2 Algorithm
, CandidateHash
, CandidateHashes
, Hash
, MatchLevel
, MessageLevel
, Opt
, Verification
,
5 #[cfg(feature = "paste")]
6 use copypasta
::{ClipboardContext
, ClipboardProvider
};
9 use std
::io
::prelude
::*;
10 use std
::io
::BufReader
;
13 /// Calculate a list of candidate hashes based on the options specified.
14 /// If no hash options have been specified returns None.
15 /// It is assumed to be verified previously that at most one mode has been specified.
16 pub fn get_candidate_hashes(opt
: &Opt
) -> Result
<Option
<CandidateHashes
>, String
> {
17 if let Some(hash_string
) = &opt
.hash
{
18 return Ok(Some(get_by_parameter(hash_string
)?
));
19 } else if opt
.get_paste() {
20 return Ok(Some(get_from_clipboard()?
));
21 } else if let Some(hash_file
) = &opt
.hash_file
{
22 return Ok(Some(get_from_file(hash_file
)?
));
27 /// Generate a candidate hash from the provided command line parameter, or throw an error.
28 fn get_by_parameter(param
: &str) -> Result
<CandidateHashes
, String
> {
30 hex
::decode(¶m
).map_err(|_
| "Provided hash is invalid or truncated hex".to_owned())?
;
31 let alg
= Algorithm
::from_len(bytes
.len())?
;
32 let candidate
= CandidateHash
{
38 hashes
: vec
![candidate
],
39 source
: VerificationSource
::CommandArgument
,
43 /// Generate a candidate hash from the system clipboard, or throw an error.
44 fn get_from_clipboard() -> Result
<CandidateHashes
, String
> {
45 #[cfg(feature = "paste")]
47 let mut ctx
: ClipboardContext
= match ClipboardContext
::new() {
49 Err(e
) => return Err(format
!("Error getting system clipboard: {}", e
)),
52 let possible_hash
= match ctx
.get_contents() {
54 Err(e
) => format
!("Error reading from clipboard: {}", e
),
57 let bytes
= hex
::decode(&possible_hash
)
58 .map_err(|_
| "Clipboard contains invalid or truncated hex".to_owned())?
;
59 let alg
= Algorithm
::from_len(bytes
.len())?
;
60 let candidate
= CandidateHash
{
64 return Ok(CandidateHashes
{
66 hashes
: vec
![candidate
],
67 source
: VerificationSource
::Clipboard
,
70 #[cfg(not(feature = "paste"))]
72 return Err("Paste not implemented".to_owned());
76 /// Generate a candidate hash from the digests file specified (could be "-" for STDIN), or throw an error.
77 fn get_from_file(path
: &Path
) -> Result
<CandidateHashes
, String
> {
78 // Get a reader for either standard input or the chosen path
79 let reader
: Box
<dyn Read
> = if path
.to_str() == Some("-") {
80 Box
::new(std
::io
::stdin())
82 Box
::new(File
::open(path
).map_err(|_
| {
84 "Unable to open check file at path '{}'",
85 path
.to_string_lossy()
90 // Read the first line, trimmed
91 let mut reader
= BufReader
::new(reader
);
92 let mut line
= String
::new();
95 .map_err(|_
| "Error reading from check file".to_owned())?
;
96 let line
= line
.trim().to_owned();
98 // Does our first line look like a raw hash on its own? If so, use that
99 if let Some(candidate
) = read_raw_candidate_from_file(&line
, &path
) {
100 return Ok(candidate
);
103 // Maybe it's a digests file
104 // Reconstruct the full iterator by joining our already-read line with the others
105 let full_lines
= vec
![Ok(line
)].into
_iter
().chain(reader
.lines());
107 // Does the entire file look like a coreutils-style digests file? (SHA1SUMS, etc.)
108 if let Some(candidate
) = read_coreutils_digests_from_file(full_lines
, &path
) {
109 return Ok(candidate
);
112 // If neither of these techniques worked this is a fatal error
113 // The user requested we use this input but we couldn't
115 "Provided check file '{}' was neither a hash nor a valid digests file",
116 path
.to_string_lossy()
120 fn try_parse_hash(s
: &str) -> Option
<(Algorithm
, Vec
<u8>)> {
121 let bytes
= match hex
::decode(s
.trim()) {
125 let alg
= match Algorithm
::from_len(bytes
.len()) {
132 fn read_raw_candidate_from_file(line
: &str, path
: &Path
) -> Option
<CandidateHashes
> {
133 let (alg
, bytes
) = try_parse_hash(line
)?
;
134 Some(CandidateHashes
{
136 source
: VerificationSource
::RawFile(path
.to_string_lossy().to_string()),
137 hashes
: vec
![CandidateHash
{
144 fn read_coreutils_digests_from_file
<I
, S
>(lines
: I
, path
: &Path
) -> Option
<CandidateHashes
>
146 I
: Iterator
<Item
= io
::Result
<S
>>,
149 let mut hashes
= vec
![];
150 let mut alg
: Option
<Algorithm
> = None
;
153 let l
= l
.as_ref().trim();
154 // Allow (ignore) blank lines
159 // <valid-hash><space><space-or-*><filename>
160 let (line_alg
, bytes
, filename
) = match l
162 .and_then(|space_pos
| {
163 // Char before filename should be space for text or * for binary
164 match l
.chars().nth(space_pos
+ 1) {
165 Some(' '
) | Some('
*'
) => (l
.get(..space_pos
)).zip(l
.get(space_pos
+ 2..)),
169 .and_then(|(maybe_hash
, filename
)| {
170 // Filename should be in this position without extra whitespace
171 if filename
.trim() == filename
{
172 try_parse_hash(maybe_hash
).map(|(alg
, bytes
)| (alg
, bytes
, filename
))
179 // if we have a line with content we cannot parse, this is an error
183 if alg
.is
_some
() && alg
!= Some(line_alg
) {
184 // Different algorithms in the same digest file are not supported
187 // If we are the first line, we define the overall algorithm
188 alg
= Some(line_alg
);
190 // So far so good - create an entry for this line
191 hashes
.push(CandidateHash
{
193 filename
: Some(filename
.to_owned()),
198 // It is a failure if we got zero hashes or we somehow don't know the algorithm
199 if hashes
.is
_empty
() {
202 let alg
= match alg
{
207 // Otherwise all is well and we can return our results
208 Some(CandidateHashes
{
210 source
: VerificationSource
::DigestsFile(path
.to_string_lossy().to_string()),
215 /// Determine if the calculated hash matches any of the candidates.
217 /// Ok result: the hash matches, and if the candidate has a filename, that matches too
218 /// Maybe result: the hash matches but the filename does not
219 /// Fail result: neither of the above
220 pub fn verify_hash
<'a
>(calculated
: &Hash
, candidates
: &'a CandidateHashes
) -> Verification
<'a
> {
221 let mut ok
: Option
<&CandidateHash
> = None
;
222 let mut maybe
: Option
<&CandidateHash
> = None
;
223 let mut messages
= Vec
::new();
225 for candidate
in &candidates
.hashes
{
226 if candidate
.bytes
== calculated
.bytes
{
227 match candidate
.filename
{
228 None
=> ok
= Some(candidate
),
229 Some(ref candidate_filename
) if candidate_filename
== &calculated
.filename
=> {
232 Some(ref candidate_filename
) => {
234 MessageLevel
::Warning
,
236 "The matched hash has filename '{}', which does not match the input.",
240 maybe
= Some(candidate
);
246 // Warn that a "successful" MD5 result is not necessarily great
247 if candidates
.alg
== Algorithm
::Md5
&& (ok
.is
_some
() || maybe
.is
_some
()) {
250 "MD5 can easily be forged. Use a stronger algorithm if possible.".to_owned(),
254 // If we got a full match, great
256 return Verification
{
257 match_level
: MatchLevel
::Ok
,
263 // Second priority, a "maybe" result
265 return Verification
{
266 match_level
: MatchLevel
::Maybe
,
267 comparison_hash
: maybe
,
272 // Otherwise we failed
273 // If we only had one candidate hash, include it
274 let comparison
= match candidates
.hashes
.len() {
275 1 => Some(&candidates
.hashes
[0]),
279 match_level
: MatchLevel
::Fail
,
280 comparison_hash
: comparison
,
290 fn test_read_raw_inputs() {
291 let example_path
= Path
::new("some_file");
292 let valid_md5
= "d229da563da18fe5d58cd95a6467d584";
293 let valid_sha1
= "b314c7ebb7d599944981908b7f3ed33a30e78f3a";
294 let valid_sha1_2
= valid_sha1
.to_uppercase();
295 let valid_sha256
= "1eb85fc97224598dad1852b5d6483bbcf0aa8608790dcc657a5a2a761ae9c8c6";
299 let invalid3
= "d229da563da18fe5d58cd95a6467d58";
300 let invalid4
= "1eb85fc97224598dad1852b5d6483bbcf0aa8608790dcc657a5a2a761ae9c8c67";
301 let invalid5
= "1eb85fc97224598dad1852b5d 483bbcf0aa8608790dcc657a5a2a761ae9c8c6";
304 read_raw_candidate_from_file(valid_md5
, &example_path
),
305 Some(CandidateHashes
{
311 read_raw_candidate_from_file(valid_sha1
, &example_path
),
312 Some(CandidateHashes
{
313 alg
: Algorithm
::Sha1
,
318 read_raw_candidate_from_file(&valid_sha1_2
, &example_path
),
319 Some(CandidateHashes
{
320 alg
: Algorithm
::Sha1
,
325 read_raw_candidate_from_file(valid_sha256
, &example_path
),
326 Some(CandidateHashes
{
327 alg
: Algorithm
::Sha256
,
332 for i
in &[invalid1
, invalid2
, invalid3
, invalid4
, invalid5
] {
333 assert
!(read_raw_candidate_from_file(*i
, &example_path
).is
_none
());
338 fn test_read_shasums() {
339 let shasums
= "4b91f7a387a6edd4a7c0afb2897f1ca968c9695b *cp
340 75eb7420a9f5a260b04a3e8ad51e50f2838a17fc lel.txt
342 fe6c26d485a3573a1cb0ad0682f5105325a1905f shasums";
343 let lines
= shasums
.lines().map(|l
| std
::io
::Result
::Ok(l
));
344 let path
= Path
::new("SHASUMS");
345 let candidates
= read_coreutils_digests_from_file(lines
, &path
);
349 Some(CandidateHashes
{
350 alg
: Algorithm
::Sha1
,
353 bytes
: hex
::decode("4b91f7a387a6edd4a7c0afb2897f1ca968c9695b").unwrap
(),
354 filename
: Some("cp".to_owned()),
357 bytes
: hex
::decode("75eb7420a9f5a260b04a3e8ad51e50f2838a17fc").unwrap
(),
358 filename
: Some("lel.txt".to_owned()),
361 bytes
: hex
::decode("fe6c26d485a3573a1cb0ad0682f5105325a1905f").unwrap
(),
362 filename
: Some("shasums".to_owned()),
365 source
: VerificationSource
::DigestsFile(path
.to_string_lossy().to_string()),
371 fn test_invalid_shasums() {
372 let no_format
= "4b91f7a387a6edd4a7c0afb2897f1ca968c9695b cp";
373 let invalid_format
= "4b91f7a387a6edd4a7c0afb2897f1ca968c9695b .cp";
374 let extra_space
= "4b91f7a387a6edd4a7c0afb2897f1ca968c9695b cp";
376 for digest
in [no_format
, invalid_format
, extra_space
] {
377 let lines
= digest
.lines().map(|l
| std
::io
::Result
::Ok(l
));
379 read_coreutils_digests_from_file(lines
, Path
::new("SHASUMS")).is
_none
(),
380 "Should be invalid digest: {:?}",