Mercurial > dropbear
view libtomcrypt/demos/hashsum.c @ 1885:5d8dbb6fdab7
Fix SSH_PUBKEYINFO, limit characters, add tests
We fix a bad_bufptr() failure from a previous commit. We now limit
the allowed characters to those that will definitely be safe
in a shell. Some scripts/programs may use arbitrary environment
variables without escaping correctly - that could be a problem
in a restricted environment.
The current allowed set is a-z A-Z 0-9 .,_-+@
This also adds a test for SSH_PUBKEYINFO, by default it only runs
under github actions (or "act -j build").
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Wed, 16 Mar 2022 17:17:23 +0800 |
parents | 6dba84798cd5 |
children |
line wrap: on
line source
/* LibTomCrypt, modular cryptographic library -- Tom St Denis * * LibTomCrypt is a library that provides various cryptographic * algorithms in a highly modular and flexible manner. * * The library is free for all purposes without any express * guarantee it works. */ /* * Written by Daniel Richards <[email protected]> 6/7/2002 * hash.c: This app uses libtomcrypt to hash either stdin or a file * This file is Public Domain. No rights are reserved. * Compile with 'gcc hashsum.c -o hashsum -ltomcrypt' * This example isn't really big enough to warrent splitting into * more functions ;) */ #include <tomcrypt.h> #if defined(_POSIX_C_SOURCE) && _POSIX_C_SOURCE >= 200112L #include <libgen.h> #else #define basename(x) x #endif #if !defined(PATH_MAX) && defined(_MSC_VER) #include <windows.h> #define PATH_MAX MAX_PATH #endif /* thanks http://stackoverflow.com/a/8198009 */ #define _base(x) ((x >= '0' && x <= '9') ? '0' : \ (x >= 'a' && x <= 'f') ? 'a' - 10 : \ (x >= 'A' && x <= 'F') ? 'A' - 10 : \ '\255') #define HEXOF(x) (x - _base(x)) static char* hashsum; static void cleanup(void) { free(hashsum); } static void die(int status) { unsigned long w, x; FILE* o = status == EXIT_SUCCESS ? stdout : stderr; fprintf(o, "usage: %s -a algorithm [-c] [file...]\n\n", hashsum); fprintf(o, "\t-c\tCheck the hash(es) of the file(s) written in [file].\n"); fprintf(o, "\t\t(-a not required)\n"); fprintf(o, "\nAlgorithms:\n\t"); w = 0; for (x = 0; hash_descriptor[x].name != NULL; x++) { w += fprintf(o, "%-14s", hash_descriptor[x].name); if (w >= 70) { fprintf(o, "\n\t"); w = 0; } } if (w != 0) fprintf(o, "\n"); exit(status); } static void printf_hex(unsigned char* hash_buffer, unsigned long w) { unsigned long x; for (x = 0; x < w; x++) { printf("%02x",hash_buffer[x]); } } static void check_file(int argn, int argc, char **argv) { int err, failed, invalid; unsigned char is_buffer[MAXBLOCKSIZE], should_buffer[MAXBLOCKSIZE]; char buf[PATH_MAX + (MAXBLOCKSIZE * 3)]; /* iterate through all files */ while(argn < argc) { char* s; FILE* f = fopen(argv[argn], "rb"); if(f == NULL) { int n = snprintf(buf, sizeof(buf), "%s: %s", hashsum, argv[argn]); if (n > 0 && n < (int)sizeof(buf)) perror(buf); else perror(argv[argn]); exit(EXIT_FAILURE); } failed = 0; invalid = 0; /* read the file line by line */ while((s = fgets(buf, sizeof(buf), f)) != NULL) { int tries, n; unsigned long hash_len, w, x; char* space = strstr(s, " "); /* skip lines with comments */ if (buf[0] == '#') continue; if (space == NULL) { fprintf(stderr, "%s: no properly formatted checksum lines found\n", hashsum); goto ERR; } hash_len = space - s; hash_len /= 2; if (hash_len > sizeof(should_buffer)) { fprintf(stderr, "%s: hash too long\n", hashsum); goto ERR; } /* convert the hex-string back to binary */ for (x = 0; x < hash_len; ++x) { should_buffer[x] = HEXOF(s[x*2]) << 4 | HEXOF(s[x*2 + 1]); } space++; if (*space != '*') { fprintf(stderr, "%s: unsupported input mode '%c'\n", hashsum, *space); goto ERR; } space++; for (n = 0; n < (buf + sizeof(buf)) - space; ++n) { if(iscntrl((int)space[n])) { space[n] = '\0'; break; } } /* try all hash algorithms that have the appropriate hash size */ tries = 0; for (x = 0; hash_descriptor[x].name != NULL; ++x) { if (hash_descriptor[x].hashsize == hash_len) { tries++; w = sizeof(is_buffer); if ((err = hash_file(x, space, is_buffer, &w)) != CRYPT_OK) { fprintf(stderr, "%s: File hash error: %s: %s\n", hashsum, space, error_to_string(err)); ERR: fclose(f); exit(EXIT_FAILURE); } if(XMEMCMP(should_buffer, is_buffer, w) == 0) { printf("%s: OK\n", space); break; } } } /* for */ if (hash_descriptor[x].name == NULL) { if(tries > 0) { printf("%s: FAILED\n", space); failed++; } else { invalid++; } } } /* while */ fclose(f); if(invalid) { fprintf(stderr, "%s: WARNING: %d %s is improperly formatted\n", hashsum, invalid, invalid > 1?"lines":"line"); } if(failed) { fprintf(stderr, "%s: WARNING: %d computed %s did NOT match\n", hashsum, failed, failed > 1?"checksums":"checksum"); } argn++; } exit(EXIT_SUCCESS); } int main(int argc, char **argv) { int idxs[TAB_SIZE], idx, check, y, z, err, argn; unsigned long w, x; unsigned char hash_buffer[MAXBLOCKSIZE]; hashsum = strdup(basename(argv[0])); atexit(cleanup); /* You need to register algorithms before using them */ register_all_ciphers(); register_all_hashes(); if (argc > 1 && (strcmp("-h", argv[1]) == 0 || strcmp("--help", argv[1]) == 0)) { die(EXIT_SUCCESS); } if (argc < 3) { die(EXIT_FAILURE); } for (x = 0; x < sizeof(idxs)/sizeof(idxs[0]); ++x) { idxs[x] = -2; } argn = 1; check = 0; idx = 0; while(argn < argc){ if(strcmp("-a", argv[argn]) == 0) { argn++; if(argn < argc) { idxs[idx] = find_hash(argv[argn]); if (idxs[idx] == -1) { struct { const char* is; const char* should; } shasum_compat[] = { #ifdef LTC_SHA1 { "1", sha1_desc.name }, #endif #ifdef LTC_SHA224 { "224", sha224_desc.name }, #endif #ifdef LTC_SHA256 { "256", sha256_desc.name }, #endif #ifdef LTC_SHA384 { "384", sha384_desc.name }, #endif #ifdef LTC_SHA512 { "512", sha512_desc.name }, #endif #ifdef LTC_SHA512_224 { "512224", sha512_224_desc.name }, #endif #ifdef LTC_SHA512_256 { "512256", sha512_256_desc.name }, #endif { NULL, NULL } }; for (x = 0; shasum_compat[x].is != NULL; ++x) { if(XSTRCMP(shasum_compat[x].is, argv[argn]) == 0) { idxs[idx] = find_hash(shasum_compat[x].should); break; } } } if (idxs[idx] == -1) { fprintf(stderr, "%s: Unrecognized algorithm\n", hashsum); die(EXIT_FAILURE); } idx++; if ((size_t)idx >= sizeof(idxs)/sizeof(idxs[0])) { fprintf(stderr, "%s: Too many '-a' options chosen\n", hashsum); die(EXIT_FAILURE); } argn++; continue; } else { die(EXIT_FAILURE); } } if(strcmp("-c", argv[argn]) == 0) { check = 1; argn++; continue; } break; } if (check == 1) { check_file(argn, argc, argv); } if (argc == argn) { w = sizeof(hash_buffer); if ((err = hash_filehandle(idxs[0], stdin, hash_buffer, &w)) != CRYPT_OK) { fprintf(stderr, "%s: File hash error: %s\n", hashsum, error_to_string(err)); return EXIT_FAILURE; } else { for (x = 0; x < w; x++) { printf("%02x",hash_buffer[x]); } printf(" *-\n"); } } else { for (z = argn; z < argc; z++) { for (y = 0; y < idx; ++y) { w = sizeof(hash_buffer); if ((err = hash_file(idxs[y],argv[z],hash_buffer,&w)) != CRYPT_OK) { fprintf(stderr, "%s: File hash error: %s\n", hashsum, error_to_string(err)); return EXIT_FAILURE; } else { printf_hex(hash_buffer, w); printf(" *%s\n", argv[z]); } } } } return EXIT_SUCCESS; } /* ref: $Format:%D$ */ /* git commit: $Format:%H$ */ /* commit time: $Format:%ai$ */