siderust-archive 0.1.2

Reusable Rust bindings for the Siderust Archive: manifests, checksums, provenance, and runtime download of scientific datasets (IERS time data, kernels, planetary theories).
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94

// SPDX-License-Identifier: BSD-3-Clause
// Copyright (C) 2026 Vallés Puig, Ramon

//! SHA-256 checksum helpers used to verify archive datasets against the
//! checksums recorded in their manifests / provenance records.
//!
//! For compile-time pinning of embedded tables inside `siderust` (via
//! [`assert_data_checksum!`](https://docs.rs/siderust/latest/siderust/macro.assert_data_checksum.html)),
//! use `siderust::checksum` instead — that module provides a `const fn`
//! SHA-256 kernel and is not interchangeable with this runtime API.

/// Compute the lowercase hex SHA-256 digest of `bytes`.
///
/// ```
/// let hex = siderust_archive::checksum::sha256_hex(b"abc");
/// assert_eq!(
///     hex,
///     "ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad"
/// );
/// ```
pub fn sha256_hex(bytes: &[u8]) -> String {
    use sha2::{Digest, Sha256};
    let mut hasher = Sha256::new();
    hasher.update(bytes);
    to_hex(&hasher.finalize())
}

/// Lowercase hex encoding of a byte slice.
pub fn to_hex(bytes: &[u8]) -> String {
    let mut out = String::with_capacity(bytes.len() * 2);
    for byte in bytes {
        out.push_str(&format!("{byte:02x}"));
    }
    out
}

/// Error returned when an actual checksum does not match the expected one.
#[derive(Debug, Clone, PartialEq, Eq)]
pub struct ChecksumMismatch {
    pub label: String,
    pub expected: String,
    pub actual: String,
}

impl std::fmt::Display for ChecksumMismatch {
    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
        write!(
            f,
            "{} SHA-256 mismatch: expected {}, got {}",
            self.label, self.expected, self.actual
        )
    }
}

impl std::error::Error for ChecksumMismatch {}

/// Verify that `bytes` hash to the `expected` lowercase-hex SHA-256 digest.
pub fn verify_sha256(label: &str, bytes: &[u8], expected: &str) -> Result<(), ChecksumMismatch> {
    let actual = sha256_hex(bytes);
    if actual != expected {
        return Err(ChecksumMismatch {
            label: label.to_string(),
            expected: expected.to_string(),
            actual,
        });
    }
    Ok(())
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn sha256_of_abc_is_known_vector() {
        assert_eq!(
            sha256_hex(b"abc"),
            "ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad"
        );
    }

    #[test]
    fn verify_accepts_matching_digest() {
        let expected = sha256_hex(b"hello archive");
        assert!(verify_sha256("sample", b"hello archive", &expected).is_ok());
    }

    #[test]
    fn verify_rejects_mismatch() {
        let err = verify_sha256("sample", b"hello", "deadbeef").unwrap_err();
        assert_eq!(err.label, "sample");
        assert_eq!(err.expected, "deadbeef");
    }
}