Add SHA384

Signed-off-by: William Woodruff <william@trailofbits.com>
sigstore · Jan 18, 2024 · 6e7d374 · 6e7d374
1 parent ae1382e
commit 6e7d374
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 2 deletions.
diff --git a/pkg/cosign/tlog.go b/pkg/cosign/tlog.go
@@ -271,6 +271,8 @@ func rekorEntryHashAlgorithm(checksum crypto.SignerOpts) string {
 	switch checksum.HashFunc() {
 	case crypto.SHA256:
 		return models.HashedrekordV001SchemaDataHashAlgorithmSha256
+	case crypto.SHA384:
+		return models.HashedrekordV001SchemaDataHashAlgorithmSha384
 	case crypto.SHA512:
 		return models.HashedrekordV001SchemaDataHashAlgorithmSha512
 	default:

diff --git a/pkg/cosign/verify.go b/pkg/cosign/verify.go
@@ -1137,6 +1137,9 @@ func VerifyBundle(sig oci.Signature, co *CheckOpts) (bool, error) {
 	case crypto.SHA256:
 		h := sha256.Sum256(payload)
 		payloadHash = hex.EncodeToString(h[:])
+	case crypto.SHA384:
+		h := sha512.Sum384(payload)
+		payloadHash = hex.EncodeToString(h[:])
 	case crypto.SHA512:
 		h := sha512.Sum512(payload)
 		payloadHash = hex.EncodeToString(h[:])
@@ -1267,8 +1270,8 @@ func extractEntryImpl(bundleBody string) (rekor_types.EntryImpl, error) {
 
 func HashAlgorithmToCryptoHash(hashAlgorithm string) crypto.Hash {
 	switch hashAlgorithm {
-	case "sha256":
-		return crypto.SHA256
+	case "sha384":
+		return crypto.SHA384
 	case "sha512":
 		return crypto.SHA512
 	default: