From 89db7a40a1f4de2bb41756e6bcf2260d2fa609be Mon Sep 17 00:00:00 2001 From: Saleel Date: Wed, 16 Oct 2024 22:59:52 +0100 Subject: [PATCH 1/3] chore: add DKIMVerificationArgs --- packages/helpers/src/input-generators.ts | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) diff --git a/packages/helpers/src/input-generators.ts b/packages/helpers/src/input-generators.ts index 0610d6ed..b35efe0c 100644 --- a/packages/helpers/src/input-generators.ts +++ b/packages/helpers/src/input-generators.ts @@ -29,6 +29,12 @@ type InputGenerationArgs = { bodyMask?: number[]; }; +type DKIMVerificationArgs = { + domain?: string; + enableSanitization?: boolean; + fallbackToZKEmailDNSArchive?: boolean; +}; + function removeSoftLineBreaks(body: string[]): string[] { const result = []; let i = 0; @@ -58,16 +64,23 @@ function removeSoftLineBreaks(body: string[]): string[] { * * @description Generate circuit inputs for the EmailVerifier circuit from raw email content * @param rawEmail Full email content as a buffer or string - * @param params Arguments to control the input generation + * @param inputParams Arguments to control the input generation + * @param dkimVerificationArgs Arguments to control the DKIM verification * @returns Circuit inputs for the EmailVerifier circuit */ export async function generateEmailVerifierInputs( rawEmail: Buffer | string, - params: InputGenerationArgs = {}, + inputParams: InputGenerationArgs = {}, + dkimVerificationArgs: DKIMVerificationArgs = {}, ) { - const dkimResult = await verifyDKIMSignature(rawEmail); + const dkimResult = await verifyDKIMSignature( + rawEmail, + dkimVerificationArgs.domain, + dkimVerificationArgs.enableSanitization, + dkimVerificationArgs.fallbackToZKEmailDNSArchive, + ); - return generateEmailVerifierInputsFromDKIMResult(dkimResult, params); + return generateEmailVerifierInputsFromDKIMResult(dkimResult, inputParams); } /** From 18f874691b971ed9663b02b9eeba5aac393613e1 Mon Sep 17 00:00:00 2001 From: Saleel Date: Wed, 16 Oct 2024 23:02:11 +0100 Subject: [PATCH 2/3] fix: add subdomain support in dns-archive.ts --- packages/helpers/src/dkim/dns-archive.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/helpers/src/dkim/dns-archive.ts b/packages/helpers/src/dkim/dns-archive.ts index 964fd9b7..06b9b91b 100644 --- a/packages/helpers/src/dkim/dns-archive.ts +++ b/packages/helpers/src/dkim/dns-archive.ts @@ -8,7 +8,7 @@ export async function resolveDNSFromZKEmailArchive(name: string, type: string) { } // Get domain from full dns record name - $selector._domainkey.$domain.com - const domain = name.split('.').slice(-2).join('.'); + const domain = name.split('.').slice(2).join('.'); const selector = name.split('.')[0]; const queryUrl = new URL(ZKEMAIL_DNS_ARCHIVER_API); From ba1c892949c169fb395d1abe68d5c31bbd5eaab0 Mon Sep 17 00:00:00 2001 From: Saleel Date: Wed, 16 Oct 2024 23:13:20 +0100 Subject: [PATCH 3/3] fix: handle missing p= value --- packages/helpers/src/dkim/dns-over-http.ts | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/packages/helpers/src/dkim/dns-over-http.ts b/packages/helpers/src/dkim/dns-over-http.ts index 3481c1dd..76289d7d 100644 --- a/packages/helpers/src/dkim/dns-over-http.ts +++ b/packages/helpers/src/dkim/dns-over-http.ts @@ -65,7 +65,7 @@ export class DoH { if (result.Status === DoH.DoHStatusNoError && result.Answer.length > 0) { for (const ans of result.Answer) { if (ans.type === DoH.DoHTypeTXT) { - let DKIMRecord = ans.data; + let dkimRecord = ans.data; /* Remove all double quotes Some DNS providers wrap TXT records in double quotes, @@ -73,8 +73,8 @@ export class DoH { TXT (potentially multi-line) and DKIM (Base64 data) standards, we can directly remove all double quotes from the DKIM public key. */ - DKIMRecord = DKIMRecord.replace(/"/g, ""); - return DKIMRecord; + dkimRecord = dkimRecord.replace(/"/g, ""); + return dkimRecord; } } } @@ -115,6 +115,15 @@ export async function resolveDNSHTTP(name: string, type: string) { throw new CustomError('No DKIM record found in Google', 'ENODATA'); } + const regex = /p=([^;]*)/; + const match = regex.exec(googleResult); + if (match) { + const valueAfterP = match[1]; // Extracting the value after p= + if (valueAfterP === '') { + throw new CustomError('No DKIM record found in Google (empty p=)', 'ENODATA'); + } + } + const cloudflareResult = await DoH.resolveDKIMPublicKey( name, DoHServer.Cloudflare