From 0d877376cb74acd10ddeae28f1ca76cfa89e8781 Mon Sep 17 00:00:00 2001 From: Fredrik Skogman Date: Fri, 2 Feb 2024 18:32:47 +0100 Subject: [PATCH] Merged public key details and known signature algorithms (#212) Signed-off-by: Fredrik Skogman --- docs/algorithm-registry.md | 2 +- .../ArtifactVerificationOptions.schema.json | 12 +- gen/jsonschema/schemas/Input.schema.json | 12 +- gen/jsonschema/schemas/PublicKey.schema.json | 12 +- .../schemas/PublicKeyIdentities.schema.json | 12 +- .../TransparencyLogInstance.schema.json | 12 +- .../schemas/TrustedRoot.schema.json | 12 +- gen/pb-go/common/v1/sigstore_common.pb.go | 277 ++++++++---------- .../dev/sigstore/common/v1/__init__.py | 42 ++- gen/pb-ruby/lib/sigstore_common_pb.rb | 20 +- .../ArtifactVerificationOptions.schema.json | 12 +- gen/pb-rust/schemas/Input.schema.json | 12 +- gen/pb-rust/schemas/PublicKey.schema.json | 12 +- .../schemas/PublicKeyIdentities.schema.json | 12 +- .../TransparencyLogInstance.schema.json | 12 +- gen/pb-rust/schemas/TrustedRoot.schema.json | 12 +- .../src/__generated__/sigstore_common.ts | 161 +++++----- protos/sigstore_common.proto | 48 ++- 18 files changed, 341 insertions(+), 353 deletions(-) diff --git a/docs/algorithm-registry.md b/docs/algorithm-registry.md index e7e54da2..09c84562 100644 --- a/docs/algorithm-registry.md +++ b/docs/algorithm-registry.md @@ -2,7 +2,7 @@ This file is designed to act as a source of truth regarding what signing algorithms are recommended across the Sigstore ecosystem. Any changes to this -file **must** be reflected in the `KnownSignatureAlgorithm` enumeration in +file **must** be reflected in the `PublicKeyDetails` enumeration in [sigstore_common.proto](../protos/sigstore_common.proto). Note that Sigstore clients and services aren't required support all algorithms diff --git a/gen/jsonschema/schemas/ArtifactVerificationOptions.schema.json b/gen/jsonschema/schemas/ArtifactVerificationOptions.schema.json index a36bcb98..af233021 100644 --- a/gen/jsonschema/schemas/ArtifactVerificationOptions.schema.json +++ b/gen/jsonschema/schemas/ArtifactVerificationOptions.schema.json @@ -127,13 +127,19 @@ "PKCS1_RSA_PSS", "PKIX_RSA_PKCS1V5", "PKIX_RSA_PSS", - "PKIX_ECDSA_P256_SHA_256", + "PKIX_RSA_PKCS1_2048_SHA256", + "PKIX_RSA_PKCS1_3072_SHA256", + "PKIX_RSA_PKCS1_4096_SHA256", "PKIX_ECDSA_P256_HMAC_SHA_256", - "PKIX_ED25519" + "PKIX_ECDSA_P256_SHA_256", + "PKIX_ECDSA_P384_SHA_384", + "PKIX_ECDSA_P521_SHA_512", + "PKIX_ED25519", + "PKIX_ED25519_PH" ], "type": "string", "title": "Public Key Details", - "description": "Details of a specific public key, capturing the the key encoding method, and signature algorithm. To avoid the possibility of contradicting formats such as PKCS1 with ED25519 the valid permutations are listed as a linear set instead of a cartesian set (i.e one combined variable instead of two, one for encoding and one for the signature algorithm)." + "description": "Details of a specific public key, capturing the the key encoding method, and signature algorithm. PublicKeyDetails captures the public key/hash algorithm combinations recommended in the Sigstore ecosystem. This is modelled as a linear set as we want to provide a small number of opinionated options instead of allowing every possible permutation. Any changes to this enum MUST be reflected in the algorithm registry. See: docs/algorithm-registry.md To avoid the possibility of contradicting formats such as PKCS1 with ED25519 the valid permutations are listed as a linear set instead of a cartesian set (i.e one combined variable instead of two, one for encoding and one for the signature algorithm)." }, "validFor": { "$ref": "#/definitions/dev.sigstore.common.v1.TimeRange", diff --git a/gen/jsonschema/schemas/Input.schema.json b/gen/jsonschema/schemas/Input.schema.json index 755f8f24..7ee0bfaa 100644 --- a/gen/jsonschema/schemas/Input.schema.json +++ b/gen/jsonschema/schemas/Input.schema.json @@ -257,13 +257,19 @@ "PKCS1_RSA_PSS", "PKIX_RSA_PKCS1V5", "PKIX_RSA_PSS", - "PKIX_ECDSA_P256_SHA_256", + "PKIX_RSA_PKCS1_2048_SHA256", + "PKIX_RSA_PKCS1_3072_SHA256", + "PKIX_RSA_PKCS1_4096_SHA256", "PKIX_ECDSA_P256_HMAC_SHA_256", - "PKIX_ED25519" + "PKIX_ECDSA_P256_SHA_256", + "PKIX_ECDSA_P384_SHA_384", + "PKIX_ECDSA_P521_SHA_512", + "PKIX_ED25519", + "PKIX_ED25519_PH" ], "type": "string", "title": "Public Key Details", - "description": "Details of a specific public key, capturing the the key encoding method, and signature algorithm. To avoid the possibility of contradicting formats such as PKCS1 with ED25519 the valid permutations are listed as a linear set instead of a cartesian set (i.e one combined variable instead of two, one for encoding and one for the signature algorithm)." + "description": "Details of a specific public key, capturing the the key encoding method, and signature algorithm. PublicKeyDetails captures the public key/hash algorithm combinations recommended in the Sigstore ecosystem. This is modelled as a linear set as we want to provide a small number of opinionated options instead of allowing every possible permutation. Any changes to this enum MUST be reflected in the algorithm registry. See: docs/algorithm-registry.md To avoid the possibility of contradicting formats such as PKCS1 with ED25519 the valid permutations are listed as a linear set instead of a cartesian set (i.e one combined variable instead of two, one for encoding and one for the signature algorithm)." }, "validFor": { "$ref": "#/definitions/dev.sigstore.common.v1.TimeRange", diff --git a/gen/jsonschema/schemas/PublicKey.schema.json b/gen/jsonschema/schemas/PublicKey.schema.json index b380c3a7..62acbd86 100644 --- a/gen/jsonschema/schemas/PublicKey.schema.json +++ b/gen/jsonschema/schemas/PublicKey.schema.json @@ -17,13 +17,19 @@ "PKCS1_RSA_PSS", "PKIX_RSA_PKCS1V5", "PKIX_RSA_PSS", - "PKIX_ECDSA_P256_SHA_256", + "PKIX_RSA_PKCS1_2048_SHA256", + "PKIX_RSA_PKCS1_3072_SHA256", + "PKIX_RSA_PKCS1_4096_SHA256", "PKIX_ECDSA_P256_HMAC_SHA_256", - "PKIX_ED25519" + "PKIX_ECDSA_P256_SHA_256", + "PKIX_ECDSA_P384_SHA_384", + "PKIX_ECDSA_P521_SHA_512", + "PKIX_ED25519", + "PKIX_ED25519_PH" ], "type": "string", "title": "Public Key Details", - "description": "Details of a specific public key, capturing the the key encoding method, and signature algorithm. To avoid the possibility of contradicting formats such as PKCS1 with ED25519 the valid permutations are listed as a linear set instead of a cartesian set (i.e one combined variable instead of two, one for encoding and one for the signature algorithm)." + "description": "Details of a specific public key, capturing the the key encoding method, and signature algorithm. PublicKeyDetails captures the public key/hash algorithm combinations recommended in the Sigstore ecosystem. This is modelled as a linear set as we want to provide a small number of opinionated options instead of allowing every possible permutation. Any changes to this enum MUST be reflected in the algorithm registry. See: docs/algorithm-registry.md To avoid the possibility of contradicting formats such as PKCS1 with ED25519 the valid permutations are listed as a linear set instead of a cartesian set (i.e one combined variable instead of two, one for encoding and one for the signature algorithm)." }, "validFor": { "$ref": "#/definitions/dev.sigstore.common.v1.TimeRange", diff --git a/gen/jsonschema/schemas/PublicKeyIdentities.schema.json b/gen/jsonschema/schemas/PublicKeyIdentities.schema.json index 72dc4fa4..f17c0d64 100644 --- a/gen/jsonschema/schemas/PublicKeyIdentities.schema.json +++ b/gen/jsonschema/schemas/PublicKeyIdentities.schema.json @@ -31,13 +31,19 @@ "PKCS1_RSA_PSS", "PKIX_RSA_PKCS1V5", "PKIX_RSA_PSS", - "PKIX_ECDSA_P256_SHA_256", + "PKIX_RSA_PKCS1_2048_SHA256", + "PKIX_RSA_PKCS1_3072_SHA256", + "PKIX_RSA_PKCS1_4096_SHA256", "PKIX_ECDSA_P256_HMAC_SHA_256", - "PKIX_ED25519" + "PKIX_ECDSA_P256_SHA_256", + "PKIX_ECDSA_P384_SHA_384", + "PKIX_ECDSA_P521_SHA_512", + "PKIX_ED25519", + "PKIX_ED25519_PH" ], "type": "string", "title": "Public Key Details", - "description": "Details of a specific public key, capturing the the key encoding method, and signature algorithm. To avoid the possibility of contradicting formats such as PKCS1 with ED25519 the valid permutations are listed as a linear set instead of a cartesian set (i.e one combined variable instead of two, one for encoding and one for the signature algorithm)." + "description": "Details of a specific public key, capturing the the key encoding method, and signature algorithm. PublicKeyDetails captures the public key/hash algorithm combinations recommended in the Sigstore ecosystem. This is modelled as a linear set as we want to provide a small number of opinionated options instead of allowing every possible permutation. Any changes to this enum MUST be reflected in the algorithm registry. See: docs/algorithm-registry.md To avoid the possibility of contradicting formats such as PKCS1 with ED25519 the valid permutations are listed as a linear set instead of a cartesian set (i.e one combined variable instead of two, one for encoding and one for the signature algorithm)." }, "validFor": { "$ref": "#/definitions/dev.sigstore.common.v1.TimeRange", diff --git a/gen/jsonschema/schemas/TransparencyLogInstance.schema.json b/gen/jsonschema/schemas/TransparencyLogInstance.schema.json index 08358780..2e46024f 100644 --- a/gen/jsonschema/schemas/TransparencyLogInstance.schema.json +++ b/gen/jsonschema/schemas/TransparencyLogInstance.schema.json @@ -66,13 +66,19 @@ "PKCS1_RSA_PSS", "PKIX_RSA_PKCS1V5", "PKIX_RSA_PSS", - "PKIX_ECDSA_P256_SHA_256", + "PKIX_RSA_PKCS1_2048_SHA256", + "PKIX_RSA_PKCS1_3072_SHA256", + "PKIX_RSA_PKCS1_4096_SHA256", "PKIX_ECDSA_P256_HMAC_SHA_256", - "PKIX_ED25519" + "PKIX_ECDSA_P256_SHA_256", + "PKIX_ECDSA_P384_SHA_384", + "PKIX_ECDSA_P521_SHA_512", + "PKIX_ED25519", + "PKIX_ED25519_PH" ], "type": "string", "title": "Public Key Details", - "description": "Details of a specific public key, capturing the the key encoding method, and signature algorithm. To avoid the possibility of contradicting formats such as PKCS1 with ED25519 the valid permutations are listed as a linear set instead of a cartesian set (i.e one combined variable instead of two, one for encoding and one for the signature algorithm)." + "description": "Details of a specific public key, capturing the the key encoding method, and signature algorithm. PublicKeyDetails captures the public key/hash algorithm combinations recommended in the Sigstore ecosystem. This is modelled as a linear set as we want to provide a small number of opinionated options instead of allowing every possible permutation. Any changes to this enum MUST be reflected in the algorithm registry. See: docs/algorithm-registry.md To avoid the possibility of contradicting formats such as PKCS1 with ED25519 the valid permutations are listed as a linear set instead of a cartesian set (i.e one combined variable instead of two, one for encoding and one for the signature algorithm)." }, "validFor": { "$ref": "#/definitions/dev.sigstore.common.v1.TimeRange", diff --git a/gen/jsonschema/schemas/TrustedRoot.schema.json b/gen/jsonschema/schemas/TrustedRoot.schema.json index 240bb0f9..2f393c6b 100644 --- a/gen/jsonschema/schemas/TrustedRoot.schema.json +++ b/gen/jsonschema/schemas/TrustedRoot.schema.json @@ -88,13 +88,19 @@ "PKCS1_RSA_PSS", "PKIX_RSA_PKCS1V5", "PKIX_RSA_PSS", - "PKIX_ECDSA_P256_SHA_256", + "PKIX_RSA_PKCS1_2048_SHA256", + "PKIX_RSA_PKCS1_3072_SHA256", + "PKIX_RSA_PKCS1_4096_SHA256", "PKIX_ECDSA_P256_HMAC_SHA_256", - "PKIX_ED25519" + "PKIX_ECDSA_P256_SHA_256", + "PKIX_ECDSA_P384_SHA_384", + "PKIX_ECDSA_P521_SHA_512", + "PKIX_ED25519", + "PKIX_ED25519_PH" ], "type": "string", "title": "Public Key Details", - "description": "Details of a specific public key, capturing the the key encoding method, and signature algorithm. To avoid the possibility of contradicting formats such as PKCS1 with ED25519 the valid permutations are listed as a linear set instead of a cartesian set (i.e one combined variable instead of two, one for encoding and one for the signature algorithm)." + "description": "Details of a specific public key, capturing the the key encoding method, and signature algorithm. PublicKeyDetails captures the public key/hash algorithm combinations recommended in the Sigstore ecosystem. This is modelled as a linear set as we want to provide a small number of opinionated options instead of allowing every possible permutation. Any changes to this enum MUST be reflected in the algorithm registry. See: docs/algorithm-registry.md To avoid the possibility of contradicting formats such as PKCS1 with ED25519 the valid permutations are listed as a linear set instead of a cartesian set (i.e one combined variable instead of two, one for encoding and one for the signature algorithm)." }, "validFor": { "$ref": "#/definitions/dev.sigstore.common.v1.TimeRange", diff --git a/gen/pb-go/common/v1/sigstore_common.pb.go b/gen/pb-go/common/v1/sigstore_common.pb.go index 958af8d5..285aa19a 100644 --- a/gen/pb-go/common/v1/sigstore_common.pb.go +++ b/gen/pb-go/common/v1/sigstore_common.pb.go @@ -103,6 +103,16 @@ func (HashAlgorithm) EnumDescriptor() ([]byte, []int) { // Details of a specific public key, capturing the the key encoding method, // and signature algorithm. +// +// PublicKeyDetails captures the public key/hash algorithm combinations +// recommended in the Sigstore ecosystem. +// +// This is modelled as a linear set as we want to provide a small number of +// opinionated options instead of allowing every possible permutation. +// +// Any changes to this enum MUST be reflected in the algorithm registry. +// See: docs/algorithm-registry.md +// // To avoid the possibility of contradicting formats such as PKCS1 with // ED25519 the valid permutations are listed as a linear set instead of a // cartesian set (i.e one combined variable instead of two, one for encoding @@ -112,28 +122,47 @@ type PublicKeyDetails int32 const ( PublicKeyDetails_PUBLIC_KEY_DETAILS_UNSPECIFIED PublicKeyDetails = 0 // RSA + // + // Deprecated: Do not use. PublicKeyDetails_PKCS1_RSA_PKCS1V5 PublicKeyDetails = 1 // See RFC8017 - PublicKeyDetails_PKCS1_RSA_PSS PublicKeyDetails = 2 // See RFC8017 - PublicKeyDetails_PKIX_RSA_PKCS1V5 PublicKeyDetails = 3 - PublicKeyDetails_PKIX_RSA_PSS PublicKeyDetails = 4 + // Deprecated: Do not use. + PublicKeyDetails_PKCS1_RSA_PSS PublicKeyDetails = 2 // See RFC8017 + // Deprecated: Do not use. + PublicKeyDetails_PKIX_RSA_PKCS1V5 PublicKeyDetails = 3 + // Deprecated: Do not use. + PublicKeyDetails_PKIX_RSA_PSS PublicKeyDetails = 4 + PublicKeyDetails_PKIX_RSA_PKCS1_2048_SHA256 PublicKeyDetails = 9 + PublicKeyDetails_PKIX_RSA_PKCS1_3072_SHA256 PublicKeyDetails = 10 + PublicKeyDetails_PKIX_RSA_PKCS1_4096_SHA256 PublicKeyDetails = 11 // ECDSA - PublicKeyDetails_PKIX_ECDSA_P256_SHA_256 PublicKeyDetails = 5 // See NIST FIPS 186-4 + // + // Deprecated: Do not use. PublicKeyDetails_PKIX_ECDSA_P256_HMAC_SHA_256 PublicKeyDetails = 6 // See RFC6979 + PublicKeyDetails_PKIX_ECDSA_P256_SHA_256 PublicKeyDetails = 5 // See NIST FIPS 186-4 + PublicKeyDetails_PKIX_ECDSA_P384_SHA_384 PublicKeyDetails = 12 + PublicKeyDetails_PKIX_ECDSA_P521_SHA_512 PublicKeyDetails = 13 // Ed 25519 - PublicKeyDetails_PKIX_ED25519 PublicKeyDetails = 7 // See RFC8032 + PublicKeyDetails_PKIX_ED25519 PublicKeyDetails = 7 // See RFC8032 + PublicKeyDetails_PKIX_ED25519_PH PublicKeyDetails = 8 ) // Enum value maps for PublicKeyDetails. var ( PublicKeyDetails_name = map[int32]string{ - 0: "PUBLIC_KEY_DETAILS_UNSPECIFIED", - 1: "PKCS1_RSA_PKCS1V5", - 2: "PKCS1_RSA_PSS", - 3: "PKIX_RSA_PKCS1V5", - 4: "PKIX_RSA_PSS", - 5: "PKIX_ECDSA_P256_SHA_256", - 6: "PKIX_ECDSA_P256_HMAC_SHA_256", - 7: "PKIX_ED25519", + 0: "PUBLIC_KEY_DETAILS_UNSPECIFIED", + 1: "PKCS1_RSA_PKCS1V5", + 2: "PKCS1_RSA_PSS", + 3: "PKIX_RSA_PKCS1V5", + 4: "PKIX_RSA_PSS", + 9: "PKIX_RSA_PKCS1_2048_SHA256", + 10: "PKIX_RSA_PKCS1_3072_SHA256", + 11: "PKIX_RSA_PKCS1_4096_SHA256", + 6: "PKIX_ECDSA_P256_HMAC_SHA_256", + 5: "PKIX_ECDSA_P256_SHA_256", + 12: "PKIX_ECDSA_P384_SHA_384", + 13: "PKIX_ECDSA_P521_SHA_512", + 7: "PKIX_ED25519", + 8: "PKIX_ED25519_PH", } PublicKeyDetails_value = map[string]int32{ "PUBLIC_KEY_DETAILS_UNSPECIFIED": 0, @@ -141,9 +170,15 @@ var ( "PKCS1_RSA_PSS": 2, "PKIX_RSA_PKCS1V5": 3, "PKIX_RSA_PSS": 4, - "PKIX_ECDSA_P256_SHA_256": 5, + "PKIX_RSA_PKCS1_2048_SHA256": 9, + "PKIX_RSA_PKCS1_3072_SHA256": 10, + "PKIX_RSA_PKCS1_4096_SHA256": 11, "PKIX_ECDSA_P256_HMAC_SHA_256": 6, + "PKIX_ECDSA_P256_SHA_256": 5, + "PKIX_ECDSA_P384_SHA_384": 12, + "PKIX_ECDSA_P521_SHA_512": 13, "PKIX_ED25519": 7, + "PKIX_ED25519_PH": 8, } ) @@ -174,81 +209,6 @@ func (PublicKeyDetails) EnumDescriptor() ([]byte, []int) { return file_sigstore_common_proto_rawDescGZIP(), []int{1} } -// KnownSignatureAlgorithm captures the public key/hash algorithm combinations -// recommended in the Sigstore ecosystem. -// -// This is modelled as a linear set as we want to provide a small number of -// opinionated options instead of allowing every possible permutation. -// -// Any changes to this enum MUST be reflected in the algorithm registry. -// See: docs/algorithm-registry.md -type KnownSignatureAlgorithm int32 - -const ( - KnownSignatureAlgorithm_KNOWN_SIGNATURE_ALGORITHM_UNSPECIFIED KnownSignatureAlgorithm = 0 - KnownSignatureAlgorithm_RSA_SIGN_PKCS1_2048_SHA256 KnownSignatureAlgorithm = 1 - KnownSignatureAlgorithm_RSA_SIGN_PKCS1_3072_SHA256 KnownSignatureAlgorithm = 2 - KnownSignatureAlgorithm_RSA_SIGN_PKCS1_4096_SHA256 KnownSignatureAlgorithm = 3 - KnownSignatureAlgorithm_ECDSA_SHA2_256_NISTP256 KnownSignatureAlgorithm = 4 - KnownSignatureAlgorithm_ECDSA_SHA2_384_NISTP384 KnownSignatureAlgorithm = 5 - KnownSignatureAlgorithm_ECDSA_SHA2_512_NISTP521 KnownSignatureAlgorithm = 6 - KnownSignatureAlgorithm_ED25519 KnownSignatureAlgorithm = 7 - KnownSignatureAlgorithm_ED25519_PH KnownSignatureAlgorithm = 8 -) - -// Enum value maps for KnownSignatureAlgorithm. -var ( - KnownSignatureAlgorithm_name = map[int32]string{ - 0: "KNOWN_SIGNATURE_ALGORITHM_UNSPECIFIED", - 1: "RSA_SIGN_PKCS1_2048_SHA256", - 2: "RSA_SIGN_PKCS1_3072_SHA256", - 3: "RSA_SIGN_PKCS1_4096_SHA256", - 4: "ECDSA_SHA2_256_NISTP256", - 5: "ECDSA_SHA2_384_NISTP384", - 6: "ECDSA_SHA2_512_NISTP521", - 7: "ED25519", - 8: "ED25519_PH", - } - KnownSignatureAlgorithm_value = map[string]int32{ - "KNOWN_SIGNATURE_ALGORITHM_UNSPECIFIED": 0, - "RSA_SIGN_PKCS1_2048_SHA256": 1, - "RSA_SIGN_PKCS1_3072_SHA256": 2, - "RSA_SIGN_PKCS1_4096_SHA256": 3, - "ECDSA_SHA2_256_NISTP256": 4, - "ECDSA_SHA2_384_NISTP384": 5, - "ECDSA_SHA2_512_NISTP521": 6, - "ED25519": 7, - "ED25519_PH": 8, - } -) - -func (x KnownSignatureAlgorithm) Enum() *KnownSignatureAlgorithm { - p := new(KnownSignatureAlgorithm) - *p = x - return p -} - -func (x KnownSignatureAlgorithm) String() string { - return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) -} - -func (KnownSignatureAlgorithm) Descriptor() protoreflect.EnumDescriptor { - return file_sigstore_common_proto_enumTypes[2].Descriptor() -} - -func (KnownSignatureAlgorithm) Type() protoreflect.EnumType { - return &file_sigstore_common_proto_enumTypes[2] -} - -func (x KnownSignatureAlgorithm) Number() protoreflect.EnumNumber { - return protoreflect.EnumNumber(x) -} - -// Deprecated: Use KnownSignatureAlgorithm.Descriptor instead. -func (KnownSignatureAlgorithm) EnumDescriptor() ([]byte, []int) { - return file_sigstore_common_proto_rawDescGZIP(), []int{2} -} - type SubjectAlternativeNameType int32 const ( @@ -288,11 +248,11 @@ func (x SubjectAlternativeNameType) String() string { } func (SubjectAlternativeNameType) Descriptor() protoreflect.EnumDescriptor { - return file_sigstore_common_proto_enumTypes[3].Descriptor() + return file_sigstore_common_proto_enumTypes[2].Descriptor() } func (SubjectAlternativeNameType) Type() protoreflect.EnumType { - return &file_sigstore_common_proto_enumTypes[3] + return &file_sigstore_common_proto_enumTypes[2] } func (x SubjectAlternativeNameType) Number() protoreflect.EnumNumber { @@ -301,7 +261,7 @@ func (x SubjectAlternativeNameType) Number() protoreflect.EnumNumber { // Deprecated: Use SubjectAlternativeNameType.Descriptor instead. func (SubjectAlternativeNameType) EnumDescriptor() ([]byte, []int) { - return file_sigstore_common_proto_rawDescGZIP(), []int{3} + return file_sigstore_common_proto_rawDescGZIP(), []int{2} } // HashOutput captures a digest of a 'message' (generic octet sequence) @@ -1170,54 +1130,48 @@ var file_sigstore_common_proto_rawDesc = []byte{ 0x48, 0x41, 0x32, 0x5f, 0x33, 0x38, 0x34, 0x10, 0x02, 0x12, 0x0c, 0x0a, 0x08, 0x53, 0x48, 0x41, 0x32, 0x5f, 0x35, 0x31, 0x32, 0x10, 0x03, 0x12, 0x0c, 0x0a, 0x08, 0x53, 0x48, 0x41, 0x33, 0x5f, 0x32, 0x35, 0x36, 0x10, 0x04, 0x12, 0x0c, 0x0a, 0x08, 0x53, 0x48, 0x41, 0x33, 0x5f, 0x33, 0x38, - 0x34, 0x10, 0x05, 0x2a, 0xd9, 0x01, 0x0a, 0x10, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, + 0x34, 0x10, 0x05, 0x2a, 0x9c, 0x03, 0x0a, 0x10, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x44, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x12, 0x22, 0x0a, 0x1e, 0x50, 0x55, 0x42, 0x4c, 0x49, 0x43, 0x5f, 0x4b, 0x45, 0x59, 0x5f, 0x44, 0x45, 0x54, 0x41, 0x49, 0x4c, 0x53, 0x5f, 0x55, - 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x15, 0x0a, 0x11, + 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x19, 0x0a, 0x11, 0x50, 0x4b, 0x43, 0x53, 0x31, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x50, 0x4b, 0x43, 0x53, 0x31, 0x56, - 0x35, 0x10, 0x01, 0x12, 0x11, 0x0a, 0x0d, 0x50, 0x4b, 0x43, 0x53, 0x31, 0x5f, 0x52, 0x53, 0x41, - 0x5f, 0x50, 0x53, 0x53, 0x10, 0x02, 0x12, 0x14, 0x0a, 0x10, 0x50, 0x4b, 0x49, 0x58, 0x5f, 0x52, - 0x53, 0x41, 0x5f, 0x50, 0x4b, 0x43, 0x53, 0x31, 0x56, 0x35, 0x10, 0x03, 0x12, 0x10, 0x0a, 0x0c, - 0x50, 0x4b, 0x49, 0x58, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x50, 0x53, 0x53, 0x10, 0x04, 0x12, 0x1b, - 0x0a, 0x17, 0x50, 0x4b, 0x49, 0x58, 0x5f, 0x45, 0x43, 0x44, 0x53, 0x41, 0x5f, 0x50, 0x32, 0x35, - 0x36, 0x5f, 0x53, 0x48, 0x41, 0x5f, 0x32, 0x35, 0x36, 0x10, 0x05, 0x12, 0x20, 0x0a, 0x1c, 0x50, - 0x4b, 0x49, 0x58, 0x5f, 0x45, 0x43, 0x44, 0x53, 0x41, 0x5f, 0x50, 0x32, 0x35, 0x36, 0x5f, 0x48, - 0x4d, 0x41, 0x43, 0x5f, 0x53, 0x48, 0x41, 0x5f, 0x32, 0x35, 0x36, 0x10, 0x06, 0x12, 0x10, 0x0a, - 0x0c, 0x50, 0x4b, 0x49, 0x58, 0x5f, 0x45, 0x44, 0x32, 0x35, 0x35, 0x31, 0x39, 0x10, 0x07, 0x2a, - 0x98, 0x02, 0x0a, 0x17, 0x4b, 0x6e, 0x6f, 0x77, 0x6e, 0x53, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, - 0x72, 0x65, 0x41, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, 0x12, 0x29, 0x0a, 0x25, 0x4b, - 0x4e, 0x4f, 0x57, 0x4e, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x41, 0x54, 0x55, 0x52, 0x45, 0x5f, 0x41, - 0x4c, 0x47, 0x4f, 0x52, 0x49, 0x54, 0x48, 0x4d, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, - 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x1e, 0x0a, 0x1a, 0x52, 0x53, 0x41, 0x5f, 0x53, 0x49, - 0x47, 0x4e, 0x5f, 0x50, 0x4b, 0x43, 0x53, 0x31, 0x5f, 0x32, 0x30, 0x34, 0x38, 0x5f, 0x53, 0x48, - 0x41, 0x32, 0x35, 0x36, 0x10, 0x01, 0x12, 0x1e, 0x0a, 0x1a, 0x52, 0x53, 0x41, 0x5f, 0x53, 0x49, - 0x47, 0x4e, 0x5f, 0x50, 0x4b, 0x43, 0x53, 0x31, 0x5f, 0x33, 0x30, 0x37, 0x32, 0x5f, 0x53, 0x48, - 0x41, 0x32, 0x35, 0x36, 0x10, 0x02, 0x12, 0x1e, 0x0a, 0x1a, 0x52, 0x53, 0x41, 0x5f, 0x53, 0x49, - 0x47, 0x4e, 0x5f, 0x50, 0x4b, 0x43, 0x53, 0x31, 0x5f, 0x34, 0x30, 0x39, 0x36, 0x5f, 0x53, 0x48, - 0x41, 0x32, 0x35, 0x36, 0x10, 0x03, 0x12, 0x1b, 0x0a, 0x17, 0x45, 0x43, 0x44, 0x53, 0x41, 0x5f, - 0x53, 0x48, 0x41, 0x32, 0x5f, 0x32, 0x35, 0x36, 0x5f, 0x4e, 0x49, 0x53, 0x54, 0x50, 0x32, 0x35, - 0x36, 0x10, 0x04, 0x12, 0x1b, 0x0a, 0x17, 0x45, 0x43, 0x44, 0x53, 0x41, 0x5f, 0x53, 0x48, 0x41, - 0x32, 0x5f, 0x33, 0x38, 0x34, 0x5f, 0x4e, 0x49, 0x53, 0x54, 0x50, 0x33, 0x38, 0x34, 0x10, 0x05, - 0x12, 0x1b, 0x0a, 0x17, 0x45, 0x43, 0x44, 0x53, 0x41, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x5f, 0x35, - 0x31, 0x32, 0x5f, 0x4e, 0x49, 0x53, 0x54, 0x50, 0x35, 0x32, 0x31, 0x10, 0x06, 0x12, 0x0b, 0x0a, - 0x07, 0x45, 0x44, 0x32, 0x35, 0x35, 0x31, 0x39, 0x10, 0x07, 0x12, 0x0e, 0x0a, 0x0a, 0x45, 0x44, - 0x32, 0x35, 0x35, 0x31, 0x39, 0x5f, 0x50, 0x48, 0x10, 0x08, 0x2a, 0x6f, 0x0a, 0x1a, 0x53, 0x75, - 0x62, 0x6a, 0x65, 0x63, 0x74, 0x41, 0x6c, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x74, 0x69, 0x76, 0x65, - 0x4e, 0x61, 0x6d, 0x65, 0x54, 0x79, 0x70, 0x65, 0x12, 0x2d, 0x0a, 0x29, 0x53, 0x55, 0x42, 0x4a, - 0x45, 0x43, 0x54, 0x5f, 0x41, 0x4c, 0x54, 0x45, 0x52, 0x4e, 0x41, 0x54, 0x49, 0x56, 0x45, 0x5f, - 0x4e, 0x41, 0x4d, 0x45, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, - 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x09, 0x0a, 0x05, 0x45, 0x4d, 0x41, 0x49, 0x4c, - 0x10, 0x01, 0x12, 0x07, 0x0a, 0x03, 0x55, 0x52, 0x49, 0x10, 0x02, 0x12, 0x0e, 0x0a, 0x0a, 0x4f, - 0x54, 0x48, 0x45, 0x52, 0x5f, 0x4e, 0x41, 0x4d, 0x45, 0x10, 0x03, 0x42, 0x7c, 0x0a, 0x1c, 0x64, - 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x42, 0x0b, 0x43, 0x6f, 0x6d, - 0x6d, 0x6f, 0x6e, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x36, 0x67, 0x69, 0x74, 0x68, - 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2f, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2d, 0x73, 0x70, 0x65, 0x63, 0x73, 0x2f, 0x67, - 0x65, 0x6e, 0x2f, 0x70, 0x62, 0x2d, 0x67, 0x6f, 0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2f, - 0x76, 0x31, 0xea, 0x02, 0x14, 0x53, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x3a, 0x3a, 0x43, - 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x3a, 0x3a, 0x56, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x33, + 0x35, 0x10, 0x01, 0x1a, 0x02, 0x08, 0x01, 0x12, 0x15, 0x0a, 0x0d, 0x50, 0x4b, 0x43, 0x53, 0x31, + 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x50, 0x53, 0x53, 0x10, 0x02, 0x1a, 0x02, 0x08, 0x01, 0x12, 0x18, + 0x0a, 0x10, 0x50, 0x4b, 0x49, 0x58, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x50, 0x4b, 0x43, 0x53, 0x31, + 0x56, 0x35, 0x10, 0x03, 0x1a, 0x02, 0x08, 0x01, 0x12, 0x14, 0x0a, 0x0c, 0x50, 0x4b, 0x49, 0x58, + 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x50, 0x53, 0x53, 0x10, 0x04, 0x1a, 0x02, 0x08, 0x01, 0x12, 0x1e, + 0x0a, 0x1a, 0x50, 0x4b, 0x49, 0x58, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x50, 0x4b, 0x43, 0x53, 0x31, + 0x5f, 0x32, 0x30, 0x34, 0x38, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x10, 0x09, 0x12, 0x1e, + 0x0a, 0x1a, 0x50, 0x4b, 0x49, 0x58, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x50, 0x4b, 0x43, 0x53, 0x31, + 0x5f, 0x33, 0x30, 0x37, 0x32, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x10, 0x0a, 0x12, 0x1e, + 0x0a, 0x1a, 0x50, 0x4b, 0x49, 0x58, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x50, 0x4b, 0x43, 0x53, 0x31, + 0x5f, 0x34, 0x30, 0x39, 0x36, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x10, 0x0b, 0x12, 0x24, + 0x0a, 0x1c, 0x50, 0x4b, 0x49, 0x58, 0x5f, 0x45, 0x43, 0x44, 0x53, 0x41, 0x5f, 0x50, 0x32, 0x35, + 0x36, 0x5f, 0x48, 0x4d, 0x41, 0x43, 0x5f, 0x53, 0x48, 0x41, 0x5f, 0x32, 0x35, 0x36, 0x10, 0x06, + 0x1a, 0x02, 0x08, 0x01, 0x12, 0x1b, 0x0a, 0x17, 0x50, 0x4b, 0x49, 0x58, 0x5f, 0x45, 0x43, 0x44, + 0x53, 0x41, 0x5f, 0x50, 0x32, 0x35, 0x36, 0x5f, 0x53, 0x48, 0x41, 0x5f, 0x32, 0x35, 0x36, 0x10, + 0x05, 0x12, 0x1b, 0x0a, 0x17, 0x50, 0x4b, 0x49, 0x58, 0x5f, 0x45, 0x43, 0x44, 0x53, 0x41, 0x5f, + 0x50, 0x33, 0x38, 0x34, 0x5f, 0x53, 0x48, 0x41, 0x5f, 0x33, 0x38, 0x34, 0x10, 0x0c, 0x12, 0x1b, + 0x0a, 0x17, 0x50, 0x4b, 0x49, 0x58, 0x5f, 0x45, 0x43, 0x44, 0x53, 0x41, 0x5f, 0x50, 0x35, 0x32, + 0x31, 0x5f, 0x53, 0x48, 0x41, 0x5f, 0x35, 0x31, 0x32, 0x10, 0x0d, 0x12, 0x10, 0x0a, 0x0c, 0x50, + 0x4b, 0x49, 0x58, 0x5f, 0x45, 0x44, 0x32, 0x35, 0x35, 0x31, 0x39, 0x10, 0x07, 0x12, 0x13, 0x0a, + 0x0f, 0x50, 0x4b, 0x49, 0x58, 0x5f, 0x45, 0x44, 0x32, 0x35, 0x35, 0x31, 0x39, 0x5f, 0x50, 0x48, + 0x10, 0x08, 0x2a, 0x6f, 0x0a, 0x1a, 0x53, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x41, 0x6c, 0x74, + 0x65, 0x72, 0x6e, 0x61, 0x74, 0x69, 0x76, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x54, 0x79, 0x70, 0x65, + 0x12, 0x2d, 0x0a, 0x29, 0x53, 0x55, 0x42, 0x4a, 0x45, 0x43, 0x54, 0x5f, 0x41, 0x4c, 0x54, 0x45, + 0x52, 0x4e, 0x41, 0x54, 0x49, 0x56, 0x45, 0x5f, 0x4e, 0x41, 0x4d, 0x45, 0x5f, 0x54, 0x59, 0x50, + 0x45, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, + 0x09, 0x0a, 0x05, 0x45, 0x4d, 0x41, 0x49, 0x4c, 0x10, 0x01, 0x12, 0x07, 0x0a, 0x03, 0x55, 0x52, + 0x49, 0x10, 0x02, 0x12, 0x0e, 0x0a, 0x0a, 0x4f, 0x54, 0x48, 0x45, 0x52, 0x5f, 0x4e, 0x41, 0x4d, + 0x45, 0x10, 0x03, 0x42, 0x7c, 0x0a, 0x1c, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, + 0x6f, 0x72, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, + 0x2e, 0x76, 0x31, 0x42, 0x0b, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x50, 0x72, 0x6f, 0x74, 0x6f, + 0x50, 0x01, 0x5a, 0x36, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x73, + 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, + 0x2d, 0x73, 0x70, 0x65, 0x63, 0x73, 0x2f, 0x67, 0x65, 0x6e, 0x2f, 0x70, 0x62, 0x2d, 0x67, 0x6f, + 0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2f, 0x76, 0x31, 0xea, 0x02, 0x14, 0x53, 0x69, 0x67, + 0x73, 0x74, 0x6f, 0x72, 0x65, 0x3a, 0x3a, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x3a, 0x3a, 0x56, + 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -1232,38 +1186,37 @@ func file_sigstore_common_proto_rawDescGZIP() []byte { return file_sigstore_common_proto_rawDescData } -var file_sigstore_common_proto_enumTypes = make([]protoimpl.EnumInfo, 4) +var file_sigstore_common_proto_enumTypes = make([]protoimpl.EnumInfo, 3) var file_sigstore_common_proto_msgTypes = make([]protoimpl.MessageInfo, 13) var file_sigstore_common_proto_goTypes = []interface{}{ (HashAlgorithm)(0), // 0: dev.sigstore.common.v1.HashAlgorithm (PublicKeyDetails)(0), // 1: dev.sigstore.common.v1.PublicKeyDetails - (KnownSignatureAlgorithm)(0), // 2: dev.sigstore.common.v1.KnownSignatureAlgorithm - (SubjectAlternativeNameType)(0), // 3: dev.sigstore.common.v1.SubjectAlternativeNameType - (*HashOutput)(nil), // 4: dev.sigstore.common.v1.HashOutput - (*MessageSignature)(nil), // 5: dev.sigstore.common.v1.MessageSignature - (*LogId)(nil), // 6: dev.sigstore.common.v1.LogId - (*RFC3161SignedTimestamp)(nil), // 7: dev.sigstore.common.v1.RFC3161SignedTimestamp - (*PublicKey)(nil), // 8: dev.sigstore.common.v1.PublicKey - (*PublicKeyIdentifier)(nil), // 9: dev.sigstore.common.v1.PublicKeyIdentifier - (*ObjectIdentifier)(nil), // 10: dev.sigstore.common.v1.ObjectIdentifier - (*ObjectIdentifierValuePair)(nil), // 11: dev.sigstore.common.v1.ObjectIdentifierValuePair - (*DistinguishedName)(nil), // 12: dev.sigstore.common.v1.DistinguishedName - (*X509Certificate)(nil), // 13: dev.sigstore.common.v1.X509Certificate - (*SubjectAlternativeName)(nil), // 14: dev.sigstore.common.v1.SubjectAlternativeName - (*X509CertificateChain)(nil), // 15: dev.sigstore.common.v1.X509CertificateChain - (*TimeRange)(nil), // 16: dev.sigstore.common.v1.TimeRange - (*timestamppb.Timestamp)(nil), // 17: google.protobuf.Timestamp + (SubjectAlternativeNameType)(0), // 2: dev.sigstore.common.v1.SubjectAlternativeNameType + (*HashOutput)(nil), // 3: dev.sigstore.common.v1.HashOutput + (*MessageSignature)(nil), // 4: dev.sigstore.common.v1.MessageSignature + (*LogId)(nil), // 5: dev.sigstore.common.v1.LogId + (*RFC3161SignedTimestamp)(nil), // 6: dev.sigstore.common.v1.RFC3161SignedTimestamp + (*PublicKey)(nil), // 7: dev.sigstore.common.v1.PublicKey + (*PublicKeyIdentifier)(nil), // 8: dev.sigstore.common.v1.PublicKeyIdentifier + (*ObjectIdentifier)(nil), // 9: dev.sigstore.common.v1.ObjectIdentifier + (*ObjectIdentifierValuePair)(nil), // 10: dev.sigstore.common.v1.ObjectIdentifierValuePair + (*DistinguishedName)(nil), // 11: dev.sigstore.common.v1.DistinguishedName + (*X509Certificate)(nil), // 12: dev.sigstore.common.v1.X509Certificate + (*SubjectAlternativeName)(nil), // 13: dev.sigstore.common.v1.SubjectAlternativeName + (*X509CertificateChain)(nil), // 14: dev.sigstore.common.v1.X509CertificateChain + (*TimeRange)(nil), // 15: dev.sigstore.common.v1.TimeRange + (*timestamppb.Timestamp)(nil), // 16: google.protobuf.Timestamp } var file_sigstore_common_proto_depIdxs = []int32{ 0, // 0: dev.sigstore.common.v1.HashOutput.algorithm:type_name -> dev.sigstore.common.v1.HashAlgorithm - 4, // 1: dev.sigstore.common.v1.MessageSignature.message_digest:type_name -> dev.sigstore.common.v1.HashOutput + 3, // 1: dev.sigstore.common.v1.MessageSignature.message_digest:type_name -> dev.sigstore.common.v1.HashOutput 1, // 2: dev.sigstore.common.v1.PublicKey.key_details:type_name -> dev.sigstore.common.v1.PublicKeyDetails - 16, // 3: dev.sigstore.common.v1.PublicKey.valid_for:type_name -> dev.sigstore.common.v1.TimeRange - 10, // 4: dev.sigstore.common.v1.ObjectIdentifierValuePair.oid:type_name -> dev.sigstore.common.v1.ObjectIdentifier - 3, // 5: dev.sigstore.common.v1.SubjectAlternativeName.type:type_name -> dev.sigstore.common.v1.SubjectAlternativeNameType - 13, // 6: dev.sigstore.common.v1.X509CertificateChain.certificates:type_name -> dev.sigstore.common.v1.X509Certificate - 17, // 7: dev.sigstore.common.v1.TimeRange.start:type_name -> google.protobuf.Timestamp - 17, // 8: dev.sigstore.common.v1.TimeRange.end:type_name -> google.protobuf.Timestamp + 15, // 3: dev.sigstore.common.v1.PublicKey.valid_for:type_name -> dev.sigstore.common.v1.TimeRange + 9, // 4: dev.sigstore.common.v1.ObjectIdentifierValuePair.oid:type_name -> dev.sigstore.common.v1.ObjectIdentifier + 2, // 5: dev.sigstore.common.v1.SubjectAlternativeName.type:type_name -> dev.sigstore.common.v1.SubjectAlternativeNameType + 12, // 6: dev.sigstore.common.v1.X509CertificateChain.certificates:type_name -> dev.sigstore.common.v1.X509Certificate + 16, // 7: dev.sigstore.common.v1.TimeRange.start:type_name -> google.protobuf.Timestamp + 16, // 8: dev.sigstore.common.v1.TimeRange.end:type_name -> google.protobuf.Timestamp 9, // [9:9] is the sub-list for method output_type 9, // [9:9] is the sub-list for method input_type 9, // [9:9] is the sub-list for extension type_name @@ -1445,7 +1398,7 @@ func file_sigstore_common_proto_init() { File: protoimpl.DescBuilder{ GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: file_sigstore_common_proto_rawDesc, - NumEnums: 4, + NumEnums: 3, NumMessages: 13, NumExtensions: 0, NumServices: 0, diff --git a/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/common/v1/__init__.py b/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/common/v1/__init__.py index 712fd5fc..3afc31f3 100644 --- a/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/common/v1/__init__.py +++ b/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/common/v1/__init__.py @@ -34,10 +34,15 @@ class HashAlgorithm(betterproto.Enum): class PublicKeyDetails(betterproto.Enum): """ Details of a specific public key, capturing the the key encoding method, - and signature algorithm. To avoid the possibility of contradicting formats - such as PKCS1 with ED25519 the valid permutations are listed as a linear - set instead of a cartesian set (i.e one combined variable instead of two, - one for encoding and one for the signature algorithm). + and signature algorithm. PublicKeyDetails captures the public key/hash + algorithm combinations recommended in the Sigstore ecosystem. This is + modelled as a linear set as we want to provide a small number of + opinionated options instead of allowing every possible permutation. Any + changes to this enum MUST be reflected in the algorithm registry. See: + docs/algorithm-registry.md To avoid the possibility of contradicting + formats such as PKCS1 with ED25519 the valid permutations are listed as a + linear set instead of a cartesian set (i.e one combined variable instead of + two, one for encoding and one for the signature algorithm). """ PUBLIC_KEY_DETAILS_UNSPECIFIED = 0 @@ -47,32 +52,19 @@ class PublicKeyDetails(betterproto.Enum): PKCS1_RSA_PSS = 2 PKIX_RSA_PKCS1V5 = 3 PKIX_RSA_PSS = 4 - PKIX_ECDSA_P256_SHA_256 = 5 + PKIX_RSA_PKCS1_2048_SHA256 = 9 + PKIX_RSA_PKCS1_3072_SHA256 = 10 + PKIX_RSA_PKCS1_4096_SHA256 = 11 + PKIX_ECDSA_P256_HMAC_SHA_256 = 6 """ECDSA""" - PKIX_ECDSA_P256_HMAC_SHA_256 = 6 + PKIX_ECDSA_P256_SHA_256 = 5 + PKIX_ECDSA_P384_SHA_384 = 12 + PKIX_ECDSA_P521_SHA_512 = 13 PKIX_ED25519 = 7 """Ed 25519""" - -class KnownSignatureAlgorithm(betterproto.Enum): - """ - KnownSignatureAlgorithm captures the public key/hash algorithm combinations - recommended in the Sigstore ecosystem. This is modelled as a linear set as - we want to provide a small number of opinionated options instead of - allowing every possible permutation. Any changes to this enum MUST be - reflected in the algorithm registry. See: docs/algorithm-registry.md - """ - - KNOWN_SIGNATURE_ALGORITHM_UNSPECIFIED = 0 - RSA_SIGN_PKCS1_2048_SHA256 = 1 - RSA_SIGN_PKCS1_3072_SHA256 = 2 - RSA_SIGN_PKCS1_4096_SHA256 = 3 - ECDSA_SHA2_256_NISTP256 = 4 - ECDSA_SHA2_384_NISTP384 = 5 - ECDSA_SHA2_512_NISTP521 = 6 - ED25519 = 7 - ED25519_PH = 8 + PKIX_ED25519_PH = 8 class SubjectAlternativeNameType(betterproto.Enum): diff --git a/gen/pb-ruby/lib/sigstore_common_pb.rb b/gen/pb-ruby/lib/sigstore_common_pb.rb index 4b469720..86877e48 100644 --- a/gen/pb-ruby/lib/sigstore_common_pb.rb +++ b/gen/pb-ruby/lib/sigstore_common_pb.rb @@ -72,20 +72,15 @@ value :PKCS1_RSA_PSS, 2 value :PKIX_RSA_PKCS1V5, 3 value :PKIX_RSA_PSS, 4 - value :PKIX_ECDSA_P256_SHA_256, 5 + value :PKIX_RSA_PKCS1_2048_SHA256, 9 + value :PKIX_RSA_PKCS1_3072_SHA256, 10 + value :PKIX_RSA_PKCS1_4096_SHA256, 11 value :PKIX_ECDSA_P256_HMAC_SHA_256, 6 + value :PKIX_ECDSA_P256_SHA_256, 5 + value :PKIX_ECDSA_P384_SHA_384, 12 + value :PKIX_ECDSA_P521_SHA_512, 13 value :PKIX_ED25519, 7 - end - add_enum "dev.sigstore.common.v1.KnownSignatureAlgorithm" do - value :KNOWN_SIGNATURE_ALGORITHM_UNSPECIFIED, 0 - value :RSA_SIGN_PKCS1_2048_SHA256, 1 - value :RSA_SIGN_PKCS1_3072_SHA256, 2 - value :RSA_SIGN_PKCS1_4096_SHA256, 3 - value :ECDSA_SHA2_256_NISTP256, 4 - value :ECDSA_SHA2_384_NISTP384, 5 - value :ECDSA_SHA2_512_NISTP521, 6 - value :ED25519, 7 - value :ED25519_PH, 8 + value :PKIX_ED25519_PH, 8 end add_enum "dev.sigstore.common.v1.SubjectAlternativeNameType" do value :SUBJECT_ALTERNATIVE_NAME_TYPE_UNSPECIFIED, 0 @@ -114,7 +109,6 @@ module V1 TimeRange = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("dev.sigstore.common.v1.TimeRange").msgclass HashAlgorithm = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("dev.sigstore.common.v1.HashAlgorithm").enummodule PublicKeyDetails = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("dev.sigstore.common.v1.PublicKeyDetails").enummodule - KnownSignatureAlgorithm = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("dev.sigstore.common.v1.KnownSignatureAlgorithm").enummodule SubjectAlternativeNameType = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("dev.sigstore.common.v1.SubjectAlternativeNameType").enummodule end end diff --git a/gen/pb-rust/schemas/ArtifactVerificationOptions.schema.json b/gen/pb-rust/schemas/ArtifactVerificationOptions.schema.json index a36bcb98..af233021 100644 --- a/gen/pb-rust/schemas/ArtifactVerificationOptions.schema.json +++ b/gen/pb-rust/schemas/ArtifactVerificationOptions.schema.json @@ -127,13 +127,19 @@ "PKCS1_RSA_PSS", "PKIX_RSA_PKCS1V5", "PKIX_RSA_PSS", - "PKIX_ECDSA_P256_SHA_256", + "PKIX_RSA_PKCS1_2048_SHA256", + "PKIX_RSA_PKCS1_3072_SHA256", + "PKIX_RSA_PKCS1_4096_SHA256", "PKIX_ECDSA_P256_HMAC_SHA_256", - "PKIX_ED25519" + "PKIX_ECDSA_P256_SHA_256", + "PKIX_ECDSA_P384_SHA_384", + "PKIX_ECDSA_P521_SHA_512", + "PKIX_ED25519", + "PKIX_ED25519_PH" ], "type": "string", "title": "Public Key Details", - "description": "Details of a specific public key, capturing the the key encoding method, and signature algorithm. To avoid the possibility of contradicting formats such as PKCS1 with ED25519 the valid permutations are listed as a linear set instead of a cartesian set (i.e one combined variable instead of two, one for encoding and one for the signature algorithm)." + "description": "Details of a specific public key, capturing the the key encoding method, and signature algorithm. PublicKeyDetails captures the public key/hash algorithm combinations recommended in the Sigstore ecosystem. This is modelled as a linear set as we want to provide a small number of opinionated options instead of allowing every possible permutation. Any changes to this enum MUST be reflected in the algorithm registry. See: docs/algorithm-registry.md To avoid the possibility of contradicting formats such as PKCS1 with ED25519 the valid permutations are listed as a linear set instead of a cartesian set (i.e one combined variable instead of two, one for encoding and one for the signature algorithm)." }, "validFor": { "$ref": "#/definitions/dev.sigstore.common.v1.TimeRange", diff --git a/gen/pb-rust/schemas/Input.schema.json b/gen/pb-rust/schemas/Input.schema.json index 755f8f24..7ee0bfaa 100644 --- a/gen/pb-rust/schemas/Input.schema.json +++ b/gen/pb-rust/schemas/Input.schema.json @@ -257,13 +257,19 @@ "PKCS1_RSA_PSS", "PKIX_RSA_PKCS1V5", "PKIX_RSA_PSS", - "PKIX_ECDSA_P256_SHA_256", + "PKIX_RSA_PKCS1_2048_SHA256", + "PKIX_RSA_PKCS1_3072_SHA256", + "PKIX_RSA_PKCS1_4096_SHA256", "PKIX_ECDSA_P256_HMAC_SHA_256", - "PKIX_ED25519" + "PKIX_ECDSA_P256_SHA_256", + "PKIX_ECDSA_P384_SHA_384", + "PKIX_ECDSA_P521_SHA_512", + "PKIX_ED25519", + "PKIX_ED25519_PH" ], "type": "string", "title": "Public Key Details", - "description": "Details of a specific public key, capturing the the key encoding method, and signature algorithm. To avoid the possibility of contradicting formats such as PKCS1 with ED25519 the valid permutations are listed as a linear set instead of a cartesian set (i.e one combined variable instead of two, one for encoding and one for the signature algorithm)." + "description": "Details of a specific public key, capturing the the key encoding method, and signature algorithm. PublicKeyDetails captures the public key/hash algorithm combinations recommended in the Sigstore ecosystem. This is modelled as a linear set as we want to provide a small number of opinionated options instead of allowing every possible permutation. Any changes to this enum MUST be reflected in the algorithm registry. See: docs/algorithm-registry.md To avoid the possibility of contradicting formats such as PKCS1 with ED25519 the valid permutations are listed as a linear set instead of a cartesian set (i.e one combined variable instead of two, one for encoding and one for the signature algorithm)." }, "validFor": { "$ref": "#/definitions/dev.sigstore.common.v1.TimeRange", diff --git a/gen/pb-rust/schemas/PublicKey.schema.json b/gen/pb-rust/schemas/PublicKey.schema.json index b380c3a7..62acbd86 100644 --- a/gen/pb-rust/schemas/PublicKey.schema.json +++ b/gen/pb-rust/schemas/PublicKey.schema.json @@ -17,13 +17,19 @@ "PKCS1_RSA_PSS", "PKIX_RSA_PKCS1V5", "PKIX_RSA_PSS", - "PKIX_ECDSA_P256_SHA_256", + "PKIX_RSA_PKCS1_2048_SHA256", + "PKIX_RSA_PKCS1_3072_SHA256", + "PKIX_RSA_PKCS1_4096_SHA256", "PKIX_ECDSA_P256_HMAC_SHA_256", - "PKIX_ED25519" + "PKIX_ECDSA_P256_SHA_256", + "PKIX_ECDSA_P384_SHA_384", + "PKIX_ECDSA_P521_SHA_512", + "PKIX_ED25519", + "PKIX_ED25519_PH" ], "type": "string", "title": "Public Key Details", - "description": "Details of a specific public key, capturing the the key encoding method, and signature algorithm. To avoid the possibility of contradicting formats such as PKCS1 with ED25519 the valid permutations are listed as a linear set instead of a cartesian set (i.e one combined variable instead of two, one for encoding and one for the signature algorithm)." + "description": "Details of a specific public key, capturing the the key encoding method, and signature algorithm. PublicKeyDetails captures the public key/hash algorithm combinations recommended in the Sigstore ecosystem. This is modelled as a linear set as we want to provide a small number of opinionated options instead of allowing every possible permutation. Any changes to this enum MUST be reflected in the algorithm registry. See: docs/algorithm-registry.md To avoid the possibility of contradicting formats such as PKCS1 with ED25519 the valid permutations are listed as a linear set instead of a cartesian set (i.e one combined variable instead of two, one for encoding and one for the signature algorithm)." }, "validFor": { "$ref": "#/definitions/dev.sigstore.common.v1.TimeRange", diff --git a/gen/pb-rust/schemas/PublicKeyIdentities.schema.json b/gen/pb-rust/schemas/PublicKeyIdentities.schema.json index 72dc4fa4..f17c0d64 100644 --- a/gen/pb-rust/schemas/PublicKeyIdentities.schema.json +++ b/gen/pb-rust/schemas/PublicKeyIdentities.schema.json @@ -31,13 +31,19 @@ "PKCS1_RSA_PSS", "PKIX_RSA_PKCS1V5", "PKIX_RSA_PSS", - "PKIX_ECDSA_P256_SHA_256", + "PKIX_RSA_PKCS1_2048_SHA256", + "PKIX_RSA_PKCS1_3072_SHA256", + "PKIX_RSA_PKCS1_4096_SHA256", "PKIX_ECDSA_P256_HMAC_SHA_256", - "PKIX_ED25519" + "PKIX_ECDSA_P256_SHA_256", + "PKIX_ECDSA_P384_SHA_384", + "PKIX_ECDSA_P521_SHA_512", + "PKIX_ED25519", + "PKIX_ED25519_PH" ], "type": "string", "title": "Public Key Details", - "description": "Details of a specific public key, capturing the the key encoding method, and signature algorithm. To avoid the possibility of contradicting formats such as PKCS1 with ED25519 the valid permutations are listed as a linear set instead of a cartesian set (i.e one combined variable instead of two, one for encoding and one for the signature algorithm)." + "description": "Details of a specific public key, capturing the the key encoding method, and signature algorithm. PublicKeyDetails captures the public key/hash algorithm combinations recommended in the Sigstore ecosystem. This is modelled as a linear set as we want to provide a small number of opinionated options instead of allowing every possible permutation. Any changes to this enum MUST be reflected in the algorithm registry. See: docs/algorithm-registry.md To avoid the possibility of contradicting formats such as PKCS1 with ED25519 the valid permutations are listed as a linear set instead of a cartesian set (i.e one combined variable instead of two, one for encoding and one for the signature algorithm)." }, "validFor": { "$ref": "#/definitions/dev.sigstore.common.v1.TimeRange", diff --git a/gen/pb-rust/schemas/TransparencyLogInstance.schema.json b/gen/pb-rust/schemas/TransparencyLogInstance.schema.json index 08358780..2e46024f 100644 --- a/gen/pb-rust/schemas/TransparencyLogInstance.schema.json +++ b/gen/pb-rust/schemas/TransparencyLogInstance.schema.json @@ -66,13 +66,19 @@ "PKCS1_RSA_PSS", "PKIX_RSA_PKCS1V5", "PKIX_RSA_PSS", - "PKIX_ECDSA_P256_SHA_256", + "PKIX_RSA_PKCS1_2048_SHA256", + "PKIX_RSA_PKCS1_3072_SHA256", + "PKIX_RSA_PKCS1_4096_SHA256", "PKIX_ECDSA_P256_HMAC_SHA_256", - "PKIX_ED25519" + "PKIX_ECDSA_P256_SHA_256", + "PKIX_ECDSA_P384_SHA_384", + "PKIX_ECDSA_P521_SHA_512", + "PKIX_ED25519", + "PKIX_ED25519_PH" ], "type": "string", "title": "Public Key Details", - "description": "Details of a specific public key, capturing the the key encoding method, and signature algorithm. To avoid the possibility of contradicting formats such as PKCS1 with ED25519 the valid permutations are listed as a linear set instead of a cartesian set (i.e one combined variable instead of two, one for encoding and one for the signature algorithm)." + "description": "Details of a specific public key, capturing the the key encoding method, and signature algorithm. PublicKeyDetails captures the public key/hash algorithm combinations recommended in the Sigstore ecosystem. This is modelled as a linear set as we want to provide a small number of opinionated options instead of allowing every possible permutation. Any changes to this enum MUST be reflected in the algorithm registry. See: docs/algorithm-registry.md To avoid the possibility of contradicting formats such as PKCS1 with ED25519 the valid permutations are listed as a linear set instead of a cartesian set (i.e one combined variable instead of two, one for encoding and one for the signature algorithm)." }, "validFor": { "$ref": "#/definitions/dev.sigstore.common.v1.TimeRange", diff --git a/gen/pb-rust/schemas/TrustedRoot.schema.json b/gen/pb-rust/schemas/TrustedRoot.schema.json index 240bb0f9..2f393c6b 100644 --- a/gen/pb-rust/schemas/TrustedRoot.schema.json +++ b/gen/pb-rust/schemas/TrustedRoot.schema.json @@ -88,13 +88,19 @@ "PKCS1_RSA_PSS", "PKIX_RSA_PKCS1V5", "PKIX_RSA_PSS", - "PKIX_ECDSA_P256_SHA_256", + "PKIX_RSA_PKCS1_2048_SHA256", + "PKIX_RSA_PKCS1_3072_SHA256", + "PKIX_RSA_PKCS1_4096_SHA256", "PKIX_ECDSA_P256_HMAC_SHA_256", - "PKIX_ED25519" + "PKIX_ECDSA_P256_SHA_256", + "PKIX_ECDSA_P384_SHA_384", + "PKIX_ECDSA_P521_SHA_512", + "PKIX_ED25519", + "PKIX_ED25519_PH" ], "type": "string", "title": "Public Key Details", - "description": "Details of a specific public key, capturing the the key encoding method, and signature algorithm. To avoid the possibility of contradicting formats such as PKCS1 with ED25519 the valid permutations are listed as a linear set instead of a cartesian set (i.e one combined variable instead of two, one for encoding and one for the signature algorithm)." + "description": "Details of a specific public key, capturing the the key encoding method, and signature algorithm. PublicKeyDetails captures the public key/hash algorithm combinations recommended in the Sigstore ecosystem. This is modelled as a linear set as we want to provide a small number of opinionated options instead of allowing every possible permutation. Any changes to this enum MUST be reflected in the algorithm registry. See: docs/algorithm-registry.md To avoid the possibility of contradicting formats such as PKCS1 with ED25519 the valid permutations are listed as a linear set instead of a cartesian set (i.e one combined variable instead of two, one for encoding and one for the signature algorithm)." }, "validFor": { "$ref": "#/definitions/dev.sigstore.common.v1.TimeRange", diff --git a/gen/pb-typescript/src/__generated__/sigstore_common.ts b/gen/pb-typescript/src/__generated__/sigstore_common.ts index ea341a74..7c7d393e 100644 --- a/gen/pb-typescript/src/__generated__/sigstore_common.ts +++ b/gen/pb-typescript/src/__generated__/sigstore_common.ts @@ -66,6 +66,16 @@ export function hashAlgorithmToJSON(object: HashAlgorithm): string { /** * Details of a specific public key, capturing the the key encoding method, * and signature algorithm. + * + * PublicKeyDetails captures the public key/hash algorithm combinations + * recommended in the Sigstore ecosystem. + * + * This is modelled as a linear set as we want to provide a small number of + * opinionated options instead of allowing every possible permutation. + * + * Any changes to this enum MUST be reflected in the algorithm registry. + * See: docs/algorithm-registry.md + * * To avoid the possibility of contradicting formats such as PKCS1 with * ED25519 the valid permutations are listed as a linear set instead of a * cartesian set (i.e one combined variable instead of two, one for encoding @@ -73,18 +83,38 @@ export function hashAlgorithmToJSON(object: HashAlgorithm): string { */ export enum PublicKeyDetails { PUBLIC_KEY_DETAILS_UNSPECIFIED = 0, - /** PKCS1_RSA_PKCS1V5 - RSA */ + /** + * PKCS1_RSA_PKCS1V5 - RSA + * + * @deprecated + */ PKCS1_RSA_PKCS1V5 = 1, - /** PKCS1_RSA_PSS - See RFC8017 */ + /** + * PKCS1_RSA_PSS - See RFC8017 + * + * @deprecated + */ PKCS1_RSA_PSS = 2, + /** @deprecated */ PKIX_RSA_PKCS1V5 = 3, + /** @deprecated */ PKIX_RSA_PSS = 4, - /** PKIX_ECDSA_P256_SHA_256 - ECDSA */ - PKIX_ECDSA_P256_SHA_256 = 5, - /** PKIX_ECDSA_P256_HMAC_SHA_256 - See RFC6979 */ + PKIX_RSA_PKCS1_2048_SHA256 = 9, + PKIX_RSA_PKCS1_3072_SHA256 = 10, + PKIX_RSA_PKCS1_4096_SHA256 = 11, + /** + * PKIX_ECDSA_P256_HMAC_SHA_256 - ECDSA + * + * @deprecated + */ PKIX_ECDSA_P256_HMAC_SHA_256 = 6, + /** PKIX_ECDSA_P256_SHA_256 - See NIST FIPS 186-4 */ + PKIX_ECDSA_P256_SHA_256 = 5, + PKIX_ECDSA_P384_SHA_384 = 12, + PKIX_ECDSA_P521_SHA_512 = 13, /** PKIX_ED25519 - Ed 25519 */ PKIX_ED25519 = 7, + PKIX_ED25519_PH = 8, } export function publicKeyDetailsFromJSON(object: any): PublicKeyDetails { @@ -104,15 +134,33 @@ export function publicKeyDetailsFromJSON(object: any): PublicKeyDetails { case 4: case "PKIX_RSA_PSS": return PublicKeyDetails.PKIX_RSA_PSS; - case 5: - case "PKIX_ECDSA_P256_SHA_256": - return PublicKeyDetails.PKIX_ECDSA_P256_SHA_256; + case 9: + case "PKIX_RSA_PKCS1_2048_SHA256": + return PublicKeyDetails.PKIX_RSA_PKCS1_2048_SHA256; + case 10: + case "PKIX_RSA_PKCS1_3072_SHA256": + return PublicKeyDetails.PKIX_RSA_PKCS1_3072_SHA256; + case 11: + case "PKIX_RSA_PKCS1_4096_SHA256": + return PublicKeyDetails.PKIX_RSA_PKCS1_4096_SHA256; case 6: case "PKIX_ECDSA_P256_HMAC_SHA_256": return PublicKeyDetails.PKIX_ECDSA_P256_HMAC_SHA_256; + case 5: + case "PKIX_ECDSA_P256_SHA_256": + return PublicKeyDetails.PKIX_ECDSA_P256_SHA_256; + case 12: + case "PKIX_ECDSA_P384_SHA_384": + return PublicKeyDetails.PKIX_ECDSA_P384_SHA_384; + case 13: + case "PKIX_ECDSA_P521_SHA_512": + return PublicKeyDetails.PKIX_ECDSA_P521_SHA_512; case 7: case "PKIX_ED25519": return PublicKeyDetails.PKIX_ED25519; + case 8: + case "PKIX_ED25519_PH": + return PublicKeyDetails.PKIX_ED25519_PH; default: throw new tsProtoGlobalThis.Error("Unrecognized enum value " + object + " for enum PublicKeyDetails"); } @@ -130,98 +178,29 @@ export function publicKeyDetailsToJSON(object: PublicKeyDetails): string { return "PKIX_RSA_PKCS1V5"; case PublicKeyDetails.PKIX_RSA_PSS: return "PKIX_RSA_PSS"; - case PublicKeyDetails.PKIX_ECDSA_P256_SHA_256: - return "PKIX_ECDSA_P256_SHA_256"; + case PublicKeyDetails.PKIX_RSA_PKCS1_2048_SHA256: + return "PKIX_RSA_PKCS1_2048_SHA256"; + case PublicKeyDetails.PKIX_RSA_PKCS1_3072_SHA256: + return "PKIX_RSA_PKCS1_3072_SHA256"; + case PublicKeyDetails.PKIX_RSA_PKCS1_4096_SHA256: + return "PKIX_RSA_PKCS1_4096_SHA256"; case PublicKeyDetails.PKIX_ECDSA_P256_HMAC_SHA_256: return "PKIX_ECDSA_P256_HMAC_SHA_256"; + case PublicKeyDetails.PKIX_ECDSA_P256_SHA_256: + return "PKIX_ECDSA_P256_SHA_256"; + case PublicKeyDetails.PKIX_ECDSA_P384_SHA_384: + return "PKIX_ECDSA_P384_SHA_384"; + case PublicKeyDetails.PKIX_ECDSA_P521_SHA_512: + return "PKIX_ECDSA_P521_SHA_512"; case PublicKeyDetails.PKIX_ED25519: return "PKIX_ED25519"; + case PublicKeyDetails.PKIX_ED25519_PH: + return "PKIX_ED25519_PH"; default: throw new tsProtoGlobalThis.Error("Unrecognized enum value " + object + " for enum PublicKeyDetails"); } } -/** - * KnownSignatureAlgorithm captures the public key/hash algorithm combinations - * recommended in the Sigstore ecosystem. - * - * This is modelled as a linear set as we want to provide a small number of - * opinionated options instead of allowing every possible permutation. - * - * Any changes to this enum MUST be reflected in the algorithm registry. - * See: docs/algorithm-registry.md - */ -export enum KnownSignatureAlgorithm { - KNOWN_SIGNATURE_ALGORITHM_UNSPECIFIED = 0, - RSA_SIGN_PKCS1_2048_SHA256 = 1, - RSA_SIGN_PKCS1_3072_SHA256 = 2, - RSA_SIGN_PKCS1_4096_SHA256 = 3, - ECDSA_SHA2_256_NISTP256 = 4, - ECDSA_SHA2_384_NISTP384 = 5, - ECDSA_SHA2_512_NISTP521 = 6, - ED25519 = 7, - ED25519_PH = 8, -} - -export function knownSignatureAlgorithmFromJSON(object: any): KnownSignatureAlgorithm { - switch (object) { - case 0: - case "KNOWN_SIGNATURE_ALGORITHM_UNSPECIFIED": - return KnownSignatureAlgorithm.KNOWN_SIGNATURE_ALGORITHM_UNSPECIFIED; - case 1: - case "RSA_SIGN_PKCS1_2048_SHA256": - return KnownSignatureAlgorithm.RSA_SIGN_PKCS1_2048_SHA256; - case 2: - case "RSA_SIGN_PKCS1_3072_SHA256": - return KnownSignatureAlgorithm.RSA_SIGN_PKCS1_3072_SHA256; - case 3: - case "RSA_SIGN_PKCS1_4096_SHA256": - return KnownSignatureAlgorithm.RSA_SIGN_PKCS1_4096_SHA256; - case 4: - case "ECDSA_SHA2_256_NISTP256": - return KnownSignatureAlgorithm.ECDSA_SHA2_256_NISTP256; - case 5: - case "ECDSA_SHA2_384_NISTP384": - return KnownSignatureAlgorithm.ECDSA_SHA2_384_NISTP384; - case 6: - case "ECDSA_SHA2_512_NISTP521": - return KnownSignatureAlgorithm.ECDSA_SHA2_512_NISTP521; - case 7: - case "ED25519": - return KnownSignatureAlgorithm.ED25519; - case 8: - case "ED25519_PH": - return KnownSignatureAlgorithm.ED25519_PH; - default: - throw new tsProtoGlobalThis.Error("Unrecognized enum value " + object + " for enum KnownSignatureAlgorithm"); - } -} - -export function knownSignatureAlgorithmToJSON(object: KnownSignatureAlgorithm): string { - switch (object) { - case KnownSignatureAlgorithm.KNOWN_SIGNATURE_ALGORITHM_UNSPECIFIED: - return "KNOWN_SIGNATURE_ALGORITHM_UNSPECIFIED"; - case KnownSignatureAlgorithm.RSA_SIGN_PKCS1_2048_SHA256: - return "RSA_SIGN_PKCS1_2048_SHA256"; - case KnownSignatureAlgorithm.RSA_SIGN_PKCS1_3072_SHA256: - return "RSA_SIGN_PKCS1_3072_SHA256"; - case KnownSignatureAlgorithm.RSA_SIGN_PKCS1_4096_SHA256: - return "RSA_SIGN_PKCS1_4096_SHA256"; - case KnownSignatureAlgorithm.ECDSA_SHA2_256_NISTP256: - return "ECDSA_SHA2_256_NISTP256"; - case KnownSignatureAlgorithm.ECDSA_SHA2_384_NISTP384: - return "ECDSA_SHA2_384_NISTP384"; - case KnownSignatureAlgorithm.ECDSA_SHA2_512_NISTP521: - return "ECDSA_SHA2_512_NISTP521"; - case KnownSignatureAlgorithm.ED25519: - return "ED25519"; - case KnownSignatureAlgorithm.ED25519_PH: - return "ED25519_PH"; - default: - throw new tsProtoGlobalThis.Error("Unrecognized enum value " + object + " for enum KnownSignatureAlgorithm"); - } -} - export enum SubjectAlternativeNameType { SUBJECT_ALTERNATIVE_NAME_TYPE_UNSPECIFIED = 0, EMAIL = 1, diff --git a/protos/sigstore_common.proto b/protos/sigstore_common.proto index ab918b16..1370bd6b 100644 --- a/protos/sigstore_common.proto +++ b/protos/sigstore_common.proto @@ -45,6 +45,16 @@ enum HashAlgorithm { // Details of a specific public key, capturing the the key encoding method, // and signature algorithm. +// +// PublicKeyDetails captures the public key/hash algorithm combinations +// recommended in the Sigstore ecosystem. +// +// This is modelled as a linear set as we want to provide a small number of +// opinionated options instead of allowing every possible permutation. +// +// Any changes to this enum MUST be reflected in the algorithm registry. +// See: docs/algorithm-registry.md +// // To avoid the possibility of contradicting formats such as PKCS1 with // ED25519 the valid permutations are listed as a linear set instead of a // cartesian set (i.e one combined variable instead of two, one for encoding @@ -52,15 +62,23 @@ enum HashAlgorithm { enum PublicKeyDetails { PUBLIC_KEY_DETAILS_UNSPECIFIED = 0; // RSA - PKCS1_RSA_PKCS1V5 = 1; // See RFC8017 - PKCS1_RSA_PSS = 2; // See RFC8017 - PKIX_RSA_PKCS1V5 = 3; - PKIX_RSA_PSS = 4; + PKCS1_RSA_PKCS1V5 = 1 [deprecated = true]; // See RFC8017 + PKCS1_RSA_PSS = 2 [deprecated = true]; // See RFC8017 + PKIX_RSA_PKCS1V5 = 3 [deprecated = true]; + PKIX_RSA_PSS = 4 [deprecated = true]; + PKIX_RSA_PKCS1_2048_SHA256 = 9; + PKIX_RSA_PKCS1_3072_SHA256 = 10; + PKIX_RSA_PKCS1_4096_SHA256 = 11; + // ECDSA + PKIX_ECDSA_P256_HMAC_SHA_256 = 6 [deprecated = true]; // See RFC6979 PKIX_ECDSA_P256_SHA_256 = 5; // See NIST FIPS 186-4 - PKIX_ECDSA_P256_HMAC_SHA_256 = 6; // See RFC6979 + PKIX_ECDSA_P384_SHA_384 = 12; + PKIX_ECDSA_P521_SHA_512 = 13; + // Ed 25519 PKIX_ED25519 = 7; // See RFC8032 + PKIX_ED25519_PH = 8; } // HashOutput captures a digest of a 'message' (generic octet sequence) @@ -72,26 +90,6 @@ message HashOutput { bytes digest = 2; } -// KnownSignatureAlgorithm captures the public key/hash algorithm combinations -// recommended in the Sigstore ecosystem. -// -// This is modelled as a linear set as we want to provide a small number of -// opinionated options instead of allowing every possible permutation. -// -// Any changes to this enum MUST be reflected in the algorithm registry. -// See: docs/algorithm-registry.md -enum KnownSignatureAlgorithm { - KNOWN_SIGNATURE_ALGORITHM_UNSPECIFIED = 0; - RSA_SIGN_PKCS1_2048_SHA256 = 1; - RSA_SIGN_PKCS1_3072_SHA256 = 2; - RSA_SIGN_PKCS1_4096_SHA256 = 3; - ECDSA_SHA2_256_NISTP256 = 4; - ECDSA_SHA2_384_NISTP384 = 5; - ECDSA_SHA2_512_NISTP521 = 6; - ED25519 = 7; - ED25519_PH = 8; -} - // MessageSignature stores the computed signature over a message. message MessageSignature { // Message digest can be used to identify the artifact.