slsa-framework · ramonpetgrave64 · Jul 11, 2024 · Jun 13, 2024 · Jun 13, 2024 · Jun 13, 2024
@@ -481,6 +481,40 @@ The verified in-toto statement may be written to stdout with the
 
 Note that `--source-uri` supports GitHub repository URIs like `github.com/$OWNER/$REPO` when the build was enabled with a Cloud Build [GitHub trigger](https://cloud.google.com/build/docs/automating-builds/github/build-repos-from-github). Otherwise, the build provenance will contain the name of the Cloud Storage bucket used to host the source files, usually of the form `gs://[PROJECT_ID]_cloudbuild/source` (see [Running build](https://cloud.google.com/build/docs/running-builds/submit-build-via-cli-api#running_builds)). We recommend using GitHub triggers in order to preserve the source provenance and valiate that the source came from an expected, version-controlled repository. You _may_ match on the fully-qualified tar like `gs://[PROJECT_ID]_cloudbuild/source/1665165360.279777-955d1904741e4bbeb3461080299e929a.tgz`.
 
+### Verification Summary Attestations (VSA)
+
+We have experimental support for [verifying](https://slsa.dev/spec/v1.1/verification_summary#how-to-verify) VSAs.
+Rather than passing in filepaths as arguments, we allow passing in mulitple `--subject-digest` cli options, to
+accomodate subjects that are not simple-files.
+
+This experimental support does not work yet with VSAs wrapped in Sigstore bundles, only with simple DSSE envelopes.
+With that, we allow the user to pass in the public key.
+Note that if the DSSE Envelope `signatures` specifies a `keyid` that is not a simple hash of the key, then you
+must supply the `--public-key-id` cli option.
+
+To verify VSAs, invoke like this
+
+```shell
+SLSA_VERIFIER_EXPERIMENTAL=1 \
+go run ./cli/slsa-verifier/ verify-vsa \
+--subject-digest gce_image_id:8970095005306000053 \
+--attestations-path ./cli/slsa-verifier/testdata/vsa/gce/v1/gke-gce-pre.bcid-vsa.jsonl \
+--verifier-id https://bcid.corp.google.com/verifier/bcid_package_enforcer/v0.1 \
+--resource-uri gce_image://gke-node-images:gke-12615-gke1418000-cos-101-17162-463-29-c-cgpv1-pre \
+--verified-levels "BCID_L1, SLSA_BUILD_LEVEL_2" \
+--public-key-path ./cli/slsa-verifier/testdata/vsa/gce/v1/vsa_signing_public_key.pem \
+--public-key-id keystore://76574:prod:vsa_signing_public_key \
+--public-key-hash-algo SHA256 \
+--print-attestation
+```
+
+For multiple subhects, use:
+
+```
+--subject-digest sha256:abc123
+--subject-digest sha256:xyz456
+```
+
 ## Known Issues
 
 ### tuf: invalid key

@@ -37,6 +37,7 @@ For more information on SLSA, visit https://slsa.dev`,
 	c.AddCommand(verifyArtifactCmd())
 	c.AddCommand(verifyImageCmd())
 	c.AddCommand(verifyNpmPackageCmd())
+	c.AddCommand(verifyVSACmd())
 	// We print our own errors and usage in the check function.
 	c.SilenceErrors = true
 	return c

@@ -1795,6 +1795,99 @@ func Test_runVerifyNpmPackage(t *testing.T) {
 	}
 }
 
+func Test_runVerifyVSA(t *testing.T) {
+	// We cannot use t.Setenv due to parallelized tests.
+	os.Setenv("SLSA_VERIFIER_EXPERIMENTAL", "1")
+	t.Parallel()
+
+	tests := []struct {
+		name              string
+		attestationsPath  *string
+		subjectDigests    *[]string
+		verifierID        *string
+		resourceURI       *string
+		verifiedLevels    *[]string
+		publicKeyPath     *string
+		publicKeyID       *string
+		publicKeyHashAlgo *string
+		err               error
+	}{
+		{
+			name:              "success: gke",
+			attestationsPath:  PointerTo("gce/v1/gke-gce-pre.bcid-vsa.jsonl"),
+			subjectDigests:    PointerTo([]string{"gce_image_id:8970095005306000053"}),
+			verifierID:        PointerTo("https://bcid.corp.google.com/verifier/bcid_package_enforcer/v0.1"),
+			resourceURI:       PointerTo("gce_image://gke-node-images:gke-12615-gke1418000-cos-101-17162-463-29-c-cgpv1-pre"),
+			verifiedLevels:    PointerTo([]string{"BCID_L1", "SLSA_BUILD_LEVEL_2"}),
+			publicKeyPath:     PointerTo("gce/v1/vsa_signing_public_key.pem"),
+			publicKeyID:       PointerTo("keystore://76574:prod:vsa_signing_public_key"),
+			publicKeyHashAlgo: PointerTo("SHA256"),
+		},
+		{
+			name:              "success: gke, default public key hash algo",
+			attestationsPath:  PointerTo("gce/v1/gke-gce-pre.bcid-vsa.jsonl"),
+			subjectDigests:    PointerTo([]string{"gce_image_id:8970095005306000053"}),
+			verifierID:        PointerTo("https://bcid.corp.google.com/verifier/bcid_package_enforcer/v0.1"),
+			resourceURI:       PointerTo("gce_image://gke-node-images:gke-12615-gke1418000-cos-101-17162-463-29-c-cgpv1-pre"),
+			verifiedLevels:    PointerTo([]string{"BCID_L1", "SLSA_BUILD_LEVEL_2"}),
+			publicKeyPath:     PointerTo("gce/v1/vsa_signing_public_key.pem"),
+			publicKeyID:       PointerTo("keystore://76574:prod:vsa_signing_public_key"),
+			publicKeyHashAlgo: PointerTo(""),
+		},
+		{
+			name:              "fail: gke, unsupported public key hash algo",
+			attestationsPath:  PointerTo("gce/v1/gke-gce-pre.bcid-vsa.jsonl"),
+			publicKeyPath:     PointerTo("gce/v1/vsa_signing_public_key.pem"),
+			publicKeyHashAlgo: PointerTo("SHA123"),
+			err:               serrors.ErrorInvalidHashAlgo,
+		},
+		{
+			name:              "fail: gke, wrong public key hash algo",
+			attestationsPath:  PointerTo("gce/v1/gke-gce-pre.bcid-vsa.jsonl"),
+			publicKeyPath:     PointerTo("gce/v1/vsa_signing_public_key.pem"),
+			publicKeyID:       PointerTo(""),
+			publicKeyHashAlgo: PointerTo("SHA512"),
+			err:               serrors.ErrorNoValidSignature,
+		},
+		{
+			name:              "fail: gke, wrong key id",
+			attestationsPath:  PointerTo("gce/v1/gke-gce-pre.bcid-vsa.jsonl"),
+			publicKeyPath:     PointerTo("gce/v1/vsa_signing_public_key.pem"),
+			publicKeyID:       PointerTo("my_key_id"),
+			publicKeyHashAlgo: PointerTo("SHA256"),
+			err:               serrors.ErrorNoValidSignature,
+		},
+		// TODO: Add more tests for different scenarios.
+	}
+
+	for _, tt := range tests {
+		tt := tt // Re-initializing variable so it is not changed while executing the closure below
+		t.Run(tt.name, func(t *testing.T) {
+			t.Parallel()
+
+			attestationsPath := filepath.Clean(filepath.Join(TEST_DIR, "vsa", *tt.attestationsPath))
+			publicKeyPath := filepath.Clean(filepath.Join(TEST_DIR, "vsa", *tt.publicKeyPath))
+
+			cmd := verify.VerifyVSACommand{
+				AttestationsPath:  &attestationsPath,
+				SubjectDigests:    tt.subjectDigests,
+				VerifierID:        tt.verifierID,
+				ResourceURI:       tt.resourceURI,
+				VerifiedLevels:    tt.verifiedLevels,
+				PublicKeyPath:     &publicKeyPath,
+				PublicKeyID:       tt.publicKeyID,
+				PublicKeyHashAlgo: tt.publicKeyHashAlgo,
+			}
+
+			_, err := cmd.Exec(context.Background())
+			if diff := cmp.Diff(tt.err, err, cmpopts.EquateErrors()); diff != "" {
+				t.Fatalf("unexpected error (-want +got): \n%s", diff)
+			}
+		})
+	}
+
+}
+
 func PointerTo[K any](object K) *K {
 	return &object
 }
@@ -0,0 +1,10 @@
+{
+    "payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjEiLCJwcmVkaWNhdGVUeXBlIjoiaHR0cHM6Ly9zbHNhLmRldi92ZXJpZmljYXRpb25fc3VtbWFyeS92MSIsInByZWRpY2F0ZSI6eyJ0aW1lVmVyaWZpZWQiOiIyMDI0LTA2LTEyVDA3OjI0OjM0LjM1MTYwOFoiLCJ2ZXJpZmllciI6eyJpZCI6Imh0dHBzOi8vYmNpZC5jb3JwLmdvb2dsZS5jb20vdmVyaWZpZXIvYmNpZF9wYWNrYWdlX2VuZm9yY2VyL3YwLjEifSwidmVyaWZpY2F0aW9uUmVzdWx0IjoiUEFTU0VEIiwidmVyaWZpZWRMZXZlbHMiOlsiQkNJRF9MMSIsIlNMU0FfQlVJTERfTEVWRUxfMiJdLCJyZXNvdXJjZVVyaSI6ImdjZV9pbWFnZTovL2drZS1ub2RlLWltYWdlczpna2UtMTI2MTUtZ2tlMTQxODAwMC1jb3MtMTAxLTE3MTYyLTQ2My0yOS1jLWNncHYxLXByZSIsInBvbGljeSI6eyJ1cmkiOiJnb29nbGVmaWxlOi9nb29nbGVfc3JjL2ZpbGVzLzY0MjUxMzE5Mi9kZXBvdC9nb29nbGUzL3Byb2R1Y3Rpb24vc2VjdXJpdHkvYmNpZC9zb2Z0d2FyZS9nY2VfaW1hZ2UvZ2tlL3ZtX2ltYWdlcy5zd19wb2xpY3kudGV4dHByb3RvIn19LCJzdWJqZWN0IjpbeyJuYW1lIjoiXyIsImRpZ2VzdCI6eyJnY2VfaW1hZ2VfaWQiOiI4OTcwMDk1MDA1MzA2MDAwMDUzIn19XX0=",
+    "payloadType": "application/vnd.in-toto+json",
+    "signatures": [
+        {
+            "sig": "bmIy2gfnQt6oYpd0WbpQMtZcMRtmntDmyki+Be+2Z9qkboMVbi2RQAD1b5AWbBs7iAP8NZVJOI4R/4jOVYB/FA==",
+            "keyid": "keystore://76574:prod:vsa_signing_public_key"
+        }
+    ]
+}
@@ -0,0 +1,4 @@
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEeGa6ZCZn0q6WpaUwJrSk+PPYEsca
+3Xkk3UrxvbQtoZzTmq0zIYq+4QQl0YBedSyy+XcwAMaUWTouTrB05WhYtg==
+-----END PUBLIC KEY-----
@@ -24,7 +24,7 @@ import (
 )
 
 const (
-	SUCCESS = "PASSED: Verified SLSA provenance"
+	SUCCESS = "PASSED: SLSA verification passed"
 	FAILURE = "FAILED: SLSA verification failed"
 )
 
@@ -184,3 +184,35 @@ func verifyNpmPackageCmd() *cobra.Command {
 	o.AddFlags(cmd)
 	return cmd
 }
+
+func verifyVSACmd() *cobra.Command {
+	o := &verify.VerifyVSAOptions{}
+
+	cmd := &cobra.Command{
+		Use:   "verify-vsa [flags] subject-digest [subject-digest...]",
+		Args:  cobra.NoArgs,
+		Short: "Verifies SLSA VSAs for the given subject-digests [experimental]",
+		Run: func(cmd *cobra.Command, args []string) {
+			v := verify.VerifyVSACommand{
+				SubjectDigests:    &o.SubjectDigests,
+				AttestationsPath:  &o.AttestationsPath,
+				VerifierID:        &o.VerifierID,
+				ResourceURI:       &o.ResourceURI,
+				VerifiedLevels:    &o.VerifiedLevels,
+				PrintAttestation:  o.PrintAttestation,
+				PublicKeyPath:     &o.PublicKeyPath,
+				PublicKeyID:       &o.PublicKeyID,
+				PublicKeyHashAlgo: &o.PublicKeyHashAlgo,
+			}
+			if _, err := v.Exec(cmd.Context()); err != nil {
+				fmt.Fprintf(os.Stderr, "%s: %v\n", FAILURE, err)
+				os.Exit(1)
+			} else {
+				fmt.Fprintf(os.Stderr, "%s\n", SUCCESS)
+			}
+		},
+	}
+
+	o.AddFlags(cmd)
+	return cmd
+}
@@ -127,6 +127,59 @@ func (o *VerifyNpmOptions) AddFlags(cmd *cobra.Command) {
 	cmd.MarkFlagsMutuallyExclusive("source-versioned-tag", "source-tag")
 }
 
+// VerifyVSAOptions is the top-level options for the `verifyVSA` command.
+type VerifyVSAOptions struct {
+	SubjectDigests    []string
+	AttestationsPath  string
+	VerifierID        string
+	ResourceURI       string
+	VerifiedLevels    []string
+	PublicKeyPath     string
+	PublicKeyID       string
+	PublicKeyHashAlgo string
+	PrintAttestation  bool
+}
+
+var _ Interface = (*VerifyVSAOptions)(nil)
+
+// AddFlags implements Interface.
+func (o *VerifyVSAOptions) AddFlags(cmd *cobra.Command) {
+	cmd.Flags().StringArrayVar(&o.SubjectDigests, "subject-digest", []string{},
+		"the digests to be verified. Pass multiple digests by repeating the flag.")
+
+	cmd.Flags().StringVar(&o.AttestationsPath, "attestations-path", "",
+		"path to a file containing the attestations")
+
+	cmd.Flags().StringVar(&o.VerifierID, "verifier-id", "",
+		"the unique verifier ID who created the attestations")
+
+	cmd.Flags().StringVar(&o.ResourceURI, "resource-uri", "",
+		"the resource URI to be verified")
+
+	cmd.Flags().StringSliceVar(&o.VerifiedLevels, "verified-levels", []string{},
+		"the levels of verification to be performed")
+
+	cmd.Flags().BoolVar(&o.PrintAttestation, "print-attestation", false,
+		"[optional] print the verified attestations to stdout")
+
+	cmd.Flags().StringVar(&o.PublicKeyPath, "public-key-path", "",
+		"path to a public key file")
+
+	cmd.Flags().StringVar(&o.PublicKeyID, "public-key-id", "",
+		"the ID of the public key")
+
+	cmd.Flags().StringVar(&o.PublicKeyHashAlgo, "public-key-hash-algo", "SHA256",
+		"the hash algorithm used to hash the public key, one of SHA256, SHA384, or SHA512")
+
+	cmd.MarkFlagRequired("subject-digests")
+	cmd.MarkFlagRequired("attestations-path")
+	cmd.MarkFlagRequired("verifier-id")
+	cmd.MarkFlagRequired("resource-uri")
+	cmd.MarkFlagRequired("verified-levels")
+	cmd.MarkFlagRequired("public-key-path")
+	// public-key-id" and "public-key-hash-algo" are optional since they have useful defaults
+}
+
 type workflowInputs struct {
 	kv map[string]string
 }

@@ -0,0 +1,107 @@
+// Copyright 2022 SLSA Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package verify
+
+import (
+	"context"
+	"crypto"
+	"errors"
+	"fmt"
+	"os"
+
+	"github.com/sigstore/sigstore/pkg/cryptoutils"
+	serrors "github.com/slsa-framework/slsa-verifier/v2/errors"
+	"github.com/slsa-framework/slsa-verifier/v2/options"
+	"github.com/slsa-framework/slsa-verifier/v2/verifiers"
+	"github.com/slsa-framework/slsa-verifier/v2/verifiers/utils"
+)
+
+// VerifyVSACommand contains the parameters for the verify-vsa command.
+type VerifyVSACommand struct {
+	SubjectDigests    *[]string
+	AttestationsPath  *string
+	VerifierID        *string
+	ResourceURI       *string
+	VerifiedLevels    *[]string
+	PrintAttestation  bool
+	PublicKeyPath     *string
+	PublicKeyID       *string
+	PublicKeyHashAlgo *string
+}
+
+var hashAlgos = map[string]crypto.Hash{
+	"":       crypto.SHA256, // default to SHA256
+	"SHA256": crypto.SHA256,
+	"SHA384": crypto.SHA384,
+	"SHA512": crypto.SHA512,
+}
+
+// Exec executes the verifiers.VerifyVSA.
+func (c *VerifyVSACommand) Exec(ctx context.Context) (*utils.TrustedAttesterID, error) {
+	if !options.ExperimentalEnabled() {
+		err := errors.New("feature support is only provided in SLSA_VERIFIER_EXPERIMENTAL mode")
+		printFailed(err)
+		return nil, err
+	}
+	vsaOpts := &options.VSAOpts{
+		ExpectedDigests:        c.SubjectDigests,
+		ExpectedVerifierID:     c.VerifierID,
+		ExpectedResourceURI:    c.ResourceURI,
+		ExpectedVerifiedLevels: c.VerifiedLevels,
+	}
+	pubKeyBytes, err := os.ReadFile(*c.PublicKeyPath)
+	if err != nil {
+		printFailed(err)
+		return nil, err
+	}
+	pubKey, err := cryptoutils.UnmarshalPEMToPublicKey(pubKeyBytes)
+	if err != nil {
+		err = fmt.Errorf("%w: %w", serrors.ErrorInvalidPublicKey, err)
+		printFailed(err)
+		return nil, err
+	}
+	hashHalgo, ok := hashAlgos[*c.PublicKeyHashAlgo]
+	if !ok {
+		err := fmt.Errorf("%w: %s", serrors.ErrorInvalidHashAlgo, *c.PublicKeyHashAlgo)
+		printFailed(err)
+		return nil, err
+	}
+	VerificationOpts := &options.VerificationOpts{
+		PublicKey:         pubKey,
+		PublicKeyID:       c.PublicKeyID,
+		PublicKeyHashAlgo: hashHalgo,
+	}
+	attestations, err := os.ReadFile(*c.AttestationsPath)
+	if err != nil {
+		printFailed(err)
+		return nil, err
+	}
+	verifiedProvenance, outProducerID, err := verifiers.VerifyVSA(ctx, attestations, vsaOpts, VerificationOpts)
+	if err != nil {
+		printFailed(err)
+		return nil, err
+	}
+	if c.PrintAttestation {
+		fmt.Fprintf(os.Stdout, "%s\n", string(verifiedProvenance))
+	}
+	fmt.Fprintf(os.Stderr, "Verifying VSA: PASSED\n\n")
+	// verfiers.VerifyVSA already checks if the producerID matches
+	return outProducerID, nil
+}
+
+// printFailed prints the error message to stderr.
+func printFailed(err error) {
+	fmt.Fprintf(os.Stderr, "Verifying VSA: FAILED: %v\n\n", err)
+}
@@ -44,4 +44,10 @@ var (
 	ErrorInvalidHash               = errors.New("invalid hash")
 	ErrorNotPresent                = errors.New("not present")
 	ErrorInvalidPublicKey          = errors.New("invalid public key")
+	ErrorInvalidHashAlgo           = errors.New("unsupported hash algorithm")
+	ErrorMismatchSLSAResult        = errors.New("SLSA result does not match")
+	ErrorMismatchVerifiedLevels    = errors.New("verified levels do not match")
+	ErrorMissingSubjectDigest      = errors.New("missing subject digest")
+	ErrorMismatchResourceURI       = errors.New("resource URI does not match")
+	ErrorMismatchVerifierID        = errors.New("verifier ID does not match")
 )