Verifier: Use correct Timestamp hash algorithm (sigstore#1385)

jku · web-flow · commit 0fcbdc728a49 · 2025-05-27T13:34:00.000-04:00
* Verifier: Use correct algorithm for Timestamp hash

Don't assume sha256. Use verify_message() from new rfc3161-client
instead: it looks up the correct hash from the timestamp response.

Signed-off-by: Jussi Kukkonen &lt;jkukkonen@google.com&gt;

* verify: Add temporary mypy ignore

Signed-off-by: Jussi Kukkonen &lt;jkukkonen@google.com&gt;

---------

Signed-off-by: Jussi Kukkonen &lt;jkukkonen@google.com&gt;
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -24,6 +24,10 @@ All versions prior to 0.9.0 are untracked.
 * TSA: Changed the Timestamp Authority requests to explicitly use sha256 for message digests.
   [#1373](https://github.com/sigstore/sigstore-python/pull/1373)
 
+* TSA: Correctly verify timestamps with hashes other than SHA-256. Currently supported
+  algorithms are SHA-256, SHA-384, SHA-512.
+  [#1373](https://github.com/sigstore/sigstore-python/pull/1373)
+
 * Fixed the certificate validity period check for Timestamp Authorities (TSA).
   Certificates need not have an end date, while still requiring a start date.
   [#1368](https://github.com/sigstore/sigstore-python/pull/1368)
diff --git a/pyproject.toml b/pyproject.toml
@@ -36,7 +36,7 @@ dependencies = [
   "requests",
   "rich >= 13,< 15",
   "rfc8785 ~= 0.1.2",
-  "rfc3161-client >= 0.1.2,< 1.1.0",
+  "rfc3161-client >= 1.0.2,< 1.1.0",
   # NOTE(ww): Both under active development, so strictly pinned.
   "sigstore-protobuf-specs == 0.4.2",
   "sigstore-rekor-types == 0.0.18",
diff --git a/sigstore/verify/verifier.py b/sigstore/verify/verifier.py
@@ -116,7 +116,7 @@ def staging(cls, *, offline: bool = False) -> Verifier:
         )
 
     def _verify_signed_timestamp(
-        self, timestamp_response: TimeStampResponse, signature: bytes
+        self, timestamp_response: TimeStampResponse, message: bytes
     ) -> TimestampVerificationResult | None:
         """
         Verify a Signed Timestamp using the TSA provided by the Trusted Root.
@@ -131,7 +131,8 @@ def _verify_signed_timestamp(
 
             verifier = builder.build()
             try:
-                verifier.verify(timestamp_response, signature)
+                # TODO: remove ignore after rfc3161-client upgrade
+                verifier.verify_message(timestamp_response, message)  # type: ignore[attr-defined]
             except Rfc3161VerificationError as e:
                 _logger.debug("Unable to verify Timestamp with CA.")
                 _logger.exception(e)
@@ -174,15 +175,10 @@ def _verify_timestamp_authority(
             msg = "duplicate timestamp found"
             raise VerificationError(msg)
 
-        # The Signer sends a hash of the signature as the messageImprint in a TimeStampReq
-        # to the Timestamping Service
-        signature_hash = sha256_digest(bundle.signature).digest
         verified_timestamps = [
-            verified_timestamp
+            result
             for tsr in timestamp_responses
-            if (
-                verified_timestamp := self._verify_signed_timestamp(tsr, signature_hash)
-            )
+            if (result := self._verify_signed_timestamp(tsr, bundle.signature))
         ]
 
         return verified_timestamps
