use emersion/go-msgauth for DKIM

go.mod

@@ -10,15 +10,13 @@ require (
 	github.com/ergochat/go-ident v0.0.0-20230911071154-8c30606d6881
 	github.com/ergochat/irc-go v0.5.0-rc2
 	github.com/go-sql-driver/mysql v1.7.0
-	github.com/go-test/deep v1.0.6 // indirect
 	github.com/gofrs/flock v0.8.1
 	github.com/gorilla/websocket v1.4.2
 	github.com/okzk/sdnotify v0.0.0-20180710141335-d9becc38acbd
 	github.com/onsi/ginkgo v1.12.0 // indirect
 	github.com/onsi/gomega v1.9.0 // indirect
 	github.com/stretchr/testify v1.4.0 // indirect
 	github.com/tidwall/buntdb v1.3.2
-	github.com/toorop/go-dkim v0.0.0-20201103131630-e1cd1a0a5208
 	github.com/xdg-go/scram v1.0.2
 	golang.org/x/crypto v0.32.0
 	golang.org/x/term v0.28.0
@@ -27,6 +25,7 @@ require (
 )
 
 require (
+	github.com/emersion/go-msgauth v0.6.8
 	github.com/ergochat/webpush-go/v2 v2.0.0
 	github.com/golang-jwt/jwt/v5 v5.2.2
 )

go.sum

@@ -6,6 +6,8 @@ github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815 h1:bWDMxwH3px2JBh6AyO7hdCn/PkvCZXii8TGj7sbtEbQ=
 github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE=
+github.com/emersion/go-msgauth v0.6.8 h1:kW/0E9E8Zx5CdKsERC/WnAvnXvX7q9wTHia1OA4944A=
+github.com/emersion/go-msgauth v0.6.8/go.mod h1:YDwuyTCUHu9xxmAeVj0eW4INnwB6NNZoPdLerpSxRrc=
 github.com/ergochat/confusables v0.0.0-20201108231250-4ab98ab61fb1 h1:WLHTOodthVyv5NvYLIvWl112kSFv5IInKKrRN2qpons=
 github.com/ergochat/confusables v0.0.0-20201108231250-4ab98ab61fb1/go.mod h1:mov+uh1DPWsltdQnOdzn08UO9GsJ3MEvhtu0Ci37fdk=
 github.com/ergochat/go-ident v0.0.0-20230911071154-8c30606d6881 h1:+J5m88nvybxB5AnBVGzTXM/yHVytt48rXBGcJGzSbms=
@@ -21,8 +23,6 @@ github.com/ergochat/websocket v1.4.2-oragono1/go.mod h1:YR8l580nyteQvAITg2hZ9XVh
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
 github.com/go-sql-driver/mysql v1.7.0 h1:ueSltNNllEqE3qcWBTD0iQd3IpL/6U+mJxLkazJ7YPc=
 github.com/go-sql-driver/mysql v1.7.0/go.mod h1:OXbVy3sEdcQ2Doequ6Z5BW6fXNQTmx+9S1MCJN5yJMI=
-github.com/go-test/deep v1.0.6 h1:UHSEyLZUwX9Qoi99vVwvewiMC8mM2bf7XEM2nqvzEn8=
-github.com/go-test/deep v1.0.6/go.mod h1:QV8Hv/iy04NyLBxAdO9njL0iVPN1S4d/A3NVv1V36o8=
 github.com/gofrs/flock v0.8.1 h1:+gYjHKf32LDeiEEFhQaotPbLuUXjY5ZqxKgXy7n59aw=
 github.com/gofrs/flock v0.8.1/go.mod h1:F1TvTiK9OcQqauNUHlbJvyl9Qa1QvF/gOUDKA14jxHU=
 github.com/golang-jwt/jwt/v5 v5.2.2 h1:Rl4B7itRWVtYIHFrSNd7vhTiz9UpLdi6gZhZ3wEeDy8=
@@ -64,8 +64,6 @@ github.com/tidwall/rtred v0.1.2 h1:exmoQtOLvDoO8ud++6LwVsAMTu0KPzLTUrMln8u1yu8=
 github.com/tidwall/rtred v0.1.2/go.mod h1:hd69WNXQ5RP9vHd7dqekAz+RIdtfBogmglkZSRxCHFQ=
 github.com/tidwall/tinyqueue v0.1.1 h1:SpNEvEggbpyN5DIReaJ2/1ndroY8iyEGxPYxoSaymYE=
 github.com/tidwall/tinyqueue v0.1.1/go.mod h1:O/QNHwrnjqr6IHItYrzoHAKYhBkLI67Q096fQP5zMYw=
-github.com/toorop/go-dkim v0.0.0-20201103131630-e1cd1a0a5208 h1:PM5hJF7HVfNWmCjMdEfbuOBNXSVF2cMFGgQTPdKCbwM=
-github.com/toorop/go-dkim v0.0.0-20201103131630-e1cd1a0a5208/go.mod h1:BzWtXXrXzZUvMacR0oF/fbDDgUPO8L36tDMmRAf14ns=
 github.com/xdg-go/pbkdf2 v1.0.0 h1:Su7DPu48wXMwC3bs7MCNG+z4FhcyEuz5dlvchbq0B0c=
 github.com/xdg-go/pbkdf2 v1.0.0/go.mod h1:jrpuAogTd400dnrH08LKmI/xc1MbPOebTwRqcT5RDeI=
 github.com/xdg-go/stringprep v1.0.2 h1:6iq84/ryjjeRmMJwxutI51F2GIPlP5BfTvXHeYjyhBc=

irc/email/dkim.go

@@ -4,9 +4,18 @@
 package email
 
 import (
+	"bytes"
+	"crypto"
+	"crypto/ed25519"
+	"crypto/rsa"
+	"crypto/x509"
+	"encoding/pem"
 	"errors"
-	dkim "github.com/toorop/go-dkim"
+	"fmt"
+
 	"os"
+
+	dkim "github.com/emersion/go-msgauth/dkim"
 )
 
 var (
@@ -17,38 +26,77 @@ type DKIMConfig struct {
 	Domain   string
 	Selector string
 	KeyFile  string `yaml:"key-file"`
-	keyBytes []byte
+	privKey  crypto.Signer
+}
+
+func (dkim *DKIMConfig) Enabled() bool {
+	return dkim.Domain != ""
 }
 
 func (dkim *DKIMConfig) Postprocess() (err error) {
-	if dkim.Domain != "" {
-		if dkim.Selector == "" || dkim.KeyFile == "" {
-			return ErrMissingFields
-		}
-		dkim.keyBytes, err = os.ReadFile(dkim.KeyFile)
-		if err != nil {
-			return err
-		}
+	if !dkim.Enabled() {
+		return nil
 	}
+
+	if dkim.Selector == "" || dkim.KeyFile == "" {
+		return ErrMissingFields
+	}
+
+	keyBytes, err := os.ReadFile(dkim.KeyFile)
+	if err != nil {
+		return fmt.Errorf("Could not read DKIM key file: %w", err)
+	}
+	dkim.privKey, err = parseDKIMPrivKey(keyBytes)
+	if err != nil {
+		return fmt.Errorf("Could not parse DKIM key file: %w", err)
+	}
+
 	return nil
 }
 
-var defaultOptions = dkim.SigOptions{
-	Version:               1,
-	Canonicalization:      "relaxed/relaxed",
-	Algo:                  "rsa-sha256",
-	Headers:               []string{"from", "to", "subject", "message-id", "date"},
-	BodyLength:            0,
-	QueryMethods:          []string{"dns/txt"},
-	AddSignatureTimestamp: true,
-	SignatureExpireIn:     0,
+func parseDKIMPrivKey(input []byte) (crypto.Signer, error) {
+	if len(input) == 0 {
+		return nil, errors.New("DKIM private key is empty")
+	}
+
+	// raw ed25519 private key format
+	if len(input) == ed25519.PrivateKeySize {
+		return ed25519.PrivateKey(input), nil
+	}
+
+	d, _ := pem.Decode(input)
+	if d == nil {
+		return nil, errors.New("Invalid PEM data for DKIM private key")
+	}
+
+	if rsaKey, err := x509.ParsePKCS1PrivateKey(d.Bytes); err == nil {
+		return rsaKey, nil
+	}
+
+	if k, err := x509.ParsePKCS8PrivateKey(d.Bytes); err == nil {
+		switch key := k.(type) {
+		case *rsa.PrivateKey:
+			return key, nil
+		case ed25519.PrivateKey:
+			return key, nil
+		default:
+			return nil, fmt.Errorf("Unacceptable type for DKIM private key: %T", k)
+		}
+	}
+
+	return nil, errors.New("No acceptable format for DKIM private key")
 }
 
 func DKIMSign(message []byte, dkimConfig DKIMConfig) (result []byte, err error) {
-	options := defaultOptions
-	options.PrivateKey = dkimConfig.keyBytes
-	options.Domain = dkimConfig.Domain
-	options.Selector = dkimConfig.Selector
-	err = dkim.Sign(&message, options)
-	return message, err
+	options := dkim.SignOptions{
+		Domain:                 dkimConfig.Domain,
+		Selector:               dkimConfig.Selector,
+		Signer:                 dkimConfig.privKey,
+		HeaderCanonicalization: dkim.CanonicalizationRelaxed,
+		BodyCanonicalization:   dkim.CanonicalizationRelaxed,
+	}
+	input := bytes.NewBuffer(message)
+	output := bytes.NewBuffer(make([]byte, 0, len(message)+1024))
+	err = dkim.Sign(output, input, &options)
+	return output.Bytes(), err
 }

irc/email/email.go

@@ -233,7 +233,7 @@ func SendMail(config MailtoConfig, recipient string, msg []byte) (err error) {
 		}
 	}
 
-	if config.DKIM.Domain != "" {
+	if config.DKIM.Enabled() {
 		msg, err = DKIMSign(msg, config.DKIM)
 		if err != nil {
 			return