From 2278df1493e064c197913e49b5d1935942d83448 Mon Sep 17 00:00:00 2001 From: daniel Date: Tue, 6 May 2025 16:57:32 -0700 Subject: initial import --- include/hash_ledger.h | 59 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 59 insertions(+) create mode 100644 include/hash_ledger.h (limited to 'include/hash_ledger.h') diff --git a/include/hash_ledger.h b/include/hash_ledger.h new file mode 100644 index 0000000..24e2ac3 --- /dev/null +++ b/include/hash_ledger.h @@ -0,0 +1,59 @@ +#pragma once + +#include +#include +#include +#include +#include +#include + +#define MAX_MATCHED_PATTERNS 32 +#define MAX_MATCHED_RULES 16 + +typedef enum { + VERDICT_UNKNOWN = 0, + VERDICT_ALLOW, + VERDICT_BLOCK, + VERDICT_QUARANTINE, + VERDICT_INFORMATIONAL +} scan_verdict_t; + +struct hash_entry { + char path[PATH_MAX]; + char md5[33]; + char sha256[65]; + double entropy; + struct stat sb; + time_t last_scanned; + size_t scan_count; + + scan_verdict_t verdict; + const char *matched_patterns[MAX_MATCHED_PATTERNS]; + size_t matched_pattern_count; + const char *matched_rules[MAX_MATCHED_RULES]; + size_t matched_rule_count; + + struct hash_entry *next; // collision handling +}; + +struct hash_ledger { + size_t num_buckets; + struct hash_entry **buckets; +}; + +// structure to hold output for multihash() +struct multihash { + char md5[33]; + char sha256[65]; + double entropy; +}; + +// TODO hash_ledger_t +struct hash_ledger *hash_ledger_init(size_t num_buckets); +void hash_ledger_destroy(struct hash_ledger *ledger); +size_t hash_ledger_bucket(struct hash_ledger *ledger, const char *path); +struct hash_entry *hash_ledger_find(struct hash_ledger *ledger, const char *path); +struct hash_entry *hash_ledger_add_or_update(struct hash_ledger *ledger, + const char *path, + struct stat *sb); +bool multihash_file(const char *path, struct multihash *out); -- cgit v1.2.3