cli: allow DSSE verification

woodruffw · woodruffw · commit 916f92502e63 · 2024-05-13T16:02:01.000-04:00
Signed-off-by: William Woodruff &lt;william@trailofbits.com&gt;
diff --git a/sigstore/_cli.py b/sigstore/_cli.py
@@ -26,7 +26,7 @@
 from cryptography.x509 import load_pem_x509_certificate
 from rich.logging import RichHandler
 
-from sigstore import __version__
+from sigstore import __version__, dsse
 from sigstore._internal.fulcio.client import (
     DEFAULT_FULCIO_URL,
     ExpiredCertificate,
@@ -813,11 +813,31 @@ def _verify_identity(args: argparse.Namespace) -> None:
         )
 
         try:
-            verifier.verify_artifact(
-                input_=hashed,
-                bundle=bundle,
-                policy=policy_,
-            )
+            # If the bundle specifies a DSSE envelope, perform DSSE verification
+            # and assert that the inner payload is an in-toto statement bound
+            # to a subject matching the input's digest.
+            if bundle._dsse_envelope:
+                with file.open(mode="rb", buffering=0) as io:
+                    digest = sha256_digest(io)
+
+                type_, payload = verifier.verify_dsse(bundle=bundle, policy=policy_)
+                if type_ != dsse.Envelope._TYPE:
+                    raise VerificationError(
+                        f"expected JSON payload for DSSE, got {type_}"
+                    )
+
+                stmt = dsse.Statement(payload)
+                if not stmt._matches_digest(digest):
+                    raise VerificationError(
+                        f"in-toto statement has no subject for digest {digest.digest.hex()}"
+                    )
+            else:
+                verifier.verify_artifact(
+                    input_=hashed,
+                    bundle=bundle,
+                    policy=policy_,
+                )
+
             print(f"OK: {file}")
         except VerificationError as exc:
             _logger.error(f"FAIL: {file}")
@@ -851,7 +871,30 @@ def _verify_github(args: argparse.Namespace) -> None:
     verifier, materials = _collect_verification_state(args)
     for file, hashed, bundle in materials:
         try:
-            verifier.verify_artifact(input_=hashed, bundle=bundle, policy=policy_)
+            # If the bundle specifies a DSSE envelope, perform DSSE verification
+            # and assert that the inner payload is an in-toto statement bound
+            # to a subject matching the input's digest.
+            if bundle._dsse_envelope:
+                with file.open(mode="rb", buffering=0) as io:
+                    digest = sha256_digest(io)
+
+                type_, payload = verifier.verify_dsse(bundle=bundle, policy=policy_)
+                if type_ != dsse.Envelope._TYPE:
+                    raise VerificationError(
+                        f"expected JSON payload for DSSE, got {type_}"
+                    )
+
+                stmt = dsse.Statement(payload)
+                if not stmt._matches_digest(digest):
+                    raise VerificationError(
+                        f"in-toto statement has no subject for digest {digest.digest.hex()}"
+                    )
+            else:
+                verifier.verify_artifact(
+                    input_=hashed,
+                    bundle=bundle,
+                    policy=policy_,
+                )
             print(f"OK: {file}")
         except VerificationError as exc:
             _logger.error(f"FAIL: {file}")
diff --git a/sigstore/dsse.py b/sigstore/dsse.py
@@ -25,10 +25,12 @@
 from cryptography.hazmat.primitives import hashes
 from cryptography.hazmat.primitives.asymmetric import ec
 from pydantic import BaseModel, ConfigDict, Field, RootModel, StrictStr, ValidationError
+from sigstore_protobuf_specs.dev.sigstore.common.v1 import HashAlgorithm
 from sigstore_protobuf_specs.io.intoto import Envelope as _Envelope
 from sigstore_protobuf_specs.io.intoto import Signature
 
 from sigstore.errors import VerificationError
+from sigstore.hashes import Hashed
 
 _logger = logging.getLogger(__name__)
 
@@ -97,10 +99,29 @@ def __init__(self, contents: bytes) -> None:
         """
         self._contents = contents
         try:
-            self._statement = _Statement.model_validate_json(contents)
+            self._inner = _Statement.model_validate_json(contents)
         except ValidationError:
             raise ValueError("malformed in-toto statement")
 
+    def _matches_digest(self, digest: Hashed) -> bool:
+        """
+        Returns a boolean indicating whether this in-toto Statement contains a subject
+        matching the given digest. The subject's name is **not** checked.
+
+        No digests other than SHA256 are currently supported.
+        """
+        if digest.algorithm != HashAlgorithm.SHA2_256:
+            raise VerificationError(f"unexpected digest algorithm: {digest.algorithm}")
+
+        for sub in self._inner.subjects:
+            sub_digest = sub.digest.root.get("sha256")
+            if sub_digest is None:
+                continue
+            if sub_digest == digest.digest.hex():
+                return True
+
+        return False
+
     def _pae(self) -> bytes:
         """
         Construct the PAE encoding for this statement.
