]> code.octet-stream.net Git - hashgood/blob - src/verify.rs
Upgrade to maintained hashing libs
[hashgood] / src / verify.rs
1 use super::{
2 Algorithm, CandidateHash, CandidateHashes, Hash, MatchLevel, MessageLevel, Opt, Verification,
3 VerificationSource,
4 };
5 #[cfg(feature = "paste")]
6 use copypasta::{ClipboardContext, ClipboardProvider};
7 use std::fs::File;
8 use std::io;
9 use std::io::prelude::*;
10 use std::io::BufReader;
11 use std::path::Path;
12
13 /// Calculate a list of candidate hashes based on the options specified.
14 /// If no hash options have been specified returns None.
15 /// It is assumed to be verified previously that at most one mode has been specified.
16 pub fn get_candidate_hashes(opt: &Opt) -> Result<Option<CandidateHashes>, String> {
17 if let Some(hash_string) = &opt.hash {
18 return Ok(Some(get_by_parameter(hash_string)?));
19 } else if opt.get_paste() {
20 return Ok(Some(get_from_clipboard()?));
21 } else if let Some(hash_file) = &opt.hash_file {
22 return Ok(Some(get_from_file(hash_file)?));
23 }
24 Ok(None)
25 }
26
27 /// Generate a candidate hash from the provided command line parameter, or throw an error.
28 fn get_by_parameter(param: &str) -> Result<CandidateHashes, String> {
29 let bytes =
30 hex::decode(&param).map_err(|_| "Provided hash is invalid or truncated hex".to_owned())?;
31 let alg = Algorithm::from_len(bytes.len())?;
32 let candidate = CandidateHash {
33 filename: None,
34 bytes,
35 };
36 Ok(CandidateHashes {
37 alg,
38 hashes: vec![candidate],
39 source: VerificationSource::CommandArgument,
40 })
41 }
42
43 /// Generate a candidate hash from the system clipboard, or throw an error.
44 fn get_from_clipboard() -> Result<CandidateHashes, String> {
45 #[cfg(feature = "paste")]
46 {
47 let mut ctx: ClipboardContext = match ClipboardContext::new() {
48 Ok(ctx) => ctx,
49 Err(e) => return Err(format!("Error getting system clipboard: {}", e)),
50 };
51
52 let possible_hash = match ctx.get_contents() {
53 Ok(value) => value,
54 Err(e) => format!("Error reading from clipboard: {}", e),
55 };
56
57 let bytes = hex::decode(&possible_hash)
58 .map_err(|_| "Clipboard contains invalid or truncated hex".to_owned())?;
59 let alg = Algorithm::from_len(bytes.len())?;
60 let candidate = CandidateHash {
61 filename: None,
62 bytes,
63 };
64 Ok(CandidateHashes {
65 alg,
66 hashes: vec![candidate],
67 source: VerificationSource::Clipboard,
68 })
69 }
70 #[cfg(not(feature = "paste"))]
71 {
72 Err("Paste not implemented".to_owned())
73 }
74 }
75
76 /// Generate a candidate hash from the digests file specified (could be "-" for STDIN), or throw an error.
77 fn get_from_file(path: &Path) -> Result<CandidateHashes, String> {
78 // Get a reader for either standard input or the chosen path
79 let reader: Box<dyn Read> = if path.to_str() == Some("-") {
80 Box::new(std::io::stdin())
81 } else {
82 Box::new(File::open(path).map_err(|_| {
83 format!(
84 "Unable to open check file at path '{}'",
85 path.to_string_lossy()
86 )
87 })?)
88 };
89
90 // Read the first line, trimmed
91 let mut reader = BufReader::new(reader);
92 let mut line = String::new();
93 reader
94 .read_line(&mut line)
95 .map_err(|_| "Error reading from check file".to_owned())?;
96 let line = line.trim().to_owned();
97
98 // Does our first line look like a raw hash on its own? If so, use that
99 if let Some(candidate) = read_raw_candidate_from_file(&line, path) {
100 return Ok(candidate);
101 }
102
103 // Maybe it's a digests file
104 // Reconstruct the full iterator by joining our already-read line with the others
105 let full_lines = vec![Ok(line)].into_iter().chain(reader.lines());
106
107 // Does the entire file look like a coreutils-style digests file? (SHA1SUMS, etc.)
108 if let Some(candidate) = read_coreutils_digests_from_file(full_lines, path) {
109 return Ok(candidate);
110 }
111
112 // If neither of these techniques worked this is a fatal error
113 // The user requested we use this input but we couldn't
114 Err(format!(
115 "Provided check file '{}' was neither a hash nor a valid digests file",
116 path.to_string_lossy()
117 ))
118 }
119
120 fn try_parse_hash(s: &str) -> Option<(Algorithm, Vec<u8>)> {
121 let bytes = match hex::decode(s.trim()) {
122 Ok(bytes) => bytes,
123 _ => return None,
124 };
125 let alg = match Algorithm::from_len(bytes.len()) {
126 Ok(alg) => alg,
127 _ => return None,
128 };
129 Some((alg, bytes))
130 }
131
132 fn read_raw_candidate_from_file(line: &str, path: &Path) -> Option<CandidateHashes> {
133 let (alg, bytes) = try_parse_hash(line)?;
134 Some(CandidateHashes {
135 alg,
136 source: VerificationSource::RawFile(path.to_string_lossy().to_string()),
137 hashes: vec![CandidateHash {
138 bytes,
139 filename: None,
140 }],
141 })
142 }
143
144 fn read_coreutils_digests_from_file<I, S>(lines: I, path: &Path) -> Option<CandidateHashes>
145 where
146 I: Iterator<Item = io::Result<S>>,
147 S: AsRef<str>,
148 {
149 let mut hashes = vec![];
150 let mut alg: Option<Algorithm> = None;
151 for l in lines.flatten() {
152 let l = l.as_ref().trim();
153 // Allow (ignore) blank lines
154 if l.is_empty() {
155 continue;
156 }
157 // Expected format
158 // <valid-hash><space><space-or-*><filename>
159 let (line_alg, bytes, filename) = match l
160 .find(' ')
161 .and_then(|space_pos| {
162 // Char before filename should be space for text or * for binary
163 match l.chars().nth(space_pos + 1) {
164 Some(' ') | Some('*') => (l.get(..space_pos)).zip(l.get(space_pos + 2..)),
165 _ => None,
166 }
167 })
168 .and_then(|(maybe_hash, filename)| {
169 // Filename should be in this position without extra whitespace
170 if filename.trim() == filename {
171 try_parse_hash(maybe_hash).map(|(alg, bytes)| (alg, bytes, filename))
172 } else {
173 None
174 }
175 }) {
176 Some(t) => t,
177 None => {
178 // if we have a line with content we cannot parse, this is an error
179 return None;
180 }
181 };
182 if alg.is_some() && alg != Some(line_alg) {
183 // Different algorithms in the same digest file are not supported
184 return None;
185 } else {
186 // If we are the first line, we define the overall algorithm
187 alg = Some(line_alg);
188 }
189 // So far so good - create an entry for this line
190 hashes.push(CandidateHash {
191 bytes,
192 filename: Some(filename.to_owned()),
193 });
194 }
195
196 // It is a failure if we got zero hashes or we somehow don't know the algorithm
197 if hashes.is_empty() {
198 return None;
199 }
200 let alg = match alg {
201 Some(alg) => alg,
202 _ => return None,
203 };
204
205 // Otherwise all is well and we can return our results
206 Some(CandidateHashes {
207 alg,
208 source: VerificationSource::DigestsFile(path.to_string_lossy().to_string()),
209 hashes,
210 })
211 }
212
213 /// Determine if the calculated hash matches any of the candidates.
214 ///
215 /// Ok result: the hash matches, and if the candidate has a filename, that matches too
216 /// Maybe result: the hash matches but the filename does not
217 /// Fail result: neither of the above
218 pub fn verify_hash<'a>(calculated: &Hash, candidates: &'a CandidateHashes) -> Verification<'a> {
219 let mut ok: Option<&CandidateHash> = None;
220 let mut maybe: Option<&CandidateHash> = None;
221 let mut messages = Vec::new();
222
223 for candidate in &candidates.hashes {
224 if candidate.bytes == calculated.bytes {
225 match candidate.filename {
226 None => ok = Some(candidate),
227 Some(ref candidate_filename) if candidate_filename == &calculated.filename => {
228 ok = Some(candidate)
229 }
230 Some(ref candidate_filename) => {
231 messages.push((
232 MessageLevel::Warning,
233 format!(
234 "The matched hash has filename '{}', which does not match the input.",
235 candidate_filename
236 ),
237 ));
238 maybe = Some(candidate);
239 }
240 }
241 }
242 }
243
244 // Warn that a "successful" MD5 result is not necessarily great
245 if candidates.alg == Algorithm::Md5 && (ok.is_some() || maybe.is_some()) {
246 messages.push((
247 MessageLevel::Note,
248 "MD5 can easily be forged. Use a stronger algorithm if possible.".to_owned(),
249 ))
250 }
251
252 // If we got a full match, great
253 if ok.is_some() {
254 return Verification {
255 match_level: MatchLevel::Ok,
256 comparison_hash: ok,
257 messages,
258 };
259 }
260
261 // Second priority, a "maybe" result
262 if maybe.is_some() {
263 return Verification {
264 match_level: MatchLevel::Maybe,
265 comparison_hash: maybe,
266 messages,
267 };
268 }
269
270 // Otherwise we failed
271 // If we only had one candidate hash, include it
272 let comparison = match candidates.hashes.len() {
273 1 => Some(&candidates.hashes[0]),
274 _ => None,
275 };
276 Verification {
277 match_level: MatchLevel::Fail,
278 comparison_hash: comparison,
279 messages,
280 }
281 }
282
283 #[cfg(test)]
284 mod tests {
285 use super::*;
286
287 #[test]
288 fn test_read_raw_inputs() {
289 let example_path = Path::new("some_file");
290 let valid_md5 = "d229da563da18fe5d58cd95a6467d584";
291 let valid_sha1 = "b314c7ebb7d599944981908b7f3ed33a30e78f3a";
292 let valid_sha1_2 = valid_sha1.to_uppercase();
293 let valid_sha256 = "1eb85fc97224598dad1852b5d6483bbcf0aa8608790dcc657a5a2a761ae9c8c6";
294
295 let invalid1 = "x";
296 let invalid2 = "a";
297 let invalid3 = "d229da563da18fe5d58cd95a6467d58";
298 let invalid4 = "1eb85fc97224598dad1852b5d6483bbcf0aa8608790dcc657a5a2a761ae9c8c67";
299 let invalid5 = "1eb85fc97224598dad1852b5d 483bbcf0aa8608790dcc657a5a2a761ae9c8c6";
300
301 assert!(matches!(
302 read_raw_candidate_from_file(valid_md5, example_path),
303 Some(CandidateHashes {
304 alg: Algorithm::Md5,
305 ..
306 })
307 ));
308 assert!(matches!(
309 read_raw_candidate_from_file(valid_sha1, example_path),
310 Some(CandidateHashes {
311 alg: Algorithm::Sha1,
312 ..
313 })
314 ));
315 assert!(matches!(
316 read_raw_candidate_from_file(&valid_sha1_2, example_path),
317 Some(CandidateHashes {
318 alg: Algorithm::Sha1,
319 ..
320 })
321 ));
322 assert!(matches!(
323 read_raw_candidate_from_file(valid_sha256, example_path),
324 Some(CandidateHashes {
325 alg: Algorithm::Sha256,
326 ..
327 })
328 ));
329
330 for i in &[invalid1, invalid2, invalid3, invalid4, invalid5] {
331 assert!(read_raw_candidate_from_file(*i, example_path).is_none());
332 }
333 }
334
335 #[test]
336 fn test_read_shasums() {
337 let shasums = "4b91f7a387a6edd4a7c0afb2897f1ca968c9695b *cp
338 75eb7420a9f5a260b04a3e8ad51e50f2838a17fc lel.txt
339
340 fe6c26d485a3573a1cb0ad0682f5105325a1905f shasums";
341 let lines = shasums.lines().map(std::io::Result::Ok);
342 let path = Path::new("SHASUMS");
343 let candidates = read_coreutils_digests_from_file(lines, path);
344
345 assert_eq!(
346 candidates,
347 Some(CandidateHashes {
348 alg: Algorithm::Sha1,
349 hashes: vec![
350 CandidateHash {
351 bytes: hex::decode("4b91f7a387a6edd4a7c0afb2897f1ca968c9695b").unwrap(),
352 filename: Some("cp".to_owned()),
353 },
354 CandidateHash {
355 bytes: hex::decode("75eb7420a9f5a260b04a3e8ad51e50f2838a17fc").unwrap(),
356 filename: Some("lel.txt".to_owned()),
357 },
358 CandidateHash {
359 bytes: hex::decode("fe6c26d485a3573a1cb0ad0682f5105325a1905f").unwrap(),
360 filename: Some("shasums".to_owned()),
361 }
362 ],
363 source: VerificationSource::DigestsFile(path.to_string_lossy().to_string()),
364 })
365 );
366 }
367
368 #[test]
369 fn test_invalid_shasums() {
370 let no_format = "4b91f7a387a6edd4a7c0afb2897f1ca968c9695b cp";
371 let invalid_format = "4b91f7a387a6edd4a7c0afb2897f1ca968c9695b .cp";
372 let extra_space = "4b91f7a387a6edd4a7c0afb2897f1ca968c9695b cp";
373
374 for digest in [no_format, invalid_format, extra_space] {
375 let lines = digest.lines().map(std::io::Result::Ok);
376 assert!(
377 read_coreutils_digests_from_file(lines, Path::new("SHASUMS")).is_none(),
378 "Should be invalid digest: {:?}",
379 digest
380 );
381 }
382 }
383 }