Skip to content

verifier: Ensure that bundle digest and real digest match #1652

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
woodruffw merged 5 commits into from
Jan 13, 2026
Merged

verifier: Ensure that bundle digest and real digest match #1652

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
79bd647
verifier: Ensure that bundle digest and real digest match
jku Jan 12, 2026
4b7b6ea
verifier: Don't assume digest is included in bundle
jku Jan 12, 2026
37116ab
verifier: Minor refactor to keep linter happy
jku Jan 12, 2026
f60ad3a
CHANGELOG: Mention digest check
jku Jan 13, 2026
b4d07da
Merge branch 'main' into verify-digest
jku Jan 13, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,12 @@ All versions prior to 0.9.0 are untracked.

## [Unreleased]

### Fixed

* verification now ensures that artifact digest documented in bundle and the real digest match
(this is a bundle consistency check: bundle signature was always verified over real digest)
([#1652](https://github.com/sigstore/sigstore-python/pull/1652))

### Removed

* Removed support for Python 3.9 as it is end-of-life
Expand Down
13 changes: 12 additions & 1 deletion sigstore/verify/verifier.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -470,13 +470,24 @@ def verify_artifact(
self._verify_common_signing_cert(bundle, policy)

hashed_input = sha256_digest(input_)
bundle_signature = bundle._inner.message_signature
if bundle_signature is None:
raise VerificationError("Missing bundle message signature")

# signature is verified over input digest, but if the bundle documents the digest we still
# want to ensure it matches the input digest:
if (
bundle_signature.message_digest is not None
and hashed_input.digest != bundle_signature.message_digest.digest
):
raise VerificationError("Bundle message digest mismatch")

# (7): verify that the signature was signed by the public key in the signing certificate.
try:
signing_key = bundle.signing_certificate.public_key()
signing_key = cast(ec.EllipticCurvePublicKey, signing_key)
signing_key.verify(
bundle._inner.message_signature.signature, # type: ignore[union-attr]
bundle_signature.signature,
hashed_input.digest,
ec.ECDSA(hashed_input._as_prehashed()),
)
Expand Down
14 changes: 14 additions & 0 deletions test/unit/verify/test_verifier.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,20 @@ def test_verifier_inconsistent_log_entry(signing_bundle, null_policy):
verifier.verify_artifact(file.read_bytes(), bundle, null_policy)


@pytest.mark.staging
def test_verifier_digest_mismatch(signing_bundle, null_policy):
"""The signature is over correct content, but digest documented in bundle is wrong"""
(file, bundle) = signing_bundle("bundle.txt")
bundle._inner.message_signature.message_digest.digest = b""

verifier = Verifier.staging()
with pytest.raises(
VerificationError,
match="digest mismatch",
):
verifier.verify_artifact(file.read_bytes(), bundle, null_policy)


@pytest.mark.staging
def test_verifier_multiple_verifications(signing_materials, null_policy):
verifier = Verifier.staging()
Expand Down