trailofbits
diff --git a/‎CHANGELOG.md
Lines changed: 3 additions & 1 deletion b/‎CHANGELOG.md
Lines changed: 3 additions & 1 deletion
diff --git a/‎README.md
Lines changed: 1 addition & 10 deletions b/‎README.md
Lines changed: 1 addition & 10 deletions
diff --git a/‎src/rfc3161_client/verify.py
Lines changed: 28 additions & 1 deletion b/‎src/rfc3161_client/verify.py
Lines changed: 28 additions & 1 deletion
diff --git a/‎test/fixtures/sigstage/README.md
Lines changed: 11 additions & 0 deletions b/‎test/fixtures/sigstage/README.md
Lines changed: 11 additions & 0 deletions
diff --git a/‎test/fixtures/sigstage/response-sha256.tsr
1.24 KB b/‎test/fixtures/sigstage/response-sha256.tsr
1.24 KB
diff --git a/‎test/fixtures/sigstage/response-sha384.tsr
1.29 KB b/‎test/fixtures/sigstage/response-sha384.tsr
1.29 KB
diff --git a/‎test/fixtures/sigstage/response-sha512.tsr
1.33 KB b/‎test/fixtures/sigstage/response-sha512.tsr
1.33 KB
diff --git a/‎test/fixtures/sigstage/ts_chain.pem
Lines changed: 27 additions & 0 deletions b/‎test/fixtures/sigstage/ts_chain.pem
Lines changed: 27 additions & 0 deletions
diff --git a/‎test/test_verify.py
Lines changed: 40 additions & 0 deletions b/‎test/test_verify.py
Lines changed: 40 additions & 0 deletions
@@ -7,7 +7,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
-- Added `HashAlgorithm` to exports of the base package module.
+- Added `HashAlgorithm` to exports of the base package module ([#143](https://github.com/trailofbits/rfc3161-client/pull/143))
+
+- Added `verify_message` method to `Verifier` class ([#144](https://github.com/trailofbits/rfc3161-client/pull/144))
 
 ## Fixed
 
 
@@ -55,7 +55,6 @@ message = b"Hello, World!"
 timestamp_request = (
     TimestampRequestBuilder().data(message).build()
     # Note: you could also add .hash_algorithm(XXX) to specify a specific hash algorithm
-    # this means the algorithm check in the next section is not necessary
 )
 
 # TSA servers must be RFC 3161 compliant (see https://github.com/trailofbits/rfc3161-client/issues/46
@@ -88,14 +87,6 @@ from cryptography import x509
 import hashlib
 
 
-# get the message hash (hash method depends on what the TSA used)
-message_hash = None
-hash_algorithm = timestamp_response.tst_info.message_imprint.hash_algorithm
-if hash_algorithm == x509.ObjectIdentifier(value="2.16.840.1.101.3.4.2.3"):
-    message_hash = hashlib.sha512(message).digest()
-elif hash_algorithm == x509.ObjectIdentifier(value="2.16.840.1.101.3.4.2.1"):
-    message_hash = hashlib.sha256(message).digest()
-
 # get trusted root certs from certifi
 with open(certifi.where(), "rb") as f:
     cert_authorities = x509.load_pem_x509_certificates(f.read())
@@ -105,7 +96,7 @@ root_cert = None
 for certificate in cert_authorities:
     verifier = VerifierBuilder().add_root_certificate(certificate).build()
     try:
-        verifier.verify(timestamp_response, message_hash)
+        verifier.verify_message(timestamp_response, message)
         root_cert = certificate
         break
     except VerificationError:
 
@@ -3,6 +3,7 @@
 from __future__ import annotations
 
 import abc
+import hashlib
 from copy import copy
 
 import cryptography.x509
@@ -12,6 +13,11 @@
 from rfc3161_client.errors import VerificationError
 from rfc3161_client.tsp import PKIStatus, TimeStampRequest, TimeStampResponse
 
+# See https://www.iana.org/assignments/hash-function-text-names/hash-function-text-names.xhtml
+SHA256_OID = "2.16.840.1.101.3.4.2.1"
+SHA384_OID = "2.16.840.1.101.3.4.2.2"
+SHA512_OID = "2.16.840.1.101.3.4.2.3"
+
 
 class VerifierBuilder:
     """Builder for a Verifier."""
@@ -156,8 +162,29 @@ def __init__(
         self._nonce: int | None = nonce
         self._common_name: str | None = common_name
 
+    def verify_message(self, timestamp_response: TimeStampResponse, message: bytes) -> bool:
+        """Verify a Timestamp Response over a given message
+
+        Supports timestamp responses with SHA-256, SHA-384 or SHA-512 hash algorithms.
+        """
+
+        algo = timestamp_response.tst_info.message_imprint.hash_algorithm
+        if algo == cryptography.x509.ObjectIdentifier(value=SHA256_OID):
+            hashed_message = hashlib.sha256(message).digest()
+        elif algo == cryptography.x509.ObjectIdentifier(value=SHA384_OID):
+            hashed_message = hashlib.sha384(message).digest()
+        elif algo == cryptography.x509.ObjectIdentifier(value=SHA512_OID):
+            hashed_message = hashlib.sha512(message).digest()
+        else:
+            raise VerificationError(f"Unsupported hash algorithm {algo}")
+
+        return self.verify(timestamp_response, hashed_message)
+
     def verify(self, timestamp_response: TimeStampResponse, hashed_message: bytes) -> bool:
-        """Verify a Timestamp Response.
+        """Verify a Timestamp Response over given message digest
+
+        Note that caller is responsible for hashing the message appropriately for the
+        given timestamp response.
 
         Inspired by:
             https://github.com/sigstore/timestamp-authority/blob/main/pkg/verification/verify.go#L209
 
@@ -0,0 +1,11 @@
+The timestamp responses in this directory were generated 
+* with CLI tool from  https://github.com/sigstore/timestamp-authority/ 
+* using the timestamp.sigstage.dev TSA (The relevant certificates can be
+  found in ./ts_chain.pem)
+
+```bash
+echo -n "hello" > f
+for HASH in sha256 sha384 sha512; do
+  ./bin/timestamp-cli --timestamp_server https://timestamp.sigstage.dev/ timestamp --artifact f --hash $HASH --out response-$HASH.tsr
+done
+```
@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE-----
+MIICDzCCAZagAwIBAgIUCjWhBmHV4kFzxomWp/J98n4DfKcwCgYIKoZIzj0EAwMw
+OTEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MSAwHgYDVQQDExdzaWdzdG9yZS10c2Et
+c2VsZnNpZ25lZDAeFw0yNTAzMjgwOTE0MDZaFw0zNTAzMjYwODE0MDZaMC4xFTAT
+BgNVBAoTDHNpZ3N0b3JlLmRldjEVMBMGA1UEAxMMc2lnc3RvcmUtdHNhMHYwEAYH
+KoZIzj0CAQYFK4EEACIDYgAEx1v5F3HpD9egHuknpBFlRz7QBRDJu4aeVzt9zJLR
+Y0lvmx1lF7WBM2c9AN8ZGPQsmDqHlJN2R/7+RxLkvlLzkc19IOx38t7mGGEcB7ag
+UDdCF/Ky3RTLSK0Xo/0AgHQdo2owaDAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0OBBYE
+FKj8ZPYo3i7mO3NPVIxSxOGc3VOlMB8GA1UdIwQYMBaAFDsgRlletTJNRzDObmPu
+c3RH8gR9MBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMIMAoGCCqGSM49BAMDA2cAMGQC
+MESvVS6GGtF33+J19TfwENWJXjRv4i0/HQFwLUSkX6TfV7g0nG8VnqNHJLvEpAtO
+jQIwUD3uywTXorQP1DgbV09rF9Yen+CEqs/iEpieJWPst280SSOZ5Na+dyPVk9/8
+SFk6
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIB9zCCAXygAwIBAgIUCPExEFKiQh0dP4sp5ltmSYSSkFUwCgYIKoZIzj0EAwMw
+OTEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MSAwHgYDVQQDExdzaWdzdG9yZS10c2Et
+c2VsZnNpZ25lZDAeFw0yNTAzMjgwOTE0MDZaFw0zNTAzMjYwODE0MDZaMDkxFTAT
+BgNVBAoTDHNpZ3N0b3JlLmRldjEgMB4GA1UEAxMXc2lnc3RvcmUtdHNhLXNlbGZz
+aWduZWQwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATt0tIDWyo4ARfL9BaSo0W5bJQE
+bKJTU/u7llvdjSI5aTkOAJa8tixn2+LEfPG4dMFdsMPtsIuU1qn2OqFiuMk6vHv/
+c+az25RQVY1oo50iMb0jIL3N4FgwhPFpZnCbQPOjRTBDMA4GA1UdDwEB/wQEAwIB
+BjASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBQ7IEZZXrUyTUcwzm5j7nN0
+R/IEfTAKBggqhkjOPQQDAwNpADBmAjEA2MI1VXgbf3dUOSc95hSRypBKOab18eh2
+xzQtxUsHvWeY+1iFgyMluUuNR6taoSmFAjEA31m2czguZhKYX+4JSKu5pRYhBTXA
+d8KKQ3xdPRX/qCaLvT2qJAEQ1YQM3EJRrtI7
+-----END CERTIFICATE-----
@@ -18,11 +18,19 @@
 _FIXTURE = _HERE / "fixtures"
 
 
+# test assets come from two different TSAs: provide two certificate methods
 @pytest.fixture
 def certificates() -> list[cryptography.x509.Certificate]:
     return cryptography.x509.load_pem_x509_certificates((_FIXTURE / "ts_chain.pem").read_bytes())
 
 
+@pytest.fixture
+def sigstage_certificates() -> list[cryptography.x509.Certificate]:
+    return cryptography.x509.load_pem_x509_certificates(
+        (_FIXTURE / "sigstage" / "ts_chain.pem").read_bytes()
+    )
+
+
 @pytest.fixture
 def ts_request() -> TimeStampRequest:
     return parse_timestamp_request((_FIXTURE / "request.der").read_bytes())
@@ -33,6 +41,11 @@ def ts_response() -> TimeStampResponse:
     return decode_timestamp_response((_FIXTURE / "response.tsr").read_bytes())
 
 
+@pytest.fixture
+def ts_response_by_filename(request) -> TimeStampResponse:
+    return decode_timestamp_response((_FIXTURE / "sigstage" / request.param).read_bytes())
+
+
 @pytest.fixture
 def verifier(
     ts_request: TimeStampRequest, certificates: list[cryptography.x509.Certificate]
@@ -304,6 +317,33 @@ def test_verify_succeeds(self, ts_response: TimeStampResponse, verifier: Verifie
             is True
         )
 
+    ts_response_files = ["response-sha256.tsr", "response-sha384.tsr", "response-sha512.tsr"]
+
+    @pytest.mark.parametrize("ts_response_by_filename", ts_response_files, indirect=True)
+    def test_verify_message_with_algo(
+        self, ts_response_by_filename: TimeStampResponse, sigstage_certificates
+    ) -> None:
+        verifier = (
+            VerifierBuilder()
+            .add_root_certificate(sigstage_certificates[1])
+            .tsa_certificate(sigstage_certificates[0])
+            .build()
+        )
+
+        assert verifier.verify_message(ts_response_by_filename, b"hello") is True
+
+    def test_verify_message_with_unsupported_algo(
+        self, ts_response: TimeStampResponse, verifier: Verifier, monkeypatch: MonkeyPatch
+    ) -> None:
+        # tweak OID so the timestamp response hash algorithm won't match it
+        monkeypatch.setattr(rfc3161_client.verify, "SHA512_OID", rfc3161_client.verify.SHA384_OID)
+
+        with pytest.raises(VerificationError, match="Unsupported hash"):
+            verifier.verify_message(
+                timestamp_response=ts_response,
+                message=b"hello",
+            )
+
 
 def test_verify_succeeds_when_leaf_cert_is_not_first():
     """This is a regression test for a bug where the leaf certificate was not