16855097188

Committed 04 Aug 2025 03:13PM UTC coverage: 88.085%. Remained the same

Build # 16855097188

Build Type

push

github

Committed by

nicholasbishop

Commit Message

chore(deps): update crate-ci/typos action to v1.34.0

Run Details

414 of 470 relevant lines covered (88.09%)

7.57 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

97.67

/authenticode/src/authenticode_digest.rs

// Copyright 2023 Google LLC
//
// Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or
// https://www.apache.org/licenses/LICENSE-2.0> or the MIT license
// <LICENSE-MIT or https://opensource.org/licenses/MIT>, at your
// option. This file may not be copied, modified, or distributed
// except according to those terms.

use crate::usize_from_u32;
use crate::{PeOffsetError, PeTrait};
use alloc::vec::Vec;
use digest::Update;

fn authenticode_digest_impl(
    pe: &dyn PeTrait,
    digest: &mut dyn Update,
) -> Option<()> {
    let offsets = pe.offsets().ok()?;

    // Hash from beginning to checksum.
    let bytes = &pe.data().get(..offsets.check_sum)?;
    digest.update(bytes);

    // Hash from checksum to the security data directory.
    let bytes = &pe
        .data()
        .get(offsets.after_check_sum..offsets.security_data_dir)?;
    digest.update(bytes);

    // Hash from the security data directory to the end of the header.
    let bytes = &pe
        .data()
        .get(offsets.after_security_data_dir..offsets.after_header)?;
    digest.update(bytes);

    // Track offset as sections are hashed. This is used to hash data
    // after the sections.
    let mut sum_of_bytes_hashed = usize_from_u32(offsets.after_header as u32);

    // First sort the sections.
    let mut sections = (1..=pe.num_sections())
        .map(|i| pe.section_data_range(i))
        .collect::<Result<Vec<_>, PeOffsetError>>()
        .ok()?;
    sections.sort_unstable_by_key(|r| r.start);

    // Then hash each section's data.
    for section_range in sections {
        let bytes = &pe.data().get(section_range)?;

        digest.update(bytes);
        sum_of_bytes_hashed = sum_of_bytes_hashed.checked_add(bytes.len())?;
    }

    let mut extra_hash_len =
        pe.data().len().checked_sub(sum_of_bytes_hashed)?;

    // The certificate table is not included in the hash.
    if let Some(security_data_dir) = pe.certificate_table_range().ok()? {
        let size =
            security_data_dir.end.checked_sub(security_data_dir.start)?;
        extra_hash_len = extra_hash_len.checked_sub(size)?;
    }

    digest.update(pe.data().get(
        sum_of_bytes_hashed..sum_of_bytes_hashed.checked_add(extra_hash_len)?,
    )?);

    Some(())
}

/// Calculate an authenticode digest.
pub fn authenticode_digest(
    pe: &dyn PeTrait,
    digest: &mut dyn Update,
) -> Result<(), PeOffsetError> {
    authenticode_digest_impl(pe, digest).ok_or(PeOffsetError)
}

1	// Copyright 2023 Google LLC
2	//
3	// Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or
4	// https://www.apache.org/licenses/LICENSE-2.0> or the MIT license
5	// <LICENSE-MIT or https://opensource.org/licenses/MIT>, at your
6	// option. This file may not be copied, modified, or distributed
7	// except according to those terms.
8
9	use crate::usize_from_u32;
10	use crate::{PeOffsetError, PeTrait};
11	use alloc::vec::Vec;
12	use digest::Update;
13
14	fn authenticode_digest_impl(	5✔
15	pe: &dyn PeTrait,	5✔
16	digest: &mut dyn Update,	5✔
17	) -> Option<()> {	5✔
18	let offsets = pe.offsets().ok()?;	5✔
19
20	// Hash from beginning to checksum.
21	let bytes = &pe.data().get(..offsets.check_sum)?;	5✔
22	digest.update(bytes);	5✔
23
24	// Hash from checksum to the security data directory.
25	let bytes = &pe	5✔
26	.data()	5✔
27	.get(offsets.after_check_sum..offsets.security_data_dir)?;	5✔
28	digest.update(bytes);	5✔
29
30	// Hash from the security data directory to the end of the header.
31	let bytes = &pe	5✔
32	.data()	5✔
33	.get(offsets.after_security_data_dir..offsets.after_header)?;	5✔
34	digest.update(bytes);	5✔
35
36	// Track offset as sections are hashed. This is used to hash data
37	// after the sections.
38	let mut sum_of_bytes_hashed = usize_from_u32(offsets.after_header as u32);	5✔
39
40	// First sort the sections.
41	let mut sections = (1..=pe.num_sections())	5✔
42	.map(\|i\| pe.section_data_range(i))	10✔
43	.collect::<Result<Vec<_>, PeOffsetError>>()	5✔
44	.ok()?;	5✔
45	sections.sort_unstable_by_key(\|r\| r.start);	5✔
46
47	// Then hash each section's data.
48	for section_range in sections {	15✔
49	let bytes = &pe.data().get(section_range)?;	10✔
50
51	digest.update(bytes);	10✔
52	sum_of_bytes_hashed = sum_of_bytes_hashed.checked_add(bytes.len())?;	10✔
53	}
54
55	let mut extra_hash_len =	5✔
56	pe.data().len().checked_sub(sum_of_bytes_hashed)?;	5✔
57
58	// The certificate table is not included in the hash.
59	if let Some(security_data_dir) = pe.certificate_table_range().ok()? {	5✔
60	let size =	4✔
61	security_data_dir.end.checked_sub(security_data_dir.start)?;	4✔
62	extra_hash_len = extra_hash_len.checked_sub(size)?;	4✔
63	}	1✔
64
65	digest.update(pe.data().get(	5✔
66	sum_of_bytes_hashed..sum_of_bytes_hashed.checked_add(extra_hash_len)?,	5✔
67	)?);	×
68
69	Some(())	5✔
70	}	5✔
71
72	/// Calculate an authenticode digest.
73	pub fn authenticode_digest(	5✔
74	pe: &dyn PeTrait,	5✔
75	digest: &mut dyn Update,	5✔
76	) -> Result<(), PeOffsetError> {	5✔
77	authenticode_digest_impl(pe, digest).ok_or(PeOffsetError)	5✔
78	}	5✔

google / authenticode-rs / 16855097188

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous