forked from sigstore/model-transparency
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Expose reosurce descriptors from manifests
We aim this to be similar to in-toto's `ResourceDescriptor`. To support cases where in-toto cannot be directly used, we make this a dataclass that can be mapped to in-toto when needed, and used as its own otherwise. Not all fields from in-toto are specified at this moment. All fields here must be present, unlike in-toto, where all are optional. See https://github.com/in-toto/attestation/blob/main/spec/v1/resource_descriptor.md for the in-toto specification. This is the first separable PR for the signing support (see full draft on sigstore#253) Signed-off-by: Mihai Maruseac <mihaimaruseac@google.com>
- Loading branch information
1 parent
9798149
commit 3344e2e
Showing
8 changed files
with
278 additions
and
6 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
# Copyright 2024 The Sigstore Authors | ||
# | ||
# Licensed under the Apache License, Version 2.0 (the "License"); | ||
# you may not use this file except in compliance with the License. | ||
# You may obtain a copy of the License at | ||
# | ||
# http://www.apache.org/licenses/LICENSE-2.0 | ||
# | ||
# Unless required by applicable law or agreed to in writing, software | ||
# distributed under the License is distributed on an "AS IS" BASIS, | ||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
# See the License for the specific language governing permissions and | ||
# limitations under the License. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,80 @@ | ||
# Copyright 2024 The Sigstore Authors | ||
# | ||
# Licensed under the Apache License, Version 2.0 (the "License"); | ||
# you may not use this file except in compliance with the License. | ||
# You may obtain a copy of the License at | ||
# | ||
# http://www.apache.org/licenses/LICENSE-2.0 | ||
# | ||
# Unless required by applicable law or agreed to in writing, software | ||
# distributed under the License is distributed on an "AS IS" BASIS, | ||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
# See the License for the specific language governing permissions and | ||
# limitations under the License. | ||
|
||
"""Machinery for signing and verification of ML models. | ||
The serialization API produces a manifest representation of the models, which | ||
can be used to implement various verification patterns. However, when signing, | ||
we need to actually represent this manifest in a specific disk format. But, | ||
there are multiple ways to use `manifest.Manifest` objects, so we add a new | ||
`SigningMaterial` class hierarchy to serialize and sign manifests. | ||
The output of a signing process is a `Signature` instance, backed by a format to | ||
serialize this to disk. In OSS, this is usually a Sigstore bundle. | ||
TODO: expand on this. | ||
""" | ||
|
||
import abc | ||
import pathlib | ||
from typing import Self | ||
|
||
from model_signing.manifest import manifest | ||
|
||
|
||
class SigningMaterial(metaclass=abc.ABCMeta): | ||
"""Generic material that we can sign.""" | ||
|
||
@classmethod | ||
@abc.abstractmethod | ||
def from_manifest(cls, manifest: manifest.Manifest) -> Self: | ||
"""Converts a manifest to the signing material used for signing.""" | ||
pass | ||
|
||
@abc.abstractmethod | ||
def sign(self) -> "Signature": | ||
"""Signs the current SigningMaterial with the provided key/signer. | ||
TODO: arguments, abstract over signing format, etc. | ||
""" | ||
pass | ||
|
||
|
||
class Signature(metaclass=abc.ABCMeta): | ||
"""Generic signature support.""" | ||
|
||
@abc.abstractmethod | ||
def write_signature(self, path: pathlib.Path): | ||
"""Writes the signature to disk, to the given path.""" | ||
pass | ||
|
||
@classmethod | ||
@abc.abstractmethod | ||
def read_signature(cls, path: pathlib.Path) -> Self: | ||
"""Reads the signature from disk. | ||
Does not perform any verification, except what is needed to parse the | ||
signature file. Use `verify` to validate the signature. | ||
""" | ||
pass | ||
|
||
@abc.abstractmethod | ||
def verify(self): # TODO: signature | ||
"""Verifies the signature. | ||
If the verification passes, this method returns TODO: what? | ||
TODO: Document return and raises. | ||
""" | ||
pass |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters