From f4c3850ea335545e297504941dc8c7a8f1c83358 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Sun, 18 Aug 2013 23:17:05 +0200 Subject: add a simple container for HashStrings APT supports more than just one HashString and even allows to enforce the usage of a specific hash. This class is intended to help with storage and passing around of the HashStrings. Git-Dch: Ignore --- test/libapt/hashsums_test.cc | 64 +++++++++++++++++++++++++++++++++++--------- 1 file changed, 52 insertions(+), 12 deletions(-) (limited to 'test/libapt/hashsums_test.cc') diff --git a/test/libapt/hashsums_test.cc b/test/libapt/hashsums_test.cc index c06d85e03..ac7d41582 100644 --- a/test/libapt/hashsums_test.cc +++ b/test/libapt/hashsums_test.cc @@ -207,16 +207,56 @@ TEST(HashSumsTest, FileBased) } fd.Close(); - { - HashString sha2("SHA256", sha256.Value()); - EXPECT_TRUE(sha2.VerifyFile(__FILE__)); - } - { - HashString sha2("SHA512", sha512.Value()); - EXPECT_TRUE(sha2.VerifyFile(__FILE__)); - } - { - HashString sha2("SHA256:" + sha256.Value()); - EXPECT_TRUE(sha2.VerifyFile(__FILE__)); - } + HashString sha2file("SHA512", sha512.Value()); + EXPECT_TRUE(sha2file.VerifyFile(__FILE__)); + HashString sha2wrong("SHA512", "00000000000"); + EXPECT_FALSE(sha2wrong.VerifyFile(__FILE__)); + EXPECT_EQ(sha2file, sha2file); + EXPECT_TRUE(sha2file == sha2file); + EXPECT_NE(sha2file, sha2wrong); + EXPECT_TRUE(sha2file != sha2wrong); + + HashString sha2big("SHA256", sha256.Value()); + EXPECT_TRUE(sha2big.VerifyFile(__FILE__)); + HashString sha2small("sha256:" + sha256.Value()); + EXPECT_TRUE(sha2small.VerifyFile(__FILE__)); + EXPECT_EQ(sha2big, sha2small); + EXPECT_TRUE(sha2big == sha2small); + EXPECT_FALSE(sha2big != sha2small); + + HashStringList hashes; + EXPECT_TRUE(hashes.empty()); + EXPECT_TRUE(hashes.push_back(sha2file)); + EXPECT_FALSE(hashes.empty()); + EXPECT_EQ(1, hashes.size()); + + HashStringList wrong; + EXPECT_TRUE(wrong.push_back(sha2wrong)); + EXPECT_NE(wrong, hashes); + EXPECT_FALSE(wrong == hashes); + EXPECT_TRUE(wrong != hashes); + + HashStringList similar; + EXPECT_TRUE(similar.push_back(sha2big)); + EXPECT_NE(similar, hashes); + EXPECT_FALSE(similar == hashes); + EXPECT_TRUE(similar != hashes); + + EXPECT_TRUE(hashes.push_back(sha2big)); + EXPECT_EQ(2, hashes.size()); + EXPECT_TRUE(hashes.push_back(sha2small)); + EXPECT_EQ(2, hashes.size()); + EXPECT_FALSE(hashes.push_back(sha2wrong)); + EXPECT_EQ(2, hashes.size()); + EXPECT_TRUE(hashes.VerifyFile(__FILE__)); + + EXPECT_EQ(similar, hashes); + EXPECT_TRUE(similar == hashes); + EXPECT_FALSE(similar != hashes); + similar.clear(); + EXPECT_TRUE(similar.empty()); + EXPECT_EQ(0, similar.size()); + EXPECT_NE(similar, hashes); + EXPECT_FALSE(similar == hashes); + EXPECT_TRUE(similar != hashes); } -- cgit v1.2.3 From b3501edb7091ca3aa6c2d6d96dc667b8161dd2b9 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Mon, 19 Aug 2013 00:00:23 +0200 Subject: use HashStringList in the acquire system It is not very extensible to have the supported Hashes hardcoded everywhere and especially if it is part of virtual method names. It is also possible that a method does not support the 'best' hash (yet), so we might end up not being able to verify a file even though we have a common subset of supported hashes. And those are just two of the cases in which it is handy to have a more dynamic selection. The downside is that this is a MAJOR API break, but the HashStringList has a string constructor for compatibility, so with a bit of luck the few frontends playing with the acquire system directly are okay. --- test/libapt/hashsums_test.cc | 85 +++++++++++++++++++++++++++++++++++++++----- 1 file changed, 77 insertions(+), 8 deletions(-) (limited to 'test/libapt/hashsums_test.cc') diff --git a/test/libapt/hashsums_test.cc b/test/libapt/hashsums_test.cc index ac7d41582..2159996ff 100644 --- a/test/libapt/hashsums_test.cc +++ b/test/libapt/hashsums_test.cc @@ -1,5 +1,6 @@ #include +#include #include #include #include @@ -166,20 +167,26 @@ TEST(HashSumsTest, FileBased) { Hashes hashes; hashes.AddFD(fd.Fd()); - EXPECT_EQ(md5.Value(), hashes.MD5.Result().Value()); - EXPECT_EQ(sha1.Value(), hashes.SHA1.Result().Value()); - EXPECT_EQ(sha256.Value(), hashes.SHA256.Result().Value()); - EXPECT_EQ(sha512.Value(), hashes.SHA512.Result().Value()); + HashStringList list = hashes.GetHashStringList(); + EXPECT_FALSE(list.empty()); + EXPECT_EQ(4, list.size()); + EXPECT_EQ(md5.Value(), list.find("MD5Sum")->HashValue()); + EXPECT_EQ(sha1.Value(), list.find("SHA1")->HashValue()); + EXPECT_EQ(sha256.Value(), list.find("SHA256")->HashValue()); + EXPECT_EQ(sha512.Value(), list.find("SHA512")->HashValue()); } unsigned long sz = fd.FileSize(); fd.Seek(0); { Hashes hashes; hashes.AddFD(fd.Fd(), sz); - EXPECT_EQ(md5.Value(), hashes.MD5.Result().Value()); - EXPECT_EQ(sha1.Value(), hashes.SHA1.Result().Value()); - EXPECT_EQ(sha256.Value(), hashes.SHA256.Result().Value()); - EXPECT_EQ(sha512.Value(), hashes.SHA512.Result().Value()); + HashStringList list = hashes.GetHashStringList(); + EXPECT_FALSE(list.empty()); + EXPECT_EQ(4, list.size()); + EXPECT_EQ(md5.Value(), list.find("MD5Sum")->HashValue()); + EXPECT_EQ(sha1.Value(), list.find("SHA1")->HashValue()); + EXPECT_EQ(sha256.Value(), list.find("SHA256")->HashValue()); + EXPECT_EQ(sha512.Value(), list.find("SHA512")->HashValue()); } fd.Seek(0); { @@ -260,3 +267,65 @@ TEST(HashSumsTest, FileBased) EXPECT_FALSE(similar == hashes); EXPECT_TRUE(similar != hashes); } +TEST(HashSumsTest, HashStringList) +{ + _config->Clear("Acquire::ForceHash"); + + HashStringList list; + EXPECT_TRUE(list.empty()); + EXPECT_FALSE(list.usable()); + EXPECT_EQ(0, list.size()); + EXPECT_EQ(NULL, list.find(NULL)); + EXPECT_EQ(NULL, list.find("")); + EXPECT_EQ(NULL, list.find("MD5Sum")); + + HashStringList list2; + EXPECT_FALSE(list == list2); + EXPECT_TRUE(list != list2); + + Hashes hashes; + hashes.Add("The quick brown fox jumps over the lazy dog"); + list = hashes.GetHashStringList(); + EXPECT_FALSE(list.empty()); + EXPECT_TRUE(list.usable()); + EXPECT_EQ(4, list.size()); + EXPECT_TRUE(NULL != list.find(NULL)); + EXPECT_TRUE(NULL != list.find("")); + EXPECT_TRUE(NULL != list.find("MD5Sum")); + EXPECT_TRUE(NULL == list.find("ROT26")); + + _config->Set("Acquire::ForceHash", "MD5Sum"); + EXPECT_FALSE(list.empty()); + EXPECT_TRUE(list.usable()); + EXPECT_EQ(4, list.size()); + EXPECT_TRUE(NULL != list.find(NULL)); + EXPECT_TRUE(NULL != list.find("")); + EXPECT_TRUE(NULL != list.find("MD5Sum")); + EXPECT_TRUE(NULL == list.find("ROT26")); + + _config->Set("Acquire::ForceHash", "ROT26"); + EXPECT_FALSE(list.empty()); + EXPECT_FALSE(list.usable()); + EXPECT_EQ(4, list.size()); + EXPECT_TRUE(NULL == list.find(NULL)); + EXPECT_TRUE(NULL == list.find("")); + EXPECT_TRUE(NULL != list.find("MD5Sum")); + EXPECT_TRUE(NULL == list.find("ROT26")); + + _config->Clear("Acquire::ForceHash"); + + list2.push_back(*list.find("MD5Sum")); + EXPECT_TRUE(list == list2); + EXPECT_FALSE(list != list2); + + // introduce a mismatch to the list + list2.push_back(HashString("SHA1", "cacecbd74968bc90ea3342767e6b94f46ddbcafc")); + EXPECT_FALSE(list == list2); + EXPECT_TRUE(list != list2); + + _config->Set("Acquire::ForceHash", "MD5Sum"); + EXPECT_TRUE(list == list2); + EXPECT_FALSE(list != list2); + + _config->Clear("Acquire::ForceHash"); +} -- cgit v1.2.3 From 23397c9d7d4d455461176600bb45c81185493504 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Thu, 23 Oct 2014 16:54:00 +0200 Subject: promote filesize to a hashstring It is a very simple hashstring, which is why it isn't contributing to the usability of a list of them, but it is also trivial to check and calculate, so it doesn't hurt checking it either as it can combined even with the simplest other hashes greatly complicate attacks on them as you suddenly need a same-size hash collision, which is usually a lot harder to achieve. --- test/libapt/hashsums_test.cc | 25 +++++++++++++++++++------ 1 file changed, 19 insertions(+), 6 deletions(-) (limited to 'test/libapt/hashsums_test.cc') diff --git a/test/libapt/hashsums_test.cc b/test/libapt/hashsums_test.cc index 2159996ff..a19a0befd 100644 --- a/test/libapt/hashsums_test.cc +++ b/test/libapt/hashsums_test.cc @@ -163,30 +163,34 @@ TEST(HashSumsTest, FileBased) FileFd fd(__FILE__, FileFd::ReadOnly); EXPECT_TRUE(fd.IsOpen()); + std::string FileSize; + strprintf(FileSize, "%llu", fd.FileSize()); { Hashes hashes; hashes.AddFD(fd.Fd()); HashStringList list = hashes.GetHashStringList(); EXPECT_FALSE(list.empty()); - EXPECT_EQ(4, list.size()); + EXPECT_EQ(5, list.size()); EXPECT_EQ(md5.Value(), list.find("MD5Sum")->HashValue()); EXPECT_EQ(sha1.Value(), list.find("SHA1")->HashValue()); EXPECT_EQ(sha256.Value(), list.find("SHA256")->HashValue()); EXPECT_EQ(sha512.Value(), list.find("SHA512")->HashValue()); + EXPECT_EQ(FileSize, list.find("Checksum-FileSize")->HashValue()); } - unsigned long sz = fd.FileSize(); + unsigned long long sz = fd.FileSize(); fd.Seek(0); { Hashes hashes; hashes.AddFD(fd.Fd(), sz); HashStringList list = hashes.GetHashStringList(); EXPECT_FALSE(list.empty()); - EXPECT_EQ(4, list.size()); + EXPECT_EQ(5, list.size()); EXPECT_EQ(md5.Value(), list.find("MD5Sum")->HashValue()); EXPECT_EQ(sha1.Value(), list.find("SHA1")->HashValue()); EXPECT_EQ(sha256.Value(), list.find("SHA256")->HashValue()); EXPECT_EQ(sha512.Value(), list.find("SHA512")->HashValue()); + EXPECT_EQ(FileSize, list.find("Checksum-FileSize")->HashValue()); } fd.Seek(0); { @@ -279,37 +283,46 @@ TEST(HashSumsTest, HashStringList) EXPECT_EQ(NULL, list.find("")); EXPECT_EQ(NULL, list.find("MD5Sum")); + // empty lists aren't equal HashStringList list2; EXPECT_FALSE(list == list2); EXPECT_TRUE(list != list2); + // some hashes don't really contribute to usability + list.push_back(HashString("Checksum-FileSize", "29")); + EXPECT_FALSE(list.empty()); + EXPECT_FALSE(list.usable()); + Hashes hashes; hashes.Add("The quick brown fox jumps over the lazy dog"); list = hashes.GetHashStringList(); EXPECT_FALSE(list.empty()); EXPECT_TRUE(list.usable()); - EXPECT_EQ(4, list.size()); + EXPECT_EQ(5, list.size()); EXPECT_TRUE(NULL != list.find(NULL)); EXPECT_TRUE(NULL != list.find("")); EXPECT_TRUE(NULL != list.find("MD5Sum")); + EXPECT_TRUE(NULL != list.find("Checksum-FileSize")); EXPECT_TRUE(NULL == list.find("ROT26")); _config->Set("Acquire::ForceHash", "MD5Sum"); EXPECT_FALSE(list.empty()); EXPECT_TRUE(list.usable()); - EXPECT_EQ(4, list.size()); + EXPECT_EQ(5, list.size()); EXPECT_TRUE(NULL != list.find(NULL)); EXPECT_TRUE(NULL != list.find("")); EXPECT_TRUE(NULL != list.find("MD5Sum")); + EXPECT_TRUE(NULL != list.find("Checksum-FileSize")); EXPECT_TRUE(NULL == list.find("ROT26")); _config->Set("Acquire::ForceHash", "ROT26"); EXPECT_FALSE(list.empty()); EXPECT_FALSE(list.usable()); - EXPECT_EQ(4, list.size()); + EXPECT_EQ(5, list.size()); EXPECT_TRUE(NULL == list.find(NULL)); EXPECT_TRUE(NULL == list.find("")); EXPECT_TRUE(NULL != list.find("MD5Sum")); + EXPECT_TRUE(NULL != list.find("Checksum-FileSize")); EXPECT_TRUE(NULL == list.find("ROT26")); _config->Clear("Acquire::ForceHash"); -- cgit v1.2.3 From 9224ce3d4d1ea0428a70e75134998e08aa45b1e6 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Mon, 30 Mar 2015 20:47:13 +0200 Subject: calculate only expected hashes in methods Methods get told which hashes are expected by the acquire system, which means we can use this list to restrict what we calculate in the methods as any extra we are calculating is wasted effort as we can't compare it with anything anyway. Adding support for a new hash algorithm is therefore 'free' now and if a algorithm is no longer provided in a repository for a file, we automatically stop calculating it. In practice this results in a speed-up in Debian as we don't have SHA512 here (so far), so we practically stop calculating it. --- test/libapt/hashsums_test.cc | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) (limited to 'test/libapt/hashsums_test.cc') diff --git a/test/libapt/hashsums_test.cc b/test/libapt/hashsums_test.cc index a19a0befd..edcd8a11a 100644 --- a/test/libapt/hashsums_test.cc +++ b/test/libapt/hashsums_test.cc @@ -193,6 +193,30 @@ TEST(HashSumsTest, FileBased) EXPECT_EQ(FileSize, list.find("Checksum-FileSize")->HashValue()); } fd.Seek(0); + { + Hashes hashes(Hashes::MD5SUM | Hashes::SHA512SUM); + hashes.AddFD(fd); + HashStringList list = hashes.GetHashStringList(); + EXPECT_FALSE(list.empty()); + EXPECT_EQ(3, list.size()); + EXPECT_EQ(md5.Value(), list.find("MD5Sum")->HashValue()); + EXPECT_EQ(NULL, list.find("SHA1")); + EXPECT_EQ(NULL, list.find("SHA256")); + EXPECT_EQ(sha512.Value(), list.find("SHA512")->HashValue()); + EXPECT_EQ(FileSize, list.find("Checksum-FileSize")->HashValue()); + fd.Seek(0); + Hashes hashes2(list); + hashes2.AddFD(fd); + list = hashes2.GetHashStringList(); + EXPECT_FALSE(list.empty()); + EXPECT_EQ(3, list.size()); + EXPECT_EQ(md5.Value(), list.find("MD5Sum")->HashValue()); + EXPECT_EQ(NULL, list.find("SHA1")); + EXPECT_EQ(NULL, list.find("SHA256")); + EXPECT_EQ(sha512.Value(), list.find("SHA512")->HashValue()); + EXPECT_EQ(FileSize, list.find("Checksum-FileSize")->HashValue()); + } + fd.Seek(0); { MD5Summation MD5; MD5.AddFD(fd.Fd()); -- cgit v1.2.3