upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-06-12 18:21:40 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 20

fix: set PSS padding / options for RSA keys for v2->v3 consistency

Browse source 
Updated RSA key loading to use PSS padding and options.

Signed-off-by: Josh <josh.t.richards@gmail.com>
This commit is contained in:
Josh 2025-09-25 23:34:18 -04:00 committed by GitHub
parent 7283f274c2
commit b36188e40f
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 46 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

47
tests/lib/IntegrityCheck/CheckerTest.php
View file

@ -97,6 +97,11 @@ class CheckerTest extends TestCase {
$keyBundle = file_get_contents(__DIR__ . '/../../data/integritycheck/SomeApp.crt');
$rsaPrivateKey = file_get_contents(__DIR__ . '/../../data/integritycheck/SomeApp.key');
$rsa = RSA::loadPrivateKey($rsaPrivateKey);
// After loading the key, always set the PSS padding and options:
$rsa = $rsa
->withPadding(RSA::SIGNATURE_PSS)
->withMGFHash('sha512')
->withSaltLength(0);
$x509 = new X509();
$x509->loadX509($keyBundle);
$this->checker->writeAppSignature('NotExistingApp', $x509, $rsa);
@ -116,6 +121,11 @@ class CheckerTest extends TestCase {
$rsaPrivateKey = file_get_contents(__DIR__ . '/../../data/integritycheck/SomeApp.key');
$rsaPrivateKey = file_get_contents(__DIR__ .'/../../data/integritycheck/SomeApp.key');
$rsa = RSA::loadPrivateKey($rsaPrivateKey);
// After loading the key, always set the PSS padding and options:
$rsa = $rsa
->withPadding(RSA::SIGNATURE_PSS)
->withMGFHash('sha512')
->withSaltLength(0);
$x509 = new X509();
$x509->loadX509($keyBundle);
$this->checker->writeAppSignature(\OC::$SERVERROOT . '/tests/data/integritycheck/app/', $x509, $rsa);
@ -153,7 +163,12 @@ class CheckerTest extends TestCase {
$keyBundle = file_get_contents(__DIR__ . '/../../data/integritycheck/SomeApp.crt');
$rsaPrivateKey = file_get_contents(__DIR__ . '/../../data/integritycheck/SomeApp.key');
$rsa = RSA::load($rsaPrivateKey);
$rsa = RSA::loadPrivateKey($rsaPrivateKey);
// After loading the key, always set the PSS padding and options:
$rsa = $rsa
->withPadding(RSA::SIGNATURE_PSS)
->withMGFHash('sha512')
->withSaltLength(0);
$x509 = new X509();
$x509->loadX509($keyBundle);
$this->checker->writeAppSignature(\OC::$SERVERROOT . '/tests/data/integritycheck/app/', $x509, $rsa);
@ -484,6 +499,11 @@ class CheckerTest extends TestCase {
$keyBundle = file_get_contents(__DIR__ . '/../../data/integritycheck/SomeApp.crt');
$rsaPrivateKey = file_get_contents(__DIR__ . '/../../data/integritycheck/SomeApp.key');
$rsa = RSA::loadPrivateKey($rsaPrivateKey);
// After loading the key, always set the PSS padding and options:
$rsa = $rsa
->withPadding(RSA::SIGNATURE_PSS)
->withMGFHash('sha512')
->withSaltLength(0);
$x509 = new X509();
$x509->loadX509($keyBundle);
$this->checker->writeCoreSignature($x509, $rsa, __DIR__);
@ -507,6 +527,11 @@ class CheckerTest extends TestCase {
$keyBundle = file_get_contents(__DIR__ . '/../../data/integritycheck/SomeApp.crt');
$rsaPrivateKey = file_get_contents(__DIR__ . '/../../data/integritycheck/SomeApp.key');
$rsa = RSA::loadPrivateKey($rsaPrivateKey);
// After loading the key, always set the PSS padding and options:
$rsa = $rsa
->withPadding(RSA::SIGNATURE_PSS)
->withMGFHash('sha512')
->withSaltLength(0);
$x509 = new X509();
$x509->loadX509($keyBundle);
$this->checker->writeCoreSignature($x509, $rsa, __DIR__);
@ -541,6 +566,11 @@ class CheckerTest extends TestCase {
$keyBundle = file_get_contents(__DIR__ . '/../../data/integritycheck/core.crt');
$rsaPrivateKey = file_get_contents(__DIR__ . '/../../data/integritycheck/core.key');
$rsa = RSA::loadPrivateKey($rsaPrivateKey);
// After loading the key, always set the PSS padding and options:
$rsa = $rsa
->withPadding(RSA::SIGNATURE_PSS)
->withMGFHash('sha512')
->withSaltLength(0);
$x509 = new X509();
$x509->loadX509($keyBundle);
$this->checker->writeCoreSignature($x509, $rsa, \OC::$SERVERROOT . '/tests/data/integritycheck/app/');
@ -575,6 +605,11 @@ class CheckerTest extends TestCase {
$keyBundle = file_get_contents(__DIR__ . '/../../data/integritycheck/core.crt');
$rsaPrivateKey = file_get_contents(__DIR__ . '/../../data/integritycheck/core.key');
$rsa = RSA::loadPrivateKey($rsaPrivateKey);
// After loading the key, always set the PSS padding and options:
$rsa = $rsa
->withPadding(RSA::SIGNATURE_PSS)
->withMGFHash('sha512')
->withSaltLength(0);
$x509 = new X509();
$x509->loadX509($keyBundle);
$this->checker->writeCoreSignature($x509, $rsa, \OC::$SERVERROOT . '/tests/data/integritycheck/htaccessUnmodified/');
@ -604,6 +639,11 @@ class CheckerTest extends TestCase {
$keyBundle = file_get_contents(__DIR__ . '/../../data/integritycheck/core.crt');
$rsaPrivateKey = file_get_contents(__DIR__ . '/../../data/integritycheck/core.key');
$rsa = RSA::loadPrivateKey($rsaPrivateKey);
// After loading the key, always set the PSS padding and options:
$rsa = $rsa
->withPadding(RSA::SIGNATURE_PSS)
->withMGFHash('sha512')
->withSaltLength(0);
$x509 = new X509();
$x509->loadX509($keyBundle);
$this->checker->writeCoreSignature($x509, $rsa, \OC::$SERVERROOT . '/tests/data/integritycheck/htaccessWithInvalidModifiedContent/');
@ -638,6 +678,11 @@ class CheckerTest extends TestCase {
$keyBundle = file_get_contents(__DIR__ . '/../../data/integritycheck/core.crt');
$rsaPrivateKey = file_get_contents(__DIR__ . '/../../data/integritycheck/core.key');
$rsa = RSA::loadPrivateKey($rsaPrivateKey);
// After loading the key, always set the PSS padding and options:
$rsa = $rsa
->withPadding(RSA::SIGNATURE_PSS)
->withMGFHash('sha512')
->withSaltLength(0);
$x509 = new X509();
$x509->loadX509($keyBundle);
$this->checker->writeCoreSignature($x509, $rsa, \OC::$SERVERROOT . '/tests/data/integritycheck/htaccessWithValidModifiedContent');