cosigned: allow configuring hash algorithm for signature verification

[nsmith5]

Description

The cosign CLI allows setting --signature-digest-algorithm to one of sha224|sha256|sha384|sha512 to accommodate the many hash algorithms that might have been used with elliptical KMS keys. The current ClusterImagePolicy API doesn't have a way to specify the hashing algorithm for verification so it defaults to sha256 and incorrectly rejects signatures with a different hash function.

[hectorj2f]

@nsmith5 Good catch!

[asraa]

FYI I think there's also some major complications around using non-sha256 when you're doing a keyless signature (uploading a rekor entry sort-of-requires that the sig was based off sha256, since we can't get the hash algorithm info that was used from a SignerVerifier right now)

https://github.com/sigstore/cosign/blob/80fe5a31a398c45395d09d23e237c676ddad709f/pkg/cosign/tlog.go#L187-L189

[nsmith5]

Ah ok, my use-case doesn't use Rekor so I didn't hit that. Is that something we can / should change in Rekor ( allow other hash algorithms) or in cosign (restrict to SHA256 only)?

[asraa]

Ah ok, my use-case doesn't use Rekor so I didn't hit that.

Gotcha! Hmmm I think ideally this is fixed through SignerVerifier exposing the correct SHA, then making cosign pull that info in when creating the rekor entry. Rekor would also need to actually use a customize-able SHA here (https://github.com/sigstore/rekor/blob/c39c0beb340273f0d729f1b853b49691b6445eae/pkg/pki/x509/x509.go#L75) when verifying.

I guess currently we should drop an error that we can't upload if someone uses --signature-digest-algorith

[hectorj2f]

It sounds like a plan, then I assume we have to add this functionality to both rekor and cosigned.