Add hash name conversion

Signed-off-by: laurentsimon <laurentsimon@google.com>

Author: laurentsimon

sigstore/_utils.py

@@ -35,6 +35,7 @@
 from cryptography.x509.oid import ExtendedKeyUsageOID, ExtensionOID
 
 from sigstore.errors import Error
+from sigstore_protobuf_specs.dev.sigstore.common.v1 import HashAlgorithm
 
 if sys.version_info < (3, 11):
     import importlib_resources as resources
@@ -158,6 +159,12 @@ def key_id(key: PublicKey) -> KeyID:
 
     return KeyID(hashlib.sha256(public_bytes).digest())
 
+def hazmat_digest_to_bundle(algo: str):
+    lookup = {"sha256": HashAlgorithm.SHA2_256}
+    if algo in lookup:
+        return lookup[algo]
+    return algo
+
 def get_digest(
         input_: IO[bytes],
         algorithm_: Prehashed = None,

sigstore/verify/models.py

@@ -63,6 +63,7 @@
     cert_is_leaf,
     cert_is_root_ca,
     get_digest,
+    hazmat_digest_to_bundle,
 )
 from sigstore.errors import Error
 from sigstore.transparency import LogEntry, LogInclusionProof
@@ -518,7 +519,7 @@ def to_bundle(self) -> Bundle:
             ),
             message_signature=MessageSignature(
                 message_digest=HashOutput(
-                    algorithm=HashAlgorithm.SHA2_256,
+                    algorithm=hazmat_digest_to_bundle(self.digest_algorithm._algorithm.name),
                     digest=self.input_digest,
                 ),
                 signature=self.signature,