Fix intoto index keys (sigstore#889)

* Fix intoto index keys

Ensure we include all appropriate index keys including:
- entire DSSE envelope SHA256 digest
- envelope (base64 decoded) SHA256 digest
- entire X509 signing certificate
- any relevant keys extracted from X509 signing certificate

Fixes: sigstore#872

Signed-off-by: Bob Callaway <bcallaway@google.com>

* consistently decode payload

Signed-off-by: Bob Callaway <bcallaway@google.com>

* rework error flows to be non-fatal

Signed-off-by: Bob Callaway <bcallaway@google.com>

* use canonicalized key, consistent sprintf

Signed-off-by: Bob Callaway <bcallaway@google.com>

Author: bobcallaway

pkg/types/intoto/v0.0.1/entry.go

@@ -73,20 +73,45 @@ func NewEntry() types.EntryImpl {
 func (v V001Entry) IndexKeys() ([]string, error) {
 	var result []string
 
-	h := sha256.Sum256([]byte(v.env.Payload))
-	payloadKey := "sha256:" + hex.EncodeToString(h[:])
-	result = append(result, payloadKey)
+	// add digest over entire DSSE envelope
+	if v.IntotoObj.Content != nil && v.IntotoObj.Content.Hash != nil {
+		hashkey := strings.ToLower(fmt.Sprintf("%s:%s", swag.StringValue(v.IntotoObj.Content.Hash.Algorithm), swag.StringValue(v.IntotoObj.Content.Hash.Value)))
+		result = append(result, hashkey)
+	} else {
+		log.Logger.Error("could not find content digest to include in index keys")
+	}
 
-	switch v.env.PayloadType {
-	case in_toto.PayloadType:
-		if v.IntotoObj.Content != nil && v.IntotoObj.Content.Hash != nil {
-			hashkey := strings.ToLower(fmt.Sprintf("%s:%s", swag.StringValue(v.IntotoObj.Content.Hash.Algorithm), swag.StringValue(v.IntotoObj.Content.Hash.Value)))
-			result = append(result, hashkey)
+	// add digest over public key
+	if v.keyObj != nil {
+		key, err := v.keyObj.CanonicalValue()
+		if err == nil {
+			keyHash := sha256.Sum256(key)
+			result = append(result, fmt.Sprintf("sha256:%s", strings.ToLower(hex.EncodeToString(keyHash[:]))))
+
+			// add digest over any email addresses within signing certificate
+			result = append(result, v.keyObj.EmailAddresses()...)
+		} else {
+			log.Logger.Errorf("could not canonicalize public key to include in index keys: %w", err)
 		}
+	} else {
+		log.Logger.Error("could not find public key to include in index keys")
+	}
 
+	// add digest base64-decoded payload inside of DSSE envelope
+	payloadBytes, err := base64.StdEncoding.DecodeString(v.env.Payload)
+	if err == nil {
+		payloadHash := sha256.Sum256(payloadBytes)
+		result = append(result, fmt.Sprintf("sha256:%s", strings.ToLower(hex.EncodeToString(payloadHash[:]))))
+	} else {
+		log.Logger.Errorf("error decoding intoto payload to compute digest: %w", err)
+	}
+
+	switch v.env.PayloadType {
+	case in_toto.PayloadType:
 		statement, err := parseStatement(v.env.Payload)
 		if err != nil {
-			return result, err
+			log.Logger.Errorf("error parsing payload as intoto statement: %w", err)
+			break
 		}
 		for _, s := range statement.Subject {
 			for alg, ds := range s.Digest {
@@ -106,7 +131,7 @@ func (v V001Entry) IndexKeys() ([]string, error) {
 			}
 		}
 	default:
-		log.Logger.Infof("Unknown in_toto Statement Type: %s", v.env.PayloadType)
+		log.Logger.Infof("unknown in_toto statement type (%s), cannot extract additional index keys", v.env.PayloadType)
 	}
 	return result, nil
 }
@@ -180,8 +205,7 @@ func (v *V001Entry) Canonicalize(ctx context.Context) ([]byte, error) {
 			},
 		},
 	}
-	attKey, attValue := v.AttestationKeyValue()
-	if attValue != nil {
+	if attKey, attValue := v.AttestationKeyValue(); attValue != nil {
 		canonicalEntry.Content.PayloadHash = &models.IntotoV001SchemaContentPayloadHash{
 			Algorithm: swag.String(models.IntotoV001SchemaContentHashAlgorithmSha256),
 			Value:     swag.String(strings.Replace(attKey, fmt.Sprintf("%s:", models.IntotoV001SchemaContentHashAlgorithmSha256), "", 1)),

pkg/types/intoto/v0.0.1/entry_test.go

@@ -16,6 +16,8 @@
 package intoto
 
 import (
+	"bytes"
+	"context"
 	"crypto"
 	"crypto/ecdsa"
 	"crypto/elliptic"
@@ -33,13 +35,16 @@ import (
 	"strings"
 	"testing"
 
+	"github.com/go-openapi/runtime"
 	"github.com/go-openapi/strfmt"
 	"github.com/go-openapi/swag"
 	"github.com/google/go-cmp/cmp"
+	"github.com/google/go-cmp/cmp/cmpopts"
 	"github.com/in-toto/in-toto-golang/in_toto"
 	slsa "github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/v0.2"
 	"github.com/secure-systems-lab/go-securesystemslib/dsse"
 	"github.com/sigstore/rekor/pkg/generated/models"
+	"github.com/sigstore/rekor/pkg/types"
 	"github.com/sigstore/sigstore/pkg/signature"
 	"go.uber.org/goleak"
 )
@@ -105,7 +110,8 @@ func TestV001Entry_Unmarshal(t *testing.T) {
 	}
 
 	ca := &x509.Certificate{
-		SerialNumber: big.NewInt(1),
+		SerialNumber:   big.NewInt(1),
+		EmailAddresses: []string{"joe@schmoe.com"},
 	}
 	caBytes, err := x509.CreateCertificate(rand.Reader, ca, ca, &priv.PublicKey, priv)
 	if err != nil {
@@ -131,10 +137,11 @@ func TestV001Entry_Unmarshal(t *testing.T) {
 	validPayload := "hellothispayloadisvalid"
 
 	tests := []struct {
-		name    string
-		want    models.IntotoV001Schema
-		it      *models.IntotoV001Schema
-		wantErr bool
+		name                string
+		want                models.IntotoV001Schema
+		it                  *models.IntotoV001Schema
+		wantErr             bool
+		additionalIndexKeys []string
 	}{
 		{
 			name:    "empty",
@@ -156,7 +163,20 @@ func TestV001Entry_Unmarshal(t *testing.T) {
 			wantErr: true,
 		},
 		{
-			name: "valid",
+			name: "valid intoto",
+			it: &models.IntotoV001Schema{
+				PublicKey: p(pub),
+				Content: &models.IntotoV001SchemaContent{
+					Envelope: envelope(t, key, validPayload, "application/vnd.in-toto+json"),
+					Hash: &models.IntotoV001SchemaContentHash{
+						Algorithm: swag.String(models.IntotoV001SchemaContentHashAlgorithmSha256),
+					},
+				},
+			},
+			wantErr: false,
+		},
+		{
+			name: "valid dsse but invalid intoto",
 			it: &models.IntotoV001Schema{
 				PublicKey: p(pub),
 				Content: &models.IntotoV001SchemaContent{
@@ -179,7 +199,8 @@ func TestV001Entry_Unmarshal(t *testing.T) {
 					},
 				},
 			},
-			wantErr: false,
+			additionalIndexKeys: []string{"joe@schmoe.com"},
+			wantErr:             false,
 		},
 		{
 			name: "invalid",
@@ -213,6 +234,7 @@ func TestV001Entry_Unmarshal(t *testing.T) {
 			v := &V001Entry{}
 			if tt.it.Content != nil {
 				h := sha256.Sum256([]byte(tt.it.Content.Envelope))
+				tt.it.Content.Hash.Algorithm = swag.String(models.IntotoV001SchemaContentHashAlgorithmSha256)
 				tt.it.Content.Hash.Value = swag.String(hex.EncodeToString(h[:]))
 			}
 
@@ -227,13 +249,41 @@ func TestV001Entry_Unmarshal(t *testing.T) {
 				if err := v.validate(); err != nil {
 					return err
 				}
-				sha := sha256.Sum256([]byte(v.env.Payload))
+				keysWanted := tt.additionalIndexKeys
+				if tt.it.PublicKey != nil {
+					h := sha256.Sum256(*tt.it.PublicKey)
+					keysWanted = append(keysWanted, fmt.Sprintf("sha256:%s", hex.EncodeToString(h[:])))
+				}
+				payloadBytes, _ := v.env.DecodeB64Payload()
+				payloadSha := sha256.Sum256(payloadBytes)
+				payloadHash := hex.EncodeToString(payloadSha[:])
 				// Always start with the hash
-				want := []string{"sha256:" + hex.EncodeToString(sha[:])}
+				keysWanted = append(keysWanted, "sha256:"+payloadHash)
 				hashkey := strings.ToLower(fmt.Sprintf("%s:%s", *tt.it.Content.Hash.Algorithm, *tt.it.Content.Hash.Value))
-				want = append(want, hashkey)
-				if got, _ := v.IndexKeys(); !reflect.DeepEqual(got, want) {
-					t.Errorf("V001Entry.IndexKeys() = %v, want %v", got, tt.want)
+				keysWanted = append(keysWanted, hashkey)
+				if got, _ := v.IndexKeys(); !cmp.Equal(got, keysWanted, cmpopts.SortSlices(func(x, y string) bool { return x < y })) {
+					t.Errorf("V001Entry.IndexKeys() = %v, want %v", got, keysWanted)
+				}
+				canonicalBytes, err := v.Canonicalize(context.Background())
+				if err != nil {
+					t.Errorf("error canonicalizing entry: %v", err)
+				}
+
+				pe, err := models.UnmarshalProposedEntry(bytes.NewReader(canonicalBytes), runtime.JSONConsumer())
+				if err != nil {
+					t.Errorf("unexpected err from Unmarshalling canonicalized entry for '%v': %v", tt.name, err)
+				}
+				canonicalEntry, err := types.NewEntry(pe)
+				if err != nil {
+					t.Errorf("unexpected err from type-specific unmarshalling for '%v': %v", tt.name, err)
+				}
+				canonicalV001 := canonicalEntry.(*V001Entry)
+				fmt.Printf("%v", canonicalV001.IntotoObj.Content)
+				if *canonicalV001.IntotoObj.Content.Hash.Value != *tt.it.Content.Hash.Value {
+					t.Errorf("envelope hashes do not match post canonicalization: %v %v", *canonicalV001.IntotoObj.Content.Hash.Value, *tt.it.Content.Hash.Value)
+				}
+				if canonicalV001.AttestationKey() != "" && *canonicalV001.IntotoObj.Content.PayloadHash.Value != payloadHash {
+					t.Errorf("payload hashes do not match post canonicalization: %v %v", canonicalV001.IntotoObj.Content.PayloadHash.Value, payloadHash)
 				}
 
 				return nil
@@ -316,7 +366,7 @@ func TestV001Entry_IndexKeys(t *testing.T) {
 					PayloadType: in_toto.PayloadType,
 				},
 			}
-			sha := sha256.Sum256([]byte(payload))
+			sha := sha256.Sum256(b)
 			// Always start with the hash
 			want := []string{"sha256:" + hex.EncodeToString(sha[:])}
 			want = append(want, tt.want...)
@@ -355,7 +405,7 @@ func TestIndexKeysNoContentHash(t *testing.T) {
 			PayloadType: in_toto.PayloadType,
 		},
 	}
-	sha := sha256.Sum256([]byte(payload))
+	sha := sha256.Sum256(b)
 	// Always start with the hash
 	want := []string{"sha256:" + hex.EncodeToString(sha[:])}
 	want = append(want, "sha256:mysha256digest")