WIP: add support for variable digests and paddings, ie. stop hardcoding SHA256 in verify.go

[tuminoid]

Work-in-progress!

Summary

cosign verify has a switch called --signature-digest-algorithm, which apparently does nothing. You can have SHA256 signature, pass flag for --signature-digest-algorithm sha512 and nothing complains. It also does not make SHA512 supported. Also, only PKCS#1 is supported. PSS is not.

Namely, this PR stops hardcoding SHA256 and assuming PKCS#1 in verify.go, in minimal way. It makes verify work for SHA512/PSS for example. Let's say its a starting point. Feedback welcome.

It does not:

• fix the command line flag being ignored
• fix any other issue listed in cosigned: allow configuring hash algorithm for signature verification #1775

Release Note

Partially-fixes: #1775

Documentation

TODO, though this is a bugfix, so not aiming to change anything, just make things work.

[haydentherapper]

I believe the signature-digest-algorithm flag was specifically for KMS keys, as it's used in https://github.com/sigstore/cosign/blob/main/cmd/cosign/cli/verify/verify.go#L198.

Note there was prior work on cryptographic agility: #3497

I recognize the difference between these two approaches requires far more work for the earlier PR, but I don't want to shoehorn RSA-PSS support in in one specific verification workflow. I'd want to explore pulling in parts of that PR to support additional algorithms and digests for both signing and verification.

[tuminoid]

Thanks @haydentherapper! We discussed this also in slack, and as expected, this was very simplistic approach. To actually get support for SHA512/PSS in Cosign/Sigstore, one would need:

• implement same support for Cosign SDKs in all supported languages
• Refactor signing/verifying library
• Implement support in Sigstore services (Fulcio/Rekor)
• Fix all clients

IMO this kind of effort must be thus coordinated and roadmapped properly, with approved designs, and hence outside of individual contributor scope.

I will close my PR.