Add tests for the changes in PKCS7 signing

pyca · Feb 12, 2024 · 2e5b1e2 · 2e5b1e2
1 parent d8bc890
commit 2e5b1e2
Showing 1 changed file with 45 additions and 2 deletions.
diff --git a/tests/hazmat/primitives/test_pkcs7.py b/tests/hazmat/primitives/test_pkcs7.py
@@ -557,6 +557,45 @@ def test_sign_text(self, backend):
             backend,
         )
 
+    def test_smime_capabilities(self, backend):
+        data = b"hello world"
+        cert, key = _load_cert_key()
+        builder = (
+            pkcs7.PKCS7SignatureBuilder()
+            .set_data(data)
+            .add_signer(cert, key, hashes.SHA256())
+        )
+
+        options = []
+        sig_binary = builder.sign(serialization.Encoding.DER, options)
+
+        # 1.2.840.113549.1.9.15 (SMIMECapabilities) as an ASN.1 DER encoded OID
+        assert b"\x06\t*\x86H\x86\xf7\r\x01\t\x0f" in sig_binary
+
+        # 2.16.840.1.101.3.4.1.42 (aes256-CBC-PAD) as an ASN.1 DER encoded OID
+        aes256_cbc_pad_oid = b"\x06\x09\x60\x86\x48\x01\x65\x03\x04\x01\x2A"
+        # 2.16.840.1.101.3.4.1.22 (aes192-CBC-PAD) as an ASN.1 DER encoded OID
+        aes192_cbc_pad_oid = b"\x06\x09\x60\x86\x48\x01\x65\x03\x04\x01\x16"
+        # 2.16.840.1.101.3.4.1.2 (aes128-CBC-PAD) as an ASN.1 DER encoded OID
+        aes128_cbc_pad_oid = b"\x06\x09\x60\x86\x48\x01\x65\x03\x04\x01\x02"
+
+        # Each algorithm in SMIMECapabilities should be inside its own SEQUENCE.
+        # This is encoded as SEQUENCE_IDENTIFIER + LENGTH + ALGORITHM_OID. This
+        # tests that each algorithm is indeed encoded inside its own sequence.
+        # See RFC 2633, Appendix A for more details.
+        sequence_identifier = b"\x30"
+        for oid in [aes256_cbc_pad_oid, aes192_cbc_pad_oid, aes128_cbc_pad_oid]:
+            assert sequence_identifier + len(oid).to_bytes() + oid in sig_binary
+
+        _pkcs7_verify(
+            serialization.Encoding.DER,
+            sig_binary,
+            None,
+            [cert],
+            options,
+            backend,
+        )
+
     def test_sign_no_capabilities(self, backend):
         data = b"hello world"
         cert, key = _load_cert_key()
@@ -677,9 +716,13 @@ def test_rsa_pkcs_padding_options(self, pad, backend):
                 sig.count(b"\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x08") == 1
             )
         else:
-            # This should be a pkcs1 sha512 signature
+            # This should be a pkcs1 RSA signature, which uses the `rsaEncryption`
+            # OID (1.2.840.113549.1.1.1) no matter which digest algorithm is used.
+            # See RFC 3370 section 3.2 for more details.
+            # This OID appears twice, once in the certificate itself and another in
+            # the SignerInfo data structure in the `digest_encryption_algorithm` field.
             assert (
-                sig.count(b"\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0D") == 1
+                sig.count(b"\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01") == 2
             )
             _pkcs7_verify(
                 serialization.Encoding.DER,