Verifier: Use correct algorithm for Timestamp hash

Don't assume sha256. Use verify_message() instead: it looks
up the correct hash from the the timestamp response.

TODO: this requires unreleased rfc3161-client.

Signed-off-by: Jussi Kukkonen <[email protected]>

Author: jku

CHANGELOG.md

@@ -18,6 +18,10 @@ All versions prior to 0.9.0 are untracked.
 * TSA: Changed the Timestamp Authority requests to explicitly use sha256 for message digests.
   [#1373](https://github.com/sigstore/sigstore-python/pull/1373)
 
+* TSA: Correctly verify timestamps with hashes other than SHA-256. Currently supported
+  algorithms are SHA-256, SHA-384, SHA-512.
+  [#1373](https://github.com/sigstore/sigstore-python/pull/1373)
+
 * Fixed the certificate calidity period check for Timestamp Authorities (TSA).
   Certificates need not have and end date, while still requiring a start date.
   [#1368](https://github.com/sigstore/sigstore-python/pull/1368)

sigstore/verify/verifier.py

@@ -125,7 +125,7 @@ def _from_trust_config(cls, trust_config: ClientTrustConfig) -> Verifier:
         )
 
     def _verify_signed_timestamp(
-        self, timestamp_response: TimeStampResponse, signature: bytes
+        self, timestamp_response: TimeStampResponse, message: bytes
     ) -> TimestampVerificationResult | None:
         """
         Verify a Signed Timestamp using the TSA provided by the Trusted Root.
@@ -140,7 +140,7 @@ def _verify_signed_timestamp(
 
             verifier = builder.build()
             try:
-                verifier.verify(timestamp_response, signature)
+                verifier.verify_message(timestamp_response, message)
             except Rfc3161VerificationError as e:
                 _logger.debug("Unable to verify Timestamp with CA.")
                 _logger.exception(e)
@@ -183,14 +183,11 @@ def _verify_timestamp_authority(
             msg = "duplicate timestamp found"
             raise VerificationError(msg)
 
-        # The Signer sends a hash of the signature as the messageImprint in a TimeStampReq
-        # to the Timestamping Service
-        signature_hash = sha256_digest(bundle.signature).digest
         verified_timestamps = [
             verified_timestamp
             for tsr in timestamp_responses
             if (
-                verified_timestamp := self._verify_signed_timestamp(tsr, signature_hash)
+                verified_timestamp := self._verify_signed_timestamp(tsr, bundle.signature)
             )
         ]