Ensure correct certificate is used for TSA auth checks (GHSA-xm5m-wgh2-rrg3) (#1333)

jku · web-flow · commit 9583b6186084 · 2026-04-13T08:50:36.000-07:00
Currently VerifyLeafCert and verifyTSRWithChain may disagree
on which cert is the real leaf certificate (TSA certificate):
VerifyLeafCert should use the leaf certificate identified by
verifyTSRWithChain.

* Return the signer cert from verifyTSRWithChain() so
  verifyLeafCert() can just use the correct cert
* Make sure verifyTSRWithChain() ensures that we have signer cert
  (either embedded or provided as option)
* Make sure verifyTSRWithChain() verifies that embedded and
  provided cert match if both are present
* Modify verifyLeafCert() so it only operates on given leaf cert



* Remove unused function

verifyEmbeddedLeafCert is now not needed: the check is already
done in verifyTSRWithChain.

Remove the related test, add test cases to cover the same
situatation in verifyTSRWithChain.

Signed-off-by: Jussi Kukkonen &lt;jkukkonen@google.com&gt;
diff --git a/pkg/verification/testdata/response-injected-certs.tsr b/pkg/verification/testdata/response-injected-certs.tsr
diff --git a/pkg/verification/verify.go b/pkg/verification/verify.go
@@ -81,14 +81,6 @@ func verifySubjectCommonName(cert *x509.Certificate, opts VerifyOpts) error {
 	return nil
 }
 
-// If embedded in the TSR, verify the TSR's leaf certificate matches a provided TSA certificate
-func verifyEmbeddedLeafCert(tsaCert *x509.Certificate, opts VerifyOpts) error {
-	if opts.TSACertificate != nil && !opts.TSACertificate.Equal(tsaCert) {
-		return fmt.Errorf("certificate embedded in the TSR does not match the provided TSA certificate")
-	}
-	return nil
-}
-
 // Verify the leaf's EKU is set to critical, per RFC 3161 2.3
 func verifyLeafCertCriticalEKU(cert *x509.Certificate) error {
 	var criticalEKU bool
@@ -104,33 +96,14 @@ func verifyLeafCertCriticalEKU(cert *x509.Certificate) error {
 	return nil
 }
 
-func verifyLeafCert(ts timestamp.Timestamp, opts VerifyOpts) error {
-	if len(ts.Certificates) == 0 && opts.TSACertificate == nil {
-		return fmt.Errorf("leaf certificate must be present the in TSR or as a verify option")
+func verifyLeafCert(leafCert *x509.Certificate, opts VerifyOpts) error {
+	if leafCert == nil {
+		// should never happen
+		return fmt.Errorf("signer certificate is required")
 	}
 
 	errMsg := "failed to verify TSA certificate"
 
-	var leafCert *x509.Certificate
-	if len(ts.Certificates) != 0 {
-		for _, c := range ts.Certificates {
-			if !c.IsCA {
-				leafCert = c
-				break
-			}
-		}
-		if leafCert == nil {
-			return fmt.Errorf("no leaf certificate found in chain")
-		}
-
-		err := verifyEmbeddedLeafCert(leafCert, opts)
-		if err != nil {
-			return fmt.Errorf("%s: %w", errMsg, err)
-		}
-	} else {
-		leafCert = opts.TSACertificate
-	}
-
 	err := verifyLeafCertCriticalEKU(leafCert)
 	if err != nil {
 		return fmt.Errorf("%s: %w", errMsg, err)
@@ -252,7 +225,8 @@ func VerifyTimestampResponse(tsrBytes []byte, artifact io.Reader, opts VerifyOpt
 	}
 
 	// verify the timestamp response signature using the provided certificate pool
-	if err = verifyTSRWithChain(ts, opts); err != nil {
+	signerCert, err := verifyTSRWithChain(ts, opts)
+	if err != nil {
 		return nil, err
 	}
 
@@ -264,7 +238,7 @@ func VerifyTimestampResponse(tsrBytes []byte, artifact io.Reader, opts VerifyOpt
 		return nil, err
 	}
 
-	if err = verifyLeafCert(*ts, opts); err != nil {
+	if err = verifyLeafCert(signerCert, opts); err != nil {
 		return nil, err
 	}
 
@@ -277,23 +251,29 @@ func VerifyTimestampResponse(tsrBytes []byte, artifact io.Reader, opts VerifyOpt
 	return ts, nil
 }
 
-func verifyTSRWithChain(ts *timestamp.Timestamp, opts VerifyOpts) error {
+// Returns the TSA signer certificate after verifying the certificate chain validity.
+func verifyTSRWithChain(ts *timestamp.Timestamp, opts VerifyOpts) (*x509.Certificate, error) {
 	p7Message, err := pkcs7.Parse(ts.RawToken)
 	if err != nil {
-		return fmt.Errorf("error parsing hashed message: %w", err)
+		return nil, fmt.Errorf("error parsing hashed message: %w", err)
 	}
 
 	if len(opts.Roots) == 0 {
-		return fmt.Errorf("no root certificates provided for verifying the certificate chain")
+		return nil, fmt.Errorf("no root certificates provided for verifying the certificate chain")
 	}
+
+	if p7Message.Certificates == nil && opts.TSACertificate == nil {
+		return nil, fmt.Errorf("leaf certificate must be present in the TSR or as a verify option")
+	}
+
 	rootCertPool := x509.NewCertPool()
 	for _, cert := range opts.Roots {
 		if cert != nil {
 			rootCertPool.AddCert(cert)
 		}
 	}
 	if rootCertPool.Equal(x509.NewCertPool()) {
-		return fmt.Errorf("no valid root certificates provided for verifying the certificate chain")
+		return nil, fmt.Errorf("no valid root certificates provided for verifying the certificate chain")
 	}
 	intermediateCertPool := x509.NewCertPool()
 	for _, cert := range opts.Intermediates {
@@ -313,16 +293,25 @@ func verifyTSRWithChain(ts *timestamp.Timestamp, opts VerifyOpts) error {
 	// leaf certificate issuer and serial number information is already part of
 	// the PKCS7 object, adding the leaf certificate to the Certificates field
 	// will allow verification to pass
-	if p7Message.Certificates == nil && opts.TSACertificate != nil {
+	if p7Message.Certificates == nil {
 		p7Message.Certificates = []*x509.Certificate{opts.TSACertificate}
 	}
 
 	err = p7Message.VerifyWithOpts(x509Opts)
 	if err != nil {
-		return fmt.Errorf("error while verifying with chain: %w", err)
+		return nil, fmt.Errorf("error while verifying with chain: %w", err)
 	}
 
-	return nil
+	signerCert := p7Message.GetOnlySigner()
+	if signerCert == nil {
+		return nil, fmt.Errorf("signer certificate was not found")
+	}
+
+	if opts.TSACertificate != nil && !opts.TSACertificate.Equal(signerCert) {
+		return nil, fmt.Errorf("certificate embedded in the TSR does not match the provided TSA certificate")
+	}
+
+	return signerCert, nil
 }
 
 // Verify that the TSR's hashed message matches the digest of the artifact to be timestamped
diff --git a/pkg/verification/verify_test.go b/pkg/verification/verify_test.go
@@ -27,6 +27,7 @@ import (
 	"fmt"
 	"io"
 	"math/big"
+	"os"
 	"strings"
 	"testing"
 	"time"
@@ -107,8 +108,9 @@ func TestVerifyArtifactHashedMessages(t *testing.T) {
 		}
 
 		opts := VerifyOpts{
-			Intermediates: certs[1:2],
-			Roots:         certs[2:],
+			Intermediates:  certs[1:2],
+			Roots:          certs[2:],
+			TSACertificate: certs[0],
 		}
 
 		ts, err := VerifyTimestampResponse(respBytes.Bytes(), strings.NewReader(tc.message), opts)
@@ -192,7 +194,7 @@ func TestVerifyLeafCert(t *testing.T) {
 			useOptsCert:         false,
 			useTSCert:           false,
 			expectVerifySuccess: false,
-			expectedErrMsg:      "leaf certificate must be present the in TSR or as a verify option",
+			expectedErrMsg:      "signer certificate is required",
 		},
 		{
 			useOptsCert:         true,
@@ -213,7 +215,7 @@ func TestVerifyLeafCert(t *testing.T) {
 		{
 			onlyCACerts:         true,
 			expectVerifySuccess: false,
-			expectedErrMsg:      "no leaf certificate found in chain",
+			expectedErrMsg:      "signer certificate is required",
 		},
 	}
 
@@ -246,12 +248,17 @@ func TestVerifyLeafCert(t *testing.T) {
 			ts.Certificates = []*x509.Certificate{sampleCert}
 		}
 
+		var testSigner *x509.Certificate
+		if tc.useTSCert || tc.useOptsCert {
+			testSigner = sampleCert
+		}
+
 		if tc.onlyCACerts {
 			sampleCert.IsCA = true
 			ts.Certificates = []*x509.Certificate{sampleCert}
 		}
 
-		err := verifyLeafCert(ts, opts)
+		err := verifyLeafCert(testSigner, opts)
 
 		if err != nil && tc.expectVerifySuccess {
 			t.Fatalf("expected error to be nil, actual error: %v", err)
@@ -267,56 +274,6 @@ func TestVerifyLeafCert(t *testing.T) {
 	}
 }
 
-func TestVerifyEmbeddedLeafCert(t *testing.T) {
-	type test struct {
-		optsCert            *x509.Certificate
-		providedCert        *x509.Certificate
-		expectVerifySuccess bool
-	}
-
-	tests := []test{
-		{
-			optsCert: nil,
-			providedCert: &x509.Certificate{
-				Raw: []byte("abc123"),
-			},
-			expectVerifySuccess: true,
-		},
-		{
-			optsCert: &x509.Certificate{
-				Raw: []byte("abc123"),
-			},
-			providedCert: &x509.Certificate{
-				Raw: []byte("abc123"),
-			},
-			expectVerifySuccess: true,
-		},
-		{
-			optsCert: &x509.Certificate{
-				Raw: []byte("abc123"),
-			},
-			providedCert: &x509.Certificate{
-				Raw: []byte("def456"),
-			},
-			expectVerifySuccess: false,
-		},
-	}
-
-	for _, tc := range tests {
-		opts := VerifyOpts{
-			TSACertificate: tc.optsCert,
-		}
-
-		err := verifyEmbeddedLeafCert(tc.providedCert, opts)
-		if err == nil && !tc.expectVerifySuccess {
-			t.Errorf("expected verification to fail: provided cert unexpectedly matches opts cert")
-		}
-		if err != nil && tc.expectVerifySuccess {
-			t.Errorf("expected verification to pass: provided cert does not match opts cert")
-		}
-	}
-}
-
 func TestVerifySubjectCommonName(t *testing.T) {
 	type test struct {
 		optsCommonName      string
@@ -591,6 +548,11 @@ func TestVerifyTSRWithChain(t *testing.T) {
 		t.Errorf("failed to create certificate chain: %v", err)
 	}
 
+	altCertChain, _, err := createCertChainAndSigner()
+	if err != nil {
+		t.Errorf("failed to create certificate chain: %v", err)
+	}
+
 	tsWithCerts, err := createSignedTimestamp(certChain, sv, true)
 	if err != nil {
 		t.Errorf("failed to create signed certificate: %v", err)
@@ -603,6 +565,7 @@ func TestVerifyTSRWithChain(t *testing.T) {
 
 	// get certificates
 	leaf := certChain[0]
+	altLeaf := altCertChain[0]
 	intermediate := certChain[1]
 	root := certChain[2]
 
@@ -654,6 +617,26 @@ func TestVerifyTSRWithChain(t *testing.T) {
 			},
 			expectVerifySuccess: false,
 		},
+		{
+			name: "Verification succeeds with same certificate embedded and provided",
+			ts:   tsWithCerts,
+			opts: VerifyOpts{
+				Roots:          []*x509.Certificate{root},
+				Intermediates:  []*x509.Certificate{intermediate},
+				TSACertificate: leaf,
+			},
+			expectVerifySuccess: true,
+		},
+		{
+			name: "Verification fails with embedded and provided certificate mismatch",
+			ts:   tsWithCerts,
+			opts: VerifyOpts{
+				Roots:          []*x509.Certificate{root},
+				Intermediates:  []*x509.Certificate{intermediate},
+				TSACertificate: altLeaf,
+			},
+			expectVerifySuccess: false,
+		},
 		{
 			name: "Verification fails due to missing root certificate",
 			ts:   tsWithCerts,
@@ -691,7 +674,7 @@ func TestVerifyTSRWithChain(t *testing.T) {
 
 	for _, tc := range tests {
 		t.Run(tc.name, func(t *testing.T) {
-			err = verifyTSRWithChain(tc.ts, tc.opts)
+			_, err = verifyTSRWithChain(tc.ts, tc.opts)
 			if tc.expectVerifySuccess && err != nil {
 				t.Errorf("unexpectedly failed \nExpected verifyTSRWithChain to successfully verify certificate chain, err: %v", err)
 			} else if !tc.expectVerifySuccess && err == nil {
@@ -700,3 +683,41 @@ func TestVerifyTSRWithChain(t *testing.T) {
 		})
 	}
 }
+
+func TestVerifyTimestampResponseWithOutOfChainCert(t *testing.T) {
+	// Read the fixture file: it contains 3 certs
+	// * "Spoofed" TSA cert (not issued by the root cert)
+	// * TSA cert issued by root cert
+	// * root cert
+	respBytes, err := os.ReadFile("testdata/response-injected-certs.tsr")
+	if err != nil {
+		t.Fatalf("failed to read fixture file: %v", err)
+	}
+
+	// Parse fixture to find a valid root (or self-signed leaf) to bypass chain verification
+	ts, err := timestamp.ParseResponse(respBytes)
+	if err != nil {
+		t.Fatalf("failed to parse response in test: %v", err)
+	}
+
+	// Find the self-signed cert, use as the root
+	var validRoots []*x509.Certificate
+	for _, cert := range ts.Certificates {
+		if cert.Subject.CommonName != "Spoofed TSA" && cert.Issuer.String() == cert.Subject.String() {
+			validRoots = append(validRoots, cert)
+			break
+		}
+	}
+
+	opts := VerifyOpts{
+		CommonName: "Spoofed TSA", // Ask for the cert that is not part of the chain
+		Roots:      validRoots,
+	}
+
+	// verify should fail as Spoofed TSA is not signed by root cert
+	_, err = VerifyTimestampResponse(respBytes, strings.NewReader("hello"), opts)
+
+	if err == nil {
+		t.Errorf("VerifyTimestampResponse succeeded with a certificate that is not part of the cert chain.")
+	}
+}
