nextcloud

upstream/nextcloud

Fork 0

mirror of https://github.com/nextcloud/server.git synced 2026-05-28 04:32:30 -04:00

Commit graph

Author	SHA1	Message	Date
Micke Nordin	cc9e0ba582	fix(http-sig): make setSignature public and skip third-party-dependent test Two CI failures introduced by the test additions in this PR: 1. testEd25519VerifyAcceptedWhenSodiumLoaded calls setSignature() to inject an externally-produced Ed25519 signature (since Algorithm::sign() rejects Ed25519 by design). setSignature was declared protected, so the test couldn't call it from outside the class hierarchy. Make it public — SignedRequest lives in the OC\ private namespace, so this widens internal-only visibility, not the public API surface. 2. testParseKeyRejectsContradictoryAlg expected firebase/php-jwt's JWK::parseKey() to throw on a kty=OKP/crv=Ed25519/alg=ES256 key. The current firebase/php-jwt version does not validate that coherence at parse time, so the test now fails to see any throwable. The actual security check happens at Algorithm::verify() time and is covered by testVerifyEd25519KeyAgainstES256Alg right above it. Skip the parse-time test with a comment pointing at the verify-time coverage. Signed-off-by: Micke Nordin <kano@sunet.se>	2026-05-27 11:03:55 +02:00
Micke Nordin	1bad4fe238	fix: Make sodium optional This commit switches the default signature algorithm to ecdsa-p256-sha256 instead of Ed25519. This allows us to make sodium optional again, and we only pull it in to use it for verifying incomming signatures. If sodium is not installed, we throw on Ed25519 signatures instead. At least it is easy for most people to make their Nextcloud install fully RFC compliant by installing sodium. I also renamed all the Ed25519 function names to be more precis, using Jwks for the JSON Web Keys, and RFC9421 for the http-signature code, where it is needed to distinguish from draft-cavage signatures. Signed-off-by: Micke Nordin <kano@sunet.se>	2026-05-27 11:03:55 +02:00
Micke Nordin	0eb927e617	feat(http-sig): RFC 9421 protocol primitives Add the RFC 9421 (HTTP Message Signatures) sign/verify path alongside the existing draft-cavage implementation: - Algorithm: sodium for Ed25519, JWT::sign for RSA / ECDSA, ecdsaRawToDer for the ECDSA wire format. JWK parsing via JWK::parseKey. - SignatureBase: RFC 9421 §2.5 base construction for the derived components OCM uses plus plain HTTP fields. - ContentDigest: RFC 9530 helpers used as a covered component. - Rfc9421IncomingSignedRequest / Rfc9421OutgoingSignedRequest: request models. Parsing of Signature-Input / Signature delegates to gapple\\StructuredFields\\Parser. - IJwkResolvingSignatoryManager: capability bit signatory managers advertise to participate in RFC 9421 verification. - OcmProfile: OCM-mandated dictionary label. - SignatureManager: dispatch to RFC 9421 inbound when Signature-Input is present, outbound when rfc9421.format is set. Plus tests for each primitive and a full round-trip across the model. Signed-off-by: Micke Nordin <kano@sunet.se>	2026-05-27 11:03:55 +02:00

Author

SHA1

Message

Date

Micke Nordin

cc9e0ba582

fix(http-sig): make setSignature public and skip third-party-dependent test

Two CI failures introduced by the test additions in this PR:

1. testEd25519VerifyAcceptedWhenSodiumLoaded calls setSignature() to inject
   an externally-produced Ed25519 signature (since Algorithm::sign() rejects
   Ed25519 by design). setSignature was declared protected, so the test
   couldn't call it from outside the class hierarchy. Make it public —
   SignedRequest lives in the OC\ private namespace, so this widens
   internal-only visibility, not the public API surface.

2. testParseKeyRejectsContradictoryAlg expected firebase/php-jwt's
   JWK::parseKey() to throw on a kty=OKP/crv=Ed25519/alg=ES256 key. The
   current firebase/php-jwt version does not validate that coherence at
   parse time, so the test now fails to see any throwable. The actual
   security check happens at Algorithm::verify() time and is covered by
   testVerifyEd25519KeyAgainstES256Alg right above it. Skip the parse-time
   test with a comment pointing at the verify-time coverage.

Signed-off-by: Micke Nordin <kano@sunet.se>

2026-05-27 11:03:55 +02:00

Micke Nordin

1bad4fe238

fix: Make sodium optional

This commit switches the default signature algorithm to
ecdsa-p256-sha256 instead of Ed25519. This allows us to make sodium
optional again, and we only pull it in to use it for verifying incomming
signatures. If sodium is not installed, we throw on Ed25519 signatures
instead. At least it is easy for most people to make their Nextcloud
install fully RFC compliant by installing sodium.

I also renamed all the Ed25519 function names to be more precis, using
Jwks for the JSON Web Keys, and RFC9421 for the http-signature code,
where it is needed to distinguish from draft-cavage signatures.

Signed-off-by: Micke Nordin <kano@sunet.se>

2026-05-27 11:03:55 +02:00

Micke Nordin

0eb927e617

feat(http-sig): RFC 9421 protocol primitives

Add the RFC 9421 (HTTP Message Signatures) sign/verify path alongside
the existing draft-cavage implementation:

- Algorithm: sodium for Ed25519, JWT::sign for RSA / ECDSA, ecdsaRawToDer
  for the ECDSA wire format. JWK parsing via JWK::parseKey.
- SignatureBase: RFC 9421 §2.5 base construction for the derived
  components OCM uses plus plain HTTP fields.
- ContentDigest: RFC 9530 helpers used as a covered component.
- Rfc9421IncomingSignedRequest / Rfc9421OutgoingSignedRequest:
  request models. Parsing of Signature-Input / Signature delegates
  to gapple\\StructuredFields\\Parser.
- IJwkResolvingSignatoryManager: capability bit signatory managers
  advertise to participate in RFC 9421 verification.
- OcmProfile: OCM-mandated dictionary label.
- SignatureManager: dispatch to RFC 9421 inbound when Signature-Input
  is present, outbound when rfc9421.format is set.

Plus tests for each primitive and a full round-trip across the model.

Signed-off-by: Micke Nordin <kano@sunet.se>

2026-05-27 11:03:55 +02:00

3 commits