Add support for ed25519ph user keys in hashedrekord

[ret2libc]

Summary

Add support for Ed25519ph user keys in hashedrekord type, so we can test #1724 better with 2 options (ecdsa+sha256 and ed25519ph).

This change requires sigstore/sigstore#1595 and #1959 .

Release Note

• Added x509.NewSignatureWithOpts to support ED25519ph
• Allow ED25519 public keys when validating hashedrekord entries

Documentation

[ret2libc]

cc @woodruffw @tetsuo-cpp

I'm not sure if we need a new version for the change in hashedrekor which allows sha512 as hash algorithm and not only sha256.

[woodruffw]

Thanks @ret2libc!

Yeah, I think we may need a 0.0.2 here, which means we'll probably want to hold off on making the complete hashedrekord changes until we have a full list of hashes we want to support. But I'm not 100% sure about that.

CCing @haydentherapper for opinions + @laurentsimon since I know you've been looking at similar changes to Rekor/hashedrekord 🙂

[haydentherapper]

Just for context, when I wrote up #1325, my intention was to support ed25519ph only for hashedrekord, and ed25519 for all other types. This might mean making some changes to the 'pkg/pki/x509/x509' library to support loading in a custom verifier like on

rekor/pkg/pki/x509/x509.go

Line 87 in 70d6663

verifier, err := sigsig.LoadVerifier(p, crypto.SHA256)

[ret2libc]

What do you think about this way of customizing the verifier?

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 48.93%. Comparing base (488eb97) to head (4831505).
Report is 41 commits behind head on main.

Additional details and impacted files

@@             Coverage Diff             @@
##             main    #1945       +/-   ##
===========================================
- Coverage   66.46%   48.93%   -17.53%     
===========================================
  Files          92       80       -12     
  Lines        9258     6641     -2617     
===========================================
- Hits         6153     3250     -2903     
- Misses       2359     2987      +628     
+ Partials      746      404      -342     

Flag	Coverage Δ
e2etests	?
unittests	48.93% <100.00%> (+1.25%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[bobcallaway]

I threw this together as the smallest change to add sha384 and sha512 to the rekor type. I'm happy to use your PR as the definitive change, but wanted to compare/contrast what was strictly needed to extend the enum, VS what was needed for the ed25519ph key types.

i don't think we need a 0.0.2 version of hashedrekord for this, since we're not actually changing the structure or canonicalization logic of the type.

[bobcallaway]

this would need to be removed before merging.

[woodruffw]

Yep! I believe this is here until sigstore/sigstore#1595 gets merged (correct me if I'm wrong @ret2libc), so it probably makes sense to merge #1958 first and then we can rebase here 🙂

[haydentherapper]

LGTM, this looks good.

While this might be obvious from the change since it only modifies hashedrekord, i wanted to double check that this won't affect other types. rekord also uses x509.NewSignature indirectly through a factory, but given that we've added a new signature function rather than modify the existing one, this has no impact on other types.

Let's merge #1958 first (or split this into two) if that works for you, just to make it easier to see the two different changes.

[ret2libc]

I threw this together as the smallest change to add sha384 and sha512 to the rekor type. I'm happy to use your PR as the definitive change, but wanted to compare/contrast what was strictly needed to extend the enum, VS what was needed for the ed25519ph key types.

i don't think we need a 0.0.2 version of hashedrekord for this, since we're not actually changing the structure or canonicalization logic of the type.

I have included the changes in your PR into mine, and mentioned you in the commit 2577342 . If that's not the proper way to "borrow" code let me know how I should note your help!

By the way, @haydentherapper I'm going to split this into SHA* additions and ED25519ph support.

[haydentherapper]

LGTM, thanks for splitting. Will approve once the sigstore/sigstore PR is merged.

[haydentherapper]

LGTM, thanks for splitting this PR up. Will approve once we merge s/s and remove the replace.

[haydentherapper]

LGTM, thanks for your patience and for all the discussion on the underlying verifier interface. This came out really clean!

Can you update the test for this (https://github.com/sigstore/rekor/blob/main/pkg/types/hashedrekord/v0.0.1/entry_test.go#L116-L120 and https://github.com/sigstore/rekor/blob/main/pkg/types/hashedrekord/v0.0.1/entry_test.go#L195-L211), which I would have expected to be failing now (so it might not have been testing the right thing)?

[haydentherapper]

@ret2libc can you rebase?

[ret2libc]

@ret2libc can you rebase?

@haydentherapper rebased! Sorry for the delay

[haydentherapper]

No worries! Sorry, need one more rebase

[haydentherapper]

can you also bump to v1.8.2, we just cut a release

[woodruffw]

Sure, doing now!

[bobcallaway]

other than fixing the merge conflict, I think this is ready to go