]> git.saurik.com Git - apt.git/blame - apt-pkg/contrib/hashes.cc
support Signed-By in Release files as a sort of HPKP
[apt.git] / apt-pkg / contrib / hashes.cc
CommitLineData
63b1700f
AL
1// -*- mode: cpp; mode: fold -*-
2// Description /*{{{*/
3// $Id: hashes.cc,v 1.1 2001/03/06 07:15:29 jgg Exp $
4/* ######################################################################
5
6 Hashes - Simple wrapper around the hash functions
7
8 This is just used to make building the methods simpler, this is the
9 only interface required..
10
11 ##################################################################### */
12 /*}}}*/
13// Include Files /*{{{*/
ea542140
DK
14#include <config.h>
15
63b1700f 16#include <apt-pkg/hashes.h>
495e5cb2
MV
17#include <apt-pkg/fileutl.h>
18#include <apt-pkg/configuration.h>
453b82a3
DK
19#include <apt-pkg/md5.h>
20#include <apt-pkg/sha1.h>
21#include <apt-pkg/sha2.h>
aea7f4c8 22
453b82a3
DK
23#include <stddef.h>
24#include <algorithm>
ea542140 25#include <unistd.h>
448c38bd 26#include <stdlib.h>
495e5cb2
MV
27#include <string>
28#include <iostream>
63b1700f
AL
29 /*}}}*/
30
f4c3850e 31const char * HashString::_SupportedHashes[] =
495e5cb2 32{
23397c9d 33 "SHA512", "SHA256", "SHA1", "MD5Sum", "Checksum-FileSize", NULL
495e5cb2
MV
34};
35
36HashString::HashString()
37{
38}
39
8f3ba4e8 40HashString::HashString(std::string Type, std::string Hash) : Type(Type), Hash(Hash)
495e5cb2
MV
41{
42}
43
8f3ba4e8 44HashString::HashString(std::string StringedHash) /*{{{*/
495e5cb2 45{
f4c3850e 46 if (StringedHash.find(":") == std::string::npos)
495e5cb2 47 {
f4c3850e
DK
48 // legacy: md5sum without "MD5Sum:" prefix
49 if (StringedHash.size() == 32)
50 {
51 Type = "MD5Sum";
52 Hash = StringedHash;
53 }
54 if(_config->FindB("Debug::Hashes",false) == true)
55 std::clog << "HashString(string): invalid StringedHash " << StringedHash << std::endl;
495e5cb2
MV
56 return;
57 }
8f3ba4e8 58 std::string::size_type pos = StringedHash.find(":");
8a8feb29 59 Type = StringedHash.substr(0,pos);
495e5cb2
MV
60 Hash = StringedHash.substr(pos+1, StringedHash.size() - pos);
61
62 if(_config->FindB("Debug::Hashes",false) == true)
63 std::clog << "HashString(string): " << Type << " : " << Hash << std::endl;
64}
92fcbfc1 65 /*}}}*/
8f3ba4e8 66bool HashString::VerifyFile(std::string filename) const /*{{{*/
e6645b9f
MV
67{
68 std::string fileHash = GetHashForFile(filename);
69
70 if(_config->FindB("Debug::Hashes",false) == true)
71 std::clog << "HashString::VerifyFile: got: " << fileHash << " expected: " << toStr() << std::endl;
72
73 return (fileHash == Hash);
74}
75 /*}}}*/
76bool HashString::FromFile(std::string filename) /*{{{*/
77{
78 // pick the strongest hash
79 if (Type == "")
80 Type = _SupportedHashes[0];
81
82 Hash = GetHashForFile(filename);
83 return true;
84}
85 /*}}}*/
86std::string HashString::GetHashForFile(std::string filename) const /*{{{*/
495e5cb2 87{
8f3ba4e8 88 std::string fileHash;
495e5cb2
MV
89
90 FileFd Fd(filename, FileFd::ReadOnly);
f4c3850e 91 if(strcasecmp(Type.c_str(), "MD5Sum") == 0)
495e5cb2 92 {
2dcf7b8f 93 MD5Summation MD5;
109eb151 94 MD5.AddFD(Fd);
8f3ba4e8 95 fileHash = (std::string)MD5.Result();
2dcf7b8f 96 }
f4c3850e 97 else if (strcasecmp(Type.c_str(), "SHA1") == 0)
495e5cb2 98 {
2dcf7b8f 99 SHA1Summation SHA1;
109eb151 100 SHA1.AddFD(Fd);
8f3ba4e8 101 fileHash = (std::string)SHA1.Result();
2dcf7b8f 102 }
f4c3850e 103 else if (strcasecmp(Type.c_str(), "SHA256") == 0)
495e5cb2 104 {
2dcf7b8f 105 SHA256Summation SHA256;
109eb151 106 SHA256.AddFD(Fd);
8f3ba4e8 107 fileHash = (std::string)SHA256.Result();
495e5cb2 108 }
f4c3850e 109 else if (strcasecmp(Type.c_str(), "SHA512") == 0)
d9b9e9e2 110 {
2dcf7b8f 111 SHA512Summation SHA512;
109eb151 112 SHA512.AddFD(Fd);
8f3ba4e8 113 fileHash = (std::string)SHA512.Result();
d9b9e9e2 114 }
23397c9d
DK
115 else if (strcasecmp(Type.c_str(), "Checksum-FileSize") == 0)
116 strprintf(fileHash, "%llu", Fd.FileSize());
495e5cb2
MV
117 Fd.Close();
118
e6645b9f 119 return fileHash;
495e5cb2 120}
92fcbfc1 121 /*}}}*/
f4c3850e 122const char** HashString::SupportedHashes() /*{{{*/
495e5cb2
MV
123{
124 return _SupportedHashes;
125}
f4c3850e
DK
126 /*}}}*/
127APT_PURE bool HashString::empty() const /*{{{*/
495e5cb2
MV
128{
129 return (Type.empty() || Hash.empty());
130}
f4c3850e 131 /*}}}*/
6a4958d3
JAK
132
133APT_PURE static bool IsConfigured(const char *name, const char *what)
134{
135 std::string option;
136 strprintf(option, "APT::Hashes::%s::%s", name, what);
137 return _config->FindB(option, false);
138}
139
55ae7a51
MV
140APT_PURE bool HashString::usable() const /*{{{*/
141{
142 return (
143 (Type != "Checksum-FileSize") &&
51c04562 144 (Type != "MD5Sum") &&
6a4958d3
JAK
145 (Type != "SHA1") &&
146 !IsConfigured(Type.c_str(), "Untrusted")
55ae7a51
MV
147 );
148}
63d60998 149 /*}}}*/
f4c3850e
DK
150std::string HashString::toStr() const /*{{{*/
151{
152 return Type + ":" + Hash;
153}
154 /*}}}*/
155APT_PURE bool HashString::operator==(HashString const &other) const /*{{{*/
156{
157 return (strcasecmp(Type.c_str(), other.Type.c_str()) == 0 && Hash == other.Hash);
158}
159APT_PURE bool HashString::operator!=(HashString const &other) const
160{
161 return !(*this == other);
162}
163 /*}}}*/
164
b3501edb
DK
165bool HashStringList::usable() const /*{{{*/
166{
167 if (empty() == true)
168 return false;
169 std::string const forcedType = _config->Find("Acquire::ForceHash", "");
170 if (forcedType.empty() == true)
23397c9d 171 {
55ae7a51
MV
172 // See if there is at least one usable hash
173 for (auto const &hs: list)
174 if (hs.usable())
175 return true;
23397c9d
DK
176 return false;
177 }
b3501edb
DK
178 return find(forcedType) != NULL;
179}
180 /*}}}*/
f4c3850e
DK
181HashString const * HashStringList::find(char const * const type) const /*{{{*/
182{
183 if (type == NULL || type[0] == '\0')
184 {
b3501edb 185 std::string const forcedType = _config->Find("Acquire::ForceHash", "");
f4c3850e
DK
186 if (forcedType.empty() == false)
187 return find(forcedType.c_str());
188 for (char const * const * t = HashString::SupportedHashes(); *t != NULL; ++t)
189 for (std::vector<HashString>::const_iterator hs = list.begin(); hs != list.end(); ++hs)
190 if (strcasecmp(hs->HashType().c_str(), *t) == 0)
191 return &*hs;
192 return NULL;
193 }
194 for (std::vector<HashString>::const_iterator hs = list.begin(); hs != list.end(); ++hs)
195 if (strcasecmp(hs->HashType().c_str(), type) == 0)
196 return &*hs;
197 return NULL;
198}
199 /*}}}*/
448c38bd
DK
200unsigned long long HashStringList::FileSize() const /*{{{*/
201{
202 HashString const * const hsf = find("Checksum-FileSize");
203 if (hsf == NULL)
204 return 0;
205 std::string const hv = hsf->HashValue();
206 return strtoull(hv.c_str(), NULL, 10);
207}
208 /*}}}*/
4f51fd86
DK
209bool HashStringList::FileSize(unsigned long long const Size) /*{{{*/
210{
211 std::string size;
212 strprintf(size, "%llu", Size);
213 return push_back(HashString("Checksum-FileSize", size));
214}
215 /*}}}*/
f4c3850e
DK
216bool HashStringList::supported(char const * const type) /*{{{*/
217{
218 for (char const * const * t = HashString::SupportedHashes(); *t != NULL; ++t)
219 if (strcasecmp(*t, type) == 0)
220 return true;
221 return false;
222}
223 /*}}}*/
224bool HashStringList::push_back(const HashString &hashString) /*{{{*/
225{
226 if (hashString.HashType().empty() == true ||
227 hashString.HashValue().empty() == true ||
228 supported(hashString.HashType().c_str()) == false)
229 return false;
495e5cb2 230
f4c3850e
DK
231 // ensure that each type is added only once
232 HashString const * const hs = find(hashString.HashType().c_str());
233 if (hs != NULL)
234 return *hs == hashString;
235
236 list.push_back(hashString);
237 return true;
238}
239 /*}}}*/
240bool HashStringList::VerifyFile(std::string filename) const /*{{{*/
241{
495b7a61 242 if (usable() == false)
f4c3850e 243 return false;
495b7a61
DK
244
245 Hashes hashes(*this);
246 FileFd file(filename, FileFd::ReadOnly);
23397c9d 247 HashString const * const hsf = find("Checksum-FileSize");
495b7a61
DK
248 if (hsf != NULL)
249 {
250 std::string fileSize;
251 strprintf(fileSize, "%llu", file.FileSize());
252 if (hsf->HashValue() != fileSize)
253 return false;
254 }
255 hashes.AddFD(file);
256 HashStringList const hsl = hashes.GetHashStringList();
257 return hsl == *this;
f4c3850e
DK
258}
259 /*}}}*/
260bool HashStringList::operator==(HashStringList const &other) const /*{{{*/
495e5cb2 261{
b3501edb
DK
262 std::string const forcedType = _config->Find("Acquire::ForceHash", "");
263 if (forcedType.empty() == false)
264 {
f6d4ab9a 265 HashString const * const hs = find(forcedType);
b3501edb
DK
266 HashString const * const ohs = other.find(forcedType);
267 if (hs == NULL || ohs == NULL)
268 return false;
f6d4ab9a 269 return *hs == *ohs;
b3501edb 270 }
f4c3850e
DK
271 short matches = 0;
272 for (const_iterator hs = begin(); hs != end(); ++hs)
273 {
274 HashString const * const ohs = other.find(hs->HashType());
275 if (ohs == NULL)
276 continue;
277 if (*hs != *ohs)
278 return false;
279 ++matches;
280 }
281 if (matches == 0)
282 return false;
283 return true;
284}
285bool HashStringList::operator!=(HashStringList const &other) const
286{
287 return !(*this == other);
495e5cb2 288}
f4c3850e 289 /*}}}*/
495e5cb2 290
23397c9d
DK
291// PrivateHashes /*{{{*/
292class PrivateHashes {
293public:
294 unsigned long long FileSize;
9224ce3d 295 unsigned int CalcHashes;
23397c9d 296
e8afd168 297 explicit PrivateHashes(unsigned int const CalcHashes) : FileSize(0), CalcHashes(CalcHashes) {}
6c55f07a
DK
298 explicit PrivateHashes(HashStringList const &Hashes) : FileSize(0) {
299 unsigned int calcHashes = Hashes.usable() ? 0 : ~0;
300 if (Hashes.find("MD5Sum") != NULL)
301 calcHashes |= Hashes::MD5SUM;
302 if (Hashes.find("SHA1") != NULL)
303 calcHashes |= Hashes::SHA1SUM;
304 if (Hashes.find("SHA256") != NULL)
305 calcHashes |= Hashes::SHA256SUM;
306 if (Hashes.find("SHA512") != NULL)
307 calcHashes |= Hashes::SHA512SUM;
308 CalcHashes = calcHashes;
309 }
23397c9d
DK
310};
311 /*}}}*/
b3501edb 312// Hashes::Add* - Add the contents of data or FD /*{{{*/
9224ce3d 313bool Hashes::Add(const unsigned char * const Data, unsigned long long const Size)
b3501edb
DK
314{
315 bool Res = true;
586d8704 316APT_IGNORE_DEPRECATED_PUSH
9224ce3d 317 if ((d->CalcHashes & MD5SUM) == MD5SUM)
b3501edb 318 Res &= MD5.Add(Data, Size);
9224ce3d 319 if ((d->CalcHashes & SHA1SUM) == SHA1SUM)
b3501edb 320 Res &= SHA1.Add(Data, Size);
9224ce3d 321 if ((d->CalcHashes & SHA256SUM) == SHA256SUM)
b3501edb 322 Res &= SHA256.Add(Data, Size);
9224ce3d 323 if ((d->CalcHashes & SHA512SUM) == SHA512SUM)
b3501edb 324 Res &= SHA512.Add(Data, Size);
586d8704 325APT_IGNORE_DEPRECATED_POP
23397c9d 326 d->FileSize += Size;
b3501edb
DK
327 return Res;
328}
9224ce3d
DK
329bool Hashes::Add(const unsigned char * const Data, unsigned long long const Size, unsigned int const Hashes)
330{
331 d->CalcHashes = Hashes;
332 return Add(Data, Size);
333}
334bool Hashes::AddFD(int const Fd,unsigned long long Size)
63b1700f
AL
335{
336 unsigned char Buf[64*64];
ce928105 337 bool const ToEOF = (Size == UntilEOF);
04f4e1a3 338 while (Size != 0 || ToEOF)
63b1700f 339 {
650faab0 340 unsigned long long n = sizeof(Buf);
8f3ba4e8 341 if (!ToEOF) n = std::min(Size, n);
9ce3cfc9 342 ssize_t const Res = read(Fd,Buf,n);
650faab0 343 if (Res < 0 || (!ToEOF && Res != (ssize_t) n)) // error, or short read
1dab797c 344 return false;
04f4e1a3 345 if (ToEOF && Res == 0) // EOF
1dab797c 346 break;
63b1700f 347 Size -= Res;
9224ce3d 348 if (Add(Buf, Res) == false)
b3501edb 349 return false;
63b1700f
AL
350 }
351 return true;
109eb151 352}
9224ce3d
DK
353bool Hashes::AddFD(int const Fd,unsigned long long Size, unsigned int const Hashes)
354{
355 d->CalcHashes = Hashes;
356 return AddFD(Fd, Size);
357}
358bool Hashes::AddFD(FileFd &Fd,unsigned long long Size)
109eb151
DK
359{
360 unsigned char Buf[64*64];
361 bool const ToEOF = (Size == 0);
362 while (Size != 0 || ToEOF)
363 {
364 unsigned long long n = sizeof(Buf);
365 if (!ToEOF) n = std::min(Size, n);
366 unsigned long long a = 0;
367 if (Fd.Read(Buf, n, &a) == false) // error
368 return false;
369 if (ToEOF == false)
370 {
371 if (a != n) // short read
372 return false;
373 }
374 else if (a == 0) // EOF
375 break;
376 Size -= a;
9224ce3d 377 if (Add(Buf, a) == false)
b3501edb 378 return false;
109eb151
DK
379 }
380 return true;
9224ce3d
DK
381}
382bool Hashes::AddFD(FileFd &Fd,unsigned long long Size, unsigned int const Hashes)
383{
384 d->CalcHashes = Hashes;
385 return AddFD(Fd, Size);
63b1700f
AL
386}
387 /*}}}*/
b3501edb
DK
388HashStringList Hashes::GetHashStringList()
389{
390 HashStringList hashes;
586d8704 391APT_IGNORE_DEPRECATED_PUSH
9224ce3d
DK
392 if ((d->CalcHashes & MD5SUM) == MD5SUM)
393 hashes.push_back(HashString("MD5Sum", MD5.Result().Value()));
394 if ((d->CalcHashes & SHA1SUM) == SHA1SUM)
395 hashes.push_back(HashString("SHA1", SHA1.Result().Value()));
396 if ((d->CalcHashes & SHA256SUM) == SHA256SUM)
397 hashes.push_back(HashString("SHA256", SHA256.Result().Value()));
398 if ((d->CalcHashes & SHA512SUM) == SHA512SUM)
399 hashes.push_back(HashString("SHA512", SHA512.Result().Value()));
586d8704 400APT_IGNORE_DEPRECATED_POP
4f51fd86 401 hashes.FileSize(d->FileSize);
b3501edb
DK
402 return hashes;
403}
586d8704 404APT_IGNORE_DEPRECATED_PUSH
6c55f07a
DK
405Hashes::Hashes() : d(new PrivateHashes(~0)) { }
406Hashes::Hashes(unsigned int const Hashes) : d(new PrivateHashes(Hashes)) {}
407Hashes::Hashes(HashStringList const &Hashes) : d(new PrivateHashes(Hashes)) {}
23397c9d 408Hashes::~Hashes() { delete d; }
586d8704 409APT_IGNORE_DEPRECATED_POP