Fix signing and verification with ed25519 keys with bundles and Rekor

With the recent changes we made to use sigstore-go rather than Cosign
for signing and verification, ed25519 managed key support broke, because
we were incorrectly specifying ed25519ph for dsse Rekor entries and not
specifying ed25519ph for hashedrekord entries. This PR correctly sets
load options for when signing and verifying a blob (using the prehash
variant) and when signing/verifying attestations (using the pure
variant). This also fixes a bug where the SignerVerifier Keypair didn't
handle crypto.Hash(0) for ed25519, which specifies no hash when signing.

This has been tested with sign/verify, sign-blob/verify-blob,
attest/verify-attestation, and attest-blob/verify-blob-attestation.

Signed-off-by: Hayden <[email protected]>

Author: haydentherapper

cmd/cosign/cli/attest/attest.go

@@ -46,6 +46,7 @@ import (
 	"github.com/sigstore/rekor/pkg/generated/client"
 	"github.com/sigstore/rekor/pkg/generated/models"
 	"github.com/sigstore/sigstore-go/pkg/sign"
+	"github.com/sigstore/sigstore/pkg/signature"
 	"github.com/sigstore/sigstore/pkg/signature/dsse"
 	signatureoptions "github.com/sigstore/sigstore/pkg/signature/options"
 )
@@ -164,11 +165,14 @@ func (c *AttestCommand) Exec(ctx context.Context, imageRef string) error {
 		var err error
 
 		if c.Sk || c.Slot != "" || c.KeyRef != "" || c.CertPath != "" {
+			// Set no load options so that Ed25519 is preferred over Ed25519ph, required for signing DSSEs
+			var signOpts []signature.LoadOption
+			c.KeyOpts.DefaultLoadOptions = &signOpts
 			sv, _, err = cosign_sign.SignerFromKeyOpts(ctx, c.CertPath, c.CertChainPath, c.KeyOpts)
 			if err != nil {
 				return fmt.Errorf("getting signer: %w", err)
 			}
-			keypair, err = key.NewSignerVerifierKeypair(sv, c.DefaultLoadOptions)
+			keypair, err = key.NewSignerVerifierKeypair(sv, &signOpts)
 			if err != nil {
 				return fmt.Errorf("creating signerverifier keypair: %w", err)
 			}

cmd/cosign/cli/attest/attest_blob.go

@@ -165,11 +165,14 @@ func (c *AttestBlobCommand) Exec(ctx context.Context, artifactPath string) error
 		var err error
 
 		if c.Sk || c.Slot != "" || c.KeyRef != "" || c.CertPath != "" {
+			// Set no load options so that Ed25519 is preferred over Ed25519ph, required for signing DSSEs
+			var signOpts []signature.LoadOption
+			c.KeyOpts.DefaultLoadOptions = &signOpts
 			sv, _, err = cosign_sign.SignerFromKeyOpts(ctx, c.CertPath, c.CertChainPath, c.KeyOpts)
 			if err != nil {
 				return fmt.Errorf("getting signer: %w", err)
 			}
-			keypair, err = key.NewSignerVerifierKeypair(sv, c.DefaultLoadOptions)
+			keypair, err = key.NewSignerVerifierKeypair(sv, &signOpts)
 			if err != nil {
 				return fmt.Errorf("creating signerverifier keypair: %w", err)
 			}

cmd/cosign/cli/sign/sign.go

@@ -256,11 +256,14 @@ func signDigestBundle(ctx context.Context, digest name.Digest, ko options.KeyOpt
 		var err error
 
 		if ko.Sk || ko.Slot != "" || ko.KeyRef != "" || signOpts.Cert != "" {
+			// Set no load options so that Ed25519 is preferred over Ed25519ph, required for signing DSSEs
+			var signLoadOpts []signature.LoadOption
+			ko.DefaultLoadOptions = &signLoadOpts
 			sv, _, err = SignerFromKeyOpts(ctx, signOpts.Cert, signOpts.CertChain, ko)
 			if err != nil {
 				return fmt.Errorf("getting signer: %w", err)
 			}
-			keypair, err = key.NewSignerVerifierKeypair(sv, ko.DefaultLoadOptions)
+			keypair, err = key.NewSignerVerifierKeypair(sv, &signLoadOpts)
 			if err != nil {
 				return fmt.Errorf("creating signerverifier keypair: %w", err)
 			}

cmd/cosign/cli/sign/sign_blob.go

@@ -87,6 +87,7 @@ func SignBlobCmd(ro *options.RootOptions, ko options.KeyOpts, payloadPath string
 		var err error
 
 		if ko.Sk || ko.Slot != "" || ko.KeyRef != "" {
+			// Default load options prefer Ed25519ph over Ed25519, required for blobs with hashedrekord
 			sv, _, err = SignerFromKeyOpts(ctx, "", "", ko)
 			if err != nil {
 				return nil, fmt.Errorf("getting signer: %w", err)

cmd/cosign/cli/verify/verify.go

@@ -240,7 +240,9 @@ func (c *VerifyCommand) Exec(ctx context.Context, images []string) (err error) {
 	var pubKey signature.Verifier
 	switch {
 	case keyRef != "":
-		pubKey, err = sigs.PublicKeyFromKeyRefWithHashAlgo(ctx, keyRef, c.HashAlgorithm)
+		// Set no load options so that Ed25519 is preferred over Ed25519ph, required for verifying DSSEs
+		var signOpts []signature.LoadOption
+		pubKey, err = sigs.PublicKeyFromKeyRefWithHashAlgo(ctx, keyRef, c.HashAlgorithm, &signOpts)
 		if err != nil {
 			return fmt.Errorf("loading public key: %w", err)
 		}

cmd/cosign/cli/verify/verify_attestation.go

@@ -40,6 +40,7 @@ import (
 	"github.com/sigstore/cosign/v2/pkg/policy"
 	sigs "github.com/sigstore/cosign/v2/pkg/signature"
 	"github.com/sigstore/sigstore-go/pkg/root"
+	"github.com/sigstore/sigstore/pkg/signature"
 )
 
 // VerifyAttestationCommand verifies a signature on a supplied container image
@@ -210,7 +211,9 @@ func (c *VerifyAttestationCommand) Exec(ctx context.Context, images []string) (e
 	// Keys are optional!
 	switch {
 	case keyRef != "":
-		co.SigVerifier, err = sigs.PublicKeyFromKeyRefWithHashAlgo(ctx, keyRef, c.HashAlgorithm)
+		// Set no load options so that Ed25519 is preferred over Ed25519ph, required for verifying DSSEs
+		var signOpts []signature.LoadOption
+		co.SigVerifier, err = sigs.PublicKeyFromKeyRefWithHashAlgo(ctx, keyRef, c.HashAlgorithm, &signOpts)
 		if err != nil {
 			return fmt.Errorf("loading public key: %w", err)
 		}

cmd/cosign/cli/verify/verify_blob.go

@@ -47,6 +47,7 @@ import (
 	sgverify "github.com/sigstore/sigstore-go/pkg/verify"
 
 	"github.com/sigstore/sigstore/pkg/cryptoutils"
+	"github.com/sigstore/sigstore/pkg/signature"
 )
 
 func isb64(data []byte) bool {
@@ -117,12 +118,19 @@ func (c *VerifyBlobCmd) Exec(ctx context.Context, blobRef string) error {
 		NewBundleFormat:              c.KeyOpts.NewBundleFormat && checkNewBundle(c.BundlePath),
 	}
 
+	if !c.IgnoreTlog {
+		// To maintain backwards compatibility with older cosign versions,
+		// we do not use ed25519ph for ed25519 keys when the signatures are not
+		// uploaded to the Tlog.
+		c.DefaultLoadOptions = &[]signature.LoadOption{}
+	}
+
 	// Keys are optional!
 	var cert *x509.Certificate
 	opts := make([]static.Option, 0)
 	switch {
 	case c.KeyRef != "":
-		co.SigVerifier, err = sigs.PublicKeyFromKeyRefWithHashAlgo(ctx, c.KeyRef, c.HashAlgorithm)
+		co.SigVerifier, err = sigs.PublicKeyFromKeyRefWithHashAlgo(ctx, c.KeyRef, c.HashAlgorithm, c.DefaultLoadOptions)
 		if err != nil {
 			return fmt.Errorf("loading public key: %w", err)
 		}
@@ -265,7 +273,7 @@ func (c *VerifyBlobCmd) Exec(ctx context.Context, blobRef string) error {
 			bundleCert, err := loadCertFromPEM(certBytes)
 			if err != nil {
 				// check if cert is actually a public key
-				co.SigVerifier, err = sigs.LoadPublicKeyRaw(certBytes, crypto.SHA256)
+				co.SigVerifier, err = sigs.LoadPublicKeyRaw(certBytes, crypto.SHA256, c.DefaultLoadOptions)
 				if err != nil {
 					return fmt.Errorf("loading verifier from bundle: %w", err)
 				}

cmd/cosign/cli/verify/verify_blob_attestation.go

@@ -47,6 +47,7 @@ import (
 	"github.com/sigstore/sigstore-go/pkg/root"
 	sgverify "github.com/sigstore/sigstore-go/pkg/verify"
 	"github.com/sigstore/sigstore/pkg/cryptoutils"
+	"github.com/sigstore/sigstore/pkg/signature"
 )
 
 // VerifyBlobAttestationCommand verifies an attestation on a supplied blob
@@ -127,12 +128,16 @@ func (c *VerifyBlobAttestationCommand) Exec(ctx context.Context, artifactPath st
 		NewBundleFormat:              c.NewBundleFormat && checkNewBundle(c.BundlePath),
 	}
 
+	// Set no load options so that Ed25519 is preferred over Ed25519ph, required for verifying DSSEs
+	var signOpts []signature.LoadOption
+	c.DefaultLoadOptions = &signOpts
+
 	// Keys are optional!
 	var cert *x509.Certificate
 	opts := make([]static.Option, 0)
 	switch {
 	case c.KeyRef != "":
-		co.SigVerifier, err = sigs.PublicKeyFromKeyRefWithHashAlgo(ctx, c.KeyRef, c.HashAlgorithm)
+		co.SigVerifier, err = sigs.PublicKeyFromKeyRefWithHashAlgo(ctx, c.KeyRef, c.HashAlgorithm, c.DefaultLoadOptions)
 		if err != nil {
 			return fmt.Errorf("loading public key: %w", err)
 		}
@@ -329,7 +334,7 @@ func (c *VerifyBlobAttestationCommand) Exec(ctx context.Context, artifactPath st
 			bundleCert, err := loadCertFromPEM(certBytes)
 			if err != nil {
 				// check if cert is actually a public key
-				co.SigVerifier, err = sigs.LoadPublicKeyRaw(certBytes, crypto.SHA256)
+				co.SigVerifier, err = sigs.LoadPublicKeyRaw(certBytes, crypto.SHA256, c.DefaultLoadOptions)
 				if err != nil {
 					return fmt.Errorf("loading verifier from bundle: %w", err)
 				}

internal/key/svkeypair.go

@@ -125,13 +125,20 @@ func (k *SignerVerifierKeypair) GetPublicKeyPem() (string, error) {
 
 // SignData signs the given data with the SignerVerifier.
 func (k *SignerVerifierKeypair) SignData(ctx context.Context, data []byte) ([]byte, []byte, error) {
-	h := k.sigAlg.GetHashType().New()
-	h.Write(data)
-	digest := h.Sum(nil)
-	sOpts := []signature.SignOption{signatureoptions.WithContext(ctx), signatureoptions.WithDigest(digest)}
+	sOpts := []signature.SignOption{signatureoptions.WithContext(ctx)}
+
+	hf := k.sigAlg.GetHashType()
+	dataToSign := data
+	// RSA, ECDSA, and Ed25519ph sign a digest, while pure Ed25519's interface takes data and hashes during signing
+	if hf != crypto.Hash(0) {
+		hasher := hf.New()
+		hasher.Write(data)
+		dataToSign = hasher.Sum(nil)
+		sOpts = append(sOpts, signatureoptions.WithDigest(dataToSign))
+	}
 	sig, err := k.sv.SignMessage(bytes.NewReader(data), sOpts...)
 	if err != nil {
 		return nil, nil, err
 	}
-	return sig, digest, nil
+	return sig, dataToSign, nil
 }

internal/key/svkeypair_test.go

@@ -34,6 +34,7 @@ import (
 	protocommon "github.com/sigstore/protobuf-specs/gen/pb-go/common/v1"
 	"github.com/sigstore/sigstore/pkg/cryptoutils"
 	"github.com/sigstore/sigstore/pkg/signature"
+	"github.com/sigstore/sigstore/pkg/signature/options"
 )
 
 // mockSignerVerifier is a mock implementation of signature.SignerVerifier for testing.
@@ -61,7 +62,7 @@ func (m *mockSignerVerifier) VerifySignature(_, _ io.Reader, _ ...signature.Veri
 	return errors.New("not implemented")
 }
 
-func TestNewKMSKeypair(t *testing.T) {
+func TestNewSignerVerifierKeypair(t *testing.T) {
 	ecdsaPriv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
 	if err != nil {
 		t.Fatalf("failed to generate ecdsa key: %v", err)
@@ -78,6 +79,7 @@ func TestNewKMSKeypair(t *testing.T) {
 	testCases := []struct {
 		name      string
 		sv        signature.SignerVerifier
+		prehash   bool
 		expectErr bool
 		errMsg    string
 	}{
@@ -102,6 +104,14 @@ func TestNewKMSKeypair(t *testing.T) {
 			},
 			expectErr: false,
 		},
+		{
+			name: "ED25519ph key",
+			sv: &mockSignerVerifier{
+				pubKey: ed25519Priv.Public(),
+			},
+			prehash:   true,
+			expectErr: false,
+		},
 		{
 			name: "Unsupported key type",
 			sv: &mockSignerVerifier{
@@ -122,7 +132,11 @@ func TestNewKMSKeypair(t *testing.T) {
 
 	for _, tc := range testCases {
 		t.Run(tc.name, func(t *testing.T) {
-			kp, err := NewSignerVerifierKeypair(tc.sv, nil)
+			var loadOpts []signature.LoadOption
+			if tc.prehash {
+				loadOpts = []signature.LoadOption{options.WithED25519ph()}
+			}
+			kp, err := NewSignerVerifierKeypair(tc.sv, &loadOpts)
 			if tc.expectErr {
 				if err == nil {
 					t.Errorf("expected an error, but got none")
@@ -137,6 +151,11 @@ func TestNewKMSKeypair(t *testing.T) {
 					t.Error("expected a keypair, but got nil")
 				}
 			}
+			if !tc.expectErr {
+				if _, _, err := kp.SignData(context.Background(), []byte("data")); err != nil {
+					t.Errorf("unexpected error: %v", err)
+				}
+			}
 		})
 	}
 }