Improve hash-entry implementation

.github/workflows/ci-go-cover.yml

@@ -14,7 +14,7 @@
 # 1. Change workflow name from "cover 100%" to "cover ≥92.5%". Script will automatically use 92.5%.  
 # 2. Update README.md to use the new path to badge.svg because the path includes the workflow name.
 
-name: cover ≥78%
+name: cover ≥78.8%
 on: [push, pull_request]
 jobs:
 

entity_test.go

@@ -21,7 +21,7 @@ func TestEntity_RoundtripOneRoleUint(t *testing.T) {
 	err = tv.SetRegID("https://acme.example")
 	assert.Nil(t, err)
 
-	err = tv.SetThumbprint(0, []byte{0x00, 0x01})
+	err = tv.SetThumbprint(Sha256_32, []byte{0x00, 0x01, 0x02, 0x03})
 	assert.Nil(t, err)
 
 	// When only one element is present role does not use the array wrap:
@@ -36,15 +36,15 @@ func TestEntity_RoundtripOneRoleUint(t *testing.T) {
 	//    01                  # unsigned(1)
 	//	  18 22               # unsigned(34)
 	//	  82                  # array(2)
-	//	     00               # unsigned(0)
-	//       42               # bytes(2)
-	//          0001          # "\x00\x01"
+	//	     06               # unsigned(6)
+	//       44               # bytes(4)
+	//          00010203      # "\x00\x01\x02\x03"
 	expectedCBOR := []byte{
 		0xa4, 0x18, 0x1f, 0x68, 0x41, 0x43, 0x4d, 0x45, 0x20, 0x4c, 0x74,
 		0x64, 0x18, 0x20, 0x74, 0x68, 0x74, 0x74, 0x70, 0x73, 0x3a, 0x2f,
 		0x2f, 0x61, 0x63, 0x6d, 0x65, 0x2e, 0x65, 0x78, 0x61, 0x6d, 0x70,
-		0x6c, 0x65, 0x18, 0x21, 0x01, 0x18, 0x22, 0x82, 0x00, 0x42, 0x00,
-		0x01,
+		0x6c, 0x65, 0x18, 0x21, 0x01, 0x18, 0x22, 0x82, 0x06, 0x44, 0x00,
+		0x01, 0x02, 0x03,
 	}
 
 	actual := roundTripper(t, tv, expectedCBOR).(Entity)

hashentry.go

@@ -28,56 +28,96 @@ type HashEntry struct {
 // Named Information Hash Algorithm Registry
 // https://www.iana.org/assignments/named-information/named-information.xhtml#hash-alg
 const (
-	sha256 = uint64(iota + 1)
-	sha256_128
-	sha256_120
-	sha256_96
-	sha256_64
-	sha256_32
-	sha384
-	sha512
-	sha3_224
-	sha3_256
-	sha3_384
-	sha3_512
+	Sha256 uint64 = (iota + 1)
+	Sha256_128
+	Sha256_120
+	Sha256_96
+	Sha256_64
+	Sha256_32
+	Sha384
+	Sha512
+	Sha3_224
+	Sha3_256
+	Sha3_384
+	Sha3_512
 )
 
 var (
+	algToValueLen = map[uint64]int{
+		Sha256:     32,
+		Sha256_128: 16,
+		Sha256_120: 15,
+		Sha256_96:  12,
+		Sha256_64:  8,
+		Sha256_32:  4,
+		Sha384:     48,
+		Sha512:     64,
+		Sha3_224:   28,
+		Sha3_256:   32,
+		Sha3_384:   48,
+		Sha3_512:   64,
+	}
+
 	algToString = map[uint64]string{
-		sha256:     "sha-256",
-		sha256_128: "sha-256-128",
-		sha256_120: "sha-256-120",
-		sha256_96:  "sha-256-96",
-		sha256_64:  "sha-256-64",
-		sha256_32:  "sha-256-32",
-		sha384:     "sha-384",
-		sha512:     "sha-512",
-		sha3_224:   "sha3-224",
-		sha3_256:   "sha3-256",
-		sha3_384:   "sha3-384",
-		sha3_512:   "sha3-512",
+		Sha256:     "sha-256",
+		Sha256_128: "sha-256-128",
+		Sha256_120: "sha-256-120",
+		Sha256_96:  "sha-256-96",
+		Sha256_64:  "sha-256-64",
+		Sha256_32:  "sha-256-32",
+		Sha384:     "sha-384",
+		Sha512:     "sha-512",
+		Sha3_224:   "sha3-224",
+		Sha3_256:   "sha3-256",
+		Sha3_384:   "sha3-384",
+		Sha3_512:   "sha3-512",
 	}
 
 	stringToAlg = map[string]uint64{
-		"sha-256":     sha256,
-		"sha-256-128": sha256_128,
-		"sha-256-120": sha256_120,
-		"sha-256-96":  sha256_96,
-		"sha-256-64":  sha256_64,
-		"sha-256-32":  sha256_32,
-		"sha-384":     sha384,
-		"sha-512":     sha512,
-		"sha3-224":    sha3_224,
-		"sha3-256":    sha3_256,
-		"sha3-384":    sha3_384,
-		"sha3-512":    sha3_512,
+		"sha-256":     Sha256,
+		"sha-256-128": Sha256_128,
+		"sha-256-120": Sha256_120,
+		"sha-256-96":  Sha256_96,
+		"sha-256-64":  Sha256_64,
+		"sha-256-32":  Sha256_32,
+		"sha-384":     Sha384,
+		"sha-512":     Sha512,
+		"sha3-224":    Sha3_224,
+		"sha3-256":    Sha3_256,
+		"sha3-384":    Sha3_384,
+		"sha3-512":    Sha3_512,
 	}
 )
 
 // Set assigns the supplied algID and hash value to the HashEntry receiver
 func (h *HashEntry) Set(algID uint64, value []byte) error {
+	if err := ValidHashEntry(algID, value); err != nil {
+		return err
+	}
+
 	h.HashAlgID = algID
 	h.HashValue = value
+
+	return nil
+}
+
+// ValidHashEntry checks whether the supplied algorithm identifier and hash
+// value are a coherent pair
+func ValidHashEntry(algID uint64, value []byte) error {
+	wantLen, ok := algToValueLen[algID]
+	if !ok {
+		return fmt.Errorf("unknown hash algorithm %d", algID)
+	}
+
+	gotLen := len(value)
+
+	if wantLen != gotLen {
+		return fmt.Errorf(
+			"length mismatch for hash algorithm %s: want %d bytes, got %d",
+			algToString[algID], wantLen, gotLen,
+		)
+	}
+
 	return nil
 }