_file->name->name, fs_file->meta->addr);
                        tsk_error_print(stderr);
                    }
                }
                tsk_error_reset();
            }
        }
    }

    if(file_count_max && file_count>file_count_max) return TSK_WALK_STOP;
    file_count++;

    /* Send through to the plugin if we were doing that.
     * Currently results only go to ARFF file, not to the XML file.
     */

    /* Finally output the informaton */
    if(opt_body_file && (fs_file->meta != NULL)) {
        char ls[64];
        tsk_fs_meta_make_ls(fs_file->meta,ls,sizeof(ls));
        fprintf(t,"%s|%s|%" PRId64 "|%s|%d|%d|%" PRId64 "|%d|%d|%d|%d\n",
                ci.h_md5.final().hexdigest().c_str(),ci.filename().c_str(),fs_file->meta->addr,
                ls,fs_file->meta->uid,fs_file->meta->gid,
                fs_file->meta->size,
                (uint32_t)(fs_file->meta->atime),
                (uint32_t)fs_file->meta->mtime,
                (uint32_t)fs_file->meta->ctime,
                (uint32_t)fs_file->meta->crtime);
        return TSK_WALK_CONT;
    }