forked from zkemail/zk-email-verify
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathUserOverrideableDKIMRegistry.sol
358 lines (334 loc) · 14.1 KB
/
UserOverrideableDKIMRegistry.sol
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
import "@openzeppelin/contracts/access/Ownable.sol";
import "./interfaces/IDKIMRegistry.sol";
import "@openzeppelin/contracts/utils/cryptography/ECDSA.sol";
import {MessageHashUtils} from "@openzeppelin/contracts/utils/cryptography/MessageHashUtils.sol";
import {IERC1271} from "@openzeppelin/contracts/interfaces/IERC1271.sol";
import "@openzeppelin/contracts/utils/Strings.sol";
/**
A Registry that store the hash(dkim_public_key) for each domain
The hash is calculated by taking Poseidon of DKIM key split into 9 chunks of 242 bits each
https://zkrepl.dev/?gist=43ce7dce2466c63812f6efec5b13aa73 can be used to generate the public key hash.
The same code is used in EmailVerifier.sol
Input is DKIM pub key split into 17 chunks of 121 bits. You can use `helpers` package to fetch/split DKIM keys
*/
contract UserOverrideableDKIMRegistry is IDKIMRegistry, Ownable {
using Strings for *;
using ECDSA for *;
event DKIMPublicKeyHashRegistered(
string domainName,
bytes32 publicKeyHash,
address register
);
event DKIMPublicKeyHashRevoked(bytes32 publicKeyHash, address register);
event DKIMPublicKeyHashReactivated(bytes32 publicKeyHash, address register);
// Main authorizer address.
address public mainAuthorizer;
// Mapping from domain name to DKIM public key hash
mapping(string => mapping(bytes32 => mapping(address => bool)))
public dkimPublicKeyHashes;
// DKIM public that are revoked (eg: in case of private key compromise)
mapping(bytes32 => mapping(address => bool))
public revokedDKIMPublicKeyHashes;
// DKIM public that are reactivated (eg: in case that a malicious `mainAuthorizer` revokes a valid public key but a user reactivates it.)
mapping(bytes32 => mapping(address => bool))
public reactivatedDKIMPublicKeyHashes;
string public constant SET_PREFIX = "SET:";
string public constant REVOKE_PREFIX = "REVOKE:";
string public constant REACTIVATE_PREFIX = "REACTIVATE";
constructor(address _owner, address _mainAuthorizer) Ownable(_owner) {
mainAuthorizer = _mainAuthorizer;
}
function isDKIMPublicKeyHashValid(
string memory domainName,
bytes32 publicKeyHash
) public view returns (bool) {
address ownerOfSender = Ownable(msg.sender).owner();
return
isDKIMPublicKeyHashValid(domainName, publicKeyHash, ownerOfSender);
}
function isDKIMPublicKeyHashValid(
string memory domainName,
bytes32 publicKeyHash,
address authorizer
) public view returns (bool) {
require(bytes(domainName).length > 0, "domain name cannot be zero");
require(publicKeyHash != bytes32(0), "public key hash cannot be zero");
require(authorizer != address(0), "authorizer address cannot be zero");
uint256 revokeThreshold = _computeRevokeThreshold(
publicKeyHash,
authorizer
);
uint256 setThreshold = _computeSetThreshold(
domainName,
publicKeyHash,
authorizer
);
if (revokeThreshold >= 1) {
return false;
} else if (setThreshold < 2) {
return false;
} else {
return true;
}
}
/**
* @notice Sets the DKIM public key hash for a given domain with authorization.
* @dev This function allows an authorized user or a contract to set a DKIM public key hash. It uses EIP-1271 or ECDSA for signature verification.
* @param domainName The domain name for which the DKIM public key hash is being set.
* @param publicKeyHash The hash of the DKIM public key to be set.
* @param authorizer The address of the authorizer who can set the DKIM public key hash.
* @param signature The signature proving the authorization to set the DKIM public key hash.
* @custom:require The domain name, public key hash, and authorizer address must not be zero.
* @custom:require The public key hash must not be revoked.
* @custom:require The signature must be valid according to EIP-1271 if the authorizer is a contract, or ECDSA if the authorizer is an EOA.
* @custom:event DKIMPublicKeyHashRegistered Emitted when a DKIM public key hash is successfully set.
*/
function setDKIMPublicKeyHash(
string memory domainName,
bytes32 publicKeyHash,
address authorizer,
bytes memory signature
) public {
require(bytes(domainName).length > 0, "domain name cannot be zero");
require(publicKeyHash != bytes32(0), "public key hash cannot be zero");
require(authorizer != address(0), "authorizer address cannot be zero");
require(
revokedDKIMPublicKeyHashes[publicKeyHash][authorizer] == false,
"public key hash is already revoked"
);
if (msg.sender != authorizer) {
string memory signedMsg = computeSignedMsg(
SET_PREFIX,
domainName,
publicKeyHash
);
bytes32 digest = MessageHashUtils.toEthSignedMessageHash(
bytes(signedMsg)
);
if (authorizer.code.length > 0) {
require(
IERC1271(authorizer).isValidSignature(digest, signature) ==
0x1626ba7e,
"invalid eip1271 signature"
);
} else {
address recoveredSigner = digest.recover(signature);
require(
recoveredSigner == authorizer,
"invalid ecdsa signature"
);
}
}
dkimPublicKeyHashes[domainName][publicKeyHash][authorizer] = true;
emit DKIMPublicKeyHashRegistered(domainName, publicKeyHash, authorizer);
}
/**
* @dev Sets the DKIM public key hashes in batch.
* @param domainNames An array of the domain name for which the DKIM public key hash is being set.
* @param publicKeyHashes An array of the hash of the DKIM public key to be set.
* @param authorizers An array of the address of the authorizer who can set the DKIM public key hash.
* @param signatures An array of the signature proving the authorization to set the DKIM public key hash.
* @custom:require The domain name, public key hash, and authorizer address must not be zero.
* @custom:require The public key hash must not be revoked.
* @custom:require The signature must be valid according to EIP-1271 if the authorizer is a contract, or ECDSA if the authorizer is an EOA.
* @custom:event DKIMPublicKeyHashRegistered Emitted when a DKIM public key hash is successfully set.
*/
function setDKIMPublicKeyHashes(
string[] memory domainNames,
bytes32[] memory publicKeyHashes,
address[] memory authorizers,
bytes[] memory signatures
) public {
require(
domainNames.length == publicKeyHashes.length,
"invalid publicKeyHashes length"
);
require(
domainNames.length == authorizers.length,
"invalid authorizers length"
);
require(
domainNames.length == signatures.length,
"invalid signatures length"
);
for (uint256 i = 0; i < domainNames.length; i++) {
setDKIMPublicKeyHash(
domainNames[i],
publicKeyHashes[i],
authorizers[i],
signatures[i]
);
}
}
/**
* @notice Revokes a DKIM public key hash.
* @dev This function allows the owner to revoke a DKIM public key hash for all users, or an individual user to revoke it for themselves.
* @param domainName The domain name associated with the DKIM public key hash.
* @param publicKeyHash The hash of the DKIM public key to be revoked.
* @param authorizer The address of the authorizer who can revoke the DKIM public key hash.
* @param signature The signature proving the authorization to revoke the DKIM public key hash.
* @custom:require The domain name, public key hash, and authorizer address must not be zero.
* @custom:require The public key hash must not already be revoked.
* @custom:require The signature must be valid according to EIP-1271 if the authorizer is a contract, or ECDSA if the authorizer is an EOA.
* @custom:event DKIMPublicKeyHashRevoked Emitted when a DKIM public key hash is successfully revoked.
*/
function revokeDKIMPublicKeyHash(
string memory domainName,
bytes32 publicKeyHash,
address authorizer,
bytes memory signature
) public {
require(bytes(domainName).length > 0, "domain name cannot be zero");
require(publicKeyHash != bytes32(0), "public key hash cannot be zero");
require(authorizer != address(0), "authorizer address cannot be zero");
require(
revokedDKIMPublicKeyHashes[publicKeyHash][authorizer] == false,
"public key hash is already revoked"
);
if (msg.sender != authorizer) {
string memory signedMsg = computeSignedMsg(
REVOKE_PREFIX,
domainName,
publicKeyHash
);
bytes32 digest = MessageHashUtils.toEthSignedMessageHash(
bytes(signedMsg)
);
if (authorizer.code.length > 0) {
require(
IERC1271(authorizer).isValidSignature(digest, signature) ==
0x1626ba7e,
"invalid eip1271 signature"
);
} else {
address recoveredSigner = digest.recover(signature);
require(
recoveredSigner == authorizer,
"invalid ecdsa signature"
);
}
}
revokedDKIMPublicKeyHashes[publicKeyHash][authorizer] = true;
emit DKIMPublicKeyHashRevoked(publicKeyHash, authorizer);
}
function reactivateDKIMPublicKeyHash(
string memory domainName,
bytes32 publicKeyHash,
address authorizer,
bytes memory signature
) public {
require(bytes(domainName).length > 0, "domain name cannot be zero");
require(publicKeyHash != bytes32(0), "public key hash cannot be zero");
require(authorizer != address(0), "authorizer address cannot be zero");
require(
reactivatedDKIMPublicKeyHashes[publicKeyHash][authorizer] == false,
"public key hash is already reactivated"
);
require(
authorizer != mainAuthorizer,
"mainAuthorizer cannot reactivate the public key hash"
);
require(
_computeRevokeThreshold(publicKeyHash, authorizer) == 1,
"revoke threshold must be one"
);
require(
_computeSetThreshold(domainName, publicKeyHash, authorizer) >= 2,
"set threshold must be larger than two"
);
if (msg.sender != authorizer) {
string memory signedMsg = computeSignedMsg(
REACTIVATE_PREFIX,
domainName,
publicKeyHash
);
bytes32 digest = MessageHashUtils.toEthSignedMessageHash(
bytes(signedMsg)
);
if (authorizer.code.length > 0) {
require(
IERC1271(authorizer).isValidSignature(digest, signature) ==
0x1626ba7e,
"invalid eip1271 signature"
);
} else {
address recoveredSigner = digest.recover(signature);
require(
recoveredSigner == authorizer,
"invalid ecdsa signature"
);
}
}
reactivatedDKIMPublicKeyHashes[publicKeyHash][authorizer] = true;
emit DKIMPublicKeyHashReactivated(publicKeyHash, authorizer);
}
/**
* @notice Computes a signed message string for setting or revoking a DKIM public key hash.
* @param prefix The operation prefix (SET: or REVOKE:).
* @param domainName The domain name related to the operation.
* @param publicKeyHash The DKIM public key hash involved in the operation.
* @return string The computed signed message.
* @dev This function is used internally to generate the message that needs to be signed for setting or revoking a public key hash.
*/
function computeSignedMsg(
string memory prefix,
string memory domainName,
bytes32 publicKeyHash
) public pure returns (string memory) {
return
string.concat(
prefix,
";domain=",
domainName,
";public_key_hash=",
uint256(publicKeyHash).toHexString(),
";"
);
}
function _computeSetThreshold(
string memory domainName,
bytes32 publicKeyHash,
address authorizer
) private view returns (uint256) {
uint256 threshold = 0;
if (
dkimPublicKeyHashes[domainName][publicKeyHash][mainAuthorizer] ==
true
) {
threshold += 1;
}
if (
dkimPublicKeyHashes[domainName][publicKeyHash][authorizer] == true
) {
threshold += 2;
}
return threshold;
}
function _computeRevokeThreshold(
bytes32 publicKeyHash,
address authorizer
) private view returns (uint256) {
uint256 threshold = 0;
if (revokedDKIMPublicKeyHashes[publicKeyHash][mainAuthorizer] == true) {
threshold += 1;
}
if (revokedDKIMPublicKeyHashes[publicKeyHash][authorizer] == true) {
threshold += 2;
}
if (
threshold == 1 &&
reactivatedDKIMPublicKeyHashes[publicKeyHash][authorizer] == true
) {
threshold -= 1;
}
return threshold;
}
function _stringEq(
string memory a,
string memory b
) internal pure returns (bool) {
return keccak256(abi.encodePacked(a)) == keccak256(abi.encodePacked(b));
}
}