Skip to content

Commit

Permalink
feat: inference demo
Browse files Browse the repository at this point in the history
  • Loading branch information
natesales committed Nov 21, 2024
1 parent 93fde07 commit c74b966
Show file tree
Hide file tree
Showing 5 changed files with 26 additions and 8 deletions.
14 changes: 14 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
# Tinfoil Verifier

## Online In-Browser Verification

https://tinfoilanalytics.github.io/verifier/

## Local Verification

```bash
go run cmd/main.go \
-attestation https://inference-demo.tinfoil.sh/.well-known/nitro-attestation \
-repo tinfoilanalytics/nitro-private-inference-image \
-digest c6a7de8bd85b58d958a64ee244453fa49165fa35864c8a5af333ee65b922cc8d
```
3 changes: 2 additions & 1 deletion cmd/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ import (
var (
attestationDoc = flag.String("attestation", "", "Path to the attestation document or URL")
digest = flag.String("digest", "", "Artifact digest")
repo = flag.String("repo", "", "Attested repo (e.g. tinfoilanalytics/nitro-pipeline-test)")
repo = flag.String("repo", "", "Attested repo (e.g. tinfoilanalytics/nitro-private-inference-image)")
)

func gitHubAttestation(digest string) ([]byte, error) {
Expand Down Expand Up @@ -73,6 +73,7 @@ func main() {
sigstoreRootBytes,
bundleBytes,
*digest,
*repo,
)
if err != nil {
panic(err)
Expand Down
6 changes: 3 additions & 3 deletions pkg/sigstore/sigstore.go
Original file line number Diff line number Diff line change
Expand Up @@ -16,12 +16,11 @@ import (

const (
OidcIssuer = "https://token.actions.githubusercontent.com"
SanRegex = "^https://github.com/tinfoilanalytics/nitro-enclave-pipeline-test/.github/workflows/release.yml@refs/tags/*"
)

// VerifyAttestedMeasurements verifies the attested measurements of an EIF measurement
// against a trusted root (Sigstore) and returns the measurement payload contained in the DSSE.
func VerifyAttestedMeasurements(trustedRootJSON, bundleJSON []byte, hexDigest string) (*models.Measurements, error) {
func VerifyAttestedMeasurements(trustedRootJSON, bundleJSON []byte, hexDigest, repo string) (*models.Measurements, error) {
trustedMaterial, err := root.NewTrustedRootFromJSON(trustedRootJSON)
if err != nil {
return nil, fmt.Errorf("parsing trusted root: %w", err)
Expand All @@ -47,7 +46,8 @@ func VerifyAttestedMeasurements(trustedRootJSON, bundleJSON []byte, hexDigest st
OidcIssuer,
"",
"",
SanRegex)
"^https://github.com/"+repo+"/.github/workflows/release.yml@refs/tags/*",
)
if err != nil {
return nil, fmt.Errorf("creating certificate identity: %w", err)
}
Expand Down
9 changes: 5 additions & 4 deletions wasm/index.html
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@
<script src="wasm_exec.js"></script>
<script>
function verify() {
let repo = "tinfoilanalytics/nitro-private-inference-image"
let digest = document.getElementById("digest").value;
let domain = document.getElementById("domain").value;
let log = document.getElementById("log");
Expand All @@ -27,7 +28,7 @@
go.run(result.instance);
addLog("WASM verifier loaded");

let bundleURL = "https://api.github.com/repos/tinfoilanalytics/nitro-enclave-pipeline-test/attestations/sha256:" + digest;
let bundleURL = "https://api.github.com/repos/"+repo+"/attestations/sha256:" + digest;
addLog("Fetching attestation bundle from " + bundleURL);
let sigstorePromise = fetch(bundleURL)
.catch(error => {
Expand All @@ -46,7 +47,7 @@
.then(data => {
let bundle = data.attestations[0].bundle;
addLog("Verifying sigstore signature");
let sigstoreMeasurements = JSON.parse(verifySigstore(digest, JSON.stringify(bundle)));
let sigstoreMeasurements = JSON.parse(verifySigstore(digest, JSON.stringify(bundle), repo));
addLog("Sigstore PCR0: " + sigstoreMeasurements.PCR0);
addLog("Sigstore PCR1: " + sigstoreMeasurements.PCR1);
addLog("Sigstore PCR2: " + sigstoreMeasurements.PCR2);
Expand Down Expand Up @@ -129,15 +130,15 @@ <h1 class="text-2xl font-bold">Tinfoil Verifier</h1>
id="digest"
class="border border-gray-200 p-2 w-full"
type="text"
value="cabdc1385f1f69e2a19215b4cdc153d6843b26e0e570ccf423408a8b7598e935">
value="c6a7de8bd85b58d958a64ee244453fa49165fa35864c8a5af333ee65b922cc8d">
</div>
<div class="w-[30%]">
<p class="text-gray-600 mb-2">URL:</p>
<input
id="domain"
class="border border-gray-200 p-2 w-full"
type="text"
value="attestation-demo.tinfoil.sh">
value="inference-demo.tinfoil.sh">
</div>
<div class="w-[10%] flex items-end">
<button class="bg-emerald-500 text-white px-4 py-2 w-full" onclick="verify()">Verify</button>
Expand Down
2 changes: 2 additions & 0 deletions wasm/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -21,11 +21,13 @@ func verifySigstore() js.Func {
return js.FuncOf(func(this js.Value, args []js.Value) any {
digest := args[0].String()
bundleBytes := []byte(args[1].String())
repo := args[2].String()

sigstoreMeasurements, err := sigstore.VerifyAttestedMeasurements(
trustedRootBytes,
bundleBytes,
digest,
repo,
)
if err != nil {
panic(err)
Expand Down

0 comments on commit c74b966

Please sign in to comment.