Fix signing and verification with ed25519 keys with bundles and Rekor

haydentherapper · haydentherapper · commit f9897c57f484 · 2025-09-16T16:38:39.000-07:00
With the recent changes we made to use sigstore-go rather than Cosign
for signing and verification, ed25519 managed key support broke, because
we were incorrectly specifying ed25519ph for dsse Rekor entries and not
specifying ed25519ph for hashedrekord entries. This PR correctly sets
load options for when signing and verifying a blob (using the prehash
variant) and when signing/verifying attestations (using the pure
variant). This also fixes a bug where the SignerVerifier Keypair didn't
handle crypto.Hash(0) for ed25519, which specifies no hash when signing.

This has been tested with sign/verify, sign-blob/verify-blob,
attest/verify-attestation, and attest-blob/verify-blob-attestation.

Signed-off-by: Hayden &lt;8418760+haydentherapper@users.noreply.github.com&gt;
diff --git a/cmd/cosign/cli/attest/attest.go b/cmd/cosign/cli/attest/attest.go
@@ -46,6 +46,7 @@ import (
 	"github.com/sigstore/rekor/pkg/generated/client"
 	"github.com/sigstore/rekor/pkg/generated/models"
 	"github.com/sigstore/sigstore-go/pkg/sign"
+	"github.com/sigstore/sigstore/pkg/signature"
 	"github.com/sigstore/sigstore/pkg/signature/dsse"
 	signatureoptions "github.com/sigstore/sigstore/pkg/signature/options"
 )
@@ -164,11 +165,14 @@ func (c *AttestCommand) Exec(ctx context.Context, imageRef string) error {
 		var err error
 
 		if c.Sk || c.Slot != "" || c.KeyRef != "" || c.CertPath != "" {
+			// Set no load options so that Ed25519 is preferred over Ed25519ph, required for signing DSSEs
+			var signOpts []signature.LoadOption
+			c.KeyOpts.DefaultLoadOptions = &signOpts
 			sv, _, err = cosign_sign.SignerFromKeyOpts(ctx, c.CertPath, c.CertChainPath, c.KeyOpts)
 			if err != nil {
 				return fmt.Errorf("getting signer: %w", err)
 			}
-			keypair, err = key.NewSignerVerifierKeypair(sv, c.DefaultLoadOptions)
+			keypair, err = key.NewSignerVerifierKeypair(sv, &signOpts)
 			if err != nil {
 				return fmt.Errorf("creating signerverifier keypair: %w", err)
 			}
diff --git a/cmd/cosign/cli/attest/attest_blob.go b/cmd/cosign/cli/attest/attest_blob.go
@@ -165,11 +165,14 @@ func (c *AttestBlobCommand) Exec(ctx context.Context, artifactPath string) error
 		var err error
 
 		if c.Sk || c.Slot != "" || c.KeyRef != "" || c.CertPath != "" {
+			// Set no load options so that Ed25519 is preferred over Ed25519ph, required for signing DSSEs
+			var signOpts []signature.LoadOption
+			c.KeyOpts.DefaultLoadOptions = &signOpts
 			sv, _, err = cosign_sign.SignerFromKeyOpts(ctx, c.CertPath, c.CertChainPath, c.KeyOpts)
 			if err != nil {
 				return fmt.Errorf("getting signer: %w", err)
 			}
-			keypair, err = key.NewSignerVerifierKeypair(sv, c.DefaultLoadOptions)
+			keypair, err = key.NewSignerVerifierKeypair(sv, &signOpts)
 			if err != nil {
 				return fmt.Errorf("creating signerverifier keypair: %w", err)
 			}
diff --git a/cmd/cosign/cli/sign/sign.go b/cmd/cosign/cli/sign/sign.go
@@ -256,11 +256,14 @@ func signDigestBundle(ctx context.Context, digest name.Digest, ko options.KeyOpt
 		var err error
 
 		if ko.Sk || ko.Slot != "" || ko.KeyRef != "" || signOpts.Cert != "" {
+			// Set no load options so that Ed25519 is preferred over Ed25519ph, required for signing DSSEs
+			var signLoadOpts []signature.LoadOption
+			ko.DefaultLoadOptions = &signLoadOpts
 			sv, _, err = SignerFromKeyOpts(ctx, signOpts.Cert, signOpts.CertChain, ko)
 			if err != nil {
 				return fmt.Errorf("getting signer: %w", err)
 			}
-			keypair, err = key.NewSignerVerifierKeypair(sv, ko.DefaultLoadOptions)
+			keypair, err = key.NewSignerVerifierKeypair(sv, &signLoadOpts)
 			if err != nil {
 				return fmt.Errorf("creating signerverifier keypair: %w", err)
 			}
diff --git a/cmd/cosign/cli/sign/sign_blob.go b/cmd/cosign/cli/sign/sign_blob.go
@@ -87,6 +87,7 @@ func SignBlobCmd(ro *options.RootOptions, ko options.KeyOpts, payloadPath string
 		var err error
 
 		if ko.Sk || ko.Slot != "" || ko.KeyRef != "" {
+			// Default load options prefer Ed25519ph over Ed25519, required for blobs with hashedrekord
 			sv, _, err = SignerFromKeyOpts(ctx, "", "", ko)
 			if err != nil {
 				return nil, fmt.Errorf("getting signer: %w", err)
diff --git a/cmd/cosign/cli/verify/verify.go b/cmd/cosign/cli/verify/verify.go
@@ -240,7 +240,9 @@ func (c *VerifyCommand) Exec(ctx context.Context, images []string) (err error) {
 	var pubKey signature.Verifier
 	switch {
 	case keyRef != "":
-		pubKey, err = sigs.PublicKeyFromKeyRefWithHashAlgo(ctx, keyRef, c.HashAlgorithm)
+		// Set no load options so that Ed25519 is preferred over Ed25519ph, required for verifying DSSEs
+		var signOpts []signature.LoadOption
+		pubKey, err = sigs.PublicKeyFromKeyRefWithHashAlgo(ctx, keyRef, c.HashAlgorithm, &signOpts)
 		if err != nil {
 			return fmt.Errorf("loading public key: %w", err)
 		}
diff --git a/cmd/cosign/cli/verify/verify_attestation.go b/cmd/cosign/cli/verify/verify_attestation.go
@@ -40,6 +40,7 @@ import (
 	"github.com/sigstore/cosign/v2/pkg/policy"
 	sigs "github.com/sigstore/cosign/v2/pkg/signature"
 	"github.com/sigstore/sigstore-go/pkg/root"
+	"github.com/sigstore/sigstore/pkg/signature"
 )
 
 // VerifyAttestationCommand verifies a signature on a supplied container image
@@ -210,7 +211,9 @@ func (c *VerifyAttestationCommand) Exec(ctx context.Context, images []string) (e
 	// Keys are optional!
 	switch {
 	case keyRef != "":
-		co.SigVerifier, err = sigs.PublicKeyFromKeyRefWithHashAlgo(ctx, keyRef, c.HashAlgorithm)
+		// Set no load options so that Ed25519 is preferred over Ed25519ph, required for verifying DSSEs
+		var signOpts []signature.LoadOption
+		co.SigVerifier, err = sigs.PublicKeyFromKeyRefWithHashAlgo(ctx, keyRef, c.HashAlgorithm, &signOpts)
 		if err != nil {
 			return fmt.Errorf("loading public key: %w", err)
 		}
diff --git a/cmd/cosign/cli/verify/verify_blob.go b/cmd/cosign/cli/verify/verify_blob.go
@@ -122,7 +122,7 @@ func (c *VerifyBlobCmd) Exec(ctx context.Context, blobRef string) error {
 	opts := make([]static.Option, 0)
 	switch {
 	case c.KeyRef != "":
-		co.SigVerifier, err = sigs.PublicKeyFromKeyRefWithHashAlgo(ctx, c.KeyRef, c.HashAlgorithm)
+		co.SigVerifier, err = sigs.PublicKeyFromKeyRefWithHashAlgo(ctx, c.KeyRef, c.HashAlgorithm, c.DefaultLoadOptions)
 		if err != nil {
 			return fmt.Errorf("loading public key: %w", err)
 		}
@@ -265,7 +265,7 @@ func (c *VerifyBlobCmd) Exec(ctx context.Context, blobRef string) error {
 			bundleCert, err := loadCertFromPEM(certBytes)
 			if err != nil {
 				// check if cert is actually a public key
-				co.SigVerifier, err = sigs.LoadPublicKeyRaw(certBytes, crypto.SHA256)
+				co.SigVerifier, err = sigs.LoadPublicKeyRaw(certBytes, crypto.SHA256, c.DefaultLoadOptions)
 				if err != nil {
 					return fmt.Errorf("loading verifier from bundle: %w", err)
 				}
diff --git a/cmd/cosign/cli/verify/verify_blob_attestation.go b/cmd/cosign/cli/verify/verify_blob_attestation.go
@@ -47,6 +47,7 @@ import (
 	"github.com/sigstore/sigstore-go/pkg/root"
 	sgverify "github.com/sigstore/sigstore-go/pkg/verify"
 	"github.com/sigstore/sigstore/pkg/cryptoutils"
+	"github.com/sigstore/sigstore/pkg/signature"
 )
 
 // VerifyBlobAttestationCommand verifies an attestation on a supplied blob
@@ -127,12 +128,16 @@ func (c *VerifyBlobAttestationCommand) Exec(ctx context.Context, artifactPath st
 		NewBundleFormat:              c.NewBundleFormat && checkNewBundle(c.BundlePath),
 	}
 
+	// Set no load options so that Ed25519 is preferred over Ed25519ph, required for verifying DSSEs
+	var signOpts []signature.LoadOption
+	c.DefaultLoadOptions = &signOpts
+
 	// Keys are optional!
 	var cert *x509.Certificate
 	opts := make([]static.Option, 0)
 	switch {
 	case c.KeyRef != "":
-		co.SigVerifier, err = sigs.PublicKeyFromKeyRefWithHashAlgo(ctx, c.KeyRef, c.HashAlgorithm)
+		co.SigVerifier, err = sigs.PublicKeyFromKeyRefWithHashAlgo(ctx, c.KeyRef, c.HashAlgorithm, c.DefaultLoadOptions)
 		if err != nil {
 			return fmt.Errorf("loading public key: %w", err)
 		}
@@ -329,7 +334,7 @@ func (c *VerifyBlobAttestationCommand) Exec(ctx context.Context, artifactPath st
 			bundleCert, err := loadCertFromPEM(certBytes)
 			if err != nil {
 				// check if cert is actually a public key
-				co.SigVerifier, err = sigs.LoadPublicKeyRaw(certBytes, crypto.SHA256)
+				co.SigVerifier, err = sigs.LoadPublicKeyRaw(certBytes, crypto.SHA256, c.DefaultLoadOptions)
 				if err != nil {
 					return fmt.Errorf("loading verifier from bundle: %w", err)
 				}
diff --git a/internal/key/svkeypair.go b/internal/key/svkeypair.go
@@ -125,13 +125,20 @@ func (k *SignerVerifierKeypair) GetPublicKeyPem() (string, error) {
 
 // SignData signs the given data with the SignerVerifier.
 func (k *SignerVerifierKeypair) SignData(ctx context.Context, data []byte) ([]byte, []byte, error) {
-	h := k.sigAlg.GetHashType().New()
-	h.Write(data)
-	digest := h.Sum(nil)
-	sOpts := []signature.SignOption{signatureoptions.WithContext(ctx), signatureoptions.WithDigest(digest)}
+	sOpts := []signature.SignOption{}
+
+	hf := k.sigAlg.GetHashType()
+	dataToSign := data
+	// RSA, ECDSA, and Ed25519ph sign a digest, while pure Ed25519's interface takes data and hashes during signing
+	if hf != crypto.Hash(0) {
+		hasher := hf.New()
+		hasher.Write(data)
+		dataToSign = hasher.Sum(nil)
+		sOpts = append(sOpts, signatureoptions.WithDigest(dataToSign))
+	}
 	sig, err := k.sv.SignMessage(bytes.NewReader(data), sOpts...)
 	if err != nil {
 		return nil, nil, err
 	}
-	return sig, digest, nil
+	return sig, dataToSign, nil
 }
diff --git a/internal/key/svkeypair_test.go b/internal/key/svkeypair_test.go
@@ -34,6 +34,7 @@ import (
 	protocommon "github.com/sigstore/protobuf-specs/gen/pb-go/common/v1"
 	"github.com/sigstore/sigstore/pkg/cryptoutils"
 	"github.com/sigstore/sigstore/pkg/signature"
+	"github.com/sigstore/sigstore/pkg/signature/options"
 )
 
 // mockSignerVerifier is a mock implementation of signature.SignerVerifier for testing.
@@ -61,7 +62,7 @@ func (m *mockSignerVerifier) VerifySignature(_, _ io.Reader, _ ...signature.Veri
 	return errors.New("not implemented")
 }
 
-func TestNewKMSKeypair(t *testing.T) {
+func TestNewSignerVerifierKeypairKeypair(t *testing.T) {
 	ecdsaPriv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
 	if err != nil {
 		t.Fatalf("failed to generate ecdsa key: %v", err)
@@ -78,6 +79,7 @@ func TestNewKMSKeypair(t *testing.T) {
 	testCases := []struct {
 		name      string
 		sv        signature.SignerVerifier
+		prehash   bool
 		expectErr bool
 		errMsg    string
 	}{
@@ -102,6 +104,14 @@ func TestNewKMSKeypair(t *testing.T) {
 			},
 			expectErr: false,
 		},
+		{
+			name: "ED25519ph key",
+			sv: &mockSignerVerifier{
+				pubKey: ed25519Priv.Public(),
+			},
+			prehash:   true,
+			expectErr: false,
+		},
 		{
 			name: "Unsupported key type",
 			sv: &mockSignerVerifier{
@@ -122,7 +132,11 @@ func TestNewKMSKeypair(t *testing.T) {
 
 	for _, tc := range testCases {
 		t.Run(tc.name, func(t *testing.T) {
-			kp, err := NewSignerVerifierKeypair(tc.sv, nil)
+			var loadOpts *[]signature.LoadOption
+			if tc.prehash {
+				loadOpts = &[]signature.LoadOption{options.WithED25519ph()}
+			}
+			kp, err := NewSignerVerifierKeypair(tc.sv, loadOpts)
 			if tc.expectErr {
 				if err == nil {
 					t.Errorf("expected an error, but got none")
@@ -137,6 +151,11 @@ func TestNewKMSKeypair(t *testing.T) {
 					t.Error("expected a keypair, but got nil")
 				}
 			}
+			if !tc.expectErr {
+				if _, _, err := kp.SignData(context.Background(), []byte("data")); err != nil {
+					t.Errorf("unexpected error: %v", err)
+				}
+			}
 		})
 	}
 }
diff --git a/pkg/cosign/bundle/sign.go b/pkg/cosign/bundle/sign.go
@@ -26,6 +26,7 @@ import (
 	"github.com/sigstore/sigstore-go/pkg/root"
 	"github.com/sigstore/sigstore-go/pkg/sign"
 	"github.com/sigstore/sigstore/pkg/signature"
+	"github.com/sigstore/sigstore/pkg/signature/options"
 	"google.golang.org/protobuf/encoding/protojson"
 )
 
@@ -63,7 +64,11 @@ func SignData(ctx context.Context, content sign.Content, keypair sign.Keypair, i
 		if err != nil {
 			log.Fatal(err)
 		}
-		verifier, err := signature.LoadDefaultVerifier(pubKey)
+		var verifierOpts []signature.LoadOption
+		if _, ok := content.(*sign.PlainData); ok {
+			verifierOpts = append(verifierOpts, options.WithED25519ph())
+		}
+		verifier, err := signature.LoadDefaultVerifier(pubKey, verifierOpts...)
 		if err != nil {
 			log.Fatal(err)
 		}
diff --git a/pkg/signature/keys.go b/pkg/signature/keys.go
@@ -31,16 +31,17 @@ import (
 	"github.com/sigstore/sigstore/pkg/signature"
 
 	"github.com/sigstore/sigstore/pkg/signature/kms"
+	"github.com/sigstore/sigstore/pkg/signature/options"
 )
 
 // LoadPublicKey is a wrapper for VerifierForKeyRef, hardcoding SHA256 as the hash algorithm
 func LoadPublicKey(ctx context.Context, keyRef string) (verifier signature.Verifier, err error) {
-	return VerifierForKeyRef(ctx, keyRef, crypto.SHA256)
+	return VerifierForKeyRef(ctx, keyRef, crypto.SHA256, nil)
 }
 
 // VerifierForKeyRef parses the given keyRef, loads the key and returns an appropriate
 // verifier using the provided hash algorithm
-func VerifierForKeyRef(ctx context.Context, keyRef string, hashAlgorithm crypto.Hash) (verifier signature.Verifier, err error) {
+func VerifierForKeyRef(ctx context.Context, keyRef string, hashAlgorithm crypto.Hash, defaultLoadOptions *[]signature.LoadOption) (verifier signature.Verifier, err error) {
 	// The key could be plaintext, in a file, at a URL, or in KMS.
 	var perr *kms.ProviderNotFoundError
 	kmsKey, err := kms.Get(ctx, keyRef, hashAlgorithm)
@@ -69,7 +70,9 @@ func VerifierForKeyRef(ctx context.Context, keyRef string, hashAlgorithm crypto.
 		return nil, fmt.Errorf("pem to public key: %w", err)
 	}
 
-	return signature.LoadVerifier(pubKey, hashAlgorithm)
+	opts := *cosign.GetDefaultLoadOptions(defaultLoadOptions)
+	opts = append(opts, options.WithHash(hashAlgorithm))
+	return signature.LoadVerifierWithOpts(pubKey, opts...)
 }
 
 func loadKey(keyPath string, pf cosign.PassFunc, defaultLoadOptions *[]signature.LoadOption) (signature.SignerVerifier, error) {
@@ -88,12 +91,14 @@ func loadKey(keyPath string, pf cosign.PassFunc, defaultLoadOptions *[]signature
 }
 
 // LoadPublicKeyRaw loads a verifier from a PEM-encoded public key
-func LoadPublicKeyRaw(raw []byte, hashAlgorithm crypto.Hash) (signature.Verifier, error) {
+func LoadPublicKeyRaw(raw []byte, hashAlgorithm crypto.Hash, defaultLoadOptions *[]signature.LoadOption) (signature.Verifier, error) {
 	pub, err := cryptoutils.UnmarshalPEMToPublicKey(raw)
 	if err != nil {
 		return nil, err
 	}
-	return signature.LoadVerifier(pub, hashAlgorithm)
+	opts := *cosign.GetDefaultLoadOptions(defaultLoadOptions)
+	opts = append(opts, options.WithHash(hashAlgorithm))
+	return signature.LoadVerifierWithOpts(pub, opts...)
 }
 
 func SignerFromKeyRef(ctx context.Context, keyRef string, pf cosign.PassFunc) (signature.Signer, error) {
@@ -169,18 +174,18 @@ func SignerVerifierFromKeyRef(ctx context.Context, keyRef string, pf cosign.Pass
 }
 
 func PublicKeyFromKeyRef(ctx context.Context, keyRef string) (signature.Verifier, error) {
-	return PublicKeyFromKeyRefWithHashAlgo(ctx, keyRef, crypto.SHA256)
+	return PublicKeyFromKeyRefWithHashAlgo(ctx, keyRef, crypto.SHA256, nil)
 }
 
-func PublicKeyFromKeyRefWithHashAlgo(ctx context.Context, keyRef string, hashAlgorithm crypto.Hash) (signature.Verifier, error) {
+func PublicKeyFromKeyRefWithHashAlgo(ctx context.Context, keyRef string, hashAlgorithm crypto.Hash, defaultLoadOptions *[]signature.LoadOption) (signature.Verifier, error) {
 	if strings.HasPrefix(keyRef, kubernetes.KeyReference) {
 		s, err := kubernetes.GetKeyPairSecret(ctx, keyRef)
 		if err != nil {
 			return nil, err
 		}
 
 		if len(s.Data) > 0 {
-			return LoadPublicKeyRaw(s.Data["cosign.pub"], hashAlgorithm)
+			return LoadPublicKeyRaw(s.Data["cosign.pub"], hashAlgorithm, defaultLoadOptions)
 		}
 	}
 
@@ -219,11 +224,11 @@ func PublicKeyFromKeyRefWithHashAlgo(ctx context.Context, keyRef string, hashAlg
 		}
 
 		if len(pubKey) > 0 {
-			return LoadPublicKeyRaw([]byte(pubKey), hashAlgorithm)
+			return LoadPublicKeyRaw([]byte(pubKey), hashAlgorithm, defaultLoadOptions)
 		}
 	}
 
-	return VerifierForKeyRef(ctx, keyRef, hashAlgorithm)
+	return VerifierForKeyRef(ctx, keyRef, hashAlgorithm, defaultLoadOptions)
 }
 
 func PublicKeyPem(key signature.PublicKeyProvider, pkOpts ...signature.PublicKeyOption) ([]byte, error) {
