cosign/tuf: use trustroot

[jleightcap]

Summary

Towards #280, adapt Cosign and TUF to use trustroot.

As a roadmap, this PR is structured:

• define the TUF trustroot types in src/tuf/repository_helper.rs.
• refactor the TUF implementation to use trustroot and rustls-webpki+rustls-pki-types.
  • note: this now means that the trustroot is "prefetch"ed, then used in async contexts--see release notes.
  • this also introduces some lifetime information that propagates into other components.
• misc. cleanup in changed components
  • pull the root JSON out of raw strings and into their own committed files.
  • Repository construction now uses the trustroot, with a FakeRepository option for BYO keys/certs--see release notes.

Release Note

The method of constructing a Repository with out-of-band trust materials (from Rekor public key and Fulcio certificate) has changed. See Cosign's verify example:

sigstore-rs/examples/cosign/verify/main.rs

Lines 231 to 265 in a536bea

	async fn fulcio_and_rekor_data(cli: &Cli) -> anyhow::Result<Box<dyn sigstore::tuf::Repository>> {
	if cli.use_sigstore_tuf_data {
	let repo: sigstore::errors::Result<SigstoreRepository> = spawn_blocking(|| {
	info!("Downloading data from Sigstore TUF repository");
	SigstoreRepository::new(None)?.prefetch()
	})
	.await
	.map_err(|e| anyhow!("Error spawning blocking task inside of tokio: {}", e))?;
	return Ok(Box::new(repo?));
	};
	let mut data = sigstore::tuf::FakeRepository::default();
	if let Some(path) = cli.rekor_pub_key.as_ref() {
	data.rekor_key = Some(
	fs::read(path)
	.map_err(|e| anyhow!("Error reading rekor public key from disk: {}", e))?,
	);
	}
	if let Some(path) = cli.fulcio_cert.as_ref() {
	let cert_data = fs::read(path)
	.map_err(|e| anyhow!("Error reading fulcio certificate from disk: {}", e))?;
	let certificate = sigstore::registry::Certificate {
	encoding: sigstore::registry::CertificateEncoding::Pem,
	data: cert_data,
	};
	data.fulcio_certs
	.get_or_insert(Vec::new())
	.push(certificate.try_into()?);
	}
	Ok(Box::new(data))
	}

And the signature verification documentation:

sigstore-rs/src/lib.rs

Lines 83 to 103 in 8a269a3

	//! // Provide both rekor and fulcio data -> this enables keyless verification
	//! // Read rekor's key from the location generated by `cosign initialize`
	//! let rekor_pub_key = fs::read("~/.sigstore/root/targets/rekor.pub")
	//! .expect("Cannot read rekor public key");
	//! // Read fulcio's certificate from the location generated by `cosign initialize`
	//! let fulcio_cert_data = fs::read("~/.sigstore/root/targets/fulcio.crt.pem")
	//! .expect("Cannot read fulcio certificate");
	//! let fulcio_cert = sigstore::registry::Certificate {
	//! encoding: sigstore::registry::CertificateEncoding::Pem,
	//! data: fulcio_cert_data
	//! };
	//!
	//! let mut repo = sigstore::tuf::FakeRepository::default();
	//! repo.fulcio_certs.get_or_insert(Vec::new()).push(fulcio_cert.try_into().unwrap());
	//! repo.rekor_key = Some(rekor_pub_key);
	//!
	//! let mut client = sigstore::cosign::ClientBuilder::default()
	//! .with_trust_repository(&repo)
	//! .expect("Cannot construct cosign client from given materials")
	//! .build()
	//! .expect("Unexpected failure while building Client");

Documentation

[jleightcap]

@woodruffw and @tnytown mentioned some ownership design considerations that I'm not sure I fully understood. A closer look at some lifetime choices e.g.

sigstore-rs/src/cosign/client_builder.rs

Lines 55 to 62 in 559673c

	pub struct ClientBuilder<'a> {
	oci_client_config: ClientConfig,
	rekor_pub_key: Option<&'a [u8]>,
	fulcio_certs: Vec<CertificateDer<'a>>,
	// repo: Repository
	#[cfg(feature = "cached-client")]
	enable_registry_caching: bool,
	}

would be fantastic.

[woodruffw]

@woodruffw and @tnytown mentioned some ownership design considerations that I'm not sure I fully understood. A closer look at some lifetime choices e.g.

@tnytown can confirm, but I believe the question was whether it makes sense to allow the interior 'a lifetime on CertificateDer<'a> to "cascade" throughout the refactor. The alternative would be to create an OwnedCertificateDer wrapper that maintains a self-reference, using a crate like self_cell.

This is exactly what PyCA Cryptography does, turning a Certificate<'a> into an OwnedCertificate:

https://github.com/pyca/cryptography/blob/4c07d8eb289aaa0fbcdbcf370724122905fade02/src/rust/src/x509/certificate.rs#L29C1-L36

Whether or not this actually makes sense to do, however, is ultimately a design question. If the sigstore-rs maintainers are okay with the lifetime, then it probably doesn't make sense to do 🙂

[lukehinds]

First pass looks good to me.

[flavio]

It looks good to me. I left some minor comments.

There's just one major objection I have: the usage of the rustls-webpki crate. This brings back the ring dependency which was removed by @Xynnn007 sometimes ago.

@Xynnn007 what do you think about that?

[flavio]

Thanks for the contribution and for having gone through the requested changes