Package digest provides a generalized type to opaquely represent message digests and their operations within the registry. The Digest type is designed to serve as a flexible identifier in a content-addressable system. More importantly, it provides tools and wrappers to work with hash.Hash-based digests with little effort.
The format of a digest is simply a string with two parts, dubbed the "algorithm" and the "digest", separated by a colon:
An example of a sha256 digest representation follows:
The "algorithm" portion defines both the hashing algorithm used to calculate the digest and the encoding of the resulting digest, which defaults to "hex" if not otherwise specified. Currently, all supported algorithms have their digests encoded in hex strings.
In the example above, the string "sha256" is the algorithm and the hex bytes are the "digest".
Because the Digest type is simply a string, once a valid Digest is obtained, comparisons are cheap, quick and simple to express with the standard equality operator.
The main benefit of using the Digest type is simple verification against a given digest. The Verifier interface, modeled after the stdlib hash.Hash interface, provides a common write sink for digest verification. After writing is complete, calling the Verifier.Verified method will indicate whether or not the stream of bytes matches the target digest.
In addition to the above, we intend to add the following features to this package:
1. A Digester type that supports write sink digest calculation.
2. Suspend and resume of ongoing digest calculations to support efficient digest verification in the registry.
var ( // ErrDigestInvalidFormat returned when digest format invalid. ErrDigestInvalidFormat = fmt.Errorf("invalid checksum digest format") // ErrDigestInvalidLength returned when digest has invalid length. ErrDigestInvalidLength = fmt.Errorf("invalid checksum digest length") // ErrDigestUnsupported returned when the digest algorithm is unsupported. ErrDigestUnsupported = fmt.Errorf("unsupported digest algorithm") )
DigestRegexp matches valid digest types.
DigestRegexpAnchored matches valid digest types, anchored to the start and end of the match.
Algorithm identifies and implementation of a digester by an identifier. Note the that this defines both the hash algorithm used and the string encoding.
const ( SHA256 Algorithm = "sha256" // sha256 with hex encoding (lower case only) SHA384 Algorithm = "sha384" // sha384 with hex encoding (lower case only) SHA512 Algorithm = "sha512" // sha512 with hex encoding (lower case only) // Canonical is the primary digest algorithm used with the distribution // project. Other digests may be used but this one is the primary storage // digest. Canonical = SHA256 )
supported digest types
Available returns true if the digest type is available for use. If this returns false, Digester and Hash will return nil.
Digester returns a new digester for the specified algorithm. If the algorithm does not have a digester implementation, nil will be returned. This can be checked by calling Available before calling Digester.
Encode encodes the raw bytes of a digest, typically from a hash.Hash, into the encoded portion of the digest.
FromBytes digests the input and returns a Digest.
FromReader returns the digest of the reader using the algorithm.
FromString digests the string input and returns a Digest.
Hash returns a new hash as used by the algorithm. If not available, the method will panic. Check Algorithm.Available() before calling.
Set implemented to allow use of Algorithm as a command line flag.
Size returns number of bytes returned by the hash.
Validate validates the encoded portion string
Digest allows simple protection of hex formatted digest strings, prefixed by their algorithm. Strings of type Digest have some guarantee of being in the correct format and it provides quick access to the components of a digest string.
The following is an example of the contents of Digest types:
This allows to abstract the digest behind this type and work only in those terms.
FromBytes digests the input and returns a Digest.
FromReader consumes the content of rd until io.EOF, returning canonical digest.
FromString digests the input and returns a Digest.
NewDigest returns a Digest from alg and a hash.Hash object.
NewDigestFromBytes returns a new digest from the byte contents of p. Typically, this can come from hash.Hash.Sum(...) or xxx.SumXXX(...) functions. This is also useful for rebuilding digests from binary serializations.
NewDigestFromEncoded returns a Digest from alg and the encoded digest.
NewDigestFromHex is deprecated. Please use NewDigestFromEncoded.
Parse parses s and returns the validated digest object. An error will be returned if the format is invalid.
Algorithm returns the algorithm portion of the digest. This will panic if the underlying digest is not in a valid format.
Encoded returns the encoded portion of the digest. This will panic if the underlying digest is not in a valid format.
Hex is deprecated. Please use Digest.Encoded.
Validate checks that the contents of d is a valid digest, returning an error if not.
Verifier returns a writer object that can be used to verify a stream of content against the digest. If the digest is invalid, the method will panic.
Digester calculates the digest of written data. Writes should go directly to the return value of Hash, while calling Digest will return the current value of the digest.
Verifier presents a general verification interface to be used with message digests and other byte stream verifications. Users instantiate a Verifier from one of the various methods, write the data under test to it then check the result with the Verified method.