Add sigstore fuzzer for signing and verifying (#535)

* Add sigstore fuzzer for signing and verifying

Signed-off-by: Adam Korczynski <[email protected]>

* fix hatch linting

Signed-off-by: Adam Korczynski <[email protected]>

* fix type errors

Signed-off-by: Adam Korczynski <[email protected]>

---------

Signed-off-by: Adam Korczynski <[email protected]>

Author: AdamKorcz

tests/fuzzing/dicts/fuzz_simple_sigstore.dict

@@ -0,0 +1,49 @@
+"{"
+"}"
+"["
+"]"
+":"
+","
+"\"mediaType\": \"application/vnd.dev.sigstore.trustedroot+json;version=0.1\","
+"\"tlogs\": ["
+"\"baseUrl\": \"https://rekor.sigstore.dev\","
+"\"hashAlgorithm": "SHA2_256\","
+"\"publicKey\": {"
+"\"rawBytes\": \"MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE2G2Y+2tabdTV5BcGiBIx0a9fAFwrkBbmLSGtks4L3qX6yYY0zufBnhC8Ur/iy55GhWP/9A/bY2LhC30M9+RYtw==\","
+"\"keyDetails\": \"PKIX_ECDSA_P256_SHA_256\","
+"\"validFor\": {"
+"\"start\": \"2021-01-12T11:53:27.000Z\""
+"\"logId\": {"
+"\"keyId\": \"wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0=\""
+"\"certificateAuthorities\": ["
+"\"rawBytes\": \"MIIB+DCCAX6gAwIBAgITNVkDZoCiofPDsy7dfm6geLbuhzAKBggqhkjOPQQDAzAqMRUwEwYDVQQKEwxzaWdzdG9yZS5kZXYxETAPBgNVBAMTCHNpZ3N0b3JlMB4XDTIxMDMwNzAzMjAyOVoXDTMxMDIyMzAzMjAyOVowKjEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MREwDwYDVQQDEwhzaWdzdG9yZTB2MBAGByqGSM49AgEGBSuBBAAiA2IABLSyA7Ii5k+pNO8ZEWY0ylemWDowOkNa3kL+GZE5Z5GWehL9/A9bRNA3RbrsZ5i0JcastaRL7Sp5fp/jD5dxqc/UdTVnlvS16an+2Yfswe/QuLolRUCrcOE2+2iA5+tzd6NmMGQwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQEwHQYDVR0OBBYEFMjFHQBBmiQpMlEk6w2uSu1KBtPsMB8GA1UdIwQYMBaAFMjFHQBBmiQpMlEk6w2uSu1KBtPsMAoGCCqGSM49BAMDA2gAMGUCMH8liWJfMui6vXXBhjDgY4MwslmN/TJxVe/83WrFomwmNf056y1X48F9c4m3a3ozXAIxAKjRay5/aj/jsKKGIkmQatjI8uupHr/+CxFvaJWmpYqNkLDGRU+9orzh5hI2RrcuaQ==\""
+"\"subject\": {"
+"\"organization\": \"sigstore.dev\","
+"\"commonName\": \"sigstore\""
+"\"uri\": \"https://fulcio.sigstore.dev\","
+"\"rawBytes\": \"MIICGjCCAaGgAwIBAgIUALnViVfnU0brJasmRkHrn/UnfaQwCgYIKoZIzj0EAwMwKjEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MREwDwYDVQQDEwhzaWdzdG9yZTAeFw0yMjA0MTMyMDA2MTVaFw0zMTEwMDUxMzU2NThaMDcxFTATBgNVBAoTDHNpZ3N0b3JlLmRldjEeMBwGA1UEAxMVc2lnc3RvcmUtaW50ZXJtZWRpYXRlMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE8RVS/ysH+NOvuDZyPIZtilgUF9NlarYpAd9HP1vBBH1U5CV77LSS7s0ZiH4nE7Hv7ptS6LvvR/STk798LVgMzLlJ4HeIfF3tHSaexLcYpSASr1kS0N/RgBJz/9jWCiXno3sweTAOBgNVHQ8BAf8EBAMCAQYwEwYDVR0lBAwwCgYIKwYBBQUHAwMwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQU39Ppz1YkEZb5qNjpKFWixi4YZD8wHwYDVR0jBBgwFoAUWMAeX5FFpWapesyQoZMi0CrFxfowCgYIKoZIzj0EAwMDZwAwZAIwPCsQK4DYiZYDPIaDi5HFKnfxXx6ASSVmERfsynYBiX2X6SJRnZU84/9DZdnFvvxmAjBOt6QpBlc4J/0DxvkTCqpclvziL6BCCPnjdlIB3Pu3BxsPmygUY7Ii2zbdCdliiow=\""
+"\"rawBytes\": \"MIIB9zCCAXygAwIBAgIUALZNAPFdxHPwjeDloDwyYChAO/4wCgYIKoZIzj0EAwMwKjEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MREwDwYDVQQDEwhzaWdzdG9yZTAeFw0yMTEwMDcxMzU2NTlaFw0zMTEwMDUxMzU2NThaMCoxFTATBgNVBAoTDHNpZ3N0b3JlLmRldjERMA8GA1UEAxMIc2lnc3RvcmUwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAT7XeFT4rb3PQGwS4IajtLk3/OlnpgangaBclYpsYBr5i+4ynB07ceb3LP0OIOZdxexX69c5iVuyJRQ+Hz05yi+UF3uBWAlHpiS5sh0+H2GHE7SXrk1EC5m1Tr19L9gg92jYzBhMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRYwB5fkUWlZql6zJChkyLQKsXF+jAfBgNVHSMEGDAWgBRYwB5fkUWlZql6zJChkyLQKsXF+jAKBggqhkjOPQQDAwNpADBmAjEAj1nHeXZp+13NWBNa+EDsDP8G1WWg1tCMWP/WHPqpaVo0jhsweNFZgSs0eE7wYI4qAjEA2WB9ot98sIkoF3vZYdd3/VtWB5b9TNMea7Ix/stJ5TfcLLeABLE4BNJOsQ4vnBHJ\""
+"\"ctlogs\": ["
+"\"baseUrl\": \"https://ctfe.sigstore.dev/test\","
+"\"hashAlgorithm\": \"SHA2_256\","
+"\"publicKey\": {"
+"\"rawBytes\": \"MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEbfwR+RJudXscgRBRpKX1XFDy3PyudDxz/SfnRi1fT8ekpfBd2O1uoz7jr3Z8nKzxA69EUQ+eFCFI3zeubPWU7w==\","
+"\"end\": \"2022-10-31T23:59:59.999Z\""
+"\"logId\": {"
+"\"keyId\": \"CGCS8ChS/2hF0dFrJ4ScRWcYrBY9wzjSbea8IgY2b3I=\""
+"\"baseUrl\": \"https://ctfe.sigstore.dev/2022\","
+"\"hashAlgorithm\": \"SHA2_256\","
+"\"publicKey\": {"
+"\"rawBytes\": \"MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEiPSlFi0CmFTfEjCUqF9HuCEcYXNKAaYalIJmBZ8yyezPjTqhxrKBpMnaocVtLJBI1eM3uXnQzQGAJdJ4gs9Fyw==\","
+"\"keyDetails\": \"PKIX_ECDSA_P256_SHA_256\","
+"\"logId\": {"
+"\"keyId\": \"3T0wasbHETJjGR4cmWc3AqJKXrjePK3/h4pygC8p7o4=\""
+"\"timestampAuthorities\": ["
+"\"subject\": {"
+"\"organization\": \"GitHub, Inc.\","
+"\"commonName\": \"Internal Services Root\""
+"\"certChain\": {"
+"\"certificates\": ["
+"\"rawBytes\": \"MIIB3DCCAWKgAwIBAgIUchkNsH36Xa04b1LqIc+qr9DVecMwCgYIKoZIzj0EAwMwMjEVMBMGA1UEChMMR2l0SHViLCBJbmMuMRkwFwYDVQQDExBUU0EgaW50ZXJtZWRpYXRlMB4XDTIzMDQxNDAwMDAwMFoXDTI0MDQxMzAwMDAwMFowMjEVMBMGA1UEChMMR2l0SHViLCBJbmMuMRkwFwYDVQQDExBUU0EgVGltZXN0YW1waW5nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEUD5ZNbSqYMd6r8qpOOEX9ibGnZT9GsuXOhr/f8U9FJugBGExKYp40OULS0erjZW7xV9xV52NnJf5OeDq4e5ZKqNWMFQwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMIMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUaW1RudOgVt0leqY0WKYbuPr47wAwCgYIKoZIzj0EAwMDaAAwZQIwbUH9HvD4ejCZJOWQnqAlkqURllvu9M8+VqLbiRK+zSfZCZwsiljRn8MQQRSkXEE5AjEAg+VxqtojfVfu8DhzzhCx9GKETbJHb19iV72mMKUbDAFmzZ6bQ8b54Zb8tidy5aWe\""
+"\"rawBytes\": \"MIICEDCCAZWgAwIBAgIUX8ZO5QXP7vN4dMQ5e9sU3nub8OgwCgYIKoZIzj0EAwMwODEVMBMGA1UEChMMR2l0SHViLCBJbmMuMR8wHQYDVQQDExZJbnRlcm5hbCBTZXJ2aWNlcyBSb290MB4XDTIzMDQxNDAwMDAwMFoXDTI4MDQxMjAwMDAwMFowMjEVMBMGA1UEChMMR2l0SHViLCBJbmMuMRkwFwYDVQQDExBUU0EgaW50ZXJtZWRpYXRlMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEvMLY/dTVbvIJYANAuszEwJnQE1llftynyMKIMhh48HmqbVr5ygybzsLRLVKbBWOdZ21aeJz+gZiytZetqcyF9WlER5NEMf6JV7ZNojQpxHq4RHGoGSceQv/qvTiZxEDKo2YwZDAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQUaW1RudOgVt0leqY0WKYbuPr47wAwHwYDVR0jBBgwFoAU9NYYlobnAG4c0/qjxyH/lq/wz+QwCgYIKoZIzj0EAwMDaQAwZgIxAK1B185ygCrIYFlIs3GjswjnwSMG6LY8woLVdakKDZxVa8f8cqMs1DhcxJ0+09w95QIxAO+tBzZk7vjUJ9iJgD4R6ZWTxQWKqNm74jO99o+o9sv4FI/SZTZTFyMn0IJEHdNmyA==\""
+"\"rawBytes\": \"MIIB9DCCAXqgAwIBAgIUa/JAkdUjK4JUwsqtaiRJGWhqLSowCgYIKoZIzj0EAwMwODEVMBMGA1UEChMMR2l0SHViLCBJbmMuMR8wHQYDVQQDExZJbnRlcm5hbCBTZXJ2aWNlcyBSb290MB4XDTIzMDQxNDAwMDAwMFoXDTMzMDQxMTAwMDAwMFowODEVMBMGA1UEChMMR2l0SHViLCBJbmMuMR8wHQYDVQQDExZJbnRlcm5hbCBTZXJ2aWNlcyBSb290MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEf9jFAXxz4kx68AHRMOkFBhflDcMTvzaXz4x/FCcXjJ/1qEKon/qPIGnaURskDtyNbNDOpeJTDDFqt48iMPrnzpx6IZwqemfUJN4xBEZfza+pYt/iyod+9tZr20RRWSv/o0UwQzAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBAjAdBgNVHQ4EFgQU9NYYlobnAG4c0/qjxyH/lq/wz+QwCgYIKoZIzj0EAwMDaAAwZQIxALZLZ8BgRXzKxLMMN9VIlO+e4hrBnNBgF7tz7Hnrowv2NetZErIACKFymBlvWDvtMAIwZO+ki6ssQ1bsZo98O8mEAf2NZ7iiCgDDU0Vwjeco6zyeh0zBTs9/7gV6AHNQ53xD\""

tests/fuzzing/fuzz_simple_sigstore.py

@@ -0,0 +1,160 @@
+# Copyright 2025 The Sigstore Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import importlib
+import os
+from pathlib import Path
+import sys
+import tempfile
+
+# type: ignore
+import atheris
+from sigstore.models import TrustedRoot
+from utils import any_files
+from utils import create_fuzz_files
+
+from model_signing import signing
+from model_signing import verifying
+
+
+def _patch_sigstore_get_dirs(metadata_dir: Path, artifacts_dir: Path) -> None:
+    """Overwrite sigstore._internal.tuf._get_dirs(url: str).
+
+    This allows us to return directories that the fuzzer controls.
+    """
+    tuf_mod = importlib.import_module("sigstore._internal.tuf")
+
+    def _stub_get_dirs(url: str):
+        return metadata_dir, artifacts_dir
+
+    tuf_mod._get_dirs = _stub_get_dirs
+
+
+def _patch_trust_updater_offline_default_true() -> None:
+    """Make TrustUpdater.__init__ offline by default.
+
+    This avoids network calls at runtime which is important
+    for when the fuzzer runs on OSS-Fuzz.
+    """
+    tuf_mod = importlib.import_module("sigstore._internal.tuf")
+    trust_updater = tuf_mod.TrustUpdater
+    _orig_init = trust_updater.__init__
+
+    def _patched_init(self, url: str, offline: bool = True) -> None:
+        _orig_init(self, url, offline=True)
+
+    trust_updater.__init__ = _patched_init
+
+
+def TestOneInput(data: bytes) -> None:
+    fdp = atheris.FuzzedDataProvider(data)
+
+    # When the fuzzer creates a signer further down,
+    # Sigstore will use a trusted root that the fuzzer
+    # has created. It is possible for the fuzzer to create
+    # an invalid trusted root, so it creates and tests it
+    # here - very early in the whole iteration - to return
+    # if it is invalid. If it is valid, it will use it laeter.
+    root_sz = fdp.ConsumeIntInRange(0, 16 * 1024)  # up to 16KB
+    trusted_root_bytes = fdp.ConsumeBytes(root_sz)
+
+    tmp_tr_path: Path
+    with tempfile.NamedTemporaryFile(
+        prefix="trusted_root_", suffix=".json", delete=False
+    ) as tmp_tr:
+        tmp_tr_path = Path(tmp_tr.name)
+        tmp_tr.write(trusted_root_bytes)
+
+    try:
+        # Early validation to catch bad JSON
+        TrustedRoot.from_file(str(tmp_tr_path))
+    except Exception:
+        # Bad or unsupported JSON: return and retry
+        os.unlink(tmp_tr_path)
+        return
+
+    # Temp dirs for sigstore TUF (metadata/artifacts) + model + signature
+    with (
+        tempfile.TemporaryDirectory(prefix="tuf-metadata-") as md_tmp,
+        tempfile.TemporaryDirectory(prefix="tuf-artifacts-") as art_tmp,
+        tempfile.TemporaryDirectory(prefix="mt_file_fuzz_") as tmpdir,
+        tempfile.TemporaryDirectory(prefix="mt_sig_fuzz_") as sigdir,
+    ):
+        # Create the model root
+        root = Path(tmpdir)
+
+        # 1) Populate model dir with randomizd files and exit early if empty
+        create_fuzz_files(root, fdp)
+        if not any_files(root):
+            return
+
+        metadata_dir = Path(md_tmp)
+        artifacts_dir = Path(art_tmp)
+
+        # 2) Create the hooks into sigstore python
+        _patch_sigstore_get_dirs(metadata_dir, artifacts_dir)
+        _patch_trust_updater_offline_default_true()
+
+        # 3) Write the (already validated) trusted_root.json into artifacts dir
+        trusted_root_path = artifacts_dir / "trusted_root.json"
+        trusted_root_path.write_bytes(trusted_root_bytes)
+
+        # 4) Fuzz/write signing_config.v0.2.json
+        signing_config_path = artifacts_dir / "signing_config.v0.2.json"
+        cfg_sz = fdp.ConsumeIntInRange(0, 16 * 1024)  # up to 16KB
+        signing_config_path.write_bytes(fdp.ConsumeBytes(cfg_sz))
+
+        # 5) Prepare signature path
+        signature_path = Path(sigdir) / "model.signature"
+
+        # 6) Sign
+        expected_identity = (
+            fdp.ConsumeBytes(32).decode("utf-8", errors="ignore")
+            or "default-identity"
+        )
+        expected_oidc_issuer = (
+            fdp.ConsumeBytes(32).decode("utf-8", errors="ignore")
+            or "https://example.com/"
+        )
+        sigstore_oidc_beacon_token = (
+            fdp.ConsumeBytes(64).decode("utf-8", errors="ignore") or "token"
+        )
+
+        sc = signing.Config()
+        sc.use_sigstore_signer(
+            use_staging=True, identity_token=sigstore_oidc_beacon_token
+        )
+        sc.sign(root, signature_path)
+
+        if not signature_path.exists():
+            return
+
+        # 7) Verify
+        vc = verifying.Config()
+        vc.use_sigstore_verifier(
+            identity=expected_identity,
+            oidc_issuer=expected_oidc_issuer,
+            use_staging=True,
+        )
+        vc.verify(root, signature_path)
+
+
+def main():
+    atheris.instrument_all()
+    atheris.Setup(sys.argv, TestOneInput)
+    atheris.Fuzz()
+
+
+if __name__ == "__main__":
+    main()