Skip to content

G
git2
Commit 91365fd8 by Edward Thomson
Options

sha1: tests should use hashes, not oid computation 

The tests that examine sha1 behavior (including collision detection)
should test against the hash functionality directly, not indirectly
using the oid functions.
parent fc42c28e
Showing with 17 additions and 11 deletions
tests/core/sha1.c
...@@ -13,7 +13,7 @@ void test_core_sha1__cleanup(void) ...@@ -13,7 +13,7 @@ void test_core_sha1__cleanup(void)
cl_fixture_cleanup(FIXTURE_DIR); cl_fixture_cleanup(FIXTURE_DIR);
} }
static int sha1_file(git_oid *out, const char *filename) static int sha1_file(unsigned char *out, const char *filename)
{ {
git_hash_ctx ctx; git_hash_ctx ctx;
char buf[2048]; char buf[2048];
...@@ -31,7 +31,7 @@ static int sha1_file(git_oid *out, const char *filename) ...@@ -31,7 +31,7 @@ static int sha1_file(git_oid *out, const char *filename)
cl_assert_equal_i(0, read_len); cl_assert_equal_i(0, read_len);
p_close(fd); p_close(fd);
ret = git_hash_final(out->id, &ctx); ret = git_hash_final(out, &ctx);
git_hash_ctx_cleanup(&ctx); git_hash_ctx_cleanup(&ctx);
return ret; return ret;
...@@ -39,26 +39,32 @@ static int sha1_file(git_oid *out, const char *filename) ...@@ -39,26 +39,32 @@ static int sha1_file(git_oid *out, const char *filename)
void test_core_sha1__sum(void) void test_core_sha1__sum(void)
{ {
git_oid oid, expected; unsigned char expected[GIT_HASH_SHA1_SIZE] = {
0x4e, 0x72, 0x67, 0x9e, 0x3e, 0xa4, 0xd0, 0x4e, 0x0c, 0x64,
0x2f, 0x02, 0x9e, 0x61, 0xeb, 0x80, 0x56, 0xc7, 0xed, 0x94
};
unsigned char actual[GIT_HASH_SHA1_SIZE];
cl_git_pass(sha1_file(&oid, FIXTURE_DIR "/hello_c")); cl_git_pass(sha1_file(actual, FIXTURE_DIR "/hello_c"));
git_oid_fromstr(&expected, "4e72679e3ea4d04e0c642f029e61eb8056c7ed94"); cl_assert_equal_i(0, memcmp(expected, actual, GIT_HASH_SHA1_SIZE));
cl_assert_equal_oid(&expected, &oid);
} }
/* test that sha1 collision detection works when enabled */ /* test that sha1 collision detection works when enabled */
void test_core_sha1__detect_collision_attack(void) void test_core_sha1__detect_collision_attack(void)
{ {
git_oid oid, expected; unsigned char actual[GIT_HASH_SHA1_SIZE];
unsigned char expected[GIT_HASH_SHA1_SIZE] = {
0x38, 0x76, 0x2c, 0xf7, 0xf5, 0x59, 0x34, 0xb3, 0x4d, 0x17,
0x9a, 0xe6, 0xa4, 0xc8, 0x0c, 0xad, 0xcc, 0xbb, 0x7f, 0x0a
};
#ifdef GIT_SHA1_COLLISIONDETECT #ifdef GIT_SHA1_COLLISIONDETECT
GIT_UNUSED(&expected); GIT_UNUSED(&expected);
cl_git_fail(sha1_file(&oid, FIXTURE_DIR "/shattered-1.pdf")); cl_git_fail(sha1_file(actual, FIXTURE_DIR "/shattered-1.pdf"));
cl_assert_equal_s("SHA1 collision attack detected", git_error_last()->message); cl_assert_equal_s("SHA1 collision attack detected", git_error_last()->message);
#else #else
cl_git_pass(sha1_file(&oid, FIXTURE_DIR "/shattered-1.pdf")); cl_git_pass(sha1_file(actual, FIXTURE_DIR "/shattered-1.pdf"));
git_oid_fromstr(&expected, "38762cf7f55934b34d179ae6a4c80cadccbb7f0a"); cl_assert_equal_i(0, memcmp(expected, actual, GIT_HASH_SHA1_SIZE));
cl_assert_equal_oid(&expected, &oid);
#endif #endif
} }
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment