Implement Signed Entry Timestamp (SET) verification (#36)

* sigstore: Initial implementation of verify command

* _verify, _cli: Check the cert for the signer email

* _verify: Add proper checks

* setup: Add PyOpenSSL as a dependency

* _verify: Remove redundant newline

* Fix lint

* Fix comment formatting

* Return None for consistency

* Use click files instead of paths and minor fixes

* treewide: embed key material, refactor to accomodate

* gitignore: only ignore junk in the root

* sigstore: add fulcio root

* Format data correctly for Rekor endpoint

* Fix Rekor API calls in verification

* Fix type checking

* Use the updated Fulcio root key

* Use CTFE key as a file properly and fix type hints

* Add more progress feedback

* Use pydantic and remove custom `from_dict` helper

* Add type hints to verify API

* Add pydantic to setup

* Implement SET verification

* Check for invalid SET in verify command

* Use securesystemslib instead of jcs

Co-authored-by: William Woodruff <[email protected]>

Author: tetsuo-cpp

setup.py

@@ -37,6 +37,7 @@
         "pyjwt",
         "pyOpenSSL",
         "requests",
+        "securesystemslib",
     ],
     extras_require={
         "dev": [

sigstore/_internal/rekor/_client.py

@@ -24,6 +24,7 @@ class RekorEntry:
     log_id: str
     log_index: int
     verification: dict
+    raw_data: dict
 
     @classmethod
     def from_response(cls, dict_) -> RekorEntry:
@@ -41,6 +42,7 @@ def from_response(cls, dict_) -> RekorEntry:
             log_id=entry["logID"],
             log_index=entry["logIndex"],
             verification=entry["verification"],
+            raw_data=entry,
         )
 
 

sigstore/_internal/set.py

@@ -2,8 +2,52 @@
 Utilities for verifying Signed Entry Timestamps.
 """
 
+import base64
+from importlib import resources
+from typing import cast
+
+import cryptography.hazmat.primitives.asymmetric.ec as ec
+from cryptography.exceptions import InvalidSignature
+from cryptography.hazmat.primitives import hashes
+from cryptography.hazmat.primitives.serialization import load_pem_public_key
+from securesystemslib.formats import encode_canonical  # type: ignore
+
 from sigstore._internal.rekor import RekorEntry
 
+REKOR_ROOT_PUBKEY = resources.read_binary("sigstore._store", "rekor.pub")
 
-def verify_set(entry: RekorEntry) -> None:
+
+class InvalidSetError(Exception):
     pass
+
+
+def verify_set(entry: RekorEntry) -> None:
+    """Verify the Signed Entry Timestamp for a given Rekor entry"""
+
+    # Put together the payload
+    #
+    # This involves removing any non-required fields (verification and attestation) and then
+    # canonicalizing the remaining JSON in accordance with IETF's RFC 8785.
+    raw_data = entry.raw_data.copy()
+    del raw_data["verification"]
+    del raw_data["attestation"]
+    canon_data: bytes = encode_canonical(raw_data).encode()
+
+    # Decode the SET field
+    signed_entry_ts: bytes = base64.b64decode(
+        entry.verification["signedEntryTimestamp"].encode()
+    )
+
+    # Load the Rekor public key
+    rekor_key = load_pem_public_key(REKOR_ROOT_PUBKEY)
+    rekor_key = cast(ec.EllipticCurvePublicKey, rekor_key)
+
+    # Validate the SET
+    try:
+        rekor_key.verify(
+            signature=signed_entry_ts,
+            data=canon_data,
+            signature_algorithm=ec.ECDSA(hashes.SHA256()),
+        )
+    except InvalidSignature as inval_sig:
+        raise InvalidSetError from inval_sig

sigstore/_store/rekor.pub

@@ -0,0 +1,4 @@
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE2G2Y+2tabdTV5BcGiBIx0a9fAFwr
+kBbmLSGtks4L3qX6yYY0zufBnhC8Ur/iy55GhWP/9A/bY2LhC30M9+RYtw==
+-----END PUBLIC KEY-----

sigstore/_verify.py

@@ -25,7 +25,7 @@
     RekorEntry,
     RekorInclusionProof,
 )
-from sigstore._internal.set import verify_set
+from sigstore._internal.set import InvalidSetError, verify_set
 
 
 # TODO(alex): Share this with `sign`
@@ -142,7 +142,11 @@ def verify(
         verify_merkle_inclusion(inclusion_proof)
 
         # 5) Verify the Signed Entry Timestamp (SET) supplied by Rekor for this artifact
-        verify_set(entry)
+        try:
+            verify_set(entry)
+        except InvalidSetError as inval_set:
+            output(f"Failed to validate Rekor entry's SET: {inval_set}")
+            continue
 
         valid_sig_exists = True