From cf7346d48b5e177fe258dbc34c6f5bad8f01b54f Mon Sep 17 00:00:00 2001
From: spaced4ndy <8711996+spaced4ndy@users.noreply.github.com>
Date: Thu, 16 Feb 2023 21:01:41 +0400
Subject: [PATCH] xftp: cli - verify file digest (#640)

---
 src/Simplex/FileTransfer/Client/Main.hs | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/Simplex/FileTransfer/Client/Main.hs b/src/Simplex/FileTransfer/Client/Main.hs
index 4a7504211..5cac39829 100644
--- a/src/Simplex/FileTransfer/Client/Main.hs
+++ b/src/Simplex/FileTransfer/Client/Main.hs
@@ -289,7 +289,7 @@ cliSendFile SendOptions {filePath, outputDir, numRecipients, retryCount, tempPat
 cliReceiveFile :: ReceiveOptions -> ExceptT CLIError IO ()
 cliReceiveFile ReceiveOptions {fileDescription, filePath, retryCount, tempPath} = do
   fd <- ExceptT $ first (CLIError . ("Failed to parse file description: " <>)) . strDecode <$> B.readFile fileDescription
-  ValidFileDescription FileDescription {size, key, nonce, chunks} <- liftEither . first CLIError $ validateFileDescription fd
+  ValidFileDescription FileDescription {size, digest, key, nonce, chunks} <- liftEither . first CLIError $ validateFileDescription fd
   encPath <- getEncPath tempPath "xftp"
   -- withFile encPath WriteMode $ \h -> do
   --   liftIO $ LB.hPut h $ LB.replicate (unFileSize size) '#'
@@ -300,7 +300,8 @@ cliReceiveFile ReceiveOptions {fileDescription, filePath, retryCount, tempPath}
   -- chunks have to be ordered because of AppendMode
   forM_ (zip chunkSpecs chunks) $ \(chunkSpec, chunk) -> do
     downloadFileChunk a writeLock chunk chunkSpec
-  -- verify file digest
+  encDigest <- liftIO $ LC.sha512Hash <$> LB.readFile encPath
+  when (encDigest /= unFileDigest digest) $ throwError $ CLIError "File digest mismatch"
   decryptFile encPath key nonce
   whenM (doesFileExist encPath) $ removeFile encPath
   where