Merge pull request #1027 from sigstore/addsigningalgotosigner

Match signer chosing to algorithm registry

Author: aaronlew02

fuzzing/src/main/java/fuzzing/SignerVerifierFuzzer.java

@@ -16,6 +16,7 @@
 package fuzzing;
 
 import com.code_intelligence.jazzer.api.FuzzedDataProvider;
+import dev.sigstore.AlgorithmRegistry;
 import dev.sigstore.encryption.signers.Signer;
 import dev.sigstore.encryption.signers.Signers;
 import dev.sigstore.encryption.signers.Verifier;
@@ -27,10 +28,10 @@
 public class SignerVerifierFuzzer {
   public static void fuzzerTestOneInput(FuzzedDataProvider data) {
     try {
-      Integer choice = data.consumeInt(0, 1);
+      Integer choice = data.consumeInt(0, AlgorithmRegistry.SigningAlgorithm.values().length - 1);
       byte[] byteArray = data.consumeRemainingAsBytes();
 
-      Signer signer = (choice == 1) ? Signers.newEcdsaSigner() : Signers.newRsaSigner();
+      Signer signer = Signers.from(AlgorithmRegistry.SigningAlgorithm.values()[choice]);
       Verifier verifier = Verifiers.newVerifier(signer.getPublicKey());
 
       byte[] signature1 = signer.sign(byteArray);

sigstore-java/src/main/java/dev/sigstore/AlgorithmRegistry.java

@@ -0,0 +1,71 @@
+/*
+ * Copyright 2025 The Sigstore Authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package dev.sigstore;
+
+import static com.google.common.hash.Hashing.*;
+
+import com.google.common.hash.HashFunction;
+
+public class AlgorithmRegistry {
+  public enum SigningAlgorithm {
+    PKIX_RSA_PKCS1V15_2048_SHA256(HashAlgorithm.SHA2_256),
+    PKIX_RSA_PKCS1V15_3072_SHA256(HashAlgorithm.SHA2_256),
+    PKIX_RSA_PKCS1V15_4096_SHA256(HashAlgorithm.SHA2_256),
+
+    // ECDSA
+    PKIX_ECDSA_P256_SHA_256(HashAlgorithm.SHA2_256);
+    // TODO: PKIX_ECDSA_P384_SHA_384(HashAlgorithm.SHA2_384),
+    // TODO: PKIX_ECDSA_P521_SHA_512(HashAlgorithm.SHA2_512);
+
+    private final HashAlgorithm hashAlgorithm;
+
+    SigningAlgorithm(HashAlgorithm hashAlgorithm) {
+      this.hashAlgorithm = hashAlgorithm;
+    }
+
+    public HashAlgorithm getHashing() {
+      return hashAlgorithm;
+    }
+  }
+
+  public enum HashAlgorithm {
+    SHA2_256("SHA256", 32, sha256());
+    // TODO: SHA2_384("SHA384", 48, sha384()),
+    // TODO: SHA2_512("SHA512", 64, sha512());
+
+    private final String name;
+    private final int length;
+    private final HashFunction hashFunction;
+
+    HashAlgorithm(String name, int length, HashFunction hashFunction) {
+      this.name = name;
+      this.length = length;
+      this.hashFunction = hashFunction;
+    }
+
+    public String toString() {
+      return name;
+    }
+
+    public int getLength() {
+      return length;
+    }
+
+    HashFunction getHashFunction() {
+      return hashFunction;
+    }
+  }
+}

sigstore-java/src/main/java/dev/sigstore/KeylessSigner.java

@@ -24,7 +24,6 @@
 import com.google.errorprone.annotations.concurrent.GuardedBy;
 import com.google.protobuf.ByteString;
 import dev.sigstore.bundle.Bundle;
-import dev.sigstore.bundle.Bundle.HashAlgorithm;
 import dev.sigstore.bundle.Bundle.MessageSignature;
 import dev.sigstore.bundle.ImmutableBundle;
 import dev.sigstore.bundle.ImmutableTimestamp;
@@ -41,7 +40,7 @@
 import dev.sigstore.oidc.client.OidcException;
 import dev.sigstore.oidc.client.OidcToken;
 import dev.sigstore.oidc.client.OidcTokenMatcher;
-import dev.sigstore.proto.common.v1.PublicKeyDetails;
+import dev.sigstore.proto.ProtoMutators;
 import dev.sigstore.proto.common.v1.X509Certificate;
 import dev.sigstore.proto.rekor.v2.HashedRekordRequestV002;
 import dev.sigstore.proto.rekor.v2.Signature;
@@ -114,6 +113,7 @@ public class KeylessSigner implements AutoCloseable {
   private final OidcClients oidcClients;
   private final List<OidcTokenMatcher> oidcIdentities;
   private final Signer signer;
+  private final AlgorithmRegistry.SigningAlgorithm signingAlgorithm;
   private final Duration minSigningCertificateLifetime;
 
   /** The code signing certificate from Fulcio. */
@@ -150,6 +150,7 @@ private KeylessSigner(
       OidcClients oidcClients,
       List<OidcTokenMatcher> oidcIdentities,
       Signer signer,
+      AlgorithmRegistry.SigningAlgorithm signingAlgorithm,
       Duration minSigningCertificateLifetime) {
     this.fulcioClient = fulcioClient;
     this.fulcioVerifier = fulcioVerifier;
@@ -161,6 +162,7 @@ private KeylessSigner(
     this.oidcClients = oidcClients;
     this.oidcIdentities = oidcIdentities;
     this.signer = signer;
+    this.signingAlgorithm = signingAlgorithm;
     this.minSigningCertificateLifetime = minSigningCertificateLifetime;
   }
 
@@ -186,7 +188,7 @@ public static class Builder {
     private SigningConfigProvider signingConfigProvider;
     private OidcClients oidcClients;
     private List<OidcTokenMatcher> oidcIdentities = Collections.emptyList();
-    private Signer signer;
+    private AlgorithmRegistry.SigningAlgorithm signingAlgorithm;
     private Duration minSigningCertificateLifetime = DEFAULT_MIN_SIGNING_CERTIFICATE_LIFETIME;
     private boolean enableRekorV2 = false;
 
@@ -239,8 +241,8 @@ public Builder allowedOidcIdentities(List<OidcTokenMatcher> oidcIdentities) {
     }
 
     @CanIgnoreReturnValue
-    public Builder signer(Signer signer) {
-      this.signer = signer;
+    public Builder signingAlgorithm(AlgorithmRegistry.SigningAlgorithm signingAlgorithm) {
+      this.signingAlgorithm = signingAlgorithm;
       return this;
     }
 
@@ -276,7 +278,7 @@ public KeylessSigner build()
       Preconditions.checkNotNull(signingConfigProvider);
       var signingConfig = signingConfigProvider.get();
       Preconditions.checkNotNull(oidcIdentities);
-      Preconditions.checkNotNull(signer);
+      Preconditions.checkNotNull(signingAlgorithm);
       Preconditions.checkNotNull(minSigningCertificateLifetime);
       var fulcioService = Service.select(signingConfig.getCas(), List.of(1));
       if (fulcioService.isEmpty()) {
@@ -328,6 +330,12 @@ public KeylessSigner build()
         oidcClients = OidcClients.from(oidcService.get());
       }
 
+      if (!signingAlgorithm.getHashing().equals(AlgorithmRegistry.HashAlgorithm.SHA2_256)) {
+        throw new SigstoreConfigurationException("Signing algorithm must use sha256");
+      }
+
+      var signer = Signers.from(signingAlgorithm);
+
       return new KeylessSigner(
           fulcioClient,
           fulcioVerifier,
@@ -339,6 +347,7 @@ public KeylessSigner build()
           oidcClients,
           oidcIdentities,
           signer,
+          signingAlgorithm,
           minSigningCertificateLifetime);
     }
 
@@ -354,7 +363,7 @@ public Builder sigstorePublicDefaults() {
       signingConfigProvider =
           SigningConfigProvider.fromOrDefault(
               sigstoreTufClientBuilder, LegacySigningConfig.PUBLIC_GOOD);
-      signer(Signers.newEcdsaSigner());
+      signingAlgorithm = AlgorithmRegistry.SigningAlgorithm.PKIX_ECDSA_P256_SHA_256;
       minSigningCertificateLifetime(DEFAULT_MIN_SIGNING_CERTIFICATE_LIFETIME);
       return this;
     }
@@ -368,7 +377,7 @@ public Builder sigstoreStagingDefaults() {
       var sigstoreTufClientBuilder = SigstoreTufClient.builder().useStagingInstance();
       trustedRootProvider = TrustedRootProvider.from(sigstoreTufClientBuilder);
       signingConfigProvider = SigningConfigProvider.from(sigstoreTufClientBuilder);
-      signer(Signers.newEcdsaSigner());
+      signingAlgorithm = AlgorithmRegistry.SigningAlgorithm.PKIX_ECDSA_P256_SHA_256;
       minSigningCertificateLifetime(DEFAULT_MIN_SIGNING_CERTIFICATE_LIFETIME);
       return this;
     }
@@ -384,11 +393,20 @@ public Builder sigstoreStagingDefaults() {
    */
   @CheckReturnValue
   public List<Bundle> sign(List<byte[]> artifactDigests) throws KeylessSignerException {
-
-    if (artifactDigests.size() == 0) {
+    if (artifactDigests.isEmpty()) {
       throw new IllegalArgumentException("Require one or more digests");
     }
 
+    for (var digest : artifactDigests) {
+      if (signingAlgorithm.getHashing().getLength() != digest.length) {
+        throw new KeylessSignerException(
+            "Invalid digest length: "
+                + digest.length
+                + " for signing Algorithm "
+                + signingAlgorithm);
+      }
+    }
+
     var result = ImmutableList.<Bundle>builder();
 
     for (var artifactDigest : artifactDigests) {
@@ -435,7 +453,7 @@ public List<Bundle> sign(List<byte[]> artifactDigests) throws KeylessSignerExcep
           ImmutableBundle.builder()
               .certPath(signingCert)
               .messageSignature(
-                  MessageSignature.of(HashAlgorithm.SHA2_256, artifactDigest, signature));
+                  MessageSignature.of(signingAlgorithm.getHashing(), artifactDigest, signature));
 
       if (rekorV2Client != null) { // Using Rekor v2 and a TSA
         Preconditions.checkNotNull(
@@ -475,7 +493,7 @@ public List<Bundle> sign(List<byte[]> artifactDigests) throws KeylessSignerExcep
                     X509Certificate.newBuilder()
                         .setRawBytes(ByteString.copyFrom(encodedCert))
                         .build())
-                .setKeyDetails(PublicKeyDetails.PKIX_ECDSA_P256_SHA_256)
+                .setKeyDetails(ProtoMutators.toPublicKeyDetails(signingAlgorithm))
                 .build();
 
         var reqSignature =
@@ -610,7 +628,7 @@ private void renewSigningCertificate()
   /**
    * Convenience wrapper around {@link #sign(List)} to sign a single digest
    *
-   * @param artifactDigest sha256 digest of the artifact to sign.
+   * @param artifactDigest sha256 digest of the artifacts to sign.
    * @return a keyless singing results.
    */
   @CheckReturnValue
@@ -626,14 +644,15 @@ public Bundle sign(byte[] artifactDigest) throws KeylessSignerException {
    */
   @CheckReturnValue
   public Map<Path, Bundle> signFiles(List<Path> artifacts) throws KeylessSignerException {
-    if (artifacts.size() == 0) {
+    if (artifacts.isEmpty()) {
       throw new IllegalArgumentException("Require one or more paths");
     }
     var digests = new ArrayList<byte[]>(artifacts.size());
     for (var artifact : artifacts) {
       var artifactByteSource = com.google.common.io.Files.asByteSource(artifact.toFile());
       try {
-        digests.add(artifactByteSource.hash(Hashing.sha256()).asBytes());
+        digests.add(
+            artifactByteSource.hash(signingAlgorithm.getHashing().getHashFunction()).asBytes());
       } catch (IOException ex) {
         throw new KeylessSignerException("Failed to hash artifact " + artifact);
       }
@@ -656,13 +675,4 @@ public Map<Path, Bundle> signFiles(List<Path> artifacts) throws KeylessSignerExc
   public Bundle signFile(Path artifact) throws KeylessSignerException {
     return signFiles(List.of(artifact)).get(artifact);
   }
-
-  /**
-   * Convenience wrapper around {@link #sign(List)} to accept a single file Compat - to be removed
-   * before 1.0.0
-   */
-  @Deprecated
-  public Bundle signFile2(Path artifact) throws KeylessSignerException {
-    return signFiles(List.of(artifact)).get(artifact);
-  }
 }

sigstore-java/src/main/java/dev/sigstore/bundle/Bundle.java

@@ -16,6 +16,7 @@
 package dev.sigstore.bundle;
 
 import com.google.common.base.Preconditions;
+import dev.sigstore.AlgorithmRegistry;
 import dev.sigstore.rekor.client.RekorEntry;
 import java.io.IOException;
 import java.io.Reader;
@@ -40,10 +41,6 @@
 @Immutable
 public abstract class Bundle {
 
-  public enum HashAlgorithm {
-    SHA2_256
-  }
-
   static final String BUNDLE_V_0_1 = "application/vnd.dev.sigstore.bundle+json;version=0.1";
   static final String BUNDLE_V_0_2 = "application/vnd.dev.sigstore.bundle+json;version=0.2";
   static final String BUNDLE_V_0_3 = "application/vnd.dev.sigstore.bundle+json;version=0.3";
@@ -112,7 +109,8 @@ public interface MessageSignature {
     /** Signature over an artifact. */
     byte[] getSignature();
 
-    static MessageSignature of(HashAlgorithm algorithm, byte[] digest, byte[] signature) {
+    static MessageSignature of(
+        AlgorithmRegistry.HashAlgorithm algorithm, byte[] digest, byte[] signature) {
       return ImmutableMessageSignature.builder()
           .signature(signature)
           .messageDigest(
@@ -125,7 +123,7 @@ static MessageSignature of(HashAlgorithm algorithm, byte[] digest, byte[] signat
   public interface MessageDigest {
 
     /** The algorithm used to compute the digest. */
-    HashAlgorithm getHashAlgorithm();
+    AlgorithmRegistry.HashAlgorithm getHashAlgorithm();
 
     /**
      * The raw bytes of the digest computer using the hashing algorithm described by {@link

sigstore-java/src/main/java/dev/sigstore/bundle/BundleReader.java

@@ -16,6 +16,7 @@
 package dev.sigstore.bundle;
 
 import com.google.protobuf.ByteString;
+import dev.sigstore.AlgorithmRegistry;
 import dev.sigstore.json.ProtoJson;
 import dev.sigstore.proto.ProtoMutators;
 import dev.sigstore.proto.common.v1.HashAlgorithm;
@@ -126,7 +127,7 @@ static Bundle readBundle(Reader jsonReader) throws BundleParseException {
             ImmutableMessageSignature.builder()
                 .messageDigest(
                     ImmutableMessageDigest.builder()
-                        .hashAlgorithm(Bundle.HashAlgorithm.SHA2_256)
+                        .hashAlgorithm(AlgorithmRegistry.HashAlgorithm.SHA2_256)
                         .digest(
                             protoBundle
                                 .getMessageSignature()

sigstore-java/src/main/java/dev/sigstore/bundle/BundleWriter.java

@@ -94,7 +94,7 @@ static dev.sigstore.proto.bundle.v1.Bundle.Builder createBundleBuilder(Bundle bu
                 .setMessageDigest(
                     HashOutput.newBuilder()
                         .setAlgorithm(
-                            ProtoMutators.from(
+                            ProtoMutators.toProtoHashAlgorithm(
                                 messageSignature.getMessageDigest().get().getHashAlgorithm()))
                         .setDigest(
                             ByteString.copyFrom(

sigstore-java/src/main/java/dev/sigstore/encryption/signers/EcdsaSigner.java

@@ -15,15 +15,18 @@
  */
 package dev.sigstore.encryption.signers;
 
+import dev.sigstore.AlgorithmRegistry;
 import java.security.*;
 
-/** ECDSA signer, use {@link Signers#newEcdsaSigner()} to instantiate}. */
+/** ECDSA signer, use {@link Signers} to instantiate}. */
 public class EcdsaSigner implements Signer {
 
   private final KeyPair keyPair;
+  private final AlgorithmRegistry.HashAlgorithm hashAlgorithm;
 
-  EcdsaSigner(KeyPair keyPair) {
+  EcdsaSigner(KeyPair keyPair, AlgorithmRegistry.HashAlgorithm hashAlgorithm) {
     this.keyPair = keyPair;
+    this.hashAlgorithm = hashAlgorithm;
   }
 
   @Override
@@ -34,7 +37,7 @@ public PublicKey getPublicKey() {
   @Override
   public byte[] sign(byte[] artifact)
       throws NoSuchAlgorithmException, InvalidKeyException, SignatureException {
-    Signature signature = Signature.getInstance("SHA256withECDSA");
+    Signature signature = Signature.getInstance(hashAlgorithm + "withECDSA");
     signature.initSign(keyPair.getPrivate());
     signature.update(artifact);
     return signature.sign();
@@ -43,8 +46,9 @@ public byte[] sign(byte[] artifact)
   @Override
   public byte[] signDigest(byte[] artifactDigest)
       throws NoSuchAlgorithmException, InvalidKeyException, SignatureException {
-    if (artifactDigest.length > 64) {
-      throw new SignatureException("Artifact digest cannot be longer than 64 bytes for this mode");
+    if (artifactDigest.length != hashAlgorithm.getLength()) {
+      throw new SignatureException(
+          "Artifact digest must be " + hashAlgorithm.getLength() + " bytes");
     }
     Signature signature = Signature.getInstance("NONEwithECDSA");
     signature.initSign(keyPair.getPrivate());