mailauth 4.6.2 → 4.6.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (13) hide show
  1. package/CHANGELOG.md +17 -6
  2. package/LICENSE.txt +1 -1
  3. package/README.md +1 -1
  4. package/lib/arc/index.js +1 -1
  5. package/lib/bimi/index.js +2 -2
  6. package/lib/dkim/dkim-signer.js +24 -4
  7. package/lib/dkim/dkim-verifier.js +2 -2
  8. package/lib/dmarc/verify.js +1 -1
  9. package/lib/mailauth.js +1 -1
  10. package/lib/tools.js +26 -3
  11. package/man/mailauth.1 +2 -2
  12. package/man/man.md +1 -1
  13. package/package.json +6 -6
package/CHANGELOG.md CHANGED
@@ -1,22 +1,33 @@
1
1
  # Changelog
2
2
 
3
- ## [4.6.2](https://github.com/postalsys/mailauth/compare/v4.6.1...v4.6.2) (2024-01-25)
3
+ ## [4.6.4](https://github.com/postalsys/mailauth/compare/v4.6.3...v4.6.4) (2024-02-05)
4
4
 
5
5
 
6
6
  ### Bug Fixes
7
7
 
8
- * **bimi:** skip bimi with oversized DKIM signatures ([d666d74](https://github.com/postalsys/mailauth/commit/d666d7476cbcae8b3161c78a7e737559ad112fd9))
8
+ * **ed25519:** Fixed ed25519 signing and verification ([40f1245](https://github.com/postalsys/mailauth/commit/40f12457d8f49f0ea21015fe4203b4de746ab7b8))
9
9
 
10
- ## [4.6.1](https://github.com/postalsys/mailauth/compare/v4.6.0...v4.6.1) (2024-01-24)
10
+ ## [4.6.3](https://github.com/postalsys/mailauth/compare/v4.6.2...v4.6.3) (2024-01-26)
11
11
 
12
12
 
13
13
  ### Bug Fixes
14
14
 
15
- * **dkim-verify:** Show the length of the source body in DKIM results ([d28663b](https://github.com/postalsys/mailauth/commit/d28663b30b0bfaf07d395e9d3eaea044c9085657))
15
+ * bumped 2022 in copyright notices to 2024 ([cc89823](https://github.com/postalsys/mailauth/commit/cc8982349d14b42a28581ebc52aa6de2e11b5be8))
16
16
 
17
- ## [4.6.0](https://github.com/postalsys/mailauth/compare/v4.5.2...v4.6.0) (2023-11-02)
17
+ ## [4.6.2](https://github.com/postalsys/mailauth/compare/v4.6.1...v4.6.2) (2024-01-25)
18
+
19
+ ### Bug Fixes
20
+
21
+ - **bimi:** skip bimi with undersized DKIM signatures ([d666d74](https://github.com/postalsys/mailauth/commit/d666d7476cbcae8b3161c78a7e737559ad112fd9))
18
22
 
23
+ ## [4.6.1](https://github.com/postalsys/mailauth/compare/v4.6.0...v4.6.1) (2024-01-24)
24
+
25
+ ### Bug Fixes
26
+
27
+ - **dkim-verify:** Show the length of the source body in DKIM results ([d28663b](https://github.com/postalsys/mailauth/commit/d28663b30b0bfaf07d395e9d3eaea044c9085657))
28
+
29
+ ## [4.6.0](https://github.com/postalsys/mailauth/compare/v4.5.2...v4.6.0) (2023-11-02)
19
30
 
20
31
  ### Features
21
32
 
22
- * **deploy:** Set up automatic publishing ([f9b9c32](https://github.com/postalsys/mailauth/commit/f9b9c325e4dbac060114aa12c5887ea8c92c0bf8))
33
+ - **deploy:** Set up automatic publishing ([f9b9c32](https://github.com/postalsys/mailauth/commit/f9b9c325e4dbac060114aa12c5887ea8c92c0bf8))
package/LICENSE.txt CHANGED
@@ -1,4 +1,4 @@
1
- Copyright (c) 2020-2022 Postal Systems OÜ
1
+ Copyright (c) 2020-2024 Postal Systems OÜ
2
2
 
3
3
  Permission is hereby granted, free of charge, to any person obtaining a copy
4
4
  of this software and associated documentation files (the "Software"), to deal
package/README.md CHANGED
@@ -470,6 +470,6 @@ const { authenticate } = require('mailauth');
470
470
 
471
471
  ## License
472
472
 
473
- © 2020-2022 Postal Systems OÜ
473
+ © 2020-2024 Postal Systems OÜ
474
474
 
475
475
  Licensed under MIT license
package/lib/arc/index.js CHANGED
@@ -146,7 +146,7 @@ const signAS = async (chain, entry, signatureData) => {
146
146
  .sign(
147
147
  // use `null` as algorithm to detect it from the key file
148
148
  signAlgo === 'rsa' ? algorithm : null,
149
- canonicalizedHeader,
149
+ signAlgo === 'rsa' ? canonicalizedHeader : crypto.createHash('sha256').update(canonicalizedHeader).digest(),
150
150
  privateKey
151
151
  )
152
152
  .toString('base64');
package/lib/bimi/index.js CHANGED
@@ -51,9 +51,9 @@ const lookup = async data => {
51
51
  return response;
52
52
  }
53
53
 
54
- if (dmarc.alignment?.dkim?.overSized) {
54
+ if (dmarc.alignment?.dkim?.underSized) {
55
55
  response.status.result = 'skipped';
56
- response.status.comment = 'Oversized DKIM signature';
56
+ response.status.comment = 'undersized DKIM signature';
57
57
  response.info = formatAuthHeaderRow('bimi', response.status);
58
58
  return response;
59
59
  }
package/lib/dkim/dkim-signer.js CHANGED
@@ -1,6 +1,13 @@
1
1
  'use strict';
2
2
 
3
- const { getSigningHeaderLines, formatSignatureHeaderLine, defaultDKIMFieldNames, defaultARCFieldNames, validateAlgorithm } = require('../../lib/tools');
3
+ const {
4
+ getSigningHeaderLines,
5
+ formatSignatureHeaderLine,
6
+ defaultDKIMFieldNames,
7
+ defaultARCFieldNames,
8
+ validateAlgorithm,
9
+ getPrivateKey
10
+ } = require('../../lib/tools');
4
11
  const { MessageParser } = require('./message-parser');
5
12
  const { dkimBody } = require('./body');
6
13
  const { generateCanonicalizedHeader } = require('./header');
@@ -194,10 +201,23 @@ class DkimSigner extends MessageParser {
194
201
  continue;
195
202
  }
196
203
 
204
+ let privateKeyObj;
205
+
206
+ try {
207
+ privateKeyObj = getPrivateKey(signatureData.privateKey);
208
+ } catch (err) {
209
+ this.errors.push({
210
+ selector: signatureData.selector,
211
+ signingDomain: signatureData.signingDomain,
212
+ err
213
+ });
214
+ continue;
215
+ }
216
+
197
217
  let hashKey = `${bodyCanon}:${hashAlgo}:${signatureData.maxBodyLength}`;
198
218
 
199
219
  try {
200
- let keyType = crypto.createPrivateKey({ key: signatureData.privateKey, format: 'pem' }).asymmetricKeyType;
220
+ let keyType = privateKeyObj.asymmetricKeyType;
201
221
  if (signAlgo && keyType !== signAlgo) {
202
222
  // invalid key type
203
223
  let err = new Error(`Invalid key type: "${keyType}" (expecting "${signAlgo}")`);
@@ -272,8 +292,8 @@ class DkimSigner extends MessageParser {
272
292
  .sign(
273
293
  // use `null` as algorithm to detect it from the key file
274
294
  signAlgo === 'rsa' ? algorithm : null,
275
- canonicalizedHeader,
276
- signatureData.privateKey
295
+ signAlgo === 'rsa' ? canonicalizedHeader : crypto.createHash('sha256').update(canonicalizedHeader).digest(),
296
+ privateKeyObj
277
297
  )
278
298
  .toString('base64');
279
299
 
package/lib/dkim/dkim-verifier.js CHANGED
@@ -230,7 +230,7 @@ class DkimVerifier extends MessageParser {
230
230
  try {
231
231
  status.result = crypto.verify(
232
232
  signatureHeader.signAlgo === 'rsa' ? signatureHeader.algorithm : null,
233
- canonicalizedHeader,
233
+ signatureHeader.signAlgo === 'rsa' ? canonicalizedHeader : crypto.createHash('sha256').update(canonicalizedHeader).digest(),
234
234
  publicKey,
235
235
  Buffer.from(signatureHeader.parsed?.b?.value, 'base64')
236
236
  )
@@ -338,7 +338,7 @@ class DkimVerifier extends MessageParser {
338
338
  result.canonBodyLengthLimited = true;
339
339
  result.canonBodyLengthLimit = signatureHeader.maxBodyLength;
340
340
  if (result.canonBodyLengthTotal > result.canonBodyLength) {
341
- status.overSized = result.canonBodyLengthTotal - result.canonBodyLength;
341
+ status.underSized = result.canonBodyLengthTotal - result.canonBodyLength;
342
342
  }
343
343
  } else {
344
344
  result.canonBodyLengthLimited = false;
package/lib/dmarc/verify.js CHANGED
@@ -102,7 +102,7 @@ const verifyDmarc = async opts => {
102
102
 
103
103
  alignment: {
104
104
  spf: { result: spfAlignment?.domain, strict: dmarcRecord.aspf === 's' },
105
- dkim: { result: dkimAlignment?.domain, strict: dmarcRecord.adkim === 's', overSized: dkimAlignment?.overSized }
105
+ dkim: { result: dkimAlignment?.domain, strict: dmarcRecord.adkim === 's', underSized: dkimAlignment?.underSized }
106
106
  }
107
107
  });
108
108
  };
package/lib/mailauth.js CHANGED
@@ -125,7 +125,7 @@ const authenticate = async (input, opts) => {
125
125
  id: r.id,
126
126
  domain: r.signingDomain,
127
127
  aligned: r.status.aligned,
128
- overSized: r.status.overSized
128
+ underSized: r.status.underSized
129
129
  })),
130
130
  arcResult,
131
131
  resolver: opts.resolver
package/lib/tools.js CHANGED
@@ -333,6 +333,28 @@ const getPublicKey = async (type, name, minBitLength, resolver) => {
333
333
  throw err;
334
334
  };
335
335
 
336
+ const getPrivateKey = privateKeyBuf => {
337
+ let privateKeyOpts;
338
+
339
+ if (typeof privateKeyBuf === 'string') {
340
+ privateKeyBuf = Buffer.from(privateKeyBuf);
341
+ }
342
+
343
+ if (privateKeyBuf.length === 32) {
344
+ // seems like a raw ed25519 key
345
+ privateKeyBuf = Buffer.concat([Buffer.from('MC4CAQAwBQYDK2VwBCIEIA==', 'base64'), privateKeyBuf]);
346
+ privateKeyOpts = {
347
+ key: privateKeyBuf,
348
+ format: 'der',
349
+ type: 'pkcs8'
350
+ };
351
+ } else {
352
+ privateKeyOpts = { key: privateKeyBuf, format: 'pem' };
353
+ }
354
+
355
+ return crypto.createPrivateKey(privateKeyOpts);
356
+ };
357
+
336
358
  const fetch = url =>
337
359
  new Promise((resolve, reject) => {
338
360
  https
@@ -398,8 +420,8 @@ const formatAuthHeaderRow = (method, status) => {
398
420
 
399
421
  parts.push(`${method}=${status.result || 'none'}`);
400
422
 
401
- if (status.overSized) {
402
- parts.push(`(${escapeCommentValue(`oversized signature ${status.overSized}B`)})`);
423
+ if (status.underSized) {
424
+ parts.push(`(${escapeCommentValue(`undersized signature: ${status.underSized} bytes unsigned`)})`);
403
425
  }
404
426
 
405
427
  if (status.comment) {
@@ -455,7 +477,7 @@ const getAlignment = (fromDomain, domainList, strict) => {
455
477
  }
456
478
  return entry;
457
479
  })
458
- .sort((a, b) => (a.overSized || 0) - (b.overSized || 0));
480
+ .sort((a, b) => (a.underSized || 0) - (b.underSized || 0));
459
481
 
460
482
  if (strict) {
461
483
  fromDomain = formatDomain(fromDomain);
@@ -554,6 +576,7 @@ module.exports = {
554
576
  formatSignatureHeaderLine,
555
577
  parseDkimHeaders,
556
578
  getPublicKey,
579
+ getPrivateKey,
557
580
  formatAuthHeaderRow,
558
581
  escapeCommentValue,
559
582
  fetch,
package/man/mailauth.1 CHANGED
@@ -1,4 +1,4 @@
1
- .TH "MAILAUTH" "1" "January 2024" "v4.6.2" "Mailauth Help"
1
+ .TH "MAILAUTH" "1" "February 2024" "v4.6.4" "Mailauth Help"
2
2
  .SH "NAME"
3
3
  \fBmailauth\fR
4
4
  .QP
@@ -138,7 +138,7 @@ You can split longer TXT strings into multiple strings\. There is no length limi
138
138
  Please report any bugs to https://github\.com/postalsys/mailauth/issues\.
139
139
  .SH LICENSE
140
140
  .P
141
- Copyright (c) 2020\-2022, Postal Systems (MIT)\.
141
+ Copyright (c) 2020\-2024, Postal Systems (MIT)\.
142
142
  .SH SEE ALSO
143
143
  .P
144
144
  node\.js(1)
package/man/man.md CHANGED
@@ -133,7 +133,7 @@ Please report any bugs to https://github.com/postalsys/mailauth/issues.
133
133
 
134
134
  ## LICENSE
135
135
 
136
- Copyright (c) 2020-2022, Postal Systems (MIT).
136
+ Copyright (c) 2020-2024, Postal Systems (MIT).
137
137
 
138
138
  ## SEE ALSO
139
139
 
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "mailauth",
3
- "version": "4.6.2",
3
+ "version": "4.6.4",
4
4
  "description": "Email authentication library for Node.js",
5
5
  "main": "lib/mailauth.js",
6
6
  "scripts": {
@@ -43,16 +43,16 @@
43
43
  "marked-man": "0.7.0",
44
44
  "mbox-reader": "1.1.5",
45
45
  "mocha": "10.2.0",
46
- "npm-check-updates": "16.14.12",
46
+ "npm-check-updates": "16.14.14",
47
47
  "pkg": "5.8.1"
48
48
  },
49
49
  "dependencies": {
50
- "@postalsys/vmc": "1.0.6",
51
- "fast-xml-parser": "4.3.3",
50
+ "@postalsys/vmc": "1.0.8",
51
+ "fast-xml-parser": "4.3.4",
52
52
  "ipaddr.js": "2.1.0",
53
- "joi": "17.12.0",
53
+ "joi": "17.12.1",
54
54
  "libmime": "5.2.1",
55
- "nodemailer": "6.9.8",
55
+ "nodemailer": "6.9.9",
56
56
  "psl": "1.9.0",
57
57
  "punycode": "2.3.1",
58
58
  "undici": "5.28.2",