Add support for verifying dsse-intoto

- Verification should be able to correctly validate a bundle as cryptographically valid (VerificationOptions.empty()) - Verifiers may also include signer identity during verification - Verifiers should extract the embedded attestation to do further analysis on the attestation. Sigstore-java does not process those in any way - There is no signing options for DSSE bundles Signed-off-by: Appu Goundan <[email protected]>
sigstore · Nov 21, 2024 · 5628daa · 5628daa
1 parent 602aa10
commit 5628daa
Show file tree

Hide file tree

Showing 9 changed files with 374 additions and 62 deletions.
diff --git a/sigstore-java/src/main/java/dev/sigstore/KeylessVerifier.java b/sigstore-java/src/main/java/dev/sigstore/KeylessVerifier.java
@@ -22,6 +22,9 @@
 import dev.sigstore.VerificationOptions.CertificateMatcher;
 import dev.sigstore.VerificationOptions.UncheckedCertificateException;
 import dev.sigstore.bundle.Bundle;
+import dev.sigstore.bundle.Bundle.DsseEnvelope;
+import dev.sigstore.bundle.Bundle.MessageSignature;
+import dev.sigstore.dsse.InTotoPayload;
 import dev.sigstore.encryption.certificates.Certificates;
 import dev.sigstore.encryption.signers.Verifiers;
 import dev.sigstore.fulcio.client.FulcioVerificationException;
@@ -44,7 +47,9 @@
 import java.sql.Date;
 import java.util.Arrays;
 import java.util.List;
+import java.util.Objects;
 import java.util.stream.Collectors;
+import org.bouncycastle.util.encoders.DecoderException;
 import org.bouncycastle.util.encoders.Hex;
 
 /** Verify hashrekords from rekor signed using the keyless signing flow with fulcio certificates. */
@@ -118,15 +123,13 @@ public void verify(Path artifact, Bundle bundle, VerificationOptions options)
   public void verify(byte[] artifactDigest, Bundle bundle, VerificationOptions options)
       throws KeylessVerificationException {
 
-    if (bundle.getDSSESignature().isPresent()) {
-      throw new KeylessVerificationException("Cannot verify DSSE signature based bundles");
-    }
-
-    if (bundle.getMessageSignature().isEmpty()) {
-      // this should be unreachable
+    if (bundle.getDsseEnvelope().isPresent()) {
+      checkDsseEnvelope(bundle.getDsseEnvelope().get(), artifactDigest);
+    } else if (bundle.getMessageSignature().isPresent()) {
+      checkMessageSignature(bundle.getMessageSignature().get(), artifactDigest);
+    } else {
       throw new IllegalStateException("Bundle must contain a message signature to verify");
     }
-    var messageSignature = bundle.getMessageSignature().get();
 
     if (bundle.getEntries().isEmpty()) {
       throw new KeylessVerificationException("Cannot verify bundle without tlog entry");
@@ -145,20 +148,6 @@ public void verify(byte[] artifactDigest, Bundle bundle, VerificationOptions opt
     var signingCert = bundle.getCertPath();
     var leafCert = Certificates.getLeaf(signingCert);
 
-    // this ensures the provided artifact digest matches what may have come from a bundle (in
-    // keyless signature)
-    if (messageSignature.getMessageDigest().isPresent()) {
-      var bundleDigest = messageSignature.getMessageDigest().get().getDigest();
-      if (!Arrays.equals(artifactDigest, bundleDigest)) {
-        throw new KeylessVerificationException(
-            "Provided artifact digest does not match digest used for verification"
-                + "\nprovided(hex) : "
-                + Hex.toHexString(artifactDigest)
-                + "\nverification  : "
-                + Hex.toHexString(bundleDigest));
-      }
-    }
-
     // verify the certificate chains up to a trusted root (fulcio) and contains a valid SCT from
     // a trusted CT log
     try {
@@ -171,8 +160,6 @@ public void verify(byte[] artifactDigest, Bundle bundle, VerificationOptions opt
     // verify the certificate identity if options are present
     checkCertificateMatchers(leafCert, options.getCertificateMatchers());
 
-    var signature = messageSignature.getSignature();
-
     RekorEntry rekorEntry = bundle.getEntries().get(0);
 
     // verify the rekor entry is signed by the log keys
@@ -197,8 +184,17 @@ public void verify(byte[] artifactDigest, Bundle bundle, VerificationOptions opt
     var publicKey = leafCert.getPublicKey();
     try {
       var verifier = Verifiers.newVerifier(publicKey);
-      if (!verifier.verifyDigest(artifactDigest, signature)) {
-        throw new KeylessVerificationException("Artifact signature was not valid");
+      if (bundle.getMessageSignature().isPresent()) {
+        if (!verifier.verifyDigest(
+            artifactDigest, bundle.getMessageSignature().get().getSignature())) {
+          throw new KeylessVerificationException("Artifact signature was not valid");
+        }
+      } else {
+        if (!verifier.verify(
+            bundle.getDsseEnvelope().get().getPAE(),
+            bundle.getDsseEnvelope().get().getSignature())) {
+          throw new KeylessVerificationException("DSSE signature was not valid");
+        }
       }
     } catch (NoSuchAlgorithmException | InvalidKeyException ex) {
       throw new RuntimeException(ex);
@@ -223,4 +219,67 @@ void checkCertificateMatchers(X509Certificate cert, List<CertificateMatcher> mat
           "Could not verify certificate identities: " + ce.getMessage());
     }
   }
+
+  void checkMessageSignature(MessageSignature messageSignature, byte[] artifactDigest)
+      throws KeylessVerificationException {
+    // this ensures the provided artifact digest matches what may have come from a bundle (in
+    // keyless signature)
+    if (messageSignature.getMessageDigest().isPresent()) {
+      var bundleDigest = messageSignature.getMessageDigest().get().getDigest();
+      if (!Arrays.equals(artifactDigest, bundleDigest)) {
+        throw new KeylessVerificationException(
+            "Provided artifact digest does not match digest used for verification"
+                + "\nprovided(hex) : "
+                + Hex.toHexString(artifactDigest)
+                + "\nverification  : "
+                + Hex.toHexString(bundleDigest));
+      }
+    }
+  }
+
+  // since we don't check dsse signatures over the artifact, we must verify the artifact is in
+  // the subject list of the envelope
+  void checkDsseEnvelope(DsseEnvelope dsseEnvelope, byte[] artifactDigest)
+      throws KeylessVerificationException {
+    if (!Objects.equals(InTotoPayload.PAYLOAD_TYPE, dsseEnvelope.getPayloadType())) {
+      throw new KeylessVerificationException(
+          "DSSE envelope must have payload type "
+              + InTotoPayload.PAYLOAD_TYPE
+              + ", but found '"
+              + dsseEnvelope.getPayloadType()
+              + "'");
+    }
+    if (dsseEnvelope.getSignatures().size() != 1) {
+      throw new KeylessVerificationException(
+          "DSSE envelope must have exactly 1 signature, but found: "
+              + dsseEnvelope.getSignatures().size());
+    }
+    // find one sha256 hash in the subject list that matches the artifact hash
+    InTotoPayload payload = InTotoPayload.from(dsseEnvelope);
+    if (payload.getSubject().stream()
+        .noneMatch(
+            subject -> {
+              if (subject.getDigest().containsKey("sha256")) {
+                try {
+                  var digestBytes = Hex.decode(subject.getDigest().get("sha256"));
+                  return Arrays.equals(artifactDigest, digestBytes);
+                } catch (DecoderException de) {
+                  // ignore and return false
+                }
+              }
+              return false;
+            })) {
+      var providedHashes =
+          payload.getSubject().stream()
+              .map(s -> s.getDigest().getOrDefault("sha256", "no-sha256-hash"))
+              .collect(Collectors.joining(",", "[", "]"));
+
+      throw new KeylessVerificationException(
+          "Provided artifact digest does not match any subject sha256 digests in DSSE payload"
+              + "\nprovided(hex) : "
+              + Hex.toHexString(artifactDigest)
+              + "\nverification  : "
+              + providedHashes);
+    }
+  }
 }
diff --git a/sigstore-java/src/main/java/dev/sigstore/bundle/Bundle.java b/sigstore-java/src/main/java/dev/sigstore/bundle/Bundle.java
@@ -20,13 +20,16 @@
 import java.io.IOException;
 import java.io.Reader;
 import java.nio.charset.Charset;
+import java.nio.charset.StandardCharsets;
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.security.cert.CertPath;
 import java.util.List;
 import java.util.Optional;
+import org.immutables.gson.Gson;
 import org.immutables.value.Value;
 import org.immutables.value.Value.Default;
+import org.immutables.value.Value.Derived;
 import org.immutables.value.Value.Immutable;
 import org.immutables.value.Value.Lazy;
 
@@ -59,13 +62,13 @@ public String getMediaType() {
   public abstract Optional<MessageSignature> getMessageSignature();
 
   /** A DSSE envelope signature type that may contain an arbitrary payload */
-  public abstract Optional<DSSESignature> getDSSESignature();
+  public abstract Optional<DsseEnvelope> getDsseEnvelope();
 
   @Value.Check
   protected void checkOnlyOneSignature() {
     Preconditions.checkState(
-        (getDSSESignature().isEmpty() && getMessageSignature().isPresent())
-            || (getDSSESignature().isPresent() && getMessageSignature().isEmpty()));
+        (getDsseEnvelope().isEmpty() && getMessageSignature().isPresent())
+            || (getDsseEnvelope().isPresent() && getMessageSignature().isEmpty()));
   }
 
   @Value.Check
@@ -132,7 +135,7 @@ public interface MessageDigest {
   }
 
   @Immutable
-  public interface DSSESignature {
+  public interface DsseEnvelope {
 
     /** An arbitrary payload that does not need to be parsed to be validated */
     String getPayload();
@@ -141,7 +144,36 @@ public interface DSSESignature {
     String getPayloadType();
 
     /** DSSE specific signature */
-    byte[] getSignature();
+    List<Signature> getSignatures();
+
+    /**
+     * The "Pre-Authentication Encoding" of this statement. The signature is generated over this
+     * content.
+     */
+    @Gson.Ignore
+    @Derived
+    default byte[] getPAE() {
+      return ("DSSEv1 "
+              + getPayloadType().length()
+              + " "
+              + getPayloadType()
+              + " "
+              + getPayload().length()
+              + " "
+              + getPayload())
+          .getBytes(StandardCharsets.UTF_8);
+    }
+
+    @Lazy
+    @Gson.Ignore
+    default byte[] getSignature() {
+      return getSignatures().get(0).getSig();
+    }
+
+    @Immutable
+    interface Signature {
+      byte[] getSig();
+    }
   }
 
   @Immutable
@@ -165,4 +197,9 @@ public static Bundle from(Path file, Charset cs) throws BundleParseException, IO
   public String toJson() {
     return BundleWriter.writeBundle(this);
   }
+
+  /** Check if this bundle has MessageSignature, use to determine what verification method to use */
+  public static boolean hasMessageSignature(Bundle bundle) {
+    return bundle.getMessageSignature().isPresent();
+  }
 }
diff --git a/sigstore-java/src/main/java/dev/sigstore/bundle/BundleReader.java b/sigstore-java/src/main/java/dev/sigstore/bundle/BundleReader.java
@@ -100,17 +100,18 @@ static Bundle readBundle(Reader jsonReader) throws BundleParseException {
     }
 
     if (protoBundle.hasDsseEnvelope()) {
-      var dsseEnvelope = protoBundle.getDsseEnvelope();
-      if (dsseEnvelope.getSignaturesCount() != 1) {
-        throw new BundleParseException("DSEE envelopes must contain exactly one signature");
+      var dsseEnvelopeProto = protoBundle.getDsseEnvelope();
+      var dsseEnvelopeBuilder =
+          ImmutableDsseEnvelope.builder()
+              .payload(dsseEnvelopeProto.getPayload().toStringUtf8())
+              .payloadType(dsseEnvelopeProto.getPayloadType());
+      for (int sigIndex = 0; sigIndex < dsseEnvelopeProto.getSignaturesCount(); sigIndex++) {
+        dsseEnvelopeBuilder.addSignatures(
+            ImmutableSignature.builder()
+                .sig(dsseEnvelopeProto.getSignatures(sigIndex).getSig().toByteArray())
+                .build());
       }
-      var dsseSignature =
-          ImmutableDSSESignature.builder()
-              .payload(dsseEnvelope.getPayload().toStringUtf8())
-              .payloadType(dsseEnvelope.getPayloadType())
-              .signature(dsseEnvelope.getSignatures(0).toByteArray())
-              .build();
-      bundleBuilder.dSSESignature(dsseSignature);
+      bundleBuilder.dsseEnvelope(dsseEnvelopeBuilder.build());
     } else if (protoBundle.hasMessageSignature()) {
       var signature = protoBundle.getMessageSignature().getSignature().toByteArray();
       if (protoBundle.getMessageSignature().hasMessageDigest()) {

diff --git a/sigstore-java/src/main/java/dev/sigstore/dsse/InTotoPayload.java b/sigstore-java/src/main/java/dev/sigstore/dsse/InTotoPayload.java
@@ -0,0 +1,57 @@
+/*
+ * Copyright 2024 The Sigstore Authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package dev.sigstore.dsse;
+
+import static dev.sigstore.json.GsonSupplier.GSON;
+
+import com.google.gson.JsonElement;
+import dev.sigstore.bundle.Bundle.DsseEnvelope;
+import java.util.List;
+import java.util.Map;
+import org.immutables.gson.Gson;
+import org.immutables.value.Value.Immutable;
+
+@Gson.TypeAdapters
+@Immutable
+public interface InTotoPayload {
+
+  String PAYLOAD_TYPE = "application/vnd.in-toto+json";
+
+  @Gson.Named("_type")
+  String getType();
+
+  List<Subject> getSubject();
+
+  String getPredicateType();
+
+  /**
+   * Predicate is not processed by this library, if you want to inspect the contents of an
+   * attestation, you want to use an attestation parser.
+   */
+  JsonElement getPredicate();
+
+  @Immutable
+  interface Subject {
+
+    String getName();
+
+    Map<String, String> getDigest();
+  }
+
+  static InTotoPayload from(DsseEnvelope dsseEnvelope) {
+    return GSON.get().fromJson(dsseEnvelope.getPayload(), InTotoPayload.class);
+  }
+}
diff --git a/sigstore-java/src/main/java/dev/sigstore/json/GsonSupplier.java b/sigstore-java/src/main/java/dev/sigstore/json/GsonSupplier.java
@@ -16,6 +16,7 @@
 package dev.sigstore.json;
 
 import com.google.gson.*;
+import dev.sigstore.dsse.GsonAdaptersInTotoPayload;
 import dev.sigstore.rekor.client.GsonAdaptersRekorEntry;
 import dev.sigstore.rekor.client.GsonAdaptersRekorEntryBody;
 import dev.sigstore.tuf.model.*;
@@ -59,6 +60,7 @@ public enum GsonSupplier implements Supplier<Gson> {
           .registerTypeAdapterFactory(new GsonAdaptersTargetMeta())
           .registerTypeAdapterFactory(new GsonAdaptersTimestamp())
           .registerTypeAdapterFactory(new GsonAdaptersTimestampMeta())
+          .registerTypeAdapterFactory(new GsonAdaptersInTotoPayload())
           .disableHtmlEscaping()
           .create();