From c74b966c2bacabe1d6421b71eb4518b9e7de43bc Mon Sep 17 00:00:00 2001
From: Nate Sales <nate@natesales.net>
Date: Wed, 20 Nov 2024 19:57:36 -0500
Subject: [PATCH] feat: inference demo

---
 README.md                | 14 ++++++++++++++
 cmd/main.go              |  3 ++-
 pkg/sigstore/sigstore.go |  6 +++---
 wasm/index.html          |  9 +++++----
 wasm/main.go             |  2 ++
 5 files changed, 26 insertions(+), 8 deletions(-)
 create mode 100644 README.md

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..c76eb4e
--- /dev/null
+++ b/README.md
@@ -0,0 +1,14 @@
+# Tinfoil Verifier
+
+## Online In-Browser Verification
+
+https://tinfoilanalytics.github.io/verifier/
+
+## Local Verification
+
+```bash
+go run cmd/main.go \
+  -attestation https://inference-demo.tinfoil.sh/.well-known/nitro-attestation \
+  -repo tinfoilanalytics/nitro-private-inference-image \
+  -digest c6a7de8bd85b58d958a64ee244453fa49165fa35864c8a5af333ee65b922cc8d
+```
diff --git a/cmd/main.go b/cmd/main.go
index 1c087be..19a3796 100644
--- a/cmd/main.go
+++ b/cmd/main.go
@@ -20,7 +20,7 @@ import (
 var (
 	attestationDoc = flag.String("attestation", "", "Path to the attestation document or URL")
 	digest         = flag.String("digest", "", "Artifact digest")
-	repo           = flag.String("repo", "", "Attested repo (e.g. tinfoilanalytics/nitro-pipeline-test)")
+	repo           = flag.String("repo", "", "Attested repo (e.g. tinfoilanalytics/nitro-private-inference-image)")
 )
 
 func gitHubAttestation(digest string) ([]byte, error) {
@@ -73,6 +73,7 @@ func main() {
 			sigstoreRootBytes,
 			bundleBytes,
 			*digest,
+			*repo,
 		)
 		if err != nil {
 			panic(err)
diff --git a/pkg/sigstore/sigstore.go b/pkg/sigstore/sigstore.go
index 7cc0d52..00db3b8 100644
--- a/pkg/sigstore/sigstore.go
+++ b/pkg/sigstore/sigstore.go
@@ -16,12 +16,11 @@ import (
 
 const (
 	OidcIssuer = "https://token.actions.githubusercontent.com"
-	SanRegex   = "^https://github.com/tinfoilanalytics/nitro-enclave-pipeline-test/.github/workflows/release.yml@refs/tags/*"
 )
 
 // VerifyAttestedMeasurements verifies the attested measurements of an EIF measurement
 // against a trusted root (Sigstore) and returns the measurement payload contained in the DSSE.
-func VerifyAttestedMeasurements(trustedRootJSON, bundleJSON []byte, hexDigest string) (*models.Measurements, error) {
+func VerifyAttestedMeasurements(trustedRootJSON, bundleJSON []byte, hexDigest, repo string) (*models.Measurements, error) {
 	trustedMaterial, err := root.NewTrustedRootFromJSON(trustedRootJSON)
 	if err != nil {
 		return nil, fmt.Errorf("parsing trusted root: %w", err)
@@ -47,7 +46,8 @@ func VerifyAttestedMeasurements(trustedRootJSON, bundleJSON []byte, hexDigest st
 		OidcIssuer,
 		"",
 		"",
-		SanRegex)
+		"^https://github.com/"+repo+"/.github/workflows/release.yml@refs/tags/*",
+	)
 	if err != nil {
 		return nil, fmt.Errorf("creating certificate identity: %w", err)
 	}
diff --git a/wasm/index.html b/wasm/index.html
index 7f64865..2e4e172 100644
--- a/wasm/index.html
+++ b/wasm/index.html
@@ -10,6 +10,7 @@
 <script src="wasm_exec.js"></script>
 <script>
     function verify() {
+        let repo = "tinfoilanalytics/nitro-private-inference-image"
         let digest = document.getElementById("digest").value;
         let domain = document.getElementById("domain").value;
         let log = document.getElementById("log");
@@ -27,7 +28,7 @@
             go.run(result.instance);
             addLog("WASM verifier loaded");
 
-            let bundleURL = "https://api.github.com/repos/tinfoilanalytics/nitro-enclave-pipeline-test/attestations/sha256:" + digest;
+            let bundleURL = "https://api.github.com/repos/"+repo+"/attestations/sha256:" + digest;
             addLog("Fetching attestation bundle from " + bundleURL);
             let sigstorePromise = fetch(bundleURL)
                 .catch(error => {
@@ -46,7 +47,7 @@
                 .then(data => {
                     let bundle = data.attestations[0].bundle;
                     addLog("Verifying sigstore signature");
-                    let sigstoreMeasurements = JSON.parse(verifySigstore(digest, JSON.stringify(bundle)));
+                    let sigstoreMeasurements = JSON.parse(verifySigstore(digest, JSON.stringify(bundle), repo));
                     addLog("Sigstore PCR0: " + sigstoreMeasurements.PCR0);
                     addLog("Sigstore PCR1: " + sigstoreMeasurements.PCR1);
                     addLog("Sigstore PCR2: " + sigstoreMeasurements.PCR2);
@@ -129,7 +130,7 @@ <h1 class="text-2xl font-bold">Tinfoil Verifier</h1>
                             id="digest"
                             class="border border-gray-200 p-2 w-full"
                             type="text"
-                            value="cabdc1385f1f69e2a19215b4cdc153d6843b26e0e570ccf423408a8b7598e935">
+                            value="c6a7de8bd85b58d958a64ee244453fa49165fa35864c8a5af333ee65b922cc8d">
                 </div>
                 <div class="w-[30%]">
                     <p class="text-gray-600 mb-2">URL:</p>
@@ -137,7 +138,7 @@ <h1 class="text-2xl font-bold">Tinfoil Verifier</h1>
                             id="domain"
                             class="border border-gray-200 p-2 w-full"
                             type="text"
-                            value="attestation-demo.tinfoil.sh">
+                            value="inference-demo.tinfoil.sh">
                 </div>
                 <div class="w-[10%] flex items-end">
                     <button class="bg-emerald-500 text-white px-4 py-2 w-full" onclick="verify()">Verify</button>
diff --git a/wasm/main.go b/wasm/main.go
index ee25fb4..f428c7d 100644
--- a/wasm/main.go
+++ b/wasm/main.go
@@ -21,11 +21,13 @@ func verifySigstore() js.Func {
 	return js.FuncOf(func(this js.Value, args []js.Value) any {
 		digest := args[0].String()
 		bundleBytes := []byte(args[1].String())
+		repo := args[2].String()
 
 		sigstoreMeasurements, err := sigstore.VerifyAttestedMeasurements(
 			trustedRootBytes,
 			bundleBytes,
 			digest,
+			repo,
 		)
 		if err != nil {
 			panic(err)