Merge "SHA-1: collision detection support"

3 files changed, 111 insertions, 0 deletions

diff --git a/org.eclipse.jgit.test/tst-rsrc/org/eclipse/jgit/util/sha1/shattered-1.pdf b/org.eclipse.jgit.test/tst-rsrc/org/eclipse/jgit/util/sha1/shattered-1.pdf
new file mode 100644
index 0000000000..ba9aaa145c
--- /dev/null
+++ b/org.eclipse.jgit.test/tst-rsrc/org/eclipse/jgit/util/sha1/shattered-1.pdf
diff --git a/org.eclipse.jgit.test/tst-rsrc/org/eclipse/jgit/util/sha1/shattered-2.pdf b/org.eclipse.jgit.test/tst-rsrc/org/eclipse/jgit/util/sha1/shattered-2.pdf
new file mode 100644
index 0000000000..b621eeccd5
--- /dev/null
+++ b/org.eclipse.jgit.test/tst-rsrc/org/eclipse/jgit/util/sha1/shattered-2.pdf
diff --git a/org.eclipse.jgit.test/tst/org/eclipse/jgit/util/sha1/SHA1Test.java b/org.eclipse.jgit.test/tst/org/eclipse/jgit/util/sha1/SHA1Test.java
index 8642db79e3..07789898a4 100644
--- a/org.eclipse.jgit.test/tst/org/eclipse/jgit/util/sha1/SHA1Test.java
+++ b/org.eclipse.jgit.test/tst/org/eclipse/jgit/util/sha1/SHA1Test.java
@@ -44,12 +44,20 @@
 package org.eclipse.jgit.util.sha1;
 
 import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
+import static org.junit.Assume.assumeTrue;
 
+import java.io.IOException;
+import java.io.InputStream;
+import java.nio.ByteBuffer;
 import java.nio.charset.StandardCharsets;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
 
+import org.eclipse.jgit.lib.Constants;
 import org.eclipse.jgit.lib.ObjectId;
+import org.eclipse.jgit.util.IO;
 import org.junit.Test;
 
 public class SHA1Test {
@@ -124,4 +132,107 @@ public class SHA1Test {
 		assertEquals(exp, s1);
 		assertEquals(exp, s2);
 	}
+
+	@Test
+	public void shatteredCollision()
+			throws IOException, NoSuchAlgorithmException {
+		byte[] pdf1 = read("shattered-1.pdf", 422435);
+		byte[] pdf2 = read("shattered-2.pdf", 422435);
+		MessageDigest md;
+		SHA1 s;
+
+		// SHAttered attack generated these PDFs to have identical SHA-1.
+		ObjectId bad = ObjectId
+				.fromString("38762cf7f55934b34d179ae6a4c80cadccbb7f0a");
+		md = MessageDigest.getInstance("SHA-1");
+		md.update(pdf1);
+		assertEquals("shattered-1 collides", bad,
+				ObjectId.fromRaw(md.digest()));
+		s = SHA1.newInstance().setDetectCollision(false);
+		s.update(pdf1);
+		assertEquals("shattered-1 collides", bad, s.toObjectId());
+
+		md = MessageDigest.getInstance("SHA-1");
+		md.update(pdf2);
+		assertEquals("shattered-2 collides", bad,
+				ObjectId.fromRaw(md.digest()));
+		s = SHA1.newInstance().setDetectCollision(false);
+		s.update(pdf2);
+		assertEquals("shattered-2 collides", bad, s.toObjectId());
+
+		// SHA1 with detectCollision shouldn't be fooled.
+		s = SHA1.newInstance().setDetectCollision(true);
+		s.update(pdf1);
+		try {
+			s.digest();
+			fail("expected " + Sha1CollisionException.class.getSimpleName());
+		} catch (Sha1CollisionException e) {
+			assertEquals(e.getMessage(),
+					"SHA-1 collision detected on " + bad.name());
+		}
+
+		s = SHA1.newInstance().setDetectCollision(true);
+		s.update(pdf2);
+		try {
+			s.digest();
+			fail("expected " + Sha1CollisionException.class.getSimpleName());
+		} catch (Sha1CollisionException e) {
+			assertEquals(e.getMessage(),
+					"SHA-1 collision detected on " + bad.name());
+		}
+	}
+
+	@Test
+	public void shatteredStoredInGitBlob() throws IOException {
+		byte[] pdf1 = read("shattered-1.pdf", 422435);
+		byte[] pdf2 = read("shattered-2.pdf", 422435);
+
+		// Although the prior test detects the chance of a collision, adding
+		// the Git blob header permutes the data enough for this specific
+		// attack example to not be detected as a collision. (A different file
+		// pair that takes the Git header into account however, would.)
+		ObjectId id1 = blob(pdf1, SHA1.newInstance().setDetectCollision(true));
+		ObjectId id2 = blob(pdf2, SHA1.newInstance().setDetectCollision(true));
+
+		assertEquals(
+				ObjectId.fromString("ba9aaa145ccd24ef760cf31c74d8f7ca1a2e47b0"),
+				id1);
+		assertEquals(
+				ObjectId.fromString("b621eeccd5c7edac9b7dcba35a8d5afd075e24f2"),
+				id2);
+	}
+
+	@Test
+	public void detectsShatteredByDefault() throws IOException {
+		assumeTrue(System.getProperty("org.eclipse.jgit.util.sha1.detectCollision") == null);
+		assumeTrue(System.getProperty("org.eclipse.jgit.util.sha1.safeHash") == null);
+
+		byte[] pdf1 = read("shattered-1.pdf", 422435);
+		SHA1 s = SHA1.newInstance();
+		s.update(pdf1);
+		try {
+			s.digest();
+			fail("expected " + Sha1CollisionException.class.getSimpleName());
+		} catch (Sha1CollisionException e) {
+			assertTrue("shattered-1 detected", true);
+		}
+	}
+
+	private static ObjectId blob(byte[] pdf1, SHA1 s) {
+		s.update(Constants.encodedTypeString(Constants.OBJ_BLOB));
+		s.update((byte) ' ');
+		s.update(Constants.encodeASCII(pdf1.length));
+		s.update((byte) 0);
+		s.update(pdf1);
+		return s.toObjectId();
+	}
+
+	private byte[] read(String name, int sizeHint) throws IOException {
+		try (InputStream in = getClass().getResourceAsStream(name)) {
+			ByteBuffer buf = IO.readWholeStream(in, sizeHint);
+			byte[] r = new byte[buf.remaining()];
+			buf.get(r);
+			return r;
+		}
+	}
 }