Minor refactor to verify SCT and Rekor entry with multiple keys

cmd/cosign/cli/fulcio/fulcioverifier/fulcioverifier.go

@@ -52,7 +52,7 @@ const altCTLogPublicKeyLocation = "SIGSTORE_CT_LOG_PUBLIC_KEY_FILE"
 // the certificate issued by Fulcio was also added to the public CT log within
 // some defined time period
 func verifySCT(certPEM, rawSCT []byte) error {
-	var pubKey crypto.PublicKey
+	var pubKeys []crypto.PublicKey
 	var err error
 	rootEnv := os.Getenv(altCTLogPublicKeyLocation)
 	if rootEnv == "" {
@@ -67,20 +67,22 @@ func verifySCT(certPEM, rawSCT []byte) error {
 			return err
 		}
 		// Is there a reason why this must be ECDSA key?
-		pubKey, err = cosign.PemToECDSAKey(ctPub)
+		pubKey, err := cosign.PemToECDSAKey(ctPub)
 		if err != nil {
 			return errors.Wrap(err, "converting Public CT to ECDSAKey")
 		}
+		pubKeys = append(pubKeys, pubKey)
 	} else {
 		fmt.Fprintf(os.Stderr, "**Warning** Using a non-standard public key for verifying SCT: %s\n", rootEnv)
 		raw, err := os.ReadFile(rootEnv)
 		if err != nil {
 			return errors.Wrap(err, "error reading alternate public key file")
 		}
-		pubKey, err = getAlternatePublicKey(raw)
+		pubKey, err := getAlternatePublicKey(raw)
 		if err != nil {
 			return errors.Wrap(err, "error parsing alternate public key from the file")
 		}
+		pubKeys = append(pubKeys, pubKey)
 	}
 	cert, err := x509util.CertificateFromPEM(certPEM)
 	if err != nil {
@@ -90,7 +92,16 @@ func verifySCT(certPEM, rawSCT []byte) error {
 	if err := json.Unmarshal(rawSCT, &sct); err != nil {
 		return errors.Wrap(err, "unmarshal")
 	}
-	return ctutil.VerifySCT(pubKey, []*ctx509.Certificate{cert}, &sct, false)
+	var verifySctErr error
+	for _, pubKey := range pubKeys {
+		verifySctErr = ctutil.VerifySCT(pubKey, []*ctx509.Certificate{cert}, &sct, false)
+		// Exit after successful verification of the SCT
+		if err == nil {
+			return nil
+		}
+	}
+	// Return the last error that occurred during verification.
+	return verifySctErr
 }
 
 func NewSigner(ctx context.Context, idToken, oidcIssuer, oidcClientID, oidcClientSecret string, fClient api.Client) (*fulcio.Signer, error) {

cmd/cosign/cli/verify/verify_blob.go

@@ -290,19 +290,23 @@ func verifyRekorBundle(ctx context.Context, bundlePath string, cert *x509.Certif
 	if b.Bundle == nil {
 		return fmt.Errorf("rekor entry is not available")
 	}
-	pub, err := cosign.GetRekorPub(ctx)
+	publicKeys, err := cosign.GetRekorPubs(ctx)
 	if err != nil {
 		return errors.Wrap(err, "retrieving rekor public key")
 	}
 
-	rekorPubKey, err := cosign.PemToECDSAKey(pub)
-	if err != nil {
-		return errors.Wrap(err, "pem to ecdsa")
+	var entryVerError error
+	for _, pubKey := range publicKeys {
+		entryVerError = cosign.VerifySET(b.Bundle.Payload, b.Bundle.SignedEntryTimestamp, pubKey)
+		// Exit early with successful verification
+		if entryVerError == nil {
+			break
+		}
 	}
-
-	if err := cosign.VerifySET(b.Bundle.Payload, b.Bundle.SignedEntryTimestamp, rekorPubKey); err != nil {
-		return err
+	if entryVerError != nil {
+		return entryVerError
 	}
+
 	if cert == nil {
 		return nil
 	}

pkg/cosign/tlog.go

@@ -16,6 +16,7 @@ package cosign
 
 import (
 	"context"
+	"crypto/ecdsa"
 	"crypto/sha256"
 	"encoding/base64"
 	"encoding/hex"
@@ -42,15 +43,23 @@ import (
 // This is the rekor public key target name
 var rekorTargetStr = `rekor.pub`
 
-// GetRekorPub retrieves the rekor public key from the embedded or cached TUF root. If expired, makes a
-// network call to retrieve the updated target.
-func GetRekorPub(ctx context.Context) ([]byte, error) {
+// GetRekorPubs retrieves trusted Rekor public keys from the embedded or cached
+// TUF root. If expired, makes a network call to retrieve the updated targets.
+func GetRekorPubs(ctx context.Context) ([]*ecdsa.PublicKey, error) {
 	tuf, err := tuf.NewFromEnv(ctx)
 	if err != nil {
 		return nil, err
 	}
 	defer tuf.Close()
-	return tuf.GetTarget(rekorTargetStr)
+	b, err := tuf.GetTarget(rekorTargetStr)
+	if err != nil {
+		return nil, err
+	}
+	rekorPubKey, err := PemToECDSAKey(b)
+	if err != nil {
+		return nil, errors.Wrap(err, "pem to ecdsa")
+	}
+	return []*ecdsa.PublicKey{rekorPubKey}, nil
 }
 
 // TLogUpload will upload the signature, public key and payload to the transparency log.

pkg/cosign/tlog_test.go

@@ -0,0 +1,30 @@
+// Copyright 2022 The Sigstore Authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package cosign
+
+import (
+	"context"
+	"testing"
+)
+
+func TestGetRekorPubKeys(t *testing.T) {
+	keys, err := GetRekorPubs(context.Background())
+	if err != nil {
+		t.Errorf("Unexpected error calling GetRekorPubs, expected nil: %v", err)
+	}
+	if len(keys) == 0 {
+		t.Errorf("expected 1 or more keys, got 0")
+	}
+}

pkg/cosign/verify.go

@@ -585,18 +585,21 @@ func VerifyBundle(ctx context.Context, sig oci.Signature) (bool, error) {
 		return false, nil
 	}
 
-	pub, err := GetRekorPub(ctx)
+	publicKeys, err := GetRekorPubs(ctx)
 	if err != nil {
 		return false, errors.Wrap(err, "retrieving rekor public key")
 	}
 
-	rekorPubKey, err := PemToECDSAKey(pub)
-	if err != nil {
-		return false, errors.Wrap(err, "pem to ecdsa")
+	var entryVerError error
+	for _, pubKey := range publicKeys {
+		entryVerError = VerifySET(bundle.Payload, bundle.SignedEntryTimestamp, pubKey)
+		// Exit early with successful verification
+		if entryVerError == nil {
+			break
+		}
 	}
-
-	if err := VerifySET(bundle.Payload, bundle.SignedEntryTimestamp, rekorPubKey); err != nil {
-		return false, err
+	if entryVerError != nil {
+		return false, entryVerError
 	}
 
 	cert, err := sig.Cert()