Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

KMS Support #376

Merged
merged 48 commits into from
Feb 16, 2024
Merged
Show file tree
Hide file tree
Changes from 43 commits
Commits
Show all changes
48 commits
Select commit Hold shift + click to select a range
e6370e0
adding changes for testing kms
ChaosInTheCRD Jan 8, 2024
5a54f85
implementing verifier for policy with KMS
ChaosInTheCRD Jan 10, 2024
2ecd4a4
adding changes
ChaosInTheCRD Jan 15, 2024
68d2595
removing log
ChaosInTheCRD Jan 17, 2024
4d307e0
saving progress
ChaosInTheCRD Jan 19, 2024
86401c7
Add FOSSA license scanning
jkjell Jan 6, 2024
ec7e08e
Add Security MD files an add FOSSA scan badge
jkjell Jan 6, 2024
421693d
Pin dependencies and restrict permissions
jkjell Jan 6, 2024
718cd31
Add signing to goreleaser and Best Practices badge to readme.
jkjell Jan 6, 2024
dddfd28
Add cosign install
jkjell Jan 6, 2024
2dc9d28
chore: bump actions/cache from 3.3.2 to 3.3.3 (#355)
dependabot[bot] Jan 16, 2024
385a822
chore: bump actions/upload-artifact from 4.0.0 to 4.1.0 (#356)
dependabot[bot] Jan 16, 2024
447de01
chore: bump github/codeql-action from 3.22.12 to 3.23.0 (#357)
dependabot[bot] Jan 16, 2024
f7a02a0
chore: bump actions/download-artifact from 4.1.0 to 4.1.1 (#358)
dependabot[bot] Jan 16, 2024
a537728
Initial attempt at PR and Issue templates (#351)
jkjell Jan 17, 2024
99761cb
chore: bump actions/cache from 3.3.3 to 4.0.0 (#364)
dependabot[bot] Jan 22, 2024
4c094f3
chore: bump actions/upload-artifact from 4.1.0 to 4.2.0 (#363)
dependabot[bot] Jan 23, 2024
e117f4b
chore: bump github/codeql-action from 3.23.0 to 3.23.1 (#365)
dependabot[bot] Jan 23, 2024
a41f691
chore: bump actions/dependency-review-action from 3.1.5 to 4.0.0 (#366)
dependabot[bot] Jan 23, 2024
cc2ff13
saving progress
ChaosInTheCRD Jan 25, 2024
4e82f5d
adding hashivault provider
ChaosInTheCRD Jan 29, 2024
5b33853
chore: bump actions/upload-artifact from 4.2.0 to 4.3.0 (#369)
dependabot[bot] Jan 29, 2024
0658d4b
chore: bump github/codeql-action from 3.23.1 to 3.23.2 (#370)
dependabot[bot] Jan 29, 2024
8da44b5
we dont always add verifiers
ChaosInTheCRD Feb 1, 2024
b504a0f
preparing for draft PR
ChaosInTheCRD Feb 1, 2024
a6fa76d
adding local reference to go-witnes
ChaosInTheCRD Feb 6, 2024
1fd8181
added implementation for passing in extra options for the kms providers
ChaosInTheCRD Feb 8, 2024
d27cc60
refactors to fix provider options overwrite bug
ChaosInTheCRD Feb 13, 2024
900494a
adding hashivault provider
ChaosInTheCRD Jan 29, 2024
6cdb454
we dont always add verifiers
ChaosInTheCRD Feb 1, 2024
4967272
preparing for draft PR
ChaosInTheCRD Feb 1, 2024
d54e511
adding local reference to go-witnes
ChaosInTheCRD Feb 6, 2024
6cbf6c3
chore: bump github/codeql-action from 3.23.2 to 3.24.0 (#378)
dependabot[bot] Feb 13, 2024
1030699
chore: bump step-security/harden-runner from 2.6.1 to 2.7.0 (#379)
dependabot[bot] Feb 13, 2024
06b80ff
chore: bump sigstore/cosign-installer from 3.3.0 to 3.4.0 (#380)
dependabot[bot] Feb 13, 2024
669893b
chore: bump actions/download-artifact from 4.1.1 to 4.1.2 (#382)
dependabot[bot] Feb 13, 2024
95f56df
chore: bump actions/upload-artifact from 4.3.0 to 4.3.1 (#383)
dependabot[bot] Feb 13, 2024
91b558a
minor changes
ChaosInTheCRD Feb 13, 2024
13095f1
fixing tests
ChaosInTheCRD Feb 13, 2024
8962cd8
Merge branch 'main' into testing-kms
ChaosInTheCRD Feb 13, 2024
7a3b84c
Merge branch 'main' of github.com:in-toto/witness into testing-kms
ChaosInTheCRD Feb 13, 2024
c16fdb2
Merge branch 'testing-kms' of github.com:ChaosInTheCRD/witness into t…
ChaosInTheCRD Feb 13, 2024
d275bd8
adding docs
ChaosInTheCRD Feb 13, 2024
235870c
pinning to new version of go-witness
ChaosInTheCRD Feb 16, 2024
faa5fef
removing local reference to go-witness
ChaosInTheCRD Feb 16, 2024
4f1f245
updating Go
ChaosInTheCRD Feb 16, 2024
cf6c7b6
fixing docgen
ChaosInTheCRD Feb 16, 2024
32ff6de
Remove replace in go.mod and minor updates to docs
jkjell Feb 16, 2024
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
79 changes: 72 additions & 7 deletions cmd/keyloader.go
Original file line number Diff line number Diff line change
Expand Up @@ -19,18 +19,19 @@
"fmt"
"strings"

"github.com/in-toto/go-witness/cryptoutil"

Check failure on line 22 in cmd/keyloader.go

View workflow job for this annotation

GitHub Actions / Verify Docgen

github.com/in-toto/go-witness@v0.2.3: replacement directory ../go-witness does not exist

Check failure on line 22 in cmd/keyloader.go

View workflow job for this annotation

GitHub Actions / unit-test / witness

github.com/in-toto/go-witness@v0.2.3: replacement directory ../go-witness does not exist

Check failure on line 22 in cmd/keyloader.go

View workflow job for this annotation

GitHub Actions / sast / witness

github.com/in-toto/go-witness@v0.2.3: replacement directory ../go-witness does not exist
"github.com/in-toto/go-witness/log"
"github.com/in-toto/go-witness/signer"
"github.com/in-toto/go-witness/signer/kms"
"github.com/in-toto/witness/options"
"github.com/spf13/pflag"
)

// signerProvidersFromFlags looks at all flags that were set by the user to determine which signer providers we should use
func signerProvidersFromFlags(flags *pflag.FlagSet) map[string]struct{} {
signerProviders := make(map[string]struct{})
// providersFromFlags looks at all flags that were set by the user to determine which providers we should use
func providersFromFlags(prefix string, flags *pflag.FlagSet) map[string]struct{} {
providers := make(map[string]struct{})
flags.Visit(func(flag *pflag.Flag) {
if !strings.HasPrefix(flag.Name, "signer-") {
if !strings.HasPrefix(flag.Name, fmt.Sprintf("%s-", prefix)) {
return
}

Expand All @@ -39,14 +40,14 @@
return
}

signerProviders[parts[1]] = struct{}{}
providers[parts[1]] = struct{}{}
})

return signerProviders
return providers
}

// loadSigners loads all signers that appear in the signerProviders set and creates their respective signers, using any options provided in so
func loadSigners(ctx context.Context, so options.SignerOptions, signerProviders map[string]struct{}) ([]cryptoutil.Signer, error) {
func loadSigners(ctx context.Context, so options.SignerOptions, ko options.KMSSignerProviderOptions, signerProviders map[string]struct{}) ([]cryptoutil.Signer, error) {
signers := make([]cryptoutil.Signer, 0)
for signerProvider := range signerProviders {
setters := so[signerProvider]
Expand All @@ -56,6 +57,18 @@
continue
}

// NOTE: We want to initialze the KMS provider specific options if a KMS signer has been invoked
if ksp, ok := sp.(*kms.KMSSignerProvider); ok {
for _, opt := range ksp.Options {
for _, setter := range ko[opt.ProviderName()] {
sp, err = setter(ksp)
if err != nil {
continue
}
}
}
}

s, err := sp.Signer(ctx)
if err != nil {
log.Errorf("failed to create %v signer: %w", signerProvider, err)
Expand All @@ -71,3 +84,55 @@

return signers, nil
}

// NOTE: This is a temporary implementation until we have a SignerVerifier interface
// loadVerifiers loads all verifiers that appear in the verifierProviders set and creates their respective verifiers, using any options provided in so
func loadVerifiers(ctx context.Context, so options.VerifierOptions, ko options.KMSVerifierProviderOptions, verifierProviders map[string]struct{}) ([]cryptoutil.Verifier, error) {
verifiers := make([]cryptoutil.Verifier, 0)
for verifierProvider := range verifierProviders {
setters := so[verifierProvider]
sp, err := signer.NewVerifierProvider(verifierProvider, setters...)
if err != nil {
log.Errorf("failed to create %v verifier provider: %w", verifierProvider, err)
continue
}

// NOTE: We want to initialze the KMS provider specific options if a KMS signer has been invoked
if ksp, ok := sp.(*kms.KMSSignerProvider); ok {
for _, opt := range ksp.Options {
pn := opt.ProviderName()
for _, setter := range ko[pn] {
vp, err := setter(ksp)
if err != nil {
continue
}

// NOTE: KMS SignerProvider can also be a VerifierProvider. This is a nasty hack to cast things back in a way that we can add to the loaded verifiers.
// This must be refactored.
kspv, ok := vp.(*kms.KMSSignerProvider)
if !ok {
return nil, fmt.Errorf("provided verifier provider is not a KMS verifier provider")
}

s, err := kspv.Verifier(ctx)
if err != nil {
log.Errorf("failed to create %v verifier: %w", verifierProvider, err)
continue
}
verifiers = append(verifiers, s)
return verifiers, nil
}
}
}

s, err := sp.Verifier(ctx)
if err != nil {
log.Errorf("failed to create %v verifier: %w", verifierProvider, err)
continue
}

verifiers = append(verifiers, s)
}

return verifiers, nil
}
2 changes: 2 additions & 0 deletions cmd/root.go
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,8 @@ import (
"os"

"github.com/in-toto/go-witness/log"
_ "github.com/in-toto/go-witness/signer/kms/aws"
_ "github.com/in-toto/go-witness/signer/kms/gcp"
"github.com/in-toto/witness/options"
"github.com/spf13/cobra"
)
Expand Down
6 changes: 3 additions & 3 deletions cmd/root_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,7 @@ func Test_loadSignersKeyPair(t *testing.T) {
},
}

signers, err := loadSigners(context.Background(), signerOptions, map[string]struct{}{"file": {}})
signers, err := loadSigners(context.Background(), signerOptions, options.KMSSignerProviderOptions{}, map[string]struct{}{"file": {}})
require.NoError(t, err)
require.Len(t, signers, 1)
assert.IsType(t, &cryptoutil.RSASigner{}, signers[0])
Expand All @@ -79,7 +79,7 @@ func Test_loadSignersKeyPair(t *testing.T) {
},
}

signers, err := loadSigners(context.Background(), signerOptions, map[string]struct{}{"file": {}})
signers, err := loadSigners(context.Background(), signerOptions, options.KMSSignerProviderOptions{}, map[string]struct{}{"file": {}})
require.Error(t, err)
require.Len(t, signers, 0)
})
Expand All @@ -99,7 +99,7 @@ func Test_loadSignersCertificate(t *testing.T) {
},
}

signers, err := loadSigners(context.Background(), signerOptions, map[string]struct{}{"file": {}})
signers, err := loadSigners(context.Background(), signerOptions, options.KMSSignerProviderOptions{}, map[string]struct{}{"file": {}})
require.NoError(t, err)
require.Len(t, signers, 1)
require.IsType(t, &cryptoutil.X509Signer{}, signers[0])
Expand Down
9 changes: 5 additions & 4 deletions cmd/run.go
Original file line number Diff line number Diff line change
Expand Up @@ -19,15 +19,15 @@
"encoding/json"
"fmt"

witness "github.com/in-toto/go-witness"

Check failure on line 22 in cmd/run.go

View workflow job for this annotation

GitHub Actions / Verify Docgen

github.com/in-toto/go-witness@v0.2.3: replacement directory ../go-witness does not exist

Check failure on line 22 in cmd/run.go

View workflow job for this annotation

GitHub Actions / unit-test / witness

github.com/in-toto/go-witness@v0.2.3: replacement directory ../go-witness does not exist

Check failure on line 22 in cmd/run.go

View workflow job for this annotation

GitHub Actions / sast / witness

github.com/in-toto/go-witness@v0.2.3: replacement directory ../go-witness does not exist
"github.com/in-toto/go-witness/archivista"

Check failure on line 23 in cmd/run.go

View workflow job for this annotation

GitHub Actions / Verify Docgen

github.com/in-toto/go-witness@v0.2.3: replacement directory ../go-witness does not exist

Check failure on line 23 in cmd/run.go

View workflow job for this annotation

GitHub Actions / unit-test / witness

github.com/in-toto/go-witness@v0.2.3: replacement directory ../go-witness does not exist

Check failure on line 23 in cmd/run.go

View workflow job for this annotation

GitHub Actions / sast / witness

github.com/in-toto/go-witness@v0.2.3: replacement directory ../go-witness does not exist
"github.com/in-toto/go-witness/attestation"

Check failure on line 24 in cmd/run.go

View workflow job for this annotation

GitHub Actions / Verify Docgen

github.com/in-toto/go-witness@v0.2.3: replacement directory ../go-witness does not exist

Check failure on line 24 in cmd/run.go

View workflow job for this annotation

GitHub Actions / unit-test / witness

github.com/in-toto/go-witness@v0.2.3: replacement directory ../go-witness does not exist

Check failure on line 24 in cmd/run.go

View workflow job for this annotation

GitHub Actions / sast / witness

github.com/in-toto/go-witness@v0.2.3: replacement directory ../go-witness does not exist
"github.com/in-toto/go-witness/attestation/commandrun"

Check failure on line 25 in cmd/run.go

View workflow job for this annotation

GitHub Actions / Verify Docgen

github.com/in-toto/go-witness@v0.2.3: replacement directory ../go-witness does not exist

Check failure on line 25 in cmd/run.go

View workflow job for this annotation

GitHub Actions / unit-test / witness

github.com/in-toto/go-witness@v0.2.3: replacement directory ../go-witness does not exist

Check failure on line 25 in cmd/run.go

View workflow job for this annotation

GitHub Actions / sast / witness

github.com/in-toto/go-witness@v0.2.3: replacement directory ../go-witness does not exist
"github.com/in-toto/go-witness/attestation/material"

Check failure on line 26 in cmd/run.go

View workflow job for this annotation

GitHub Actions / Verify Docgen

github.com/in-toto/go-witness@v0.2.3: replacement directory ../go-witness does not exist

Check failure on line 26 in cmd/run.go

View workflow job for this annotation

GitHub Actions / unit-test / witness

github.com/in-toto/go-witness@v0.2.3: replacement directory ../go-witness does not exist

Check failure on line 26 in cmd/run.go

View workflow job for this annotation

GitHub Actions / sast / witness

github.com/in-toto/go-witness@v0.2.3: replacement directory ../go-witness does not exist
"github.com/in-toto/go-witness/attestation/product"

Check failure on line 27 in cmd/run.go

View workflow job for this annotation

GitHub Actions / Verify Docgen

github.com/in-toto/go-witness@v0.2.3: replacement directory ../go-witness does not exist

Check failure on line 27 in cmd/run.go

View workflow job for this annotation

GitHub Actions / unit-test / witness

github.com/in-toto/go-witness@v0.2.3: replacement directory ../go-witness does not exist

Check failure on line 27 in cmd/run.go

View workflow job for this annotation

GitHub Actions / sast / witness

github.com/in-toto/go-witness@v0.2.3: replacement directory ../go-witness does not exist
"github.com/in-toto/go-witness/cryptoutil"
"github.com/in-toto/go-witness/log"
"github.com/in-toto/go-witness/registry"

Check failure on line 30 in cmd/run.go

View workflow job for this annotation

GitHub Actions / Verify Docgen

github.com/in-toto/go-witness@v0.2.3: replacement directory ../go-witness does not exist

Check failure on line 30 in cmd/run.go

View workflow job for this annotation

GitHub Actions / unit-test / witness

github.com/in-toto/go-witness@v0.2.3: replacement directory ../go-witness does not exist

Check failure on line 30 in cmd/run.go

View workflow job for this annotation

GitHub Actions / sast / witness

github.com/in-toto/go-witness@v0.2.3: replacement directory ../go-witness does not exist
"github.com/in-toto/go-witness/timestamp"
"github.com/in-toto/witness/options"
"github.com/spf13/cobra"
Expand All @@ -35,8 +35,9 @@

func RunCmd() *cobra.Command {
o := options.RunOptions{
AttestorOptSetters: make(map[string][]func(attestation.Attestor) (attestation.Attestor, error)),
SignerOptions: options.SignerOptions{},
AttestorOptSetters: make(map[string][]func(attestation.Attestor) (attestation.Attestor, error)),
SignerOptions: options.SignerOptions{},
KMSSignerProviderOptions: options.KMSSignerProviderOptions{},
}

cmd := &cobra.Command{
Expand All @@ -45,9 +46,9 @@
SilenceErrors: true,
SilenceUsage: true,
RunE: func(cmd *cobra.Command, args []string) error {
signers, err := loadSigners(cmd.Context(), o.SignerOptions, signerProvidersFromFlags(cmd.Flags()))
signers, err := loadSigners(cmd.Context(), o.SignerOptions, o.KMSSignerProviderOptions, providersFromFlags("signer", cmd.Flags()))
if err != nil {
return fmt.Errorf("failed to load signers")
return fmt.Errorf("failed to load signers: %w", err)
}

return runRun(cmd.Context(), o, args, signers...)
Expand Down
2 changes: 1 addition & 1 deletion cmd/run_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -83,7 +83,7 @@ func Test_runRunRSACA(t *testing.T) {
},
}

signers, err := loadSigners(context.Background(), signerOptions, map[string]struct{}{"file": {}})
signers, err := loadSigners(context.Background(), signerOptions, options.KMSSignerProviderOptions{}, map[string]struct{}{"file": {}})
require.NoError(t, err)

workingDir := t.TempDir()
Expand Down
5 changes: 3 additions & 2 deletions cmd/sign.go
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@

witness "github.com/in-toto/go-witness"
"github.com/in-toto/go-witness/cryptoutil"
"github.com/in-toto/go-witness/dsse"

Check failure on line 24 in cmd/sign.go

View workflow job for this annotation

GitHub Actions / Verify Docgen

github.com/in-toto/go-witness@v0.2.3: replacement directory ../go-witness does not exist

Check failure on line 24 in cmd/sign.go

View workflow job for this annotation

GitHub Actions / unit-test / witness

github.com/in-toto/go-witness@v0.2.3: replacement directory ../go-witness does not exist

Check failure on line 24 in cmd/sign.go

View workflow job for this annotation

GitHub Actions / sast / witness

github.com/in-toto/go-witness@v0.2.3: replacement directory ../go-witness does not exist
"github.com/in-toto/go-witness/timestamp"
"github.com/in-toto/witness/options"
"github.com/spf13/cobra"
Expand All @@ -29,7 +29,8 @@

func SignCmd() *cobra.Command {
so := options.SignOptions{
SignerOptions: options.SignerOptions{},
SignerOptions: options.SignerOptions{},
KMSSignerProviderOptions: options.KMSSignerProviderOptions{},
}

cmd := &cobra.Command{
Expand All @@ -40,7 +41,7 @@
SilenceUsage: true,
DisableAutoGenTag: true,
RunE: func(cmd *cobra.Command, args []string) error {
signers, err := loadSigners(cmd.Context(), so.SignerOptions, signerProvidersFromFlags(cmd.Flags()))
signers, err := loadSigners(cmd.Context(), so.SignerOptions, so.KMSSignerProviderOptions, providersFromFlags("signer", cmd.Flags()))
if err != nil {
return fmt.Errorf("failed to load signer: %w", err)
}
Expand Down
24 changes: 16 additions & 8 deletions cmd/verify.go
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,11 @@ import (
)

func VerifyCmd() *cobra.Command {
vo := options.VerifyOptions{}
vo := options.VerifyOptions{
ArchivistaOptions: options.ArchivistaOptions{},
KMSVerifierProviderOptions: options.KMSVerifierProviderOptions{},
VerifierOptions: options.VerifierOptions{},
}
cmd := &cobra.Command{
Use: "verify",
Short: "Verifies a witness policy",
Expand All @@ -42,7 +46,11 @@ func VerifyCmd() *cobra.Command {
SilenceUsage: true,
DisableAutoGenTag: true,
RunE: func(cmd *cobra.Command, args []string) error {
return runVerify(cmd.Context(), vo)
verifiers, err := loadVerifiers(cmd.Context(), vo.VerifierOptions, vo.KMSVerifierProviderOptions, providersFromFlags("verifier", cmd.Flags()))
if err != nil {
return fmt.Errorf("failed to load signer: %w", err)
}
return runVerify(cmd.Context(), vo, verifiers...)
},
}
vo.AddFlags(cmd)
Expand All @@ -55,24 +63,24 @@ const (

// todo: this logic should be broken out and moved to pkg/
// we need to abstract where keys are coming from, etc
func runVerify(ctx context.Context, vo options.VerifyOptions) error {
if vo.KeyPath == "" && len(vo.CAPaths) == 0 {
return fmt.Errorf("must suply public key or ca paths")
func runVerify(ctx context.Context, vo options.VerifyOptions, verifiers ...cryptoutil.Verifier) error {
if vo.KeyPath == "" && len(vo.CAPaths) == 0 && len(verifiers) == 0 {
return fmt.Errorf("must supply either a public key, CA certificates or a verifier")
}

var verifier cryptoutil.Verifier
if vo.KeyPath != "" {
keyFile, err := os.Open(vo.KeyPath)
if err != nil {
return fmt.Errorf("failed to open key file: %w", err)
}
defer keyFile.Close()

verifier, err = cryptoutil.NewVerifierFromReader(keyFile)
v, err := cryptoutil.NewVerifierFromReader(keyFile)
if err != nil {
return fmt.Errorf("failed to create verifier: %w", err)
}

verifiers = append(verifiers, v)
}

inFile, err := os.Open(vo.PolicyFilePath)
Expand Down Expand Up @@ -121,7 +129,7 @@ func runVerify(ctx context.Context, vo options.VerifyOptions) error {
verifiedEvidence, err := witness.Verify(
ctx,
policyEnvelope,
[]cryptoutil.Verifier{verifier},
verifiers,
witness.VerifyWithSubjectDigests(subjects),
witness.VerifyWithCollectionSource(collectionSource),
)
Expand Down
4 changes: 2 additions & 2 deletions cmd/verify_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,7 @@ func TestRunVerifyCA(t *testing.T) {
},
}

signers, err := loadSigners(context.Background(), so, map[string]struct{}{"file": {}})
signers, err := loadSigners(context.Background(), so, options.KMSSignerProviderOptions{}, map[string]struct{}{"file": {}})
require.NoError(t, err)

caBytes, err := os.ReadFile(ca.Name())
Expand Down Expand Up @@ -167,7 +167,7 @@ func TestRunVerifyKeyPair(t *testing.T) {
},
}

signers, err := loadSigners(context.Background(), so, map[string]struct{}{"file": {}})
signers, err := loadSigners(context.Background(), so, options.KMSSignerProviderOptions{}, map[string]struct{}{"file": {}})
require.NoError(t, err)

artifactPath := filepath.Join(workingDir, "test.txt")
Expand Down
Loading
Loading