1 /** @file types.h
2  * Razorback API data types.
3  */
4 #ifndef RAZORBACK_TYPES_H
5 #define RAZORBACK_TYPES_H
6 
7 
8 #include <stdint.h>
9 #ifdef _MSC_VER
10 #include <WinSock2.h>
11 #include "safewindows.h"
12 #define bool BOOL
13 #define true TRUE
14 #define false FALSE
15 #else //_MSC_VER
16 #include <stdbool.h>
17 #include <unistd.h>
18 #endif //_MSC_VER
19 #include <uuid/uuid.h>
20 #include <stdlib.h>
21 #include <openssl/evp.h>
22 
23 #include <razorback/list.h>
24 
25 #define UUID_STRING_LENGTH 37   ///< The size of a UUID String including the null
26 
27 typedef enum
28 {
29     R_SUCCESS = 0,
30     R_ERROR = 1,
31     R_FOUND = 2,
32     R_NOT_FOUND = 3,
33 } Lookup_Result;
34 
35 /** Hash types
36  * @{
37  */
38 #define HASH_TYPE_MD5 1         ///< MD5 Hash
39 #define HASH_TYPE_SHA1 2        ///< SHA-1 Hash
40 #define HASH_TYPE_SHA224 3      ///< SHA224 Hash
41 #define HASH_TYPE_SHA256 4      ///< SHA256 Hash
42 #define HASH_TYPE_SHA512 5      ///< SHA512 Hash
43 /// @}
44 
45 /** Hash Flags
46  * @{
47  */
48 #define HASH_FLAG_FINAL 0x00000001  ///< Hash has been finalized.
49 /// @}
50 
51 /** Block Hash
52  * utilize various algorithms, eg. MD5, SHA256, etc. to uniquely identify block of data.
53  */
54 struct Hash
55 {
56     uint32_t iType;             ///< The hash Type.
57     uint32_t iSize;             ///< size of the data stored, must be the same for all hashes in system
58     uint8_t *pData;             ///< actual data of the hash
59     EVP_MD_CTX *CTX;         ///< Private hash data.
60     uint32_t iFlags;            ///< Hash Flags.
61 };
62 
63 /** Data Block ID
64  * If iLength is zero we dont have the block just the hash.
65  */
66 struct BlockId
67 {
68     struct Hash *pHash;         ///< The hash of the block
69     uuid_t uuidDataType;        ///< The UUID of the data type in the block
70     uint64_t iLength;           ///< The length of the data in the block
71 };
72 
73 struct BlockData
74 {
75     char *fileName;
76     uint8_t *pointer;
77     FILE *file;
78     bool tempFile;
79 #ifdef _MSC_VER
80 	HANDLE mfileHandle;
81 	HANDLE mapHandle;
82 #endif
83 };
84 
85 /** Data Block
86  */
87 struct Block
88 {
89     struct BlockId *pId;       ///< Block ID
90     struct BlockId *pParentId;  ///< Parent Block ID
91     struct Block *pParentBlock;
92     struct List *pMetaDataList;  ///< Meta Data List
93     struct BlockData data;
94 };
95 
96 /** Block Pool Item Data
97  */
98 struct BlockPoolData
99 {
100     uint32_t iLength;           ///< Size of data block
101     int iFlags;                 ///< Data Block Flags
102     struct BlockData data;
103     struct BlockPoolData *pNext;    ///< Next item in the chain
104 };
105 
106 /** Block Pool Item
107  */
108 struct BlockPoolItem
109 {
110     struct Mutex *mutex;                              ///< Item lock <- Why is it brown.
111     uint32_t iStatus;                                   ///< Status Flags
112     struct BlockPoolData *pDataHead;                    ///< Head Item
113     struct BlockPoolData *pDataTail;                    ///< Tail Item
114     void (*submittedCallback) (struct BlockPoolItem *); ///< Post submission callback
115     struct Event *pEvent;
116     void *userData;
117 };
118 
119 
120 struct EventId
121 {
122     uuid_t uuidNuggetId;            ///< Id of the nugget creating the event
123     uint64_t iSeconds;              ///< Time Stamp
124     uint64_t iNanoSecs;             ///< Time Stamp
125 
126 };
127 
128 /** Event
129  */
130 struct Event
131 {
132     struct EventId *pId;            ///< The event id.
133     struct EventId *pParentId;      ///< The parent event id.
134     struct Event *pParent;      ///< The parent event
135     uuid_t uuidApplicationType;     ///< Application Type
136     struct Block *pBlock;           ///< The data block
137     struct List *pMetaDataList; ///< Meta Data List
138 };
139 
140 struct Judgment
141 {
142     uuid_t uuidNuggetId;            ///< The nugget submitting
143     uint64_t iSeconds;              ///< Time Stamp
144     uint64_t iNanoSecs;             ///< Time Stamp
145     struct EventId *pEventId;       ///< Event Id
146     struct BlockId *pBlockId;       ///< Block Id
147     uint8_t iPriority;              ///< Meh, Dodgy, YF, YRF
148     struct List *pMetaDataList; ///< Meta Data List
149     uint32_t iGID;                  ///< The GID
150     uint32_t iSID;                  ///< The SID
151     uint32_t Set_SfFlags;           ///< The blocks Sourcefire flags
152     uint32_t Set_EntFlags;          ///< The blocks enterprise flags
153     uint32_t Unset_SfFlags;         ///< The blocks Sourcefire flags
154     uint32_t Unset_EntFlags;        ///< The blocks enterprise flags
155     uint8_t *sMessage;              ///< The message
156 
157 };
158 struct Nugget
159 {
160     uuid_t uuidNuggetId;
161     uuid_t uuidApplicationType;
162     uuid_t uuidNuggetType;
163     char *sName;
164     char *sLocation;
165     char *sContact;
166     char *sNotes;
167 };
168 
169 /** Defered Data Block List
170  */
171 struct DeferredList
172 {
173     uint8_t stuff;
174 };
175 
176 
177 #define SF_FLAG_GOOD        0x00000001
178 #define SF_FLAG_BAD         0x00000002
179 #define SF_FLAG_WHITE_LIST  0x00000004
180 #define SF_FLAG_BLACK_LIST  0x00000008
181 #define SF_FLAG_DIRTY       0x00000010
182 #define SF_FLAG_CANHAZ      0x00000020
183 #define SF_FLAG_PROCESSING  0x00000040
184 // Duplication Intended
185 #define SF_FLAG_DODGY       0x00000080
186 #define SF_FLAG_SUSPICIOUS  0x00000080
187 
188 #define SF_FLAG_ALL         0xffffffff
189 
190 
191 #define JUDGMENT_REASON_DONE 0
192 #define JUDGMENT_REASON_ALERT 1
193 #define JUDGMENT_REASON_ERROR 2
194 #define JUDGMENT_REASON_DEFERRED 3
195 #define JUDGMENT_REASON_PENDING 4
196 
197 #define TRANSFER_METHOD_FILE 0
198 #define TRANSFER_METHOD_SSH 1
199 #define TRANSFER_METHOD_HTTP 2
200 
201 #define SUBMISSION_REASON_EVENT 0
202 #define SUBMISSION_REASON_REQUESTED 1
203 
204 #endif //RAZORBACK_TYPES_H
205