Optimize SignatureAlgorithm parsing for DkimSignature

Author: tinohager

src/Nager.EmailAuthentication.UnitTest/DkimSignatureParserTests/SignatureAlgorithmTest.cs

@@ -0,0 +1,46 @@
+namespace Nager.EmailAuthentication.UnitTest.DkimSignatureParserTests
+{
+    [TestClass]
+    public sealed class SignatureAlgorithmTest
+    {
+        [DataRow("rsa-sha256")]
+        [DataRow("ed25519-sha256")]
+        [DataTestMethod]
+        public void TryParse_ValidSignatureAlgorithm_ReturnsTrueAndPopulatesDataFragment(string signatureAlgorithm)
+        {
+            var dkimSignature = $"v=1; a={signatureAlgorithm}; d=domain.com; s=test; h=message-id:from; bh=testbodyhash=; b=signaturedata";
+
+            var isSuccessful = DkimSignatureDataFragmentParser.TryParse(dkimSignature, out var dkimSignatureDataFragment, out var parsingResults);
+
+            Assert.IsTrue(isSuccessful);
+            Assert.IsNotNull(dkimSignatureDataFragment);
+            Assert.IsNull(parsingResults, "ParsingResults is null");
+        }
+
+        [DataRow("rsa-sha1")]
+        [DataTestMethod]
+        public void TryParse_UnsecureSignatureAlgorithm_ReturnsTrueAndPopulatesDataFragment(string signatureAlgorithm)
+        {
+            var dkimSignature = $"v=1; a={signatureAlgorithm}; d=domain.com; s=test; h=message-id:from; bh=testbodyhash=; b=signaturedata";
+
+            var isSuccessful = DkimSignatureDataFragmentParser.TryParse(dkimSignature, out var dkimSignatureDataFragment, out var parsingResults);
+
+            Assert.IsTrue(isSuccessful);
+            Assert.IsNotNull(dkimSignatureDataFragment);
+            Assert.IsNotNull(parsingResults, "ParsingResults is null");
+        }
+
+        [DataRow("rsa-sha512")]
+        [DataTestMethod]
+        public void TryParse_InvalidSignatureAlgorithm_ReturnsTrueAndPopulatesDataFragment(string signatureAlgorithm)
+        {
+            var dkimSignature = $"v=1; a={signatureAlgorithm}; d=domain.com; s=test; h=message-id:from; bh=testbodyhash=; b=signaturedata";
+
+            var isSuccessful = DkimSignatureDataFragmentParser.TryParse(dkimSignature, out var dkimSignatureDataFragment, out var parsingResults);
+
+            Assert.IsTrue(isSuccessful);
+            Assert.IsNotNull(dkimSignatureDataFragment);
+            Assert.IsNotNull(parsingResults, "ParsingResults is null");
+        }
+    }
+}

src/Nager.EmailAuthentication/DkimSignatureDataFragmentParser.cs

@@ -189,19 +189,34 @@ private static ParsingResult[] ValidateSignatureAlgorithm(ValidateRequest valida
                 return [.. errors];
             }
 
-            if (!validateRequest.Value.StartsWith("rsa-", StringComparison.OrdinalIgnoreCase))
+            if (validateRequest.Value.Equals("rsa-sha256", StringComparison.OrdinalIgnoreCase))
+            {
+                return [];
+            }
+            else if (validateRequest.Value.Equals("ed25519-sha256", StringComparison.OrdinalIgnoreCase))
+            {
+                return [];
+            }
+            else if (validateRequest.Value.Equals("rsa-sha1", StringComparison.OrdinalIgnoreCase))
             {
                 errors.Add(new ParsingResult
                 {
-                    Status = ParsingStatus.Error,
+                    Status = ParsingStatus.Warning,
                     Field = validateRequest.Field,
-                    Message = "Starts not with rsa-"
+                    Message = "RSA with SHA-1 as the hash algorithm. No longer secure and should not be used."
                 });
 
                 return [.. errors];
             }
 
-            return [];
+            errors.Add(new ParsingResult
+            {
+                Status = ParsingStatus.Error,
+                Field = validateRequest.Field,
+                Message = "Unknown hash algorithm used"
+            });
+
+            return [.. errors];
         }
 
         private static ParsingResult[] ValidateSelector(ValidateRequest validateRequest)

src/Nager.EmailAuthentication/DkimSignatureParser.cs

@@ -200,6 +200,11 @@ private static bool TryGetSignatureAlgorithm(
                 signatureAlgorithm = SignatureAlgorithm.RsaSha1;
                 return true;
             }
+            else if (signatureAlgorithmRaw.Equals("ed25519-sha256", StringComparison.OrdinalIgnoreCase))
+            {
+                signatureAlgorithm = SignatureAlgorithm.Ed25519Sha256;
+                return true;
+            }
 
             return false;
         }

src/Nager.EmailAuthentication/Models/SignatureAlgorithm.cs

@@ -13,6 +13,11 @@ public enum SignatureAlgorithm
         /// <summary>
         ///  RSA SHA-256
         /// </summary>
-        RsaSha256
+        RsaSha256,
+
+        /// <summary>
+        /// Ed25519 with SHA-256
+        /// </summary>
+        Ed25519Sha256
     }
 }

src/Nager.EmailAuthentication/Nager.EmailAuthentication.csproj

@@ -20,7 +20,7 @@
 
     <TargetFrameworks>net8.0;net9.0</TargetFrameworks>
 
-    <Version>1.5.5</Version>
+    <Version>1.5.6</Version>
   </PropertyGroup>
 
   <ItemGroup>