Add flag for manually specifying a hash algo when verifying

cmd/cosign/cli/options/signature_digest.go

@@ -0,0 +1,85 @@
+//
+// Copyright 2021 The Sigstore Authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package options
+
+import (
+	"crypto"
+	"fmt"
+	"sort"
+	"strings"
+
+	_ "crypto/sha256" // for sha224 + sha256
+	_ "crypto/sha512" // for sha384 + sha512
+
+	"github.com/spf13/cobra"
+)
+
+var supportedSignatureAlgorithms = map[string]crypto.Hash{
+	"sha224": crypto.SHA224,
+	"sha256": crypto.SHA256,
+	"sha384": crypto.SHA384,
+	"sha512": crypto.SHA512,
+}
+
+func supportedSignatureAlgorithmNames() []string {
+	names := make([]string, 0, len(supportedSignatureAlgorithms))
+
+	for name := range supportedSignatureAlgorithms {
+		names = append(names, name)
+	}
+
+	sort.Strings(names)
+
+	return names
+}
+
+// SignatureDigestOptions holds options for specifying which digest algorithm should
+// be used when processing a signature.
+type SignatureDigestOptions struct {
+	AlgorithmName string
+}
+
+var _ Interface = (*SignatureDigestOptions)(nil)
+
+// AddFlags implements Interface
+func (o *SignatureDigestOptions) AddFlags(cmd *cobra.Command) {
+	validSignatureDigestAlgorithms := strings.Join(supportedSignatureAlgorithmNames(), "|")
+
+	cmd.Flags().StringVar(&o.AlgorithmName, "signature-digest-algorithm", "sha256",
+		fmt.Sprintf("digest algorithm to use when processing a signature (%s)", validSignatureDigestAlgorithms))
+}
+
+// HashAlgorithm converts the algorithm's name - provided as a string - into a crypto.Hash algorithm.
+// Returns an error if the algorithm name doesn't match a supported algorithm, and defaults to SHA256
+// in the event that the given algorithm is invalid.
+func (o *SignatureDigestOptions) HashAlgorithm() (crypto.Hash, error) {
+	normalizedAlgo := strings.ToLower(strings.TrimSpace(o.AlgorithmName))
+
+	if normalizedAlgo == "" {
+		return crypto.SHA256, nil
+	}
+
+	algo, exists := supportedSignatureAlgorithms[normalizedAlgo]
+	if !exists {
+		return crypto.SHA256, fmt.Errorf("unknown digest algorithm: %s", o.AlgorithmName)
+	}
+
+	if !algo.Available() {
+		return crypto.SHA256, fmt.Errorf("hash %q is not available on this platform", o.AlgorithmName)
+	}
+
+	return algo, nil
+}

cmd/cosign/cli/options/verify.go

@@ -30,7 +30,8 @@ type VerifyOptions struct {
 	SecurityKey SecurityKeyOptions
 	Rekor       RekorOptions
 	// TODO: this seems like it should have the Fulcio options.
-	Registry RegistryOptions
+	Registry        RegistryOptions
+	SignatureDigest SignatureDigestOptions
 	AnnotationOptions
 }
 
@@ -41,6 +42,7 @@ func (o *VerifyOptions) AddFlags(cmd *cobra.Command) {
 	o.SecurityKey.AddFlags(cmd)
 	o.Rekor.AddFlags(cmd)
 	o.Registry.AddFlags(cmd)
+	o.SignatureDigest.AddFlags(cmd)
 	o.AnnotationOptions.AddFlags(cmd)
 
 	cmd.Flags().StringVar(&o.Key, "key", "",

cmd/cosign/cli/verify.go

@@ -46,9 +46,13 @@ against the transparency log.`,
   # (experimental) additionally, verify with the transparency log
   COSIGN_EXPERIMENTAL=1 cosign verify <IMAGE>
 
-  # verify image with public key
+  # verify image with an on-disk public key
   cosign verify --key cosign.pub <IMAGE>
 
+  # verify image with an on-disk public key, manually specifying the
+  # signature digest algorithm
+  cosign verify --key cosign.pub --signature-digest-algorithm sha512 <IMAGE>
+
   # verify image with public key provided by URL
   cosign verify --key https://host.for/[FILE] <IMAGE>
 
@@ -73,6 +77,12 @@ against the transparency log.`,
 			if err != nil {
 				return err
 			}
+
+			hashAlgorithm, err := o.SignatureDigest.HashAlgorithm()
+			if err != nil {
+				return err
+			}
+
 			v := verify.VerifyCommand{
 				RegistryOptions: o.Registry,
 				CheckClaims:     o.CheckClaims,
@@ -84,7 +94,10 @@ against the transparency log.`,
 				RekorURL:        o.Rekor.URL,
 				Attachment:      o.Attachment,
 				Annotations:     annotations,
+
+				HashAlgorithm: hashAlgorithm,
 			}
+
 			return v.Exec(cmd.Context(), args)
 		},
 	}

cmd/cosign/cli/verify/verify.go

@@ -17,6 +17,7 @@ package verify
 
 import (
 	"context"
+	"crypto"
 	"encoding/json"
 	"flag"
 	"fmt"
@@ -50,6 +51,8 @@ type VerifyCommand struct {
 	RekorURL    string
 	Attachment  string
 	Annotations sigs.AnnotationsMap
+
+	HashAlgorithm crypto.Hash
 }
 
 // Exec runs the verification command
@@ -65,6 +68,11 @@ func (c *VerifyCommand) Exec(ctx context.Context, images []string) (err error) {
 		return flag.ErrHelp
 	}
 
+	// always default to sha256 if the algorithm hasn't been explicitly set
+	if c.HashAlgorithm == 0 {
+		c.HashAlgorithm = crypto.SHA256
+	}
+
 	if !options.OneOf(c.KeyRef, c.Sk) && !options.EnableExperimental() {
 		return &options.KeyParseError{}
 	}
@@ -89,7 +97,7 @@ func (c *VerifyCommand) Exec(ctx context.Context, images []string) (err error) {
 	// Keys are optional!
 	var pubKey signature.Verifier
 	if keyRef != "" {
-		pubKey, err = sigs.PublicKeyFromKeyRef(ctx, keyRef)
+		pubKey, err = sigs.PublicKeyFromKeyRefWithHashAlgo(ctx, keyRef, c.HashAlgorithm)
 		if err != nil {
 			return errors.Wrap(err, "loading public key")
 		}

pkg/signature/keys.go

@@ -35,9 +35,16 @@ import (
 	"github.com/sigstore/sigstore/pkg/signature/kms"
 )
 
+// LoadPublicKey is a wrapper for VerifierForKeyRef, hardcoding SHA256 as the hash algorithm
 func LoadPublicKey(ctx context.Context, keyRef string) (verifier signature.Verifier, err error) {
+	return VerifierForKeyRef(ctx, keyRef, crypto.SHA256)
+}
+
+// VerifierForKeyRef parses the given keyRef, loads the key and returns an appropriate
+// verifier using the provided hash algorithm
+func VerifierForKeyRef(ctx context.Context, keyRef string, hashAlgorithm crypto.Hash) (verifier signature.Verifier, err error) {
 	// The key could be plaintext, in a file, at a URL, or in KMS.
-	if kmsKey, err := kms.Get(ctx, keyRef, crypto.SHA256); err == nil {
+	if kmsKey, err := kms.Get(ctx, keyRef, hashAlgorithm); err == nil {
 		// KMS specified
 		return kmsKey, nil
 	}
@@ -53,7 +60,8 @@ func LoadPublicKey(ctx context.Context, keyRef string) (verifier signature.Verif
 	if err != nil {
 		return nil, errors.Wrap(err, "pem to public key")
 	}
-	return signature.LoadVerifier(pubKey, crypto.SHA256)
+
+	return signature.LoadVerifier(pubKey, hashAlgorithm)
 }
 
 func loadKey(keyPath string, pf cosign.PassFunc) (*signature.ECDSASignerVerifier, error) {
@@ -68,13 +76,13 @@ func loadKey(keyPath string, pf cosign.PassFunc) (*signature.ECDSASignerVerifier
 	return cosign.LoadECDSAPrivateKey(kb, pass)
 }
 
-func loadPublicKey(raw []byte) (signature.Verifier, error) {
+func loadPublicKey(raw []byte, hashAlgorithm crypto.Hash) (signature.Verifier, error) {
 	// PEM encoded file.
 	ed, err := cosign.PemToECDSAKey(raw)
 	if err != nil {
 		return nil, errors.Wrap(err, "pem to ecdsa")
 	}
-	return signature.LoadECDSAVerifier(ed, crypto.SHA256)
+	return signature.LoadECDSAVerifier(ed, hashAlgorithm)
 }
 
 func SignerFromKeyRef(ctx context.Context, keyRef string, pf cosign.PassFunc) (signature.Signer, error) {
@@ -145,14 +153,18 @@ func SignerVerifierFromKeyRef(ctx context.Context, keyRef string, pf cosign.Pass
 }
 
 func PublicKeyFromKeyRef(ctx context.Context, keyRef string) (signature.Verifier, error) {
+	return PublicKeyFromKeyRefWithHashAlgo(ctx, keyRef, crypto.SHA256)
+}
+
+func PublicKeyFromKeyRefWithHashAlgo(ctx context.Context, keyRef string, hashAlgorithm crypto.Hash) (signature.Verifier, error) {
 	if strings.HasPrefix(keyRef, kubernetes.KeyReference) {
 		s, err := kubernetes.GetKeyPairSecret(ctx, keyRef)
 		if err != nil {
 			return nil, err
 		}
 
 		if len(s.Data) > 0 {
-			return loadPublicKey(s.Data["cosign.pub"])
+			return loadPublicKey(s.Data["cosign.pub"], hashAlgorithm)
 		}
 	}
 
@@ -191,11 +203,11 @@ func PublicKeyFromKeyRef(ctx context.Context, keyRef string) (signature.Verifier
 		}
 
 		if len(pubKey) > 0 {
-			return loadPublicKey([]byte(pubKey))
+			return loadPublicKey([]byte(pubKey), hashAlgorithm)
 		}
 	}
 
-	return LoadPublicKey(ctx, keyRef)
+	return VerifierForKeyRef(ctx, keyRef, hashAlgorithm)
 }
 
 func PublicKeyPem(key signature.PublicKeyProvider, pkOpts ...signature.PublicKeyOption) ([]byte, error) {

test/e2e_test.go

@@ -21,6 +21,7 @@ package test
 import (
 	"bytes"
 	"context"
+	"crypto"
 	"encoding/base64"
 	"encoding/json"
 	"fmt"
@@ -73,11 +74,12 @@ var passFunc = func(_ bool) ([]byte, error) {
 
 var verify = func(keyRef, imageRef string, checkClaims bool, annotations map[string]interface{}, attachment string) error {
 	cmd := cliverify.VerifyCommand{
-		KeyRef:      keyRef,
-		RekorURL:    rekorURL,
-		CheckClaims: checkClaims,
-		Annotations: sigs.AnnotationsMap{Annotations: annotations},
-		Attachment:  attachment,
+		KeyRef:        keyRef,
+		RekorURL:      rekorURL,
+		CheckClaims:   checkClaims,
+		Annotations:   sigs.AnnotationsMap{Annotations: annotations},
+		Attachment:    attachment,
+		HashAlgorithm: crypto.SHA256,
 	}
 
 	args := []string{imageRef}