Bump c/storage v1.58.0, c/image v5.35.0, c/common v0.63.0

Bump:
c/storage v1.58.0
c/image v5.35.0
c/common v0.63.0

In preparation for Podman v5.5.0

Signed-off-by: tomsweeneyredhat <tsweeney@redhat.com>

vendor/github.com/sigstore/protobuf-specs/gen/pb-go/common/v1/sigstore_common.pb.go

@@ -14,8 +14,8 @@
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.36.3
-// 	protoc        v5.29.3
+// 	protoc-gen-go v1.36.5
+// 	protoc        v5.29.4
 // source: sigstore_common.proto
 
 package v1
@@ -27,6 +27,7 @@ import (
 	timestamppb "google.golang.org/protobuf/types/known/timestamppb"
 	reflect "reflect"
 	sync "sync"
+	unsafe "unsafe"
 )
 
 const (
@@ -149,6 +150,13 @@ const (
 	// Ed 25519
 	PublicKeyDetails_PKIX_ED25519    PublicKeyDetails = 7 // See RFC8032
 	PublicKeyDetails_PKIX_ED25519_PH PublicKeyDetails = 8
+	// These algorithms are deprecated and should not be used, but they
+	// were/are being used by most Sigstore clients implementations.
+	//
+	// Deprecated: Marked as deprecated in sigstore_common.proto.
+	PublicKeyDetails_PKIX_ECDSA_P384_SHA_256 PublicKeyDetails = 19
+	// Deprecated: Marked as deprecated in sigstore_common.proto.
+	PublicKeyDetails_PKIX_ECDSA_P521_SHA_256 PublicKeyDetails = 20
 	// LMS and LM-OTS
 	//
 	// These keys and signatures may be used by private Sigstore
@@ -186,6 +194,8 @@ var (
 		13: "PKIX_ECDSA_P521_SHA_512",
 		7:  "PKIX_ED25519",
 		8:  "PKIX_ED25519_PH",
+		19: "PKIX_ECDSA_P384_SHA_256",
+		20: "PKIX_ECDSA_P521_SHA_256",
 		14: "LMS_SHA256",
 		15: "LMOTS_SHA256",
 	}
@@ -207,6 +217,8 @@ var (
 		"PKIX_ECDSA_P521_SHA_512":        13,
 		"PKIX_ED25519":                   7,
 		"PKIX_ED25519_PH":                8,
+		"PKIX_ECDSA_P384_SHA_256":        19,
+		"PKIX_ECDSA_P521_SHA_256":        20,
 		"LMS_SHA256":                     14,
 		"LMOTS_SHA256":                   15,
 	}
@@ -1026,7 +1038,7 @@ func (x *TimeRange) GetEnd() *timestamppb.Timestamp {
 
 var File_sigstore_common_proto protoreflect.FileDescriptor
 
-var file_sigstore_common_proto_rawDesc = []byte{
+var file_sigstore_common_proto_rawDesc = string([]byte{
 	0x0a, 0x15, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x5f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f,
 	0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x16, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67,
 	0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x1a,
@@ -1122,7 +1134,7 @@ var file_sigstore_common_proto_rawDesc = []byte{
 	0x48, 0x41, 0x32, 0x5f, 0x33, 0x38, 0x34, 0x10, 0x02, 0x12, 0x0c, 0x0a, 0x08, 0x53, 0x48, 0x41,
 	0x32, 0x5f, 0x35, 0x31, 0x32, 0x10, 0x03, 0x12, 0x0c, 0x0a, 0x08, 0x53, 0x48, 0x41, 0x33, 0x5f,
 	0x32, 0x35, 0x36, 0x10, 0x04, 0x12, 0x0c, 0x0a, 0x08, 0x53, 0x48, 0x41, 0x33, 0x5f, 0x33, 0x38,
-	0x34, 0x10, 0x05, 0x2a, 0xa7, 0x04, 0x0a, 0x10, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65,
+	0x34, 0x10, 0x05, 0x2a, 0xe9, 0x04, 0x0a, 0x10, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65,
 	0x79, 0x44, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x12, 0x22, 0x0a, 0x1e, 0x50, 0x55, 0x42, 0x4c,
 	0x49, 0x43, 0x5f, 0x4b, 0x45, 0x59, 0x5f, 0x44, 0x45, 0x54, 0x41, 0x49, 0x4c, 0x53, 0x5f, 0x55,
 	0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x19, 0x0a, 0x11,
@@ -1154,35 +1166,39 @@ var file_sigstore_common_proto_rawDesc = []byte{
 	0x50, 0x35, 0x32, 0x31, 0x5f, 0x53, 0x48, 0x41, 0x5f, 0x35, 0x31, 0x32, 0x10, 0x0d, 0x12, 0x10,
 	0x0a, 0x0c, 0x50, 0x4b, 0x49, 0x58, 0x5f, 0x45, 0x44, 0x32, 0x35, 0x35, 0x31, 0x39, 0x10, 0x07,
 	0x12, 0x13, 0x0a, 0x0f, 0x50, 0x4b, 0x49, 0x58, 0x5f, 0x45, 0x44, 0x32, 0x35, 0x35, 0x31, 0x39,
-	0x5f, 0x50, 0x48, 0x10, 0x08, 0x12, 0x0e, 0x0a, 0x0a, 0x4c, 0x4d, 0x53, 0x5f, 0x53, 0x48, 0x41,
-	0x32, 0x35, 0x36, 0x10, 0x0e, 0x12, 0x10, 0x0a, 0x0c, 0x4c, 0x4d, 0x4f, 0x54, 0x53, 0x5f, 0x53,
-	0x48, 0x41, 0x32, 0x35, 0x36, 0x10, 0x0f, 0x22, 0x04, 0x08, 0x13, 0x10, 0x32, 0x2a, 0x6f, 0x0a,
-	0x1a, 0x53, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x41, 0x6c, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x74,
-	0x69, 0x76, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x54, 0x79, 0x70, 0x65, 0x12, 0x2d, 0x0a, 0x29, 0x53,
-	0x55, 0x42, 0x4a, 0x45, 0x43, 0x54, 0x5f, 0x41, 0x4c, 0x54, 0x45, 0x52, 0x4e, 0x41, 0x54, 0x49,
-	0x56, 0x45, 0x5f, 0x4e, 0x41, 0x4d, 0x45, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x55, 0x4e, 0x53,
-	0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x09, 0x0a, 0x05, 0x45, 0x4d,
-	0x41, 0x49, 0x4c, 0x10, 0x01, 0x12, 0x07, 0x0a, 0x03, 0x55, 0x52, 0x49, 0x10, 0x02, 0x12, 0x0e,
-	0x0a, 0x0a, 0x4f, 0x54, 0x48, 0x45, 0x52, 0x5f, 0x4e, 0x41, 0x4d, 0x45, 0x10, 0x03, 0x42, 0x7c,
-	0x0a, 0x1c, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x70,
-	0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x42, 0x0b,
-	0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x36, 0x67,
-	0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f,
-	0x72, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2d, 0x73, 0x70, 0x65, 0x63,
-	0x73, 0x2f, 0x67, 0x65, 0x6e, 0x2f, 0x70, 0x62, 0x2d, 0x67, 0x6f, 0x2f, 0x63, 0x6f, 0x6d, 0x6d,
-	0x6f, 0x6e, 0x2f, 0x76, 0x31, 0xea, 0x02, 0x14, 0x53, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65,
-	0x3a, 0x3a, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x3a, 0x3a, 0x56, 0x31, 0x62, 0x06, 0x70, 0x72,
-	0x6f, 0x74, 0x6f, 0x33,
-}
+	0x5f, 0x50, 0x48, 0x10, 0x08, 0x12, 0x1f, 0x0a, 0x17, 0x50, 0x4b, 0x49, 0x58, 0x5f, 0x45, 0x43,
+	0x44, 0x53, 0x41, 0x5f, 0x50, 0x33, 0x38, 0x34, 0x5f, 0x53, 0x48, 0x41, 0x5f, 0x32, 0x35, 0x36,
+	0x10, 0x13, 0x1a, 0x02, 0x08, 0x01, 0x12, 0x1f, 0x0a, 0x17, 0x50, 0x4b, 0x49, 0x58, 0x5f, 0x45,
+	0x43, 0x44, 0x53, 0x41, 0x5f, 0x50, 0x35, 0x32, 0x31, 0x5f, 0x53, 0x48, 0x41, 0x5f, 0x32, 0x35,
+	0x36, 0x10, 0x14, 0x1a, 0x02, 0x08, 0x01, 0x12, 0x0e, 0x0a, 0x0a, 0x4c, 0x4d, 0x53, 0x5f, 0x53,
+	0x48, 0x41, 0x32, 0x35, 0x36, 0x10, 0x0e, 0x12, 0x10, 0x0a, 0x0c, 0x4c, 0x4d, 0x4f, 0x54, 0x53,
+	0x5f, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x10, 0x0f, 0x22, 0x04, 0x08, 0x15, 0x10, 0x32, 0x2a,
+	0x6f, 0x0a, 0x1a, 0x53, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x41, 0x6c, 0x74, 0x65, 0x72, 0x6e,
+	0x61, 0x74, 0x69, 0x76, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x54, 0x79, 0x70, 0x65, 0x12, 0x2d, 0x0a,
+	0x29, 0x53, 0x55, 0x42, 0x4a, 0x45, 0x43, 0x54, 0x5f, 0x41, 0x4c, 0x54, 0x45, 0x52, 0x4e, 0x41,
+	0x54, 0x49, 0x56, 0x45, 0x5f, 0x4e, 0x41, 0x4d, 0x45, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x55,
+	0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x09, 0x0a, 0x05,
+	0x45, 0x4d, 0x41, 0x49, 0x4c, 0x10, 0x01, 0x12, 0x07, 0x0a, 0x03, 0x55, 0x52, 0x49, 0x10, 0x02,
+	0x12, 0x0e, 0x0a, 0x0a, 0x4f, 0x54, 0x48, 0x45, 0x52, 0x5f, 0x4e, 0x41, 0x4d, 0x45, 0x10, 0x03,
+	0x42, 0x7c, 0x0a, 0x1c, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65,
+	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x31,
+	0x42, 0x0b, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a,
+	0x36, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x73, 0x69, 0x67, 0x73,
+	0x74, 0x6f, 0x72, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2d, 0x73, 0x70,
+	0x65, 0x63, 0x73, 0x2f, 0x67, 0x65, 0x6e, 0x2f, 0x70, 0x62, 0x2d, 0x67, 0x6f, 0x2f, 0x63, 0x6f,
+	0x6d, 0x6d, 0x6f, 0x6e, 0x2f, 0x76, 0x31, 0xea, 0x02, 0x14, 0x53, 0x69, 0x67, 0x73, 0x74, 0x6f,
+	0x72, 0x65, 0x3a, 0x3a, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x3a, 0x3a, 0x56, 0x31, 0x62, 0x06,
+	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+})
 
 var (
 	file_sigstore_common_proto_rawDescOnce sync.Once
-	file_sigstore_common_proto_rawDescData = file_sigstore_common_proto_rawDesc
+	file_sigstore_common_proto_rawDescData []byte
 )
 
 func file_sigstore_common_proto_rawDescGZIP() []byte {
 	file_sigstore_common_proto_rawDescOnce.Do(func() {
-		file_sigstore_common_proto_rawDescData = protoimpl.X.CompressGZIP(file_sigstore_common_proto_rawDescData)
+		file_sigstore_common_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_sigstore_common_proto_rawDesc), len(file_sigstore_common_proto_rawDesc)))
 	})
 	return file_sigstore_common_proto_rawDescData
 }
@@ -1240,7 +1256,7 @@ func file_sigstore_common_proto_init() {
 	out := protoimpl.TypeBuilder{
 		File: protoimpl.DescBuilder{
 			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
-			RawDescriptor: file_sigstore_common_proto_rawDesc,
+			RawDescriptor: unsafe.Slice(unsafe.StringData(file_sigstore_common_proto_rawDesc), len(file_sigstore_common_proto_rawDesc)),
 			NumEnums:      3,
 			NumMessages:   13,
 			NumExtensions: 0,
@@ -1252,7 +1268,6 @@ func file_sigstore_common_proto_init() {
 		MessageInfos:      file_sigstore_common_proto_msgTypes,
 	}.Build()
 	File_sigstore_common_proto = out.File
-	file_sigstore_common_proto_rawDesc = nil
 	file_sigstore_common_proto_goTypes = nil
 	file_sigstore_common_proto_depIdxs = nil
 }

vendor/github.com/sigstore/rekor/pkg/util/checkpoint.go

@@ -51,12 +51,12 @@ func (c Checkpoint) String() string {
 	return b.String()
 }
 
-// MarshalText returns the common format representation of this Checkpoint.
+// MarshalCheckpoint returns the common format representation of this Checkpoint.
 func (c Checkpoint) MarshalCheckpoint() ([]byte, error) {
 	return []byte(c.String()), nil
 }
 
-// UnmarshalText parses the common formatted checkpoint data and stores the result
+// UnmarshalCheckpoint parses the common formatted checkpoint data and stores the result
 // in the Checkpoint.
 //
 // The supplied data is expected to begin with the following 3 lines of text,
@@ -157,7 +157,7 @@ func CreateAndSignCheckpoint(ctx context.Context, hostname string, treeID int64,
 	if _, err := sth.Sign(hostname, signer, options.WithContext(ctx)); err != nil {
 		return nil, fmt.Errorf("error signing checkpoint: %w", err)
 	}
-	scBytes, err := sth.SignedNote.MarshalText()
+	scBytes, err := sth.MarshalText()
 	if err != nil {
 		return nil, fmt.Errorf("error marshalling checkpoint: %w", err)
 	}

vendor/github.com/sigstore/sigstore/pkg/signature/algorithm_registry.go

@@ -53,6 +53,10 @@ type AlgorithmDetails struct {
 	// hashType is the hash algorithm being used.
 	hashType crypto.Hash
 
+	// protoHashType is the hash algorithm being used as a proto message, it must be the protobuf-specs
+	// v1.HashAlgorithm equivalent of the hashType.
+	protoHashType v1.HashAlgorithm
+
 	// extraKeyParams contains any extra parameters required to check a given public key against this entry.
 	//
 	// The underlying type of these parameters is dependent on the keyType.
@@ -75,11 +79,16 @@ func (a AlgorithmDetails) GetKeyType() PublicKeyType {
 	return a.keyType
 }
 
-// GetHashType returns the hash algorithm that should be used with this algorithm
+// GetHashType returns the hash algorithm that should be used with this algorithm.
 func (a AlgorithmDetails) GetHashType() crypto.Hash {
 	return a.hashType
 }
 
+// GetProtoHashType is a convenience method to get the protobuf-specs type of the hash algorithm.
+func (a AlgorithmDetails) GetProtoHashType() v1.HashAlgorithm {
+	return a.protoHashType
+}
+
 // GetRSAKeySize returns the RSA key size for the algorithm details, if the key type is RSA.
 func (a AlgorithmDetails) GetRSAKeySize() (RSAKeySize, error) {
 	if a.keyType != RSA {
@@ -143,17 +152,19 @@ func (a AlgorithmDetails) checkHash(hashType crypto.Hash) bool {
 // list, including PKCS1v1.5 encoded RSA. Refer to the v1.PublicKeyDetails enum
 // for more details.
 var supportedAlgorithms = []AlgorithmDetails{
-	{v1.PublicKeyDetails_PKIX_RSA_PKCS1V15_2048_SHA256, RSA, crypto.SHA256, RSAKeySize(2048), "rsa-sign-pkcs1-2048-sha256"},
-	{v1.PublicKeyDetails_PKIX_RSA_PKCS1V15_3072_SHA256, RSA, crypto.SHA256, RSAKeySize(3072), "rsa-sign-pkcs1-3072-sha256"},
-	{v1.PublicKeyDetails_PKIX_RSA_PKCS1V15_4096_SHA256, RSA, crypto.SHA256, RSAKeySize(4096), "rsa-sign-pkcs1-4096-sha256"},
-	{v1.PublicKeyDetails_PKIX_RSA_PSS_2048_SHA256, RSA, crypto.SHA256, RSAKeySize(2048), "rsa-sign-pss-2048-sha256"},
-	{v1.PublicKeyDetails_PKIX_RSA_PSS_3072_SHA256, RSA, crypto.SHA256, RSAKeySize(3072), "rsa-sign-pss-3072-sha256"},
-	{v1.PublicKeyDetails_PKIX_RSA_PSS_4096_SHA256, RSA, crypto.SHA256, RSAKeySize(4096), "rsa-sign-pss-4092-sha256"},
-	{v1.PublicKeyDetails_PKIX_ECDSA_P256_SHA_256, ECDSA, crypto.SHA256, elliptic.P256(), "ecdsa-sha2-256-nistp256"},
-	{v1.PublicKeyDetails_PKIX_ECDSA_P384_SHA_384, ECDSA, crypto.SHA384, elliptic.P384(), "ecdsa-sha2-384-nistp384"},
-	{v1.PublicKeyDetails_PKIX_ECDSA_P521_SHA_512, ECDSA, crypto.SHA512, elliptic.P521(), "ecdsa-sha2-512-nistp521"},
-	{v1.PublicKeyDetails_PKIX_ED25519, ED25519, crypto.Hash(0), nil, "ed25519"},
-	{v1.PublicKeyDetails_PKIX_ED25519_PH, ED25519, crypto.SHA512, nil, "ed25519-ph"},
+	{v1.PublicKeyDetails_PKIX_RSA_PKCS1V15_2048_SHA256, RSA, crypto.SHA256, v1.HashAlgorithm_SHA2_256, RSAKeySize(2048), "rsa-sign-pkcs1-2048-sha256"},
+	{v1.PublicKeyDetails_PKIX_RSA_PKCS1V15_3072_SHA256, RSA, crypto.SHA256, v1.HashAlgorithm_SHA2_256, RSAKeySize(3072), "rsa-sign-pkcs1-3072-sha256"},
+	{v1.PublicKeyDetails_PKIX_RSA_PKCS1V15_4096_SHA256, RSA, crypto.SHA256, v1.HashAlgorithm_SHA2_256, RSAKeySize(4096), "rsa-sign-pkcs1-4096-sha256"},
+	{v1.PublicKeyDetails_PKIX_RSA_PSS_2048_SHA256, RSA, crypto.SHA256, v1.HashAlgorithm_SHA2_256, RSAKeySize(2048), "rsa-sign-pss-2048-sha256"},
+	{v1.PublicKeyDetails_PKIX_RSA_PSS_3072_SHA256, RSA, crypto.SHA256, v1.HashAlgorithm_SHA2_256, RSAKeySize(3072), "rsa-sign-pss-3072-sha256"},
+	{v1.PublicKeyDetails_PKIX_RSA_PSS_4096_SHA256, RSA, crypto.SHA256, v1.HashAlgorithm_SHA2_256, RSAKeySize(4096), "rsa-sign-pss-4092-sha256"},
+	{v1.PublicKeyDetails_PKIX_ECDSA_P256_SHA_256, ECDSA, crypto.SHA256, v1.HashAlgorithm_SHA2_256, elliptic.P256(), "ecdsa-sha2-256-nistp256"},
+	{v1.PublicKeyDetails_PKIX_ECDSA_P384_SHA_384, ECDSA, crypto.SHA384, v1.HashAlgorithm_SHA2_384, elliptic.P384(), "ecdsa-sha2-384-nistp384"},
+	{v1.PublicKeyDetails_PKIX_ECDSA_P384_SHA_256, ECDSA, crypto.SHA256, v1.HashAlgorithm_SHA2_256, elliptic.P384(), "ecdsa-sha2-256-nistp384"}, //nolint:staticcheck
+	{v1.PublicKeyDetails_PKIX_ECDSA_P521_SHA_512, ECDSA, crypto.SHA512, v1.HashAlgorithm_SHA2_512, elliptic.P521(), "ecdsa-sha2-512-nistp521"},
+	{v1.PublicKeyDetails_PKIX_ECDSA_P521_SHA_256, ECDSA, crypto.SHA256, v1.HashAlgorithm_SHA2_256, elliptic.P521(), "ecdsa-sha2-256-nistp521"}, //nolint:staticcheck
+	{v1.PublicKeyDetails_PKIX_ED25519, ED25519, crypto.Hash(0), v1.HashAlgorithm_HASH_ALGORITHM_UNSPECIFIED, nil, "ed25519"},
+	{v1.PublicKeyDetails_PKIX_ED25519_PH, ED25519, crypto.SHA512, v1.HashAlgorithm_SHA2_512, nil, "ed25519-ph"},
 }
 
 // AlgorithmRegistryConfig represents a set of permitted algorithms for a given Sigstore service or component.

vendor/github.com/sigstore/sigstore/pkg/signature/ecdsa.go

@@ -188,7 +188,7 @@ func (e ECDSAVerifier) VerifySignature(signature, message io.Reader, opts ...Ver
 	}
 
 	// Without this check, VerifyASN1 panics on an invalid key.
-	if !e.publicKey.Curve.IsOnCurve(e.publicKey.X, e.publicKey.Y) {
+	if !e.publicKey.IsOnCurve(e.publicKey.X, e.publicKey.Y) {
 		return fmt.Errorf("invalid ECDSA public key for %s", e.publicKey.Params().Name)
 	}
 

vendor/github.com/sigstore/sigstore/pkg/signature/signer.go

@@ -136,15 +136,12 @@ func LoadDefaultSigner(privateKey crypto.PrivateKey, opts ...LoadOption) (Signer
 	if err != nil {
 		return nil, err
 	}
-	filteredOpts := []LoadOption{options.WithHash(algorithmDetails.hashType)}
-	for _, opt := range opts {
-		var useED25519ph bool
-		var rsaPSSOptions *rsa.PSSOptions
-		opt.ApplyED25519ph(&useED25519ph)
-		opt.ApplyRSAPSS(&rsaPSSOptions)
-		if useED25519ph || rsaPSSOptions != nil {
-			filteredOpts = append(filteredOpts, opt)
-		}
-	}
+	return LoadSignerFromAlgorithmDetails(privateKey, algorithmDetails, opts...)
+}
+
+// LoadSignerFromAlgorithmDetails returns a signature.Signer based on
+// the algorithm details and the user's choice of options.
+func LoadSignerFromAlgorithmDetails(privateKey crypto.PrivateKey, algorithmDetails AlgorithmDetails, opts ...LoadOption) (Signer, error) {
+	filteredOpts := GetOptsFromAlgorithmDetails(algorithmDetails, opts...)
 	return LoadSignerWithOpts(privateKey, filteredOpts...)
 }

vendor/github.com/sigstore/sigstore/pkg/signature/signerverifier.go

@@ -116,15 +116,12 @@ func LoadDefaultSignerVerifier(privateKey crypto.PrivateKey, opts ...LoadOption)
 	if err != nil {
 		return nil, err
 	}
-	filteredOpts := []LoadOption{options.WithHash(algorithmDetails.hashType)}
-	for _, opt := range opts {
-		var useED25519ph bool
-		var rsaPSSOptions *rsa.PSSOptions
-		opt.ApplyED25519ph(&useED25519ph)
-		opt.ApplyRSAPSS(&rsaPSSOptions)
-		if useED25519ph || rsaPSSOptions != nil {
-			filteredOpts = append(filteredOpts, opt)
-		}
-	}
+	return LoadSignerVerifierFromAlgorithmDetails(privateKey, algorithmDetails, opts...)
+}
+
+// LoadSignerVerifierFromAlgorithmDetails returns a signature.SignerVerifier based on
+// the algorithm details and the user's choice of options.
+func LoadSignerVerifierFromAlgorithmDetails(privateKey crypto.PrivateKey, algorithmDetails AlgorithmDetails, opts ...LoadOption) (SignerVerifier, error) {
+	filteredOpts := GetOptsFromAlgorithmDetails(algorithmDetails, opts...)
 	return LoadSignerVerifierWithOpts(privateKey, filteredOpts...)
 }

vendor/github.com/sigstore/sigstore/pkg/signature/util.go

@@ -17,11 +17,13 @@ package signature
 
 import (
 	"bytes"
+	"crypto/rsa"
 	"encoding/json"
 	"fmt"
 
 	"github.com/google/go-containerregistry/pkg/name"
 
+	"github.com/sigstore/sigstore/pkg/signature/options"
 	sigpayload "github.com/sigstore/sigstore/pkg/signature/payload"
 )
 
@@ -53,3 +55,20 @@ func VerifyImageSignature(signer SignerVerifier, payload, signature []byte) (ima
 	}
 	return imgPayload.Image, imgPayload.Annotations, nil
 }
+
+// GetOptsFromAlgorithmDetails returns a list of LoadOptions that are
+// appropriate for the given algorithm details. It ignores the hash type because
+// that can be retrieved from the algorithm details.
+func GetOptsFromAlgorithmDetails(algorithmDetails AlgorithmDetails, opts ...LoadOption) []LoadOption {
+	res := []LoadOption{options.WithHash(algorithmDetails.hashType)}
+	for _, opt := range opts {
+		var useED25519ph bool
+		var rsaPSSOptions *rsa.PSSOptions
+		opt.ApplyED25519ph(&useED25519ph)
+		opt.ApplyRSAPSS(&rsaPSSOptions)
+		if useED25519ph || rsaPSSOptions != nil {
+			res = append(res, opt)
+		}
+	}
+	return res
+}

vendor/github.com/sigstore/sigstore/pkg/signature/verifier.go

@@ -145,15 +145,12 @@ func LoadDefaultVerifier(publicKey crypto.PublicKey, opts ...LoadOption) (Verifi
 	if err != nil {
 		return nil, err
 	}
-	filteredOpts := []LoadOption{options.WithHash(algorithmDetails.hashType)}
-	for _, opt := range opts {
-		var useED25519ph bool
-		var rsaPSSOptions *rsa.PSSOptions
-		opt.ApplyED25519ph(&useED25519ph)
-		opt.ApplyRSAPSS(&rsaPSSOptions)
-		if useED25519ph || rsaPSSOptions != nil {
-			filteredOpts = append(filteredOpts, opt)
-		}
-	}
+	return LoadVerifierFromAlgorithmDetails(publicKey, algorithmDetails, opts...)
+}
+
+// LoadVerifierFromAlgorithmDetails returns a signature.Verifier based on
+// the algorithm details and the user's choice of options.
+func LoadVerifierFromAlgorithmDetails(publicKey crypto.PublicKey, algorithmDetails AlgorithmDetails, opts ...LoadOption) (Verifier, error) {
+	filteredOpts := GetOptsFromAlgorithmDetails(algorithmDetails, opts...)
 	return LoadVerifierWithOpts(publicKey, filteredOpts...)
 }