From b9afa3f4e132b5443d9bbf265c30deea0175fdcd Mon Sep 17 00:00:00 2001 From: William Woodruff Date: Thu, 11 Jul 2024 08:03:12 -0400 Subject: [PATCH] sigstore/dsse: reject DSSEs with >1 sig (#1062) --- CHANGELOG.md | 6 ++++++ sigstore/dsse.py | 19 +++++++++---------- 2 files changed, 15 insertions(+), 10 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 38f2ed143..572b84373 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,12 @@ All versions prior to 0.9.0 are untracked. ## [Unreleased] +### Changed + +* API: `verify_dsse` now rejects bundles with DSSE envelopes that have more than + one signature, rather than checking all signatures against the same key + ([#1062](https://github.com/sigstore/sigstore-python/pull/1062)) + ## [3.0.0] Maintainers' note: this is a major release, with significant public API and CLI diff --git a/sigstore/dsse.py b/sigstore/dsse.py index 865841e6d..123f8f97c 100644 --- a/sigstore/dsse.py +++ b/sigstore/dsse.py @@ -266,16 +266,15 @@ def _verify(key: ec.EllipticCurvePublicKey, evp: Envelope) -> bytes: pae = _pae(evp._inner.payload_type, evp._inner.payload) - if not evp._inner.signatures: - raise VerificationError("DSSE: envelope contains no signatures") + nsigs = len(evp._inner.signatures) + if nsigs != 1: + raise VerificationError(f"DSSE: exactly 1 signature allowed, got {nsigs}") - # In practice checking more than one signature here is frivolous, since - # they're all being checked against the same key. But there's no - # particular harm in checking them all either. - for signature in evp._inner.signatures: - try: - key.verify(signature.sig, pae, ec.ECDSA(hashes.SHA256())) - except InvalidSignature: - raise VerificationError("DSSE: invalid signature") + signature = evp._inner.signatures[0].sig + + try: + key.verify(signature, pae, ec.ECDSA(hashes.SHA256())) + except InvalidSignature: + raise VerificationError("DSSE: invalid signature") return evp._inner.payload