Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add skipBodyHash check flag in verifyDkimSignature function #251

Merged
merged 3 commits into from
Feb 19, 2025
Merged

Add skipBodyHash check flag in verifyDkimSignature function #251

merged 3 commits into from
Feb 19, 2025

Conversation

sukhman-sukh
Copy link
Collaborator

This PR adds an optional flag for skipBodyHash and tests for pass on tampered body as well as bodyless emails with skipBodyHash=true.

@Divide-By-0
Copy link
Member

Can you bump version by minor amount then we can release on NPM to use?

@saleel
Copy link
Member

saleel commented Feb 18, 2025

Hey @sukhman-sukh

Can you give some context on why this is needed? DKIM should pass even now for empty bodies. Did you run in to any issues?
I don't understand why we need "should pass for tampered body if skipBodyHash=true"?

@Divide-By-0
Copy link
Member

Hey @sukhman-sukh

Can you give some context on why this is needed? DKIM should pass even now for empty bodies. Did you run in to any issues? I don't understand why we need "should pass for tampered body if skipBodyHash=true"?

We need it since the archive needs to calculate email header without body access in order to reverse engineer keys, and often body hash calculation fails

saleel
saleel approved these changes Feb 18, 2025
View reviewed changes
Copy link
Member

@saleel saleel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added a minor comment

packages/helpers/src/lib/mailauth/dkim-verifier.ts Outdated
@@ -180,7 +182,7 @@ export class DkimVerifier extends MessageParser {

async finalChunk() {
try {
if (!this.headers || !this.bodyHashes.size) {
if ((!this.headers || !this.bodyHashes.size) && !this.skipBodyHash) {
Copy link
Member

@saleel saleel Feb 18, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How about (!this.headers || (!this.skipBodyHash && !this.bodyHashes.size))? (easier to read I guess)

Copy link
Collaborator Author

@sukhman-sukh sukhman-sukh Feb 18, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, I did the same but It was failing before, I fixed that but forgot to change it back.
Fixed.

@Divide-By-0 Divide-By-0 merged commit b193cf0 into main Feb 19, 2025
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@saleel saleel saleel approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@sukhman-sukh @Divide-By-0 @saleel