Signature: Examine public key when no algorithm passed (#1903)

Author: obenland

includes/signature/class-http-message-signature.php

@@ -22,6 +22,55 @@
  */
 class Http_Message_Signature implements Signature_Standard {
 
+	/**
+	 * Signature algorithms.
+	 *
+	 * @var int[][]
+	 */
+	private $algorithms = array(
+		// RSA PKCS#1 v1.5.
+		'rsa-v1_5-sha256'   => array(
+			'type' => OPENSSL_KEYTYPE_RSA,
+			'algo' => OPENSSL_ALGO_SHA256,
+		),
+		'rsa-v1_5-sha384'   => array(
+			'type' => OPENSSL_KEYTYPE_RSA,
+			'algo' => OPENSSL_ALGO_SHA384,
+		),
+		'rsa-v1_5-sha512'   => array(
+			'type' => OPENSSL_KEYTYPE_RSA,
+			'algo' => OPENSSL_ALGO_SHA512,
+		),
+
+		// RSA PSS (note: not supported in openssl_verify() until PHP 8.1).
+		'rsa-pss-sha256'    => array(
+			'type' => OPENSSL_KEYTYPE_RSA,
+			'algo' => OPENSSL_ALGO_SHA256,
+		),
+		'rsa-pss-sha384'    => array(
+			'type' => OPENSSL_KEYTYPE_RSA,
+			'algo' => OPENSSL_ALGO_SHA384,
+		),
+		'rsa-pss-sha512'    => array(
+			'type' => OPENSSL_KEYTYPE_RSA,
+			'algo' => OPENSSL_ALGO_SHA512,
+		),
+
+		// ECDSA.
+		'ecdsa-p256-sha256' => array(
+			'type' => OPENSSL_KEYTYPE_EC,
+			'algo' => OPENSSL_ALGO_SHA256,
+		),
+		'ecdsa-p384-sha384' => array(
+			'type' => OPENSSL_KEYTYPE_EC,
+			'algo' => OPENSSL_ALGO_SHA384,
+		),
+		'ecdsa-p521-sha512' => array(
+			'type' => OPENSSL_KEYTYPE_EC,
+			'algo' => OPENSSL_ALGO_SHA512,
+		),
+	);
+
 	/**
 	 * Digest algorithms.
 	 *
@@ -248,69 +297,52 @@ private function verify_content_digest( $headers, $body ) {
 	 * @return int|\WP_Error OpenSSL algorithm constant or WP_Error.
 	 */
 	private function verify_algorithm( $alg_string, $public_key ) {
-		$alg_string = \strtolower( $alg_string );
-		if ( \strpos( $alg_string, 'rsa-pss-' ) === 0 && \version_compare( PHP_VERSION, '8.1.0', '<' ) ) {
-			return new \WP_Error( 'unsupported_pss', 'RSA-PSS algorithms are not supported.' );
-		}
-
 		$details = \openssl_pkey_get_details( $public_key );
 		if ( ! isset( $details['type'] ) ) {
 			return new \WP_Error( 'invalid_key_details', 'Unable to read public key details.' );
 		}
 
-		$map = array(
-			// RSA PKCS#1 v1.5.
-			'rsa-v1_5-sha256'   => array(
-				'type' => OPENSSL_KEYTYPE_RSA,
-				'algo' => OPENSSL_ALGO_SHA256,
-			),
-			'rsa-v1_5-sha384'   => array(
-				'type' => OPENSSL_KEYTYPE_RSA,
-				'algo' => OPENSSL_ALGO_SHA384,
-			),
-			'rsa-v1_5-sha512'   => array(
-				'type' => OPENSSL_KEYTYPE_RSA,
-				'algo' => OPENSSL_ALGO_SHA512,
-			),
-
-			// RSA PSS (note: not supported in openssl_verify() until PHP 8.1).
-			'rsa-pss-sha256'    => array(
-				'type' => OPENSSL_KEYTYPE_RSA,
-				'algo' => OPENSSL_ALGO_SHA256,
-			),
-			'rsa-pss-sha384'    => array(
-				'type' => OPENSSL_KEYTYPE_RSA,
-				'algo' => OPENSSL_ALGO_SHA384,
-			),
-			'rsa-pss-sha512'    => array(
-				'type' => OPENSSL_KEYTYPE_RSA,
-				'algo' => OPENSSL_ALGO_SHA512,
-			),
-
-			// ECDSA.
-			'ecdsa-p256-sha256' => array(
-				'type' => OPENSSL_KEYTYPE_EC,
-				'algo' => OPENSSL_ALGO_SHA256,
-			),
-			'ecdsa-p384-sha384' => array(
-				'type' => OPENSSL_KEYTYPE_EC,
-				'algo' => OPENSSL_ALGO_SHA384,
-			),
-			'ecdsa-p521-sha512' => array(
-				'type' => OPENSSL_KEYTYPE_EC,
-				'algo' => OPENSSL_ALGO_SHA512,
-			),
-		);
+		// If alg_string is empty, determine algorithm based on public key.
+		if ( empty( $alg_string ) ) {
+			switch ( $details['type'] ) {
+				case \OPENSSL_KEYTYPE_RSA:
+					$bits = $details['bits'] ?? 2048;
+
+					if ( $bits >= 4 * KB_IN_BYTES ) {
+						return \OPENSSL_ALGO_SHA512;
+					} elseif ( $bits >= 3 * KB_IN_BYTES ) {
+						return \OPENSSL_ALGO_SHA384;
+					} else {
+						return \OPENSSL_ALGO_SHA256;
+					}
+
+				case \OPENSSL_KEYTYPE_EC:
+					switch ( $details['ec']['curve_name'] ?? '' ) {
+						case 'prime256v1':
+						case 'secp256r1':
+							return \OPENSSL_ALGO_SHA256;
+						case 'secp384r1':
+							return \OPENSSL_ALGO_SHA384;
+						case 'secp521r1':
+							return \OPENSSL_ALGO_SHA512;
+					}
+			}
+		}
+
+		$alg_string = \strtolower( $alg_string );
+		if ( \strpos( $alg_string, 'rsa-pss-' ) === 0 && \version_compare( PHP_VERSION, '8.1.0', '<' ) ) {
+			return new \WP_Error( 'unsupported_pss', 'RSA-PSS algorithms are not supported.' );
+		}
 
-		if ( ! isset( $map[ $alg_string ] ) ) {
+		if ( ! isset( $this->algorithms[ $alg_string ] ) ) {
 			return new \WP_Error( 'unsupported_alg', 'Unsupported or unknown alg parameter: ' . $alg_string );
 		}
 
-		if ( $map[ $alg_string ]['type'] !== $details['type'] ) {
+		if ( $this->algorithms[ $alg_string ]['type'] !== $details['type'] ) {
 			return new \WP_Error( 'alg_key_mismatch', 'Algorithm does not match public key type.' );
 		}
 
-		return $map[ $alg_string ]['algo'];
+		return $this->algorithms[ $alg_string ]['algo'];
 	}
 
 	/**

tests/includes/class-test-signature.php

@@ -540,6 +540,9 @@ public function test_verify_http_signature_rfc9421_algorithms() {
 		$rsa_keys = self::$test_keys['rsa']['2048'];
 		$this->verify_rfc9421_signature_with_keys( $rsa_keys, 'rsa-v1_5-sha256' );
 
+		$rsa_keys = self::$test_keys['rsa']['2048'];
+		$this->verify_rfc9421_signature_with_keys( $rsa_keys, '' );
+
 		// Test with EC keys.
 		$ec_keys = self::$test_keys['ec']['prime256v1'];
 		$this->verify_rfc9421_signature_with_keys( $ec_keys, 'ecdsa-p256-sha256' );
@@ -579,12 +582,15 @@ function () use ( $keys ) {
 		// Create the signature input components.
 		$components    = array( '@method', '@target-uri', '@authority', 'content-digest', 'date' );
 		$params_string = \sprintf(
-			'(%s);created=%d;keyid="https://example.org/author/admin#main-key";alg="%s"',
+			'(%s);created=%d;keyid="https://example.org/author/admin#main-key"',
 			'"' . \implode( '" "', $components ) . '"',
-			\time(),
-			$algorithm
+			\time()
 		);
 
+		if ( ! empty( $algorithm ) ) {
+			$params_string .= ';alg="' . $algorithm . '"';
+		}
+
 		// Create the signature input header value (includes the label).
 		$signature_input = "sig1=$params_string";