Skip to content
Snippets Groups Projects
Commit e3be0f4b authored by U-BASIS\dsmyda's avatar U-BASIS\dsmyda
Browse files

Added SHA1 information in EWF images to the database.

parent 0931e420
No related branches found
No related tags found
No related merge requests found
......@@ -208,6 +208,7 @@ uint8_t
TskAutoDb::addImageDetails(const char* deviceId)
{
string md5 = "";
string sha1 = "";
#if HAVE_LIBEWF
if (m_img_info->itype == TSK_IMG_TYPE_EWF_EWF) {
// @@@ This should really probably be inside of a tsk_img_ method
......@@ -215,6 +216,9 @@ TskAutoDb::addImageDetails(const char* deviceId)
if (ewf_info->md5hash_isset) {
md5 = ewf_info->md5hash;
}
if (ewf_info->sha1hash_isset) {
sha1 = ewf_info->sha1hash;
}
}
#endif
......@@ -225,7 +229,7 @@ TskAutoDb::addImageDetails(const char* deviceId)
devId = "";
}
if (m_db->addImageInfo(m_img_info->itype, m_img_info->sector_size,
m_curImgId, m_curImgTZone, m_img_info->size, md5, "", "", devId)) {
m_curImgId, m_curImgTZone, m_img_info->size, md5, sha1, "", devId)) {
registerError();
return 1;
}
......
tsk/img/ewf.c 100644 → 100755
......@@ -406,6 +406,29 @@ ewf_open(int a_num_img,
}
ewf_info->md5hash_isset = result;
int sha1_result = libewf_handle_get_hash_value_sha1(ewf_info->handle,
(uint8_t *)ewf_info->sha1hash, 41, &ewf_error);
if (sha1_result == -1) {
tsk_error_reset();
tsk_error_set_errno(TSK_ERR_IMG_OPEN);
getError(ewf_error, error_string);
tsk_error_set_errstr("ewf_open file: %" PRIttocTSK
": Error getting MD5 of image (%s)", a_images[0],
error_string);
libewf_error_free(&ewf_error);
tsk_img_free(ewf_info);
if (tsk_verbose != 0) {
tsk_fprintf(stderr, "Error getting size of EWF file\n");
}
return (NULL);
}
ewf_info->sha1hash_isset = result;
#else // V1 API
// Check the file signature before we call the library open
......
tsk/img/ewf.h 100644 → 100755
......@@ -38,6 +38,8 @@ extern "C" {
libewf_handle_t *handle;
char md5hash[33];
int md5hash_isset;
char sha1hash[41];
int sha1hash_isset;
uint8_t used_ewf_glob; // 1 if libewf_glob was used during open
tsk_lock_t read_lock; ///< Lock for reads since libewf is not thread safe -- only works if you have a single instance of EWF_INFO for all threads.
} IMG_EWF_INFO;
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment