Add comment about custom digest algorithm validation and valid digest…

… test case Signed-off-by: Marcela Melara <marcela.melara@intel.com>
in-toto · Apr 4, 2024 · b8f895b · b8f895b
1 parent a3e6e7b
commit b8f895b
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 2 deletions.
diff --git a/go/v1/resource_descriptor.go b/go/v1/resource_descriptor.go
@@ -35,11 +35,12 @@ func (d *ResourceDescriptor) Validate() error {
 	if len(d.GetDigest()) > 0 {
 		for alg, digest := range d.GetDigest() {
 
-			// check encoding and length for supported algorithms
+			// Per https://github.com/in-toto/attestation/blob/main/spec/v1/digest_set.md
+			// check encoding and length for supported algorithms;
+			// use of custom, unsupported algorithms is allowed and does not not generate validation errors.
 			supported, size := isSupportedAlgorithm(alg)
 			if supported {
 				// the in-toto spec expects a hex-encoded string in DigestSets for supported algorithms
-				// https://github.com/in-toto/attestation/blob/main/spec/v1/digest_set.md
 				hashBytes, err := hex.DecodeString(digest)
 
 				if err != nil {

diff --git a/go/v1/resource_descriptor_test.go b/go/v1/resource_descriptor_test.go
@@ -15,6 +15,8 @@ import (
 
 const wantFullRd = `{"name":"theName","uri":"https://example.com","digest":{"alg1":"abc123"},"content":"Ynl0ZXNjb250ZW50","downloadLocation":"https://example.com/test.zip","mediaType":"theMediaType","annotations":{"a1":{"keyNum": 13,"keyStr":"value1"},"a2":{"keyObj":{"subKey":"subVal"}}}}`
 
+const supportedRdDigest = `{"digest":{"sha256":"a1234567b1234567c1234567d1234567e1234567f1234567a1234567b1234567","custom":"myCustomEnvoding","sha1":"a1234567b1234567c1234567d1234567e1234567"}}`
+
 const badRd = `{"downloadLocation":"https://example.com/test.zip","mediaType":"theMediaType"}`
 
 const badRdDigestEncoding = `{"digest":{"sha256":"badDigest"},"downloadLocation":"https://example.com/test.zip","mediaType":"theMediaType"}`
@@ -60,6 +62,16 @@ func TestJsonUnmarshalResourceDescriptor(t *testing.T) {
 	assert.True(t, proto.Equal(got, want), "Protos do not match")
 }
 
+func TestSupportedResourceDescriptorDigest(t *testing.T) {
+	got := &ResourceDescriptor{}
+	err := protojson.Unmarshal([]byte(supportedRdDigest), got)
+
+	assert.NoError(t, err, "Error during JSON unmarshalling")
+
+	err = got.Validate()
+	assert.NoError(t, err, "Error during validation of valid supported RD digests")
+}
+
 func TestBadResourceDescriptor(t *testing.T) {
 	got := &ResourceDescriptor{}
 	err := protojson.Unmarshal([]byte(badRd), got)