Failed to sign with transparency log

[loozhengyuan]

Description

We are using AWS KMS as our key store. Running the following command causes an error:

$ cosign sign --key=awskms:///alias/some/alias 0000000000.dkr.ecr.ap-southeast-1.amazonaws.com/some-repository@sha256:somedigest
WARNING: "0000000000.dkr.ecr.ap-southeast-1.amazonaws.com/some-repository@sha256:somedigest" appears to be a private repository, please confirm uploading to the transparency log at "https://rekor.sigstore.dev"
Are you sure you would like to continue? [y/N] y

        The sigstore service, hosted by sigstore a Series of LF Projects, LLC, is provided pursuant to the Hosted Project Tools Terms of Use, available at https://lfprojects.org/policies/hosted-project-tools-terms-of-use/.
        Note that if your submission includes personal data associated with this signed artifact, it will be part of an immutable record.
        This may include the email address associated with the account with which you authenticate your contractual Agreement.
        This information will be used for signing this artifact and will be stored in public transparency logs and cannot be removed later, and is subject to the Immutable Record notice at https://lfprojects.org/policies/hosted-project-tools-immutable-records/.

By typing 'y', you attest that (1) you are not submitting the personal data of any other person; and (2) you understand and agree to the statement and the Agreement terms at the URLs listed above.
Are you sure you would like to continue? [y/N] y
Error: signing [0000000000.dkr.ecr.ap-southeast-1.amazonaws.com/some-repository@sha256:somedigest]: signing digest: [POST /api/v1/log/entries][400] createLogEntryBadRequest  &{Code:400 Message:error processing entry: verifying signature: invalid signature when validating ASN.1 encoded signature}
main.go:74: error during command execution: signing [0000000000.dkr.ecr.ap-southeast-1.amazonaws.com/some-repository@sha256:somedigest]: signing digest: [POST /api/v1/log/entries][400] createLogEntryBadRequest  &{Code:400 Message:error processing entry: verifying signature: invalid signature when validating ASN.1 encoded signature}

However, if we opt to use --tlog-upload=false flag, then no error is displayed.

$ cosign sign --tlog-upload=false --key=awskms:///alias/some/alias 0000000000.dkr.ecr.ap-southeast-1.amazonaws.com/some-repository@sha256:somedigest
Pushing signature to: 0000000000.dkr.ecr.ap-southeast-1.amazonaws.com/some-repository

Version

$ cosign version
  ______   ______        _______. __    _______ .__   __.
 /      | /  __  \      /       ||  |  /  _____||  \ |  |
|  ,----'|  |  |  |    |   (----`|  | |  |  __  |   \|  |
|  |     |  |  |  |     \   \    |  | |  | |_ | |  . `  |
|  `----.|  `--'  | .----)   |   |  | |  |__| | |  |\   |
 \______| \______/  |_______/    |__|  \______| |__| \__|
cosign: A tool for Container Signing, Verification and Storage in an OCI registry.

GitVersion:    2.0.1
GitCommit:     8faaee4d2b5f65678eb0831a8a3d5990a0271d3a
GitTreeState:  "clean"
BuildDate:     2023-04-06T19:10:33Z
GoVersion:     go1.20.3
Compiler:      gc
Platform:      darwin/amd64

[loozhengyuan]

@znewman01 Sorry, but I think I have a different issue from @axi92. I have no issues with the privacy prompt but one with the signing process failing as highlighted in my code snippet above:

Error: signing [0000000000.dkr.ecr.ap-southeast-1.amazonaws.com/some-repository@sha256:somedigest]: signing digest: [POST /api/v1/log/entries][400] createLogEntryBadRequest  &{Code:400 Message:error processing entry: verifying signature: invalid signature when validating ASN.1 encoded signature}

Also shown in my bug report, I have indicated y to the prompts, so I do not think the error is related to the acceptance of the prompt.

Are you sure you would like to continue? [y/N] y
...
Are you sure you would like to continue? [y/N] y

[znewman01]

Whoops, didn't read that very carefully. Sorry!

This looks like an error in Rekor (the transparency log) validating the signature in the entry you're sending up to it. Can you give more details about the AWS KMS key you're using to sign? It may be that we don't recognized the key type.

[loozhengyuan]

Certainly, so we created an asymmetric AWS KMS key with the Sign and verify key usage and ECC_NIST_P521 key spec.

[haydentherapper]

At a glance, I believe this is because Rekor only supports sha256 currently, and this needs to be sha512. It’s unable to verify the signature that’s been uploaded because the digest that’s signed over would not be equal.

I think there’s an open issue in the repo, but if not, feel free to open one.

[znewman01]

sigstore/rekor#1299

[znewman01]

At a glance, I believe this is because Rekor only supports sha256 currently, and this needs to be sha512. It’s unable to verify the signature that’s been uploaded because the digest that’s signed over would not be equal.

Yeah, that'll do it. Good catch.

I think that as soon as we resolve sigstore/rekor#1299 this will just work in Cosign, so I'm going to close this as a dupe.

[loozhengyuan]

Thanks @haydentherapper and @znewman01 for taking a look at this. The signing/verification flow works without issues when using a ECC_NIST_P256 key. 🙇