Improve support hash algorithm documentation, remove support for exte…

…ndable-output functions (shake), parameterize error outputs by algorithm/size

Signed-off-by: Marcela Melara <marcela.melara@intel.com>

go/v1/resource_descriptor.go

@@ -5,22 +5,24 @@ Wrapper APIs for in-toto attestation ResourceDescriptor protos.
 package v1
 
 import (
-	"crypto/md5"
-	"crypto/sha1"
-	"crypto/sha512"
 	"encoding/hex"
 	"errors"
+	"fmt"
 )
 
 var (
-	ErrIncorrectDigestLength = errors.New("digest is not correct length")
+	ErrIncorrectDigestLength = errors.New("digest has incorrect length")
 	ErrInvalidDigestEncoding = errors.New("digest is not valid hex-encoded string")
 	ErrRDRequiredField       = errors.New("at least one of name, URI, or digest are required")
 )
 
-// Supported standard hash algorithms
-func isSupportedAlgorithm(alg string) (bool, int) {
-	algos := map[string]int{"md5": md5.Size, "sha1": sha1.Size, "shake128": md5.Size, "sha224": sha512.Size224, "sha3_224": sha512.Size224, "sha512_224": sha512.Size224, "sha256": sha512.Size256, "sha3_256": sha512.Size256, "sha512_256": sha512.Size256, "shake256": sha512.Size256, "sha384": sha512.Size384, "sha3_384": sha512.Size384, "sha512_384": sha512.Size384, "sha512": sha512.Size, "sha3_512": sha512.Size, "dirHash": sha512.Size256, "gitCommit": sha1.Size}
+// Indicates if a given fixed-size hash algorithm is supported by default and returns the algorithm's
+// digest size in bytes, if supported. We assume gitCommit and dirHash are aliases for sha1 and sha256, respectively.
+//
+// SHA digest sizes from https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf
+// MD5 digest size from https://www.rfc-editor.org/rfc/rfc1321.html#section-1
+func isSupportedFixedSizeAlgorithm(alg string) (bool, int) {
+	algos := map[string]int{"md5": 16, "sha1": 20, "sha224": 28, "sha512_224": 28, "sha256": 32, "sha512_256": 32, "sha384": 48, "sha512": 64, "sha3_224": 28, "sha3_256": 32, "sha3_384": 48, "sha3_512": 64, "gitCommit": 20, "dirHash": 32}
 
 	size, ok := algos[alg]
 	return ok, size
@@ -38,18 +40,18 @@ func (d *ResourceDescriptor) Validate() error {
 			// Per https://github.com/in-toto/attestation/blob/main/spec/v1/digest_set.md
 			// check encoding and length for supported algorithms;
 			// use of custom, unsupported algorithms is allowed and does not not generate validation errors.
-			supported, size := isSupportedAlgorithm(alg)
+			supported, size := isSupportedFixedSizeAlgorithm(alg)
 			if supported {
 				// the in-toto spec expects a hex-encoded string in DigestSets for supported algorithms
 				hashBytes, err := hex.DecodeString(digest)
 
 				if err != nil {
-					return ErrInvalidDigestEncoding
+					return fmt.Errorf("%w: %s", ErrInvalidDigestEncoding, alg)
 				}
 
 				// check the length of the digest
 				if len(hashBytes) != size {
-					return ErrIncorrectDigestLength
+					return fmt.Errorf("%w: %s (got %d bytes, want %d bytes", ErrIncorrectDigestLength, alg, len(hashBytes), size)
 				}
 			}
 		}