Fix handling PQC Signatures (pysequoia)

closes #2237

Assisted-By: claude-opus-4.6
(cherry picked from commit 8f2e71a)

Author: dralley

CHANGES/2237.bugfix

@@ -0,0 +1 @@
+Don't blow up on encountering PQC signatures.

pulp_container/app/registry_api.py

@@ -1493,8 +1493,10 @@ def put(self, request, path, pk):
         except binascii.Error:
             raise ManifestSignatureInvalid(digest=pk)
 
-        signature_json = extract_data_from_signature(signature_raw, manifest.digest)
-        if signature_json is None:
+        try:
+            signature_json = extract_data_from_signature(signature_raw, manifest.digest)
+        except ValueError as exc:
+            log.warning("Error processing signature on upload: {}".format(exc))
             raise ManifestSignatureInvalid(digest=pk)
 
         sig_digest = hashlib.sha256(signature_raw).hexdigest()

pulp_container/app/tasks/sign.py

@@ -133,7 +133,10 @@ async def create_signature(manifest, reference, signing_service):
             data = sig_fp.read()
             encoded_sig = base64.b64encode(data).decode()
             sig_digest = hashlib.sha256(data).hexdigest()
-            sig_json = extract_data_from_signature(data, manifest.digest)
+            try:
+                sig_json = extract_data_from_signature(data, manifest.digest)
+            except ValueError:
+                raise
             manifest_digest = sig_json["critical"]["image"]["docker-manifest-digest"]
 
             signature = ManifestSignature(

pulp_container/app/tasks/sync_stages.py

@@ -414,8 +414,10 @@ def create_manifest(self, manifest_data, raw_text_data, media_type, digest=None)
     def _create_signature_declarative_content(
         self, signature_raw, man_dc, name=None, signature_b64=None
     ):
-        signature_json = extract_data_from_signature(signature_raw, man_dc.content.digest)
-        if signature_json is None:
+        try:
+            signature_json = extract_data_from_signature(signature_raw, man_dc.content.digest)
+        except ValueError as exc:
+            log.warning("Error processing signature on sync: {}".format(str(exc)))
             return
 
         sig_digest = hashlib.sha256(signature_raw).hexdigest()

pulp_container/app/utils.py

@@ -1,9 +1,6 @@
 import base64
 import hashlib
 import fnmatch
-import re
-import subprocess
-import gnupg
 import json
 import logging
 import time
@@ -15,6 +12,8 @@
 from functools import partial
 from rest_framework.exceptions import Throttled
 
+from pysequoia.packet import PacketPile, Tag
+
 from pulpcore.plugin.models import Artifact, Task
 
 from pulp_container.constants import (
@@ -31,9 +30,6 @@
     SIGNATURE_SCHEMA,
 )
 
-KEY_ID_REGEX_COMPILED = re.compile(r"keyid ([0-9A-F]+)")
-TIMESTAMP_REGEX_COMPILED = re.compile(r"created ([0-9]+)")
-
 signature_validator = Draft7Validator(SIGNATURE_SCHEMA)
 
 log = logging.getLogger(__name__)
@@ -78,6 +74,20 @@ def urlpath_sanitize(*args):
     return "/".join(segments)
 
 
+def keyid_from_fingerprint(fingerprint):
+    """Derive a key ID from an OpenPGP fingerprint.
+
+    For v4 fingerprints (40 hex chars / 20 bytes), the key ID is the last 8 bytes.
+    For v6 fingerprints (64 hex chars / 32 bytes), the key ID is the first 8 bytes.
+    """
+    if len(fingerprint) == 40:
+        return fingerprint[-16:]
+    elif len(fingerprint) == 64:
+        return fingerprint[:16]
+    else:
+        raise ValueError(f"Unexpected fingerprint length: {len(fingerprint)}")
+
+
 def extract_data_from_signature(signature_raw, man_digest):
     """
     Extract data from an "integrated" signature, aka a signed non-encrypted document.
@@ -90,37 +100,56 @@ def extract_data_from_signature(signature_raw, man_digest):
         dict: JSON representation of the document and available data about signature
 
     """
-    gpg = gnupg.GPG()
-    crypt_obj = gpg.decrypt(signature_raw, extra_args=["--skip-verify"])
-    if not crypt_obj.data:
-        log.info(
-            "It is not possible to read the signed document, GPG error: {}".format(crypt_obj.stderr)
+    try:
+        pile = PacketPile.from_bytes(signature_raw)
+    except Exception as exc:
+        raise ValueError(
+            "Signed document for manifest {} is un-parseable: {}".format(man_digest, str(exc))
         )
-        return
+
+    literal_data = None
+    signing_key_id = None
+    signing_key_fingerprint = None
+    signature_timestamp = None
+
+    for packet in pile:
+        if packet.tag == Tag.Literal:
+            literal_data = bytes(packet.literal_data)
+        elif packet.tag == Tag.Signature:
+            if packet.issuer_key_id is not None:
+                signing_key_id = packet.issuer_key_id.upper()
+            elif packet.issuer_fingerprint is not None:
+                signing_key_fingerprint = packet.issuer_fingerprint.upper()
+                signing_key_id = keyid_from_fingerprint(signing_key_fingerprint)
+            else:
+                raise ValueError(
+                    "Signature for manifest {} has no fingerprint or key_id".format(man_digest)
+                )
+            if packet.signature_created is not None:
+                signature_timestamp = int(packet.signature_created.timestamp())
+
+    if not literal_data:
+        raise ValueError("Signature for manifest {} has no literal data".format(man_digest))
 
     try:
-        sig_json = json.loads(crypt_obj.data)
+        sig_json = json.loads(literal_data)
     except Exception as exc:
-        log.info(
-            "Signed document cannot be parsed to create a signature for {}."
-            " Error: {}".format(man_digest, str(exc))
+        raise ValueError(
+            "Signed document cannot be parsed to create a signature for {}. Error: {}".format(
+                man_digest, str(exc)
+            )
         )
-        return
 
     errors = []
     for error in signature_validator.iter_errors(sig_json):
         errors.append(f'{".".join(error.path)}: {error.message}')
 
     if errors:
-        log.info("The signature for {} is not synced due to: {}".format(man_digest, errors))
-        return
-
-    # decrypted and unverified signatures do not have prepopulated the key_id and timestamp
-    # fields; thus, it is necessary to use the debugging utilities of gpg to extract these
-    # fields since they are not encrypted and still readable without decrypting the signature first
-    packets = subprocess.check_output(["gpg", "--list-packets"], input=signature_raw).decode()
-    sig_json["signing_key_id"] = KEY_ID_REGEX_COMPILED.search(packets).group(1)
-    sig_json["signature_timestamp"] = TIMESTAMP_REGEX_COMPILED.search(packets).group(1)
+        raise ValueError("The signature for {} is not synced due to: {}".format(man_digest, errors))
+
+    sig_json["signing_key_id"] = signing_key_id
+    sig_json["signing_key_fingerprint"] = signing_key_fingerprint
+    sig_json["signature_timestamp"] = signature_timestamp
 
     return sig_json
 

pulp_container/tests/functional/api/test_sync_signatures.py

@@ -15,6 +15,9 @@
 MANIFEST_LIST_TAG = "7.9"
 SIGSTORE_URL = "https://access.redhat.com/webassets/docker/content/sigstore"
 
+UBI10_MICRO_REPOSITORY_NAME = "ubi10-micro"
+UBI10_MICRO_TAG = "latest"
+
 
 @pytest.fixture
 def synced_repository(
@@ -127,3 +130,67 @@ def test_sync_images_without_sigstore_requiring_signatures(
 
     tags = container_tag_api.list(repository_version=synced_repository.latest_version_href).results
     assert len(tags) == 0
+
+
+def test_sync_image_with_pqc_signatures(
+    delete_orphans_pre,
+    container_repository_api,
+    container_remote_api,
+    container_signature_api,
+    container_tag_api,
+    container_manifest_api,
+    gen_object_with_cleanup,
+):
+    """Sync ubi10-micro:latest from registry.access.redhat.com with all signatures."""
+    data = gen_container_remote(
+        url=REDHAT_REGISTRY_V2,
+        upstream_name=UBI10_MICRO_REPOSITORY_NAME,
+        policy="on_demand",
+        include_tags=[UBI10_MICRO_TAG],
+        sigstore=SIGSTORE_URL,
+    )
+    remote = gen_object_with_cleanup(container_remote_api, data)
+
+    repo = gen_object_with_cleanup(
+        container_repository_api, ContainerContainerRepository(**gen_repo())
+    )
+
+    sync_data = ContainerRepositorySyncURL(remote=remote.pulp_href, signed_only=False)
+    response = container_repository_api.sync(repo.pulp_href, sync_data)
+    monitor_task(response.task)
+
+    repo = container_repository_api.read(repo.pulp_href)
+
+    tags = container_tag_api.list(repository_version=repo.latest_version_href).results
+    assert len(tags) == 1
+    assert tags[0].name == UBI10_MICRO_TAG
+
+    signatures = container_signature_api.list(repository_version=repo.latest_version_href).results
+    assert len(signatures) > 0
+
+    # Assert that a signature using one of the "old" Red Hat signing release keys exist
+    expected_key_ids = ["199E2F91FD431D51", "E60D446E63405576"]
+    assert any(s.key_id in expected_key_ids for s in signatures), (
+        f"No signature found with key_ids {expected_key_ids}; "
+        f"found key_ids: {sorted({s.key_id for s in signatures})}"
+    )
+
+    # Assert that a signature using the Red Hat PQC (ML-DSA-87) signing key exists
+    # Fingerprint: FCD355B305707A62DA143AB6E422397E50FE8467A2A95343D246D6276AFEDF8F
+    # Key ID => first 8 bytes (16 hex chars)
+    expected_key_id = "FCD355B305707A62"
+    assert any(s.key_id == expected_key_id for s in signatures), (
+        f"No signature found with key_id {expected_key_id!r}; "
+        f"found key_ids: {sorted({s.key_id for s in signatures})}"
+    )
+
+    # ubi10-micro:latest is a manifest list; collect all listed manifests and verify
+    # that each has at least one signature
+    manifest_list = container_manifest_api.read(tags[0].tagged_manifest)
+    listed_manifests = [
+        container_manifest_api.read(lm_href) for lm_href in manifest_list.listed_manifests
+    ]
+    for lm in listed_manifests:
+        lm_signatures = [s for s in signatures if s.signed_manifest == lm.pulp_href]
+        assert len(lm_signatures) > 0, f"No signatures found for manifest {lm.digest}"
+        assert all(s.name.startswith(lm.digest) for s in lm_signatures)

requirements.txt

@@ -1,4 +1,5 @@
 jsonschema>=4.4,<4.24
 pulpcore>=3.49.0,<3.70
 pyjwt[crypto]>=2.4,<2.10
-pycares<4.9
+pycares<4.9
+pysequoia==0.1.32