Add support for Ed25519ph Signer/Verifier

[ret2libc]

Summary

Add support for Ed25519ph digital signature to be used by other repos like Rekor, Cosign and sigstore-go.

Full e2e tests require changes in cosign and rekor as well.
Tests have been added for the Ed25519ph Signer/Verifier similar to the others.

Release Note

• Added ED25519phSigner, ED25519phVerifier, and ED25519phSignerVerifier
• Changed LoadSigner, LoadVerifier, and LoadSignerVerifier to default to the ph version of Ed25519 whenever a ed25519 private/public key is found.
• Closed Add support for ed25519ph signer/verifier #1594

Documentation

No changes in documentation required, I think.

[ret2libc]

I'd appreciate any comment or concern, in particular with regards to the change of behaviour of LoadSigner, LoadVerifier, and LoadSignerVerifier. Would that break anything currently used by rekor/cosign/sigstore-go?

[haydentherapper]

@ret2libc I'm going to be taking a look at all PRs later today and tomorrow. I have a bit of a backlog I'm working through.

[ret2libc]

@ret2libc I'm going to be taking a look at all PRs later today and tomorrow. I have a bit of a backlog I'm working through.

Thanks! Actually, I have a WIP branch which I think is a bit cleaner. It uses the Options pattern and it looks like this:

func LoadSignerVerifier(privateKey crypto.PrivateKey, hashFunc crypto.Hash, opts ...SignerVerifierOption) (SignerVerifier, error) {
	o := makeSignerVerifierOpts(opts...)

	switch pk := privateKey.(type) {
	case *rsa.PrivateKey:
		if o.rsaPSSOptions != nil {
			return LoadRSAPSSSignerVerifier(pk, hashFunc, o.rsaPSSOptions)
		}
		return LoadRSAPKCS1v15SignerVerifier(pk, hashFunc)
	case *ecdsa.PrivateKey:
		return LoadECDSASignerVerifier(pk, hashFunc)
	case ed25519.PrivateKey:
		if o.useED25519ph {
			return LoadED25519phSignerVerifier(pk)
		}
		return LoadED25519SignerVerifier(pk)
	}
	return nil, errors.New("unsupported public key type")
}

which avoids having to modify all callers of LoadSignerVerifier.
A call would look like this:

sv, err := LoadSignerVerifier(privateKey, crypto.SHA256, WithED25519ph(), WithRSAPSS(opts))

What do you think? You can have a quick look at it at https://github.com/trail-of-forks/sigstore/tree/ed25519ph-2 and I can use that instead if you like that approach more.

[haydentherapper]

@ret2libc I'm a big fan of that API design, that looks great!

Do you think we can create a second set of functions, LoadVerifierWithOpts, etc? I'd like to avoid breaking changes for now. Or can we have the interface use variadic ... arguments like you proposed? I believe this would avoid the breaking change as long as the variadic parameters come last in the API.

Edit: Sorry misread it was a branch, yes, I like that design a lot!

[ret2libc]

@ret2libc I'm a big fan of that API design, that looks great!

I'd like to avoid breaking changes for now. Or can we have the interface use variadic ... arguments like you proposed? I believe this would avoid the breaking change as long as the variadic parameters come last in the API.

I think this is still, in theory, a breaking change as it changes the signature of the API. Probably it won't be noticed in practice, but it depends on how others are using the Signature/Verifier API.

Do you think we can create a second set of functions, LoadVerifierWithOpts, etc?

I can, yes!

[ret2libc]

Added WithOpts functions. Ready to review.

[bobcallaway]

a couple nits but overall LGTM

[haydentherapper]

Looks great!

[ret2libc]

I think I've addressed all comments, thanks for the reviews!
Let me know if other changes are required :)

[bobcallaway]

two nits, otherwise LGTM

[bobcallaway]

please fix the linting issues, otherwise LGTM

[ret2libc]

Great! Thanks a lot for the review! Should be good now.