Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Don't fail on Rekor entry verification for untrusted entries #47

Merged
merged 4 commits into from
Jan 3, 2024
Merged

Don't fail on Rekor entry verification for untrusted entries #47

merged 4 commits into from
Jan 3, 2024

Conversation

haydentherapper
Copy link
Contributor

@haydentherapper haydentherapper commented Dec 15, 2023
edited
Loading

Like #45, as long as the threshold of expected timestamps is met, then verification should succeed. Otherwise, entries without trust root material should be skipped.

One benefit of having the log key ID be used to look up the correct trust root material is that we can still error out if the signature is invalid.

Fixes #43

Summary

Release Note

Documentation

@haydentherapper haydentherapper mentioned this pull request Dec 15, 2023
Merged
steiza
steiza reviewed Dec 15, 2023
View reviewed changes
Copy link
Member

@steiza steiza left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Generally looks good to me! Looking for other folk's opinion about debug statements / a debug mode.

pkg/verify/sct.go Show resolved Hide resolved
pkg/verify/tlog.go Outdated Show resolved Hide resolved
pkg/verify/tlog_test.go Outdated Show resolved Hide resolved
@steiza steiza requested a review from a team December 15, 2023 15:07
@kommendorkapten
Copy link
Member

Looks good, and I agree with @steiza that we may want to have some option to get details on ignored signatures. I'm fine to merge this then track that as a separate issue as it would be a larger refactor (to cover TSAs too).

@haydentherapper
Don't fail on Rekor entry verification for untrusted entries
7612d35 
Like sigstore#45, as long as the threshold of expected timestamps is met, then
verification should succeed. Otherwise, entries without trust root
material should be skipped.

One benefit of having the log key ID be used to look up the correct
trust root material is that we can still error out if the signature is invalid.

Ref: sigstore#43

Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
@haydentherapper haydentherapper mentioned this pull request Dec 15, 2023
Open
@haydentherapper
Address comments
dc51253 
Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
@haydentherapper
Check that promise or proof exists
1c083e4 
Also add more tests

Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
@haydentherapper
spelling
8732b7f 
Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
@haydentherapper
Copy link
Contributor Author

@steiza Just a post-holiday bump to review! The change is also in #51

steiza
steiza approved these changes Jan 3, 2024
View reviewed changes
Copy link
Member

@steiza steiza left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice work! The test to ensure we don't "fall through" and verify if there's no inclusion proof and no inclusion promise is great.

@haydentherapper haydentherapper merged commit 69a0d81 into sigstore:main Jan 3, 2024
8 checks passed
@haydentherapper haydentherapper deleted the rekor-dont-fail-fast branch January 3, 2024 17:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@steiza steiza steiza approved these changes

@kommendorkapten kommendorkapten kommendorkapten left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Timestamp verification should not fail unless the threshold is not met
3 participants
@haydentherapper @kommendorkapten @steiza