-
Notifications
You must be signed in to change notification settings - Fork 31
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add messages to represent signing inputs + results
Signed-off-by: Samuel Giddins <[email protected]>
- Loading branch information
Showing
15 changed files
with
2,739 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,68 @@ | ||
| { | ||
| "$schema": "http://json-schema.org/draft-04/schema#", | ||
| "$ref": "#/definitions/BundleContentOptions", | ||
| "definitions": { | ||
| "BundleContentOptions": { | ||
| "properties": { | ||
| "messageSignature": { | ||
| "$ref": "#/definitions/dev.sigstore.signing.v1.BundleContentOptions.MessageSignature", | ||
| "additionalProperties": false | ||
| }, | ||
| "dsseEnvelope": { | ||
| "$ref": "#/definitions/dev.sigstore.signing.v1.BundleContentOptions.DSSE", | ||
| "additionalProperties": false | ||
| } | ||
| }, | ||
| "additionalProperties": false, | ||
| "type": "object", | ||
| "oneOf": [ | ||
| { | ||
| "required": [ | ||
| "message_signature" | ||
| ] | ||
| }, | ||
| { | ||
| "required": [ | ||
| "dsse_envelope" | ||
| ] | ||
| } | ||
| ], | ||
| "title": "Bundle Content Options" | ||
| }, | ||
| "dev.sigstore.signing.v1.BundleContentOptions.DSSE": { | ||
| "properties": { | ||
| "payload": { | ||
| "type": "string", | ||
| "format": "binary", | ||
| "binaryEncoding": "base64" | ||
| }, | ||
| "payloadType": { | ||
| "type": "string" | ||
| } | ||
| }, | ||
| "additionalProperties": false, | ||
| "type": "object", | ||
| "title": "DSSE" | ||
| }, | ||
| "dev.sigstore.signing.v1.BundleContentOptions.MessageSignature": { | ||
| "properties": { | ||
| "hashAlgorithm": { | ||
| "enum": [ | ||
| "HASH_ALGORITHM_UNSPECIFIED", | ||
| "SHA2_256", | ||
| "SHA2_384", | ||
| "SHA2_512", | ||
| "SHA3_256", | ||
| "SHA3_384" | ||
| ], | ||
| "type": "string", | ||
| "title": "This package defines commonly used message types within the Sigstore\n community.", | ||
| "description": "This package defines commonly used message types within the Sigstore community. Only a subset of the secure hash standard algorithms are supported. See \u003chttps://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf\u003e for more details. UNSPECIFIED SHOULD not be used, primary reason for inclusion is to force any proto JSON serialization to emit the used hash algorithm, as default option is to *omit* the default value of an enum (which is the first value, represented by '0'." | ||
| } | ||
| }, | ||
| "additionalProperties": false, | ||
| "type": "object", | ||
| "title": "Message Signature" | ||
| } | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,50 @@ | ||
| { | ||
| "$schema": "http://json-schema.org/draft-04/schema#", | ||
| "$ref": "#/definitions/FulcioSigningMaterial", | ||
| "definitions": { | ||
| "FulcioSigningMaterial": { | ||
| "properties": { | ||
| "identityToken": { | ||
| "type": "string", | ||
| "description": "The OIDC identity token to use for retrieving a signing certificate from fulcio." | ||
| }, | ||
| "keyDetails": { | ||
| "enum": [ | ||
| "PUBLIC_KEY_DETAILS_UNSPECIFIED", | ||
| "PKCS1_RSA_PKCS1V5", | ||
| "PKCS1_RSA_PSS", | ||
| "PKIX_RSA_PKCS1V5", | ||
| "PKIX_RSA_PSS", | ||
| "PKIX_RSA_PKCS1V15_2048_SHA256", | ||
| "PKIX_RSA_PKCS1V15_3072_SHA256", | ||
| "PKIX_RSA_PKCS1V15_4096_SHA256", | ||
| "PKIX_RSA_PSS_2048_SHA256", | ||
| "PKIX_RSA_PSS_3072_SHA256", | ||
| "PKIX_RSA_PSS_4096_SHA256", | ||
| "PKIX_ECDSA_P256_HMAC_SHA_256", | ||
| "PKIX_ECDSA_P256_SHA_256", | ||
| "PKIX_ECDSA_P384_SHA_384", | ||
| "PKIX_ECDSA_P521_SHA_512", | ||
| "PKIX_ED25519", | ||
| "PKIX_ED25519_PH", | ||
| "LMS_SHA256", | ||
| "LMOTS_SHA256" | ||
| ], | ||
| "type": "string", | ||
| "title": "Public Key Details", | ||
| "description": "Details of a specific public key, capturing the the key encoding method, and signature algorithm. PublicKeyDetails captures the public key/hash algorithm combinations recommended in the Sigstore ecosystem. This is modelled as a linear set as we want to provide a small number of opinionated options instead of allowing every possible permutation. Any changes to this enum MUST be reflected in the algorithm registry. See: docs/algorithm-registry.md To avoid the possibility of contradicting formats such as PKCS1 with ED25519 the valid permutations are listed as a linear set instead of a cartesian set (i.e one combined variable instead of two, one for encoding and one for the signature algorithm)." | ||
| } | ||
| }, | ||
| "additionalProperties": false, | ||
| "type": "object", | ||
| "oneOf": [ | ||
| { | ||
| "required": [ | ||
| "key_details" | ||
| ] | ||
| } | ||
| ], | ||
| "title": "Fulcio Signing Material" | ||
| } | ||
| } | ||
| } |
Oops, something went wrong.