Skip to content
This repository has been archived by the owner on Nov 17, 2021. It is now read-only.

Commit

Permalink
Browse files Browse the repository at this point in the history
bug #875 Update dkim (Rotzbua)
This PR was squashed before being merged into the 5.x branch (closes #875).

Discussion
----------

Update dkim

As suggested in #870.

Changes:
 - use sha256 as default
 - old php 5.3 use sha1 still as default, because sha256 is missing
 - test adjusted

Commits
-------

0e40c0e Update dkim
  • Loading branch information
fabpot committed Feb 13, 2017
2 parents 3de2857 + 0e40c0e commit 1023ed3
Show file tree
Hide file tree
Showing 2 changed files with 34 additions and 17 deletions.
46 changes: 31 additions & 15 deletions lib/classes/Swift/Signers/DKIMSigner.php
Expand Up @@ -39,9 +39,11 @@ class Swift_Signers_DKIMSigner implements Swift_Signers_HeaderSigner
/**
* Hash algorithm used.
*
* @see RFC6376 3.3: Signers MUST implement and SHOULD sign using rsa-sha256.
*
* @var string
*/
protected $_hashAlgorithm = 'rsa-sha1';
protected $_hashAlgorithm = 'rsa-sha256';

/**
* Body canon method.
Expand Down Expand Up @@ -174,6 +176,11 @@ public function __construct($privateKey, $domainName, $selector)
$this->_domainName = $domainName;
$this->_signerIdentity = '@'.$domainName;
$this->_selector = $selector;

// keep fallback hash algorithm sha1, if php version is lower than 5.4.8
if (version_compare(phpversion(), '5.4.8', '<')) {
$this->_hashAlgorithm = 'rsa-sha1';
}
}

/**
Expand Down Expand Up @@ -223,6 +230,7 @@ public function reset()
*
* @return int
*/
// TODO fix return
public function write($bytes)
{
$this->_canonicalizeBody($bytes);
Expand All @@ -234,8 +242,6 @@ public function write($bytes)
/**
* For any bytes that are currently buffered inside the stream, force them
* off the buffer.
*
* @throws Swift_IoException
*/
public function commit()
{
Expand Down Expand Up @@ -276,8 +282,6 @@ public function unbind(Swift_InputByteStream $is)
return;
}
}

return;
}

/**
Expand All @@ -292,19 +296,28 @@ public function flushBuffers()
}

/**
* Set hash_algorithm, must be one of rsa-sha256 | rsa-sha1 defaults to rsa-sha256.
* Set hash_algorithm, must be one of rsa-sha256 | rsa-sha1.
*
* @param string $hash 'rsa-sha1' or 'rsa-sha256'
*
* @param string $hash
* @throws Swift_SwiftException
*
* @return Swift_Signers_DKIMSigner
*/
public function setHashAlgorithm($hash)
{
// Unable to sign with rsa-sha256
if ($hash == 'rsa-sha1') {
$this->_hashAlgorithm = 'rsa-sha1';
} else {
$this->_hashAlgorithm = 'rsa-sha256';
switch ($hash) {
case 'rsa-sha1':
$this->_hashAlgorithm = 'rsa-sha1';
break;
case 'rsa-sha256':
$this->_hashAlgorithm = 'rsa-sha256';
if (!defined('OPENSSL_ALGO_SHA256')) {
throw new Swift_SwiftException('Unable to set sha256, not offered by openssl');
}
break;
default:
throw new Swift_SwiftException('Unable to set hash algorithm');
}

return $this;
Expand Down Expand Up @@ -432,12 +445,12 @@ public function startBody()
{
// Init
switch ($this->_hashAlgorithm) {
case 'rsa-sha256':
$this->_bodyHashHandler = hash_init('sha256');
break;
case 'rsa-sha1':
$this->_bodyHashHandler = hash_init('sha1');
break;
case 'rsa-sha256':
$this->_bodyHashHandler = hash_init('sha256');
break;
}
$this->_bodyCanonLine = '';
}
Expand Down Expand Up @@ -678,13 +691,16 @@ private function _addToHeaderHash($header)
private function _getEncryptedHash()
{
$signature = '';

switch ($this->_hashAlgorithm) {
case 'rsa-sha1':
$algorithm = OPENSSL_ALGO_SHA1;
break;
case 'rsa-sha256':
$algorithm = OPENSSL_ALGO_SHA256;
break;
default:
throw new Swift_SwiftException('Unable to set hash algorithm');
}
$pkeyId = openssl_get_privatekey($this->_privateKey);
if (!$pkeyId) {
Expand Down
5 changes: 3 additions & 2 deletions tests/unit/Swift/Signers/DKIMSignerTest.php
Expand Up @@ -29,12 +29,13 @@ public function testBasicSigningHeaderManipulation()
$signer->addSignature($headers);
}

// Default Signing
public function testSigningDefaults()
// SHA1 Signing
public function testSigningSHA1()
{
$headerSet = $this->_createHeaderSet();
$messageContent = 'Hello World';
$signer = new Swift_Signers_DKIMSigner(file_get_contents(dirname(dirname(dirname(__DIR__))).'/_samples/dkim/dkim.test.priv'), 'dummy.nxdomain.be', 'dummySelector');
$signer->setHashAlgorithm('rsa-sha1');
$signer->setSignatureTimestamp('1299879181');
$altered = $signer->getAlteredHeaders();
$this->assertEquals(array('DKIM-Signature'), $altered);
Expand Down

0 comments on commit 1023ed3

Please sign in to comment.