From 123c0937e0665ded55299fcda07c1c0638bde025 Mon Sep 17 00:00:00 2001 From: Fredrik Skogman Date: Fri, 15 Dec 2023 11:19:37 +0100 Subject: [PATCH] Added an option for a more generic observer time, and aligned with v0.2 in v0.2 inclusion proofs are preferred over SETs, and so it's now optional to extract the timestamp from the SET. Signed-off-by: Fredrik Skogman --- .../ArtifactVerificationOptions.schema.json | 31 ++- gen/jsonschema/schemas/CloudEvent.schema.json | 2 +- .../schemas/CloudEventBatch.schema.json | 2 +- gen/jsonschema/schemas/Input.schema.json | 31 ++- .../v1/sigstore_verification.pb.go | 205 ++++++++++++++---- .../dev/sigstore/verification/v1/__init__.py | 28 ++- gen/pb-ruby/lib/sigstore_verification_pb.rb | 7 + .../ArtifactVerificationOptions.schema.json | 31 ++- gen/pb-rust/schemas/CloudEvent.schema.json | 2 +- .../schemas/CloudEventBatch.schema.json | 2 +- gen/pb-rust/schemas/Input.schema.json | 31 ++- .../__generated__/sigstore_verification.ts | 67 +++++- protos/sigstore_verification.proto | 18 ++ 13 files changed, 400 insertions(+), 57 deletions(-) diff --git a/gen/jsonschema/schemas/ArtifactVerificationOptions.schema.json b/gen/jsonschema/schemas/ArtifactVerificationOptions.schema.json index 744a374f..3fdfb258 100644 --- a/gen/jsonschema/schemas/ArtifactVerificationOptions.schema.json +++ b/gen/jsonschema/schemas/ArtifactVerificationOptions.schema.json @@ -16,7 +16,7 @@ "tlogOptions": { "$ref": "#/definitions/dev.sigstore.verification.v1.ArtifactVerificationOptions.TlogOptions", "additionalProperties": false, - "description": "Optional options for artifact transparency log verification. If none is provided, the default verification options are: Threshold: 1 Online verification: false Disable: false" + "description": "Optional options for artifact transparency log verification. If none is provided, the default verification options are: Threshold: 1 Online verification: false Disable: false Verify SET Timestamps: true" }, "ctlogOptions": { "$ref": "#/definitions/dev.sigstore.verification.v1.ArtifactVerificationOptions.CtlogOptions", @@ -27,6 +27,11 @@ "$ref": "#/definitions/dev.sigstore.verification.v1.ArtifactVerificationOptions.TimestampAuthorityOptions", "additionalProperties": false, "description": "Optional options for certificate signed timestamp verification. If none is provided, the default verification options are: Threshold: 1 Disable: false" + }, + "observerOptions": { + "$ref": "#/definitions/dev.sigstore.verification.v1.ArtifactVerificationOptions.ObserverTimestampOptions", + "additionalProperties": false, + "description": "Optional options for timestamp verification. If none is provided, the default verification options are: Threshold 1 Disable: false" } }, "additionalProperties": false, @@ -56,6 +61,11 @@ "required": [ "tsa_options" ] + }, + { + "required": [ + "observer_options" + ] } ], "title": "Artifact Verification Options", @@ -216,6 +226,21 @@ "type": "object", "title": "Ctlog Options" }, + "dev.sigstore.verification.v1.ArtifactVerificationOptions.ObserverTimestampOptions": { + "properties": { + "threshold": { + "type": "integer", + "description": "The number of external ovservers of the timestamp, this is a union of RFC3161 signed timestamps, and SETs from a transparency log" + }, + "disable": { + "type": "boolean", + "description": "Disable signed timestamp verification." + } + }, + "additionalProperties": false, + "type": "object", + "title": "Observer Timestamp Options" + }, "dev.sigstore.verification.v1.ArtifactVerificationOptions.TimestampAuthorityOptions": { "properties": { "threshold": { @@ -244,6 +269,10 @@ "disable": { "type": "boolean", "description": "Disable verification for transparency logs." + }, + "verifySetTimestamp": { + "type": "boolean", + "description": "Verify SET timestamps indicates that the timestamp from the SET should be used when verifying the X.509 certifiacte chain" } }, "additionalProperties": false, diff --git a/gen/jsonschema/schemas/CloudEvent.schema.json b/gen/jsonschema/schemas/CloudEvent.schema.json index 4076a9e4..3d49521d 100644 --- a/gen/jsonschema/schemas/CloudEvent.schema.json +++ b/gen/jsonschema/schemas/CloudEvent.schema.json @@ -39,7 +39,7 @@ "properties": { "typeUrl": { "type": "string", - "description": "A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL's path must represent the fully qualified name of the type (as in `path/google.protobuf.Duration`). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme `http`, `https`, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, `https` is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. Schemes other than `http`, `https` (or the empty scheme) might be used with implementation specific semantics." + "description": "A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL's path must represent the fully qualified name of the type (as in `path/google.protobuf.Duration`). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme `http`, `https`, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, `https` is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than `http`, `https` (or the empty scheme) might be used with implementation specific semantics." }, "value": { "type": "string", diff --git a/gen/jsonschema/schemas/CloudEventBatch.schema.json b/gen/jsonschema/schemas/CloudEventBatch.schema.json index b14c8952..106b1700 100644 --- a/gen/jsonschema/schemas/CloudEventBatch.schema.json +++ b/gen/jsonschema/schemas/CloudEventBatch.schema.json @@ -54,7 +54,7 @@ "properties": { "typeUrl": { "type": "string", - "description": "A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL's path must represent the fully qualified name of the type (as in `path/google.protobuf.Duration`). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme `http`, `https`, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, `https` is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. Schemes other than `http`, `https` (or the empty scheme) might be used with implementation specific semantics." + "description": "A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL's path must represent the fully qualified name of the type (as in `path/google.protobuf.Duration`). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme `http`, `https`, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, `https` is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than `http`, `https` (or the empty scheme) might be used with implementation specific semantics." }, "value": { "type": "string", diff --git a/gen/jsonschema/schemas/Input.schema.json b/gen/jsonschema/schemas/Input.schema.json index c5d0f755..fa25e051 100644 --- a/gen/jsonschema/schemas/Input.schema.json +++ b/gen/jsonschema/schemas/Input.schema.json @@ -652,7 +652,7 @@ "tlogOptions": { "$ref": "#/definitions/dev.sigstore.verification.v1.ArtifactVerificationOptions.TlogOptions", "additionalProperties": false, - "description": "Optional options for artifact transparency log verification. If none is provided, the default verification options are: Threshold: 1 Online verification: false Disable: false" + "description": "Optional options for artifact transparency log verification. If none is provided, the default verification options are: Threshold: 1 Online verification: false Disable: false Verify SET Timestamps: true" }, "ctlogOptions": { "$ref": "#/definitions/dev.sigstore.verification.v1.ArtifactVerificationOptions.CtlogOptions", @@ -663,6 +663,11 @@ "$ref": "#/definitions/dev.sigstore.verification.v1.ArtifactVerificationOptions.TimestampAuthorityOptions", "additionalProperties": false, "description": "Optional options for certificate signed timestamp verification. If none is provided, the default verification options are: Threshold: 1 Disable: false" + }, + "observerOptions": { + "$ref": "#/definitions/dev.sigstore.verification.v1.ArtifactVerificationOptions.ObserverTimestampOptions", + "additionalProperties": false, + "description": "Optional options for timestamp verification. If none is provided, the default verification options are: Threshold 1 Disable: false" } }, "additionalProperties": false, @@ -692,6 +697,11 @@ "required": [ "tsa_options" ] + }, + { + "required": [ + "observer_options" + ] } ], "title": "Artifact Verification Options", @@ -716,6 +726,21 @@ "type": "object", "title": "Ctlog Options" }, + "dev.sigstore.verification.v1.ArtifactVerificationOptions.ObserverTimestampOptions": { + "properties": { + "threshold": { + "type": "integer", + "description": "The number of external ovservers of the timestamp, this is a union of RFC3161 signed timestamps, and SETs from a transparency log" + }, + "disable": { + "type": "boolean", + "description": "Disable signed timestamp verification." + } + }, + "additionalProperties": false, + "type": "object", + "title": "Observer Timestamp Options" + }, "dev.sigstore.verification.v1.ArtifactVerificationOptions.TimestampAuthorityOptions": { "properties": { "threshold": { @@ -744,6 +769,10 @@ "disable": { "type": "boolean", "description": "Disable verification for transparency logs." + }, + "verifySetTimestamp": { + "type": "boolean", + "description": "Verify SET timestamps indicates that the timestamp from the SET should be used when verifying the X.509 certifiacte chain" } }, "additionalProperties": false, diff --git a/gen/pb-go/verification/v1/sigstore_verification.pb.go b/gen/pb-go/verification/v1/sigstore_verification.pb.go index 3b982fe1..ba7278d3 100644 --- a/gen/pb-go/verification/v1/sigstore_verification.pb.go +++ b/gen/pb-go/verification/v1/sigstore_verification.pb.go @@ -220,6 +220,7 @@ type ArtifactVerificationOptions struct { // Threshold: 1 // Online verification: false // Disable: false + // Verify SET Timestamps: true TlogOptions *ArtifactVerificationOptions_TlogOptions `protobuf:"bytes,3,opt,name=tlog_options,json=tlogOptions,proto3,oneof" json:"tlog_options,omitempty"` // Optional options for certificate transparency log verification. // If none is provided, the default verification options are: @@ -232,6 +233,11 @@ type ArtifactVerificationOptions struct { // Threshold: 1 // Disable: false TsaOptions *ArtifactVerificationOptions_TimestampAuthorityOptions `protobuf:"bytes,5,opt,name=tsa_options,json=tsaOptions,proto3,oneof" json:"tsa_options,omitempty"` + // Optional options for timestamp verification. + // If none is provided, the default verification options are: + // Threshold 1 + // Disable: false + ObserverOptions *ArtifactVerificationOptions_ObserverTimestampOptions `protobuf:"bytes,6,opt,name=observer_options,json=observerOptions,proto3,oneof" json:"observer_options,omitempty"` } func (x *ArtifactVerificationOptions) Reset() { @@ -308,6 +314,13 @@ func (x *ArtifactVerificationOptions) GetTsaOptions() *ArtifactVerificationOptio return nil } +func (x *ArtifactVerificationOptions) GetObserverOptions() *ArtifactVerificationOptions_ObserverTimestampOptions { + if x != nil { + return x.ObserverOptions + } + return nil +} + type isArtifactVerificationOptions_Signers interface { isArtifactVerificationOptions_Signers() } @@ -510,6 +523,10 @@ type ArtifactVerificationOptions_TlogOptions struct { PerformOnlineVerification bool `protobuf:"varint,2,opt,name=perform_online_verification,json=performOnlineVerification,proto3" json:"perform_online_verification,omitempty"` // Disable verification for transparency logs. Disable bool `protobuf:"varint,3,opt,name=disable,proto3" json:"disable,omitempty"` + // Verify SET timestamps indicates that the timestamp from + // the SET should be used when verifying the X.509 + // certifiacte chain + VerifySetTimestamp bool `protobuf:"varint,4,opt,name=verify_set_timestamp,json=verifySetTimestamp,proto3" json:"verify_set_timestamp,omitempty"` } func (x *ArtifactVerificationOptions_TlogOptions) Reset() { @@ -565,6 +582,13 @@ func (x *ArtifactVerificationOptions_TlogOptions) GetDisable() bool { return false } +func (x *ArtifactVerificationOptions_TlogOptions) GetVerifySetTimestamp() bool { + if x != nil { + return x.VerifySetTimestamp + } + return false +} + type ArtifactVerificationOptions_CtlogOptions struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -691,6 +715,65 @@ func (x *ArtifactVerificationOptions_TimestampAuthorityOptions) GetDisable() boo return false } +type ArtifactVerificationOptions_ObserverTimestampOptions struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // The number of external ovservers of the timestamp, + // this is a union of RFC3161 signed timestamps, and SETs + // from a transparency log + Threshold int32 `protobuf:"varint,1,opt,name=threshold,proto3" json:"threshold,omitempty"` + // Disable signed timestamp verification. + Disable bool `protobuf:"varint,2,opt,name=disable,proto3" json:"disable,omitempty"` +} + +func (x *ArtifactVerificationOptions_ObserverTimestampOptions) Reset() { + *x = ArtifactVerificationOptions_ObserverTimestampOptions{} + if protoimpl.UnsafeEnabled { + mi := &file_sigstore_verification_proto_msgTypes[9] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ArtifactVerificationOptions_ObserverTimestampOptions) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ArtifactVerificationOptions_ObserverTimestampOptions) ProtoMessage() {} + +func (x *ArtifactVerificationOptions_ObserverTimestampOptions) ProtoReflect() protoreflect.Message { + mi := &file_sigstore_verification_proto_msgTypes[9] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ArtifactVerificationOptions_ObserverTimestampOptions.ProtoReflect.Descriptor instead. +func (*ArtifactVerificationOptions_ObserverTimestampOptions) Descriptor() ([]byte, []int) { + return file_sigstore_verification_proto_rawDescGZIP(), []int{3, 3} +} + +func (x *ArtifactVerificationOptions_ObserverTimestampOptions) GetThreshold() int32 { + if x != nil { + return x.Threshold + } + return 0 +} + +func (x *ArtifactVerificationOptions_ObserverTimestampOptions) GetDisable() bool { + if x != nil { + return x.Disable + } + return false +} + var File_sigstore_verification_proto protoreflect.FileDescriptor var file_sigstore_verification_proto_rawDesc = []byte{ @@ -726,7 +809,7 @@ var file_sigstore_verification_proto_rawDesc = []byte{ 0x20, 0x03, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x2e, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x52, 0x0a, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, - 0x65, 0x79, 0x73, 0x22, 0xc3, 0x07, 0x0a, 0x1b, 0x41, 0x72, 0x74, 0x69, 0x66, 0x61, 0x63, 0x74, + 0x65, 0x79, 0x73, 0x22, 0xe3, 0x09, 0x0a, 0x1b, 0x41, 0x72, 0x74, 0x69, 0x66, 0x61, 0x63, 0x74, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x6c, 0x0a, 0x16, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x5f, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x69, 0x65, 0x73, 0x18, 0x01, 0x20, @@ -762,31 +845,49 @@ var file_sigstore_verification_proto_rawDesc = []byte{ 0x6e, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x48, 0x03, 0x52, 0x0a, 0x74, 0x73, 0x61, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, - 0x88, 0x01, 0x01, 0x1a, 0x85, 0x01, 0x0a, 0x0b, 0x54, 0x6c, 0x6f, 0x67, 0x4f, 0x70, 0x74, 0x69, - 0x6f, 0x6e, 0x73, 0x12, 0x1c, 0x0a, 0x09, 0x74, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, - 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x09, 0x74, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, - 0x64, 0x12, 0x3e, 0x0a, 0x1b, 0x70, 0x65, 0x72, 0x66, 0x6f, 0x72, 0x6d, 0x5f, 0x6f, 0x6e, 0x6c, - 0x69, 0x6e, 0x65, 0x5f, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, - 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x19, 0x70, 0x65, 0x72, 0x66, 0x6f, 0x72, 0x6d, 0x4f, - 0x6e, 0x6c, 0x69, 0x6e, 0x65, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x12, 0x18, 0x0a, 0x07, 0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x18, 0x03, 0x20, 0x01, - 0x28, 0x08, 0x52, 0x07, 0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x1a, 0x69, 0x0a, 0x0c, 0x43, - 0x74, 0x6c, 0x6f, 0x67, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x1c, 0x0a, 0x09, 0x74, - 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x09, - 0x74, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x12, 0x21, 0x0a, 0x0c, 0x64, 0x65, 0x74, - 0x61, 0x63, 0x68, 0x65, 0x64, 0x5f, 0x73, 0x63, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, - 0x0b, 0x64, 0x65, 0x74, 0x61, 0x63, 0x68, 0x65, 0x64, 0x53, 0x63, 0x74, 0x12, 0x18, 0x0a, 0x07, - 0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x64, - 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x1a, 0x53, 0x0a, 0x19, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, - 0x61, 0x6d, 0x70, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x4f, 0x70, 0x74, 0x69, - 0x6f, 0x6e, 0x73, 0x12, 0x1c, 0x0a, 0x09, 0x74, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, - 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x09, 0x74, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, - 0x64, 0x12, 0x18, 0x0a, 0x07, 0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x18, 0x02, 0x20, 0x01, - 0x28, 0x08, 0x52, 0x07, 0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x42, 0x09, 0x0a, 0x07, 0x73, - 0x69, 0x67, 0x6e, 0x65, 0x72, 0x73, 0x42, 0x0f, 0x0a, 0x0d, 0x5f, 0x74, 0x6c, 0x6f, 0x67, 0x5f, - 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x42, 0x10, 0x0a, 0x0e, 0x5f, 0x63, 0x74, 0x6c, 0x6f, - 0x67, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x42, 0x0e, 0x0a, 0x0c, 0x5f, 0x74, 0x73, - 0x61, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x22, 0x55, 0x0a, 0x08, 0x41, 0x72, 0x74, + 0x88, 0x01, 0x01, 0x12, 0x82, 0x01, 0x0a, 0x10, 0x6f, 0x62, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, + 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x52, + 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x76, 0x65, + 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x72, + 0x74, 0x69, 0x66, 0x61, 0x63, 0x74, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, + 0x6f, 0x6e, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x4f, 0x62, 0x73, 0x65, 0x72, 0x76, + 0x65, 0x72, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x4f, 0x70, 0x74, 0x69, 0x6f, + 0x6e, 0x73, 0x48, 0x04, 0x52, 0x0f, 0x6f, 0x62, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x4f, 0x70, + 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x88, 0x01, 0x01, 0x1a, 0xb7, 0x01, 0x0a, 0x0b, 0x54, 0x6c, 0x6f, + 0x67, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x1c, 0x0a, 0x09, 0x74, 0x68, 0x72, 0x65, + 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x09, 0x74, 0x68, 0x72, + 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x12, 0x3e, 0x0a, 0x1b, 0x70, 0x65, 0x72, 0x66, 0x6f, 0x72, + 0x6d, 0x5f, 0x6f, 0x6e, 0x6c, 0x69, 0x6e, 0x65, 0x5f, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, + 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x19, 0x70, 0x65, 0x72, + 0x66, 0x6f, 0x72, 0x6d, 0x4f, 0x6e, 0x6c, 0x69, 0x6e, 0x65, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, + 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x18, 0x0a, 0x07, 0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, + 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, + 0x12, 0x30, 0x0a, 0x14, 0x76, 0x65, 0x72, 0x69, 0x66, 0x79, 0x5f, 0x73, 0x65, 0x74, 0x5f, 0x74, + 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x18, 0x04, 0x20, 0x01, 0x28, 0x08, 0x52, 0x12, + 0x76, 0x65, 0x72, 0x69, 0x66, 0x79, 0x53, 0x65, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, + 0x6d, 0x70, 0x1a, 0x69, 0x0a, 0x0c, 0x43, 0x74, 0x6c, 0x6f, 0x67, 0x4f, 0x70, 0x74, 0x69, 0x6f, + 0x6e, 0x73, 0x12, 0x1c, 0x0a, 0x09, 0x74, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x09, 0x74, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, + 0x12, 0x21, 0x0a, 0x0c, 0x64, 0x65, 0x74, 0x61, 0x63, 0x68, 0x65, 0x64, 0x5f, 0x73, 0x63, 0x74, + 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0b, 0x64, 0x65, 0x74, 0x61, 0x63, 0x68, 0x65, 0x64, + 0x53, 0x63, 0x74, 0x12, 0x18, 0x0a, 0x07, 0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x18, 0x03, + 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x1a, 0x53, 0x0a, + 0x19, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, + 0x69, 0x74, 0x79, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x1c, 0x0a, 0x09, 0x74, 0x68, + 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x09, 0x74, + 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x12, 0x18, 0x0a, 0x07, 0x64, 0x69, 0x73, 0x61, + 0x62, 0x6c, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x64, 0x69, 0x73, 0x61, 0x62, + 0x6c, 0x65, 0x1a, 0x52, 0x0a, 0x18, 0x4f, 0x62, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x54, 0x69, + 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x1c, + 0x0a, 0x09, 0x74, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x05, 0x52, 0x09, 0x74, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x12, 0x18, 0x0a, 0x07, + 0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x64, + 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x42, 0x09, 0x0a, 0x07, 0x73, 0x69, 0x67, 0x6e, 0x65, 0x72, + 0x73, 0x42, 0x0f, 0x0a, 0x0d, 0x5f, 0x74, 0x6c, 0x6f, 0x67, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, + 0x6e, 0x73, 0x42, 0x10, 0x0a, 0x0e, 0x5f, 0x63, 0x74, 0x6c, 0x6f, 0x67, 0x5f, 0x6f, 0x70, 0x74, + 0x69, 0x6f, 0x6e, 0x73, 0x42, 0x0e, 0x0a, 0x0c, 0x5f, 0x74, 0x73, 0x61, 0x5f, 0x6f, 0x70, 0x74, + 0x69, 0x6f, 0x6e, 0x73, 0x42, 0x13, 0x0a, 0x11, 0x5f, 0x6f, 0x62, 0x73, 0x65, 0x72, 0x76, 0x65, + 0x72, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x22, 0x55, 0x0a, 0x08, 0x41, 0x72, 0x74, 0x69, 0x66, 0x61, 0x63, 0x74, 0x12, 0x23, 0x0a, 0x0c, 0x61, 0x72, 0x74, 0x69, 0x66, 0x61, 0x63, 0x74, 0x5f, 0x75, 0x72, 0x69, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x0b, 0x61, 0x72, 0x74, 0x69, 0x66, 0x61, 0x63, 0x74, 0x55, 0x72, 0x69, 0x12, 0x1c, 0x0a, 0x08, 0x61, 0x72, @@ -839,7 +940,7 @@ func file_sigstore_verification_proto_rawDescGZIP() []byte { return file_sigstore_verification_proto_rawDescData } -var file_sigstore_verification_proto_msgTypes = make([]protoimpl.MessageInfo, 9) +var file_sigstore_verification_proto_msgTypes = make([]protoimpl.MessageInfo, 10) var file_sigstore_verification_proto_goTypes = []interface{}{ (*CertificateIdentity)(nil), // 0: dev.sigstore.verification.v1.CertificateIdentity (*CertificateIdentities)(nil), // 1: dev.sigstore.verification.v1.CertificateIdentities @@ -850,31 +951,33 @@ var file_sigstore_verification_proto_goTypes = []interface{}{ (*ArtifactVerificationOptions_TlogOptions)(nil), // 6: dev.sigstore.verification.v1.ArtifactVerificationOptions.TlogOptions (*ArtifactVerificationOptions_CtlogOptions)(nil), // 7: dev.sigstore.verification.v1.ArtifactVerificationOptions.CtlogOptions (*ArtifactVerificationOptions_TimestampAuthorityOptions)(nil), // 8: dev.sigstore.verification.v1.ArtifactVerificationOptions.TimestampAuthorityOptions - (*v1.SubjectAlternativeName)(nil), // 9: dev.sigstore.common.v1.SubjectAlternativeName - (*v1.ObjectIdentifierValuePair)(nil), // 10: dev.sigstore.common.v1.ObjectIdentifierValuePair - (*v1.PublicKey)(nil), // 11: dev.sigstore.common.v1.PublicKey - (*v11.TrustedRoot)(nil), // 12: dev.sigstore.trustroot.v1.TrustedRoot - (*v12.Bundle)(nil), // 13: dev.sigstore.bundle.v1.Bundle + (*ArtifactVerificationOptions_ObserverTimestampOptions)(nil), // 9: dev.sigstore.verification.v1.ArtifactVerificationOptions.ObserverTimestampOptions + (*v1.SubjectAlternativeName)(nil), // 10: dev.sigstore.common.v1.SubjectAlternativeName + (*v1.ObjectIdentifierValuePair)(nil), // 11: dev.sigstore.common.v1.ObjectIdentifierValuePair + (*v1.PublicKey)(nil), // 12: dev.sigstore.common.v1.PublicKey + (*v11.TrustedRoot)(nil), // 13: dev.sigstore.trustroot.v1.TrustedRoot + (*v12.Bundle)(nil), // 14: dev.sigstore.bundle.v1.Bundle } var file_sigstore_verification_proto_depIdxs = []int32{ - 9, // 0: dev.sigstore.verification.v1.CertificateIdentity.san:type_name -> dev.sigstore.common.v1.SubjectAlternativeName - 10, // 1: dev.sigstore.verification.v1.CertificateIdentity.oids:type_name -> dev.sigstore.common.v1.ObjectIdentifierValuePair + 10, // 0: dev.sigstore.verification.v1.CertificateIdentity.san:type_name -> dev.sigstore.common.v1.SubjectAlternativeName + 11, // 1: dev.sigstore.verification.v1.CertificateIdentity.oids:type_name -> dev.sigstore.common.v1.ObjectIdentifierValuePair 0, // 2: dev.sigstore.verification.v1.CertificateIdentities.identities:type_name -> dev.sigstore.verification.v1.CertificateIdentity - 11, // 3: dev.sigstore.verification.v1.PublicKeyIdentities.public_keys:type_name -> dev.sigstore.common.v1.PublicKey + 12, // 3: dev.sigstore.verification.v1.PublicKeyIdentities.public_keys:type_name -> dev.sigstore.common.v1.PublicKey 1, // 4: dev.sigstore.verification.v1.ArtifactVerificationOptions.certificate_identities:type_name -> dev.sigstore.verification.v1.CertificateIdentities 2, // 5: dev.sigstore.verification.v1.ArtifactVerificationOptions.public_keys:type_name -> dev.sigstore.verification.v1.PublicKeyIdentities 6, // 6: dev.sigstore.verification.v1.ArtifactVerificationOptions.tlog_options:type_name -> dev.sigstore.verification.v1.ArtifactVerificationOptions.TlogOptions 7, // 7: dev.sigstore.verification.v1.ArtifactVerificationOptions.ctlog_options:type_name -> dev.sigstore.verification.v1.ArtifactVerificationOptions.CtlogOptions 8, // 8: dev.sigstore.verification.v1.ArtifactVerificationOptions.tsa_options:type_name -> dev.sigstore.verification.v1.ArtifactVerificationOptions.TimestampAuthorityOptions - 12, // 9: dev.sigstore.verification.v1.Input.artifact_trust_root:type_name -> dev.sigstore.trustroot.v1.TrustedRoot - 3, // 10: dev.sigstore.verification.v1.Input.artifact_verification_options:type_name -> dev.sigstore.verification.v1.ArtifactVerificationOptions - 13, // 11: dev.sigstore.verification.v1.Input.bundle:type_name -> dev.sigstore.bundle.v1.Bundle - 4, // 12: dev.sigstore.verification.v1.Input.artifact:type_name -> dev.sigstore.verification.v1.Artifact - 13, // [13:13] is the sub-list for method output_type - 13, // [13:13] is the sub-list for method input_type - 13, // [13:13] is the sub-list for extension type_name - 13, // [13:13] is the sub-list for extension extendee - 0, // [0:13] is the sub-list for field type_name + 9, // 9: dev.sigstore.verification.v1.ArtifactVerificationOptions.observer_options:type_name -> dev.sigstore.verification.v1.ArtifactVerificationOptions.ObserverTimestampOptions + 13, // 10: dev.sigstore.verification.v1.Input.artifact_trust_root:type_name -> dev.sigstore.trustroot.v1.TrustedRoot + 3, // 11: dev.sigstore.verification.v1.Input.artifact_verification_options:type_name -> dev.sigstore.verification.v1.ArtifactVerificationOptions + 14, // 12: dev.sigstore.verification.v1.Input.bundle:type_name -> dev.sigstore.bundle.v1.Bundle + 4, // 13: dev.sigstore.verification.v1.Input.artifact:type_name -> dev.sigstore.verification.v1.Artifact + 14, // [14:14] is the sub-list for method output_type + 14, // [14:14] is the sub-list for method input_type + 14, // [14:14] is the sub-list for extension type_name + 14, // [14:14] is the sub-list for extension extendee + 0, // [0:14] is the sub-list for field type_name } func init() { file_sigstore_verification_proto_init() } @@ -991,6 +1094,18 @@ func file_sigstore_verification_proto_init() { return nil } } + file_sigstore_verification_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ArtifactVerificationOptions_ObserverTimestampOptions); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } } file_sigstore_verification_proto_msgTypes[3].OneofWrappers = []interface{}{ (*ArtifactVerificationOptions_CertificateIdentities)(nil), @@ -1007,7 +1122,7 @@ func file_sigstore_verification_proto_init() { GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: file_sigstore_verification_proto_rawDesc, NumEnums: 0, - NumMessages: 9, + NumMessages: 10, NumExtensions: 0, NumServices: 0, }, diff --git a/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/verification/v1/__init__.py b/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/verification/v1/__init__.py index c1d19ba9..5e925f26 100644 --- a/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/verification/v1/__init__.py +++ b/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/verification/v1/__init__.py @@ -67,7 +67,7 @@ class ArtifactVerificationOptions(betterproto.Message): """ Optional options for artifact transparency log verification. If none is provided, the default verification options are: Threshold: 1 Online - verification: false Disable: false + verification: false Disable: false Verify SET Timestamps: true """ ctlog_options: Optional[ @@ -87,6 +87,14 @@ class ArtifactVerificationOptions(betterproto.Message): provided, the default verification options are: Threshold: 1 Disable: false """ + observer_options: Optional[ + "ArtifactVerificationOptionsObserverTimestampOptions" + ] = betterproto.message_field(6, optional=True, group="_observer_options") + """ + Optional options for timestamp verification. If none is provided, the + default verification options are: Threshold 1 Disable: false + """ + @dataclass(eq=False, repr=False) class ArtifactVerificationOptionsTlogOptions(betterproto.Message): @@ -99,6 +107,12 @@ class ArtifactVerificationOptionsTlogOptions(betterproto.Message): disable: bool = betterproto.bool_field(3) """Disable verification for transparency logs.""" + verify_set_timestamp: bool = betterproto.bool_field(4) + """ + Verify SET timestamps indicates that the timestamp from the SET should be + used when verifying the X.509 certifiacte chain + """ + @dataclass(eq=False, repr=False) class ArtifactVerificationOptionsCtlogOptions(betterproto.Message): @@ -124,6 +138,18 @@ class ArtifactVerificationOptionsTimestampAuthorityOptions(betterproto.Message): """Disable signed timestamp verification.""" +@dataclass(eq=False, repr=False) +class ArtifactVerificationOptionsObserverTimestampOptions(betterproto.Message): + threshold: int = betterproto.int32_field(1) + """ + The number of external ovservers of the timestamp, this is a union of + RFC3161 signed timestamps, and SETs from a transparency log + """ + + disable: bool = betterproto.bool_field(2) + """Disable signed timestamp verification.""" + + @dataclass(eq=False, repr=False) class Artifact(betterproto.Message): artifact_uri: str = betterproto.string_field(1, group="data") diff --git a/gen/pb-ruby/lib/sigstore_verification_pb.rb b/gen/pb-ruby/lib/sigstore_verification_pb.rb index 77542250..e89b3484 100644 --- a/gen/pb-ruby/lib/sigstore_verification_pb.rb +++ b/gen/pb-ruby/lib/sigstore_verification_pb.rb @@ -24,6 +24,7 @@ proto3_optional :tlog_options, :message, 3, "dev.sigstore.verification.v1.ArtifactVerificationOptions.TlogOptions" proto3_optional :ctlog_options, :message, 4, "dev.sigstore.verification.v1.ArtifactVerificationOptions.CtlogOptions" proto3_optional :tsa_options, :message, 5, "dev.sigstore.verification.v1.ArtifactVerificationOptions.TimestampAuthorityOptions" + proto3_optional :observer_options, :message, 6, "dev.sigstore.verification.v1.ArtifactVerificationOptions.ObserverTimestampOptions" oneof :signers do optional :certificate_identities, :message, 1, "dev.sigstore.verification.v1.CertificateIdentities" optional :public_keys, :message, 2, "dev.sigstore.verification.v1.PublicKeyIdentities" @@ -33,6 +34,7 @@ optional :threshold, :int32, 1 optional :perform_online_verification, :bool, 2 optional :disable, :bool, 3 + optional :verify_set_timestamp, :bool, 4 end add_message "dev.sigstore.verification.v1.ArtifactVerificationOptions.CtlogOptions" do optional :threshold, :int32, 1 @@ -43,6 +45,10 @@ optional :threshold, :int32, 1 optional :disable, :bool, 2 end + add_message "dev.sigstore.verification.v1.ArtifactVerificationOptions.ObserverTimestampOptions" do + optional :threshold, :int32, 1 + optional :disable, :bool, 2 + end add_message "dev.sigstore.verification.v1.Artifact" do oneof :data do optional :artifact_uri, :string, 1 @@ -68,6 +74,7 @@ module V1 ArtifactVerificationOptions::TlogOptions = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("dev.sigstore.verification.v1.ArtifactVerificationOptions.TlogOptions").msgclass ArtifactVerificationOptions::CtlogOptions = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("dev.sigstore.verification.v1.ArtifactVerificationOptions.CtlogOptions").msgclass ArtifactVerificationOptions::TimestampAuthorityOptions = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("dev.sigstore.verification.v1.ArtifactVerificationOptions.TimestampAuthorityOptions").msgclass + ArtifactVerificationOptions::ObserverTimestampOptions = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("dev.sigstore.verification.v1.ArtifactVerificationOptions.ObserverTimestampOptions").msgclass Artifact = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("dev.sigstore.verification.v1.Artifact").msgclass Input = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("dev.sigstore.verification.v1.Input").msgclass end diff --git a/gen/pb-rust/schemas/ArtifactVerificationOptions.schema.json b/gen/pb-rust/schemas/ArtifactVerificationOptions.schema.json index 744a374f..3fdfb258 100644 --- a/gen/pb-rust/schemas/ArtifactVerificationOptions.schema.json +++ b/gen/pb-rust/schemas/ArtifactVerificationOptions.schema.json @@ -16,7 +16,7 @@ "tlogOptions": { "$ref": "#/definitions/dev.sigstore.verification.v1.ArtifactVerificationOptions.TlogOptions", "additionalProperties": false, - "description": "Optional options for artifact transparency log verification. If none is provided, the default verification options are: Threshold: 1 Online verification: false Disable: false" + "description": "Optional options for artifact transparency log verification. If none is provided, the default verification options are: Threshold: 1 Online verification: false Disable: false Verify SET Timestamps: true" }, "ctlogOptions": { "$ref": "#/definitions/dev.sigstore.verification.v1.ArtifactVerificationOptions.CtlogOptions", @@ -27,6 +27,11 @@ "$ref": "#/definitions/dev.sigstore.verification.v1.ArtifactVerificationOptions.TimestampAuthorityOptions", "additionalProperties": false, "description": "Optional options for certificate signed timestamp verification. If none is provided, the default verification options are: Threshold: 1 Disable: false" + }, + "observerOptions": { + "$ref": "#/definitions/dev.sigstore.verification.v1.ArtifactVerificationOptions.ObserverTimestampOptions", + "additionalProperties": false, + "description": "Optional options for timestamp verification. If none is provided, the default verification options are: Threshold 1 Disable: false" } }, "additionalProperties": false, @@ -56,6 +61,11 @@ "required": [ "tsa_options" ] + }, + { + "required": [ + "observer_options" + ] } ], "title": "Artifact Verification Options", @@ -216,6 +226,21 @@ "type": "object", "title": "Ctlog Options" }, + "dev.sigstore.verification.v1.ArtifactVerificationOptions.ObserverTimestampOptions": { + "properties": { + "threshold": { + "type": "integer", + "description": "The number of external ovservers of the timestamp, this is a union of RFC3161 signed timestamps, and SETs from a transparency log" + }, + "disable": { + "type": "boolean", + "description": "Disable signed timestamp verification." + } + }, + "additionalProperties": false, + "type": "object", + "title": "Observer Timestamp Options" + }, "dev.sigstore.verification.v1.ArtifactVerificationOptions.TimestampAuthorityOptions": { "properties": { "threshold": { @@ -244,6 +269,10 @@ "disable": { "type": "boolean", "description": "Disable verification for transparency logs." + }, + "verifySetTimestamp": { + "type": "boolean", + "description": "Verify SET timestamps indicates that the timestamp from the SET should be used when verifying the X.509 certifiacte chain" } }, "additionalProperties": false, diff --git a/gen/pb-rust/schemas/CloudEvent.schema.json b/gen/pb-rust/schemas/CloudEvent.schema.json index 4076a9e4..3d49521d 100644 --- a/gen/pb-rust/schemas/CloudEvent.schema.json +++ b/gen/pb-rust/schemas/CloudEvent.schema.json @@ -39,7 +39,7 @@ "properties": { "typeUrl": { "type": "string", - "description": "A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL's path must represent the fully qualified name of the type (as in `path/google.protobuf.Duration`). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme `http`, `https`, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, `https` is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. Schemes other than `http`, `https` (or the empty scheme) might be used with implementation specific semantics." + "description": "A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL's path must represent the fully qualified name of the type (as in `path/google.protobuf.Duration`). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme `http`, `https`, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, `https` is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than `http`, `https` (or the empty scheme) might be used with implementation specific semantics." }, "value": { "type": "string", diff --git a/gen/pb-rust/schemas/CloudEventBatch.schema.json b/gen/pb-rust/schemas/CloudEventBatch.schema.json index b14c8952..106b1700 100644 --- a/gen/pb-rust/schemas/CloudEventBatch.schema.json +++ b/gen/pb-rust/schemas/CloudEventBatch.schema.json @@ -54,7 +54,7 @@ "properties": { "typeUrl": { "type": "string", - "description": "A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL's path must represent the fully qualified name of the type (as in `path/google.protobuf.Duration`). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme `http`, `https`, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, `https` is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. Schemes other than `http`, `https` (or the empty scheme) might be used with implementation specific semantics." + "description": "A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL's path must represent the fully qualified name of the type (as in `path/google.protobuf.Duration`). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme `http`, `https`, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, `https` is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than `http`, `https` (or the empty scheme) might be used with implementation specific semantics." }, "value": { "type": "string", diff --git a/gen/pb-rust/schemas/Input.schema.json b/gen/pb-rust/schemas/Input.schema.json index c5d0f755..fa25e051 100644 --- a/gen/pb-rust/schemas/Input.schema.json +++ b/gen/pb-rust/schemas/Input.schema.json @@ -652,7 +652,7 @@ "tlogOptions": { "$ref": "#/definitions/dev.sigstore.verification.v1.ArtifactVerificationOptions.TlogOptions", "additionalProperties": false, - "description": "Optional options for artifact transparency log verification. If none is provided, the default verification options are: Threshold: 1 Online verification: false Disable: false" + "description": "Optional options for artifact transparency log verification. If none is provided, the default verification options are: Threshold: 1 Online verification: false Disable: false Verify SET Timestamps: true" }, "ctlogOptions": { "$ref": "#/definitions/dev.sigstore.verification.v1.ArtifactVerificationOptions.CtlogOptions", @@ -663,6 +663,11 @@ "$ref": "#/definitions/dev.sigstore.verification.v1.ArtifactVerificationOptions.TimestampAuthorityOptions", "additionalProperties": false, "description": "Optional options for certificate signed timestamp verification. If none is provided, the default verification options are: Threshold: 1 Disable: false" + }, + "observerOptions": { + "$ref": "#/definitions/dev.sigstore.verification.v1.ArtifactVerificationOptions.ObserverTimestampOptions", + "additionalProperties": false, + "description": "Optional options for timestamp verification. If none is provided, the default verification options are: Threshold 1 Disable: false" } }, "additionalProperties": false, @@ -692,6 +697,11 @@ "required": [ "tsa_options" ] + }, + { + "required": [ + "observer_options" + ] } ], "title": "Artifact Verification Options", @@ -716,6 +726,21 @@ "type": "object", "title": "Ctlog Options" }, + "dev.sigstore.verification.v1.ArtifactVerificationOptions.ObserverTimestampOptions": { + "properties": { + "threshold": { + "type": "integer", + "description": "The number of external ovservers of the timestamp, this is a union of RFC3161 signed timestamps, and SETs from a transparency log" + }, + "disable": { + "type": "boolean", + "description": "Disable signed timestamp verification." + } + }, + "additionalProperties": false, + "type": "object", + "title": "Observer Timestamp Options" + }, "dev.sigstore.verification.v1.ArtifactVerificationOptions.TimestampAuthorityOptions": { "properties": { "threshold": { @@ -744,6 +769,10 @@ "disable": { "type": "boolean", "description": "Disable verification for transparency logs." + }, + "verifySetTimestamp": { + "type": "boolean", + "description": "Verify SET timestamps indicates that the timestamp from the SET should be used when verifying the X.509 certifiacte chain" } }, "additionalProperties": false, diff --git a/gen/pb-typescript/src/__generated__/sigstore_verification.ts b/gen/pb-typescript/src/__generated__/sigstore_verification.ts index a870a946..83c286f4 100644 --- a/gen/pb-typescript/src/__generated__/sigstore_verification.ts +++ b/gen/pb-typescript/src/__generated__/sigstore_verification.ts @@ -40,6 +40,7 @@ export interface ArtifactVerificationOptions { * Threshold: 1 * Online verification: false * Disable: false + * Verify SET Timestamps: true */ tlogOptions?: | ArtifactVerificationOptions_TlogOptions @@ -60,7 +61,16 @@ export interface ArtifactVerificationOptions { * Threshold: 1 * Disable: false */ - tsaOptions?: ArtifactVerificationOptions_TimestampAuthorityOptions | undefined; + tsaOptions?: + | ArtifactVerificationOptions_TimestampAuthorityOptions + | undefined; + /** + * Optional options for timestamp verification. + * If none is provided, the default verification options are: + * Threshold 1 + * Disable: false + */ + observerOptions?: ArtifactVerificationOptions_ObserverTimestampOptions | undefined; } export interface ArtifactVerificationOptions_TlogOptions { @@ -70,6 +80,12 @@ export interface ArtifactVerificationOptions_TlogOptions { performOnlineVerification: boolean; /** Disable verification for transparency logs. */ disable: boolean; + /** + * Verify SET timestamps indicates that the timestamp from + * the SET should be used when verifying the X.509 + * certifiacte chain + */ + verifySetTimestamp: boolean; } export interface ArtifactVerificationOptions_CtlogOptions { @@ -95,6 +111,17 @@ export interface ArtifactVerificationOptions_TimestampAuthorityOptions { disable: boolean; } +export interface ArtifactVerificationOptions_ObserverTimestampOptions { + /** + * The number of external ovservers of the timestamp, + * this is a union of RFC3161 signed timestamps, and SETs + * from a transparency log + */ + threshold: number; + /** Disable signed timestamp verification. */ + disable: boolean; +} + export interface Artifact { data?: { $case: "artifactUri"; artifactUri: string } | { $case: "artifact"; artifact: Buffer }; } @@ -199,7 +226,13 @@ export const PublicKeyIdentities = { }; function createBaseArtifactVerificationOptions(): ArtifactVerificationOptions { - return { signers: undefined, tlogOptions: undefined, ctlogOptions: undefined, tsaOptions: undefined }; + return { + signers: undefined, + tlogOptions: undefined, + ctlogOptions: undefined, + tsaOptions: undefined, + observerOptions: undefined, + }; } export const ArtifactVerificationOptions = { @@ -222,6 +255,9 @@ export const ArtifactVerificationOptions = { tsaOptions: isSet(object.tsaOptions) ? ArtifactVerificationOptions_TimestampAuthorityOptions.fromJSON(object.tsaOptions) : undefined, + observerOptions: isSet(object.observerOptions) + ? ArtifactVerificationOptions_ObserverTimestampOptions.fromJSON(object.observerOptions) + : undefined, }; }, @@ -243,12 +279,15 @@ export const ArtifactVerificationOptions = { message.tsaOptions !== undefined && (obj.tsaOptions = message.tsaOptions ? ArtifactVerificationOptions_TimestampAuthorityOptions.toJSON(message.tsaOptions) : undefined); + message.observerOptions !== undefined && (obj.observerOptions = message.observerOptions + ? ArtifactVerificationOptions_ObserverTimestampOptions.toJSON(message.observerOptions) + : undefined); return obj; }, }; function createBaseArtifactVerificationOptions_TlogOptions(): ArtifactVerificationOptions_TlogOptions { - return { threshold: 0, performOnlineVerification: false, disable: false }; + return { threshold: 0, performOnlineVerification: false, disable: false, verifySetTimestamp: false }; } export const ArtifactVerificationOptions_TlogOptions = { @@ -259,6 +298,7 @@ export const ArtifactVerificationOptions_TlogOptions = { ? Boolean(object.performOnlineVerification) : false, disable: isSet(object.disable) ? Boolean(object.disable) : false, + verifySetTimestamp: isSet(object.verifySetTimestamp) ? Boolean(object.verifySetTimestamp) : false, }; }, @@ -268,6 +308,7 @@ export const ArtifactVerificationOptions_TlogOptions = { message.performOnlineVerification !== undefined && (obj.performOnlineVerification = message.performOnlineVerification); message.disable !== undefined && (obj.disable = message.disable); + message.verifySetTimestamp !== undefined && (obj.verifySetTimestamp = message.verifySetTimestamp); return obj; }, }; @@ -314,6 +355,26 @@ export const ArtifactVerificationOptions_TimestampAuthorityOptions = { }, }; +function createBaseArtifactVerificationOptions_ObserverTimestampOptions(): ArtifactVerificationOptions_ObserverTimestampOptions { + return { threshold: 0, disable: false }; +} + +export const ArtifactVerificationOptions_ObserverTimestampOptions = { + fromJSON(object: any): ArtifactVerificationOptions_ObserverTimestampOptions { + return { + threshold: isSet(object.threshold) ? Number(object.threshold) : 0, + disable: isSet(object.disable) ? Boolean(object.disable) : false, + }; + }, + + toJSON(message: ArtifactVerificationOptions_ObserverTimestampOptions): unknown { + const obj: any = {}; + message.threshold !== undefined && (obj.threshold = Math.round(message.threshold)); + message.disable !== undefined && (obj.disable = message.disable); + return obj; + }, +}; + function createBaseArtifact(): Artifact { return { data: undefined }; } diff --git a/protos/sigstore_verification.proto b/protos/sigstore_verification.proto index 0ff206d4..f11e6c27 100644 --- a/protos/sigstore_verification.proto +++ b/protos/sigstore_verification.proto @@ -54,6 +54,10 @@ message ArtifactVerificationOptions { bool perform_online_verification = 2; // Disable verification for transparency logs. bool disable = 3; + // Verify SET timestamps indicates that the timestamp from + // the SET should be used when verifying the X.509 + // certifiacte chain + bool verify_set_timestamp = 4; } message CtlogOptions { // The number of ct transparency logs the certificate must @@ -72,6 +76,14 @@ message ArtifactVerificationOptions { // Disable signed timestamp verification. bool disable = 2; } + message ObserverTimestampOptions { + // The number of external ovservers of the timestamp, + // this is a union of RFC3161 signed timestamps, and SETs + // from a transparency log + int32 threshold = 1; + // Disable signed timestamp verification. + bool disable = 2; + } // At least one identity MUST be provided. Providing zero identities // is an error. If at least one provided identity is found as a @@ -94,6 +106,7 @@ message ArtifactVerificationOptions { // Threshold: 1 // Online verification: false // Disable: false + // Verify SET Timestamps: true optional TlogOptions tlog_options = 3; // Optional options for certificate transparency log verification. // If none is provided, the default verification options are: @@ -106,6 +119,11 @@ message ArtifactVerificationOptions { // Threshold: 1 // Disable: false optional TimestampAuthorityOptions tsa_options = 5; + // Optional options for timestamp verification. + // If none is provided, the default verification options are: + // Threshold 1 + // Disable: false + optional ObserverTimestampOptions observer_options = 6; } message Artifact {