full tested to work with all cases

zkemail · Oct 3, 2024 · 3196238 · 3196238
1 parent fce02ba
commit 3196238
Show file tree

Hide file tree

Showing 8 changed files with 69 additions and 83 deletions.
diff --git a/examples/partial_hash/src/main.nr b/examples/partial_hash/src/main.nr
@@ -1,5 +1,5 @@
 use dep::zkemail::{
-    KEY_LIMBS_2048, base64::bodyhash_base64_decode, dkim::verify_dkim_2048, body_hash::get_body_hash_by_index,
+    KEY_LIMBS_2048, dkim::verify_dkim_2048, get_body_hash_by_index, base64::body_hash_base64_decode,
     partial_hash::partial_sha256_var_end, standard_outputs
 };
 
@@ -42,12 +42,10 @@ fn main(
 
     // manually extract the body hash from the header
     let body_hash_encoded = get_body_hash_by_index(header, body_hash_index);
-    let signed_body_hash: [u8; 32] = bodyhash_base64_decode(body_hash_encoded);
+    let signed_body_hash: [u8; 32] = body_hash_base64_decode(body_hash_encoded);
 
     // finish the partial hash
     let computed_body_hash = partial_sha256_var_end(partial_body_hash, body, partial_body_length as u64, body_length as u64);    
-    println(signed_body_hash);
-    println(computed_body_hash);
 
     // check the body hashes match
     assert(

diff --git a/examples/verify_email_1024_bit_dkim/src/main.nr b/examples/verify_email_1024_bit_dkim/src/main.nr
@@ -1,7 +1,8 @@
 use dep::zkemail::{
-    KEY_LIMBS_1024, dkim::verify_dkim_1024, body_hash::{get_body_hash_by_index, compare_body_hash},
+    KEY_LIMBS_1024, dkim::verify_dkim_1024, get_body_hash_by_index, base64::body_hash_base64_decode,
     standard_outputs
 };
+use dep::std::hash::sha256_var;
 
 global MAX_EMAIL_HEADER_LENGTH: u32 = 512;
 global MAX_EMAIL_BODY_LENGTH: u32 = 1024;
@@ -38,11 +39,19 @@ fn main(
     // verify the dkim signature over the header
     verify_dkim_1024(header, header_length, pubkey, pubkey_redc, signature);
 
-    // manually extract the body hash from the header
+    // extract the body hash from the header
     let body_hash_encoded = get_body_hash_by_index(header, body_hash_index);
 
-    // compare the retrieved body hash to the computed body hash
-    compare_body_hash(body_hash_encoded, body, body_length);
+    // base64 decode the body hash
+    let signed_body_hash: [u8; 32] = body_hash_base64_decode(body_hash_encoded);
+
+    // hash the asserted body
+    let computed_body_hash: [u8; 32] = sha256_var(body, body_length as u64);
+
+    // compare the body hashes
+    assert(
+        signed_body_hash == computed_body_hash, "SHA256 hash computed over body does not match body hash found in DKIM-signed header"
+    );
 
     // hash the pubkey and signature for the standard outputs
     standard_outputs(pubkey, signature)

diff --git a/examples/verify_email_2048_bit_dkim/src/main.nr b/examples/verify_email_2048_bit_dkim/src/main.nr
@@ -1,7 +1,8 @@
 use dep::zkemail::{
-    KEY_LIMBS_2048, dkim::verify_dkim_2048, body_hash::{get_body_hash_by_index, compare_body_hash},
+    KEY_LIMBS_2048, dkim::verify_dkim_2048, get_body_hash_by_index, base64::body_hash_base64_decode,
     standard_outputs
 };
+use dep::std::hash::sha256_var;
 
 global MAX_EMAIL_HEADER_LENGTH: u32 = 512;
 global MAX_EMAIL_BODY_LENGTH: u32 = 1024;
@@ -38,11 +39,19 @@ fn main(
     // verify the dkim signature over the header
     verify_dkim_2048(header, header_length, pubkey, pubkey_redc, signature);
 
-    // manually extract the body hash from the header
+    // extract the body hash from the header
     let body_hash_encoded = get_body_hash_by_index(header, body_hash_index);
 
-    // compare the retrieved body hash to the computed body hash
-    compare_body_hash(body_hash_encoded, body, body_length);
+    // base64 decode the body hash
+    let signed_body_hash: [u8; 32] = body_hash_base64_decode(body_hash_encoded);
+
+    // hash the asserted body
+    let computed_body_hash: [u8; 32] = sha256_var(body, body_length as u64);
+
+    // compare the body hashes
+    assert(
+        signed_body_hash == computed_body_hash, "SHA256 hash computed over body does not match body hash found in DKIM-signed header"
+    );
 
     // hash the pubkey and signature for the standard outputs
     standard_outputs(pubkey, signature)

diff --git a/js/src/index.ts b/js/src/index.ts
@@ -138,7 +138,7 @@ export function generateEmailVerifierInputsFromDKIMResult(
     });
 
     // idk why this gets out of sync, todo: fix
-    if (bodyRemaining.length != bodyRemainingLength) {
+    if (params.shaPrecomputeSelector && bodyRemaining.length != bodyRemainingLength) {
       bodyRemaining = bodyRemaining.slice(0, bodyRemainingLength);
     }
 

diff --git a/js/tests/circuits.test.ts b/js/tests/circuits.test.ts
@@ -32,7 +32,8 @@ function makeProver(circuit: CompiledCircuit): Prover {
 }
 
 async function teardownProver(prover: Prover) {
-  await prover.barretenberg.destroy(), await prover.ultraHonk.destroy();
+  await prover.barretenberg.destroy();
+  await prover.ultraHonk.destroy();
 }
 
 describe("Fixed Size Circuit Input", () => {
@@ -57,8 +58,8 @@ describe("Fixed Size Circuit Input", () => {
     teardownProver(prover2048);
     teardownProver(proverPartialHash);
   });
-  xdescribe("UltraHonk", () => {
-    xit("UltraHonk::SmallEmail", async () => {
+  describe("UltraHonk", () => {
+    it("UltraHonk::SmallEmail", async () => {
       const inputs = await generateEmailVerifierInputs(
         emails.small,
         inputParams
@@ -81,7 +82,7 @@ describe("Fixed Size Circuit Input", () => {
     });
   });
 
-  xdescribe("UltraPlonk", () => {
+  describe("UltraPlonk", () => {
     it("UltraPlonk::SmallEmail", async () => {
       const inputs = await generateEmailVerifierInputs(
         emails.small,
@@ -111,7 +112,7 @@ describe("Fixed Size Circuit Input", () => {
       const inputs = await generateEmailVerifierInputs(emails.large, {
         shaPrecomputeSelector: selectorText,
         maxHeadersLength: 512,
-        maxBodyLength: 192
+        maxBodyLength: 192,
       });
       const { witness } = await proverPartialHash.noir.execute(inputs);
       const proof = await proverPartialHash.barretenberg.generateProof(witness);
@@ -123,7 +124,7 @@ describe("Fixed Size Circuit Input", () => {
       const inputs = await generateEmailVerifierInputs(emails.large, {
         shaPrecomputeSelector: selectorText,
         maxHeadersLength: 512,
-        maxBodyLength: 192
+        maxBodyLength: 192,
       });
       const { witness } = await proverPartialHash.noir.execute(inputs);
       const proof = await proverPartialHash.ultraHonk.generateProof(witness);

diff --git a/lib/src/base64.nr b/lib/src/base64.nr
@@ -9,7 +9,7 @@ use crate::BODY_HASH_BASE64_LENGTH;
  * @param encoded - the base 64 encoded body hash
  * @returns the decoded sha256 hash
  */
-pub fn bodyhash_base64_decode(encoded: [u8; BODY_HASH_BASE64_LENGTH]) -> [u8; 32] {
+pub fn body_hash_base64_decode(encoded: [u8; BODY_HASH_BASE64_LENGTH]) -> [u8; 32] {
     let mut total_bits = [0 as u1; BODY_HASH_BASE64_LENGTH * 6];
     for i in 0..BODY_HASH_BASE64_LENGTH {
         let translate = base64_lookup(encoded[i] as u8);

diff --git a/lib/src/body_hash.nr b/lib/src/body_hash.nr
diff --git a/lib/src/lib.nr b/lib/src/lib.nr
@@ -2,7 +2,6 @@ use dep::std::hash::pedersen_hash;
 
 mod dkim;
 mod partial_hash;
-mod body_hash;
 mod base64;
 
 global RSA_EXPONENT: u32 = 65537;
@@ -12,6 +11,38 @@ global KEY_LIMBS_1024: u32 = 9;
 global KEY_LIMBS_2048: u32 = 18;
 global BODY_HASH_BASE64_LENGTH: u32 = 44;
 
+/**
+ * Get the body hash from the header by allowing circuit input to choose index
+ * @notice unsafe, can theoretically make a recipient display name = the bh
+ *
+ * @param HEADER_LENGTH - The length of the email header
+ * @param header - The email header as validated in the DKIM signature
+ * @param index - The asserted index to find the body hash at
+ * @returns The base 64 encoded body hash
+ */
+pub fn get_body_hash_by_index<let MAX_HEADER_LENGTH: u32>(
+    header: [u8; MAX_HEADER_LENGTH],
+    index: u32
+) -> [u8; BODY_HASH_BASE64_LENGTH] {
+    // check index range
+    assert(index >= 3, "Index does not leave room for 'bh=' prefix");
+    assert(index + BODY_HASH_BASE64_LENGTH < MAX_HEADER_LENGTH, "Index does not leave room for body hash");
+    // check for 'bh=' prefix
+    let BH_PREFIX: [u8; 3] = [98, 104, 61]; // "bh="
+    for i in 0..3 {
+        assert(header[index - 3 + i] == BH_PREFIX[i], "No 'bh=' prefix found");
+    }
+    // check for base64 suffix
+    let BH_SUFFIX: u8 = 59; // ";"
+    assert(header[index + BODY_HASH_BASE64_LENGTH] == BH_SUFFIX, "No base64 suffix found");
+    // retrieve body hash
+    let mut body_hash = [0 as u8; BODY_HASH_BASE64_LENGTH];
+    for i in 0..BODY_HASH_BASE64_LENGTH {
+        body_hash[i] = header[index + i];
+    }
+    body_hash
+}
+
 /**
  * Standard outputs that essentially every email circuit will need to export (alongside app-specific outputs)
  * @notice if you only need the pubkey hash just import pedersen and hash away