From 7a938387e4152ec6839dfdb9644c9104fcbb556c Mon Sep 17 00:00:00 2001 From: Alex Cameron Date: Tue, 9 Jan 2024 17:04:10 +1100 Subject: [PATCH 01/18] Add `SupportedAlgorithm` enumeration Signed-off-by: Alex Cameron --- gen/pb-go/common/v1/sigstore_common.pb.go | 131 ++++++++++++++---- .../dev/sigstore/common/v1/__init__.py | 16 +++ gen/pb-ruby/lib/sigstore_common_pb.rb | 9 ++ .../src/__generated__/sigstore_common.ts | 60 ++++++++ protos/sigstore_common.proto | 14 ++ 5 files changed, 202 insertions(+), 28 deletions(-) diff --git a/gen/pb-go/common/v1/sigstore_common.pb.go b/gen/pb-go/common/v1/sigstore_common.pb.go index 295baba0..57e3caf2 100644 --- a/gen/pb-go/common/v1/sigstore_common.pb.go +++ b/gen/pb-go/common/v1/sigstore_common.pb.go @@ -162,6 +162,69 @@ func (PublicKeyDetails) EnumDescriptor() ([]byte, []int) { return file_sigstore_common_proto_rawDescGZIP(), []int{1} } +// SupportedAlgorithm captures the signature/hash algorithm combinations allowed +// in the Sigstore ecosystem. +// +// This is modelled as a linear set as we want to provide a small number of +// opinionated options instead of allowing every possible permutation. +type SupportedAlgorithm int32 + +const ( + SupportedAlgorithm_SUPPORTED_ALGORITHM_UNSPECIFIED SupportedAlgorithm = 0 + SupportedAlgorithm_ECDSA_SHA2_256_NISTP256 SupportedAlgorithm = 1 + SupportedAlgorithm_ECDSA_SHA2_256_NISTP521 SupportedAlgorithm = 2 + SupportedAlgorithm_ECDSA_SHA2_384_NISTP384 SupportedAlgorithm = 3 + SupportedAlgorithm_ED25519 SupportedAlgorithm = 4 + SupportedAlgorithm_ED25519_PH SupportedAlgorithm = 5 +) + +// Enum value maps for SupportedAlgorithm. +var ( + SupportedAlgorithm_name = map[int32]string{ + 0: "SUPPORTED_ALGORITHM_UNSPECIFIED", + 1: "ECDSA_SHA2_256_NISTP256", + 2: "ECDSA_SHA2_256_NISTP521", + 3: "ECDSA_SHA2_384_NISTP384", + 4: "ED25519", + 5: "ED25519_PH", + } + SupportedAlgorithm_value = map[string]int32{ + "SUPPORTED_ALGORITHM_UNSPECIFIED": 0, + "ECDSA_SHA2_256_NISTP256": 1, + "ECDSA_SHA2_256_NISTP521": 2, + "ECDSA_SHA2_384_NISTP384": 3, + "ED25519": 4, + "ED25519_PH": 5, + } +) + +func (x SupportedAlgorithm) Enum() *SupportedAlgorithm { + p := new(SupportedAlgorithm) + *p = x + return p +} + +func (x SupportedAlgorithm) String() string { + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) +} + +func (SupportedAlgorithm) Descriptor() protoreflect.EnumDescriptor { + return file_sigstore_common_proto_enumTypes[2].Descriptor() +} + +func (SupportedAlgorithm) Type() protoreflect.EnumType { + return &file_sigstore_common_proto_enumTypes[2] +} + +func (x SupportedAlgorithm) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Use SupportedAlgorithm.Descriptor instead. +func (SupportedAlgorithm) EnumDescriptor() ([]byte, []int) { + return file_sigstore_common_proto_rawDescGZIP(), []int{2} +} + type SubjectAlternativeNameType int32 const ( @@ -201,11 +264,11 @@ func (x SubjectAlternativeNameType) String() string { } func (SubjectAlternativeNameType) Descriptor() protoreflect.EnumDescriptor { - return file_sigstore_common_proto_enumTypes[2].Descriptor() + return file_sigstore_common_proto_enumTypes[3].Descriptor() } func (SubjectAlternativeNameType) Type() protoreflect.EnumType { - return &file_sigstore_common_proto_enumTypes[2] + return &file_sigstore_common_proto_enumTypes[3] } func (x SubjectAlternativeNameType) Number() protoreflect.EnumNumber { @@ -214,7 +277,7 @@ func (x SubjectAlternativeNameType) Number() protoreflect.EnumNumber { // Deprecated: Use SubjectAlternativeNameType.Descriptor instead. func (SubjectAlternativeNameType) EnumDescriptor() ([]byte, []int) { - return file_sigstore_common_proto_rawDescGZIP(), []int{2} + return file_sigstore_common_proto_rawDescGZIP(), []int{3} } // HashOutput captures a digest of a 'message' (generic octet sequence) @@ -1101,7 +1164,18 @@ var file_sigstore_common_proto_rawDesc = []byte{ 0x36, 0x10, 0x05, 0x12, 0x20, 0x0a, 0x1c, 0x50, 0x4b, 0x49, 0x58, 0x5f, 0x45, 0x43, 0x44, 0x53, 0x41, 0x5f, 0x50, 0x32, 0x35, 0x36, 0x5f, 0x48, 0x4d, 0x41, 0x43, 0x5f, 0x53, 0x48, 0x41, 0x5f, 0x32, 0x35, 0x36, 0x10, 0x06, 0x12, 0x10, 0x0a, 0x0c, 0x50, 0x4b, 0x49, 0x58, 0x5f, 0x45, 0x44, - 0x32, 0x35, 0x35, 0x31, 0x39, 0x10, 0x07, 0x2a, 0x6f, 0x0a, 0x1a, 0x53, 0x75, 0x62, 0x6a, 0x65, + 0x32, 0x35, 0x35, 0x31, 0x39, 0x10, 0x07, 0x2a, 0xad, 0x01, 0x0a, 0x12, 0x53, 0x75, 0x70, 0x70, + 0x6f, 0x72, 0x74, 0x65, 0x64, 0x41, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, 0x12, 0x23, + 0x0a, 0x1f, 0x53, 0x55, 0x50, 0x50, 0x4f, 0x52, 0x54, 0x45, 0x44, 0x5f, 0x41, 0x4c, 0x47, 0x4f, + 0x52, 0x49, 0x54, 0x48, 0x4d, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, + 0x44, 0x10, 0x00, 0x12, 0x1b, 0x0a, 0x17, 0x45, 0x43, 0x44, 0x53, 0x41, 0x5f, 0x53, 0x48, 0x41, + 0x32, 0x5f, 0x32, 0x35, 0x36, 0x5f, 0x4e, 0x49, 0x53, 0x54, 0x50, 0x32, 0x35, 0x36, 0x10, 0x01, + 0x12, 0x1b, 0x0a, 0x17, 0x45, 0x43, 0x44, 0x53, 0x41, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x5f, 0x32, + 0x35, 0x36, 0x5f, 0x4e, 0x49, 0x53, 0x54, 0x50, 0x35, 0x32, 0x31, 0x10, 0x02, 0x12, 0x1b, 0x0a, + 0x17, 0x45, 0x43, 0x44, 0x53, 0x41, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x5f, 0x33, 0x38, 0x34, 0x5f, + 0x4e, 0x49, 0x53, 0x54, 0x50, 0x33, 0x38, 0x34, 0x10, 0x03, 0x12, 0x0b, 0x0a, 0x07, 0x45, 0x44, + 0x32, 0x35, 0x35, 0x31, 0x39, 0x10, 0x04, 0x12, 0x0e, 0x0a, 0x0a, 0x45, 0x44, 0x32, 0x35, 0x35, + 0x31, 0x39, 0x5f, 0x50, 0x48, 0x10, 0x05, 0x2a, 0x6f, 0x0a, 0x1a, 0x53, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x41, 0x6c, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x74, 0x69, 0x76, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x54, 0x79, 0x70, 0x65, 0x12, 0x2d, 0x0a, 0x29, 0x53, 0x55, 0x42, 0x4a, 0x45, 0x43, 0x54, 0x5f, 0x41, 0x4c, 0x54, 0x45, 0x52, 0x4e, 0x41, 0x54, 0x49, 0x56, 0x45, 0x5f, 0x4e, 0x41, 0x4d, @@ -1131,37 +1205,38 @@ func file_sigstore_common_proto_rawDescGZIP() []byte { return file_sigstore_common_proto_rawDescData } -var file_sigstore_common_proto_enumTypes = make([]protoimpl.EnumInfo, 3) +var file_sigstore_common_proto_enumTypes = make([]protoimpl.EnumInfo, 4) var file_sigstore_common_proto_msgTypes = make([]protoimpl.MessageInfo, 13) var file_sigstore_common_proto_goTypes = []interface{}{ (HashAlgorithm)(0), // 0: dev.sigstore.common.v1.HashAlgorithm (PublicKeyDetails)(0), // 1: dev.sigstore.common.v1.PublicKeyDetails - (SubjectAlternativeNameType)(0), // 2: dev.sigstore.common.v1.SubjectAlternativeNameType - (*HashOutput)(nil), // 3: dev.sigstore.common.v1.HashOutput - (*MessageSignature)(nil), // 4: dev.sigstore.common.v1.MessageSignature - (*LogId)(nil), // 5: dev.sigstore.common.v1.LogId - (*RFC3161SignedTimestamp)(nil), // 6: dev.sigstore.common.v1.RFC3161SignedTimestamp - (*PublicKey)(nil), // 7: dev.sigstore.common.v1.PublicKey - (*PublicKeyIdentifier)(nil), // 8: dev.sigstore.common.v1.PublicKeyIdentifier - (*ObjectIdentifier)(nil), // 9: dev.sigstore.common.v1.ObjectIdentifier - (*ObjectIdentifierValuePair)(nil), // 10: dev.sigstore.common.v1.ObjectIdentifierValuePair - (*DistinguishedName)(nil), // 11: dev.sigstore.common.v1.DistinguishedName - (*X509Certificate)(nil), // 12: dev.sigstore.common.v1.X509Certificate - (*SubjectAlternativeName)(nil), // 13: dev.sigstore.common.v1.SubjectAlternativeName - (*X509CertificateChain)(nil), // 14: dev.sigstore.common.v1.X509CertificateChain - (*TimeRange)(nil), // 15: dev.sigstore.common.v1.TimeRange - (*timestamppb.Timestamp)(nil), // 16: google.protobuf.Timestamp + (SupportedAlgorithm)(0), // 2: dev.sigstore.common.v1.SupportedAlgorithm + (SubjectAlternativeNameType)(0), // 3: dev.sigstore.common.v1.SubjectAlternativeNameType + (*HashOutput)(nil), // 4: dev.sigstore.common.v1.HashOutput + (*MessageSignature)(nil), // 5: dev.sigstore.common.v1.MessageSignature + (*LogId)(nil), // 6: dev.sigstore.common.v1.LogId + (*RFC3161SignedTimestamp)(nil), // 7: dev.sigstore.common.v1.RFC3161SignedTimestamp + (*PublicKey)(nil), // 8: dev.sigstore.common.v1.PublicKey + (*PublicKeyIdentifier)(nil), // 9: dev.sigstore.common.v1.PublicKeyIdentifier + (*ObjectIdentifier)(nil), // 10: dev.sigstore.common.v1.ObjectIdentifier + (*ObjectIdentifierValuePair)(nil), // 11: dev.sigstore.common.v1.ObjectIdentifierValuePair + (*DistinguishedName)(nil), // 12: dev.sigstore.common.v1.DistinguishedName + (*X509Certificate)(nil), // 13: dev.sigstore.common.v1.X509Certificate + (*SubjectAlternativeName)(nil), // 14: dev.sigstore.common.v1.SubjectAlternativeName + (*X509CertificateChain)(nil), // 15: dev.sigstore.common.v1.X509CertificateChain + (*TimeRange)(nil), // 16: dev.sigstore.common.v1.TimeRange + (*timestamppb.Timestamp)(nil), // 17: google.protobuf.Timestamp } var file_sigstore_common_proto_depIdxs = []int32{ 0, // 0: dev.sigstore.common.v1.HashOutput.algorithm:type_name -> dev.sigstore.common.v1.HashAlgorithm - 3, // 1: dev.sigstore.common.v1.MessageSignature.message_digest:type_name -> dev.sigstore.common.v1.HashOutput + 4, // 1: dev.sigstore.common.v1.MessageSignature.message_digest:type_name -> dev.sigstore.common.v1.HashOutput 1, // 2: dev.sigstore.common.v1.PublicKey.key_details:type_name -> dev.sigstore.common.v1.PublicKeyDetails - 15, // 3: dev.sigstore.common.v1.PublicKey.valid_for:type_name -> dev.sigstore.common.v1.TimeRange - 9, // 4: dev.sigstore.common.v1.ObjectIdentifierValuePair.oid:type_name -> dev.sigstore.common.v1.ObjectIdentifier - 2, // 5: dev.sigstore.common.v1.SubjectAlternativeName.type:type_name -> dev.sigstore.common.v1.SubjectAlternativeNameType - 12, // 6: dev.sigstore.common.v1.X509CertificateChain.certificates:type_name -> dev.sigstore.common.v1.X509Certificate - 16, // 7: dev.sigstore.common.v1.TimeRange.start:type_name -> google.protobuf.Timestamp - 16, // 8: dev.sigstore.common.v1.TimeRange.end:type_name -> google.protobuf.Timestamp + 16, // 3: dev.sigstore.common.v1.PublicKey.valid_for:type_name -> dev.sigstore.common.v1.TimeRange + 10, // 4: dev.sigstore.common.v1.ObjectIdentifierValuePair.oid:type_name -> dev.sigstore.common.v1.ObjectIdentifier + 3, // 5: dev.sigstore.common.v1.SubjectAlternativeName.type:type_name -> dev.sigstore.common.v1.SubjectAlternativeNameType + 13, // 6: dev.sigstore.common.v1.X509CertificateChain.certificates:type_name -> dev.sigstore.common.v1.X509Certificate + 17, // 7: dev.sigstore.common.v1.TimeRange.start:type_name -> google.protobuf.Timestamp + 17, // 8: dev.sigstore.common.v1.TimeRange.end:type_name -> google.protobuf.Timestamp 9, // [9:9] is the sub-list for method output_type 9, // [9:9] is the sub-list for method input_type 9, // [9:9] is the sub-list for extension type_name @@ -1343,7 +1418,7 @@ func file_sigstore_common_proto_init() { File: protoimpl.DescBuilder{ GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: file_sigstore_common_proto_rawDesc, - NumEnums: 3, + NumEnums: 4, NumMessages: 13, NumExtensions: 0, NumServices: 0, diff --git a/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/common/v1/__init__.py b/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/common/v1/__init__.py index 1bc20331..dd4455c8 100644 --- a/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/common/v1/__init__.py +++ b/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/common/v1/__init__.py @@ -49,6 +49,22 @@ class PublicKeyDetails(betterproto.Enum): """Ed 25519""" +class SupportedAlgorithm(betterproto.Enum): + """ + SupportedAlgorithm captures the signature/hash algorithm combinations + allowed in the Sigstore ecosystem. This is modelled as a linear set as we + want to provide a small number of opinionated options instead of allowing + every possible permutation. + """ + + SUPPORTED_ALGORITHM_UNSPECIFIED = 0 + ECDSA_SHA2_256_NISTP256 = 1 + ECDSA_SHA2_256_NISTP521 = 2 + ECDSA_SHA2_384_NISTP384 = 3 + ED25519 = 4 + ED25519_PH = 5 + + class SubjectAlternativeNameType(betterproto.Enum): SUBJECT_ALTERNATIVE_NAME_TYPE_UNSPECIFIED = 0 EMAIL = 1 diff --git a/gen/pb-ruby/lib/sigstore_common_pb.rb b/gen/pb-ruby/lib/sigstore_common_pb.rb index ade1972d..37c838a2 100644 --- a/gen/pb-ruby/lib/sigstore_common_pb.rb +++ b/gen/pb-ruby/lib/sigstore_common_pb.rb @@ -72,6 +72,14 @@ value :PKIX_ECDSA_P256_HMAC_SHA_256, 6 value :PKIX_ED25519, 7 end + add_enum "dev.sigstore.common.v1.SupportedAlgorithm" do + value :SUPPORTED_ALGORITHM_UNSPECIFIED, 0 + value :ECDSA_SHA2_256_NISTP256, 1 + value :ECDSA_SHA2_256_NISTP521, 2 + value :ECDSA_SHA2_384_NISTP384, 3 + value :ED25519, 4 + value :ED25519_PH, 5 + end add_enum "dev.sigstore.common.v1.SubjectAlternativeNameType" do value :SUBJECT_ALTERNATIVE_NAME_TYPE_UNSPECIFIED, 0 value :EMAIL, 1 @@ -99,6 +107,7 @@ module V1 TimeRange = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("dev.sigstore.common.v1.TimeRange").msgclass HashAlgorithm = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("dev.sigstore.common.v1.HashAlgorithm").enummodule PublicKeyDetails = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("dev.sigstore.common.v1.PublicKeyDetails").enummodule + SupportedAlgorithm = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("dev.sigstore.common.v1.SupportedAlgorithm").enummodule SubjectAlternativeNameType = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("dev.sigstore.common.v1.SubjectAlternativeNameType").enummodule end end diff --git a/gen/pb-typescript/src/__generated__/sigstore_common.ts b/gen/pb-typescript/src/__generated__/sigstore_common.ts index 65d56d2b..c9f96028 100644 --- a/gen/pb-typescript/src/__generated__/sigstore_common.ts +++ b/gen/pb-typescript/src/__generated__/sigstore_common.ts @@ -117,6 +117,66 @@ export function publicKeyDetailsToJSON(object: PublicKeyDetails): string { } } +/** + * SupportedAlgorithm captures the signature/hash algorithm combinations allowed + * in the Sigstore ecosystem. + * + * This is modelled as a linear set as we want to provide a small number of + * opinionated options instead of allowing every possible permutation. + */ +export enum SupportedAlgorithm { + SUPPORTED_ALGORITHM_UNSPECIFIED = 0, + ECDSA_SHA2_256_NISTP256 = 1, + ECDSA_SHA2_256_NISTP521 = 2, + ECDSA_SHA2_384_NISTP384 = 3, + ED25519 = 4, + ED25519_PH = 5, +} + +export function supportedAlgorithmFromJSON(object: any): SupportedAlgorithm { + switch (object) { + case 0: + case "SUPPORTED_ALGORITHM_UNSPECIFIED": + return SupportedAlgorithm.SUPPORTED_ALGORITHM_UNSPECIFIED; + case 1: + case "ECDSA_SHA2_256_NISTP256": + return SupportedAlgorithm.ECDSA_SHA2_256_NISTP256; + case 2: + case "ECDSA_SHA2_256_NISTP521": + return SupportedAlgorithm.ECDSA_SHA2_256_NISTP521; + case 3: + case "ECDSA_SHA2_384_NISTP384": + return SupportedAlgorithm.ECDSA_SHA2_384_NISTP384; + case 4: + case "ED25519": + return SupportedAlgorithm.ED25519; + case 5: + case "ED25519_PH": + return SupportedAlgorithm.ED25519_PH; + default: + throw new tsProtoGlobalThis.Error("Unrecognized enum value " + object + " for enum SupportedAlgorithm"); + } +} + +export function supportedAlgorithmToJSON(object: SupportedAlgorithm): string { + switch (object) { + case SupportedAlgorithm.SUPPORTED_ALGORITHM_UNSPECIFIED: + return "SUPPORTED_ALGORITHM_UNSPECIFIED"; + case SupportedAlgorithm.ECDSA_SHA2_256_NISTP256: + return "ECDSA_SHA2_256_NISTP256"; + case SupportedAlgorithm.ECDSA_SHA2_256_NISTP521: + return "ECDSA_SHA2_256_NISTP521"; + case SupportedAlgorithm.ECDSA_SHA2_384_NISTP384: + return "ECDSA_SHA2_384_NISTP384"; + case SupportedAlgorithm.ED25519: + return "ED25519"; + case SupportedAlgorithm.ED25519_PH: + return "ED25519_PH"; + default: + throw new tsProtoGlobalThis.Error("Unrecognized enum value " + object + " for enum SupportedAlgorithm"); + } +} + export enum SubjectAlternativeNameType { SUBJECT_ALTERNATIVE_NAME_TYPE_UNSPECIFIED = 0, EMAIL = 1, diff --git a/protos/sigstore_common.proto b/protos/sigstore_common.proto index 574b5661..8a4480e5 100644 --- a/protos/sigstore_common.proto +++ b/protos/sigstore_common.proto @@ -68,6 +68,20 @@ message HashOutput { bytes digest = 2; } +// SupportedAlgorithm captures the signature/hash algorithm combinations allowed +// in the Sigstore ecosystem. +// +// This is modelled as a linear set as we want to provide a small number of +// opinionated options instead of allowing every possible permutation. +enum SupportedAlgorithm { + SUPPORTED_ALGORITHM_UNSPECIFIED = 0; + ECDSA_SHA2_256_NISTP256 = 1; + ECDSA_SHA2_256_NISTP521 = 2; + ECDSA_SHA2_384_NISTP384 = 3; + ED25519 = 4; + ED25519_PH = 5; +} + // MessageSignature stores the computed signature over a message. message MessageSignature { // Message digest can be used to identify the artifact. From 500ce5691e0c3a806cfe2b07c683772346feb4ae Mon Sep 17 00:00:00 2001 From: Alex Cameron Date: Wed, 17 Jan 2024 01:22:42 +1100 Subject: [PATCH 02/18] Add registry markdown doc Signed-off-by: Alex Cameron --- docs/algorithm-registry.md | 17 +++++++++++++++++ protos/sigstore_common.proto | 3 +++ 2 files changed, 20 insertions(+) create mode 100644 docs/algorithm-registry.md diff --git a/docs/algorithm-registry.md b/docs/algorithm-registry.md new file mode 100644 index 00000000..e5f991a4 --- /dev/null +++ b/docs/algorithm-registry.md @@ -0,0 +1,17 @@ +# Algorithm Registry + +This file is designed to act as a source of truth regarding what signing +algorithms are permitted across the Sigstore ecosystem. Any changes to this file +**must** be reflected in the `SupportedAlgorithm` enumeration in +[sigstore_common.proto](../protos/sigstore_common.proto). + +Refer to the [Sigstore: Configurable Crypto Algorithms](https://docs.google.com/document/d/18vTKFvTQdRt3OGz6Qd1xf04o-hugRYSup-1EAOWn7MQ/) +specification for the design rationale for this registry. + +| Algorithm | Name | Usage | +| --- | --- | --- | +| ECDSA | ecdsa-sha2-256-nistp256 | sign/verify | +|| ecdsa-sha2-256-nistp521 | verify only | +|| ecdsa-sha2-384-nistp384 | sign/verify | +| EdDSA | ed25519 | sign/verify | +|| ed25519-ph | sign/verify | diff --git a/protos/sigstore_common.proto b/protos/sigstore_common.proto index 8a4480e5..c5c3e509 100644 --- a/protos/sigstore_common.proto +++ b/protos/sigstore_common.proto @@ -73,6 +73,9 @@ message HashOutput { // // This is modelled as a linear set as we want to provide a small number of // opinionated options instead of allowing every possible permutation. +// +// Any changes to this enum MUST be reflected in the algorithm registry. +// See: docs/algorithm-registry.md enum SupportedAlgorithm { SUPPORTED_ALGORITHM_UNSPECIFIED = 0; ECDSA_SHA2_256_NISTP256 = 1; From e52e07e6c7b78d628cbeacbb189bb4603004de8e Mon Sep 17 00:00:00 2001 From: Alex Cameron Date: Wed, 17 Jan 2024 01:57:34 +1100 Subject: [PATCH 03/18] Regenerate code Signed-off-by: Alex Cameron --- gen/pb-go/common/v1/sigstore_common.pb.go | 3 +++ .../sigstore_protobuf_specs/dev/sigstore/common/v1/__init__.py | 3 ++- gen/pb-typescript/src/__generated__/sigstore_common.ts | 3 +++ 3 files changed, 8 insertions(+), 1 deletion(-) diff --git a/gen/pb-go/common/v1/sigstore_common.pb.go b/gen/pb-go/common/v1/sigstore_common.pb.go index 57e3caf2..5645106e 100644 --- a/gen/pb-go/common/v1/sigstore_common.pb.go +++ b/gen/pb-go/common/v1/sigstore_common.pb.go @@ -167,6 +167,9 @@ func (PublicKeyDetails) EnumDescriptor() ([]byte, []int) { // // This is modelled as a linear set as we want to provide a small number of // opinionated options instead of allowing every possible permutation. +// +// Any changes to this enum MUST be reflected in the algorithm registry. +// See: docs/algorithm-registry.md type SupportedAlgorithm int32 const ( diff --git a/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/common/v1/__init__.py b/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/common/v1/__init__.py index dd4455c8..80572f17 100644 --- a/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/common/v1/__init__.py +++ b/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/common/v1/__init__.py @@ -54,7 +54,8 @@ class SupportedAlgorithm(betterproto.Enum): SupportedAlgorithm captures the signature/hash algorithm combinations allowed in the Sigstore ecosystem. This is modelled as a linear set as we want to provide a small number of opinionated options instead of allowing - every possible permutation. + every possible permutation. Any changes to this enum MUST be reflected in + the algorithm registry. See: docs/algorithm-registry.md """ SUPPORTED_ALGORITHM_UNSPECIFIED = 0 diff --git a/gen/pb-typescript/src/__generated__/sigstore_common.ts b/gen/pb-typescript/src/__generated__/sigstore_common.ts index c9f96028..6037f568 100644 --- a/gen/pb-typescript/src/__generated__/sigstore_common.ts +++ b/gen/pb-typescript/src/__generated__/sigstore_common.ts @@ -123,6 +123,9 @@ export function publicKeyDetailsToJSON(object: PublicKeyDetails): string { * * This is modelled as a linear set as we want to provide a small number of * opinionated options instead of allowing every possible permutation. + * + * Any changes to this enum MUST be reflected in the algorithm registry. + * See: docs/algorithm-registry.md */ export enum SupportedAlgorithm { SUPPORTED_ALGORITHM_UNSPECIFIED = 0, From 196acbaaed805a08797b4d041297290c9c52ab43 Mon Sep 17 00:00:00 2001 From: Alex Cameron Date: Wed, 17 Jan 2024 13:49:17 +1100 Subject: [PATCH 04/18] Switch to P521 with SHA-512 Signed-off-by: Alex Cameron --- gen/pb-go/common/v1/sigstore_common.pb.go | 14 +++++++------- .../dev/sigstore/common/v1/__init__.py | 2 +- gen/pb-ruby/lib/sigstore_common_pb.rb | 2 +- .../src/__generated__/sigstore_common.ts | 12 ++++++------ protos/sigstore_common.proto | 2 +- 5 files changed, 16 insertions(+), 16 deletions(-) diff --git a/gen/pb-go/common/v1/sigstore_common.pb.go b/gen/pb-go/common/v1/sigstore_common.pb.go index 5645106e..be8e2e78 100644 --- a/gen/pb-go/common/v1/sigstore_common.pb.go +++ b/gen/pb-go/common/v1/sigstore_common.pb.go @@ -175,8 +175,8 @@ type SupportedAlgorithm int32 const ( SupportedAlgorithm_SUPPORTED_ALGORITHM_UNSPECIFIED SupportedAlgorithm = 0 SupportedAlgorithm_ECDSA_SHA2_256_NISTP256 SupportedAlgorithm = 1 - SupportedAlgorithm_ECDSA_SHA2_256_NISTP521 SupportedAlgorithm = 2 SupportedAlgorithm_ECDSA_SHA2_384_NISTP384 SupportedAlgorithm = 3 + SupportedAlgorithm_ECDSA_SHA2_512_NISTP521 SupportedAlgorithm = 2 SupportedAlgorithm_ED25519 SupportedAlgorithm = 4 SupportedAlgorithm_ED25519_PH SupportedAlgorithm = 5 ) @@ -186,16 +186,16 @@ var ( SupportedAlgorithm_name = map[int32]string{ 0: "SUPPORTED_ALGORITHM_UNSPECIFIED", 1: "ECDSA_SHA2_256_NISTP256", - 2: "ECDSA_SHA2_256_NISTP521", 3: "ECDSA_SHA2_384_NISTP384", + 2: "ECDSA_SHA2_512_NISTP521", 4: "ED25519", 5: "ED25519_PH", } SupportedAlgorithm_value = map[string]int32{ "SUPPORTED_ALGORITHM_UNSPECIFIED": 0, "ECDSA_SHA2_256_NISTP256": 1, - "ECDSA_SHA2_256_NISTP521": 2, "ECDSA_SHA2_384_NISTP384": 3, + "ECDSA_SHA2_512_NISTP521": 2, "ED25519": 4, "ED25519_PH": 5, } @@ -1173,10 +1173,10 @@ var file_sigstore_common_proto_rawDesc = []byte{ 0x52, 0x49, 0x54, 0x48, 0x4d, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x1b, 0x0a, 0x17, 0x45, 0x43, 0x44, 0x53, 0x41, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x5f, 0x32, 0x35, 0x36, 0x5f, 0x4e, 0x49, 0x53, 0x54, 0x50, 0x32, 0x35, 0x36, 0x10, 0x01, - 0x12, 0x1b, 0x0a, 0x17, 0x45, 0x43, 0x44, 0x53, 0x41, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x5f, 0x32, - 0x35, 0x36, 0x5f, 0x4e, 0x49, 0x53, 0x54, 0x50, 0x35, 0x32, 0x31, 0x10, 0x02, 0x12, 0x1b, 0x0a, - 0x17, 0x45, 0x43, 0x44, 0x53, 0x41, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x5f, 0x33, 0x38, 0x34, 0x5f, - 0x4e, 0x49, 0x53, 0x54, 0x50, 0x33, 0x38, 0x34, 0x10, 0x03, 0x12, 0x0b, 0x0a, 0x07, 0x45, 0x44, + 0x12, 0x1b, 0x0a, 0x17, 0x45, 0x43, 0x44, 0x53, 0x41, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x5f, 0x33, + 0x38, 0x34, 0x5f, 0x4e, 0x49, 0x53, 0x54, 0x50, 0x33, 0x38, 0x34, 0x10, 0x03, 0x12, 0x1b, 0x0a, + 0x17, 0x45, 0x43, 0x44, 0x53, 0x41, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x5f, 0x35, 0x31, 0x32, 0x5f, + 0x4e, 0x49, 0x53, 0x54, 0x50, 0x35, 0x32, 0x31, 0x10, 0x02, 0x12, 0x0b, 0x0a, 0x07, 0x45, 0x44, 0x32, 0x35, 0x35, 0x31, 0x39, 0x10, 0x04, 0x12, 0x0e, 0x0a, 0x0a, 0x45, 0x44, 0x32, 0x35, 0x35, 0x31, 0x39, 0x5f, 0x50, 0x48, 0x10, 0x05, 0x2a, 0x6f, 0x0a, 0x1a, 0x53, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x41, 0x6c, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x74, 0x69, 0x76, 0x65, 0x4e, 0x61, 0x6d, diff --git a/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/common/v1/__init__.py b/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/common/v1/__init__.py index 80572f17..0723ee8d 100644 --- a/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/common/v1/__init__.py +++ b/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/common/v1/__init__.py @@ -60,8 +60,8 @@ class SupportedAlgorithm(betterproto.Enum): SUPPORTED_ALGORITHM_UNSPECIFIED = 0 ECDSA_SHA2_256_NISTP256 = 1 - ECDSA_SHA2_256_NISTP521 = 2 ECDSA_SHA2_384_NISTP384 = 3 + ECDSA_SHA2_512_NISTP521 = 2 ED25519 = 4 ED25519_PH = 5 diff --git a/gen/pb-ruby/lib/sigstore_common_pb.rb b/gen/pb-ruby/lib/sigstore_common_pb.rb index 37c838a2..59debb11 100644 --- a/gen/pb-ruby/lib/sigstore_common_pb.rb +++ b/gen/pb-ruby/lib/sigstore_common_pb.rb @@ -75,8 +75,8 @@ add_enum "dev.sigstore.common.v1.SupportedAlgorithm" do value :SUPPORTED_ALGORITHM_UNSPECIFIED, 0 value :ECDSA_SHA2_256_NISTP256, 1 - value :ECDSA_SHA2_256_NISTP521, 2 value :ECDSA_SHA2_384_NISTP384, 3 + value :ECDSA_SHA2_512_NISTP521, 2 value :ED25519, 4 value :ED25519_PH, 5 end diff --git a/gen/pb-typescript/src/__generated__/sigstore_common.ts b/gen/pb-typescript/src/__generated__/sigstore_common.ts index 6037f568..b2d3907d 100644 --- a/gen/pb-typescript/src/__generated__/sigstore_common.ts +++ b/gen/pb-typescript/src/__generated__/sigstore_common.ts @@ -130,8 +130,8 @@ export function publicKeyDetailsToJSON(object: PublicKeyDetails): string { export enum SupportedAlgorithm { SUPPORTED_ALGORITHM_UNSPECIFIED = 0, ECDSA_SHA2_256_NISTP256 = 1, - ECDSA_SHA2_256_NISTP521 = 2, ECDSA_SHA2_384_NISTP384 = 3, + ECDSA_SHA2_512_NISTP521 = 2, ED25519 = 4, ED25519_PH = 5, } @@ -144,12 +144,12 @@ export function supportedAlgorithmFromJSON(object: any): SupportedAlgorithm { case 1: case "ECDSA_SHA2_256_NISTP256": return SupportedAlgorithm.ECDSA_SHA2_256_NISTP256; - case 2: - case "ECDSA_SHA2_256_NISTP521": - return SupportedAlgorithm.ECDSA_SHA2_256_NISTP521; case 3: case "ECDSA_SHA2_384_NISTP384": return SupportedAlgorithm.ECDSA_SHA2_384_NISTP384; + case 2: + case "ECDSA_SHA2_512_NISTP521": + return SupportedAlgorithm.ECDSA_SHA2_512_NISTP521; case 4: case "ED25519": return SupportedAlgorithm.ED25519; @@ -167,10 +167,10 @@ export function supportedAlgorithmToJSON(object: SupportedAlgorithm): string { return "SUPPORTED_ALGORITHM_UNSPECIFIED"; case SupportedAlgorithm.ECDSA_SHA2_256_NISTP256: return "ECDSA_SHA2_256_NISTP256"; - case SupportedAlgorithm.ECDSA_SHA2_256_NISTP521: - return "ECDSA_SHA2_256_NISTP521"; case SupportedAlgorithm.ECDSA_SHA2_384_NISTP384: return "ECDSA_SHA2_384_NISTP384"; + case SupportedAlgorithm.ECDSA_SHA2_512_NISTP521: + return "ECDSA_SHA2_512_NISTP521"; case SupportedAlgorithm.ED25519: return "ED25519"; case SupportedAlgorithm.ED25519_PH: diff --git a/protos/sigstore_common.proto b/protos/sigstore_common.proto index c5c3e509..6edaaaa7 100644 --- a/protos/sigstore_common.proto +++ b/protos/sigstore_common.proto @@ -79,8 +79,8 @@ message HashOutput { enum SupportedAlgorithm { SUPPORTED_ALGORITHM_UNSPECIFIED = 0; ECDSA_SHA2_256_NISTP256 = 1; - ECDSA_SHA2_256_NISTP521 = 2; ECDSA_SHA2_384_NISTP384 = 3; + ECDSA_SHA2_512_NISTP521 = 2; ED25519 = 4; ED25519_PH = 5; } From 9b1d4ad2a10c2b1e7024c3677107e59931b7b00c Mon Sep 17 00:00:00 2001 From: Alex Cameron Date: Wed, 17 Jan 2024 16:21:31 +1100 Subject: [PATCH 05/18] Make it clear that Sigstore services aren't required to adhere to this registry Signed-off-by: Alex Cameron --- docs/algorithm-registry.md | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/docs/algorithm-registry.md b/docs/algorithm-registry.md index e5f991a4..65a9d7ca 100644 --- a/docs/algorithm-registry.md +++ b/docs/algorithm-registry.md @@ -1,10 +1,15 @@ # Algorithm Registry This file is designed to act as a source of truth regarding what signing -algorithms are permitted across the Sigstore ecosystem. Any changes to this file -**must** be reflected in the `SupportedAlgorithm` enumeration in +algorithms are recommended across the Sigstore ecosystem. Any changes to this +file **must** be reflected in the `SupportedAlgorithm` enumeration in [sigstore_common.proto](../protos/sigstore_common.proto). +Note that Sigstore clients and services aren't required support all algorithms +in this registry and may support algorithms that aren't in the registry. The +algorithm registry is more of a guideline than a rule and is meant to serve as +a secure set of defaults that the community can follow. + Refer to the [Sigstore: Configurable Crypto Algorithms](https://docs.google.com/document/d/18vTKFvTQdRt3OGz6Qd1xf04o-hugRYSup-1EAOWn7MQ/) specification for the design rationale for this registry. From 58725fe9275e395eaa26efe4434dfc9f96280f2b Mon Sep 17 00:00:00 2001 From: Alex Cameron Date: Wed, 17 Jan 2024 17:12:29 +1100 Subject: [PATCH 06/18] Rename to `KnownSignatureAlgorithm` Signed-off-by: Alex Cameron --- docs/algorithm-registry.md | 2 +- gen/pb-go/common/v1/sigstore_common.pb.go | 111 +++++++++--------- .../dev/sigstore/common/v1/__init__.py | 14 +-- gen/pb-ruby/lib/sigstore_common_pb.rb | 6 +- .../src/__generated__/sigstore_common.ts | 44 +++---- protos/sigstore_common.proto | 8 +- 6 files changed, 93 insertions(+), 92 deletions(-) diff --git a/docs/algorithm-registry.md b/docs/algorithm-registry.md index 65a9d7ca..ee21c371 100644 --- a/docs/algorithm-registry.md +++ b/docs/algorithm-registry.md @@ -2,7 +2,7 @@ This file is designed to act as a source of truth regarding what signing algorithms are recommended across the Sigstore ecosystem. Any changes to this -file **must** be reflected in the `SupportedAlgorithm` enumeration in +file **must** be reflected in the `KnownSignatureAlgorithm` enumeration in [sigstore_common.proto](../protos/sigstore_common.proto). Note that Sigstore clients and services aren't required support all algorithms diff --git a/gen/pb-go/common/v1/sigstore_common.pb.go b/gen/pb-go/common/v1/sigstore_common.pb.go index be8e2e78..2d1422ec 100644 --- a/gen/pb-go/common/v1/sigstore_common.pb.go +++ b/gen/pb-go/common/v1/sigstore_common.pb.go @@ -162,69 +162,69 @@ func (PublicKeyDetails) EnumDescriptor() ([]byte, []int) { return file_sigstore_common_proto_rawDescGZIP(), []int{1} } -// SupportedAlgorithm captures the signature/hash algorithm combinations allowed -// in the Sigstore ecosystem. +// KnownSignatureAlgorithm captures the signature/hash algorithm combinations +// recommended in the Sigstore ecosystem. // // This is modelled as a linear set as we want to provide a small number of // opinionated options instead of allowing every possible permutation. // // Any changes to this enum MUST be reflected in the algorithm registry. // See: docs/algorithm-registry.md -type SupportedAlgorithm int32 +type KnownSignatureAlgorithm int32 const ( - SupportedAlgorithm_SUPPORTED_ALGORITHM_UNSPECIFIED SupportedAlgorithm = 0 - SupportedAlgorithm_ECDSA_SHA2_256_NISTP256 SupportedAlgorithm = 1 - SupportedAlgorithm_ECDSA_SHA2_384_NISTP384 SupportedAlgorithm = 3 - SupportedAlgorithm_ECDSA_SHA2_512_NISTP521 SupportedAlgorithm = 2 - SupportedAlgorithm_ED25519 SupportedAlgorithm = 4 - SupportedAlgorithm_ED25519_PH SupportedAlgorithm = 5 + KnownSignatureAlgorithm_KNOWN_SIGNATURE_ALGORITHM_UNSPECIFIED KnownSignatureAlgorithm = 0 + KnownSignatureAlgorithm_ECDSA_SHA2_256_NISTP256 KnownSignatureAlgorithm = 1 + KnownSignatureAlgorithm_ECDSA_SHA2_384_NISTP384 KnownSignatureAlgorithm = 3 + KnownSignatureAlgorithm_ECDSA_SHA2_512_NISTP521 KnownSignatureAlgorithm = 2 + KnownSignatureAlgorithm_ED25519 KnownSignatureAlgorithm = 4 + KnownSignatureAlgorithm_ED25519_PH KnownSignatureAlgorithm = 5 ) -// Enum value maps for SupportedAlgorithm. +// Enum value maps for KnownSignatureAlgorithm. var ( - SupportedAlgorithm_name = map[int32]string{ - 0: "SUPPORTED_ALGORITHM_UNSPECIFIED", + KnownSignatureAlgorithm_name = map[int32]string{ + 0: "KNOWN_SIGNATURE_ALGORITHM_UNSPECIFIED", 1: "ECDSA_SHA2_256_NISTP256", 3: "ECDSA_SHA2_384_NISTP384", 2: "ECDSA_SHA2_512_NISTP521", 4: "ED25519", 5: "ED25519_PH", } - SupportedAlgorithm_value = map[string]int32{ - "SUPPORTED_ALGORITHM_UNSPECIFIED": 0, - "ECDSA_SHA2_256_NISTP256": 1, - "ECDSA_SHA2_384_NISTP384": 3, - "ECDSA_SHA2_512_NISTP521": 2, - "ED25519": 4, - "ED25519_PH": 5, + KnownSignatureAlgorithm_value = map[string]int32{ + "KNOWN_SIGNATURE_ALGORITHM_UNSPECIFIED": 0, + "ECDSA_SHA2_256_NISTP256": 1, + "ECDSA_SHA2_384_NISTP384": 3, + "ECDSA_SHA2_512_NISTP521": 2, + "ED25519": 4, + "ED25519_PH": 5, } ) -func (x SupportedAlgorithm) Enum() *SupportedAlgorithm { - p := new(SupportedAlgorithm) +func (x KnownSignatureAlgorithm) Enum() *KnownSignatureAlgorithm { + p := new(KnownSignatureAlgorithm) *p = x return p } -func (x SupportedAlgorithm) String() string { +func (x KnownSignatureAlgorithm) String() string { return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) } -func (SupportedAlgorithm) Descriptor() protoreflect.EnumDescriptor { +func (KnownSignatureAlgorithm) Descriptor() protoreflect.EnumDescriptor { return file_sigstore_common_proto_enumTypes[2].Descriptor() } -func (SupportedAlgorithm) Type() protoreflect.EnumType { +func (KnownSignatureAlgorithm) Type() protoreflect.EnumType { return &file_sigstore_common_proto_enumTypes[2] } -func (x SupportedAlgorithm) Number() protoreflect.EnumNumber { +func (x KnownSignatureAlgorithm) Number() protoreflect.EnumNumber { return protoreflect.EnumNumber(x) } -// Deprecated: Use SupportedAlgorithm.Descriptor instead. -func (SupportedAlgorithm) EnumDescriptor() ([]byte, []int) { +// Deprecated: Use KnownSignatureAlgorithm.Descriptor instead. +func (KnownSignatureAlgorithm) EnumDescriptor() ([]byte, []int) { return file_sigstore_common_proto_rawDescGZIP(), []int{2} } @@ -1167,33 +1167,34 @@ var file_sigstore_common_proto_rawDesc = []byte{ 0x36, 0x10, 0x05, 0x12, 0x20, 0x0a, 0x1c, 0x50, 0x4b, 0x49, 0x58, 0x5f, 0x45, 0x43, 0x44, 0x53, 0x41, 0x5f, 0x50, 0x32, 0x35, 0x36, 0x5f, 0x48, 0x4d, 0x41, 0x43, 0x5f, 0x53, 0x48, 0x41, 0x5f, 0x32, 0x35, 0x36, 0x10, 0x06, 0x12, 0x10, 0x0a, 0x0c, 0x50, 0x4b, 0x49, 0x58, 0x5f, 0x45, 0x44, - 0x32, 0x35, 0x35, 0x31, 0x39, 0x10, 0x07, 0x2a, 0xad, 0x01, 0x0a, 0x12, 0x53, 0x75, 0x70, 0x70, - 0x6f, 0x72, 0x74, 0x65, 0x64, 0x41, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, 0x12, 0x23, - 0x0a, 0x1f, 0x53, 0x55, 0x50, 0x50, 0x4f, 0x52, 0x54, 0x45, 0x44, 0x5f, 0x41, 0x4c, 0x47, 0x4f, - 0x52, 0x49, 0x54, 0x48, 0x4d, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, - 0x44, 0x10, 0x00, 0x12, 0x1b, 0x0a, 0x17, 0x45, 0x43, 0x44, 0x53, 0x41, 0x5f, 0x53, 0x48, 0x41, - 0x32, 0x5f, 0x32, 0x35, 0x36, 0x5f, 0x4e, 0x49, 0x53, 0x54, 0x50, 0x32, 0x35, 0x36, 0x10, 0x01, - 0x12, 0x1b, 0x0a, 0x17, 0x45, 0x43, 0x44, 0x53, 0x41, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x5f, 0x33, - 0x38, 0x34, 0x5f, 0x4e, 0x49, 0x53, 0x54, 0x50, 0x33, 0x38, 0x34, 0x10, 0x03, 0x12, 0x1b, 0x0a, - 0x17, 0x45, 0x43, 0x44, 0x53, 0x41, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x5f, 0x35, 0x31, 0x32, 0x5f, - 0x4e, 0x49, 0x53, 0x54, 0x50, 0x35, 0x32, 0x31, 0x10, 0x02, 0x12, 0x0b, 0x0a, 0x07, 0x45, 0x44, - 0x32, 0x35, 0x35, 0x31, 0x39, 0x10, 0x04, 0x12, 0x0e, 0x0a, 0x0a, 0x45, 0x44, 0x32, 0x35, 0x35, - 0x31, 0x39, 0x5f, 0x50, 0x48, 0x10, 0x05, 0x2a, 0x6f, 0x0a, 0x1a, 0x53, 0x75, 0x62, 0x6a, 0x65, - 0x63, 0x74, 0x41, 0x6c, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x74, 0x69, 0x76, 0x65, 0x4e, 0x61, 0x6d, - 0x65, 0x54, 0x79, 0x70, 0x65, 0x12, 0x2d, 0x0a, 0x29, 0x53, 0x55, 0x42, 0x4a, 0x45, 0x43, 0x54, - 0x5f, 0x41, 0x4c, 0x54, 0x45, 0x52, 0x4e, 0x41, 0x54, 0x49, 0x56, 0x45, 0x5f, 0x4e, 0x41, 0x4d, - 0x45, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, - 0x45, 0x44, 0x10, 0x00, 0x12, 0x09, 0x0a, 0x05, 0x45, 0x4d, 0x41, 0x49, 0x4c, 0x10, 0x01, 0x12, - 0x07, 0x0a, 0x03, 0x55, 0x52, 0x49, 0x10, 0x02, 0x12, 0x0e, 0x0a, 0x0a, 0x4f, 0x54, 0x48, 0x45, - 0x52, 0x5f, 0x4e, 0x41, 0x4d, 0x45, 0x10, 0x03, 0x42, 0x7c, 0x0a, 0x1c, 0x64, 0x65, 0x76, 0x2e, - 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x63, - 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x42, 0x0b, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, - 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x36, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, - 0x63, 0x6f, 0x6d, 0x2f, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2f, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2d, 0x73, 0x70, 0x65, 0x63, 0x73, 0x2f, 0x67, 0x65, 0x6e, 0x2f, - 0x70, 0x62, 0x2d, 0x67, 0x6f, 0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2f, 0x76, 0x31, 0xea, - 0x02, 0x14, 0x53, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x3a, 0x3a, 0x43, 0x6f, 0x6d, 0x6d, - 0x6f, 0x6e, 0x3a, 0x3a, 0x56, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x32, 0x35, 0x35, 0x31, 0x39, 0x10, 0x07, 0x2a, 0xb8, 0x01, 0x0a, 0x17, 0x4b, 0x6e, 0x6f, 0x77, + 0x6e, 0x53, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x41, 0x6c, 0x67, 0x6f, 0x72, 0x69, + 0x74, 0x68, 0x6d, 0x12, 0x29, 0x0a, 0x25, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x5f, 0x53, 0x49, 0x47, + 0x4e, 0x41, 0x54, 0x55, 0x52, 0x45, 0x5f, 0x41, 0x4c, 0x47, 0x4f, 0x52, 0x49, 0x54, 0x48, 0x4d, + 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x1b, + 0x0a, 0x17, 0x45, 0x43, 0x44, 0x53, 0x41, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x5f, 0x32, 0x35, 0x36, + 0x5f, 0x4e, 0x49, 0x53, 0x54, 0x50, 0x32, 0x35, 0x36, 0x10, 0x01, 0x12, 0x1b, 0x0a, 0x17, 0x45, + 0x43, 0x44, 0x53, 0x41, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x5f, 0x33, 0x38, 0x34, 0x5f, 0x4e, 0x49, + 0x53, 0x54, 0x50, 0x33, 0x38, 0x34, 0x10, 0x03, 0x12, 0x1b, 0x0a, 0x17, 0x45, 0x43, 0x44, 0x53, + 0x41, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x5f, 0x35, 0x31, 0x32, 0x5f, 0x4e, 0x49, 0x53, 0x54, 0x50, + 0x35, 0x32, 0x31, 0x10, 0x02, 0x12, 0x0b, 0x0a, 0x07, 0x45, 0x44, 0x32, 0x35, 0x35, 0x31, 0x39, + 0x10, 0x04, 0x12, 0x0e, 0x0a, 0x0a, 0x45, 0x44, 0x32, 0x35, 0x35, 0x31, 0x39, 0x5f, 0x50, 0x48, + 0x10, 0x05, 0x2a, 0x6f, 0x0a, 0x1a, 0x53, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x41, 0x6c, 0x74, + 0x65, 0x72, 0x6e, 0x61, 0x74, 0x69, 0x76, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x54, 0x79, 0x70, 0x65, + 0x12, 0x2d, 0x0a, 0x29, 0x53, 0x55, 0x42, 0x4a, 0x45, 0x43, 0x54, 0x5f, 0x41, 0x4c, 0x54, 0x45, + 0x52, 0x4e, 0x41, 0x54, 0x49, 0x56, 0x45, 0x5f, 0x4e, 0x41, 0x4d, 0x45, 0x5f, 0x54, 0x59, 0x50, + 0x45, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, + 0x09, 0x0a, 0x05, 0x45, 0x4d, 0x41, 0x49, 0x4c, 0x10, 0x01, 0x12, 0x07, 0x0a, 0x03, 0x55, 0x52, + 0x49, 0x10, 0x02, 0x12, 0x0e, 0x0a, 0x0a, 0x4f, 0x54, 0x48, 0x45, 0x52, 0x5f, 0x4e, 0x41, 0x4d, + 0x45, 0x10, 0x03, 0x42, 0x7c, 0x0a, 0x1c, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, + 0x6f, 0x72, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, + 0x2e, 0x76, 0x31, 0x42, 0x0b, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x50, 0x72, 0x6f, 0x74, 0x6f, + 0x50, 0x01, 0x5a, 0x36, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x73, + 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, + 0x2d, 0x73, 0x70, 0x65, 0x63, 0x73, 0x2f, 0x67, 0x65, 0x6e, 0x2f, 0x70, 0x62, 0x2d, 0x67, 0x6f, + 0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2f, 0x76, 0x31, 0xea, 0x02, 0x14, 0x53, 0x69, 0x67, + 0x73, 0x74, 0x6f, 0x72, 0x65, 0x3a, 0x3a, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x3a, 0x3a, 0x56, + 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -1213,7 +1214,7 @@ var file_sigstore_common_proto_msgTypes = make([]protoimpl.MessageInfo, 13) var file_sigstore_common_proto_goTypes = []interface{}{ (HashAlgorithm)(0), // 0: dev.sigstore.common.v1.HashAlgorithm (PublicKeyDetails)(0), // 1: dev.sigstore.common.v1.PublicKeyDetails - (SupportedAlgorithm)(0), // 2: dev.sigstore.common.v1.SupportedAlgorithm + (KnownSignatureAlgorithm)(0), // 2: dev.sigstore.common.v1.KnownSignatureAlgorithm (SubjectAlternativeNameType)(0), // 3: dev.sigstore.common.v1.SubjectAlternativeNameType (*HashOutput)(nil), // 4: dev.sigstore.common.v1.HashOutput (*MessageSignature)(nil), // 5: dev.sigstore.common.v1.MessageSignature diff --git a/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/common/v1/__init__.py b/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/common/v1/__init__.py index 0723ee8d..e84f485e 100644 --- a/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/common/v1/__init__.py +++ b/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/common/v1/__init__.py @@ -49,16 +49,16 @@ class PublicKeyDetails(betterproto.Enum): """Ed 25519""" -class SupportedAlgorithm(betterproto.Enum): +class KnownSignatureAlgorithm(betterproto.Enum): """ - SupportedAlgorithm captures the signature/hash algorithm combinations - allowed in the Sigstore ecosystem. This is modelled as a linear set as we - want to provide a small number of opinionated options instead of allowing - every possible permutation. Any changes to this enum MUST be reflected in - the algorithm registry. See: docs/algorithm-registry.md + KnownSignatureAlgorithm captures the signature/hash algorithm combinations + recommended in the Sigstore ecosystem. This is modelled as a linear set as + we want to provide a small number of opinionated options instead of + allowing every possible permutation. Any changes to this enum MUST be + reflected in the algorithm registry. See: docs/algorithm-registry.md """ - SUPPORTED_ALGORITHM_UNSPECIFIED = 0 + KNOWN_SIGNATURE_ALGORITHM_UNSPECIFIED = 0 ECDSA_SHA2_256_NISTP256 = 1 ECDSA_SHA2_384_NISTP384 = 3 ECDSA_SHA2_512_NISTP521 = 2 diff --git a/gen/pb-ruby/lib/sigstore_common_pb.rb b/gen/pb-ruby/lib/sigstore_common_pb.rb index 59debb11..4773a125 100644 --- a/gen/pb-ruby/lib/sigstore_common_pb.rb +++ b/gen/pb-ruby/lib/sigstore_common_pb.rb @@ -72,8 +72,8 @@ value :PKIX_ECDSA_P256_HMAC_SHA_256, 6 value :PKIX_ED25519, 7 end - add_enum "dev.sigstore.common.v1.SupportedAlgorithm" do - value :SUPPORTED_ALGORITHM_UNSPECIFIED, 0 + add_enum "dev.sigstore.common.v1.KnownSignatureAlgorithm" do + value :KNOWN_SIGNATURE_ALGORITHM_UNSPECIFIED, 0 value :ECDSA_SHA2_256_NISTP256, 1 value :ECDSA_SHA2_384_NISTP384, 3 value :ECDSA_SHA2_512_NISTP521, 2 @@ -107,7 +107,7 @@ module V1 TimeRange = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("dev.sigstore.common.v1.TimeRange").msgclass HashAlgorithm = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("dev.sigstore.common.v1.HashAlgorithm").enummodule PublicKeyDetails = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("dev.sigstore.common.v1.PublicKeyDetails").enummodule - SupportedAlgorithm = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("dev.sigstore.common.v1.SupportedAlgorithm").enummodule + KnownSignatureAlgorithm = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("dev.sigstore.common.v1.KnownSignatureAlgorithm").enummodule SubjectAlternativeNameType = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("dev.sigstore.common.v1.SubjectAlternativeNameType").enummodule end end diff --git a/gen/pb-typescript/src/__generated__/sigstore_common.ts b/gen/pb-typescript/src/__generated__/sigstore_common.ts index b2d3907d..8830b070 100644 --- a/gen/pb-typescript/src/__generated__/sigstore_common.ts +++ b/gen/pb-typescript/src/__generated__/sigstore_common.ts @@ -118,8 +118,8 @@ export function publicKeyDetailsToJSON(object: PublicKeyDetails): string { } /** - * SupportedAlgorithm captures the signature/hash algorithm combinations allowed - * in the Sigstore ecosystem. + * KnownSignatureAlgorithm captures the signature/hash algorithm combinations + * recommended in the Sigstore ecosystem. * * This is modelled as a linear set as we want to provide a small number of * opinionated options instead of allowing every possible permutation. @@ -127,8 +127,8 @@ export function publicKeyDetailsToJSON(object: PublicKeyDetails): string { * Any changes to this enum MUST be reflected in the algorithm registry. * See: docs/algorithm-registry.md */ -export enum SupportedAlgorithm { - SUPPORTED_ALGORITHM_UNSPECIFIED = 0, +export enum KnownSignatureAlgorithm { + KNOWN_SIGNATURE_ALGORITHM_UNSPECIFIED = 0, ECDSA_SHA2_256_NISTP256 = 1, ECDSA_SHA2_384_NISTP384 = 3, ECDSA_SHA2_512_NISTP521 = 2, @@ -136,47 +136,47 @@ export enum SupportedAlgorithm { ED25519_PH = 5, } -export function supportedAlgorithmFromJSON(object: any): SupportedAlgorithm { +export function knownSignatureAlgorithmFromJSON(object: any): KnownSignatureAlgorithm { switch (object) { case 0: - case "SUPPORTED_ALGORITHM_UNSPECIFIED": - return SupportedAlgorithm.SUPPORTED_ALGORITHM_UNSPECIFIED; + case "KNOWN_SIGNATURE_ALGORITHM_UNSPECIFIED": + return KnownSignatureAlgorithm.KNOWN_SIGNATURE_ALGORITHM_UNSPECIFIED; case 1: case "ECDSA_SHA2_256_NISTP256": - return SupportedAlgorithm.ECDSA_SHA2_256_NISTP256; + return KnownSignatureAlgorithm.ECDSA_SHA2_256_NISTP256; case 3: case "ECDSA_SHA2_384_NISTP384": - return SupportedAlgorithm.ECDSA_SHA2_384_NISTP384; + return KnownSignatureAlgorithm.ECDSA_SHA2_384_NISTP384; case 2: case "ECDSA_SHA2_512_NISTP521": - return SupportedAlgorithm.ECDSA_SHA2_512_NISTP521; + return KnownSignatureAlgorithm.ECDSA_SHA2_512_NISTP521; case 4: case "ED25519": - return SupportedAlgorithm.ED25519; + return KnownSignatureAlgorithm.ED25519; case 5: case "ED25519_PH": - return SupportedAlgorithm.ED25519_PH; + return KnownSignatureAlgorithm.ED25519_PH; default: - throw new tsProtoGlobalThis.Error("Unrecognized enum value " + object + " for enum SupportedAlgorithm"); + throw new tsProtoGlobalThis.Error("Unrecognized enum value " + object + " for enum KnownSignatureAlgorithm"); } } -export function supportedAlgorithmToJSON(object: SupportedAlgorithm): string { +export function knownSignatureAlgorithmToJSON(object: KnownSignatureAlgorithm): string { switch (object) { - case SupportedAlgorithm.SUPPORTED_ALGORITHM_UNSPECIFIED: - return "SUPPORTED_ALGORITHM_UNSPECIFIED"; - case SupportedAlgorithm.ECDSA_SHA2_256_NISTP256: + case KnownSignatureAlgorithm.KNOWN_SIGNATURE_ALGORITHM_UNSPECIFIED: + return "KNOWN_SIGNATURE_ALGORITHM_UNSPECIFIED"; + case KnownSignatureAlgorithm.ECDSA_SHA2_256_NISTP256: return "ECDSA_SHA2_256_NISTP256"; - case SupportedAlgorithm.ECDSA_SHA2_384_NISTP384: + case KnownSignatureAlgorithm.ECDSA_SHA2_384_NISTP384: return "ECDSA_SHA2_384_NISTP384"; - case SupportedAlgorithm.ECDSA_SHA2_512_NISTP521: + case KnownSignatureAlgorithm.ECDSA_SHA2_512_NISTP521: return "ECDSA_SHA2_512_NISTP521"; - case SupportedAlgorithm.ED25519: + case KnownSignatureAlgorithm.ED25519: return "ED25519"; - case SupportedAlgorithm.ED25519_PH: + case KnownSignatureAlgorithm.ED25519_PH: return "ED25519_PH"; default: - throw new tsProtoGlobalThis.Error("Unrecognized enum value " + object + " for enum SupportedAlgorithm"); + throw new tsProtoGlobalThis.Error("Unrecognized enum value " + object + " for enum KnownSignatureAlgorithm"); } } diff --git a/protos/sigstore_common.proto b/protos/sigstore_common.proto index 6edaaaa7..1aeebf1a 100644 --- a/protos/sigstore_common.proto +++ b/protos/sigstore_common.proto @@ -68,16 +68,16 @@ message HashOutput { bytes digest = 2; } -// SupportedAlgorithm captures the signature/hash algorithm combinations allowed -// in the Sigstore ecosystem. +// KnownSignatureAlgorithm captures the signature/hash algorithm combinations +// recommended in the Sigstore ecosystem. // // This is modelled as a linear set as we want to provide a small number of // opinionated options instead of allowing every possible permutation. // // Any changes to this enum MUST be reflected in the algorithm registry. // See: docs/algorithm-registry.md -enum SupportedAlgorithm { - SUPPORTED_ALGORITHM_UNSPECIFIED = 0; +enum KnownSignatureAlgorithm { + KNOWN_SIGNATURE_ALGORITHM_UNSPECIFIED = 0; ECDSA_SHA2_256_NISTP256 = 1; ECDSA_SHA2_384_NISTP384 = 3; ECDSA_SHA2_512_NISTP521 = 2; From 466fc054cdff438514776adc2ffb0fb191e7039c Mon Sep 17 00:00:00 2001 From: Alex Cameron Date: Wed, 17 Jan 2024 17:16:53 +1100 Subject: [PATCH 07/18] Correct `KnownSignatureAlgorithm` comment Signed-off-by: Alex Cameron --- protos/sigstore_common.proto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/protos/sigstore_common.proto b/protos/sigstore_common.proto index 1aeebf1a..98a4f2a7 100644 --- a/protos/sigstore_common.proto +++ b/protos/sigstore_common.proto @@ -68,7 +68,7 @@ message HashOutput { bytes digest = 2; } -// KnownSignatureAlgorithm captures the signature/hash algorithm combinations +// KnownSignatureAlgorithm captures the public key/hash algorithm combinations // recommended in the Sigstore ecosystem. // // This is modelled as a linear set as we want to provide a small number of From 1243b19b6394046598dfc7374f3084fe98b3f222 Mon Sep 17 00:00:00 2001 From: Alex Cameron Date: Wed, 17 Jan 2024 17:53:53 +1100 Subject: [PATCH 08/18] Note that `ed25519-ph` is used for hashedrekord Signed-off-by: Alex Cameron --- docs/algorithm-registry.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/algorithm-registry.md b/docs/algorithm-registry.md index ee21c371..e7860ae4 100644 --- a/docs/algorithm-registry.md +++ b/docs/algorithm-registry.md @@ -19,4 +19,4 @@ specification for the design rationale for this registry. || ecdsa-sha2-256-nistp521 | verify only | || ecdsa-sha2-384-nistp384 | sign/verify | | EdDSA | ed25519 | sign/verify | -|| ed25519-ph | sign/verify | +|| ed25519-ph | sign/verify (used for `hashedrekord`) | From c06b5d1e850c96976ba6b1956e88fda3d3341b1d Mon Sep 17 00:00:00 2001 From: Alex Cameron Date: Wed, 17 Jan 2024 17:58:27 +1100 Subject: [PATCH 09/18] Fix algorithm registry to list SHA-512 with P-521 Signed-off-by: Alex Cameron --- docs/algorithm-registry.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/algorithm-registry.md b/docs/algorithm-registry.md index e7860ae4..80027fff 100644 --- a/docs/algorithm-registry.md +++ b/docs/algorithm-registry.md @@ -16,7 +16,7 @@ specification for the design rationale for this registry. | Algorithm | Name | Usage | | --- | --- | --- | | ECDSA | ecdsa-sha2-256-nistp256 | sign/verify | -|| ecdsa-sha2-256-nistp521 | verify only | || ecdsa-sha2-384-nistp384 | sign/verify | +|| ecdsa-sha2-512-nistp521 | sign/verify | | EdDSA | ed25519 | sign/verify | -|| ed25519-ph | sign/verify (used for `hashedrekord`) | +|| ed25519-ph | sign/verify (recommended only for `hashedrekord`) | From 3d33e9a99697e04d2fdfb90f9b6061f44353fada Mon Sep 17 00:00:00 2001 From: Alex Cameron Date: Wed, 17 Jan 2024 18:17:40 +1100 Subject: [PATCH 10/18] Regenerate code Signed-off-by: Alex Cameron --- gen/pb-go/common/v1/sigstore_common.pb.go | 2 +- .../sigstore_protobuf_specs/dev/sigstore/common/v1/__init__.py | 2 +- gen/pb-typescript/src/__generated__/sigstore_common.ts | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/gen/pb-go/common/v1/sigstore_common.pb.go b/gen/pb-go/common/v1/sigstore_common.pb.go index 2d1422ec..0b19e585 100644 --- a/gen/pb-go/common/v1/sigstore_common.pb.go +++ b/gen/pb-go/common/v1/sigstore_common.pb.go @@ -162,7 +162,7 @@ func (PublicKeyDetails) EnumDescriptor() ([]byte, []int) { return file_sigstore_common_proto_rawDescGZIP(), []int{1} } -// KnownSignatureAlgorithm captures the signature/hash algorithm combinations +// KnownSignatureAlgorithm captures the public key/hash algorithm combinations // recommended in the Sigstore ecosystem. // // This is modelled as a linear set as we want to provide a small number of diff --git a/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/common/v1/__init__.py b/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/common/v1/__init__.py index e84f485e..61c2691d 100644 --- a/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/common/v1/__init__.py +++ b/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/common/v1/__init__.py @@ -51,7 +51,7 @@ class PublicKeyDetails(betterproto.Enum): class KnownSignatureAlgorithm(betterproto.Enum): """ - KnownSignatureAlgorithm captures the signature/hash algorithm combinations + KnownSignatureAlgorithm captures the public key/hash algorithm combinations recommended in the Sigstore ecosystem. This is modelled as a linear set as we want to provide a small number of opinionated options instead of allowing every possible permutation. Any changes to this enum MUST be diff --git a/gen/pb-typescript/src/__generated__/sigstore_common.ts b/gen/pb-typescript/src/__generated__/sigstore_common.ts index 8830b070..ed13c6ee 100644 --- a/gen/pb-typescript/src/__generated__/sigstore_common.ts +++ b/gen/pb-typescript/src/__generated__/sigstore_common.ts @@ -118,7 +118,7 @@ export function publicKeyDetailsToJSON(object: PublicKeyDetails): string { } /** - * KnownSignatureAlgorithm captures the signature/hash algorithm combinations + * KnownSignatureAlgorithm captures the public key/hash algorithm combinations * recommended in the Sigstore ecosystem. * * This is modelled as a linear set as we want to provide a small number of From 3610161b77093a3e68dcd17b60e3fe5ed86424ff Mon Sep 17 00:00:00 2001 From: Alex Cameron Date: Wed, 17 Jan 2024 18:20:46 +1100 Subject: [PATCH 11/18] Add hash algorithms to registry also Signed-off-by: Alex Cameron --- docs/algorithm-registry.md | 26 +++++++++++++++++++------- 1 file changed, 19 insertions(+), 7 deletions(-) diff --git a/docs/algorithm-registry.md b/docs/algorithm-registry.md index 80027fff..582d59f1 100644 --- a/docs/algorithm-registry.md +++ b/docs/algorithm-registry.md @@ -13,10 +13,22 @@ a secure set of defaults that the community can follow. Refer to the [Sigstore: Configurable Crypto Algorithms](https://docs.google.com/document/d/18vTKFvTQdRt3OGz6Qd1xf04o-hugRYSup-1EAOWn7MQ/) specification for the design rationale for this registry. -| Algorithm | Name | Usage | -| --- | --- | --- | -| ECDSA | ecdsa-sha2-256-nistp256 | sign/verify | -|| ecdsa-sha2-384-nistp384 | sign/verify | -|| ecdsa-sha2-512-nistp521 | sign/verify | -| EdDSA | ed25519 | sign/verify | -|| ed25519-ph | sign/verify (recommended only for `hashedrekord`) | +## Hash Algorithms + +| Algorithm | Name | +|-----------|--------------| +| SHA2 | sha2-256 | +| | sha2-256/192 | +| | sha2-384 | +| SHA3 | sha3-256 | +| | sha3-384 | + +## Signature Algorithms + +| Algorithm | Name | Usage | +|-----------|-------------------------|---------------------------------------------------| +| ECDSA | ecdsa-sha2-256-nistp256 | sign/verify | +| | ecdsa-sha2-384-nistp384 | sign/verify | +| | ecdsa-sha2-512-nistp521 | sign/verify | +| EdDSA | ed25519 | sign/verify | +| | ed25519-ph | sign/verify (recommended only for `hashedrekord`) | From d126419c7285f59cf08ad70479f4dc1faa2c12ce Mon Sep 17 00:00:00 2001 From: Alex Cameron Date: Wed, 17 Jan 2024 18:25:46 +1100 Subject: [PATCH 12/18] Add RSA signature algorithms to registry Signed-off-by: Alex Cameron --- docs/algorithm-registry.md | 17 +++--- gen/pb-go/common/v1/sigstore_common.pb.go | 59 ++++++++++++------- .../dev/sigstore/common/v1/__init__.py | 13 ++-- gen/pb-ruby/lib/sigstore_common_pb.rb | 13 ++-- .../src/__generated__/sigstore_common.ts | 36 ++++++++--- protos/sigstore_common.proto | 13 ++-- 6 files changed, 98 insertions(+), 53 deletions(-) diff --git a/docs/algorithm-registry.md b/docs/algorithm-registry.md index 582d59f1..15533d8f 100644 --- a/docs/algorithm-registry.md +++ b/docs/algorithm-registry.md @@ -25,10 +25,13 @@ specification for the design rationale for this registry. ## Signature Algorithms -| Algorithm | Name | Usage | -|-----------|-------------------------|---------------------------------------------------| -| ECDSA | ecdsa-sha2-256-nistp256 | sign/verify | -| | ecdsa-sha2-384-nistp384 | sign/verify | -| | ecdsa-sha2-512-nistp521 | sign/verify | -| EdDSA | ed25519 | sign/verify | -| | ed25519-ph | sign/verify (recommended only for `hashedrekord`) | +| Algorithm | Name | Usage | +|-----------|----------------------------|---------------------------------------------------| +| RSA | rsa-sign-pkcs1-2048-sha256 | verify only | +| | rsa-sign-pkcs1-3072-sha256 | sign/verify | +| | rsa-sign-pkcs1-4096-sha256 | sign/verify | +| ECDSA | ecdsa-sha2-256-nistp256 | sign/verify | +| | ecdsa-sha2-384-nistp384 | sign/verify | +| | ecdsa-sha2-512-nistp521 | sign/verify | +| EdDSA | ed25519 | sign/verify | +| | ed25519-ph | sign/verify (recommended only for `hashedrekord`) | diff --git a/gen/pb-go/common/v1/sigstore_common.pb.go b/gen/pb-go/common/v1/sigstore_common.pb.go index 0b19e585..6d815ffa 100644 --- a/gen/pb-go/common/v1/sigstore_common.pb.go +++ b/gen/pb-go/common/v1/sigstore_common.pb.go @@ -174,30 +174,39 @@ type KnownSignatureAlgorithm int32 const ( KnownSignatureAlgorithm_KNOWN_SIGNATURE_ALGORITHM_UNSPECIFIED KnownSignatureAlgorithm = 0 - KnownSignatureAlgorithm_ECDSA_SHA2_256_NISTP256 KnownSignatureAlgorithm = 1 - KnownSignatureAlgorithm_ECDSA_SHA2_384_NISTP384 KnownSignatureAlgorithm = 3 - KnownSignatureAlgorithm_ECDSA_SHA2_512_NISTP521 KnownSignatureAlgorithm = 2 - KnownSignatureAlgorithm_ED25519 KnownSignatureAlgorithm = 4 - KnownSignatureAlgorithm_ED25519_PH KnownSignatureAlgorithm = 5 + KnownSignatureAlgorithm_RSA_SIGN_PKCS1_2048_SHA256 KnownSignatureAlgorithm = 1 + KnownSignatureAlgorithm_RSA_SIGN_PKCS1_3072_SHA256 KnownSignatureAlgorithm = 2 + KnownSignatureAlgorithm_RSA_SIGN_PKCS1_4096_SHA256 KnownSignatureAlgorithm = 3 + KnownSignatureAlgorithm_ECDSA_SHA2_256_NISTP256 KnownSignatureAlgorithm = 4 + KnownSignatureAlgorithm_ECDSA_SHA2_384_NISTP384 KnownSignatureAlgorithm = 5 + KnownSignatureAlgorithm_ECDSA_SHA2_512_NISTP521 KnownSignatureAlgorithm = 6 + KnownSignatureAlgorithm_ED25519 KnownSignatureAlgorithm = 7 + KnownSignatureAlgorithm_ED25519_PH KnownSignatureAlgorithm = 8 ) // Enum value maps for KnownSignatureAlgorithm. var ( KnownSignatureAlgorithm_name = map[int32]string{ 0: "KNOWN_SIGNATURE_ALGORITHM_UNSPECIFIED", - 1: "ECDSA_SHA2_256_NISTP256", - 3: "ECDSA_SHA2_384_NISTP384", - 2: "ECDSA_SHA2_512_NISTP521", - 4: "ED25519", - 5: "ED25519_PH", + 1: "RSA_SIGN_PKCS1_2048_SHA256", + 2: "RSA_SIGN_PKCS1_3072_SHA256", + 3: "RSA_SIGN_PKCS1_4096_SHA256", + 4: "ECDSA_SHA2_256_NISTP256", + 5: "ECDSA_SHA2_384_NISTP384", + 6: "ECDSA_SHA2_512_NISTP521", + 7: "ED25519", + 8: "ED25519_PH", } KnownSignatureAlgorithm_value = map[string]int32{ "KNOWN_SIGNATURE_ALGORITHM_UNSPECIFIED": 0, - "ECDSA_SHA2_256_NISTP256": 1, - "ECDSA_SHA2_384_NISTP384": 3, - "ECDSA_SHA2_512_NISTP521": 2, - "ED25519": 4, - "ED25519_PH": 5, + "RSA_SIGN_PKCS1_2048_SHA256": 1, + "RSA_SIGN_PKCS1_3072_SHA256": 2, + "RSA_SIGN_PKCS1_4096_SHA256": 3, + "ECDSA_SHA2_256_NISTP256": 4, + "ECDSA_SHA2_384_NISTP384": 5, + "ECDSA_SHA2_512_NISTP521": 6, + "ED25519": 7, + "ED25519_PH": 8, } ) @@ -1167,19 +1176,25 @@ var file_sigstore_common_proto_rawDesc = []byte{ 0x36, 0x10, 0x05, 0x12, 0x20, 0x0a, 0x1c, 0x50, 0x4b, 0x49, 0x58, 0x5f, 0x45, 0x43, 0x44, 0x53, 0x41, 0x5f, 0x50, 0x32, 0x35, 0x36, 0x5f, 0x48, 0x4d, 0x41, 0x43, 0x5f, 0x53, 0x48, 0x41, 0x5f, 0x32, 0x35, 0x36, 0x10, 0x06, 0x12, 0x10, 0x0a, 0x0c, 0x50, 0x4b, 0x49, 0x58, 0x5f, 0x45, 0x44, - 0x32, 0x35, 0x35, 0x31, 0x39, 0x10, 0x07, 0x2a, 0xb8, 0x01, 0x0a, 0x17, 0x4b, 0x6e, 0x6f, 0x77, + 0x32, 0x35, 0x35, 0x31, 0x39, 0x10, 0x07, 0x2a, 0x98, 0x02, 0x0a, 0x17, 0x4b, 0x6e, 0x6f, 0x77, 0x6e, 0x53, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x41, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, 0x12, 0x29, 0x0a, 0x25, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x41, 0x54, 0x55, 0x52, 0x45, 0x5f, 0x41, 0x4c, 0x47, 0x4f, 0x52, 0x49, 0x54, 0x48, 0x4d, - 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x1b, + 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x1e, + 0x0a, 0x1a, 0x52, 0x53, 0x41, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x5f, 0x50, 0x4b, 0x43, 0x53, 0x31, + 0x5f, 0x32, 0x30, 0x34, 0x38, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x10, 0x01, 0x12, 0x1e, + 0x0a, 0x1a, 0x52, 0x53, 0x41, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x5f, 0x50, 0x4b, 0x43, 0x53, 0x31, + 0x5f, 0x33, 0x30, 0x37, 0x32, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x10, 0x02, 0x12, 0x1e, + 0x0a, 0x1a, 0x52, 0x53, 0x41, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x5f, 0x50, 0x4b, 0x43, 0x53, 0x31, + 0x5f, 0x34, 0x30, 0x39, 0x36, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x10, 0x03, 0x12, 0x1b, 0x0a, 0x17, 0x45, 0x43, 0x44, 0x53, 0x41, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x5f, 0x32, 0x35, 0x36, - 0x5f, 0x4e, 0x49, 0x53, 0x54, 0x50, 0x32, 0x35, 0x36, 0x10, 0x01, 0x12, 0x1b, 0x0a, 0x17, 0x45, + 0x5f, 0x4e, 0x49, 0x53, 0x54, 0x50, 0x32, 0x35, 0x36, 0x10, 0x04, 0x12, 0x1b, 0x0a, 0x17, 0x45, 0x43, 0x44, 0x53, 0x41, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x5f, 0x33, 0x38, 0x34, 0x5f, 0x4e, 0x49, - 0x53, 0x54, 0x50, 0x33, 0x38, 0x34, 0x10, 0x03, 0x12, 0x1b, 0x0a, 0x17, 0x45, 0x43, 0x44, 0x53, + 0x53, 0x54, 0x50, 0x33, 0x38, 0x34, 0x10, 0x05, 0x12, 0x1b, 0x0a, 0x17, 0x45, 0x43, 0x44, 0x53, 0x41, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x5f, 0x35, 0x31, 0x32, 0x5f, 0x4e, 0x49, 0x53, 0x54, 0x50, - 0x35, 0x32, 0x31, 0x10, 0x02, 0x12, 0x0b, 0x0a, 0x07, 0x45, 0x44, 0x32, 0x35, 0x35, 0x31, 0x39, - 0x10, 0x04, 0x12, 0x0e, 0x0a, 0x0a, 0x45, 0x44, 0x32, 0x35, 0x35, 0x31, 0x39, 0x5f, 0x50, 0x48, - 0x10, 0x05, 0x2a, 0x6f, 0x0a, 0x1a, 0x53, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x41, 0x6c, 0x74, + 0x35, 0x32, 0x31, 0x10, 0x06, 0x12, 0x0b, 0x0a, 0x07, 0x45, 0x44, 0x32, 0x35, 0x35, 0x31, 0x39, + 0x10, 0x07, 0x12, 0x0e, 0x0a, 0x0a, 0x45, 0x44, 0x32, 0x35, 0x35, 0x31, 0x39, 0x5f, 0x50, 0x48, + 0x10, 0x08, 0x2a, 0x6f, 0x0a, 0x1a, 0x53, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x41, 0x6c, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x74, 0x69, 0x76, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x54, 0x79, 0x70, 0x65, 0x12, 0x2d, 0x0a, 0x29, 0x53, 0x55, 0x42, 0x4a, 0x45, 0x43, 0x54, 0x5f, 0x41, 0x4c, 0x54, 0x45, 0x52, 0x4e, 0x41, 0x54, 0x49, 0x56, 0x45, 0x5f, 0x4e, 0x41, 0x4d, 0x45, 0x5f, 0x54, 0x59, 0x50, diff --git a/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/common/v1/__init__.py b/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/common/v1/__init__.py index 61c2691d..dd8a9819 100644 --- a/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/common/v1/__init__.py +++ b/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/common/v1/__init__.py @@ -59,11 +59,14 @@ class KnownSignatureAlgorithm(betterproto.Enum): """ KNOWN_SIGNATURE_ALGORITHM_UNSPECIFIED = 0 - ECDSA_SHA2_256_NISTP256 = 1 - ECDSA_SHA2_384_NISTP384 = 3 - ECDSA_SHA2_512_NISTP521 = 2 - ED25519 = 4 - ED25519_PH = 5 + RSA_SIGN_PKCS1_2048_SHA256 = 1 + RSA_SIGN_PKCS1_3072_SHA256 = 2 + RSA_SIGN_PKCS1_4096_SHA256 = 3 + ECDSA_SHA2_256_NISTP256 = 4 + ECDSA_SHA2_384_NISTP384 = 5 + ECDSA_SHA2_512_NISTP521 = 6 + ED25519 = 7 + ED25519_PH = 8 class SubjectAlternativeNameType(betterproto.Enum): diff --git a/gen/pb-ruby/lib/sigstore_common_pb.rb b/gen/pb-ruby/lib/sigstore_common_pb.rb index 4773a125..280a9df6 100644 --- a/gen/pb-ruby/lib/sigstore_common_pb.rb +++ b/gen/pb-ruby/lib/sigstore_common_pb.rb @@ -74,11 +74,14 @@ end add_enum "dev.sigstore.common.v1.KnownSignatureAlgorithm" do value :KNOWN_SIGNATURE_ALGORITHM_UNSPECIFIED, 0 - value :ECDSA_SHA2_256_NISTP256, 1 - value :ECDSA_SHA2_384_NISTP384, 3 - value :ECDSA_SHA2_512_NISTP521, 2 - value :ED25519, 4 - value :ED25519_PH, 5 + value :RSA_SIGN_PKCS1_2048_SHA256, 1 + value :RSA_SIGN_PKCS1_3072_SHA256, 2 + value :RSA_SIGN_PKCS1_4096_SHA256, 3 + value :ECDSA_SHA2_256_NISTP256, 4 + value :ECDSA_SHA2_384_NISTP384, 5 + value :ECDSA_SHA2_512_NISTP521, 6 + value :ED25519, 7 + value :ED25519_PH, 8 end add_enum "dev.sigstore.common.v1.SubjectAlternativeNameType" do value :SUBJECT_ALTERNATIVE_NAME_TYPE_UNSPECIFIED, 0 diff --git a/gen/pb-typescript/src/__generated__/sigstore_common.ts b/gen/pb-typescript/src/__generated__/sigstore_common.ts index ed13c6ee..e0f154d7 100644 --- a/gen/pb-typescript/src/__generated__/sigstore_common.ts +++ b/gen/pb-typescript/src/__generated__/sigstore_common.ts @@ -129,11 +129,14 @@ export function publicKeyDetailsToJSON(object: PublicKeyDetails): string { */ export enum KnownSignatureAlgorithm { KNOWN_SIGNATURE_ALGORITHM_UNSPECIFIED = 0, - ECDSA_SHA2_256_NISTP256 = 1, - ECDSA_SHA2_384_NISTP384 = 3, - ECDSA_SHA2_512_NISTP521 = 2, - ED25519 = 4, - ED25519_PH = 5, + RSA_SIGN_PKCS1_2048_SHA256 = 1, + RSA_SIGN_PKCS1_3072_SHA256 = 2, + RSA_SIGN_PKCS1_4096_SHA256 = 3, + ECDSA_SHA2_256_NISTP256 = 4, + ECDSA_SHA2_384_NISTP384 = 5, + ECDSA_SHA2_512_NISTP521 = 6, + ED25519 = 7, + ED25519_PH = 8, } export function knownSignatureAlgorithmFromJSON(object: any): KnownSignatureAlgorithm { @@ -142,18 +145,27 @@ export function knownSignatureAlgorithmFromJSON(object: any): KnownSignatureAlgo case "KNOWN_SIGNATURE_ALGORITHM_UNSPECIFIED": return KnownSignatureAlgorithm.KNOWN_SIGNATURE_ALGORITHM_UNSPECIFIED; case 1: + case "RSA_SIGN_PKCS1_2048_SHA256": + return KnownSignatureAlgorithm.RSA_SIGN_PKCS1_2048_SHA256; + case 2: + case "RSA_SIGN_PKCS1_3072_SHA256": + return KnownSignatureAlgorithm.RSA_SIGN_PKCS1_3072_SHA256; + case 3: + case "RSA_SIGN_PKCS1_4096_SHA256": + return KnownSignatureAlgorithm.RSA_SIGN_PKCS1_4096_SHA256; + case 4: case "ECDSA_SHA2_256_NISTP256": return KnownSignatureAlgorithm.ECDSA_SHA2_256_NISTP256; - case 3: + case 5: case "ECDSA_SHA2_384_NISTP384": return KnownSignatureAlgorithm.ECDSA_SHA2_384_NISTP384; - case 2: + case 6: case "ECDSA_SHA2_512_NISTP521": return KnownSignatureAlgorithm.ECDSA_SHA2_512_NISTP521; - case 4: + case 7: case "ED25519": return KnownSignatureAlgorithm.ED25519; - case 5: + case 8: case "ED25519_PH": return KnownSignatureAlgorithm.ED25519_PH; default: @@ -165,6 +177,12 @@ export function knownSignatureAlgorithmToJSON(object: KnownSignatureAlgorithm): switch (object) { case KnownSignatureAlgorithm.KNOWN_SIGNATURE_ALGORITHM_UNSPECIFIED: return "KNOWN_SIGNATURE_ALGORITHM_UNSPECIFIED"; + case KnownSignatureAlgorithm.RSA_SIGN_PKCS1_2048_SHA256: + return "RSA_SIGN_PKCS1_2048_SHA256"; + case KnownSignatureAlgorithm.RSA_SIGN_PKCS1_3072_SHA256: + return "RSA_SIGN_PKCS1_3072_SHA256"; + case KnownSignatureAlgorithm.RSA_SIGN_PKCS1_4096_SHA256: + return "RSA_SIGN_PKCS1_4096_SHA256"; case KnownSignatureAlgorithm.ECDSA_SHA2_256_NISTP256: return "ECDSA_SHA2_256_NISTP256"; case KnownSignatureAlgorithm.ECDSA_SHA2_384_NISTP384: diff --git a/protos/sigstore_common.proto b/protos/sigstore_common.proto index 98a4f2a7..c9bc21e0 100644 --- a/protos/sigstore_common.proto +++ b/protos/sigstore_common.proto @@ -78,11 +78,14 @@ message HashOutput { // See: docs/algorithm-registry.md enum KnownSignatureAlgorithm { KNOWN_SIGNATURE_ALGORITHM_UNSPECIFIED = 0; - ECDSA_SHA2_256_NISTP256 = 1; - ECDSA_SHA2_384_NISTP384 = 3; - ECDSA_SHA2_512_NISTP521 = 2; - ED25519 = 4; - ED25519_PH = 5; + RSA_SIGN_PKCS1_2048_SHA256 = 1; + RSA_SIGN_PKCS1_3072_SHA256 = 2; + RSA_SIGN_PKCS1_4096_SHA256 = 3; + ECDSA_SHA2_256_NISTP256 = 4; + ECDSA_SHA2_384_NISTP384 = 5; + ECDSA_SHA2_512_NISTP521 = 6; + ED25519 = 7; + ED25519_PH = 8; } // MessageSignature stores the computed signature over a message. From db90d7ffd142d7023450ecfaf5f835417c3d9f9d Mon Sep 17 00:00:00 2001 From: William Woodruff Date: Wed, 17 Jan 2024 14:31:12 -0500 Subject: [PATCH 13/18] gen, protos: more HashAlgorithm variants Signed-off-by: William Woodruff --- gen/jsonschema/schemas/Bundle.schema.json | 6 +- gen/jsonschema/schemas/HashOutput.schema.json | 6 +- gen/jsonschema/schemas/Input.schema.json | 12 +- .../schemas/MessageSignature.schema.json | 6 +- .../TransparencyLogInstance.schema.json | 6 +- .../schemas/TrustedRoot.schema.json | 6 +- gen/pb-go/common/v1/sigstore_common.pb.go | 114 ++++++++++-------- .../dev/sigstore/common/v1/__init__.py | 4 + gen/pb-ruby/lib/sigstore_common_pb.rb | 4 + gen/pb-rust/schemas/Bundle.schema.json | 6 +- gen/pb-rust/schemas/HashOutput.schema.json | 6 +- gen/pb-rust/schemas/Input.schema.json | 12 +- .../schemas/MessageSignature.schema.json | 6 +- .../TransparencyLogInstance.schema.json | 6 +- gen/pb-rust/schemas/TrustedRoot.schema.json | 6 +- .../src/__generated__/sigstore_common.ts | 24 ++++ protos/sigstore_common.proto | 4 + 17 files changed, 171 insertions(+), 63 deletions(-) diff --git a/gen/jsonschema/schemas/Bundle.schema.json b/gen/jsonschema/schemas/Bundle.schema.json index fb44fade..71751b2b 100644 --- a/gen/jsonschema/schemas/Bundle.schema.json +++ b/gen/jsonschema/schemas/Bundle.schema.json @@ -101,7 +101,11 @@ "algorithm": { "enum": [ "HASH_ALGORITHM_UNSPECIFIED", - "SHA2_256" + "SHA2_256", + "SHA2_256_192", + "SHA2_512", + "SHA3_256", + "SHA3_384" ], "type": "string", "title": "This package defines commonly used message types within the Sigstore\n community.", diff --git a/gen/jsonschema/schemas/HashOutput.schema.json b/gen/jsonschema/schemas/HashOutput.schema.json index ff72ba45..c67f27b3 100644 --- a/gen/jsonschema/schemas/HashOutput.schema.json +++ b/gen/jsonschema/schemas/HashOutput.schema.json @@ -7,7 +7,11 @@ "algorithm": { "enum": [ "HASH_ALGORITHM_UNSPECIFIED", - "SHA2_256" + "SHA2_256", + "SHA2_256_192", + "SHA2_512", + "SHA3_256", + "SHA3_384" ], "type": "string", "title": "This package defines commonly used message types within the Sigstore\n community.", diff --git a/gen/jsonschema/schemas/Input.schema.json b/gen/jsonschema/schemas/Input.schema.json index b5fe5060..06f70ca5 100644 --- a/gen/jsonschema/schemas/Input.schema.json +++ b/gen/jsonschema/schemas/Input.schema.json @@ -147,7 +147,11 @@ "algorithm": { "enum": [ "HASH_ALGORITHM_UNSPECIFIED", - "SHA2_256" + "SHA2_256", + "SHA2_256_192", + "SHA2_512", + "SHA3_256", + "SHA3_384" ], "type": "string", "title": "This package defines commonly used message types within the Sigstore\n community.", @@ -543,7 +547,11 @@ "hashAlgorithm": { "enum": [ "HASH_ALGORITHM_UNSPECIFIED", - "SHA2_256" + "SHA2_256", + "SHA2_256_192", + "SHA2_512", + "SHA3_256", + "SHA3_384" ], "type": "string", "title": "This package defines commonly used message types within the Sigstore\n community.", diff --git a/gen/jsonschema/schemas/MessageSignature.schema.json b/gen/jsonschema/schemas/MessageSignature.schema.json index 37def2f2..99ad40e3 100644 --- a/gen/jsonschema/schemas/MessageSignature.schema.json +++ b/gen/jsonschema/schemas/MessageSignature.schema.json @@ -26,7 +26,11 @@ "algorithm": { "enum": [ "HASH_ALGORITHM_UNSPECIFIED", - "SHA2_256" + "SHA2_256", + "SHA2_256_192", + "SHA2_512", + "SHA3_256", + "SHA3_384" ], "type": "string", "title": "This package defines commonly used message types within the Sigstore\n community.", diff --git a/gen/jsonschema/schemas/TransparencyLogInstance.schema.json b/gen/jsonschema/schemas/TransparencyLogInstance.schema.json index 3c7e0d9a..b6d866d2 100644 --- a/gen/jsonschema/schemas/TransparencyLogInstance.schema.json +++ b/gen/jsonschema/schemas/TransparencyLogInstance.schema.json @@ -11,7 +11,11 @@ "hashAlgorithm": { "enum": [ "HASH_ALGORITHM_UNSPECIFIED", - "SHA2_256" + "SHA2_256", + "SHA2_256_192", + "SHA2_512", + "SHA3_256", + "SHA3_384" ], "type": "string", "title": "This package defines commonly used message types within the Sigstore\n community.", diff --git a/gen/jsonschema/schemas/TrustedRoot.schema.json b/gen/jsonschema/schemas/TrustedRoot.schema.json index 623a9911..d1fd4a4f 100644 --- a/gen/jsonschema/schemas/TrustedRoot.schema.json +++ b/gen/jsonschema/schemas/TrustedRoot.schema.json @@ -206,7 +206,11 @@ "hashAlgorithm": { "enum": [ "HASH_ALGORITHM_UNSPECIFIED", - "SHA2_256" + "SHA2_256", + "SHA2_256_192", + "SHA2_512", + "SHA3_256", + "SHA3_384" ], "type": "string", "title": "This package defines commonly used message types within the Sigstore\n community.", diff --git a/gen/pb-go/common/v1/sigstore_common.pb.go b/gen/pb-go/common/v1/sigstore_common.pb.go index 6d815ffa..068ac4b5 100644 --- a/gen/pb-go/common/v1/sigstore_common.pb.go +++ b/gen/pb-go/common/v1/sigstore_common.pb.go @@ -48,6 +48,10 @@ type HashAlgorithm int32 const ( HashAlgorithm_HASH_ALGORITHM_UNSPECIFIED HashAlgorithm = 0 HashAlgorithm_SHA2_256 HashAlgorithm = 1 + HashAlgorithm_SHA2_256_192 HashAlgorithm = 2 + HashAlgorithm_SHA2_512 HashAlgorithm = 3 + HashAlgorithm_SHA3_256 HashAlgorithm = 4 + HashAlgorithm_SHA3_384 HashAlgorithm = 5 ) // Enum value maps for HashAlgorithm. @@ -55,10 +59,18 @@ var ( HashAlgorithm_name = map[int32]string{ 0: "HASH_ALGORITHM_UNSPECIFIED", 1: "SHA2_256", + 2: "SHA2_256_192", + 3: "SHA2_512", + 4: "SHA3_256", + 5: "SHA3_384", } HashAlgorithm_value = map[string]int32{ "HASH_ALGORITHM_UNSPECIFIED": 0, "SHA2_256": 1, + "SHA2_256_192": 2, + "SHA2_512": 3, + "SHA3_256": 4, + "SHA3_384": 5, } ) @@ -1158,58 +1170,62 @@ var file_sigstore_common_proto_rawDesc = []byte{ 0x74, 0x12, 0x31, 0x0a, 0x03, 0x65, 0x6e, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x48, 0x00, 0x52, 0x03, 0x65, 0x6e, - 0x64, 0x88, 0x01, 0x01, 0x42, 0x06, 0x0a, 0x04, 0x5f, 0x65, 0x6e, 0x64, 0x2a, 0x3d, 0x0a, 0x0d, + 0x64, 0x88, 0x01, 0x01, 0x42, 0x06, 0x0a, 0x04, 0x5f, 0x65, 0x6e, 0x64, 0x2a, 0x79, 0x0a, 0x0d, 0x48, 0x61, 0x73, 0x68, 0x41, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, 0x12, 0x1e, 0x0a, 0x1a, 0x48, 0x41, 0x53, 0x48, 0x5f, 0x41, 0x4c, 0x47, 0x4f, 0x52, 0x49, 0x54, 0x48, 0x4d, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x0c, 0x0a, - 0x08, 0x53, 0x48, 0x41, 0x32, 0x5f, 0x32, 0x35, 0x36, 0x10, 0x01, 0x2a, 0xd9, 0x01, 0x0a, 0x10, - 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x44, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, - 0x12, 0x22, 0x0a, 0x1e, 0x50, 0x55, 0x42, 0x4c, 0x49, 0x43, 0x5f, 0x4b, 0x45, 0x59, 0x5f, 0x44, - 0x45, 0x54, 0x41, 0x49, 0x4c, 0x53, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, - 0x45, 0x44, 0x10, 0x00, 0x12, 0x15, 0x0a, 0x11, 0x50, 0x4b, 0x43, 0x53, 0x31, 0x5f, 0x52, 0x53, - 0x41, 0x5f, 0x50, 0x4b, 0x43, 0x53, 0x31, 0x56, 0x35, 0x10, 0x01, 0x12, 0x11, 0x0a, 0x0d, 0x50, - 0x4b, 0x43, 0x53, 0x31, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x50, 0x53, 0x53, 0x10, 0x02, 0x12, 0x14, - 0x0a, 0x10, 0x50, 0x4b, 0x49, 0x58, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x50, 0x4b, 0x43, 0x53, 0x31, - 0x56, 0x35, 0x10, 0x03, 0x12, 0x10, 0x0a, 0x0c, 0x50, 0x4b, 0x49, 0x58, 0x5f, 0x52, 0x53, 0x41, - 0x5f, 0x50, 0x53, 0x53, 0x10, 0x04, 0x12, 0x1b, 0x0a, 0x17, 0x50, 0x4b, 0x49, 0x58, 0x5f, 0x45, - 0x43, 0x44, 0x53, 0x41, 0x5f, 0x50, 0x32, 0x35, 0x36, 0x5f, 0x53, 0x48, 0x41, 0x5f, 0x32, 0x35, - 0x36, 0x10, 0x05, 0x12, 0x20, 0x0a, 0x1c, 0x50, 0x4b, 0x49, 0x58, 0x5f, 0x45, 0x43, 0x44, 0x53, - 0x41, 0x5f, 0x50, 0x32, 0x35, 0x36, 0x5f, 0x48, 0x4d, 0x41, 0x43, 0x5f, 0x53, 0x48, 0x41, 0x5f, - 0x32, 0x35, 0x36, 0x10, 0x06, 0x12, 0x10, 0x0a, 0x0c, 0x50, 0x4b, 0x49, 0x58, 0x5f, 0x45, 0x44, - 0x32, 0x35, 0x35, 0x31, 0x39, 0x10, 0x07, 0x2a, 0x98, 0x02, 0x0a, 0x17, 0x4b, 0x6e, 0x6f, 0x77, - 0x6e, 0x53, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x41, 0x6c, 0x67, 0x6f, 0x72, 0x69, - 0x74, 0x68, 0x6d, 0x12, 0x29, 0x0a, 0x25, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x5f, 0x53, 0x49, 0x47, - 0x4e, 0x41, 0x54, 0x55, 0x52, 0x45, 0x5f, 0x41, 0x4c, 0x47, 0x4f, 0x52, 0x49, 0x54, 0x48, 0x4d, - 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x1e, - 0x0a, 0x1a, 0x52, 0x53, 0x41, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x5f, 0x50, 0x4b, 0x43, 0x53, 0x31, - 0x5f, 0x32, 0x30, 0x34, 0x38, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x10, 0x01, 0x12, 0x1e, - 0x0a, 0x1a, 0x52, 0x53, 0x41, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x5f, 0x50, 0x4b, 0x43, 0x53, 0x31, - 0x5f, 0x33, 0x30, 0x37, 0x32, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x10, 0x02, 0x12, 0x1e, - 0x0a, 0x1a, 0x52, 0x53, 0x41, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x5f, 0x50, 0x4b, 0x43, 0x53, 0x31, - 0x5f, 0x34, 0x30, 0x39, 0x36, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x10, 0x03, 0x12, 0x1b, - 0x0a, 0x17, 0x45, 0x43, 0x44, 0x53, 0x41, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x5f, 0x32, 0x35, 0x36, - 0x5f, 0x4e, 0x49, 0x53, 0x54, 0x50, 0x32, 0x35, 0x36, 0x10, 0x04, 0x12, 0x1b, 0x0a, 0x17, 0x45, - 0x43, 0x44, 0x53, 0x41, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x5f, 0x33, 0x38, 0x34, 0x5f, 0x4e, 0x49, - 0x53, 0x54, 0x50, 0x33, 0x38, 0x34, 0x10, 0x05, 0x12, 0x1b, 0x0a, 0x17, 0x45, 0x43, 0x44, 0x53, - 0x41, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x5f, 0x35, 0x31, 0x32, 0x5f, 0x4e, 0x49, 0x53, 0x54, 0x50, - 0x35, 0x32, 0x31, 0x10, 0x06, 0x12, 0x0b, 0x0a, 0x07, 0x45, 0x44, 0x32, 0x35, 0x35, 0x31, 0x39, - 0x10, 0x07, 0x12, 0x0e, 0x0a, 0x0a, 0x45, 0x44, 0x32, 0x35, 0x35, 0x31, 0x39, 0x5f, 0x50, 0x48, - 0x10, 0x08, 0x2a, 0x6f, 0x0a, 0x1a, 0x53, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x41, 0x6c, 0x74, - 0x65, 0x72, 0x6e, 0x61, 0x74, 0x69, 0x76, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x54, 0x79, 0x70, 0x65, - 0x12, 0x2d, 0x0a, 0x29, 0x53, 0x55, 0x42, 0x4a, 0x45, 0x43, 0x54, 0x5f, 0x41, 0x4c, 0x54, 0x45, - 0x52, 0x4e, 0x41, 0x54, 0x49, 0x56, 0x45, 0x5f, 0x4e, 0x41, 0x4d, 0x45, 0x5f, 0x54, 0x59, 0x50, - 0x45, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, - 0x09, 0x0a, 0x05, 0x45, 0x4d, 0x41, 0x49, 0x4c, 0x10, 0x01, 0x12, 0x07, 0x0a, 0x03, 0x55, 0x52, - 0x49, 0x10, 0x02, 0x12, 0x0e, 0x0a, 0x0a, 0x4f, 0x54, 0x48, 0x45, 0x52, 0x5f, 0x4e, 0x41, 0x4d, - 0x45, 0x10, 0x03, 0x42, 0x7c, 0x0a, 0x1c, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, - 0x6f, 0x72, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, - 0x2e, 0x76, 0x31, 0x42, 0x0b, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x50, 0x72, 0x6f, 0x74, 0x6f, - 0x50, 0x01, 0x5a, 0x36, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x73, - 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, - 0x2d, 0x73, 0x70, 0x65, 0x63, 0x73, 0x2f, 0x67, 0x65, 0x6e, 0x2f, 0x70, 0x62, 0x2d, 0x67, 0x6f, - 0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2f, 0x76, 0x31, 0xea, 0x02, 0x14, 0x53, 0x69, 0x67, - 0x73, 0x74, 0x6f, 0x72, 0x65, 0x3a, 0x3a, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x3a, 0x3a, 0x56, - 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x08, 0x53, 0x48, 0x41, 0x32, 0x5f, 0x32, 0x35, 0x36, 0x10, 0x01, 0x12, 0x10, 0x0a, 0x0c, 0x53, + 0x48, 0x41, 0x32, 0x5f, 0x32, 0x35, 0x36, 0x5f, 0x31, 0x39, 0x32, 0x10, 0x02, 0x12, 0x0c, 0x0a, + 0x08, 0x53, 0x48, 0x41, 0x32, 0x5f, 0x35, 0x31, 0x32, 0x10, 0x03, 0x12, 0x0c, 0x0a, 0x08, 0x53, + 0x48, 0x41, 0x33, 0x5f, 0x32, 0x35, 0x36, 0x10, 0x04, 0x12, 0x0c, 0x0a, 0x08, 0x53, 0x48, 0x41, + 0x33, 0x5f, 0x33, 0x38, 0x34, 0x10, 0x05, 0x2a, 0xd9, 0x01, 0x0a, 0x10, 0x50, 0x75, 0x62, 0x6c, + 0x69, 0x63, 0x4b, 0x65, 0x79, 0x44, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x12, 0x22, 0x0a, 0x1e, + 0x50, 0x55, 0x42, 0x4c, 0x49, 0x43, 0x5f, 0x4b, 0x45, 0x59, 0x5f, 0x44, 0x45, 0x54, 0x41, 0x49, + 0x4c, 0x53, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, + 0x12, 0x15, 0x0a, 0x11, 0x50, 0x4b, 0x43, 0x53, 0x31, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x50, 0x4b, + 0x43, 0x53, 0x31, 0x56, 0x35, 0x10, 0x01, 0x12, 0x11, 0x0a, 0x0d, 0x50, 0x4b, 0x43, 0x53, 0x31, + 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x50, 0x53, 0x53, 0x10, 0x02, 0x12, 0x14, 0x0a, 0x10, 0x50, 0x4b, + 0x49, 0x58, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x50, 0x4b, 0x43, 0x53, 0x31, 0x56, 0x35, 0x10, 0x03, + 0x12, 0x10, 0x0a, 0x0c, 0x50, 0x4b, 0x49, 0x58, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x50, 0x53, 0x53, + 0x10, 0x04, 0x12, 0x1b, 0x0a, 0x17, 0x50, 0x4b, 0x49, 0x58, 0x5f, 0x45, 0x43, 0x44, 0x53, 0x41, + 0x5f, 0x50, 0x32, 0x35, 0x36, 0x5f, 0x53, 0x48, 0x41, 0x5f, 0x32, 0x35, 0x36, 0x10, 0x05, 0x12, + 0x20, 0x0a, 0x1c, 0x50, 0x4b, 0x49, 0x58, 0x5f, 0x45, 0x43, 0x44, 0x53, 0x41, 0x5f, 0x50, 0x32, + 0x35, 0x36, 0x5f, 0x48, 0x4d, 0x41, 0x43, 0x5f, 0x53, 0x48, 0x41, 0x5f, 0x32, 0x35, 0x36, 0x10, + 0x06, 0x12, 0x10, 0x0a, 0x0c, 0x50, 0x4b, 0x49, 0x58, 0x5f, 0x45, 0x44, 0x32, 0x35, 0x35, 0x31, + 0x39, 0x10, 0x07, 0x2a, 0x98, 0x02, 0x0a, 0x17, 0x4b, 0x6e, 0x6f, 0x77, 0x6e, 0x53, 0x69, 0x67, + 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x41, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, 0x12, + 0x29, 0x0a, 0x25, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x41, 0x54, 0x55, + 0x52, 0x45, 0x5f, 0x41, 0x4c, 0x47, 0x4f, 0x52, 0x49, 0x54, 0x48, 0x4d, 0x5f, 0x55, 0x4e, 0x53, + 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x1e, 0x0a, 0x1a, 0x52, 0x53, + 0x41, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x5f, 0x50, 0x4b, 0x43, 0x53, 0x31, 0x5f, 0x32, 0x30, 0x34, + 0x38, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x10, 0x01, 0x12, 0x1e, 0x0a, 0x1a, 0x52, 0x53, + 0x41, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x5f, 0x50, 0x4b, 0x43, 0x53, 0x31, 0x5f, 0x33, 0x30, 0x37, + 0x32, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x10, 0x02, 0x12, 0x1e, 0x0a, 0x1a, 0x52, 0x53, + 0x41, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x5f, 0x50, 0x4b, 0x43, 0x53, 0x31, 0x5f, 0x34, 0x30, 0x39, + 0x36, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x10, 0x03, 0x12, 0x1b, 0x0a, 0x17, 0x45, 0x43, + 0x44, 0x53, 0x41, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x5f, 0x32, 0x35, 0x36, 0x5f, 0x4e, 0x49, 0x53, + 0x54, 0x50, 0x32, 0x35, 0x36, 0x10, 0x04, 0x12, 0x1b, 0x0a, 0x17, 0x45, 0x43, 0x44, 0x53, 0x41, + 0x5f, 0x53, 0x48, 0x41, 0x32, 0x5f, 0x33, 0x38, 0x34, 0x5f, 0x4e, 0x49, 0x53, 0x54, 0x50, 0x33, + 0x38, 0x34, 0x10, 0x05, 0x12, 0x1b, 0x0a, 0x17, 0x45, 0x43, 0x44, 0x53, 0x41, 0x5f, 0x53, 0x48, + 0x41, 0x32, 0x5f, 0x35, 0x31, 0x32, 0x5f, 0x4e, 0x49, 0x53, 0x54, 0x50, 0x35, 0x32, 0x31, 0x10, + 0x06, 0x12, 0x0b, 0x0a, 0x07, 0x45, 0x44, 0x32, 0x35, 0x35, 0x31, 0x39, 0x10, 0x07, 0x12, 0x0e, + 0x0a, 0x0a, 0x45, 0x44, 0x32, 0x35, 0x35, 0x31, 0x39, 0x5f, 0x50, 0x48, 0x10, 0x08, 0x2a, 0x6f, + 0x0a, 0x1a, 0x53, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x41, 0x6c, 0x74, 0x65, 0x72, 0x6e, 0x61, + 0x74, 0x69, 0x76, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x54, 0x79, 0x70, 0x65, 0x12, 0x2d, 0x0a, 0x29, + 0x53, 0x55, 0x42, 0x4a, 0x45, 0x43, 0x54, 0x5f, 0x41, 0x4c, 0x54, 0x45, 0x52, 0x4e, 0x41, 0x54, + 0x49, 0x56, 0x45, 0x5f, 0x4e, 0x41, 0x4d, 0x45, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x55, 0x4e, + 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x09, 0x0a, 0x05, 0x45, + 0x4d, 0x41, 0x49, 0x4c, 0x10, 0x01, 0x12, 0x07, 0x0a, 0x03, 0x55, 0x52, 0x49, 0x10, 0x02, 0x12, + 0x0e, 0x0a, 0x0a, 0x4f, 0x54, 0x48, 0x45, 0x52, 0x5f, 0x4e, 0x41, 0x4d, 0x45, 0x10, 0x03, 0x42, + 0x7c, 0x0a, 0x1c, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x42, + 0x0b, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x36, + 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x73, 0x69, 0x67, 0x73, 0x74, + 0x6f, 0x72, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2d, 0x73, 0x70, 0x65, + 0x63, 0x73, 0x2f, 0x67, 0x65, 0x6e, 0x2f, 0x70, 0x62, 0x2d, 0x67, 0x6f, 0x2f, 0x63, 0x6f, 0x6d, + 0x6d, 0x6f, 0x6e, 0x2f, 0x76, 0x31, 0xea, 0x02, 0x14, 0x53, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, + 0x65, 0x3a, 0x3a, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x3a, 0x3a, 0x56, 0x31, 0x62, 0x06, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( diff --git a/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/common/v1/__init__.py b/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/common/v1/__init__.py index dd8a9819..5bda58fd 100644 --- a/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/common/v1/__init__.py +++ b/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/common/v1/__init__.py @@ -23,6 +23,10 @@ class HashAlgorithm(betterproto.Enum): HASH_ALGORITHM_UNSPECIFIED = 0 SHA2_256 = 1 + SHA2_256_192 = 2 + SHA2_512 = 3 + SHA3_256 = 4 + SHA3_384 = 5 class PublicKeyDetails(betterproto.Enum): diff --git a/gen/pb-ruby/lib/sigstore_common_pb.rb b/gen/pb-ruby/lib/sigstore_common_pb.rb index 280a9df6..ec3aebee 100644 --- a/gen/pb-ruby/lib/sigstore_common_pb.rb +++ b/gen/pb-ruby/lib/sigstore_common_pb.rb @@ -61,6 +61,10 @@ add_enum "dev.sigstore.common.v1.HashAlgorithm" do value :HASH_ALGORITHM_UNSPECIFIED, 0 value :SHA2_256, 1 + value :SHA2_256_192, 2 + value :SHA2_512, 3 + value :SHA3_256, 4 + value :SHA3_384, 5 end add_enum "dev.sigstore.common.v1.PublicKeyDetails" do value :PUBLIC_KEY_DETAILS_UNSPECIFIED, 0 diff --git a/gen/pb-rust/schemas/Bundle.schema.json b/gen/pb-rust/schemas/Bundle.schema.json index fb44fade..71751b2b 100644 --- a/gen/pb-rust/schemas/Bundle.schema.json +++ b/gen/pb-rust/schemas/Bundle.schema.json @@ -101,7 +101,11 @@ "algorithm": { "enum": [ "HASH_ALGORITHM_UNSPECIFIED", - "SHA2_256" + "SHA2_256", + "SHA2_256_192", + "SHA2_512", + "SHA3_256", + "SHA3_384" ], "type": "string", "title": "This package defines commonly used message types within the Sigstore\n community.", diff --git a/gen/pb-rust/schemas/HashOutput.schema.json b/gen/pb-rust/schemas/HashOutput.schema.json index ff72ba45..c67f27b3 100644 --- a/gen/pb-rust/schemas/HashOutput.schema.json +++ b/gen/pb-rust/schemas/HashOutput.schema.json @@ -7,7 +7,11 @@ "algorithm": { "enum": [ "HASH_ALGORITHM_UNSPECIFIED", - "SHA2_256" + "SHA2_256", + "SHA2_256_192", + "SHA2_512", + "SHA3_256", + "SHA3_384" ], "type": "string", "title": "This package defines commonly used message types within the Sigstore\n community.", diff --git a/gen/pb-rust/schemas/Input.schema.json b/gen/pb-rust/schemas/Input.schema.json index b5fe5060..06f70ca5 100644 --- a/gen/pb-rust/schemas/Input.schema.json +++ b/gen/pb-rust/schemas/Input.schema.json @@ -147,7 +147,11 @@ "algorithm": { "enum": [ "HASH_ALGORITHM_UNSPECIFIED", - "SHA2_256" + "SHA2_256", + "SHA2_256_192", + "SHA2_512", + "SHA3_256", + "SHA3_384" ], "type": "string", "title": "This package defines commonly used message types within the Sigstore\n community.", @@ -543,7 +547,11 @@ "hashAlgorithm": { "enum": [ "HASH_ALGORITHM_UNSPECIFIED", - "SHA2_256" + "SHA2_256", + "SHA2_256_192", + "SHA2_512", + "SHA3_256", + "SHA3_384" ], "type": "string", "title": "This package defines commonly used message types within the Sigstore\n community.", diff --git a/gen/pb-rust/schemas/MessageSignature.schema.json b/gen/pb-rust/schemas/MessageSignature.schema.json index 37def2f2..99ad40e3 100644 --- a/gen/pb-rust/schemas/MessageSignature.schema.json +++ b/gen/pb-rust/schemas/MessageSignature.schema.json @@ -26,7 +26,11 @@ "algorithm": { "enum": [ "HASH_ALGORITHM_UNSPECIFIED", - "SHA2_256" + "SHA2_256", + "SHA2_256_192", + "SHA2_512", + "SHA3_256", + "SHA3_384" ], "type": "string", "title": "This package defines commonly used message types within the Sigstore\n community.", diff --git a/gen/pb-rust/schemas/TransparencyLogInstance.schema.json b/gen/pb-rust/schemas/TransparencyLogInstance.schema.json index 3c7e0d9a..b6d866d2 100644 --- a/gen/pb-rust/schemas/TransparencyLogInstance.schema.json +++ b/gen/pb-rust/schemas/TransparencyLogInstance.schema.json @@ -11,7 +11,11 @@ "hashAlgorithm": { "enum": [ "HASH_ALGORITHM_UNSPECIFIED", - "SHA2_256" + "SHA2_256", + "SHA2_256_192", + "SHA2_512", + "SHA3_256", + "SHA3_384" ], "type": "string", "title": "This package defines commonly used message types within the Sigstore\n community.", diff --git a/gen/pb-rust/schemas/TrustedRoot.schema.json b/gen/pb-rust/schemas/TrustedRoot.schema.json index 623a9911..d1fd4a4f 100644 --- a/gen/pb-rust/schemas/TrustedRoot.schema.json +++ b/gen/pb-rust/schemas/TrustedRoot.schema.json @@ -206,7 +206,11 @@ "hashAlgorithm": { "enum": [ "HASH_ALGORITHM_UNSPECIFIED", - "SHA2_256" + "SHA2_256", + "SHA2_256_192", + "SHA2_512", + "SHA3_256", + "SHA3_384" ], "type": "string", "title": "This package defines commonly used message types within the Sigstore\n community.", diff --git a/gen/pb-typescript/src/__generated__/sigstore_common.ts b/gen/pb-typescript/src/__generated__/sigstore_common.ts index e0f154d7..81c0b2c0 100644 --- a/gen/pb-typescript/src/__generated__/sigstore_common.ts +++ b/gen/pb-typescript/src/__generated__/sigstore_common.ts @@ -13,6 +13,10 @@ import { Timestamp } from "./google/protobuf/timestamp"; export enum HashAlgorithm { HASH_ALGORITHM_UNSPECIFIED = 0, SHA2_256 = 1, + SHA2_256_192 = 2, + SHA2_512 = 3, + SHA3_256 = 4, + SHA3_384 = 5, } export function hashAlgorithmFromJSON(object: any): HashAlgorithm { @@ -23,6 +27,18 @@ export function hashAlgorithmFromJSON(object: any): HashAlgorithm { case 1: case "SHA2_256": return HashAlgorithm.SHA2_256; + case 2: + case "SHA2_256_192": + return HashAlgorithm.SHA2_256_192; + case 3: + case "SHA2_512": + return HashAlgorithm.SHA2_512; + case 4: + case "SHA3_256": + return HashAlgorithm.SHA3_256; + case 5: + case "SHA3_384": + return HashAlgorithm.SHA3_384; default: throw new tsProtoGlobalThis.Error("Unrecognized enum value " + object + " for enum HashAlgorithm"); } @@ -34,6 +50,14 @@ export function hashAlgorithmToJSON(object: HashAlgorithm): string { return "HASH_ALGORITHM_UNSPECIFIED"; case HashAlgorithm.SHA2_256: return "SHA2_256"; + case HashAlgorithm.SHA2_256_192: + return "SHA2_256_192"; + case HashAlgorithm.SHA2_512: + return "SHA2_512"; + case HashAlgorithm.SHA3_256: + return "SHA3_256"; + case HashAlgorithm.SHA3_384: + return "SHA3_384"; default: throw new tsProtoGlobalThis.Error("Unrecognized enum value " + object + " for enum HashAlgorithm"); } diff --git a/protos/sigstore_common.proto b/protos/sigstore_common.proto index c9bc21e0..78f6bd00 100644 --- a/protos/sigstore_common.proto +++ b/protos/sigstore_common.proto @@ -37,6 +37,10 @@ option ruby_package = "Sigstore::Common::V1"; enum HashAlgorithm { HASH_ALGORITHM_UNSPECIFIED = 0; SHA2_256 = 1; + SHA2_256_192 = 2; + SHA2_512 = 3; + SHA3_256 = 4; + SHA3_384 = 5; } // Details of a specific public key, capturing the the key encoding method, From 40ea700f72b8b431eed6f8847e0fbeba75533747 Mon Sep 17 00:00:00 2001 From: William Woodruff Date: Wed, 17 Jan 2024 14:45:25 -0500 Subject: [PATCH 14/18] protos: indentation Signed-off-by: William Woodruff --- protos/sigstore_common.proto | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/protos/sigstore_common.proto b/protos/sigstore_common.proto index 78f6bd00..28931e41 100644 --- a/protos/sigstore_common.proto +++ b/protos/sigstore_common.proto @@ -82,9 +82,9 @@ message HashOutput { // See: docs/algorithm-registry.md enum KnownSignatureAlgorithm { KNOWN_SIGNATURE_ALGORITHM_UNSPECIFIED = 0; - RSA_SIGN_PKCS1_2048_SHA256 = 1; - RSA_SIGN_PKCS1_3072_SHA256 = 2; - RSA_SIGN_PKCS1_4096_SHA256 = 3; + RSA_SIGN_PKCS1_2048_SHA256 = 1; + RSA_SIGN_PKCS1_3072_SHA256 = 2; + RSA_SIGN_PKCS1_4096_SHA256 = 3; ECDSA_SHA2_256_NISTP256 = 4; ECDSA_SHA2_384_NISTP384 = 5; ECDSA_SHA2_512_NISTP521 = 6; From fe4aafbafa9c86913dfff08599bdede5e8dae2c5 Mon Sep 17 00:00:00 2001 From: William Woodruff Date: Wed, 17 Jan 2024 14:58:03 -0500 Subject: [PATCH 15/18] algorithm-registry: clarify the purpose of the Hash Algorithms table Signed-off-by: William Woodruff --- docs/algorithm-registry.md | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/docs/algorithm-registry.md b/docs/algorithm-registry.md index 15533d8f..e4de6b44 100644 --- a/docs/algorithm-registry.md +++ b/docs/algorithm-registry.md @@ -13,16 +13,6 @@ a secure set of defaults that the community can follow. Refer to the [Sigstore: Configurable Crypto Algorithms](https://docs.google.com/document/d/18vTKFvTQdRt3OGz6Qd1xf04o-hugRYSup-1EAOWn7MQ/) specification for the design rationale for this registry. -## Hash Algorithms - -| Algorithm | Name | -|-----------|--------------| -| SHA2 | sha2-256 | -| | sha2-256/192 | -| | sha2-384 | -| SHA3 | sha3-256 | -| | sha3-384 | - ## Signature Algorithms | Algorithm | Name | Usage | @@ -35,3 +25,17 @@ specification for the design rationale for this registry. | | ecdsa-sha2-512-nistp521 | sign/verify | | EdDSA | ed25519 | sign/verify | | | ed25519-ph | sign/verify (recommended only for `hashedrekord`) | + +## Hash Algorithms + +Generally speaking, these hash algorithms are implied by the above signing suites. +However, clients *may* need to list or configure them explicitly, e.g. for custom +signing schemes or as part of a `hashedrekord` entry. + +| Algorithm | Name | +|-----------|--------------| +| SHA2 | sha2-256 | +| | sha2-256/192 | +| | sha2-384 | +| SHA3 | sha3-256 | +| | sha3-384 | From 10fb943f899ee095352182ce51c5c78716c90706 Mon Sep 17 00:00:00 2001 From: William Woodruff Date: Wed, 17 Jan 2024 17:57:06 -0500 Subject: [PATCH 16/18] algorithm-registry: add sha2-512 Signed-off-by: William Woodruff --- docs/algorithm-registry.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/algorithm-registry.md b/docs/algorithm-registry.md index e4de6b44..e462ebe1 100644 --- a/docs/algorithm-registry.md +++ b/docs/algorithm-registry.md @@ -37,5 +37,6 @@ signing schemes or as part of a `hashedrekord` entry. | SHA2 | sha2-256 | | | sha2-256/192 | | | sha2-384 | +| | sha2-512 | | SHA3 | sha3-256 | | | sha3-384 | From b46b70c8bafa9dd30dcaf41f52fea1efc8c21b32 Mon Sep 17 00:00:00 2001 From: William Woodruff Date: Wed, 17 Jan 2024 17:57:37 -0500 Subject: [PATCH 17/18] algorithm-registry: omit sha2-256/192 Signed-off-by: William Woodruff --- docs/algorithm-registry.md | 1 - 1 file changed, 1 deletion(-) diff --git a/docs/algorithm-registry.md b/docs/algorithm-registry.md index e462ebe1..e7e54da2 100644 --- a/docs/algorithm-registry.md +++ b/docs/algorithm-registry.md @@ -35,7 +35,6 @@ signing schemes or as part of a `hashedrekord` entry. | Algorithm | Name | |-----------|--------------| | SHA2 | sha2-256 | -| | sha2-256/192 | | | sha2-384 | | | sha2-512 | | SHA3 | sha3-256 | From a6b56fb70802ada456888c94c7c16e351b5268fe Mon Sep 17 00:00:00 2001 From: William Woodruff Date: Wed, 17 Jan 2024 17:59:19 -0500 Subject: [PATCH 18/18] switcheroo Signed-off-by: William Woodruff --- gen/jsonschema/schemas/Bundle.schema.json | 2 +- gen/jsonschema/schemas/HashOutput.schema.json | 2 +- gen/jsonschema/schemas/Input.schema.json | 4 +- .../schemas/MessageSignature.schema.json | 2 +- .../TransparencyLogInstance.schema.json | 2 +- .../schemas/TrustedRoot.schema.json | 2 +- gen/pb-go/common/v1/sigstore_common.pb.go | 112 +++++++++--------- .../dev/sigstore/common/v1/__init__.py | 2 +- gen/pb-ruby/lib/sigstore_common_pb.rb | 2 +- gen/pb-rust/schemas/Bundle.schema.json | 2 +- gen/pb-rust/schemas/HashOutput.schema.json | 2 +- gen/pb-rust/schemas/Input.schema.json | 4 +- .../schemas/MessageSignature.schema.json | 2 +- .../TransparencyLogInstance.schema.json | 2 +- gen/pb-rust/schemas/TrustedRoot.schema.json | 2 +- .../src/__generated__/sigstore_common.ts | 10 +- protos/sigstore_common.proto | 2 +- 17 files changed, 78 insertions(+), 78 deletions(-) diff --git a/gen/jsonschema/schemas/Bundle.schema.json b/gen/jsonschema/schemas/Bundle.schema.json index 71751b2b..ca13f0c0 100644 --- a/gen/jsonschema/schemas/Bundle.schema.json +++ b/gen/jsonschema/schemas/Bundle.schema.json @@ -102,7 +102,7 @@ "enum": [ "HASH_ALGORITHM_UNSPECIFIED", "SHA2_256", - "SHA2_256_192", + "SHA2_384", "SHA2_512", "SHA3_256", "SHA3_384" diff --git a/gen/jsonschema/schemas/HashOutput.schema.json b/gen/jsonschema/schemas/HashOutput.schema.json index c67f27b3..ca1f0413 100644 --- a/gen/jsonschema/schemas/HashOutput.schema.json +++ b/gen/jsonschema/schemas/HashOutput.schema.json @@ -8,7 +8,7 @@ "enum": [ "HASH_ALGORITHM_UNSPECIFIED", "SHA2_256", - "SHA2_256_192", + "SHA2_384", "SHA2_512", "SHA3_256", "SHA3_384" diff --git a/gen/jsonschema/schemas/Input.schema.json b/gen/jsonschema/schemas/Input.schema.json index 06f70ca5..a45be666 100644 --- a/gen/jsonschema/schemas/Input.schema.json +++ b/gen/jsonschema/schemas/Input.schema.json @@ -148,7 +148,7 @@ "enum": [ "HASH_ALGORITHM_UNSPECIFIED", "SHA2_256", - "SHA2_256_192", + "SHA2_384", "SHA2_512", "SHA3_256", "SHA3_384" @@ -548,7 +548,7 @@ "enum": [ "HASH_ALGORITHM_UNSPECIFIED", "SHA2_256", - "SHA2_256_192", + "SHA2_384", "SHA2_512", "SHA3_256", "SHA3_384" diff --git a/gen/jsonschema/schemas/MessageSignature.schema.json b/gen/jsonschema/schemas/MessageSignature.schema.json index 99ad40e3..afb66873 100644 --- a/gen/jsonschema/schemas/MessageSignature.schema.json +++ b/gen/jsonschema/schemas/MessageSignature.schema.json @@ -27,7 +27,7 @@ "enum": [ "HASH_ALGORITHM_UNSPECIFIED", "SHA2_256", - "SHA2_256_192", + "SHA2_384", "SHA2_512", "SHA3_256", "SHA3_384" diff --git a/gen/jsonschema/schemas/TransparencyLogInstance.schema.json b/gen/jsonschema/schemas/TransparencyLogInstance.schema.json index b6d866d2..08358780 100644 --- a/gen/jsonschema/schemas/TransparencyLogInstance.schema.json +++ b/gen/jsonschema/schemas/TransparencyLogInstance.schema.json @@ -12,7 +12,7 @@ "enum": [ "HASH_ALGORITHM_UNSPECIFIED", "SHA2_256", - "SHA2_256_192", + "SHA2_384", "SHA2_512", "SHA3_256", "SHA3_384" diff --git a/gen/jsonschema/schemas/TrustedRoot.schema.json b/gen/jsonschema/schemas/TrustedRoot.schema.json index d1fd4a4f..684977a3 100644 --- a/gen/jsonschema/schemas/TrustedRoot.schema.json +++ b/gen/jsonschema/schemas/TrustedRoot.schema.json @@ -207,7 +207,7 @@ "enum": [ "HASH_ALGORITHM_UNSPECIFIED", "SHA2_256", - "SHA2_256_192", + "SHA2_384", "SHA2_512", "SHA3_256", "SHA3_384" diff --git a/gen/pb-go/common/v1/sigstore_common.pb.go b/gen/pb-go/common/v1/sigstore_common.pb.go index 068ac4b5..e2155937 100644 --- a/gen/pb-go/common/v1/sigstore_common.pb.go +++ b/gen/pb-go/common/v1/sigstore_common.pb.go @@ -48,7 +48,7 @@ type HashAlgorithm int32 const ( HashAlgorithm_HASH_ALGORITHM_UNSPECIFIED HashAlgorithm = 0 HashAlgorithm_SHA2_256 HashAlgorithm = 1 - HashAlgorithm_SHA2_256_192 HashAlgorithm = 2 + HashAlgorithm_SHA2_384 HashAlgorithm = 2 HashAlgorithm_SHA2_512 HashAlgorithm = 3 HashAlgorithm_SHA3_256 HashAlgorithm = 4 HashAlgorithm_SHA3_384 HashAlgorithm = 5 @@ -59,7 +59,7 @@ var ( HashAlgorithm_name = map[int32]string{ 0: "HASH_ALGORITHM_UNSPECIFIED", 1: "SHA2_256", - 2: "SHA2_256_192", + 2: "SHA2_384", 3: "SHA2_512", 4: "SHA3_256", 5: "SHA3_384", @@ -67,7 +67,7 @@ var ( HashAlgorithm_value = map[string]int32{ "HASH_ALGORITHM_UNSPECIFIED": 0, "SHA2_256": 1, - "SHA2_256_192": 2, + "SHA2_384": 2, "SHA2_512": 3, "SHA3_256": 4, "SHA3_384": 5, @@ -1170,62 +1170,62 @@ var file_sigstore_common_proto_rawDesc = []byte{ 0x74, 0x12, 0x31, 0x0a, 0x03, 0x65, 0x6e, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x48, 0x00, 0x52, 0x03, 0x65, 0x6e, - 0x64, 0x88, 0x01, 0x01, 0x42, 0x06, 0x0a, 0x04, 0x5f, 0x65, 0x6e, 0x64, 0x2a, 0x79, 0x0a, 0x0d, + 0x64, 0x88, 0x01, 0x01, 0x42, 0x06, 0x0a, 0x04, 0x5f, 0x65, 0x6e, 0x64, 0x2a, 0x75, 0x0a, 0x0d, 0x48, 0x61, 0x73, 0x68, 0x41, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, 0x12, 0x1e, 0x0a, 0x1a, 0x48, 0x41, 0x53, 0x48, 0x5f, 0x41, 0x4c, 0x47, 0x4f, 0x52, 0x49, 0x54, 0x48, 0x4d, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x0c, 0x0a, - 0x08, 0x53, 0x48, 0x41, 0x32, 0x5f, 0x32, 0x35, 0x36, 0x10, 0x01, 0x12, 0x10, 0x0a, 0x0c, 0x53, - 0x48, 0x41, 0x32, 0x5f, 0x32, 0x35, 0x36, 0x5f, 0x31, 0x39, 0x32, 0x10, 0x02, 0x12, 0x0c, 0x0a, - 0x08, 0x53, 0x48, 0x41, 0x32, 0x5f, 0x35, 0x31, 0x32, 0x10, 0x03, 0x12, 0x0c, 0x0a, 0x08, 0x53, - 0x48, 0x41, 0x33, 0x5f, 0x32, 0x35, 0x36, 0x10, 0x04, 0x12, 0x0c, 0x0a, 0x08, 0x53, 0x48, 0x41, - 0x33, 0x5f, 0x33, 0x38, 0x34, 0x10, 0x05, 0x2a, 0xd9, 0x01, 0x0a, 0x10, 0x50, 0x75, 0x62, 0x6c, - 0x69, 0x63, 0x4b, 0x65, 0x79, 0x44, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x12, 0x22, 0x0a, 0x1e, - 0x50, 0x55, 0x42, 0x4c, 0x49, 0x43, 0x5f, 0x4b, 0x45, 0x59, 0x5f, 0x44, 0x45, 0x54, 0x41, 0x49, - 0x4c, 0x53, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, - 0x12, 0x15, 0x0a, 0x11, 0x50, 0x4b, 0x43, 0x53, 0x31, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x50, 0x4b, - 0x43, 0x53, 0x31, 0x56, 0x35, 0x10, 0x01, 0x12, 0x11, 0x0a, 0x0d, 0x50, 0x4b, 0x43, 0x53, 0x31, - 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x50, 0x53, 0x53, 0x10, 0x02, 0x12, 0x14, 0x0a, 0x10, 0x50, 0x4b, - 0x49, 0x58, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x50, 0x4b, 0x43, 0x53, 0x31, 0x56, 0x35, 0x10, 0x03, - 0x12, 0x10, 0x0a, 0x0c, 0x50, 0x4b, 0x49, 0x58, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x50, 0x53, 0x53, - 0x10, 0x04, 0x12, 0x1b, 0x0a, 0x17, 0x50, 0x4b, 0x49, 0x58, 0x5f, 0x45, 0x43, 0x44, 0x53, 0x41, - 0x5f, 0x50, 0x32, 0x35, 0x36, 0x5f, 0x53, 0x48, 0x41, 0x5f, 0x32, 0x35, 0x36, 0x10, 0x05, 0x12, - 0x20, 0x0a, 0x1c, 0x50, 0x4b, 0x49, 0x58, 0x5f, 0x45, 0x43, 0x44, 0x53, 0x41, 0x5f, 0x50, 0x32, - 0x35, 0x36, 0x5f, 0x48, 0x4d, 0x41, 0x43, 0x5f, 0x53, 0x48, 0x41, 0x5f, 0x32, 0x35, 0x36, 0x10, - 0x06, 0x12, 0x10, 0x0a, 0x0c, 0x50, 0x4b, 0x49, 0x58, 0x5f, 0x45, 0x44, 0x32, 0x35, 0x35, 0x31, - 0x39, 0x10, 0x07, 0x2a, 0x98, 0x02, 0x0a, 0x17, 0x4b, 0x6e, 0x6f, 0x77, 0x6e, 0x53, 0x69, 0x67, - 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x41, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, 0x12, - 0x29, 0x0a, 0x25, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x41, 0x54, 0x55, - 0x52, 0x45, 0x5f, 0x41, 0x4c, 0x47, 0x4f, 0x52, 0x49, 0x54, 0x48, 0x4d, 0x5f, 0x55, 0x4e, 0x53, - 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x1e, 0x0a, 0x1a, 0x52, 0x53, - 0x41, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x5f, 0x50, 0x4b, 0x43, 0x53, 0x31, 0x5f, 0x32, 0x30, 0x34, - 0x38, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x10, 0x01, 0x12, 0x1e, 0x0a, 0x1a, 0x52, 0x53, - 0x41, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x5f, 0x50, 0x4b, 0x43, 0x53, 0x31, 0x5f, 0x33, 0x30, 0x37, - 0x32, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x10, 0x02, 0x12, 0x1e, 0x0a, 0x1a, 0x52, 0x53, - 0x41, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x5f, 0x50, 0x4b, 0x43, 0x53, 0x31, 0x5f, 0x34, 0x30, 0x39, - 0x36, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x10, 0x03, 0x12, 0x1b, 0x0a, 0x17, 0x45, 0x43, - 0x44, 0x53, 0x41, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x5f, 0x32, 0x35, 0x36, 0x5f, 0x4e, 0x49, 0x53, - 0x54, 0x50, 0x32, 0x35, 0x36, 0x10, 0x04, 0x12, 0x1b, 0x0a, 0x17, 0x45, 0x43, 0x44, 0x53, 0x41, - 0x5f, 0x53, 0x48, 0x41, 0x32, 0x5f, 0x33, 0x38, 0x34, 0x5f, 0x4e, 0x49, 0x53, 0x54, 0x50, 0x33, - 0x38, 0x34, 0x10, 0x05, 0x12, 0x1b, 0x0a, 0x17, 0x45, 0x43, 0x44, 0x53, 0x41, 0x5f, 0x53, 0x48, - 0x41, 0x32, 0x5f, 0x35, 0x31, 0x32, 0x5f, 0x4e, 0x49, 0x53, 0x54, 0x50, 0x35, 0x32, 0x31, 0x10, - 0x06, 0x12, 0x0b, 0x0a, 0x07, 0x45, 0x44, 0x32, 0x35, 0x35, 0x31, 0x39, 0x10, 0x07, 0x12, 0x0e, - 0x0a, 0x0a, 0x45, 0x44, 0x32, 0x35, 0x35, 0x31, 0x39, 0x5f, 0x50, 0x48, 0x10, 0x08, 0x2a, 0x6f, - 0x0a, 0x1a, 0x53, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x41, 0x6c, 0x74, 0x65, 0x72, 0x6e, 0x61, - 0x74, 0x69, 0x76, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x54, 0x79, 0x70, 0x65, 0x12, 0x2d, 0x0a, 0x29, - 0x53, 0x55, 0x42, 0x4a, 0x45, 0x43, 0x54, 0x5f, 0x41, 0x4c, 0x54, 0x45, 0x52, 0x4e, 0x41, 0x54, - 0x49, 0x56, 0x45, 0x5f, 0x4e, 0x41, 0x4d, 0x45, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x55, 0x4e, - 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x09, 0x0a, 0x05, 0x45, - 0x4d, 0x41, 0x49, 0x4c, 0x10, 0x01, 0x12, 0x07, 0x0a, 0x03, 0x55, 0x52, 0x49, 0x10, 0x02, 0x12, - 0x0e, 0x0a, 0x0a, 0x4f, 0x54, 0x48, 0x45, 0x52, 0x5f, 0x4e, 0x41, 0x4d, 0x45, 0x10, 0x03, 0x42, - 0x7c, 0x0a, 0x1c, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x42, - 0x0b, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x36, - 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x73, 0x69, 0x67, 0x73, 0x74, - 0x6f, 0x72, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2d, 0x73, 0x70, 0x65, - 0x63, 0x73, 0x2f, 0x67, 0x65, 0x6e, 0x2f, 0x70, 0x62, 0x2d, 0x67, 0x6f, 0x2f, 0x63, 0x6f, 0x6d, - 0x6d, 0x6f, 0x6e, 0x2f, 0x76, 0x31, 0xea, 0x02, 0x14, 0x53, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, - 0x65, 0x3a, 0x3a, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x3a, 0x3a, 0x56, 0x31, 0x62, 0x06, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x08, 0x53, 0x48, 0x41, 0x32, 0x5f, 0x32, 0x35, 0x36, 0x10, 0x01, 0x12, 0x0c, 0x0a, 0x08, 0x53, + 0x48, 0x41, 0x32, 0x5f, 0x33, 0x38, 0x34, 0x10, 0x02, 0x12, 0x0c, 0x0a, 0x08, 0x53, 0x48, 0x41, + 0x32, 0x5f, 0x35, 0x31, 0x32, 0x10, 0x03, 0x12, 0x0c, 0x0a, 0x08, 0x53, 0x48, 0x41, 0x33, 0x5f, + 0x32, 0x35, 0x36, 0x10, 0x04, 0x12, 0x0c, 0x0a, 0x08, 0x53, 0x48, 0x41, 0x33, 0x5f, 0x33, 0x38, + 0x34, 0x10, 0x05, 0x2a, 0xd9, 0x01, 0x0a, 0x10, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, + 0x79, 0x44, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x12, 0x22, 0x0a, 0x1e, 0x50, 0x55, 0x42, 0x4c, + 0x49, 0x43, 0x5f, 0x4b, 0x45, 0x59, 0x5f, 0x44, 0x45, 0x54, 0x41, 0x49, 0x4c, 0x53, 0x5f, 0x55, + 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x15, 0x0a, 0x11, + 0x50, 0x4b, 0x43, 0x53, 0x31, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x50, 0x4b, 0x43, 0x53, 0x31, 0x56, + 0x35, 0x10, 0x01, 0x12, 0x11, 0x0a, 0x0d, 0x50, 0x4b, 0x43, 0x53, 0x31, 0x5f, 0x52, 0x53, 0x41, + 0x5f, 0x50, 0x53, 0x53, 0x10, 0x02, 0x12, 0x14, 0x0a, 0x10, 0x50, 0x4b, 0x49, 0x58, 0x5f, 0x52, + 0x53, 0x41, 0x5f, 0x50, 0x4b, 0x43, 0x53, 0x31, 0x56, 0x35, 0x10, 0x03, 0x12, 0x10, 0x0a, 0x0c, + 0x50, 0x4b, 0x49, 0x58, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x50, 0x53, 0x53, 0x10, 0x04, 0x12, 0x1b, + 0x0a, 0x17, 0x50, 0x4b, 0x49, 0x58, 0x5f, 0x45, 0x43, 0x44, 0x53, 0x41, 0x5f, 0x50, 0x32, 0x35, + 0x36, 0x5f, 0x53, 0x48, 0x41, 0x5f, 0x32, 0x35, 0x36, 0x10, 0x05, 0x12, 0x20, 0x0a, 0x1c, 0x50, + 0x4b, 0x49, 0x58, 0x5f, 0x45, 0x43, 0x44, 0x53, 0x41, 0x5f, 0x50, 0x32, 0x35, 0x36, 0x5f, 0x48, + 0x4d, 0x41, 0x43, 0x5f, 0x53, 0x48, 0x41, 0x5f, 0x32, 0x35, 0x36, 0x10, 0x06, 0x12, 0x10, 0x0a, + 0x0c, 0x50, 0x4b, 0x49, 0x58, 0x5f, 0x45, 0x44, 0x32, 0x35, 0x35, 0x31, 0x39, 0x10, 0x07, 0x2a, + 0x98, 0x02, 0x0a, 0x17, 0x4b, 0x6e, 0x6f, 0x77, 0x6e, 0x53, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, + 0x72, 0x65, 0x41, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, 0x12, 0x29, 0x0a, 0x25, 0x4b, + 0x4e, 0x4f, 0x57, 0x4e, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x41, 0x54, 0x55, 0x52, 0x45, 0x5f, 0x41, + 0x4c, 0x47, 0x4f, 0x52, 0x49, 0x54, 0x48, 0x4d, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, + 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x1e, 0x0a, 0x1a, 0x52, 0x53, 0x41, 0x5f, 0x53, 0x49, + 0x47, 0x4e, 0x5f, 0x50, 0x4b, 0x43, 0x53, 0x31, 0x5f, 0x32, 0x30, 0x34, 0x38, 0x5f, 0x53, 0x48, + 0x41, 0x32, 0x35, 0x36, 0x10, 0x01, 0x12, 0x1e, 0x0a, 0x1a, 0x52, 0x53, 0x41, 0x5f, 0x53, 0x49, + 0x47, 0x4e, 0x5f, 0x50, 0x4b, 0x43, 0x53, 0x31, 0x5f, 0x33, 0x30, 0x37, 0x32, 0x5f, 0x53, 0x48, + 0x41, 0x32, 0x35, 0x36, 0x10, 0x02, 0x12, 0x1e, 0x0a, 0x1a, 0x52, 0x53, 0x41, 0x5f, 0x53, 0x49, + 0x47, 0x4e, 0x5f, 0x50, 0x4b, 0x43, 0x53, 0x31, 0x5f, 0x34, 0x30, 0x39, 0x36, 0x5f, 0x53, 0x48, + 0x41, 0x32, 0x35, 0x36, 0x10, 0x03, 0x12, 0x1b, 0x0a, 0x17, 0x45, 0x43, 0x44, 0x53, 0x41, 0x5f, + 0x53, 0x48, 0x41, 0x32, 0x5f, 0x32, 0x35, 0x36, 0x5f, 0x4e, 0x49, 0x53, 0x54, 0x50, 0x32, 0x35, + 0x36, 0x10, 0x04, 0x12, 0x1b, 0x0a, 0x17, 0x45, 0x43, 0x44, 0x53, 0x41, 0x5f, 0x53, 0x48, 0x41, + 0x32, 0x5f, 0x33, 0x38, 0x34, 0x5f, 0x4e, 0x49, 0x53, 0x54, 0x50, 0x33, 0x38, 0x34, 0x10, 0x05, + 0x12, 0x1b, 0x0a, 0x17, 0x45, 0x43, 0x44, 0x53, 0x41, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x5f, 0x35, + 0x31, 0x32, 0x5f, 0x4e, 0x49, 0x53, 0x54, 0x50, 0x35, 0x32, 0x31, 0x10, 0x06, 0x12, 0x0b, 0x0a, + 0x07, 0x45, 0x44, 0x32, 0x35, 0x35, 0x31, 0x39, 0x10, 0x07, 0x12, 0x0e, 0x0a, 0x0a, 0x45, 0x44, + 0x32, 0x35, 0x35, 0x31, 0x39, 0x5f, 0x50, 0x48, 0x10, 0x08, 0x2a, 0x6f, 0x0a, 0x1a, 0x53, 0x75, + 0x62, 0x6a, 0x65, 0x63, 0x74, 0x41, 0x6c, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x74, 0x69, 0x76, 0x65, + 0x4e, 0x61, 0x6d, 0x65, 0x54, 0x79, 0x70, 0x65, 0x12, 0x2d, 0x0a, 0x29, 0x53, 0x55, 0x42, 0x4a, + 0x45, 0x43, 0x54, 0x5f, 0x41, 0x4c, 0x54, 0x45, 0x52, 0x4e, 0x41, 0x54, 0x49, 0x56, 0x45, 0x5f, + 0x4e, 0x41, 0x4d, 0x45, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, + 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x09, 0x0a, 0x05, 0x45, 0x4d, 0x41, 0x49, 0x4c, + 0x10, 0x01, 0x12, 0x07, 0x0a, 0x03, 0x55, 0x52, 0x49, 0x10, 0x02, 0x12, 0x0e, 0x0a, 0x0a, 0x4f, + 0x54, 0x48, 0x45, 0x52, 0x5f, 0x4e, 0x41, 0x4d, 0x45, 0x10, 0x03, 0x42, 0x7c, 0x0a, 0x1c, 0x64, + 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x42, 0x0b, 0x43, 0x6f, 0x6d, + 0x6d, 0x6f, 0x6e, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x36, 0x67, 0x69, 0x74, 0x68, + 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2f, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2d, 0x73, 0x70, 0x65, 0x63, 0x73, 0x2f, 0x67, + 0x65, 0x6e, 0x2f, 0x70, 0x62, 0x2d, 0x67, 0x6f, 0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2f, + 0x76, 0x31, 0xea, 0x02, 0x14, 0x53, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x3a, 0x3a, 0x43, + 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x3a, 0x3a, 0x56, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x33, } var ( diff --git a/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/common/v1/__init__.py b/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/common/v1/__init__.py index 5bda58fd..2bf2491a 100644 --- a/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/common/v1/__init__.py +++ b/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/common/v1/__init__.py @@ -23,7 +23,7 @@ class HashAlgorithm(betterproto.Enum): HASH_ALGORITHM_UNSPECIFIED = 0 SHA2_256 = 1 - SHA2_256_192 = 2 + SHA2_384 = 2 SHA2_512 = 3 SHA3_256 = 4 SHA3_384 = 5 diff --git a/gen/pb-ruby/lib/sigstore_common_pb.rb b/gen/pb-ruby/lib/sigstore_common_pb.rb index ec3aebee..4b469720 100644 --- a/gen/pb-ruby/lib/sigstore_common_pb.rb +++ b/gen/pb-ruby/lib/sigstore_common_pb.rb @@ -61,7 +61,7 @@ add_enum "dev.sigstore.common.v1.HashAlgorithm" do value :HASH_ALGORITHM_UNSPECIFIED, 0 value :SHA2_256, 1 - value :SHA2_256_192, 2 + value :SHA2_384, 2 value :SHA2_512, 3 value :SHA3_256, 4 value :SHA3_384, 5 diff --git a/gen/pb-rust/schemas/Bundle.schema.json b/gen/pb-rust/schemas/Bundle.schema.json index 71751b2b..ca13f0c0 100644 --- a/gen/pb-rust/schemas/Bundle.schema.json +++ b/gen/pb-rust/schemas/Bundle.schema.json @@ -102,7 +102,7 @@ "enum": [ "HASH_ALGORITHM_UNSPECIFIED", "SHA2_256", - "SHA2_256_192", + "SHA2_384", "SHA2_512", "SHA3_256", "SHA3_384" diff --git a/gen/pb-rust/schemas/HashOutput.schema.json b/gen/pb-rust/schemas/HashOutput.schema.json index c67f27b3..ca1f0413 100644 --- a/gen/pb-rust/schemas/HashOutput.schema.json +++ b/gen/pb-rust/schemas/HashOutput.schema.json @@ -8,7 +8,7 @@ "enum": [ "HASH_ALGORITHM_UNSPECIFIED", "SHA2_256", - "SHA2_256_192", + "SHA2_384", "SHA2_512", "SHA3_256", "SHA3_384" diff --git a/gen/pb-rust/schemas/Input.schema.json b/gen/pb-rust/schemas/Input.schema.json index 06f70ca5..a45be666 100644 --- a/gen/pb-rust/schemas/Input.schema.json +++ b/gen/pb-rust/schemas/Input.schema.json @@ -148,7 +148,7 @@ "enum": [ "HASH_ALGORITHM_UNSPECIFIED", "SHA2_256", - "SHA2_256_192", + "SHA2_384", "SHA2_512", "SHA3_256", "SHA3_384" @@ -548,7 +548,7 @@ "enum": [ "HASH_ALGORITHM_UNSPECIFIED", "SHA2_256", - "SHA2_256_192", + "SHA2_384", "SHA2_512", "SHA3_256", "SHA3_384" diff --git a/gen/pb-rust/schemas/MessageSignature.schema.json b/gen/pb-rust/schemas/MessageSignature.schema.json index 99ad40e3..afb66873 100644 --- a/gen/pb-rust/schemas/MessageSignature.schema.json +++ b/gen/pb-rust/schemas/MessageSignature.schema.json @@ -27,7 +27,7 @@ "enum": [ "HASH_ALGORITHM_UNSPECIFIED", "SHA2_256", - "SHA2_256_192", + "SHA2_384", "SHA2_512", "SHA3_256", "SHA3_384" diff --git a/gen/pb-rust/schemas/TransparencyLogInstance.schema.json b/gen/pb-rust/schemas/TransparencyLogInstance.schema.json index b6d866d2..08358780 100644 --- a/gen/pb-rust/schemas/TransparencyLogInstance.schema.json +++ b/gen/pb-rust/schemas/TransparencyLogInstance.schema.json @@ -12,7 +12,7 @@ "enum": [ "HASH_ALGORITHM_UNSPECIFIED", "SHA2_256", - "SHA2_256_192", + "SHA2_384", "SHA2_512", "SHA3_256", "SHA3_384" diff --git a/gen/pb-rust/schemas/TrustedRoot.schema.json b/gen/pb-rust/schemas/TrustedRoot.schema.json index d1fd4a4f..684977a3 100644 --- a/gen/pb-rust/schemas/TrustedRoot.schema.json +++ b/gen/pb-rust/schemas/TrustedRoot.schema.json @@ -207,7 +207,7 @@ "enum": [ "HASH_ALGORITHM_UNSPECIFIED", "SHA2_256", - "SHA2_256_192", + "SHA2_384", "SHA2_512", "SHA3_256", "SHA3_384" diff --git a/gen/pb-typescript/src/__generated__/sigstore_common.ts b/gen/pb-typescript/src/__generated__/sigstore_common.ts index 81c0b2c0..e8ec575c 100644 --- a/gen/pb-typescript/src/__generated__/sigstore_common.ts +++ b/gen/pb-typescript/src/__generated__/sigstore_common.ts @@ -13,7 +13,7 @@ import { Timestamp } from "./google/protobuf/timestamp"; export enum HashAlgorithm { HASH_ALGORITHM_UNSPECIFIED = 0, SHA2_256 = 1, - SHA2_256_192 = 2, + SHA2_384 = 2, SHA2_512 = 3, SHA3_256 = 4, SHA3_384 = 5, @@ -28,8 +28,8 @@ export function hashAlgorithmFromJSON(object: any): HashAlgorithm { case "SHA2_256": return HashAlgorithm.SHA2_256; case 2: - case "SHA2_256_192": - return HashAlgorithm.SHA2_256_192; + case "SHA2_384": + return HashAlgorithm.SHA2_384; case 3: case "SHA2_512": return HashAlgorithm.SHA2_512; @@ -50,8 +50,8 @@ export function hashAlgorithmToJSON(object: HashAlgorithm): string { return "HASH_ALGORITHM_UNSPECIFIED"; case HashAlgorithm.SHA2_256: return "SHA2_256"; - case HashAlgorithm.SHA2_256_192: - return "SHA2_256_192"; + case HashAlgorithm.SHA2_384: + return "SHA2_384"; case HashAlgorithm.SHA2_512: return "SHA2_512"; case HashAlgorithm.SHA3_256: diff --git a/protos/sigstore_common.proto b/protos/sigstore_common.proto index 28931e41..d09e5bbe 100644 --- a/protos/sigstore_common.proto +++ b/protos/sigstore_common.proto @@ -37,7 +37,7 @@ option ruby_package = "Sigstore::Common::V1"; enum HashAlgorithm { HASH_ALGORITHM_UNSPECIFIED = 0; SHA2_256 = 1; - SHA2_256_192 = 2; + SHA2_384 = 2; SHA2_512 = 3; SHA3_256 = 4; SHA3_384 = 5;