1 /** @file types.h 2 * Razorback API data types. 3 */ 4 #ifndef RAZORBACK_TYPES_H 5 #define RAZORBACK_TYPES_H 6 7 8 #include <stdint.h> 9 #ifdef _MSC_VER 10 #include <WinSock2.h> 11 #include "safewindows.h" 12 #define bool BOOL 13 #define true TRUE 14 #define false FALSE 15 #else //_MSC_VER 16 #include <stdbool.h> 17 #include <unistd.h> 18 #endif //_MSC_VER 19 #include <uuid/uuid.h> 20 #include <stdlib.h> 21 #include <openssl/evp.h> 22 23 #include <razorback/list.h> 24 25 #define UUID_STRING_LENGTH 37 ///< The size of a UUID String including the null 26 27 typedef enum 28 { 29 R_SUCCESS = 0, 30 R_ERROR = 1, 31 R_FOUND = 2, 32 R_NOT_FOUND = 3, 33 } Lookup_Result; 34 35 /** Hash types 36 * @{ 37 */ 38 #define HASH_TYPE_MD5 1 ///< MD5 Hash 39 #define HASH_TYPE_SHA1 2 ///< SHA-1 Hash 40 #define HASH_TYPE_SHA224 3 ///< SHA224 Hash 41 #define HASH_TYPE_SHA256 4 ///< SHA256 Hash 42 #define HASH_TYPE_SHA512 5 ///< SHA512 Hash 43 /// @} 44 45 /** Hash Flags 46 * @{ 47 */ 48 #define HASH_FLAG_FINAL 0x00000001 ///< Hash has been finalized. 49 /// @} 50 51 /** Block Hash 52 * utilize various algorithms, eg. MD5, SHA256, etc. to uniquely identify block of data. 53 */ 54 struct Hash 55 { 56 uint32_t iType; ///< The hash Type. 57 uint32_t iSize; ///< size of the data stored, must be the same for all hashes in system 58 uint8_t *pData; ///< actual data of the hash 59 EVP_MD_CTX *CTX; ///< Private hash data. 60 uint32_t iFlags; ///< Hash Flags. 61 }; 62 63 /** Data Block ID 64 * If iLength is zero we dont have the block just the hash. 65 */ 66 struct BlockId 67 { 68 struct Hash *pHash; ///< The hash of the block 69 uuid_t uuidDataType; ///< The UUID of the data type in the block 70 uint64_t iLength; ///< The length of the data in the block 71 }; 72 73 struct BlockData 74 { 75 char *fileName; 76 uint8_t *pointer; 77 FILE *file; 78 bool tempFile; 79 #ifdef _MSC_VER 80 HANDLE mfileHandle; 81 HANDLE mapHandle; 82 #endif 83 }; 84 85 /** Data Block 86 */ 87 struct Block 88 { 89 struct BlockId *pId; ///< Block ID 90 struct BlockId *pParentId; ///< Parent Block ID 91 struct Block *pParentBlock; 92 struct List *pMetaDataList; ///< Meta Data List 93 struct BlockData data; 94 }; 95 96 /** Block Pool Item Data 97 */ 98 struct BlockPoolData 99 { 100 uint32_t iLength; ///< Size of data block 101 int iFlags; ///< Data Block Flags 102 struct BlockData data; 103 struct BlockPoolData *pNext; ///< Next item in the chain 104 }; 105 106 /** Block Pool Item 107 */ 108 struct BlockPoolItem 109 { 110 struct Mutex *mutex; ///< Item lock <- Why is it brown. 111 uint32_t iStatus; ///< Status Flags 112 struct BlockPoolData *pDataHead; ///< Head Item 113 struct BlockPoolData *pDataTail; ///< Tail Item 114 void (*submittedCallback) (struct BlockPoolItem *); ///< Post submission callback 115 struct Event *pEvent; 116 void *userData; 117 }; 118 119 120 struct EventId 121 { 122 uuid_t uuidNuggetId; ///< Id of the nugget creating the event 123 uint64_t iSeconds; ///< Time Stamp 124 uint64_t iNanoSecs; ///< Time Stamp 125 126 }; 127 128 /** Event 129 */ 130 struct Event 131 { 132 struct EventId *pId; ///< The event id. 133 struct EventId *pParentId; ///< The parent event id. 134 struct Event *pParent; ///< The parent event 135 uuid_t uuidApplicationType; ///< Application Type 136 struct Block *pBlock; ///< The data block 137 struct List *pMetaDataList; ///< Meta Data List 138 }; 139 140 struct Judgment 141 { 142 uuid_t uuidNuggetId; ///< The nugget submitting 143 uint64_t iSeconds; ///< Time Stamp 144 uint64_t iNanoSecs; ///< Time Stamp 145 struct EventId *pEventId; ///< Event Id 146 struct BlockId *pBlockId; ///< Block Id 147 uint8_t iPriority; ///< Meh, Dodgy, YF, YRF 148 struct List *pMetaDataList; ///< Meta Data List 149 uint32_t iGID; ///< The GID 150 uint32_t iSID; ///< The SID 151 uint32_t Set_SfFlags; ///< The blocks Sourcefire flags 152 uint32_t Set_EntFlags; ///< The blocks enterprise flags 153 uint32_t Unset_SfFlags; ///< The blocks Sourcefire flags 154 uint32_t Unset_EntFlags; ///< The blocks enterprise flags 155 uint8_t *sMessage; ///< The message 156 157 }; 158 struct Nugget 159 { 160 uuid_t uuidNuggetId; 161 uuid_t uuidApplicationType; 162 uuid_t uuidNuggetType; 163 char *sName; 164 char *sLocation; 165 char *sContact; 166 char *sNotes; 167 }; 168 169 /** Defered Data Block List 170 */ 171 struct DeferredList 172 { 173 uint8_t stuff; 174 }; 175 176 177 #define SF_FLAG_GOOD 0x00000001 178 #define SF_FLAG_BAD 0x00000002 179 #define SF_FLAG_WHITE_LIST 0x00000004 180 #define SF_FLAG_BLACK_LIST 0x00000008 181 #define SF_FLAG_DIRTY 0x00000010 182 #define SF_FLAG_CANHAZ 0x00000020 183 #define SF_FLAG_PROCESSING 0x00000040 184 // Duplication Intended 185 #define SF_FLAG_DODGY 0x00000080 186 #define SF_FLAG_SUSPICIOUS 0x00000080 187 188 #define SF_FLAG_ALL 0xffffffff 189 190 191 #define JUDGMENT_REASON_DONE 0 192 #define JUDGMENT_REASON_ALERT 1 193 #define JUDGMENT_REASON_ERROR 2 194 #define JUDGMENT_REASON_DEFERRED 3 195 #define JUDGMENT_REASON_PENDING 4 196 197 #define TRANSFER_METHOD_FILE 0 198 #define TRANSFER_METHOD_SSH 1 199 #define TRANSFER_METHOD_HTTP 2 200 201 #define SUBMISSION_REASON_EVENT 0 202 #define SUBMISSION_REASON_REQUESTED 1 203 204 #endif //RAZORBACK_TYPES_H 205