Added additional Ed25519 tests (still failing)

postalsys · Sep 28, 2023 · 626bb55 · 626bb55
1 parent ab63e72
commit 626bb55
Show file tree

Hide file tree

Showing 7 changed files with 157 additions and 8 deletions.
diff --git a/lib/dkim/dkim-verifier.js b/lib/dkim/dkim-verifier.js
@@ -182,7 +182,8 @@ class DkimVerifier extends MessageParser {
 
                 let signingHeaders = {
                     keys: signingHeaderLines.keys,
-                    headers: signingHeaderLines.headers.map(l => l.line.toString())
+                    headers: signingHeaderLines.headers.map(l => l.line.toString()),
+                    canonicalizedHeader: canonicalizedHeader.toString('base64')
                 };
 
                 let publicKey, rr, modulusLength;

diff --git a/package.json b/package.json
@@ -32,10 +32,10 @@
     },
     "homepage": "https://github.com/postalsys/mailauth",
     "devDependencies": {
-        "chai": "4.3.7",
-        "eslint": "8.46.0",
+        "chai": "4.3.9",
+        "eslint": "8.50.0",
         "eslint-config-nodemailer": "1.2.0",
-        "eslint-config-prettier": "8.10.0",
+        "eslint-config-prettier": "9.0.0",
         "js-yaml": "4.1.0",
         "license-report": "6.4.0",
         "marked": "0.7.0",
@@ -46,14 +46,14 @@
     },
     "dependencies": {
         "@postalsys/vmc": "1.0.6",
-        "fast-xml-parser": "4.2.7",
+        "fast-xml-parser": "4.3.1",
         "ipaddr.js": "2.1.0",
-        "joi": "17.9.2",
+        "joi": "17.10.2",
         "libmime": "5.2.1",
-        "nodemailer": "6.9.4",
+        "nodemailer": "6.9.5",
         "psl": "1.9.0",
         "punycode": "2.3.0",
-        "undici": "5.23.0",
+        "undici": "5.25.2",
         "yargs": "17.7.2"
     },
     "engines": {

diff --git a/test/dkim/ec/fixtures/dns.json b/test/dkim/ec/fixtures/dns.json
@@ -0,0 +1,19 @@
+{
+    "brisbane._domainkey.football.example.com": {
+        "TXT": [["v=DKIM1; k=ed25519; p=11qYAYKxCrfVS/7TyWQHOg7hcvPapiMlrwIaaPcHURo="]]
+    },
+    "test._domainkey.football.example.com": {
+        "TXT": [
+            [
+                "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDkHlOQoBTzWR",
+                "iGs5V6NpP3idY6Wk08a5qhdR6wy5bdOKb2jLQiY/J16JYi0Qvx/byYzCNb3W91y3FutAC",
+                "DfzwQ/BC/e/8uBsCR+yz1Lxj+PL6lHvqMKrM3rG4hstT5QjvHO9PzoxZyVYLzBfO2EeC3",
+                "Ip3G+2kryOTIKT+l/K4w3QIDAQAB"
+            ]
+        ]
+    },
+
+    "football.example.com": {
+        "TXT": [["v=spf1 ip4:213.165.64.12/32", " ~all"]]
+    }
+}
diff --git a/test/dkim/ec/fixtures/private-ec.key b/test/dkim/ec/fixtures/private-ec.key
@@ -0,0 +1 @@
+nWGxne/9WmC6hEr0kuwsxERJxWl7MmkZcDusAxyuf2A=
diff --git a/test/dkim/ec/fixtures/private-rsa.key b/test/dkim/ec/fixtures/private-rsa.key
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQDkHlOQoBTzWRiGs5V6NpP3idY6Wk08a5qhdR6wy5bdOKb2jLQi
+Y/J16JYi0Qvx/byYzCNb3W91y3FutACDfzwQ/BC/e/8uBsCR+yz1Lxj+PL6lHvqM
+KrM3rG4hstT5QjvHO9PzoxZyVYLzBfO2EeC3Ip3G+2kryOTIKT+l/K4w3QIDAQAB
+AoGAH0cxOhFZDgzXWhDhnAJDw5s4roOXN4OhjiXa8W7Y3rhX3FJqmJSPuC8N9vQm
+6SVbaLAE4SG5mLMueHlh4KXffEpuLEiNp9Ss3O4YfLiQpbRqE7Tm5SxKjvvQoZZe
+zHorimOaChRL2it47iuWxzxSiRMv4c+j70GiWdxXnxe4UoECQQDzJB/0U58W7RZy
+6enGVj2kWF732CoWFZWzi1FicudrBFoy63QwcowpoCazKtvZGMNlPWnC7x/6o8Gc
+uSe0ga2xAkEA8C7PipPm1/1fTRQvj1o/dDmZp243044ZNyxjg+/OPN0oWCbXIGxy
+WvmZbXriOWoSALJTjExEgraHEgnXssuk7QJBALl5ICsYMu6hMxO73gnfNayNgPxd
+WFV6Z7ULnKyV7HSVYF0hgYOHjeYe9gaMtiJYoo0zGN+L3AAtNP9huqkWlzECQE1a
+licIeVlo1e+qJ6Mgqr0Q7Aa7falZ448ccbSFYEPD6oFxiOl9Y9se9iYHZKKfIcst
+o7DUw1/hz2Ck4N5JrgUCQQCyKveNvjzkkd8HjYs0SwM0fPjK16//5qDZ2UiDGnOe
+uEzxBDAr518Z8VFbR41in3W4Y3yCDgQlLlcETrS+zYcL
+-----END RSA PRIVATE KEY-----
diff --git a/test/dkim/ec/fixtures/signed.eml b/test/dkim/ec/fixtures/signed.eml
@@ -0,0 +1,26 @@
+DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed;
+ d=football.example.com; [email protected];
+ q=dns/txt; s=brisbane; t=1528637909; h=from : to :
+ subject : date : message-id : from : subject : date;
+ bh=2jUSOH9NhtVGCQWNr9BrIAPreKQjO6Sn7XIkfJVOzv8=;
+ b=/gCrinpcQOoIfuHNQIbq4pgh9kyIK3AQUdt9OdqQehSwhEIug4D11Bus
+ Fa3bT3FY5OsU7ZbnKELq+eXdp1Q1Dw==
+DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
+ d=football.example.com; [email protected];
+ q=dns/txt; s=test; t=1528637909; h=from : to : subject :
+ date : message-id : from : subject : date;
+ bh=2jUSOH9NhtVGCQWNr9BrIAPreKQjO6Sn7XIkfJVOzv8=;
+ b=F45dVWDfMbQDGHJFlXUNB2HKfbCeLRyhDXgFpEL8GwpsRe0IeIixNTe3
+ DhCVlUrSjV4BwcVcOF6+FF3Zo9Rpo1tFOeS9mPYQTnGdaSGsgeefOsk2Jz
+ dA+L10TeYt9BgDfQNZtKdN1WO//KgIqXP7OdEFE4LjFYNcUxZQ4FADY+8=
+From: Joe SixPack <[email protected]>
+To: Suzie Q <[email protected]>
+Subject: Is dinner ready?
+Date: Fri, 11 Jul 2003 21:00:37 -0700 (PDT)
+Message-ID: <[email protected]>
+
+Hi.
+
+We lost the game.  Are you hungry yet?
+
+Joe.
diff --git a/test/dkim/ec/verify-signatures-test.js b/test/dkim/ec/verify-signatures-test.js
@@ -0,0 +1,87 @@
+/* eslint no-unused-expressions:0 */
+'use strict';
+
+// FIXME: Ed25519 signing and verification _does not work_
+
+const chai = require('chai');
+const expect = chai.expect;
+const Path = require('path');
+const util = require('util');
+
+const { dkimSign } = require('../../../lib/dkim/sign');
+const { dkimVerify } = require('../../../lib/dkim/verify');
+
+let fs = require('fs');
+
+const curTime = new Date(1528637909000);
+
+const dnsCache = require('./fixtures/dns.json');
+const privateKeyEC = fs.readFileSync(Path.join(__dirname, 'fixtures', 'private-ec.key'));
+const privateKeyRSA = fs.readFileSync(Path.join(__dirname, 'fixtures', 'private-rsa.key'));
+const signedEmail = fs.readFileSync(Path.join(__dirname, 'fixtures', 'signed.eml'));
+
+const formatECPrivateKey = key => {
+    if (key.length === 44) {
+        return `-----BEGIN PRIVATE KEY-----
+${Buffer.concat([Buffer.from('MC4CAQAwBQYDK2VwBCIEIA==', 'base64'), Buffer.from(key, 'base64')]).toString('base64')}
+-----END PRIVATE KEY-----`;
+    }
+    return key;
+};
+
+const cachedResolver = async (name, rr) => {
+    let match = dnsCache?.[name]?.[rr];
+
+    console.log('DNS', name, rr, match);
+
+    if (!match) {
+        let err = new Error('Error');
+        err.code = 'ENOTFOUND';
+        throw err;
+    }
+
+    return match;
+};
+
+chai.config.includeStack = true;
+
+describe('DKIM EC Signature tests', () => {
+    it('Should sign an email', async () => {
+        let ecPrivateKey = formatECPrivateKey(privateKeyEC);
+
+        let res = await dkimSign(signedEmail, {
+            canonicalization: 'relaxed/relaxed',
+            signTime: curTime,
+            signatureData: [
+                {
+                    algorithm: 'rsa-sha256',
+                    signingDomain: 'football.example.com',
+                    selector: 'test',
+                    privateKey: privateKeyRSA
+                },
+
+                {
+                    algorithm: 'ed25519-sha256',
+                    signingDomain: 'football.example.com',
+                    selector: 'brisbane',
+                    privateKey: ecPrivateKey
+                }
+            ]
+        });
+
+        console.log(util.inspect(res, false, 22, true));
+
+        expect(true).to.equal(true);
+    });
+
+    it('Should verify hashes for a signed email', async () => {
+        let res = await dkimVerify(signedEmail, {
+            resolver: cachedResolver,
+            curTime
+        });
+
+        console.log(util.inspect(res, false, 22, true));
+
+        expect(true).to.equal(true);
+    });
+});