aux_tools.h

00001 /*
00002  * The Sleuth Kit
00003  * 
00004  * $Date: 2007/11/29 02:21:41 $
00005  */
00006 #ifndef _AUX_LIB_H
00007 #define _AUX_LIB_H
00008 
00009 #include <stdio.h>
00010 #include <stdlib.h>
00011 
00012 #include "tsk_os.h"
00013 
00014 #if !defined (TSK_WIN32)
00015 #include <sys/param.h>
00016 #endif
00017 
00018 #ifdef __cplusplus
00019 extern "C" {
00020 #endif
00021 
00022 
00023     extern char *tsk_malloc(size_t);
00024     extern char *tsk_realloc(char *, size_t);
00025     extern char *tsk_strdup(const char *);
00026 
00027     extern char *tsk_split_at(char *, int);
00028     extern char *tsk_split_at_right(char *, int);
00029 
00030 /* printf macros - if the OS does not have inttypes.h yet */
00031 
00032 #ifndef PRIx64
00033 #define PRIx64 "llx"
00034 #endif
00035 
00036 #ifndef PRIX64
00037 #define PRIX64 "llX"
00038 #endif
00039 
00040 #ifndef PRIu64
00041 #define PRIu64 "llu"
00042 #endif
00043 
00044 #ifndef PRId64
00045 #define PRId64 "lld"
00046 #endif
00047 
00048 #ifndef PRIo64
00049 #define PRIo64 "llo"
00050 #endif
00051 
00052 #ifndef PRIx32
00053 #define PRIx32 "x"
00054 #endif
00055 
00056 #ifndef PRIX32
00057 #define PRIX32 "X"
00058 #endif
00059 
00060 #ifndef PRIu32
00061 #define PRIu32 "u"
00062 #endif
00063 
00064 #ifndef PRId32
00065 #define PRId32 "d"
00066 #endif
00067 
00068 #ifndef PRIx16
00069 #define PRIx16 "hx"
00070 #endif
00071 
00072 #ifndef PRIX16
00073 #define PRIX16 "hX"
00074 #endif
00075 
00076 #ifndef PRIu16
00077 #define PRIu16 "hu"
00078 #endif
00079 
00080 #ifndef PRIu8
00081 #define PRIu8 "hhu"
00082 #endif
00083 
00084 #ifndef PRIx8
00085 #define PRIx8 "hhx"
00086 #endif
00087 
00088 
00089 
00090     typedef unsigned long ULONG;
00091     typedef unsigned long long ULLONG;
00092     typedef unsigned char UCHAR;
00093 
00094 #ifndef rounddown
00095 #define rounddown(x, y) \
00096     ((((x) % (y)) == 0) ? (x) : \
00097     (roundup((x),(y)) - (y)))
00098 #endif
00099 
00100 
00101 /* Standard local variable sizes */
00102 
00103 // Metadata - inode number
00104     typedef uint64_t INUM_T;
00105 #define PRIuINUM        PRIu64
00106 #define PRIxINUM        PRIx64
00107 #define PRIdINUM        PRId64
00108 
00109 // Disk sector / block address
00110     typedef uint64_t DADDR_T;
00111 #define PRIuDADDR   PRIu64
00112 #define PRIxDADDR   PRIx64
00113 #define PRIdDADDR   PRId64
00114 
00115 // Byte offset
00116     typedef uint64_t OFF_T;
00117 #define PRIuOFF         PRIu64
00118 #define PRIxOFF         PRIx64
00119 #define PRIdOFF         PRId64
00120 
00121 #if !defined (_WIN32) && !defined(__WIN32__)
00122     typedef int64_t SSIZE_T;
00123 #endif
00124 
00125 #define PRIuSSIZE               PRIu64
00126 #define PRIxSSIZE               PRIx64
00127 #define PRIdSSIZE               PRId64
00128 
00129 // Partition Number
00130     typedef uint32_t PNUM_T;
00131 #define PRIuPNUM        PRIu32
00132 #define PRIxPNUM        PRIx32
00133 #define PRIdPNUM        PRId32
00134 
00135 
00136     extern void tsk_print_version(FILE *);
00137     extern char *tskGetVersion();
00138     extern SSIZE_T tsk_parse_offset(TSK_TCHAR *);
00139     extern int tsk_parse_inum(const TSK_TCHAR * str, INUM_T *, uint32_t *,
00140         uint16_t *, int *);
00141 
00142 
00143 /* 
00144  * ** Dealing with endian differences
00145  * */
00146 
00147 #define TSK_LIT_ENDIAN  0x01
00148 #define TSK_BIG_ENDIAN  0x02
00149 
00150 /* macros to read in multi-byte fields
00151  * file system is an array of 8-bit values, not 32-bit values
00152  */
00153     extern uint8_t tsk_guess_end_u16(uint8_t *, uint8_t *, uint16_t);
00154     extern uint8_t tsk_guess_end_u32(uint8_t *, uint8_t *, uint32_t);
00155 
00156 /* 16-bit values */
00157 #define tsk_getu16(flag, x)   \
00158     (uint16_t)(((flag) & TSK_LIT_ENDIAN) ? \
00159           (((uint8_t *)(x))[0] + (((uint8_t *)(x))[1] << 8)) :    \
00160           (((uint8_t *)(x))[1] + (((uint8_t *)(x))[0] << 8)) )
00161 
00162 #define tsk_gets16(flag, x)     \
00163         ((int16_t)tsk_getu16(flag, x))
00164 
00165 /* 32-bit values */
00166 #define tsk_getu32(flag, x)     \
00167         (uint32_t)( ((flag) & TSK_LIT_ENDIAN)  ?        \
00168      ((((uint8_t *)(x))[0] <<  0) + \
00169           (((uint8_t *)(x))[1] <<  8) + \
00170           (((uint8_t *)(x))[2] << 16) + \
00171           (((uint8_t *)(x))[3] << 24) ) \
00172         :       \
00173          ((((uint8_t *)(x))[3] <<  0) + \
00174           (((uint8_t *)(x))[2] <<  8) + \
00175           (((uint8_t *)(x))[1] << 16) + \
00176           (((uint8_t *)(x))[0] << 24) ) )
00177 
00178 #define tsk_gets32(flag, x)     \
00179         ((int32_t)tsk_getu32(flag, x))
00180 
00181 #define tsk_getu48(flag, x)   \
00182         (uint64_t)( ((flag) & TSK_LIT_ENDIAN)  ?        \
00183       ((uint64_t) \
00184           ((uint64_t)((uint8_t *)(x))[0] <<  0)+ \
00185           ((uint64_t)((uint8_t *)(x))[1] <<  8) + \
00186       ((uint64_t)((uint8_t *)(x))[2] << 16) + \
00187           ((uint64_t)((uint8_t *)(x))[3] << 24) + \
00188       ((uint64_t)((uint8_t *)(x))[4] << 32) + \
00189       ((uint64_t)((uint8_t *)(x))[5] << 40)) \
00190         : \
00191       ((uint64_t) \
00192           ((uint64_t)((uint8_t *)(x))[5] <<  0)+ \
00193           ((uint64_t)((uint8_t *)(x))[4] <<  8) + \
00194       ((uint64_t)((uint8_t *)(x))[3] << 16) + \
00195           ((uint64_t)((uint8_t *)(x))[2] << 24) + \
00196       ((uint64_t)((uint8_t *)(x))[1] << 32) + \
00197       ((uint64_t)((uint8_t *)(x))[0] << 40)) )
00198 
00199 
00200 #define tsk_getu64(flag, x)   \
00201         (uint64_t)( ((flag) & TSK_LIT_ENDIAN)  ?        \
00202       ((uint64_t) \
00203           ((uint64_t)((uint8_t *)(x))[0] << 0)  + \
00204           ((uint64_t)((uint8_t *)(x))[1] << 8) + \
00205       ((uint64_t)((uint8_t *)(x))[2] << 16) + \
00206           ((uint64_t)((uint8_t *)(x))[3] << 24) + \
00207       ((uint64_t)((uint8_t *)(x))[4] << 32) + \
00208       ((uint64_t)((uint8_t *)(x))[5] << 40) + \
00209       ((uint64_t)((uint8_t *)(x))[6] << 48) + \
00210       ((uint64_t)((uint8_t *)(x))[7] << 56)) \
00211         : \
00212       ((uint64_t) \
00213           ((uint64_t)((uint8_t *)(x))[7] <<  0) + \
00214           ((uint64_t)((uint8_t *)(x))[6] <<  8) + \
00215       ((uint64_t)((uint8_t *)(x))[5] << 16) + \
00216           ((uint64_t)((uint8_t *)(x))[4] << 24) + \
00217       ((uint64_t)((uint8_t *)(x))[3] << 32) + \
00218       ((uint64_t)((uint8_t *)(x))[2] << 40) + \
00219       ((uint64_t)((uint8_t *)(x))[1] << 48) + \
00220       ((uint64_t)((uint8_t *)(x))[0] << 56)) )
00221 
00222 #define tsk_gets64(flag, x)     \
00223         ((int64_t)tsk_getu64(flag, x))
00224 
00225 
00226 
00227 
00228 
00229 /*********** RETURN VALUES ************/
00230 
00231     /* Flags for the return value of walk actions */
00232 #define TSK_WALK_CONT   0x0
00233 #define TSK_WALK_STOP   0x1
00234 #define TSK_WALK_ERROR  0x2
00235 
00236 
00237 
00238 /************ ERROR HANDLING *************/
00239     extern int tsk_verbose;
00240 
00241 #define TSK_ERRSTR_L    512
00242 #define TSK_ERRSTR_PR_L (TSK_ERRSTR_L << 2)
00243 
00244     extern uint32_t tsk_errno;
00245     extern char tsk_errstr[TSK_ERRSTR_L];
00246     extern char tsk_errstr2[TSK_ERRSTR_L];
00247     extern char tsk_errstr_print[TSK_ERRSTR_PR_L];
00248 
00249     extern char *tsk_error_get();
00250     extern void tsk_error_print(FILE *);
00251     extern void tsk_error_reset();
00252 
00253 #define TSK_ERR_AUX     0x01000000
00254 #define TSK_ERR_IMG     0x02000000
00255 #define TSK_ERR_MM      0x04000000
00256 #define TSK_ERR_FS      0x08000000
00257 #define TSK_ERR_HDB     0x10000000
00258 #define TSK_ERR_MASK    0x00ffffff
00259 
00260 #define TSK_ERR_AUX_MALLOC      (TSK_ERR_AUX | 0)
00261 #define TSK_ERR_AUX_MAX         2
00262 
00263 #define TSK_ERR_IMG_NOFILE      (TSK_ERR_IMG | 0)
00264 #define TSK_ERR_IMG_OFFSET      (TSK_ERR_IMG | 1)
00265 #define TSK_ERR_IMG_UNKTYPE     (TSK_ERR_IMG | 2)
00266 #define TSK_ERR_IMG_UNSUPTYPE   (TSK_ERR_IMG | 3)
00267 #define TSK_ERR_IMG_OPEN        (TSK_ERR_IMG | 4)
00268 #define TSK_ERR_IMG_STAT        (TSK_ERR_IMG | 5)
00269 #define TSK_ERR_IMG_SEEK        (TSK_ERR_IMG | 6)
00270 #define TSK_ERR_IMG_READ        (TSK_ERR_IMG | 7)
00271 #define TSK_ERR_IMG_READ_OFF    (TSK_ERR_IMG | 8)
00272 #define TSK_ERR_IMG_LAYERS      (TSK_ERR_IMG | 9)
00273 #define TSK_ERR_IMG_MAGIC       (TSK_ERR_IMG | 10)
00274 #define TSK_ERR_IMG_WRITE       (TSK_ERR_IMG | 11)
00275 #define TSK_ERR_IMG_MAX         12
00276 
00277 #define TSK_ERR_MM_UNKTYPE      (TSK_ERR_MM | 0)
00278 #define TSK_ERR_MM_UNSUPTYPE    (TSK_ERR_MM | 1)
00279 #define TSK_ERR_MM_READ         (TSK_ERR_MM | 2)
00280 #define TSK_ERR_MM_MAGIC        (TSK_ERR_MM | 3)
00281 #define TSK_ERR_MM_WALK_RNG     (TSK_ERR_MM | 4)
00282 #define TSK_ERR_MM_BUF          (TSK_ERR_MM | 5)
00283 #define TSK_ERR_MM_BLK_NUM      (TSK_ERR_MM | 6)
00284 #define TSK_ERR_MM_MAX          7
00285 
00286 #define TSK_ERR_FS_UNKTYPE      (TSK_ERR_FS | 0)
00287 #define TSK_ERR_FS_UNSUPTYPE    (TSK_ERR_FS | 1)
00288 #define TSK_ERR_FS_FUNC         (TSK_ERR_FS | 2)
00289 #define TSK_ERR_FS_WALK_RNG     (TSK_ERR_FS | 3)
00290 #define TSK_ERR_FS_READ         (TSK_ERR_FS | 4)
00291 #define TSK_ERR_FS_ARG          (TSK_ERR_FS | 5)
00292 #define TSK_ERR_FS_BLK_NUM      (TSK_ERR_FS | 6)
00293 #define TSK_ERR_FS_INODE_NUM    (TSK_ERR_FS | 7)
00294 #define TSK_ERR_FS_INODE_INT    (TSK_ERR_FS | 8)
00295 #define TSK_ERR_FS_MAGIC        (TSK_ERR_FS | 9)
00296 #define TSK_ERR_FS_FWALK        (TSK_ERR_FS | 10)
00297 #define TSK_ERR_FS_WRITE        (TSK_ERR_FS | 11)
00298 #define TSK_ERR_FS_UNICODE      (TSK_ERR_FS | 12)
00299 #define TSK_ERR_FS_RECOVER      (TSK_ERR_FS | 13)
00300 #define TSK_ERR_FS_GENFS        (TSK_ERR_FS | 14)
00301 #define TSK_ERR_FS_CORRUPT      (TSK_ERR_FS | 15)
00302 #define TSK_ERR_FS_MAX          16
00303 
00304 
00305 #define TSK_ERR_HDB_UNKTYPE     (TSK_ERR_HDB | 0)
00306 #define TSK_ERR_HDB_UNSUPTYPE   (TSK_ERR_HDB | 1)
00307 #define TSK_ERR_HDB_READDB      (TSK_ERR_HDB | 2)
00308 #define TSK_ERR_HDB_READIDX     (TSK_ERR_HDB | 3)
00309 #define TSK_ERR_HDB_ARG         (TSK_ERR_HDB | 4)
00310 #define TSK_ERR_HDB_WRITE       (TSK_ERR_HDB | 5)
00311 #define TSK_ERR_HDB_CREATE      (TSK_ERR_HDB | 6)
00312 #define TSK_ERR_HDB_DELETE      (TSK_ERR_HDB | 7)
00313 #define TSK_ERR_HDB_MISSING     (TSK_ERR_HDB | 8)
00314 #define TSK_ERR_HDB_PROC        (TSK_ERR_HDB | 9)
00315 #define TSK_ERR_HDB_OPEN        (TSK_ERR_HDB | 10)
00316 #define TSK_ERR_HDB_CORRUPT     (TSK_ERR_HDB | 11)
00317 #define TSK_ERR_HDB_MAX         12
00318 
00319 
00320 // Return values
00321 typedef enum {
00322     TSK_OK,     
00323     TSK_ERR,    
00324     TSK_COR     
00325 } TSK_RETVAL_ENUM;
00326 
00327 /************* DATA BUF ******************/
00328     typedef struct TSK_DATA_BUF TSK_DATA_BUF;
00329 
00330     struct TSK_DATA_BUF {
00331         char *data;             /* buffer memory */
00332         size_t size;            /* buffer size */
00333         size_t used;            /* amount of space used */
00334         DADDR_T addr;           /* start block */
00335     };
00336 
00337     extern TSK_DATA_BUF *tsk_data_buf_alloc(size_t);
00338     extern void tsk_data_buf_free(TSK_DATA_BUF *);
00339 
00340 
00341     // basic check to see if a Unicode file has been included 
00342     // in an app that is using this as a library
00343 #ifndef TSK_UNI_REPLACEMENT_CHAR
00344 
00345 /**************** UNICODE *******************/
00346 /*
00347  * Copyright 2001-2004 Unicode, Inc.
00348  * 
00349  * Disclaimer
00350  * 
00351  * This source code is provided as is by Unicode, Inc. No claims are
00352  * made as to fitness for any particular purpose. No warranties of any
00353  * kind are expressed or implied. The recipient agrees to determine
00354  * applicability of information provided. If this file has been
00355  * purchased on magnetic or optical media from Unicode, Inc., the
00356  * sole remedy for any claim will be exchange of defective media
00357  * within 90 days of receipt.
00358  * 
00359  * Limitations on Rights to Redistribute This Code
00360  * 
00361  * Unicode, Inc. hereby grants the right to freely use the information
00362  * supplied in this file in the creation of products supporting the
00363  * Unicode Standard, and to make copies of this file in any form
00364  * for internal or external distribution as long as this notice
00365  * remains attached.
00366  */
00367 
00368 /* ---------------------------------------------------------------------
00369 
00370     Conversions between UTF32, UTF-16, and UTF-8.  Header file.
00371 
00372     Several funtions are included here, forming a complete set of
00373     conversions between the three formats.  UTF-7 is not included
00374     here, but is handled in a separate source file.
00375 
00376     Each of these routines takes pointers to input buffers and output
00377     buffers.  The input buffers are const.
00378 
00379     Each routine converts the text between *sourceStart and sourceEnd,
00380     putting the result into the buffer between *targetStart and
00381     targetEnd. Note: the end pointers are *after* the last item: e.g. 
00382     *(sourceEnd - 1) is the last item.
00383 
00384     The return result indicates whether the conversion was successful,
00385     and if not, whether the problem was in the source or target buffers.
00386     (Only the first encountered problem is indicated.)
00387 
00388     After the conversion, *sourceStart and *targetStart are both
00389     updated to point to the end of last text successfully converted in
00390     the respective buffers.
00391 
00392     Input parameters:
00393         sourceStart - pointer to a pointer to the source buffer.
00394                 The contents of this are modified on return so that
00395                 it points at the next thing to be converted.
00396         targetStart - similarly, pointer to pointer to the target buffer.
00397         sourceEnd, targetEnd - respectively pointers to the ends of the
00398                 two buffers, for overflow checking only.
00399 
00400     These conversion functions take a TSKConversionFlags argument. When this
00401     flag is set to strict, both irregular sequences and isolated surrogates
00402     will cause an error.  When the flag is set to lenient, both irregular
00403     sequences and isolated surrogates are converted.
00404 
00405     Whether the flag is strict or lenient, all illegal sequences will cause
00406     an error return. This includes sequences such as: <F4 90 80 80>, <C0 80>,
00407     or <A0> in UTF-8, and values above 0x10FFFF in UTF-32. Conformant code
00408     must check for illegal sequences.
00409 
00410     When the flag is set to lenient, characters over 0x10FFFF are converted
00411     to the replacement character; otherwise (when the flag is set to strict)
00412     they constitute an error.
00413 
00414     Output parameters:
00415         The value "TSKsourceIllegal" is returned from some routines if the input
00416         sequence is malformed.  When "TSKsourceIllegal" is returned, the source
00417         value will point to the illegal value that caused the problem. E.g.,
00418         in UTF-8 when a sequence is malformed, it points to the start of the
00419         malformed sequence.  
00420 
00421     Author: Mark E. Davis, 1994.
00422     Rev History: Rick McGowan, fixes & updates May 2001.
00423                  Fixes & updates, Sept 2001.
00424 
00425 ------------------------------------------------------------------------ */
00426 
00427 /* ---------------------------------------------------------------------
00428     The following 4 definitions are compiler-specific.
00429     The C standard does not guarantee that wchar_t has at least
00430     16 bits, so wchar_t is no less portable than unsigned short!
00431     All should be unsigned values to avoid sign extension during
00432     bit mask & shift operations.
00433 ------------------------------------------------------------------------ */
00434 
00435 #define TSK_IS_CNTRL(x) \
00436     (((x) < 0x20) && ((x) >= 0x00))
00437 
00438     typedef unsigned long UTF32;        /* at least 32 bits */
00439     typedef unsigned short UTF16;       /* at least 16 bits */
00440     typedef unsigned char UTF8; /* typically 8 bits */
00441     typedef unsigned char Boolean;      /* 0 or 1 */
00442 
00443 /* Some fundamental constants */
00444 #define TSK_UNI_REPLACEMENT_CHAR (UTF32)0x0000FFFD
00445 #define TSK_UNI_MAX_BMP (UTF32)0x0000FFFF
00446 #define TSK_UNI_MAX_UTF16 (UTF32)0x0010FFFF
00447 #define TSK_UNI_MAX_UTF32 (UTF32)0x7FFFFFFF
00448 #define TSK_UNI_MAX_LEGAL_UTF32 (UTF32)0x0010FFFF
00449 
00450     typedef enum {
00451         TSKconversionOK,        /* conversion successful */
00452         TSKsourceExhausted,     /* partial character in source, but hit end */
00453         TSKtargetExhausted,     /* insuff. room in target for conversion */
00454         TSKsourceIllegal        /* source sequence is illegal/malformed */
00455     } TSKConversionResult;
00456 
00457     typedef enum {
00458         TSKstrictConversion = 0,
00459         TSKlenientConversion
00460     } TSKConversionFlags;
00461 
00462     TSKConversionResult tsk_UTF8toUTF16(const UTF8 ** sourceStart,
00463         const UTF8 * sourceEnd,
00464         UTF16 ** targetStart, UTF16 * targetEnd, TSKConversionFlags flags);
00465 
00466     TSKConversionResult tsk_UTF16toUTF8(uint16_t,
00467         const UTF16 ** sourceStart, const UTF16 * sourceEnd,
00468         UTF8 ** targetStart, UTF8 * targetEnd, TSKConversionFlags flags);
00469 
00470     Boolean tsk_isLegalUTF8Sequence(const UTF8 * source,
00471         const UTF8 * sourceEnd);
00472 
00473 #endif
00474 // getopt and windows stuff
00475 
00476 #ifdef TSK_WIN32
00477     extern int optind, opterr;
00478     extern TSK_TCHAR *optarg;
00479     int getopt(int argc, TSK_TCHAR * argv[], TSK_TCHAR * optstring);
00480 #endif
00481 
00482 
00483     extern void tsk_fprintf(FILE * fd, char *msg, ...);
00484     //extern void tsk_snprintf(WCHAR *wbuf, int wlen, char *msg, ...);
00485     extern void tsk_printf(char *msg, ...);
00486 
00487 
00488     typedef struct TSK_LIST TSK_LIST;
00489     struct TSK_LIST {
00490         TSK_LIST *next;
00491         uint64_t key;
00492         uint64_t len;
00493     };
00494 
00495     extern uint8_t tsk_list_add(TSK_LIST ** list, uint64_t key);
00496     extern uint8_t tsk_list_find(TSK_LIST * list, uint64_t key);
00497     extern void tsk_list_free(TSK_LIST * list);
00498 
00499 
00500 
00501 
00502 /*************************** HASH STUFF *********************/
00503 
00504 /* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All
00505 rights reserved.
00506 
00507 License to copy and use this software is granted provided that it
00508 is identified as the "RSA Data Security, Inc. MD5 Message-Digest
00509 Algorithm" in all material mentioning or referencing this software
00510 or this function.
00511 
00512 License is also granted to make and use derivative works provided
00513 that such works are identified as "derived from the RSA Data
00514 Security, Inc. MD5 Message-Digest Algorithm" in all material
00515 mentioning or referencing the derived work.
00516 
00517 RSA Data Security, Inc. makes no representations concerning either
00518 the merchantability of this software or the suitability of this
00519 software for any particular purpose. It is provided "as is"
00520 without express or implied warranty of any kind.
00521 
00522 These notices must be retained in any copies of any part of this
00523 documentation and/or software.
00524  */
00525 
00526 
00527 /* POINTER defines a generic pointer type */
00528     typedef unsigned char *POINTER;
00529 
00530 /* UINT2 defines a two byte word */
00531 //typedef unsigned short int UINT2;
00532     typedef uint16_t UINT2;
00533 
00534 /* UINT4 defines a four byte word */
00535     typedef uint32_t UINT4;
00536 
00537 /*
00538 #ifdef __alpha
00539 typedef unsigned int UINT4;
00540 #else
00541 typedef unsigned long int UINT4;
00542 #endif
00543 */
00544 
00545 
00546 /* Added for sha1 */
00547 /* BYTE defines a unsigned character */
00548     typedef uint8_t BYTE;
00549 
00550 #ifndef TRUE
00551 #define FALSE 0
00552 #define TRUE  ( !FALSE )
00553 #endif                          /* TRUE */
00554 
00555 
00556 
00557 /* MD5 context. */
00558     typedef struct {
00559         UINT4 state[4];         /* state (ABCD) */
00560         UINT4 count[2];         /* number of bits, modulo 2^64 (lsb first) */
00561         unsigned char buffer[64];       /* input buffer */
00562     } TSK_MD5_CTX;
00563 
00564     void TSK_MD5_Init(TSK_MD5_CTX *);
00565     void TSK_MD5_Update(TSK_MD5_CTX *, unsigned char *, unsigned int);
00566     void TSK_MD5_Final(unsigned char[16], TSK_MD5_CTX *);
00567 
00568 
00569 
00570 /* sha.h */
00571 
00572 /* The structure for storing SHS info */
00573 
00574     typedef struct {
00575         UINT4 digest[5];        /* Message digest */
00576         UINT4 countLo, countHi; /* 64-bit bit count */
00577         UINT4 data[16];         /* SHS data buffer */
00578         int Endianness;
00579     } TSK_SHA_CTX;
00580 
00581 /* Message digest functions */
00582 
00583     void TSK_SHA_Init(TSK_SHA_CTX *);
00584     void TSK_SHA_Update(TSK_SHA_CTX *, BYTE * buffer, int count);
00585     void TSK_SHA_Final(BYTE * output, TSK_SHA_CTX *);
00586 
00587 
00588 
00589 #ifdef __cplusplus
00590 }
00591 #endif
00592 #endif

Generated on Wed Nov 28 16:11:14 2007 for The Sleuth Kit (Incomplete) by  doxygen 1.5.1