-
Notifications
You must be signed in to change notification settings - Fork 27
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support for multi-subject attestations using different hash algorithms #361
base: main
Are you sure you want to change the base?
Conversation
Currently, this PR is a draft containing only a multi-digest hashing tool. |
Signed-off-by: Cody Soyland <codysoyland@github.com>
…sfy subject discovery in multi-subject attestations Signed-off-by: Cody Soyland <codysoyland@github.com>
f148b5d
to
afa1b7b
Compare
Signed-off-by: Cody Soyland <codysoyland@github.com>
Signed-off-by: Cody Soyland <codysoyland@github.com>
Signed-off-by: Cody Soyland <codysoyland@github.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Had some suggestions for performance improvements to minimize iterations over the statement and compute fewer digests.
// go through the statement and make a simple data structure to hold the | ||
// list of hash funcs for each subject (subjectHashFuncs) | ||
for i, subject := range statement.Subject { | ||
for alg := range subject.Digest { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we err out if digest is empty? This is the current behavior.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Interpreting the spec to say the subject is invalid if the digest is the empty string seems pretty defensible to me / 👍 to erroring out on empty digests?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm a little iffy on this, because verification may still pass if there exists a subject with the given digest, even if a subject exists that does not contain a digest. I'm not sure it's the responsibility of the verifier to make sure every subject contains a digest.
return nil, errors.New("no subjects found in statement") | ||
} | ||
|
||
supportedHashFuncs := []crypto.Hash{crypto.SHA512, crypto.SHA384, crypto.SHA256} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can this be a constant?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Slices are mutable and therefore cannot be declared as constants.
|
||
// Look for artifact digest in statement | ||
for _, subject := range statement.Subject { | ||
for alg, digest := range subject.Digest { | ||
hexdigest, err := hex.DecodeString(digest) | ||
for alg, hexdigest := range subject.Digest { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Another idea for an optimization is to create the mapping between subject and the algorithms and expected digests in one pass. With this proposed solution, we make two passes, one to build the digest algorithms and one to verify the digests, which would be a performance regression from the previous solution.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Given that would require shifting a lot of logic into the already tested getHashFunctions
(if I understand correctly), I'm not too concerned about the performance penalty of iterating through the digests here again. I do think it's worth revisiting when/if we implement #363.
Co-authored-by: Hayden B <hblauzvern@google.com> Signed-off-by: Cody Soyland <codysoyland@github.com>
Summary
Support for attestations with multiple subjects using different hash algorithms.
#360
Release Note
Documentation