-
Notifications
You must be signed in to change notification settings - Fork 546
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use hashed rekord type for tlog upload #1081
Conversation
The spec pretty much requires SHA256 right now. People can technically use other ones in a KMS, but I'd be fine fixing that later, maybe built on #1071 |
Do you mean the spec for keyless signing? Or more generally. I'm just worried about someone doing KMS w/ sha512 + rekor upload |
0ec8475
to
ce431e6
Compare
The spec for all of cosign: https://github.com/sigstore/cosign/blob/main/specs/SIGNATURE_SPEC.md |
doh right, thanks! yeah i suppose working out the issues for sign-blobs with KMS can come later |
We should get this one in before v1.4.0 as well! |
QQ about this: while this change happens, should cosign look for both the rekord proposed entry and, if it doesn't exist, the hashedrekord proposed entry? i think it's okay, because two sigs are always gonna be unique because of randomization, so one or the other should exist, not both. (I suppose it's possible for someone to hand craft a rekord and hashedrekord with the same exact signature, but then it shouldn't matter unless we accidentally serve a different form of the public key, e.g. the x509 cert vs the extracted public key that misses some client verification) |
Just using the new format seems fine, most lookups go through the offline bundle verification anyway. |
ce431e6
to
548b9a8
Compare
Done! Updated the offline bundle verification to unmarshal either or. Tested both container/blob verification https://gist.github.com/asraa/c2ef0bd3aacb7073b1e0736c0f9fd557 |
548b9a8
to
b1c8d80
Compare
Signed-off-by: Asra Ali <[email protected]>
b1c8d80
to
b3cd635
Compare
@@ -469,20 +471,32 @@ func bundleHash(bundleBody, signature string) (string, string, error) { | |||
return *intotoObj.Content.Hash.Algorithm, *intotoObj.Content.Hash.Value, nil | |||
} | |||
|
|||
err = json.Unmarshal(bodyDecoded, &rekord) | |||
if err := json.Unmarshal(bodyDecoded, &rekord); err == nil { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
did you double check this actually fails? Sometimes unmarshal will succeed even if it's the wrong type. We might need to get a bit more clever here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yep! can confirm that for a hashed rekord signature, it actually travels the second path and doesn't unmarshal to a rekord without an error
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
i just checked how it errors: errors out on "invalid kind value" (rekor checks to make sure that the type we want to unmarshal to is the kind in the JSON)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Awesome!
Signed-off-by: Asra Ali [email protected]
Summary
THIS IS A NOT A DRAFT ANYMORE BECAUSE...
COSIGN_EXPERIMENTAL
and uploading signed entries, let's say, with a KMS provider that uses a specific hash algorithm, then defaulting to the SHA256 I hard-coded inrekorEntry
will be incorrect and will fail signature verification. The hash algorithm needs to be plumbed through, so I imagine that SignerVerifier would have to expose a new method to it's interface providing the hash function that it uses by default (doesn't look like cosign will ever use aWithCryptoSignerOpts(otherHashFunc)
on itsSignMessage
sTicket Link
Fixes sigstore/rekor#481
Release Note