Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

BaseFile._verify_hashes: handle sslib errors #1454

Merged
merged 1 commit into from
Jun 23, 2021
Merged

BaseFile._verify_hashes: handle sslib errors #1454

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 9 additions & 0 deletions tests/test_api.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -707,6 +707,15 @@ def test_length_and_hash_validation(self):
self.assertRaises(exceptions.LengthOrHashMismatchError,
snapshot_metafile.verify_length_and_hashes, data)

snapshot_metafile.hashes = {'unsupported-alg': "8f88e2ba48b412c3843e9bb26e1b6f8fc9e98aceb0fbaa97ba37b4c98717d7ab"}
self.assertRaises(exceptions.LengthOrHashMismatchError,
snapshot_metafile.verify_length_and_hashes, data)

# Test wrong algorithm format (sslib.FormatError)
snapshot_metafile.hashes = { 256: "8f88e2ba48b412c3843e9bb26e1b6f8fc9e98aceb0fbaa97ba37b4c98717d7ab"}
self.assertRaises(exceptions.LengthOrHashMismatchError,
snapshot_metafile.verify_length_and_hashes, data)
jku marked this conversation as resolved.
Show resolved Hide resolved

# test optional length and hashes
snapshot_metafile.length = None
snapshot_metafile.hashes = None
Expand Down
24 changes: 16 additions & 8 deletions tuf/api/metadata.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -679,12 +679,20 @@ def _verify_hashes(
"""Verifies that the hash of 'data' matches 'expected_hashes'"""
is_bytes = isinstance(data, bytes)
for algo, exp_hash in expected_hashes.items():
if is_bytes:
digest_object = sslib_hash.digest(algo)
digest_object.update(data)
else:
# if data is not bytes, assume it is a file object
digest_object = sslib_hash.digest_fileobject(data, algo)
try:
if is_bytes:
digest_object = sslib_hash.digest(algo)
digest_object.update(data)
else:
# if data is not bytes, assume it is a file object
digest_object = sslib_hash.digest_fileobject(data, algo)
except (
sslib_exceptions.UnsupportedAlgorithmError,
sslib_exceptions.FormatError,
) as e:
raise exceptions.LengthOrHashMismatchError(
f"Unsupported algorithm '{algo}'"
) from e

observed_hash = digest_object.hexdigest()
if observed_hash != exp_hash:
Expand Down Expand Up @@ -797,7 +805,7 @@ def verify_length_and_hashes(self, data: Union[bytes, BinaryIO]):
data: File object or its content in bytes.
Raises:
LengthOrHashMismatchError: Calculated length or hashes do not
match expected values.
match expected values or hash algorithm is not supported.
"""
if self.length is not None:
self._verify_length(data, self.length)
Expand Down Expand Up @@ -1094,7 +1102,7 @@ def verify_length_and_hashes(self, data: Union[bytes, BinaryIO]):
data: File object or its content in bytes.
Raises:
LengthOrHashMismatchError: Calculated length or hashes do not
match expected values.
match expected values or hash algorithm is not supported.
"""
self._verify_length(data, self.length)
self._verify_hashes(data, self.hashes)
Expand Down