1 files changed, 59 insertions, 0 deletions

diff --git a/include/hash_ledger.h b/include/hash_ledger.h
new file mode 100644
index 0000000..24e2ac3
--- /dev/null
+++ b/include/hash_ledger.h
@@ -0,0 +1,59 @@
+#pragma once
+
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <time.h>
+#include <stddef.h>
+#include <stdbool.h>
+#include <limits.h>
+
+#define MAX_MATCHED_PATTERNS 32
+#define MAX_MATCHED_RULES    16
+
+typedef enum {
+	VERDICT_UNKNOWN = 0,
+	VERDICT_ALLOW,
+	VERDICT_BLOCK,
+	VERDICT_QUARANTINE,
+	VERDICT_INFORMATIONAL
+} scan_verdict_t;
+
+struct hash_entry {
+	char               path[PATH_MAX];
+	char               md5[33];
+	char               sha256[65];
+	double             entropy;
+	struct stat        sb;
+	time_t             last_scanned;
+	size_t             scan_count;
+
+	scan_verdict_t     verdict;
+	const char        *matched_patterns[MAX_MATCHED_PATTERNS];
+	size_t             matched_pattern_count;
+	const char        *matched_rules[MAX_MATCHED_RULES];
+	size_t             matched_rule_count;
+
+	struct hash_entry *next; // collision handling
+};
+
+struct hash_ledger {
+	size_t              num_buckets;
+	struct hash_entry **buckets;
+};
+
+// structure to hold output for multihash()
+struct multihash {
+	char    md5[33];
+	char    sha256[65];
+	double  entropy;
+};
+
+// TODO hash_ledger_t
+struct hash_ledger *hash_ledger_init(size_t num_buckets);
+void hash_ledger_destroy(struct hash_ledger *ledger);
+size_t hash_ledger_bucket(struct hash_ledger *ledger, const char *path);
+struct hash_entry *hash_ledger_find(struct hash_ledger *ledger, const char *path);
+struct hash_entry *hash_ledger_add_or_update(struct hash_ledger *ledger,
+											 const char *path,
+											 struct stat *sb);
+bool multihash_file(const char *path, struct multihash *out);