Skip to content

Commit

Permalink
signing
Browse files Browse the repository at this point in the history
  • Loading branch information
susperius committed Aug 5, 2024
1 parent 485b13f commit 827b813
Show file tree
Hide file tree
Showing 2 changed files with 26 additions and 51 deletions.
61 changes: 16 additions & 45 deletions model_signing/model.py
Original file line number Diff line number Diff line change
Expand Up @@ -12,64 +12,35 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
from typing import Callable
import pathlib

from google.protobuf import json_format
from in_toto_attestation.v1 import statement
from in_toto_attestation.v1 import statement_pb2 as statement_pb
from sigstore_protobuf_specs.dev.sigstore.bundle import v1 as bundle_pb

from model_signing.manifest import in_toto
from model_signing.signature import signing
from model_signing.manifest import manifest
from model_signing.signing import signing
from model_signing.signature import verifying
from model_signing.serialization import serialization

payload_generator_func = Callable[[manifest.Manifest], signing.SigningPayload]


def sign(model_path: pathlib.Path,
signer: signing.Signer,
payload_generator: payload_generator_func,
serializer: serialization.Serializer,
ignore_paths: list[str] = [],
) -> bundle_pb.Bundle:
"""Signs a model and returns a sigstore bundle.
Args:
model_path (pathlib.Path): Path to the model
signer (signing.Signer): Signer to sign the statement
serializer (serialization.Serializer): Serializer used to serialize the model
ignore_paths (list[str], optional): Filenames that should be ignored during serialization. Defaults to [].
Returns:
bundle_pb.Bundle: Sigstore bundle containing a signed DSSE envelope
"""
manifest = serializer.serialize(model_path, ignore_paths)
stmnt = in_toto.manifest_to_statement(manifest)
bundle = signer.sign(stmnt)
return bundle
ignore_paths: list[pathlib.Path] = [],
) -> signing.Signature:
manifest = serializer.serialize(model_path, ignore_paths=ignore_paths)
payload = payload_generator(manifest)
sig = signer.sign(payload)
return sig


def verify(bundle: bundle_pb.Bundle,
verifier: verifying.Verifier,
def verify(sig: signing.Signature,
verifier: signing.Verifier,
model_path: pathlib.Path,
serializer: serialization.Serializer,
ignore_paths: list[str] = []):
"""Verifies the bundle information in comparison with the local model.
Args:
bundle (bundle_pb.Bundle): Sigstore bundle describing the model
verifier (verifying.Verifier): Verifier to verify the signature
model_path (pathlib.Path): Path to the local model.
serializer (serialization.Serializer): Serializer to be used for the local model.
ignore_paths (list[str], optional): Filenames to ignore during serialization. Defaults to [].
Raises:
verifying.VerificationError: on verification failures.
"""
verifier.verify(bundle)
ignore_paths: list[pathlib.Path] = []):
peer_manifest = verifier.verify(sig)
local_manifest = serializer.serialize(model_path, ignore_paths)
payload = bundle.dsse_envelope.payload
peer_statment_pb = json_format.Parse(payload, statement_pb.Statement())
peer_statment = statement.Statement.copy_from_pb(peer_statment_pb)
peer_manifest = in_toto.statement_to_manifest(peer_statment)

if peer_manifest != local_manifest:
raise verifying.VerificationError('the manifest do not match')
16 changes: 10 additions & 6 deletions model_signing/sign.py → sign.py
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@
from model_signing.signature import signing
from model_signing.signature import sigstore
from model_signing.signature import fake
from model_signing.signing import in_toto

log = logging.getLogger(__name__)

Expand Down Expand Up @@ -53,7 +54,8 @@ def __arguments() -> argparse.Namespace:
pki = method_cmd.add_parser('pki')
pki.add_argument(
'--cert_chain',
help='paths to pem encoded certificate files or a single file containing a chain',
help=('paths to pem encoded certificate files or a single',
'file containing a chain'),
required=False,
type=list[str],
default=[],
Expand Down Expand Up @@ -143,18 +145,20 @@ def hasher_factory(file_path: pathlib.Path) -> file.FileHasher:
file=file_path,
content_hasher=memory.SHA256())

serializer = serialize_by_file.FilesSerializer(
serializer = serialize_by_file.ManifestSerializer(
file_hasher_factory=hasher_factory)

bundle = model.sign(
intoto_signer = in_toto.IntotoSigner(payload_signer)
sig = model.sign(
model_path=args.model_path,
signer=payload_signer,
signer=intoto_signer,
payload_generator=in_toto.DigestsIntotoPayload.from_manifest,
serializer=serializer,
ignore_paths=[args.sig_out.name]
ignore_paths=[args.sig_out]
)

log.info(f'Storing signature at "{args.sig_out}"')
args.sig_out.write_text(bundle.to_json())
sig.write(args.sig_out)


if __name__ == '__main__':
Expand Down

0 comments on commit 827b813

Please sign in to comment.