Skip to content

Commit b637e33

Browse files
authored
Merge pull request DeusData#944 from DeusData/fix/dryrun-hardening
cli: compute self-update checksum in-process (portability)
2 parents 6e118fc + be410a6 commit b637e33

5 files changed

Lines changed: 214 additions & 31 deletions

File tree

Makefile.cbm

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -112,7 +112,8 @@ FOUNDATION_SRCS = \
112112
src/foundation/profile.c \
113113
src/foundation/dump_verify.c \
114114
src/foundation/limits.c \
115-
src/foundation/subprocess.c
115+
src/foundation/subprocess.c \
116+
src/foundation/sha256.c
116117

117118
# Existing extraction C code (compiled from current location)
118119
EXTRACTION_SRCS = \

src/cli/cli.c

Lines changed: 28 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,7 @@
88
#include "foundation/compat.h"
99
#include "foundation/platform.h"
1010
#include "foundation/constants.h"
11+
#include "foundation/sha256.h"
1112
#include "mcp/mcp.h" // cbm_mcp_tool_input_schema — CLI flag parser + per-tool --help
1213

1314
/* CLI buffer size constants. */
@@ -2960,44 +2961,47 @@ static bool prompt_yn(const char *question) {
29602961
return (buf[0] == 'y' || buf[0] == 'Y') ? true : false;
29612962
}
29622963

2963-
/* ── SHA-CBM_SZ_256 checksum verification ─────────────────────────────── */
2964+
/* ── SHA-256 checksum verification ─────────────────────────────── */
29642965

2965-
/* SHA-CBM_SZ_256 hex digest: CBM_SZ_64 hex chars + NUL */
2966+
/* SHA-256 hex digest: 64 hex chars + NUL */
29662967
#define SHA256_HEX_LEN CBM_SZ_64
29672968
#define SHA256_BUF_SIZE (SHA256_HEX_LEN + CLI_SKIP_ONE)
2968-
/* Minimum line length in checksums.txt: CBM_SZ_64 hex + 2 spaces + 1 char filename */
2969+
/* Minimum line length in checksums.txt: 64 hex + 2 spaces + 1 char filename */
29692970
#define CHECKSUM_LINE_MIN (SHA256_HEX_LEN + 2)
29702971

2971-
/* Compute the SHA-256 of a file using platform tools (sha256sum/shasum).
2972-
* Writes a 64-char hex digest + NUL to out. Returns 0 on success. Not static:
2972+
/* Compute the SHA-256 of a file in-process (no external hashing tool — those
2973+
* differ per OS, may be absent, and mis-quote paths under cmd.exe). Writes a
2974+
* 64-char hex digest + NUL to out. Returns 0 on success. Not static:
29732975
* exercised directly by the self-update checksum regression test. */
29742976
int cbm_cli_sha256_file(const char *path, char *out, size_t out_size) {
29752977
if (out_size < SHA256_BUF_SIZE) {
29762978
return CLI_ERR;
29772979
}
2978-
char cmd[CLI_BUF_1K];
2979-
#ifdef __APPLE__
2980-
snprintf(cmd, sizeof(cmd), "shasum -a 256 '%s' 2>/dev/null", path);
2981-
#else
2982-
snprintf(cmd, sizeof(cmd), "sha256sum '%s' 2>/dev/null", path);
2983-
#endif
2984-
FILE *fp = cbm_popen(cmd, "r");
2980+
FILE *fp = cbm_fopen(path, "rb");
29852981
if (!fp) {
29862982
return CLI_ERR;
29872983
}
2988-
char line[CLI_BUF_256];
2989-
if (fgets(line, sizeof(line), fp)) {
2990-
/* Output format: <CBM_SZ_64-char hash> <filename> */
2991-
char *space = strchr(line, ' ');
2992-
if (space && space - line == SHA256_HEX_LEN) {
2993-
memcpy(out, line, SHA256_HEX_LEN);
2994-
out[SHA256_HEX_LEN] = '\0';
2995-
cbm_pclose(fp);
2996-
return 0;
2997-
}
2984+
cbm_sha256_ctx ctx;
2985+
cbm_sha256_init(&ctx);
2986+
unsigned char buf[CLI_BUF_1K];
2987+
size_t n;
2988+
while ((n = fread(buf, 1, sizeof(buf), fp)) > 0) {
2989+
cbm_sha256_update(&ctx, buf, n);
29982990
}
2999-
cbm_pclose(fp);
3000-
return CLI_ERR;
2991+
int read_err = ferror(fp);
2992+
fclose(fp);
2993+
if (read_err) {
2994+
return CLI_ERR;
2995+
}
2996+
uint8_t digest[CBM_SHA256_DIGEST_LEN];
2997+
cbm_sha256_final(&ctx, digest);
2998+
static const char hex[] = "0123456789abcdef";
2999+
for (int i = 0; i < CBM_SHA256_DIGEST_LEN; i++) {
3000+
out[i * 2] = hex[digest[i] >> 4];
3001+
out[i * 2 + 1] = hex[digest[i] & 0x0f];
3002+
}
3003+
out[SHA256_HEX_LEN] = '\0';
3004+
return 0;
30013005
}
30023006

30033007
/* ── Download helper (shell-free curl via exec) ───────────────── */

src/foundation/sha256.c

Lines changed: 129 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,129 @@
1+
/* SHA-256 per FIPS 180-4. Straightforward reference implementation; validated
2+
* against the NIST test vectors in tests/test_cli.c. */
3+
4+
#include "foundation/sha256.h"
5+
6+
#include <string.h>
7+
8+
static const uint32_t K[64] = {
9+
0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
10+
0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
11+
0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
12+
0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
13+
0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
14+
0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
15+
0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
16+
0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2};
17+
18+
#define ROTR(x, n) (((x) >> (n)) | ((x) << (32 - (n))))
19+
#define CH(x, y, z) (((x) & (y)) ^ (~(x) & (z)))
20+
#define MAJ(x, y, z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
21+
#define EP0(x) (ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22))
22+
#define EP1(x) (ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25))
23+
#define SIG0(x) (ROTR(x, 7) ^ ROTR(x, 18) ^ ((x) >> 3))
24+
#define SIG1(x) (ROTR(x, 17) ^ ROTR(x, 19) ^ ((x) >> 10))
25+
26+
static void sha256_transform(cbm_sha256_ctx *c, const uint8_t *data) {
27+
uint32_t m[64];
28+
for (int i = 0, j = 0; i < 16; i++, j += 4) {
29+
m[i] = ((uint32_t)data[j] << 24) | ((uint32_t)data[j + 1] << 16) |
30+
((uint32_t)data[j + 2] << 8) | (uint32_t)data[j + 3];
31+
}
32+
for (int i = 16; i < 64; i++) {
33+
m[i] = SIG1(m[i - 2]) + m[i - 7] + SIG0(m[i - 15]) + m[i - 16];
34+
}
35+
36+
uint32_t a = c->state[0], b = c->state[1], cc = c->state[2], d = c->state[3];
37+
uint32_t e = c->state[4], f = c->state[5], g = c->state[6], h = c->state[7];
38+
39+
for (int i = 0; i < 64; i++) {
40+
uint32_t t1 = h + EP1(e) + CH(e, f, g) + K[i] + m[i];
41+
uint32_t t2 = EP0(a) + MAJ(a, b, cc);
42+
h = g;
43+
g = f;
44+
f = e;
45+
e = d + t1;
46+
d = cc;
47+
cc = b;
48+
b = a;
49+
a = t1 + t2;
50+
}
51+
52+
c->state[0] += a;
53+
c->state[1] += b;
54+
c->state[2] += cc;
55+
c->state[3] += d;
56+
c->state[4] += e;
57+
c->state[5] += f;
58+
c->state[6] += g;
59+
c->state[7] += h;
60+
}
61+
62+
void cbm_sha256_init(cbm_sha256_ctx *c) {
63+
c->bitlen = 0;
64+
c->buflen = 0;
65+
c->state[0] = 0x6a09e667;
66+
c->state[1] = 0xbb67ae85;
67+
c->state[2] = 0x3c6ef372;
68+
c->state[3] = 0xa54ff53a;
69+
c->state[4] = 0x510e527f;
70+
c->state[5] = 0x9b05688c;
71+
c->state[6] = 0x1f83d9ab;
72+
c->state[7] = 0x5be0cd19;
73+
}
74+
75+
void cbm_sha256_update(cbm_sha256_ctx *c, const void *data, size_t len) {
76+
const uint8_t *p = (const uint8_t *)data;
77+
for (size_t i = 0; i < len; i++) {
78+
c->buf[c->buflen++] = p[i];
79+
if (c->buflen == 64) {
80+
sha256_transform(c, c->buf);
81+
c->bitlen += 512;
82+
c->buflen = 0;
83+
}
84+
}
85+
}
86+
87+
void cbm_sha256_final(cbm_sha256_ctx *c, uint8_t out[CBM_SHA256_DIGEST_LEN]) {
88+
c->bitlen += (uint64_t)c->buflen * 8;
89+
90+
size_t i = c->buflen;
91+
c->buf[i++] = 0x80; /* append the '1' bit + zero padding */
92+
if (i > 56) {
93+
while (i < 64) {
94+
c->buf[i++] = 0;
95+
}
96+
sha256_transform(c, c->buf);
97+
i = 0;
98+
}
99+
while (i < 56) {
100+
c->buf[i++] = 0;
101+
}
102+
/* append the 64-bit big-endian message length */
103+
for (int j = 0; j < 8; j++) {
104+
c->buf[56 + j] = (uint8_t)(c->bitlen >> (56 - 8 * j));
105+
}
106+
sha256_transform(c, c->buf);
107+
108+
for (int j = 0; j < 8; j++) {
109+
out[j * 4] = (uint8_t)(c->state[j] >> 24);
110+
out[j * 4 + 1] = (uint8_t)(c->state[j] >> 16);
111+
out[j * 4 + 2] = (uint8_t)(c->state[j] >> 8);
112+
out[j * 4 + 3] = (uint8_t)(c->state[j]);
113+
}
114+
}
115+
116+
void cbm_sha256_hex(const void *data, size_t len, char out[CBM_SHA256_HEX_LEN + 1]) {
117+
uint8_t digest[CBM_SHA256_DIGEST_LEN];
118+
cbm_sha256_ctx c;
119+
cbm_sha256_init(&c);
120+
cbm_sha256_update(&c, data, len);
121+
cbm_sha256_final(&c, digest);
122+
123+
static const char hex[] = "0123456789abcdef";
124+
for (int i = 0; i < CBM_SHA256_DIGEST_LEN; i++) {
125+
out[i * 2] = hex[digest[i] >> 4];
126+
out[i * 2 + 1] = hex[digest[i] & 0x0f];
127+
}
128+
out[CBM_SHA256_HEX_LEN] = '\0';
129+
}

src/foundation/sha256.h

Lines changed: 30 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,30 @@
1+
#ifndef CBM_SHA256_H
2+
#define CBM_SHA256_H
3+
4+
/* In-process SHA-256 (FIPS 180-4). Used to verify the integrity of a
5+
* downloaded release before installing it, without shelling out to a
6+
* platform hashing tool (shasum / sha256sum / certutil) — those differ per
7+
* OS, may be absent, and mis-quote paths under cmd.exe. */
8+
9+
#include <stddef.h>
10+
#include <stdint.h>
11+
12+
#define CBM_SHA256_DIGEST_LEN 32 /* raw digest bytes */
13+
#define CBM_SHA256_HEX_LEN 64 /* lowercase hex chars (no NUL) */
14+
15+
typedef struct {
16+
uint32_t state[8];
17+
uint64_t bitlen;
18+
uint8_t buf[64];
19+
size_t buflen;
20+
} cbm_sha256_ctx;
21+
22+
void cbm_sha256_init(cbm_sha256_ctx *c);
23+
void cbm_sha256_update(cbm_sha256_ctx *c, const void *data, size_t len);
24+
void cbm_sha256_final(cbm_sha256_ctx *c, uint8_t out[CBM_SHA256_DIGEST_LEN]);
25+
26+
/* One-shot hash of a buffer to lowercase hex. `out` must hold
27+
* CBM_SHA256_HEX_LEN + 1 bytes (hex chars + NUL). */
28+
void cbm_sha256_hex(const void *data, size_t len, char out[CBM_SHA256_HEX_LEN + 1]);
29+
30+
#endif /* CBM_SHA256_H */

tests/test_cli.c

Lines changed: 25 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -3018,21 +3018,40 @@ TEST(cli_print_tool_help_issue680) {
30183018
* Guard the digest itself against a known vector. */
30193019
extern int cbm_cli_sha256_file(const char *path, char *out, size_t out_size);
30203020

3021-
TEST(cli_sha256_file_matches_known_vector) {
3021+
/* Hash `content` (len bytes) via a temp file and compare to expected hex.
3022+
* Returns 1 on match, 0 otherwise. */
3023+
static int sha256_vector_ok(const void *content, size_t len, const char *expected) {
30223024
char path[512];
30233025
snprintf(path, sizeof(path), "%s/cbm_sha_XXXXXX", cbm_tmpdir());
30243026
int fd = cbm_mkstemp(path);
3025-
ASSERT_TRUE(fd >= 0);
3027+
if (fd < 0) {
3028+
return 0;
3029+
}
30263030
FILE *fp = fdopen(fd, "wb");
3027-
ASSERT_NOT_NULL(fp);
3028-
fwrite("abc", 1, 3, fp); /* sha256("abc") is a NIST test vector */
3031+
if (!fp) {
3032+
return 0;
3033+
}
3034+
if (len > 0) {
3035+
fwrite(content, 1, len, fp);
3036+
}
30293037
fclose(fp);
30303038

30313039
char digest[128] = {0};
30323040
int rc = cbm_cli_sha256_file(path, digest, sizeof(digest));
30333041
remove(path);
3034-
ASSERT_EQ(rc, 0);
3035-
ASSERT_STR_EQ(digest, "ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad");
3042+
return rc == 0 && strcmp(digest, expected) == 0;
3043+
}
3044+
3045+
/* NIST FIPS 180-4 SHA-256 test vectors: empty input, a single block ("abc"),
3046+
* and a 56-byte input that forces the length padding into a second block. */
3047+
TEST(cli_sha256_file_matches_known_vector) {
3048+
ASSERT_TRUE(sha256_vector_ok(
3049+
"", 0, "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"));
3050+
ASSERT_TRUE(sha256_vector_ok(
3051+
"abc", 3, "ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad"));
3052+
ASSERT_TRUE(sha256_vector_ok(
3053+
"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 56,
3054+
"248d6a61d20638b8e5c026930c3e6039a33ce45964ff2167f6ecedd419db06c1"));
30363055
PASS();
30373056
}
30383057

0 commit comments

Comments
 (0)