From ce8c22d25f827edc853a8bc96d506577f0b0badc Mon Sep 17 00:00:00 2001 From: Collin Funk Date: Sat, 4 Oct 2025 17:18:01 -0700 Subject: [PATCH] cksum: allow -a {blake2b,sha2,sha3} --check to work on base64 * NEWS: Mention the bug. * src/digest.c (split_3): Check that the base64 digest matches the length supported by the algorithm. (digest_check): Check that the read digest matches the base64 length of the algorithm's digest. The previous condition would not work for 'cksum -a blake2b -l 8 ...'. * tests/cksum/cksum-base64-untagged.sh: New file. * tests/local.mk (all_tests): Add the new test. --- NEWS | 4 +++ src/digest.c | 44 +++++++++++++++++++++--- tests/cksum/cksum-base64-untagged.sh | 50 ++++++++++++++++++++++++++++ tests/local.mk | 1 + 4 files changed, 95 insertions(+), 4 deletions(-) create mode 100755 tests/cksum/cksum-base64-untagged.sh diff --git a/NEWS b/NEWS index b8c4ed4ef0..428262debf 100644 --- a/NEWS +++ b/NEWS @@ -7,6 +7,10 @@ GNU coreutils NEWS -*- outline -*- `basenc --base58` would not operate correctly with input > 15561475 bytes. [bug introduced with --base58 in coreutils-9.8] + 'cksum --check' now supports base64 encoded input in untagged format, + for all length adjustable algorithms (blake2b, sha2, sha3). + [bug introduced in coreutils-9.2] + 'tail' outputs the correct number of lines again for non-small -n values. Previously it may have output too few lines. [bug introduced in coreutils-9.8] diff --git a/src/digest.c b/src/digest.c index ce0e222e1b..13b1667950 100644 --- a/src/digest.c +++ b/src/digest.c @@ -930,15 +930,51 @@ split_3 (char *s, size_t s_len, # endif unsigned char const *hp = *digest; digest_hex_bytes = 0; - while (c_isxdigit (*hp++)) - digest_hex_bytes++; + for (; c_isxdigit (*hp); ++hp, ++digest_hex_bytes) + ; # if HASH_ALGO_CKSUM + /* Check the number of base64 characters. This works because the hexadecimal + character set is a subset of the base64 character set. */ + size_t digest_base64_bytes = digest_hex_bytes; + size_t trailing_equals = 0; + for (; isubase64 (*hp); ++hp, ++digest_base64_bytes) + ; + for (; *hp == '='; ++hp, ++trailing_equals) + ; if ((cksum_algorithm == sha2 || cksum_algorithm == sha3) && digest_hex_bytes / 2 != SHA224_DIGEST_SIZE && digest_hex_bytes / 2 != SHA256_DIGEST_SIZE && digest_hex_bytes / 2 != SHA384_DIGEST_SIZE && digest_hex_bytes / 2 != SHA512_DIGEST_SIZE) - return false; + { + if (digest_base64_bytes + trailing_equals + == BASE64_LENGTH (SHA224_DIGEST_SIZE)) + digest_hex_bytes = SHA224_DIGEST_SIZE * 2; + else if (digest_base64_bytes + trailing_equals + == BASE64_LENGTH (SHA256_DIGEST_SIZE)) + digest_hex_bytes = SHA256_DIGEST_SIZE * 2; + else if (digest_base64_bytes + trailing_equals + == BASE64_LENGTH (SHA384_DIGEST_SIZE)) + digest_hex_bytes = SHA384_DIGEST_SIZE * 2; + else if (digest_base64_bytes + trailing_equals + == BASE64_LENGTH (SHA512_DIGEST_SIZE)) + digest_hex_bytes = SHA512_DIGEST_SIZE * 2; + else + return false; + } + else if (cksum_algorithm == blake2b + && digest_hex_bytes < digest_base64_bytes) + { + for (int j = 8; j <= DIGEST_MAX_LEN * 8; j += 8) + { + if (BASE64_LENGTH (j / 8) == digest_base64_bytes + trailing_equals + && j % 3 == trailing_equals) + { + digest_hex_bytes = j / 4; + break; + } + } + } # endif if (digest_hex_bytes < 2 || digest_hex_bytes % 2 || DIGEST_MAX_LEN * 2 < digest_hex_bytes) @@ -1332,7 +1368,7 @@ digest_check (char const *checkfile_name) { bool match = false; #if HASH_ALGO_CKSUM - if (d_len < digest_hex_bytes) + if (d_len == BASE64_LENGTH (digest_length / 8)) match = b64_equal (digest, bin_buffer); else #endif diff --git a/tests/cksum/cksum-base64-untagged.sh b/tests/cksum/cksum-base64-untagged.sh new file mode 100755 index 0000000000..14e1942892 --- /dev/null +++ b/tests/cksum/cksum-base64-untagged.sh @@ -0,0 +1,50 @@ +#!/bin/sh +# Test that cksum can guess the digest length from base64 checksums. + +# Copyright (C) 2025 Free Software Foundation, Inc. + +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +. "${srcdir=.}/tests/init.sh"; path_prepend_ ./src +print_ver_ cksum + +echo 'test input' > inp +echo 'inp: OK' > expout +echo 'cksum: truncated: no properly formatted checksum lines found' > experr + +for algorithm in sha2 sha3; do + for length in 224 256 384 512; do + # Create files with base64 checksums in the untagged format. + cksum -a $algorithm --length $length --base64 --untagged inp \ + > check || fail=1 + # Check that the length can be determined from the base64 checksum. + cksum -a $algorithm --check check > out || fail=1 + compare expout out || fail=1 + # Check that only valid lengths are supported. + sed 's|[a-zA-Z0-9+/=] inp$| inp|g' check > truncated || fail=1 + returns_ 1 cksum -a $algorithm --check truncated 2> err || fail=1 + compare experr err || fail=1 + done +done + +for length in 8 216 224 232 248 256 264 376 384 392 504 512; do + # Create files with base64 checksums in the untagged format. + cksum -a blake2b --length $length --base64 --untagged inp \ + > check || fail=1 + # Check that the length can be determined from the base64 checksum. + cksum -a blake2b --check check > out || fail=1 + compare expout out || fail=1 +done + +Exit $fail diff --git a/tests/local.mk b/tests/local.mk index 19bc194fb5..52184b7ac2 100644 --- a/tests/local.mk +++ b/tests/local.mk @@ -305,6 +305,7 @@ all_tests = \ tests/cksum/cksum-a.sh \ tests/cksum/cksum-c.sh \ tests/cksum/cksum-base64.pl \ + tests/cksum/cksum-base64-untagged.sh \ tests/cksum/cksum-raw.sh \ tests/misc/comm.pl \ tests/csplit/csplit.sh \ -- 2.47.3