Use hashed rekord type for tlog upload #1081
Conversation
The spec pretty much requires SHA256 right now. People can technically use other ones in a KMS, but I'd be fine fixing that later, maybe built on #1071 |
Do you mean the spec for keyless signing? Or more generally. I'm just worried about someone doing KMS w/ sha512 + rekor upload |
asraa
force-pushed
the
upload-hashed-rekord
branch
from
0ec8475
to
ce431e6
Compare
asraa
changed the title
The spec for all of cosign: https://github.com/sigstore/cosign/blob/main/specs/SIGNATURE_SPEC.md |
doh right, thanks! yeah i suppose working out the issues for sign-blobs with KMS can come later |
|
We should get this one in before v1.4.0 as well! |
|
QQ about this: while this change happens, should cosign look for both the rekord proposed entry and, if it doesn't exist, the hashedrekord proposed entry? i think it's okay, because two sigs are always gonna be unique because of randomization, so one or the other should exist, not both. (I suppose it's possible for someone to hand craft a rekord and hashedrekord with the same exact signature, but then it shouldn't matter unless we accidentally serve a different form of the public key, e.g. the x509 cert vs the extracted public key that misses some client verification) |
Just using the new format seems fine, most lookups go through the offline bundle verification anyway. |
asraa
force-pushed
the
upload-hashed-rekord
branch
from
ce431e6
to
548b9a8
Compare
|
Done! Updated the offline bundle verification to unmarshal either or. Tested both container/blob verification https://gist.github.com/asraa/c2ef0bd3aacb7073b1e0736c0f9fd557 |
asraa
force-pushed
the
upload-hashed-rekord
branch
from
548b9a8
to
b1c8d80
Compare
Signed-off-by: Asra Ali <asraa@google.com>
asraa
force-pushed
the
upload-hashed-rekord
branch
from
b1c8d80
to
b3cd635
Compare
| @@ -469,20 +471,32 @@ func bundleHash(bundleBody, signature string) (string, string, error) { | |||
| return *intotoObj.Content.Hash.Algorithm, *intotoObj.Content.Hash.Value, nil | |||
| } | |||
|
|
|||
| err = json.Unmarshal(bodyDecoded, &rekord) | |||
| if err := json.Unmarshal(bodyDecoded, &rekord); err == nil { | |||
There was a problem hiding this comment.
did you double check this actually fails? Sometimes unmarshal will succeed even if it's the wrong type. We might need to get a bit more clever here.
There was a problem hiding this comment.
yep! can confirm that for a hashed rekord signature, it actually travels the second path and doesn't unmarshal to a rekord without an error
There was a problem hiding this comment.
i just checked how it errors: errors out on "invalid kind value" (rekor checks to make sure that the type we want to unmarshal to is the kind in the JSON)
Signed-off-by: Asra Ali asraa@google.com
Summary
THIS IS A NOT A DRAFT ANYMORE BECAUSE...
COSIGN_EXPERIMENTALand uploading signed entries, let's say, with a KMS provider that uses a specific hash algorithm, then defaulting to the SHA256 I hard-coded inrekorEntrywill be incorrect and will fail signature verification. The hash algorithm needs to be plumbed through, so I imagine that SignerVerifier would have to expose a new method to it's interface providing the hash function that it uses by default (doesn't look like cosign will ever use aWithCryptoSignerOpts(otherHashFunc)on itsSignMessagesTicket Link
Fixes sigstore/rekor#481
Release Note