Add SHA384

Signed-off-by: William Woodruff <william@trailofbits.com>

Author: ret2libc

pkg/cosign/tlog.go

@@ -271,6 +271,8 @@ func rekorEntryHashAlgorithm(checksum crypto.SignerOpts) string {
 	switch checksum.HashFunc() {
 	case crypto.SHA256:
 		return models.HashedrekordV001SchemaDataHashAlgorithmSha256
+	case crypto.SHA384:
+		return models.HashedrekordV001SchemaDataHashAlgorithmSha384
 	case crypto.SHA512:
 		return models.HashedrekordV001SchemaDataHashAlgorithmSha512
 	default:

pkg/cosign/verify.go

@@ -1137,6 +1137,9 @@ func VerifyBundle(sig oci.Signature, co *CheckOpts) (bool, error) {
 	case crypto.SHA256:
 		h := sha256.Sum256(payload)
 		payloadHash = hex.EncodeToString(h[:])
+	case crypto.SHA384:
+		h := sha512.Sum384(payload)
+		payloadHash = hex.EncodeToString(h[:])
 	case crypto.SHA512:
 		h := sha512.Sum512(payload)
 		payloadHash = hex.EncodeToString(h[:])
@@ -1267,8 +1270,8 @@ func extractEntryImpl(bundleBody string) (rekor_types.EntryImpl, error) {
 
 func HashAlgorithmToCryptoHash(hashAlgorithm string) crypto.Hash {
 	switch hashAlgorithm {
-	case "sha256":
-		return crypto.SHA256
+	case "sha384":
+		return crypto.SHA384
 	case "sha512":
 		return crypto.SHA512
 	default: