rekor icon indicating copy to clipboard operation
rekor copied to clipboard

Published 20 hours ago verified publisher icon sigstore

in-toto verify-blob verification fails to find the tlog entry. Mismatch in index vs. search

Open vaikas opened this issue 3 years ago • 1 comments

Description

While playing with Tekton Chains and trying to use in-toto attestations, it appears that they get inserted into Rekor just fine, but then cosign is unable to find them based on the payload.

Tekton creates the following payload:

vaikas@villes-mbp cosign % cat payload| jq .
{
  "_type": "https://in-toto.io/Statement/v0.1",
  "predicateType": "https://slsa.dev/provenance/v0.2",
  "subject": [
    {
      "name": "gcr.io/foo/bar",
      "digest": {
        "sha256": "05f95b26ed10668b7183c1e2da98610e91372fa9f510046d4ce5812addad86b5"
      }
    }
  ],
<snipped>

And what is jotted into the Redis index is sha256:8e16392eccfa66f58cb496dc08f680c6ffe06d1ae8975b6c8ae347e35142aec3

But when I go to verify-blob, the sha that's constructed is the shasum of the payload and there's no index for it, therefore cosign verify-blob won't find the tlog entry and verification fails.

Here's a locally modified (adding the printf just displaying what cosign looks for) as well as the payload it's trying to find, showing it's the shasum of the entire payload.

vaikas@villes-mbp cosign % shasum -a 256 ./payload
aeeb7e1cc333c7667056c6287f904dc26d4ad8a28e649a6e98802f5436b54c1a  ./payload
vaikas@villes-mbp cosign % SIGSTORE_ROOT_FILE=../../vaikas/build-playground/fulcio-public.pem COSIGN_EXPERIMENTAL=1 ./main -d verify-blob  --rekor-url=http://rekor.rekor-system.svc:8080 --signature ./signature ./payload
LOOKING FOR HASH: sha256:aeeb7e1cc333c7667056c6287f904dc26d4ad8a28e649a6e98802f5436b54c1aError: verifying blob [./payload]: could not find a tlog entry for provided blob
main.go:46: error during command execution: verifying blob [./payload]: could not find a tlog entry for provided blob

Possibly related to #582

vaikas avatar Feb 01 '22 16:02 vaikas

@tstromberg, any thoughts here? I thought your sigstore-the-local-way chops might lead to an intuition.

jspeed-meyers avatar Feb 09 '22 01:02 jspeed-meyers

@asraa Is this complete?

haydentherapper avatar Jan 03 '23 05:01 haydentherapper

I think so. Two things:

  1. There is now a verify-blob-attestation command that one can use instead of the verify-blob.
  2. I think the flow works, or at least experimentally I tried this out:
$ COSIGN_EXPERIMENTAL=1 ./cosign attest-blob README.md --predicate predicate.json  --key cosign.key  --output-signature attestation.json
Using payload from: README.md
Using predicate from: predicate.json
Enter password for private key: 
tlog entry created with index: 10398047
Signature written in attestation.json
$ sha256sum  attestation.json 
876ca6a8d9f4075c4c47d95fc99abab31dc49023b29d836072bd8eec9dc7ab83  attestation.json
$ ./rekor search --sha 876ca6a8d9f4075c4c47d95fc99abab31dc49023b29d836072bd8eec9dc7ab83
Found matching entries (listed by UUID):
24296fb24b8ad77ac14dd9d5c0bcb7f0d2a972aa0de3e1801c65f4bf7fc2b377dee3be27179a5fbd

asraa avatar Jan 03 '23 15:01 asraa