feat: Add experimental OCI 1.1 attestation verification support

The implementation discovers attestations using the OCI 1.1 Referrers API
instead of legacy tag-based discovery (.att tags), then extracts and verifies
DSSE envelopes directly. This enables verification of attestations stored
using modern OCI 1.1 specification with any authority type.

Signed-off-by: falcorocks <14293929+falcorocks@users.noreply.github.com>

Author: falcorocks

cmd/cosign/cli/verify/verify_attestation.go

@@ -118,6 +118,7 @@ func (c *VerifyAttestationCommand) Exec(ctx context.Context, images []string) (e
 		Offline:                      c.Offline,
 		IgnoreTlog:                   c.IgnoreTlog,
 		MaxWorkers:                   c.MaxWorkers,
+		ExperimentalOCI11:            c.ExperimentalOCI11,
 		UseSignedTimestamps:          c.TSACertChainPath != "" || c.UseSignedTimestamps,
 		NewBundleFormat:              c.NewBundleFormat,
 	}

pkg/cosign/verify.go

@@ -28,6 +28,7 @@ import (
 	"encoding/pem"
 	"errors"
 	"fmt"
+	"io"
 	"io/fs"
 	"log"
 	"net/http"
@@ -139,9 +140,11 @@ type CheckOpts struct {
 	// It is a map from log id to LogIDMetadata. It is a map from LogID to crypto.PublicKey. LogID is derived from the PublicKey (see RFC 6962 S3.2).
 	CTLogPubKeys *TrustedTransparencyLogPubKeys
 
-	// SignatureRef is the reference to the signature file. PayloadRef should always be specified as well (though it’s possible for a _some_ signatures to be verified without it, with a warning).
+	// SignatureRef is the reference to the signature file. PayloadRef should always be specified as well (though it's possible for a _some_ signatures to be verified without it, with a warning).
 	SignatureRef string
-	// PayloadRef is a reference to the payload file. Applicable only if SignatureRef is set.
+	// AttestationRef is the reference to the attestation file for experimental OCI 1.1 verification. PayloadRef should always be specified as well.
+	AttestationRef string
+	// PayloadRef is a reference to the payload file. Applicable only if SignatureRef or AttestationRef is set.
 	PayloadRef string
 
 	// Identities is an array of Identity (Subject, Issuer) matchers that have
@@ -303,10 +306,12 @@ func verifyOCIAttestation(ctx context.Context, verifier signature.Verifier, att
 			fmt.Errorf("invalid payloadType %s on envelope. Expected %s", env.PayloadType, types.IntotoPayloadType),
 		}
 	}
+
 	dssev, err := ssldsse.NewEnvelopeVerifier(&dsse.VerifierAdapter{SignatureVerifier: verifier})
 	if err != nil {
 		return err
 	}
+
 	_, err = dssev.Verify(ctx, &env)
 	return err
 }
@@ -1011,13 +1016,70 @@ func loadSignatureFromFile(ctx context.Context, sigRef string, signedImgRef name
 	}, nil
 }
 
+// loadAttestationFromFile loads an attestation from a file or URL, similar to loadSignatureFromFile.
+// This is used when AttestationRef is specified in CheckOpts for experimental OCI 1.1 verification.
+func loadAttestationFromFile(ctx context.Context, attRef string, signedImgRef name.Reference, co *CheckOpts) (oci.Signatures, error) {
+	var b64att string
+	targetAtt, err := blob.LoadFileOrURL(attRef)
+	if err != nil {
+		if !errors.Is(err, fs.ErrNotExist) {
+			return nil, err
+		}
+		targetAtt = []byte(attRef)
+	}
+
+	_, err = base64.StdEncoding.DecodeString(string(targetAtt))
+
+	if err == nil {
+		b64att = string(targetAtt)
+	} else {
+		b64att = base64.StdEncoding.EncodeToString(targetAtt)
+	}
+
+	var payload []byte
+	if co.PayloadRef != "" {
+		payload, err = blob.LoadFileOrURL(co.PayloadRef)
+		if err != nil {
+			return nil, err
+		}
+	} else {
+		digest, err := ociremote.ResolveDigest(signedImgRef, co.RegistryClientOpts...)
+		if err != nil {
+			return nil, err
+		}
+		payload, err = ObsoletePayload(ctx, digest)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	att, err := static.NewSignature(payload, b64att)
+	if err != nil {
+		return nil, err
+	}
+	return &fakeOCISignatures{
+		signatures: []oci.Signature{att},
+	}, nil
+}
+
 // VerifyImageAttestations does all the main cosign checks in a loop, returning the verified attestations.
 // If there were no valid attestations, we return an error.
+// Note that if co.ExperimentalOCI11 is set, we will attempt to verify
+// attestations using the experimental OCI 1.1 behavior.
 func VerifyImageAttestations(ctx context.Context, signedImgRef name.Reference, co *CheckOpts) (checkedAttestations []oci.Signature, bundleVerified bool, err error) {
 	// Enforce this up front.
 	if co.RootCerts == nil && co.SigVerifier == nil && co.TrustedMaterial == nil {
 		return nil, false, errors.New("one of verifier, root certs, or TrustedMaterial is required")
 	}
+
+	// Try first using OCI 1.1 behavior if experimental flag is set.
+	if co.ExperimentalOCI11 {
+		verified, bundleVerified, err := verifyImageAttestationsExperimentalOCI(ctx, signedImgRef, co)
+		if err == nil {
+			return verified, bundleVerified, nil
+		}
+	}
+
 	if co.NewBundleFormat {
 		return verifyImageAttestationsSigstoreBundle(ctx, signedImgRef, co)
 	}
@@ -1618,6 +1680,180 @@ func verifyImageSignaturesExperimentalOCI(ctx context.Context, signedImgRef name
 	return verifySignatures(ctx, sigs, h, co)
 }
 
+// verifyImageAttestationsExperimentalOCI verifies attestations using OCI 1.1+ Referrers API for discovery.
+// This function discovers attestations using the OCI 1.1 Referrers API instead of legacy tag-based discovery,
+// then verifies the DSSE envelopes directly. It supports both keyless and non-keyless (KMS) authorities.
+// If there were no valid attestations, we return an error.
+func verifyImageAttestationsExperimentalOCI(ctx context.Context, signedImgRef name.Reference, co *CheckOpts) (checkedAttestations []oci.Signature, bundleVerified bool, err error) {
+	// Enforce this up front.
+	if co.RootCerts == nil && co.SigVerifier == nil && co.TrustedMaterial == nil {
+		return nil, false, errors.New("one of verifier, root certs, or trusted root is required")
+	}
+
+	// This is a carefully optimized sequence for fetching the attestations of the
+	// entity that minimizes registry requests when supplied with a digest input
+	digest, err := ociremote.ResolveDigest(signedImgRef, co.RegistryClientOpts...)
+	if err != nil {
+		return nil, false, err
+	}
+	// We don't need the hash for direct DSSE verification
+
+	var allAttestations []oci.Signature
+
+	if co.AttestationRef == "" {
+		// Use OCI 1.1 Referrers API to find attestations
+		// Get all referrers and filter for attestation types
+		index, err := ociremote.Referrers(digest, "", co.RegistryClientOpts...)
+		if err != nil {
+			return nil, false, err
+		}
+
+		// Filter for attestation artifact types (in-toto related)
+		var attestationResults []v1.Descriptor
+		for _, manifest := range index.Manifests {
+			if strings.Contains(manifest.ArtifactType, "in-toto") {
+				attestationResults = append(attestationResults, manifest)
+			}
+		}
+
+		numResults := len(attestationResults)
+		if numResults == 0 {
+			return nil, false, fmt.Errorf("unable to locate attestation references")
+		} else if numResults > 1 {
+			// TODO: if there is more than 1 result.. what does that even mean?
+			ui.Warnf(ctx, "there were a total of %d attestation references\n", numResults)
+		}
+
+		// Parse OCI 1.1 attestations from all found references
+		for _, result := range attestationResults {
+			// Get the attestation manifest
+			attRef, err := name.ParseReference(fmt.Sprintf("%s@%s", digest.Repository, result.Digest.String()))
+			if err != nil {
+				return nil, false, err
+			}
+
+			// For OCI 1.1 attestations, we need to read the DSSE envelope from the layer
+			// and create a proper signature with it
+
+			// Get the signed image to access layers containing DSSE envelope
+			signedImg, err := ociremote.SignedImage(attRef, co.RegistryClientOpts...)
+			if err != nil {
+				continue
+			}
+
+			// Get the layers (should contain the DSSE envelope)
+			layers, err := signedImg.Layers()
+			if err != nil {
+				continue
+			}
+
+			// Read the DSSE envelope from the first layer
+			if len(layers) == 0 {
+				continue
+			}
+
+			layer := layers[0] // Attestations typically have one layer with the DSSE envelope
+			rc, err := layer.Uncompressed()
+			if err != nil {
+				continue
+			}
+
+			dsseEnvelope, err := io.ReadAll(rc)
+			rc.Close() // Close immediately after reading
+			if err != nil {
+				continue
+			}
+
+			// Parse the DSSE envelope to extract payload and signature
+			var envelope struct {
+				Payload     string `json:"payload"`
+				PayloadType string `json:"payloadType"`
+				Signatures  []struct {
+					Keyid string `json:"keyid"`
+					Sig   string `json:"sig"`
+				} `json:"signatures"`
+			}
+
+			if err := json.Unmarshal(dsseEnvelope, &envelope); err != nil {
+				continue
+			}
+
+			// Fix the payloadType if it's empty - this is required for verification
+			if envelope.PayloadType == "" {
+				envelope.PayloadType = types.IntotoPayloadType
+
+				// Re-marshal the envelope with the correct payloadType
+				dsseEnvelope, err = json.Marshal(envelope)
+				if err != nil {
+					continue
+				}
+			}
+
+			if len(envelope.Signatures) == 0 {
+				continue
+			}
+
+			// Follow cosign's existing pattern: reject multiple signatures
+			// This is consistent with how cosign handles DSSE envelopes elsewhere
+			if len(envelope.Signatures) > 1 {
+				continue // Skip attestations with multiple signatures for now
+			}
+
+			// Use the single signature
+			signature := envelope.Signatures[0]
+
+			// Create annotations with the required signature annotation
+			annotations := map[string]string{
+				"dev.cosignproject.cosign/signature": signature.Sig,
+			}
+
+			// Create a signature with the DSSE envelope as-is
+			sig, err := static.NewSignature(dsseEnvelope, signature.Sig, static.WithAnnotations(annotations))
+			if err != nil {
+				continue
+			}
+
+			allAttestations = append(allAttestations, sig)
+		}
+
+		if len(allAttestations) == 0 {
+			return nil, false, fmt.Errorf("no attestation layers found in OCI 1.1 references")
+		}
+
+	} else {
+		if co.PayloadRef == "" {
+			return nil, false, errors.New("payload is required with a manually-provided attestation")
+		}
+		// For file-based attestations, use the existing logic
+		atts, err := loadAttestationFromFile(ctx, co.AttestationRef, signedImgRef, co)
+		if err != nil {
+			return nil, false, err
+		}
+		fileAtts, err := atts.Get()
+		if err != nil {
+			return nil, false, err
+		}
+		allAttestations = append(allAttestations, fileAtts...)
+	}
+
+	// For OCI 1.1 attestations, verify DSSE envelopes directly
+	// instead of going through the legacy verification pipeline
+	var verifiedAttestations []oci.Signature
+	for _, att := range allAttestations {
+		// Verify the DSSE envelope directly using the provided verifier
+		if err := verifyOCIAttestation(ctx, co.SigVerifier, att); err != nil {
+			continue
+		}
+		verifiedAttestations = append(verifiedAttestations, att)
+	}
+
+	if len(verifiedAttestations) == 0 {
+		return nil, false, fmt.Errorf("no OCI 1.1 attestations passed verification")
+	}
+
+	return verifiedAttestations, false, nil
+}
+
 func GetBundles(_ context.Context, signedImgRef name.Reference, co *CheckOpts) ([]*sgbundle.Bundle, *v1.Hash, error) {
 	// This is a carefully optimized sequence for fetching the signatures of the
 	// entity that minimizes registry requests when supplied with a digest input