Compare the Rekor entry body to the artifact

[haydentherapper]

Description

Tracking bug for https://github.com/sigstore/sigstore-go/blob/main/pkg/verify/tlog.go#L174

This is not absolutely necessary because we do already compare against the signature which should effectively bind the entry to the artifact.

[cmurphy]

This is not absolutely necessary

Was there any more discussion on whether this is worth moving forward with?

I don't think cosign does this, from what I've been able to tell.

[haydentherapper]

IIRC yea, Cosign does not check this as well, it only compares signatures - https://github.com/sigstore/cosign/blob/main/pkg/cosign/verify.go#L1164-L1188

Signatures are malleable, for example an ECDSA signature can be represented in two ways, so a signature should not be considered unique. In this example though, that doesn't present an issue from what I can tell, if anything malleability would cause a comparison failure.

@woodruffw Did you have any thoughts here?

[woodruffw]

I might be missing a part here, but I think sigstore-python handles this by reconstructing the log entry from the bundle's state, and confirming that the reconstructed entry and the actual entry match exactly. For example, here's how we do it for hashedrekord:

https://github.com/sigstore/sigstore-python/blob/491f3f8dd0b1983d23364673cc7e0b24aeb3a5dd/sigstore/verify/verifier.py#L504-L519

(The dsse check is slightly weaker due to the malleability of the JSON envelope, but has effectively the same properties).

In effect, this means that we check that the Rekor entry's signature, digest, etc. are byte-for-byte identical to their bundle equivalents.

[haydentherapper]

Thanks @woodruffw! I agree that I think part of this issue is figuring out what needs to be compared. I'll take a pass over this code again and see if there's a straightforward refactor for recomputing Rekor canonicalized bodies.