zipsign_api/constants.rs
1// "\x0c\x04\x01" -- form feed, end of text, start of header
2// "ed25519ph" -- used algorithm
3// "\x00\x00" -- version number in network byte order
4/// Bytes preceding signatures
5pub(crate) const MAGIC_HEADER: &[u8; 14] = b"\x0c\x04\x01ed25519ph\x00\x00";
6
7/// Total number of bytes in a [`MAGIC_HEADER`] + [`SignatureCountLeInt`]
8pub(crate) const HEADER_SIZE: usize = 16;
9
10/// Integer type to tell the number of signatures in a signed file, stored in little endian
11pub(crate) type SignatureCountLeInt = u16;
12
13/// Prefix of the signature block in a signed .tar.gz file
14///
15/// Followed by base64 encoded signatures string, the current stream position before this block
16/// encoded as zero-padded 16 bytes hexadecimal string, and [`GZIP_END`]
17/// [`GZIP_END`]
18#[cfg(any(feature = "sign-tar", feature = "unsign-tar", feature = "verify-tar"))]
19pub(crate) const GZIP_START: &[u8; 10] = {
20 const EPOCH: u32 = 978_307_200; // 2001-01-01 00:00:00 Z
21
22 let [m1, m2, m3, m4] = EPOCH.to_le_bytes();
23 &[
24 0x1f, 0x8b, // gzip: magic number
25 0x08, // gzip: compression method (deflate)
26 0x10, // gzip: flags (binary, no checksum, no extra fields, no name, has comment)
27 m1, m2, m3, m4, // gzip: modification time
28 0x00, // gzip: extra flags (unset)
29 0xff, // gzip: Operating system ID: unknown
30 ]
31};
32
33/// Suffix of the signature block in a signed .tar.gz file
34#[cfg(any(feature = "sign-tar", feature = "unsign-tar", feature = "verify-tar"))]
35pub(crate) const GZIP_END: &[u8; 14] = &[
36 0x00, // deflate: NUL terminator, end of comments
37 0x01, // deflate: block header (final block, uncompressed)
38 0x00, 0x00, // deflate: length
39 0xff, 0xff, // deflate: negated length
40 0, 0, 0, 0, // gzip: crc32 of uncompressed data
41 0, 0, 0, 0, // gzip: total uncompressed size
42];
43
44/// Total overhead the signature block in a signed .tar.gz file excluding signature data
45#[cfg(feature = "sign-tar")]
46pub(crate) const GZIP_EXTRA: usize = GZIP_START.len() + GZIP_END.len() + u64::BITS as usize / 4;
47
48/// Maximum number of bytes the encoded signatures may have
49///
50/// This number equates to 1022 signatures in a `.zip` file, and 767 signatures in `.tar.gz` file.
51pub(crate) const BUF_LIMIT: usize = 1 << 16;