support for RSA-signed certificates and non-SHA256 algorithms

imundra · imundra · commit f42de44d45f6 · 2025-11-25T14:25:12.000-05:00
Signed-off-by: Ishan Mundra &lt;ishan.mundra@coinbase.com&gt;
diff --git a/.changeset/loud-ants-beam.md b/.changeset/loud-ants-beam.md
@@ -0,0 +1,6 @@
+---
+'@sigstore/verify': minor
+'@sigstore/core': minor
+---
+
+Add support for RSA-signed certificates and non-standard hash algorithms in bundle signature verification
diff --git a/packages/core/src/__tests__/__fixtures__/certs.ts b/packages/core/src/__tests__/__fixtures__/certs.ts
@@ -183,4 +183,29 @@ export const certificates = {
   rtECMQCDR5Zb2cwiENFL1XGg5E7si96en+Hc/F9EMKjQUHLHWRnMSRukC7jr3GnF
   NWj3tGQ=
   -----END CERTIFICATE-----`,
+
+  // Certificate signed with sha512WithRSAEncryption
+  // Used to test RSA signature algorithm support in X509Certificate
+  rsaroot: `-----BEGIN CERTIFICATE-----
+  MIIDmzCCAoOgAwIBAgIUEDvdwGGfqUtFVe7hUGjIoOx3coMwDQYJKoZIhvcNAQEN
+  BQAwXDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMRYwFAYDVQQHDA1TYW4gRnJh
+  bmNpc2NvMRMwEQYDVQQKDApmb29iYXIuZGV2MRMwEQYDVQQDDApmb29iYXItcnNh
+  MCAXDTI1MTEyNTE4NDA1NVoYDzIxMjUxMTAxMTg0MDU1WjBcMQswCQYDVQQGEwJV
+  UzELMAkGA1UECAwCQ0ExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xEzARBgNVBAoM
+  CmZvb2Jhci5kZXYxEzARBgNVBAMMCmZvb2Jhci1yc2EwggEiMA0GCSqGSIb3DQEB
+  AQUAA4IBDwAwggEKAoIBAQCrEHZ7YIpcuUH5M0vKiBYtQpA89kR65nKxGAKXu3In
+  WUkUKJFXcIJ7bz8wXSvqjUpXAdnpp8yu/Sn6Ms5+NQ4hMbUWDdkHV6H22vLhhF8F
+  cqCceI/3mMaC/h8yIVd1b+vw1tnjjb5dBoBQAxSJywHo4jjU84KEK5bEWECHfwt7
+  /TeyY41hsIsAS2Iry3G6x1v2i5Bkq5tFR7uHDoEcrUmm+RoRpBtm2/jHsVw7F+o6
+  9g2DRnW+m+rKxwhuwlhD+AeSqEmWRR81nA8FsTxSnTUHEgDIFPzy5M860aVqCj5i
+  1yibGSUVQlvhr3xJDsLG5xzLO1m4ApExtk3BNirBrrvJAgMBAAGjUzBRMB0GA1Ud
+  DgQWBBQMvPy1jum7eirGaej8870fV5itVDAfBgNVHSMEGDAWgBQMvPy1jum7eirG
+  aej8870fV5itVDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4IBAQB1
+  bbu84m1A7t2NUKg9ftpRziNLAzIWthMe1LVGa1Ah+4kifsd0wNZa/P8X8vyFVoxN
+  lRE0X31tTObFxIMOo6b/p5IqmAm6+G7ClQHUum1Cte4mP6XzCW/Zke5Mk+mhe+IH
+  w9ZlFs1EfPY6G8ZjMH2yT30DInKEdXQd4XbynyMjWpsNlV7C8l8GE67uXWNHRkK9
+  LAApDh/DuFMDb3MhfI2b8a+/G0SOHEtM2Yfu91jYUWH84xp7IdQ1vO7Wg8zHG70i
+  4FBVRaS7fbdNXNfEkG7B4z2ApZA1DAmopbvpcxqI+PSLBFCKNLsMzYVv8FIKC6gX
+  Pm/GTRVvePHiJSVHR7MO
+  -----END CERTIFICATE-----`,
 };
diff --git a/packages/core/src/__tests__/x509/cert.test.ts b/packages/core/src/__tests__/x509/cert.test.ts
@@ -333,4 +333,20 @@ describe('X509Certificate', () => {
       });
     });
   });
+
+  describe('#signatureAlgorithm', () => {
+    describe('when the certificate is signed with ECDSA', () => {
+      it('returns the correct algorithm', () => {
+        const cert = X509Certificate.parse(certificates.root);
+        expect(cert.signatureAlgorithm).toBe('sha384');
+      });
+    });
+
+    describe('when the certificate is signed with RSA', () => {
+      it('returns the correct algorithm', () => {
+        const cert = X509Certificate.parse(certificates.rsaroot);
+        expect(cert.signatureAlgorithm).toBe('sha512');
+      });
+    });
+  });
 });
diff --git a/packages/core/src/index.ts b/packages/core/src/index.ts
@@ -18,6 +18,7 @@ export * as crypto from './crypto';
 export * as dsse from './dsse';
 export * as encoding from './encoding';
 export * as json from './json';
+export { HASH_ALGORITHM_NAMES } from './oid';
 export * as pem from './pem';
 export { RFC3161Timestamp } from './rfc3161';
 export { ByteStream } from './stream';
diff --git a/packages/core/src/oid.ts b/packages/core/src/oid.ts
@@ -5,8 +5,23 @@ export const ECDSA_SIGNATURE_ALGOS: Record<string, string> = {
   '1.2.840.10045.4.3.4': 'sha512',
 };
 
+export const RSA_SIGNATURE_ALGOS: Record<string, string> = {
+  '1.2.840.113549.1.1.14': 'sha224',
+  '1.2.840.113549.1.1.11': 'sha256',
+  '1.2.840.113549.1.1.12': 'sha384',
+  '1.2.840.113549.1.1.13': 'sha512',
+};
+
 export const SHA2_HASH_ALGOS: Record<string, string> = {
   '2.16.840.1.101.3.4.2.1': 'sha256',
   '2.16.840.1.101.3.4.2.2': 'sha384',
   '2.16.840.1.101.3.4.2.3': 'sha512',
 };
+
+export const HASH_ALGORITHM_NAMES: Record<number, string> = {
+  1: 'sha256',
+  2: 'sha384',
+  3: 'sha512',
+  4: 'sha3-256',
+  5: 'sha3-384',
+};
diff --git a/packages/core/src/x509/cert.ts b/packages/core/src/x509/cert.ts
@@ -15,7 +15,7 @@ limitations under the License.
 */
 import { ASN1Obj } from '../asn1';
 import * as crypto from '../crypto';
-import { ECDSA_SIGNATURE_ALGOS } from '../oid';
+import { ECDSA_SIGNATURE_ALGOS, RSA_SIGNATURE_ALGOS } from '../oid';
 import * as pem from '../pem';
 import {
   X509AuthorityKeyIDExtension,
@@ -85,6 +85,10 @@ export class X509Certificate {
 
   get signatureAlgorithm(): string {
     const oid: string = this.signatureAlgorithmObj.subs[0].toOID();
+    if (RSA_SIGNATURE_ALGOS[oid]) {
+      return RSA_SIGNATURE_ALGOS[oid];
+    }
+
     return ECDSA_SIGNATURE_ALGOS[oid];
   }
 
diff --git a/packages/verify/src/__tests__/bundle/message.test.ts b/packages/verify/src/__tests__/bundle/message.test.ts
@@ -76,5 +76,33 @@ describe('MessageSignatureContent', () => {
         expect(subject.verifySignature(key.publicKey)).toBe(true);
       });
     });
+
+    describe('with SHA2_256 hash algorithm', () => {
+      const message256 = Buffer.from('message256');
+      const messageDigest256 = core.digest('sha256', message256);
+      const messageSignature256: MessageSignature = {
+        messageDigest: { digest: messageDigest256, algorithm: HashAlgorithm.SHA2_256 },
+        signature: crypto.sign('sha256', message256, key.privateKey),
+      };
+      const subject256 = new MessageSignatureContent(messageSignature256, message256);
+
+      it('verifies signature with explicit hash algorithm', () => {
+        expect(subject256.verifySignature(key.publicKey)).toBe(true);
+      });
+    });
+
+    describe('with SHA2_512 hash algorithm', () => {
+      const message512 = Buffer.from('message512');
+      const messageDigest512 = core.digest('sha512', message512);
+      const messageSignature512: MessageSignature = {
+        messageDigest: { digest: messageDigest512, algorithm: HashAlgorithm.SHA2_512 },
+        signature: crypto.sign('sha512', message512, key.privateKey),
+      };
+      const subject512 = new MessageSignatureContent(messageSignature512, message512);
+
+      it('verifies signature with explicit hash algorithm', () => {
+        expect(subject512.verifySignature(key.publicKey)).toBe(true);
+      });
+    });
   });
 });
diff --git a/packages/verify/src/bundle/message.ts b/packages/verify/src/bundle/message.ts
@@ -13,7 +13,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
-import { crypto } from '@sigstore/core';
+import { crypto, HASH_ALGORITHM_NAMES } from '@sigstore/core';
 
 import type { MessageSignature } from '@sigstore/bundle';
 import type { SignatureContent } from '../shared.types';
@@ -22,11 +22,13 @@ export class MessageSignatureContent implements SignatureContent {
   public readonly signature: Buffer;
   private readonly messageDigest: Buffer;
   private readonly artifact: Buffer;
+  private readonly hashAlgorithm: string | undefined;
 
   constructor(messageSignature: MessageSignature, artifact: Buffer) {
     this.signature = messageSignature.signature;
     this.messageDigest = messageSignature.messageDigest.digest;
     this.artifact = artifact;
+    this.hashAlgorithm = HASH_ALGORITHM_NAMES[messageSignature.messageDigest.algorithm];
   }
 
   public compareSignature(signature: Buffer): boolean {
@@ -38,6 +40,6 @@ export class MessageSignatureContent implements SignatureContent {
   }
 
   public verifySignature(key: crypto.KeyObject): boolean {
-    return crypto.verify(this.artifact, key, this.signature);
+    return crypto.verify(this.artifact, key, this.signature, this.hashAlgorithm);
   }
 }
