Add algorithm registry markdown and KnownSignatureAlgorithm enumeration

docs/algorithm-registry.md

@@ -0,0 +1,17 @@
+# Algorithm Registry
+
+This file is designed to act as a source of truth regarding what signing
+algorithms are permitted across the Sigstore ecosystem. Any changes to this file
+**must** be reflected in the `SupportedAlgorithm` enumeration in
+[sigstore_common.proto](../protos/sigstore_common.proto).
+
+Refer to the [Sigstore: Configurable Crypto Algorithms](https://docs.google.com/document/d/18vTKFvTQdRt3OGz6Qd1xf04o-hugRYSup-1EAOWn7MQ/)
+specification for the design rationale for this registry.
+
+| Algorithm | Name | Usage |
+| --- | --- | --- |
+| ECDSA | ecdsa-sha2-256-nistp256 | sign/verify |
+|| ecdsa-sha2-256-nistp521 | verify only |
+|| ecdsa-sha2-384-nistp384 | sign/verify |
+| EdDSA | ed25519 | sign/verify |
+|| ed25519-ph | sign/verify |

protos/sigstore_common.proto

@@ -68,6 +68,23 @@ message HashOutput {
         bytes digest = 2;
 }
 
+// SupportedAlgorithm captures the signature/hash algorithm combinations allowed
+// in the Sigstore ecosystem.
+//
+// This is modelled as a linear set as we want to provide a small number of
+// opinionated options instead of allowing every possible permutation.
+//
+// Any changes to this enum MUST be reflected in the algorithm registry.
+// See: docs/algorithm-registry.md
+enum SupportedAlgorithm {
+        SUPPORTED_ALGORITHM_UNSPECIFIED = 0;
+        ECDSA_SHA2_256_NISTP256 = 1;
+        ECDSA_SHA2_256_NISTP521 = 2;
+        ECDSA_SHA2_384_NISTP384 = 3;
+        ED25519 = 4;
+        ED25519_PH = 5;
+}
+
 // MessageSignature stores the computed signature over a message.
 message MessageSignature {
         // Message digest can be used to identify the artifact.