]> git.saurik.com Git - apt.git/blob - apt-pkg/contrib/hashes.cc
use unusable-for-security hashes for integrity checks
[apt.git] / apt-pkg / contrib / hashes.cc
1 // -*- mode: cpp; mode: fold -*-
2 // Description /*{{{*/
3 // $Id: hashes.cc,v 1.1 2001/03/06 07:15:29 jgg Exp $
4 /* ######################################################################
5
6 Hashes - Simple wrapper around the hash functions
7
8 This is just used to make building the methods simpler, this is the
9 only interface required..
10
11 ##################################################################### */
12 /*}}}*/
13 // Include Files /*{{{*/
14 #include <config.h>
15
16 #include <apt-pkg/hashes.h>
17 #include <apt-pkg/fileutl.h>
18 #include <apt-pkg/configuration.h>
19 #include <apt-pkg/md5.h>
20 #include <apt-pkg/sha1.h>
21 #include <apt-pkg/sha2.h>
22
23 #include <stddef.h>
24 #include <algorithm>
25 #include <unistd.h>
26 #include <stdlib.h>
27 #include <string>
28 #include <iostream>
29 /*}}}*/
30
31 const char * HashString::_SupportedHashes[] =
32 {
33 "SHA512", "SHA256", "SHA1", "MD5Sum", "Checksum-FileSize", NULL
34 };
35
36 HashString::HashString()
37 {
38 }
39
40 HashString::HashString(std::string Type, std::string Hash) : Type(Type), Hash(Hash)
41 {
42 }
43
44 HashString::HashString(std::string StringedHash) /*{{{*/
45 {
46 if (StringedHash.find(":") == std::string::npos)
47 {
48 // legacy: md5sum without "MD5Sum:" prefix
49 if (StringedHash.size() == 32)
50 {
51 Type = "MD5Sum";
52 Hash = StringedHash;
53 }
54 if(_config->FindB("Debug::Hashes",false) == true)
55 std::clog << "HashString(string): invalid StringedHash " << StringedHash << std::endl;
56 return;
57 }
58 std::string::size_type pos = StringedHash.find(":");
59 Type = StringedHash.substr(0,pos);
60 Hash = StringedHash.substr(pos+1, StringedHash.size() - pos);
61
62 if(_config->FindB("Debug::Hashes",false) == true)
63 std::clog << "HashString(string): " << Type << " : " << Hash << std::endl;
64 }
65 /*}}}*/
66 bool HashString::VerifyFile(std::string filename) const /*{{{*/
67 {
68 std::string fileHash = GetHashForFile(filename);
69
70 if(_config->FindB("Debug::Hashes",false) == true)
71 std::clog << "HashString::VerifyFile: got: " << fileHash << " expected: " << toStr() << std::endl;
72
73 return (fileHash == Hash);
74 }
75 /*}}}*/
76 bool HashString::FromFile(std::string filename) /*{{{*/
77 {
78 // pick the strongest hash
79 if (Type == "")
80 Type = _SupportedHashes[0];
81
82 Hash = GetHashForFile(filename);
83 return true;
84 }
85 /*}}}*/
86 std::string HashString::GetHashForFile(std::string filename) const /*{{{*/
87 {
88 std::string fileHash;
89
90 FileFd Fd(filename, FileFd::ReadOnly);
91 if(strcasecmp(Type.c_str(), "MD5Sum") == 0)
92 {
93 MD5Summation MD5;
94 MD5.AddFD(Fd);
95 fileHash = (std::string)MD5.Result();
96 }
97 else if (strcasecmp(Type.c_str(), "SHA1") == 0)
98 {
99 SHA1Summation SHA1;
100 SHA1.AddFD(Fd);
101 fileHash = (std::string)SHA1.Result();
102 }
103 else if (strcasecmp(Type.c_str(), "SHA256") == 0)
104 {
105 SHA256Summation SHA256;
106 SHA256.AddFD(Fd);
107 fileHash = (std::string)SHA256.Result();
108 }
109 else if (strcasecmp(Type.c_str(), "SHA512") == 0)
110 {
111 SHA512Summation SHA512;
112 SHA512.AddFD(Fd);
113 fileHash = (std::string)SHA512.Result();
114 }
115 else if (strcasecmp(Type.c_str(), "Checksum-FileSize") == 0)
116 strprintf(fileHash, "%llu", Fd.FileSize());
117 Fd.Close();
118
119 return fileHash;
120 }
121 /*}}}*/
122 const char** HashString::SupportedHashes() /*{{{*/
123 {
124 return _SupportedHashes;
125 }
126 /*}}}*/
127 APT_PURE bool HashString::empty() const /*{{{*/
128 {
129 return (Type.empty() || Hash.empty());
130 }
131 /*}}}*/
132 APT_PURE bool HashString::usable() const /*{{{*/
133 {
134 return (
135 (Type != "Checksum-FileSize") &&
136 (Type != "MD5Sum")
137 );
138 }
139 /*}}}*/
140 std::string HashString::toStr() const /*{{{*/
141 {
142 return Type + ":" + Hash;
143 }
144 /*}}}*/
145 APT_PURE bool HashString::operator==(HashString const &other) const /*{{{*/
146 {
147 return (strcasecmp(Type.c_str(), other.Type.c_str()) == 0 && Hash == other.Hash);
148 }
149 APT_PURE bool HashString::operator!=(HashString const &other) const
150 {
151 return !(*this == other);
152 }
153 /*}}}*/
154
155 bool HashStringList::usable() const /*{{{*/
156 {
157 if (empty() == true)
158 return false;
159 std::string const forcedType = _config->Find("Acquire::ForceHash", "");
160 if (forcedType.empty() == true)
161 {
162 // See if there is at least one usable hash
163 for (auto const &hs: list)
164 if (hs.usable())
165 return true;
166 return false;
167 }
168 return find(forcedType) != NULL;
169 }
170 /*}}}*/
171 HashString const * HashStringList::find(char const * const type) const /*{{{*/
172 {
173 if (type == NULL || type[0] == '\0')
174 {
175 std::string const forcedType = _config->Find("Acquire::ForceHash", "");
176 if (forcedType.empty() == false)
177 return find(forcedType.c_str());
178 for (char const * const * t = HashString::SupportedHashes(); *t != NULL; ++t)
179 for (std::vector<HashString>::const_iterator hs = list.begin(); hs != list.end(); ++hs)
180 if (strcasecmp(hs->HashType().c_str(), *t) == 0)
181 return &*hs;
182 return NULL;
183 }
184 for (std::vector<HashString>::const_iterator hs = list.begin(); hs != list.end(); ++hs)
185 if (strcasecmp(hs->HashType().c_str(), type) == 0)
186 return &*hs;
187 return NULL;
188 }
189 /*}}}*/
190 unsigned long long HashStringList::FileSize() const /*{{{*/
191 {
192 HashString const * const hsf = find("Checksum-FileSize");
193 if (hsf == NULL)
194 return 0;
195 std::string const hv = hsf->HashValue();
196 return strtoull(hv.c_str(), NULL, 10);
197 }
198 /*}}}*/
199 bool HashStringList::FileSize(unsigned long long const Size) /*{{{*/
200 {
201 std::string size;
202 strprintf(size, "%llu", Size);
203 return push_back(HashString("Checksum-FileSize", size));
204 }
205 /*}}}*/
206 bool HashStringList::supported(char const * const type) /*{{{*/
207 {
208 for (char const * const * t = HashString::SupportedHashes(); *t != NULL; ++t)
209 if (strcasecmp(*t, type) == 0)
210 return true;
211 return false;
212 }
213 /*}}}*/
214 bool HashStringList::push_back(const HashString &hashString) /*{{{*/
215 {
216 if (hashString.HashType().empty() == true ||
217 hashString.HashValue().empty() == true ||
218 supported(hashString.HashType().c_str()) == false)
219 return false;
220
221 // ensure that each type is added only once
222 HashString const * const hs = find(hashString.HashType().c_str());
223 if (hs != NULL)
224 return *hs == hashString;
225
226 list.push_back(hashString);
227 return true;
228 }
229 /*}}}*/
230 bool HashStringList::VerifyFile(std::string filename) const /*{{{*/
231 {
232 if (usable() == false)
233 return false;
234
235 Hashes hashes(*this);
236 FileFd file(filename, FileFd::ReadOnly);
237 HashString const * const hsf = find("Checksum-FileSize");
238 if (hsf != NULL)
239 {
240 std::string fileSize;
241 strprintf(fileSize, "%llu", file.FileSize());
242 if (hsf->HashValue() != fileSize)
243 return false;
244 }
245 hashes.AddFD(file);
246 HashStringList const hsl = hashes.GetHashStringList();
247 return hsl == *this;
248 }
249 /*}}}*/
250 bool HashStringList::operator==(HashStringList const &other) const /*{{{*/
251 {
252 std::string const forcedType = _config->Find("Acquire::ForceHash", "");
253 if (forcedType.empty() == false)
254 {
255 HashString const * const hs = find(forcedType);
256 HashString const * const ohs = other.find(forcedType);
257 if (hs == NULL || ohs == NULL)
258 return false;
259 return *hs == *ohs;
260 }
261 short matches = 0;
262 for (const_iterator hs = begin(); hs != end(); ++hs)
263 {
264 HashString const * const ohs = other.find(hs->HashType());
265 if (ohs == NULL)
266 continue;
267 if (*hs != *ohs)
268 return false;
269 ++matches;
270 }
271 if (matches == 0)
272 return false;
273 return true;
274 }
275 bool HashStringList::operator!=(HashStringList const &other) const
276 {
277 return !(*this == other);
278 }
279 /*}}}*/
280
281 // PrivateHashes /*{{{*/
282 class PrivateHashes {
283 public:
284 unsigned long long FileSize;
285 unsigned int CalcHashes;
286
287 explicit PrivateHashes(unsigned int const CalcHashes) : FileSize(0), CalcHashes(CalcHashes) {}
288 explicit PrivateHashes(HashStringList const &Hashes) : FileSize(0) {
289 unsigned int calcHashes = Hashes.usable() ? 0 : ~0;
290 if (Hashes.find("MD5Sum") != NULL)
291 calcHashes |= Hashes::MD5SUM;
292 if (Hashes.find("SHA1") != NULL)
293 calcHashes |= Hashes::SHA1SUM;
294 if (Hashes.find("SHA256") != NULL)
295 calcHashes |= Hashes::SHA256SUM;
296 if (Hashes.find("SHA512") != NULL)
297 calcHashes |= Hashes::SHA512SUM;
298 CalcHashes = calcHashes;
299 }
300 };
301 /*}}}*/
302 // Hashes::Add* - Add the contents of data or FD /*{{{*/
303 bool Hashes::Add(const unsigned char * const Data, unsigned long long const Size)
304 {
305 bool Res = true;
306 APT_IGNORE_DEPRECATED_PUSH
307 if ((d->CalcHashes & MD5SUM) == MD5SUM)
308 Res &= MD5.Add(Data, Size);
309 if ((d->CalcHashes & SHA1SUM) == SHA1SUM)
310 Res &= SHA1.Add(Data, Size);
311 if ((d->CalcHashes & SHA256SUM) == SHA256SUM)
312 Res &= SHA256.Add(Data, Size);
313 if ((d->CalcHashes & SHA512SUM) == SHA512SUM)
314 Res &= SHA512.Add(Data, Size);
315 APT_IGNORE_DEPRECATED_POP
316 d->FileSize += Size;
317 return Res;
318 }
319 bool Hashes::Add(const unsigned char * const Data, unsigned long long const Size, unsigned int const Hashes)
320 {
321 d->CalcHashes = Hashes;
322 return Add(Data, Size);
323 }
324 bool Hashes::AddFD(int const Fd,unsigned long long Size)
325 {
326 unsigned char Buf[64*64];
327 bool const ToEOF = (Size == UntilEOF);
328 while (Size != 0 || ToEOF)
329 {
330 unsigned long long n = sizeof(Buf);
331 if (!ToEOF) n = std::min(Size, n);
332 ssize_t const Res = read(Fd,Buf,n);
333 if (Res < 0 || (!ToEOF && Res != (ssize_t) n)) // error, or short read
334 return false;
335 if (ToEOF && Res == 0) // EOF
336 break;
337 Size -= Res;
338 if (Add(Buf, Res) == false)
339 return false;
340 }
341 return true;
342 }
343 bool Hashes::AddFD(int const Fd,unsigned long long Size, unsigned int const Hashes)
344 {
345 d->CalcHashes = Hashes;
346 return AddFD(Fd, Size);
347 }
348 bool Hashes::AddFD(FileFd &Fd,unsigned long long Size)
349 {
350 unsigned char Buf[64*64];
351 bool const ToEOF = (Size == 0);
352 while (Size != 0 || ToEOF)
353 {
354 unsigned long long n = sizeof(Buf);
355 if (!ToEOF) n = std::min(Size, n);
356 unsigned long long a = 0;
357 if (Fd.Read(Buf, n, &a) == false) // error
358 return false;
359 if (ToEOF == false)
360 {
361 if (a != n) // short read
362 return false;
363 }
364 else if (a == 0) // EOF
365 break;
366 Size -= a;
367 if (Add(Buf, a) == false)
368 return false;
369 }
370 return true;
371 }
372 bool Hashes::AddFD(FileFd &Fd,unsigned long long Size, unsigned int const Hashes)
373 {
374 d->CalcHashes = Hashes;
375 return AddFD(Fd, Size);
376 }
377 /*}}}*/
378 HashStringList Hashes::GetHashStringList()
379 {
380 HashStringList hashes;
381 APT_IGNORE_DEPRECATED_PUSH
382 if ((d->CalcHashes & MD5SUM) == MD5SUM)
383 hashes.push_back(HashString("MD5Sum", MD5.Result().Value()));
384 if ((d->CalcHashes & SHA1SUM) == SHA1SUM)
385 hashes.push_back(HashString("SHA1", SHA1.Result().Value()));
386 if ((d->CalcHashes & SHA256SUM) == SHA256SUM)
387 hashes.push_back(HashString("SHA256", SHA256.Result().Value()));
388 if ((d->CalcHashes & SHA512SUM) == SHA512SUM)
389 hashes.push_back(HashString("SHA512", SHA512.Result().Value()));
390 APT_IGNORE_DEPRECATED_POP
391 hashes.FileSize(d->FileSize);
392 return hashes;
393 }
394 APT_IGNORE_DEPRECATED_PUSH
395 Hashes::Hashes() : d(new PrivateHashes(~0)) { }
396 Hashes::Hashes(unsigned int const Hashes) : d(new PrivateHashes(Hashes)) {}
397 Hashes::Hashes(HashStringList const &Hashes) : d(new PrivateHashes(Hashes)) {}
398 Hashes::~Hashes() { delete d; }
399 APT_IGNORE_DEPRECATED_POP