bug: hash algorithm defaults to SHA256 for most algorithms

I am using [tuf-on-ci](https://github.com/theupdateframework/tuf-on-ci) and running into issues when the [key scheme is ecdsa-sha2-nistp384](https://github.com/theupdateframework/tuf-on-ci/blob/a66f063e23739404499e1ab54677a7be69856be6/repo/test/test_repo2/root.json#L18) (worth noting that these tests aren't failing when using the python tuf client)

I've root caused the issue to the hash algorithm basically hardcoded to use SHA256 here:
https://github.com/theupdateframework/go-tuf/blob/48216cfc42444c3eaa974718091986a08c8c9f44/metadata/metadata.go#L312-L316

It looks like mainly the 256-bit curves are supported here but with a slight change this would also support ECDSA P384.

I've modified this code to the following locally and clear the error using `ecdsa-sha2-nistp384` as the key scheme:
```go
// use corresponding hash function for key type
hash := crypto.Hash(0)
if key.Type != KeyTypeEd25519 {
	switch key.Scheme {
	case KeySchemeECDSA_SHA2_P256:
		hash = crypto.SHA256
	case KeySchemeECDSA_SHA2_P384:
		hash = crypto.SHA384
	default:
		hash = crypto.SHA256
	}
}
```


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

bug: hash algorithm defaults to SHA256 for most algorithms #628

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

	// use corresponding hash function for key type
	hash := crypto.Hash(0)
	if key.Type != KeyTypeEd25519 {
	hash = crypto.SHA256
	}

bug: hash algorithm defaults to SHA256 for most algorithms #628

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions