func testCertificates(ch <-chan []byte, wg *sync.WaitGroup) {
var h detectcoll.Hash
if *md5 {
h = detectcoll.NewMD5()
} else {
if *thorough {
h = detectcoll.NewSHA1Thorough()
} else {
h = detectcoll.NewSHA1()
}
}
for blob := range ch {
cert, err := x509.ParseCertificate(blob)
if err != nil {
// log.Printf("Error in cert %v: %s", err, base64.StdEncoding.EncodeToString(blob))
continue
}
h.Write(cert.RawTBSCertificate)
if sum, ok := h.DetectSum(nil); !ok {
log.Printf("Certificate has possible collision (hash=%x)", sum)
log.Print(base64.StdEncoding.EncodeToString(blob))
}
h.Reset()
}
wg.Done()
}
func checkForCollisions(fd io.Reader, filename string) bool {
if !*md5 && !*sha1 {
log.Fatal("No hash functions selected - please use -sha1 and/or -md5")
}
var md5h, sha1h detectcoll.Hash
var err error
if *md5 {
md5h = detectcoll.NewMD5()
}
if *sha1 {
if *thorough {
sha1h = detectcoll.NewSHA1Thorough()
} else {
sha1h = detectcoll.NewSHA1()
}
}
switch {
case *md5 && *sha1:
_, err = io.Copy(sha1h, io.TeeReader(fd, md5h))
case *md5:
_, err = io.Copy(md5h, fd)
case *sha1:
_, err = io.Copy(sha1h, fd)
}
if err != nil {
log.Fatalf("Unable to read file %s: %v", filename, err)
}
var ret bool = true
if *md5 {
sum, ok := md5h.DetectSum(nil)
fmt.Printf("md5(%s): %x\n", filename, sum)
if !ok {
log.Printf("MD5 Collision detected in %s!", filename)
}
ret = ret && ok
}
if *sha1 {
sum, ok := sha1h.DetectSum(nil)
fmt.Printf("sha1(%s): %x\n", filename, sum)
if !ok {
log.Printf("SHA-1 Collision detected in %s!", filename)
}
ret = ret && ok
}
return ret
}