mailauth 4.6.3 → 4.6.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +7 -0
- package/lib/arc/index.js +1 -1
- package/lib/dkim/dkim-signer.js +24 -4
- package/lib/dkim/dkim-verifier.js +1 -1
- package/lib/tools.js +24 -1
- package/man/mailauth.1 +1 -1
- package/package.json +6 -6
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,12 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
|
+
## [4.6.4](https://github.com/postalsys/mailauth/compare/v4.6.3...v4.6.4) (2024-02-05)
|
|
4
|
+
|
|
5
|
+
|
|
6
|
+
### Bug Fixes
|
|
7
|
+
|
|
8
|
+
* **ed25519:** Fixed ed25519 signing and verification ([40f1245](https://github.com/postalsys/mailauth/commit/40f12457d8f49f0ea21015fe4203b4de746ab7b8))
|
|
9
|
+
|
|
3
10
|
## [4.6.3](https://github.com/postalsys/mailauth/compare/v4.6.2...v4.6.3) (2024-01-26)
|
|
4
11
|
|
|
5
12
|
|
package/lib/arc/index.js
CHANGED
|
@@ -146,7 +146,7 @@ const signAS = async (chain, entry, signatureData) => {
|
|
|
146
146
|
.sign(
|
|
147
147
|
// use `null` as algorithm to detect it from the key file
|
|
148
148
|
signAlgo === 'rsa' ? algorithm : null,
|
|
149
|
-
canonicalizedHeader,
|
|
149
|
+
signAlgo === 'rsa' ? canonicalizedHeader : crypto.createHash('sha256').update(canonicalizedHeader).digest(),
|
|
150
150
|
privateKey
|
|
151
151
|
)
|
|
152
152
|
.toString('base64');
|
package/lib/dkim/dkim-signer.js
CHANGED
|
@@ -1,6 +1,13 @@
|
|
|
1
1
|
'use strict';
|
|
2
2
|
|
|
3
|
-
const {
|
|
3
|
+
const {
|
|
4
|
+
getSigningHeaderLines,
|
|
5
|
+
formatSignatureHeaderLine,
|
|
6
|
+
defaultDKIMFieldNames,
|
|
7
|
+
defaultARCFieldNames,
|
|
8
|
+
validateAlgorithm,
|
|
9
|
+
getPrivateKey
|
|
10
|
+
} = require('../../lib/tools');
|
|
4
11
|
const { MessageParser } = require('./message-parser');
|
|
5
12
|
const { dkimBody } = require('./body');
|
|
6
13
|
const { generateCanonicalizedHeader } = require('./header');
|
|
@@ -194,10 +201,23 @@ class DkimSigner extends MessageParser {
|
|
|
194
201
|
continue;
|
|
195
202
|
}
|
|
196
203
|
|
|
204
|
+
let privateKeyObj;
|
|
205
|
+
|
|
206
|
+
try {
|
|
207
|
+
privateKeyObj = getPrivateKey(signatureData.privateKey);
|
|
208
|
+
} catch (err) {
|
|
209
|
+
this.errors.push({
|
|
210
|
+
selector: signatureData.selector,
|
|
211
|
+
signingDomain: signatureData.signingDomain,
|
|
212
|
+
err
|
|
213
|
+
});
|
|
214
|
+
continue;
|
|
215
|
+
}
|
|
216
|
+
|
|
197
217
|
let hashKey = `${bodyCanon}:${hashAlgo}:${signatureData.maxBodyLength}`;
|
|
198
218
|
|
|
199
219
|
try {
|
|
200
|
-
let keyType =
|
|
220
|
+
let keyType = privateKeyObj.asymmetricKeyType;
|
|
201
221
|
if (signAlgo && keyType !== signAlgo) {
|
|
202
222
|
// invalid key type
|
|
203
223
|
let err = new Error(`Invalid key type: "${keyType}" (expecting "${signAlgo}")`);
|
|
@@ -272,8 +292,8 @@ class DkimSigner extends MessageParser {
|
|
|
272
292
|
.sign(
|
|
273
293
|
// use `null` as algorithm to detect it from the key file
|
|
274
294
|
signAlgo === 'rsa' ? algorithm : null,
|
|
275
|
-
canonicalizedHeader,
|
|
276
|
-
|
|
295
|
+
signAlgo === 'rsa' ? canonicalizedHeader : crypto.createHash('sha256').update(canonicalizedHeader).digest(),
|
|
296
|
+
privateKeyObj
|
|
277
297
|
)
|
|
278
298
|
.toString('base64');
|
|
279
299
|
|
|
@@ -230,7 +230,7 @@ class DkimVerifier extends MessageParser {
|
|
|
230
230
|
try {
|
|
231
231
|
status.result = crypto.verify(
|
|
232
232
|
signatureHeader.signAlgo === 'rsa' ? signatureHeader.algorithm : null,
|
|
233
|
-
canonicalizedHeader,
|
|
233
|
+
signatureHeader.signAlgo === 'rsa' ? canonicalizedHeader : crypto.createHash('sha256').update(canonicalizedHeader).digest(),
|
|
234
234
|
publicKey,
|
|
235
235
|
Buffer.from(signatureHeader.parsed?.b?.value, 'base64')
|
|
236
236
|
)
|
package/lib/tools.js
CHANGED
|
@@ -333,6 +333,28 @@ const getPublicKey = async (type, name, minBitLength, resolver) => {
|
|
|
333
333
|
throw err;
|
|
334
334
|
};
|
|
335
335
|
|
|
336
|
+
const getPrivateKey = privateKeyBuf => {
|
|
337
|
+
let privateKeyOpts;
|
|
338
|
+
|
|
339
|
+
if (typeof privateKeyBuf === 'string') {
|
|
340
|
+
privateKeyBuf = Buffer.from(privateKeyBuf);
|
|
341
|
+
}
|
|
342
|
+
|
|
343
|
+
if (privateKeyBuf.length === 32) {
|
|
344
|
+
// seems like a raw ed25519 key
|
|
345
|
+
privateKeyBuf = Buffer.concat([Buffer.from('MC4CAQAwBQYDK2VwBCIEIA==', 'base64'), privateKeyBuf]);
|
|
346
|
+
privateKeyOpts = {
|
|
347
|
+
key: privateKeyBuf,
|
|
348
|
+
format: 'der',
|
|
349
|
+
type: 'pkcs8'
|
|
350
|
+
};
|
|
351
|
+
} else {
|
|
352
|
+
privateKeyOpts = { key: privateKeyBuf, format: 'pem' };
|
|
353
|
+
}
|
|
354
|
+
|
|
355
|
+
return crypto.createPrivateKey(privateKeyOpts);
|
|
356
|
+
};
|
|
357
|
+
|
|
336
358
|
const fetch = url =>
|
|
337
359
|
new Promise((resolve, reject) => {
|
|
338
360
|
https
|
|
@@ -399,7 +421,7 @@ const formatAuthHeaderRow = (method, status) => {
|
|
|
399
421
|
parts.push(`${method}=${status.result || 'none'}`);
|
|
400
422
|
|
|
401
423
|
if (status.underSized) {
|
|
402
|
-
parts.push(`(${escapeCommentValue(`undersized signature: ${status.underSized}`)})`);
|
|
424
|
+
parts.push(`(${escapeCommentValue(`undersized signature: ${status.underSized} bytes unsigned`)})`);
|
|
403
425
|
}
|
|
404
426
|
|
|
405
427
|
if (status.comment) {
|
|
@@ -554,6 +576,7 @@ module.exports = {
|
|
|
554
576
|
formatSignatureHeaderLine,
|
|
555
577
|
parseDkimHeaders,
|
|
556
578
|
getPublicKey,
|
|
579
|
+
getPrivateKey,
|
|
557
580
|
formatAuthHeaderRow,
|
|
558
581
|
escapeCommentValue,
|
|
559
582
|
fetch,
|
package/man/mailauth.1
CHANGED
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "mailauth",
|
|
3
|
-
"version": "4.6.
|
|
3
|
+
"version": "4.6.4",
|
|
4
4
|
"description": "Email authentication library for Node.js",
|
|
5
5
|
"main": "lib/mailauth.js",
|
|
6
6
|
"scripts": {
|
|
@@ -43,16 +43,16 @@
|
|
|
43
43
|
"marked-man": "0.7.0",
|
|
44
44
|
"mbox-reader": "1.1.5",
|
|
45
45
|
"mocha": "10.2.0",
|
|
46
|
-
"npm-check-updates": "16.14.
|
|
46
|
+
"npm-check-updates": "16.14.14",
|
|
47
47
|
"pkg": "5.8.1"
|
|
48
48
|
},
|
|
49
49
|
"dependencies": {
|
|
50
|
-
"@postalsys/vmc": "1.0.
|
|
51
|
-
"fast-xml-parser": "4.3.
|
|
50
|
+
"@postalsys/vmc": "1.0.8",
|
|
51
|
+
"fast-xml-parser": "4.3.4",
|
|
52
52
|
"ipaddr.js": "2.1.0",
|
|
53
|
-
"joi": "17.12.
|
|
53
|
+
"joi": "17.12.1",
|
|
54
54
|
"libmime": "5.2.1",
|
|
55
|
-
"nodemailer": "6.9.
|
|
55
|
+
"nodemailer": "6.9.9",
|
|
56
56
|
"psl": "1.9.0",
|
|
57
57
|
"punycode": "2.3.1",
|
|
58
58
|
"undici": "5.28.2",
|