Skip to content

Commit

Permalink
add RSA PSS variants
Browse files Browse the repository at this point in the history 
Signed-off-by: William Woodruff <[email protected]>
  • Loading branch information
@woodruffw
woodruffw committed Feb 2, 2024
1 parent 1a8ee2c commit 922b28c
Show file tree
Hide file tree
Showing 17 changed files with 110 additions and 33 deletions.
3 changes: 3 additions & 0 deletions gen/jsonschema/schemas/ArtifactVerificationOptions.schema.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -130,6 +130,9 @@
"PKIX_RSA_PKCS1_2048_SHA256",
"PKIX_RSA_PKCS1_3072_SHA256",
"PKIX_RSA_PKCS1_4096_SHA256",
"RSA_PSS_2048_SHA256",
"RSA_PSS_3072_SHA256",
"RSA_PSS_4096_SHA256",
"PKIX_ECDSA_P256_HMAC_SHA_256",
"PKIX_ECDSA_P256_SHA_256",
"PKIX_ECDSA_P384_SHA_384",
Expand Down
3 changes: 3 additions & 0 deletions gen/jsonschema/schemas/Input.schema.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -260,6 +260,9 @@
"PKIX_RSA_PKCS1_2048_SHA256",
"PKIX_RSA_PKCS1_3072_SHA256",
"PKIX_RSA_PKCS1_4096_SHA256",
"RSA_PSS_2048_SHA256",
"RSA_PSS_3072_SHA256",
"RSA_PSS_4096_SHA256",
"PKIX_ECDSA_P256_HMAC_SHA_256",
"PKIX_ECDSA_P256_SHA_256",
"PKIX_ECDSA_P384_SHA_384",
Expand Down
3 changes: 3 additions & 0 deletions gen/jsonschema/schemas/PublicKey.schema.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,9 @@
"PKIX_RSA_PKCS1_2048_SHA256",
"PKIX_RSA_PKCS1_3072_SHA256",
"PKIX_RSA_PKCS1_4096_SHA256",
"RSA_PSS_2048_SHA256",
"RSA_PSS_3072_SHA256",
"RSA_PSS_4096_SHA256",
"PKIX_ECDSA_P256_HMAC_SHA_256",
"PKIX_ECDSA_P256_SHA_256",
"PKIX_ECDSA_P384_SHA_384",
Expand Down
3 changes: 3 additions & 0 deletions gen/jsonschema/schemas/PublicKeyIdentities.schema.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,9 @@
"PKIX_RSA_PKCS1_2048_SHA256",
"PKIX_RSA_PKCS1_3072_SHA256",
"PKIX_RSA_PKCS1_4096_SHA256",
"RSA_PSS_2048_SHA256",
"RSA_PSS_3072_SHA256",
"RSA_PSS_4096_SHA256",
"PKIX_ECDSA_P256_HMAC_SHA_256",
"PKIX_ECDSA_P256_SHA_256",
"PKIX_ECDSA_P384_SHA_384",
Expand Down
3 changes: 3 additions & 0 deletions gen/jsonschema/schemas/TransparencyLogInstance.schema.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,9 @@
"PKIX_RSA_PKCS1_2048_SHA256",
"PKIX_RSA_PKCS1_3072_SHA256",
"PKIX_RSA_PKCS1_4096_SHA256",
"RSA_PSS_2048_SHA256",
"RSA_PSS_3072_SHA256",
"RSA_PSS_4096_SHA256",
"PKIX_ECDSA_P256_HMAC_SHA_256",
"PKIX_ECDSA_P256_SHA_256",
"PKIX_ECDSA_P384_SHA_384",
Expand Down
3 changes: 3 additions & 0 deletions gen/jsonschema/schemas/TrustedRoot.schema.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -91,6 +91,9 @@
"PKIX_RSA_PKCS1_2048_SHA256",
"PKIX_RSA_PKCS1_3072_SHA256",
"PKIX_RSA_PKCS1_4096_SHA256",
"RSA_PSS_2048_SHA256",
"RSA_PSS_3072_SHA256",
"RSA_PSS_4096_SHA256",
"PKIX_ECDSA_P256_HMAC_SHA_256",
"PKIX_ECDSA_P256_SHA_256",
"PKIX_ECDSA_P384_SHA_384",
Expand Down
78 changes: 46 additions & 32 deletions gen/pb-go/common/v1/sigstore_common.pb.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

3 changes: 3 additions & 0 deletions gen/pb-python/sigstore_protobuf_specs/dev/sigstore/common/v1/__init__.py
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

3 changes: 3 additions & 0 deletions gen/pb-ruby/lib/sigstore_common_pb.rb
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

3 changes: 3 additions & 0 deletions gen/pb-rust/schemas/ArtifactVerificationOptions.schema.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -130,6 +130,9 @@
"PKIX_RSA_PKCS1_2048_SHA256",
"PKIX_RSA_PKCS1_3072_SHA256",
"PKIX_RSA_PKCS1_4096_SHA256",
"RSA_PSS_2048_SHA256",
"RSA_PSS_3072_SHA256",
"RSA_PSS_4096_SHA256",
"PKIX_ECDSA_P256_HMAC_SHA_256",
"PKIX_ECDSA_P256_SHA_256",
"PKIX_ECDSA_P384_SHA_384",
Expand Down
3 changes: 3 additions & 0 deletions gen/pb-rust/schemas/Input.schema.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -260,6 +260,9 @@
"PKIX_RSA_PKCS1_2048_SHA256",
"PKIX_RSA_PKCS1_3072_SHA256",
"PKIX_RSA_PKCS1_4096_SHA256",
"RSA_PSS_2048_SHA256",
"RSA_PSS_3072_SHA256",
"RSA_PSS_4096_SHA256",
"PKIX_ECDSA_P256_HMAC_SHA_256",
"PKIX_ECDSA_P256_SHA_256",
"PKIX_ECDSA_P384_SHA_384",
Expand Down
3 changes: 3 additions & 0 deletions gen/pb-rust/schemas/PublicKey.schema.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,9 @@
"PKIX_RSA_PKCS1_2048_SHA256",
"PKIX_RSA_PKCS1_3072_SHA256",
"PKIX_RSA_PKCS1_4096_SHA256",
"RSA_PSS_2048_SHA256",
"RSA_PSS_3072_SHA256",
"RSA_PSS_4096_SHA256",
"PKIX_ECDSA_P256_HMAC_SHA_256",
"PKIX_ECDSA_P256_SHA_256",
"PKIX_ECDSA_P384_SHA_384",
Expand Down
3 changes: 3 additions & 0 deletions gen/pb-rust/schemas/PublicKeyIdentities.schema.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,9 @@
"PKIX_RSA_PKCS1_2048_SHA256",
"PKIX_RSA_PKCS1_3072_SHA256",
"PKIX_RSA_PKCS1_4096_SHA256",
"RSA_PSS_2048_SHA256",
"RSA_PSS_3072_SHA256",
"RSA_PSS_4096_SHA256",
"PKIX_ECDSA_P256_HMAC_SHA_256",
"PKIX_ECDSA_P256_SHA_256",
"PKIX_ECDSA_P384_SHA_384",
Expand Down
3 changes: 3 additions & 0 deletions gen/pb-rust/schemas/TransparencyLogInstance.schema.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,9 @@
"PKIX_RSA_PKCS1_2048_SHA256",
"PKIX_RSA_PKCS1_3072_SHA256",
"PKIX_RSA_PKCS1_4096_SHA256",
"RSA_PSS_2048_SHA256",
"RSA_PSS_3072_SHA256",
"RSA_PSS_4096_SHA256",
"PKIX_ECDSA_P256_HMAC_SHA_256",
"PKIX_ECDSA_P256_SHA_256",
"PKIX_ECDSA_P384_SHA_384",
Expand Down
3 changes: 3 additions & 0 deletions gen/pb-rust/schemas/TrustedRoot.schema.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -91,6 +91,9 @@
"PKIX_RSA_PKCS1_2048_SHA256",
"PKIX_RSA_PKCS1_3072_SHA256",
"PKIX_RSA_PKCS1_4096_SHA256",
"RSA_PSS_2048_SHA256",
"RSA_PSS_3072_SHA256",
"RSA_PSS_4096_SHA256",
"PKIX_ECDSA_P256_HMAC_SHA_256",
"PKIX_ECDSA_P256_SHA_256",
"PKIX_ECDSA_P384_SHA_384",
Expand Down
18 changes: 18 additions & 0 deletions gen/pb-typescript/src/__generated__/sigstore_common.ts
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

5 changes: 4 additions & 1 deletion protos/sigstore_common.proto
View file
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,9 @@ enum PublicKeyDetails {
PKIX_RSA_PKCS1_2048_SHA256 = 9;
PKIX_RSA_PKCS1_3072_SHA256 = 10;
PKIX_RSA_PKCS1_4096_SHA256 = 11;
RSA_PSS_2048_SHA256 = 16;

This comment has been minimized.

Sign in to view

Copy link
@haydentherapper

haydentherapper Feb 2, 2024

Collaborator

I don't love having an explosion of options, but I think we should specify encoding too. So for each key length, we would need a pkix encoding variant and pkcs1 encoding variant, and for each encoding, we need either pkcs1v5 or pss for the scheme. (we should also update 9-11 to say pkcs1v1_5)
RSA_PSS_3072_SHA256 = 17;
RSA_PSS_4096_SHA256 = 18;

// ECDSA
PKIX_ECDSA_P256_HMAC_SHA_256 = 6 [deprecated = true]; // See RFC6979
Expand All @@ -85,7 +88,7 @@ enum PublicKeyDetails {
EXPERIMENTAL_LMOTS_SHA256 = 15;

// Reserved for future additions of public key/signature algorithm types.
reserved 16 to 50;
reserved 19 to 50;
}

// HashOutput captures a digest of a 'message' (generic octet sequence)
Expand Down

0 comments on commit 922b28c

Please sign in to comment.