Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adds hashed rekord type #501

Merged
merged 3 commits into from
Nov 19, 2021
Merged

Adds hashed rekord type #501

merged 3 commits into from
Nov 19, 2021

Conversation

asraa
Copy link
Contributor

@asraa asraa commented Nov 17, 2021
edited
Loading

Summary

  • takeover from WIP: new hashed type #497
  • Adds hashed rekord type that can be used to upload signatures along with the hashed content signed

Ticket Link

Fixes #481

Release Note

@dlorenc
WIP: new hashed type
090d49e 
Signed-off-by: Dan Lorenc <lorenc.d@gmail.com>
@asraa asraa force-pushed the newtype branch 2 times, most recently from d1ca7de to e2d92a4 Compare November 17, 2021 22:01
@asraa
Copy link
Contributor Author

asraa commented Nov 17, 2021

This is ready for review! Docs and tests added

@naveensrinivasan @dlorenc @bobcallaway

@asraa
wip add signature verification
fa322de 
Signed-off-by: Asra Ali <asraa@google.com>
@dlorenc
Copy link
Member

dlorenc commented Nov 17, 2021

Nice! Thanks for taking this over and finishing it up! I'll let @bobcallaway take a look too since I wrote part of this.

@naveensrinivasan
Copy link
Contributor

This is ready for review! Docs and tests added

@naveensrinivasan @dlorenc @bobcallaway

Thanks!

bobcallaway
bobcallaway reviewed Nov 18, 2021
View reviewed changes
pkg/types/hashedrekord/v0.0.1/entry.go Outdated Show resolved Hide resolved
pkg/types/hashedrekord/v0.0.1/hashedrekord_v0_0_1_schema.json Outdated Show resolved Hide resolved
pkg/types/hashedrekord/v0.0.1/entry.go Outdated Show resolved Hide resolved
pkg/types/hashedrekord/v0.0.1/entry.go Outdated Show resolved Hide resolved
pkg/types/hashedrekord/v0.0.1/entry.go Outdated
Comment on lines 116 to 126
signature, err := artifactFactory.NewSignature(bytes.NewReader(v.HashedRekordObj.Signature.Content))
if err != nil {
return nil, err
}
v.sigObj = signature

key, err := artifactFactory.NewPublicKey(bytes.NewReader(v.HashedRekordObj.Signature.PublicKey.Content))
if err != nil {
return nil, err
}
v.keyObj = key
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is there a reason to reparse and overwriting v.sigObj and v.keyObj here? I think you should ensure they're not nil but otherwise they've already been parsed and loaded by the time Canonicalize has been called - so i don't think this is needed.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yep, fixed -- In most other types they're set by FetchExternalEntities, but here they're set during validate() during signature verification. Given that i had to make validate() modify the entry

@asraa
address bobs comments
66ce880 
Signed-off-by: Asra Ali <asraa@google.com>
@dlorenc
Copy link
Member

dlorenc commented Nov 19, 2021

codeql appears stuck

@dlorenc dlorenc merged commit 57b3fef into sigstore:main Nov 19, 2021
bobcallaway
bobcallaway reviewed Nov 19, 2021
View reviewed changes
pkg/types/hashedrekord/v0.0.1/entry.go
}
v.sigObj, err = artifactFactory.NewSignature(bytes.NewReader(sig.Content))
if err != nil {
return errors.Wrap(err, "creating new signature object")
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this also needs to be a types.ValidationError because if the signature is malformed it will fail here

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

agh! i misinterpreted the "all but x should be types.ValidationError" comment and reverted this one for parity with the one below. submitting a fix

pkg/types/hashedrekord/v0.0.1/entry.go
}
v.keyObj, err = artifactFactory.NewPublicKey(bytes.NewReader(key.Content))
if err != nil {
return errors.Wrap(err, "creating new public key object")
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this also needs to be a types.ValidationError because if the key is malformed it will fail here

This was referenced Nov 19, 2021
Merged
Closed
@cpanato cpanato mentioned this pull request Nov 30, 2021
Merged
mikhailswift pushed a commit to testifysec/rekor that referenced this pull request Dec 1, 2021
@asraa @dlorenc @mikhailswift
Adds hashed rekord type (sigstore#501)
abe3689 
* WIP: new hashed type

Signed-off-by: Dan Lorenc <lorenc.d@gmail.com>

* wip add signature verification

Signed-off-by: Asra Ali <asraa@google.com>

* address bobs comments

Signed-off-by: Asra Ali <asraa@google.com>

Co-authored-by: Dan Lorenc <lorenc.d@gmail.com>
@LeSuisse LeSuisse mentioned this pull request Dec 29, 2021
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bobcallaway bobcallaway bobcallaway left review comments

@dlorenc dlorenc dlorenc approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

504 Gateway timeout on large file
4 participants
@asraa @dlorenc @naveensrinivasan @bobcallaway