|
Packit |
762fc5 |
/* Aide, Advanced Intrusion Detection Environment
|
|
Packit |
762fc5 |
*
|
|
Packit |
762fc5 |
* Copyright (C) 1999-2002,2005,2006,2010 Rami Lehti, Pablo Virolainen,
|
|
Packit |
762fc5 |
* Richard van den Berg
|
|
Packit |
762fc5 |
* $Header$
|
|
Packit |
762fc5 |
*
|
|
Packit |
762fc5 |
* This program is free software; you can redistribute it and/or
|
|
Packit |
762fc5 |
* modify it under the terms of the GNU General Public License as
|
|
Packit |
762fc5 |
* published by the Free Software Foundation; either version 2 of the
|
|
Packit |
762fc5 |
* License, or (at your option) any later version.
|
|
Packit |
762fc5 |
*
|
|
Packit |
762fc5 |
* This program is distributed in the hope that it will be useful, but
|
|
Packit |
762fc5 |
* WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
Packit |
762fc5 |
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
Packit |
762fc5 |
* General Public License for more details.
|
|
Packit |
762fc5 |
*
|
|
Packit |
762fc5 |
* You should have received a copy of the GNU General Public License
|
|
Packit |
762fc5 |
* along with this program; if not, write to the Free Software
|
|
Packit |
762fc5 |
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
|
Packit |
762fc5 |
*/
|
|
Packit |
762fc5 |
|
|
Packit |
762fc5 |
#include "aide.h"
|
|
Packit |
762fc5 |
#include <stdlib.h>
|
|
Packit |
762fc5 |
#include "md.h"
|
|
Packit |
762fc5 |
#include "report.h"
|
|
Packit |
762fc5 |
#include <string.h>
|
|
Packit |
762fc5 |
#ifdef WITH_MHASH
|
|
Packit |
762fc5 |
#include <mhash.h>
|
|
Packit |
762fc5 |
#endif
|
|
Packit |
762fc5 |
#define HASH_HAVAL_LEN HASH_HAVAL256_LEN
|
|
Packit |
762fc5 |
|
|
Packit |
762fc5 |
|
|
Packit |
762fc5 |
/*
|
|
Packit |
762fc5 |
It might be a good idea to construct a table, where these values are
|
|
Packit |
762fc5 |
stored. Only a speed issue.
|
|
Packit |
762fc5 |
*/
|
|
Packit |
762fc5 |
|
|
Packit |
762fc5 |
DB_ATTR_TYPE hash_gcrypt2attr(int i) {
|
|
Packit |
d0fd42 |
DB_ATTR_TYPE r=0;
|
|
Packit Service |
a02450 |
#ifdef WITH_GCRYPT
|
|
Packit |
762fc5 |
switch (i) {
|
|
Packit |
762fc5 |
case GCRY_MD_MD5: {
|
|
Packit |
762fc5 |
r=DB_MD5;
|
|
Packit |
762fc5 |
break;
|
|
Packit |
762fc5 |
}
|
|
Packit |
762fc5 |
case GCRY_MD_SHA1: {
|
|
Packit |
762fc5 |
r=DB_SHA1;
|
|
Packit |
762fc5 |
break;
|
|
Packit |
762fc5 |
}
|
|
Packit |
762fc5 |
case GCRY_MD_RMD160: {
|
|
Packit |
762fc5 |
r=DB_RMD160;
|
|
Packit |
762fc5 |
break;
|
|
Packit |
762fc5 |
}
|
|
Packit |
762fc5 |
case GCRY_MD_TIGER: {
|
|
Packit |
762fc5 |
r=DB_TIGER;
|
|
Packit |
762fc5 |
break;
|
|
Packit |
762fc5 |
}
|
|
Packit |
762fc5 |
case GCRY_MD_HAVAL: {
|
|
Packit |
762fc5 |
r=DB_HAVAL;
|
|
Packit |
762fc5 |
break;
|
|
Packit |
762fc5 |
}
|
|
Packit |
762fc5 |
case GCRY_MD_SHA256: {
|
|
Packit |
762fc5 |
r=DB_SHA256;
|
|
Packit |
762fc5 |
break;
|
|
Packit |
762fc5 |
}
|
|
Packit |
762fc5 |
case GCRY_MD_SHA512: {
|
|
Packit |
762fc5 |
r=DB_SHA512;
|
|
Packit |
762fc5 |
break;
|
|
Packit |
762fc5 |
}
|
|
Packit |
762fc5 |
case GCRY_MD_CRC32: {
|
|
Packit |
762fc5 |
r=DB_CRC32;
|
|
Packit |
762fc5 |
break;
|
|
Packit |
762fc5 |
}
|
|
Packit |
762fc5 |
default:
|
|
Packit |
762fc5 |
break;
|
|
Packit |
762fc5 |
}
|
|
Packit |
d0fd42 |
#endif
|
|
Packit |
bf28f1 |
return r;
|
|
Packit |
bf28f1 |
}
|
|
Packit |
bf28f1 |
|
|
Packit |
762fc5 |
DB_ATTR_TYPE hash_mhash2attr(int i) {
|
|
Packit |
d0fd42 |
DB_ATTR_TYPE r=0;
|
|
Packit Service |
a02450 |
#ifdef WITH_MHASH
|
|
Packit |
762fc5 |
switch (i) {
|
|
Packit |
762fc5 |
case MHASH_CRC32: {
|
|
Packit |
762fc5 |
r=DB_CRC32;
|
|
Packit |
762fc5 |
break;
|
|
Packit |
762fc5 |
}
|
|
Packit |
762fc5 |
case MHASH_MD5: {
|
|
Packit |
762fc5 |
r=DB_MD5;
|
|
Packit |
762fc5 |
break;
|
|
Packit |
762fc5 |
}
|
|
Packit |
762fc5 |
case MHASH_SHA1: {
|
|
Packit |
762fc5 |
r=DB_SHA1;
|
|
Packit |
762fc5 |
break;
|
|
Packit |
762fc5 |
}
|
|
Packit |
762fc5 |
case MHASH_HAVAL: {
|
|
Packit |
762fc5 |
r=DB_HAVAL;
|
|
Packit |
762fc5 |
break;
|
|
Packit |
762fc5 |
}
|
|
Packit |
762fc5 |
case MHASH_RMD160: {
|
|
Packit |
762fc5 |
r=DB_RMD160;
|
|
Packit |
762fc5 |
break;
|
|
Packit |
762fc5 |
}
|
|
Packit |
762fc5 |
case MHASH_TIGER: {
|
|
Packit |
762fc5 |
r=DB_TIGER;
|
|
Packit |
762fc5 |
break;
|
|
Packit |
762fc5 |
}
|
|
Packit |
762fc5 |
case MHASH_GOST: {
|
|
Packit |
762fc5 |
r=DB_GOST;
|
|
Packit |
762fc5 |
break;
|
|
Packit |
762fc5 |
}
|
|
Packit |
762fc5 |
case MHASH_CRC32B: {
|
|
Packit |
762fc5 |
r=DB_CRC32B;
|
|
Packit |
762fc5 |
break;
|
|
Packit |
762fc5 |
}
|
|
Packit |
762fc5 |
case MHASH_HAVAL224: {
|
|
Packit |
762fc5 |
break;
|
|
Packit |
762fc5 |
}
|
|
Packit |
762fc5 |
case MHASH_HAVAL192: {
|
|
Packit |
762fc5 |
break;
|
|
Packit |
762fc5 |
}
|
|
Packit |
762fc5 |
case MHASH_HAVAL160: {
|
|
Packit |
762fc5 |
break;
|
|
Packit |
762fc5 |
}
|
|
Packit |
762fc5 |
case MHASH_HAVAL128: {
|
|
Packit |
762fc5 |
break;
|
|
Packit |
762fc5 |
}
|
|
Packit |
762fc5 |
case MHASH_TIGER128: {
|
|
Packit |
762fc5 |
break;
|
|
Packit |
762fc5 |
}
|
|
Packit |
762fc5 |
case MHASH_TIGER160: {
|
|
Packit |
762fc5 |
break;
|
|
Packit |
762fc5 |
}
|
|
Packit |
762fc5 |
case MHASH_MD4: {
|
|
Packit |
762fc5 |
break;
|
|
Packit |
762fc5 |
}
|
|
Packit |
762fc5 |
case MHASH_SHA256: {
|
|
Packit |
762fc5 |
r=DB_SHA256;
|
|
Packit |
762fc5 |
break;
|
|
Packit |
762fc5 |
}
|
|
Packit |
762fc5 |
case MHASH_SHA512: {
|
|
Packit |
762fc5 |
r=DB_SHA512;
|
|
Packit |
762fc5 |
break;
|
|
Packit |
762fc5 |
}
|
|
Packit |
762fc5 |
#ifdef HAVE_MHASH_WHIRLPOOL
|
|
Packit |
762fc5 |
case MHASH_WHIRLPOOL: {
|
|
Packit |
762fc5 |
r=DB_WHIRLPOOL;
|
|
Packit |
762fc5 |
break;
|
|
Packit |
762fc5 |
}
|
|
Packit |
762fc5 |
#endif
|
|
Packit |
762fc5 |
case MHASH_ADLER32: {
|
|
Packit |
762fc5 |
break;
|
|
Packit |
762fc5 |
}
|
|
Packit |
762fc5 |
default:
|
|
Packit |
762fc5 |
break;
|
|
Packit |
762fc5 |
}
|
|
Packit |
d0fd42 |
#endif
|
|
Packit Service |
a02450 |
return r;
|
|
Packit |
762fc5 |
}
|
|
Packit |
762fc5 |
|
|
Packit |
762fc5 |
/*
|
|
Packit |
762fc5 |
Initialise md_container according it's todo_attr field
|
|
Packit |
762fc5 |
*/
|
|
Packit |
762fc5 |
|
|
Packit |
762fc5 |
int init_md(struct md_container* md) {
|
|
Packit |
762fc5 |
|
|
Packit |
762fc5 |
int i;
|
|
Packit |
762fc5 |
/* First we check the parameter.. */
|
|
Packit |
762fc5 |
#ifdef _PARAMETER_CHECK_
|
|
Packit |
762fc5 |
if (md==NULL) {
|
|
Packit |
762fc5 |
return RETFAIL;
|
|
Packit |
762fc5 |
}
|
|
Packit |
762fc5 |
#endif
|
|
Packit |
762fc5 |
error(255,"init_md called\n");
|
|
Packit |
762fc5 |
/*
|
|
Packit |
762fc5 |
We don't have calculator for this yet :)
|
|
Packit |
762fc5 |
*/
|
|
Packit |
762fc5 |
md->calc_attr=0;
|
|
Packit |
762fc5 |
#ifdef WITH_MHASH
|
|
Packit |
762fc5 |
error(255,"Mhash library initialization\n");
|
|
Packit |
762fc5 |
for(i=0;i<=HASH_MHASH_COUNT;i++) {
|
|
Packit |
762fc5 |
if (((hash_mhash2attr(i)&HASH_USE_MHASH)&md->todo_attr)!=0) {
|
|
Packit |
762fc5 |
DB_ATTR_TYPE h=hash_mhash2attr(i);
|
|
Packit |
762fc5 |
error(255,"inserting %llu\n",h);
|
|
Packit |
762fc5 |
md->mhash_mdh[i]=mhash_init(i);
|
|
Packit |
762fc5 |
if (md->mhash_mdh[i]!=MHASH_FAILED) {
|
|
Packit |
762fc5 |
md->calc_attr|=h;
|
|
Packit |
762fc5 |
} else {
|
|
Packit |
762fc5 |
/*
|
|
Packit |
762fc5 |
Oops..
|
|
Packit |
762fc5 |
We just don't calculate this.
|
|
Packit |
762fc5 |
*/
|
|
Packit |
762fc5 |
|
|
Packit |
762fc5 |
md->todo_attr&=~h;
|
|
Packit |
762fc5 |
}
|
|
Packit |
762fc5 |
|
|
Packit |
762fc5 |
} else {
|
|
Packit |
762fc5 |
md->mhash_mdh[i]=MHASH_FAILED;
|
|
Packit |
762fc5 |
}
|
|
Packit |
762fc5 |
}
|
|
Packit |
762fc5 |
#endif
|
|
Packit |
762fc5 |
#ifdef WITH_GCRYPT
|
|
Packit Service |
851cbb |
if(gcry_md_open(&md->mdh,0,GCRY_MD_FLAG_SECURE)!=GPG_ERR_NO_ERROR){
|
|
Packit |
762fc5 |
error(0,"gcrypt_md_open failed\n");
|
|
Packit |
762fc5 |
exit(IO_ERROR);
|
|
Packit |
762fc5 |
}
|
|
Packit |
762fc5 |
for(i=0;i<=HASH_GCRYPT_COUNT;i++) {
|
|
Packit |
762fc5 |
if (((hash_gcrypt2attr(i)&HASH_USE_GCRYPT)&md->todo_attr)!=0) {
|
|
Packit Service |
a02450 |
DB_ATTR_TYPE h=hash_gcrypt2attr(i);
|
|
Packit Service |
a02450 |
error(255,"inserting %llu\n",h);
|
|
Packit |
762fc5 |
if(gcry_md_enable(md->mdh,i)==GPG_ERR_NO_ERROR){
|
|
Packit |
762fc5 |
md->calc_attr|=h;
|
|
Packit |
762fc5 |
} else {
|
|
Packit Service |
a02450 |
error(0,"gcry_md_enable %i failed",i);
|
|
Packit |
762fc5 |
md->todo_attr&=~h;
|
|
Packit |
762fc5 |
}
|
|
Packit |
762fc5 |
}
|
|
Packit |
762fc5 |
}
|
|
Packit |
762fc5 |
#endif
|
|
Packit |
762fc5 |
return RETOK;
|
|
Packit |
762fc5 |
}
|
|
Packit |
762fc5 |
|
|
Packit |
762fc5 |
/*
|
|
Packit |
762fc5 |
update :)
|
|
Packit |
762fc5 |
Just call this when you have more data.
|
|
Packit |
762fc5 |
*/
|
|
Packit |
762fc5 |
|
|
Packit |
762fc5 |
int update_md(struct md_container* md,void* data,ssize_t size) {
|
|
Packit Service |
a02450 |
int i;
|
|
Packit |
762fc5 |
|
|
Packit |
762fc5 |
error(255,"update_md called\n");
|
|
Packit |
762fc5 |
|
|
Packit |
762fc5 |
#ifdef _PARAMETER_CHECK_
|
|
Packit |
762fc5 |
if (md==NULL||data==NULL) {
|
|
Packit |
762fc5 |
return RETFAIL;
|
|
Packit |
762fc5 |
}
|
|
Packit |
762fc5 |
#endif
|
|
Packit |
762fc5 |
|
|
Packit |
762fc5 |
#ifdef WITH_MHASH
|
|
Packit |
762fc5 |
|
|
Packit |
762fc5 |
for(i=0;i<=HASH_MHASH_COUNT;i++) {
|
|
Packit |
762fc5 |
if (md->mhash_mdh[i]!=MHASH_FAILED) {
|
|
Packit |
762fc5 |
mhash (md->mhash_mdh[i], data, size);
|
|
Packit |
762fc5 |
}
|
|
Packit |
762fc5 |
}
|
|
Packit |
762fc5 |
|
|
Packit |
762fc5 |
#endif /* WITH_MHASH */
|
|
Packit |
762fc5 |
#ifdef WITH_GCRYPT
|
|
Packit |
762fc5 |
gcry_md_write(md->mdh, data, size);
|
|
Packit |
762fc5 |
#endif
|
|
Packit |
762fc5 |
return RETOK;
|
|
Packit |
762fc5 |
}
|
|
Packit |
762fc5 |
|
|
Packit |
762fc5 |
/*
|
|
Packit |
762fc5 |
close.. Does some magic.
|
|
Packit |
762fc5 |
After this calling update_db is not a good idea.
|
|
Packit |
762fc5 |
*/
|
|
Packit |
762fc5 |
|
|
Packit |
762fc5 |
int close_md(struct md_container* md) {
|
|
Packit Service |
a02450 |
int i;
|
|
Packit |
762fc5 |
#ifdef _PARAMETER_CHECK_
|
|
Packit |
762fc5 |
if (md==NULL) {
|
|
Packit |
762fc5 |
return RETFAIL;
|
|
Packit |
762fc5 |
}
|
|
Packit |
762fc5 |
#endif
|
|
Packit |
762fc5 |
error(255,"close_md called \n");
|
|
Packit |
762fc5 |
#ifdef WITH_MHASH
|
|
Packit |
762fc5 |
for(i=0;i<=HASH_MHASH_COUNT;i++) {
|
|
Packit |
762fc5 |
if (md->mhash_mdh[i]!=MHASH_FAILED) {
|
|
Packit |
762fc5 |
mhash (md->mhash_mdh[i], NULL, 0);
|
|
Packit |
762fc5 |
}
|
|
Packit |
762fc5 |
}
|
|
Packit |
762fc5 |
#endif /* WITH_MHASH */
|
|
Packit |
762fc5 |
#ifdef WITH_GCRYPT
|
|
Packit |
762fc5 |
gcry_md_final(md->mdh);
|
|
Packit |
762fc5 |
/* Let's flush the buffers */
|
|
Packit |
762fc5 |
|
|
Packit |
762fc5 |
#define get_libgcrypt_hash(a,b,c,d) \
|
|
Packit |
762fc5 |
if(md->calc_attr&a&HASH_USE_GCRYPT){\
|
|
Packit |
762fc5 |
error(255,"Getting hash %i\n",b);\
|
|
Packit |
762fc5 |
memcpy(md->c,gcry_md_read(md->mdh,b),d);\
|
|
Packit |
762fc5 |
}
|
|
Packit |
762fc5 |
|
|
Packit |
762fc5 |
get_libgcrypt_hash(DB_MD5,GCRY_MD_MD5,md5,HASH_MD5_LEN);
|
|
Packit |
762fc5 |
get_libgcrypt_hash(DB_SHA1,GCRY_MD_SHA1,sha1,HASH_SHA1_LEN);
|
|
Packit |
762fc5 |
get_libgcrypt_hash(DB_TIGER,GCRY_MD_TIGER,tiger,HASH_TIGER_LEN);
|
|
Packit |
762fc5 |
get_libgcrypt_hash(DB_RMD160,GCRY_MD_RMD160,rmd160,HASH_RMD160_LEN);
|
|
Packit |
762fc5 |
get_libgcrypt_hash(DB_SHA256,GCRY_MD_SHA256,sha256,HASH_SHA256_LEN);
|
|
Packit |
762fc5 |
get_libgcrypt_hash(DB_SHA512,GCRY_MD_SHA512,sha512,HASH_SHA512_LEN);
|
|
Packit |
762fc5 |
get_libgcrypt_hash(DB_CRC32,GCRY_MD_CRC32,crc32,HASH_CRC32_LEN);
|
|
Packit |
762fc5 |
|
|
Packit |
762fc5 |
/*. There might be more hashes in the library. Add those here.. */
|
|
Packit |
762fc5 |
|
|
Packit Service |
851cbb |
gcry_md_close(md->mdh);
|
|
Packit |
762fc5 |
#endif
|
|
Packit |
762fc5 |
|
|
Packit |
762fc5 |
#ifdef WITH_MHASH
|
|
Packit |
762fc5 |
#define get_mhash_hash(b,c) \
|
|
Packit |
762fc5 |
if(md->mhash_mdh[b]!=MHASH_FAILED){ \
|
|
Packit |
762fc5 |
mhash_deinit(md->mhash_mdh[b],(void*)md->c); \
|
|
Packit |
762fc5 |
}
|
|
Packit |
762fc5 |
|
|
Packit |
762fc5 |
get_mhash_hash(MHASH_MD5,md5);
|
|
Packit |
762fc5 |
get_mhash_hash(MHASH_SHA1,sha1);
|
|
Packit |
762fc5 |
get_mhash_hash(MHASH_TIGER,tiger);
|
|
Packit |
762fc5 |
get_mhash_hash(MHASH_RMD160,rmd160);
|
|
Packit |
762fc5 |
get_mhash_hash(MHASH_CRC32,crc32);
|
|
Packit |
762fc5 |
get_mhash_hash(MHASH_HAVAL,haval);
|
|
Packit |
762fc5 |
get_mhash_hash(MHASH_GOST,gost);
|
|
Packit |
762fc5 |
get_mhash_hash(MHASH_CRC32B,crc32b);
|
|
Packit |
762fc5 |
get_mhash_hash(MHASH_SHA256,sha256);
|
|
Packit |
762fc5 |
get_mhash_hash(MHASH_SHA512,sha512);
|
|
Packit |
762fc5 |
#ifdef HAVE_MHASH_WHIRLPOOL
|
|
Packit |
762fc5 |
get_mhash_hash(MHASH_WHIRLPOOL,whirlpool);
|
|
Packit |
762fc5 |
#endif
|
|
Packit |
762fc5 |
|
|
Packit |
762fc5 |
/*
|
|
Packit |
762fc5 |
There might be more hashes in the library we want to use.
|
|
Packit |
762fc5 |
Add those here..
|
|
Packit |
762fc5 |
*/
|
|
Packit |
762fc5 |
|
|
Packit |
762fc5 |
#endif
|
|
Packit |
762fc5 |
return RETOK;
|
|
Packit |
762fc5 |
}
|
|
Packit |
762fc5 |
|
|
Packit |
762fc5 |
/*
|
|
Packit |
762fc5 |
Writes md_container to db_line.
|
|
Packit |
762fc5 |
*/
|
|
Packit |
762fc5 |
|
|
Packit |
762fc5 |
void md2line(struct md_container* md,struct db_line* line) {
|
|
Packit |
762fc5 |
|
|
Packit |
762fc5 |
error(255,"md2line \n");
|
|
Packit |
762fc5 |
|
|
Packit |
762fc5 |
#ifdef _PARAMETER_CHECK_
|
|
Packit |
762fc5 |
if (md==NULL||line==NULL) {
|
|
Packit |
762fc5 |
return RETFAIL;
|
|
Packit |
762fc5 |
}
|
|
Packit |
762fc5 |
#endif
|
|
Packit |
762fc5 |
|
|
Packit |
762fc5 |
#define copyhash(a,b,c) \
|
|
Packit |
762fc5 |
if (line->attr&a) { \
|
|
Packit |
762fc5 |
error(255,"Line has %llu\n",a); \
|
|
Packit |
762fc5 |
if (md->calc_attr&a) { \
|
|
Packit |
762fc5 |
error(255,"copying %llu\n",a); \
|
|
Packit |
762fc5 |
line->b=(byte*)malloc(c); \
|
|
Packit |
762fc5 |
memcpy(line->b,md->b,c); \
|
|
Packit |
762fc5 |
} else { \
|
|
Packit |
762fc5 |
line->attr&=~a; \
|
|
Packit |
762fc5 |
} \
|
|
Packit |
762fc5 |
}
|
|
Packit |
762fc5 |
|
|
Packit |
762fc5 |
|
|
Packit |
762fc5 |
copyhash(DB_MD5,md5,HASH_MD5_LEN);
|
|
Packit |
762fc5 |
copyhash(DB_SHA1,sha1,HASH_SHA1_LEN);
|
|
Packit |
762fc5 |
copyhash(DB_RMD160,rmd160,HASH_RMD160_LEN);
|
|
Packit |
762fc5 |
copyhash(DB_TIGER,tiger,HASH_TIGER_LEN);
|
|
Packit |
762fc5 |
copyhash(DB_CRC32,crc32,HASH_CRC32_LEN);
|
|
Packit |
762fc5 |
copyhash(DB_HAVAL,haval,HASH_HAVAL_LEN);
|
|
Packit |
762fc5 |
copyhash(DB_GOST,gost,HASH_GOST_LEN);
|
|
Packit |
762fc5 |
copyhash(DB_CRC32B,crc32b,HASH_CRC32B_LEN);
|
|
Packit |
762fc5 |
|
|
Packit |
762fc5 |
copyhash(DB_SHA256,sha256,HASH_SHA256_LEN);
|
|
Packit |
762fc5 |
copyhash(DB_SHA512,sha512,HASH_SHA512_LEN);
|
|
Packit |
762fc5 |
copyhash(DB_WHIRLPOOL,whirlpool,HASH_WHIRLPOOL_LEN);
|
|
Packit |
762fc5 |
}
|