mailauth - npm Package Compare versions

Comparing version 4.6.3 to 4.6.4

CHANGELOG.md

 # Changelog
 
+## [4.6.4](https://github.com/postalsys/mailauth/compare/v4.6.3...v4.6.4) (2024-02-05)
+
+
+### Bug Fixes
+
+* **ed25519:** Fixed ed25519 signing and verification ([40f1245](https://github.com/postalsys/mailauth/commit/40f12457d8f49f0ea21015fe4203b4de746ab7b8))
+
 ## [4.6.3](https://github.com/postalsys/mailauth/compare/v4.6.2...v4.6.3) (2024-01-26)
@@ -4,0 +11,0 @@

lib/arc/index.js

@@ -149,3 +149,3 @@ 'use strict';
             signAlgo === 'rsa' ? algorithm : null,
-            canonicalizedHeader,
+            signAlgo === 'rsa' ? canonicalizedHeader : crypto.createHash('sha256').update(canonicalizedHeader).digest(),
             privateKey
@@ -152,0 +152,0 @@ )

lib/dkim/dkim-signer.js

 'use strict';
 
-const { getSigningHeaderLines, formatSignatureHeaderLine, defaultDKIMFieldNames, defaultARCFieldNames, validateAlgorithm } = require('../../lib/tools');
+const {
+    getSigningHeaderLines,
+    formatSignatureHeaderLine,
+    defaultDKIMFieldNames,
+    defaultARCFieldNames,
+    validateAlgorithm,
+    getPrivateKey
+} = require('../../lib/tools');
 const { MessageParser } = require('./message-parser');
@@ -197,6 +204,19 @@ const { dkimBody } = require('./body');
 
+            let privateKeyObj;
+
+            try {
+                privateKeyObj = getPrivateKey(signatureData.privateKey);
+            } catch (err) {
+                this.errors.push({
+                    selector: signatureData.selector,
+                    signingDomain: signatureData.signingDomain,
+                    err
+                });
+                continue;
+            }
+
             let hashKey = `${bodyCanon}:${hashAlgo}:${signatureData.maxBodyLength}`;
 
             try {
-                let keyType = crypto.createPrivateKey({ key: signatureData.privateKey, format: 'pem' }).asymmetricKeyType;
+                let keyType = privateKeyObj.asymmetricKeyType;
                 if (signAlgo && keyType !== signAlgo) {
@@ -276,4 +296,4 @@ // invalid key type
                         signAlgo === 'rsa' ? algorithm : null,
-                        canonicalizedHeader,
-                        signatureData.privateKey
+                        signAlgo === 'rsa' ? canonicalizedHeader : crypto.createHash('sha256').update(canonicalizedHeader).digest(),
+                        privateKeyObj
                     )
@@ -280,0 +300,0 @@ .toString('base64');

lib/dkim/dkim-verifier.js

@@ -233,3 +233,3 @@ 'use strict';
                                 signatureHeader.signAlgo === 'rsa' ? signatureHeader.algorithm : null,
-                                canonicalizedHeader,
+                                signatureHeader.signAlgo === 'rsa' ? canonicalizedHeader : crypto.createHash('sha256').update(canonicalizedHeader).digest(),
                                 publicKey,
@@ -236,0 +236,0 @@ Buffer.from(signatureHeader.parsed?.b?.value, 'base64')

lib/tools.js

@@ -336,2 +336,24 @@ /* eslint no-control-regex: 0 */
 
+const getPrivateKey = privateKeyBuf => {
+    let privateKeyOpts;
+
+    if (typeof privateKeyBuf === 'string') {
+        privateKeyBuf = Buffer.from(privateKeyBuf);
+    }
+
+    if (privateKeyBuf.length === 32) {
+        // seems like a raw ed25519 key
+        privateKeyBuf = Buffer.concat([Buffer.from('MC4CAQAwBQYDK2VwBCIEIA==', 'base64'), privateKeyBuf]);
+        privateKeyOpts = {
+            key: privateKeyBuf,
+            format: 'der',
+            type: 'pkcs8'
+        };
+    } else {
+        privateKeyOpts = { key: privateKeyBuf, format: 'pem' };
+    }
+
+    return crypto.createPrivateKey(privateKeyOpts);
+};
+
 const fetch = url =>
@@ -403,3 +425,3 @@ new Promise((resolve, reject) => {
     if (status.underSized) {
-        parts.push(`(${escapeCommentValue(`undersized signature: ${status.underSized}`)})`);
+        parts.push(`(${escapeCommentValue(`undersized signature: ${status.underSized} bytes unsigned`)})`);
     }
@@ -559,2 +581,3 @@
     getPublicKey,
+    getPrivateKey,
     formatAuthHeaderRow,
@@ -561,0 +584,0 @@ escapeCommentValue,

package.json

 {
     "name": "mailauth",
-    "version": "4.6.3",
+    "version": "4.6.4",
     "description": "Email authentication library for Node.js",
@@ -46,12 +46,12 @@ "main": "lib/mailauth.js",
         "mocha": "10.2.0",
-        "npm-check-updates": "16.14.13",
+        "npm-check-updates": "16.14.14",
         "pkg": "5.8.1"
     },
     "dependencies": {
-        "@postalsys/vmc": "1.0.6",
-        "fast-xml-parser": "4.3.3",
+        "@postalsys/vmc": "1.0.8",
+        "fast-xml-parser": "4.3.4",
         "ipaddr.js": "2.1.0",
-        "joi": "17.12.0",
+        "joi": "17.12.1",
         "libmime": "5.2.1",
-        "nodemailer": "6.9.8",
+        "nodemailer": "6.9.9",
         "psl": "1.9.0",
@@ -58,0 +58,0 @@ "punycode": "2.3.1",

No alert changes

Improved metrics

Total package byte prevSize

277077

increased by0.56%

Lines of code

5388

increased by0.69%

Dependency changes

• + Added@peculiar/asn1-schema@2.3.8(transitive)

• + Added@peculiar/asn1-x509@2.3.8(transitive)

• + Added@peculiar/asn1-x509-logotype@2.3.8(transitive)

• + Added@postalsys/vmc@1.0.8(transitive)

• + Addedfast-xml-parser@4.3.4(transitive)

• + Addedjoi@17.12.1(transitive)

• + Addednodemailer@6.9.9(transitive)

• - Removed@peculiar/asn1-schema@2.3.0(transitive)

• - Removed@peculiar/asn1-x509@2.3.0(transitive)

• - Removed@peculiar/asn1-x509-logotype@2.3.0(transitive)

• - Removed@postalsys/vmc@1.0.6(transitive)

• - Removedfast-xml-parser@4.3.3(transitive)

• - Removedjoi@17.12.0(transitive)

• - Removednodemailer@6.9.8(transitive)

• Updated@postalsys/vmc@1.0.8

• Updatedfast-xml-parser@4.3.4

• Updatedjoi@17.12.1

• Updatednodemailer@6.9.9