Skip to content

Commit 3649c38

Browse files
committed
two more test cases handled
1 parent ecd6da3 commit 3649c38

File tree

2 files changed

+35
-3
lines changed

2 files changed

+35
-3
lines changed

src/rust/src/pkcs7.rs

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -844,9 +844,10 @@ fn verify_der<'p>(
844844
},
845845
_ => {
846846
return Err(CryptographyError::from(
847-
pyo3::exceptions::PyValueError::new_err(
848-
"Unsupported hash algorithm with RSA.",
849-
),
847+
exceptions::UnsupportedAlgorithm::new_err((
848+
"Only SHA-256 is currently supported for content verification with RSA.",
849+
exceptions::Reasons::UNSUPPORTED_SERIALIZATION,
850+
)),
850851
))
851852
}
852853
},

tests/hazmat/primitives/test_pkcs7.py

Lines changed: 31 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1016,6 +1016,22 @@ def test_pkcs7_verify_der_no_content(
10161016
with pytest.raises(ValueError):
10171017
pkcs7.pkcs7_verify_der(signature)
10181018

1019+
def test_pkcs7_verify_der_ecdsa_certificate(self, backend, data):
1020+
# Getting an ECDSA certificate
1021+
certificate, private_key = _load_cert_key()
1022+
1023+
# Signature
1024+
builder = (
1025+
pkcs7.PKCS7SignatureBuilder()
1026+
.set_data(data)
1027+
.add_signer(certificate, private_key, hashes.SHA256())
1028+
)
1029+
signature = builder.sign(serialization.Encoding.DER, [])
1030+
1031+
# Verification with another certificate
1032+
options = [pkcs7.PKCS7Options.NoVerify]
1033+
pkcs7.pkcs7_verify_der(signature, options=options)
1034+
10191035
def test_pkcs7_verify_invalid_signature(
10201036
self, backend, data, certificate, private_key
10211037
):
@@ -1051,6 +1067,21 @@ def test_pkcs7_verify_der_wrong_certificate(
10511067
with pytest.raises(ValueError):
10521068
pkcs7.pkcs7_verify_der(signature, certificate=rsa_certificate)
10531069

1070+
def test_pkcs7_verify_der_unsupported_digest_algorithm(
1071+
self, backend, data, certificate, private_key
1072+
):
1073+
# Signature
1074+
builder = (
1075+
pkcs7.PKCS7SignatureBuilder()
1076+
.set_data(data)
1077+
.add_signer(certificate, private_key, hashes.SHA384())
1078+
)
1079+
signature = builder.sign(serialization.Encoding.DER, [])
1080+
1081+
# Verification with another certificate
1082+
with pytest.raises(exceptions.UnsupportedAlgorithm):
1083+
pkcs7.pkcs7_verify_der(signature)
1084+
10541085
def test_pkcs7_verify_pem(self, backend, data, certificate, private_key):
10551086
# Signature
10561087
builder = (

0 commit comments

Comments
 (0)