Merge branch 'feature/zk-email' into feature/zk-email-7913

Author: Amxx

contracts/mocks/account/AccountZKEmailMock.sol

@@ -0,0 +1,35 @@
+// SPDX-License-Identifier: MIT
+
+pragma solidity ^0.8.20;
+
+import {Account} from "../../account/Account.sol";
+import {ERC721Holder} from "@openzeppelin/contracts/token/ERC721/utils/ERC721Holder.sol";
+import {ERC1155Holder} from "@openzeppelin/contracts/token/ERC1155/utils/ERC1155Holder.sol";
+import {ERC7739, EIP712} from "../../utils/cryptography/ERC7739.sol";
+import {ERC7821} from "../../account/extensions/ERC7821.sol";
+import {SignerZKEmail} from "../../utils/cryptography/SignerZKEmail.sol";
+import {IDKIMRegistry} from "@zk-email/contracts/DKIMRegistry.sol";
+import {IVerifier} from "@zk-email/email-tx-builder/interfaces/IVerifier.sol";
+
+contract AccountZKEmailMock is Account, SignerZKEmail, ERC7739, ERC7821, ERC721Holder, ERC1155Holder {
+    constructor(
+        bytes32 accountSalt_,
+        IDKIMRegistry registry_,
+        IVerifier verifier_,
+        uint256 templateId_
+    ) EIP712("AccountZKEmailMock", "1") {
+        _setAccountSalt(accountSalt_);
+        _setDKIMRegistry(registry_);
+        _setVerifier(verifier_);
+        _setTemplateId(templateId_);
+    }
+
+    /// @inheritdoc ERC7821
+    function _erc7821AuthorizedExecutor(
+        address caller,
+        bytes32 mode,
+        bytes calldata executionData
+    ) internal view virtual override returns (bool) {
+        return caller == address(entryPoint()) || super._erc7821AuthorizedExecutor(caller, mode, executionData);
+    }
+}

contracts/mocks/docs/account/MyAccountZKEmail.sol

@@ -26,7 +26,7 @@ contract MyAccountZKEmail is Account, SignerZKEmail, ERC7739, ERC7821, ERC721Hol
         _setAccountSalt(accountSalt_);
         _setDKIMRegistry(registry_);
         _setVerifier(verifier_);
-        _setCommandTemplate(templateId_);
+        _setTemplateId(templateId_);
     }
 
     /// @dev Allows the entry point as an authorized executor.

contracts/utils/cryptography/SignerZKEmail.sol

@@ -21,7 +21,7 @@ import {ZKEmailUtils} from "./ZKEmailUtils.sol";
  * * {accountSalt} - A unique identifier derived from the user's email address and account code.
  * * {DKIMRegistry} - An instance of the DKIM registry contract for domain verification.
  * * {verifier} - An instance of the Verifier contract for zero-knowledge proof validation.
- * * {commandTemplate} - The template ID of the sign hash command, defining the expected format.
+ * * {templateId} - The template ID of the sign hash command, defining the expected format.
  *
  * Example of usage:
  *
@@ -32,12 +32,12 @@ import {ZKEmailUtils} from "./ZKEmailUtils.sol";
  *       _setAccountSalt(accountSalt);
  *       _setDKIMRegistry(registry);
  *       _setVerifier(verifier);
- *       _setCommandTemplate(templateId);
+ *       _setTemplateId(templateId);
  *     }
  * }
  * ```
  *
- * IMPORTANT: Avoiding to call {_setAccountSalt}, {_setDKIMRegistry}, {_setVerifier} and {_setCommandTemplate}
+ * IMPORTANT: Avoiding to call {_setAccountSalt}, {_setDKIMRegistry}, {_setVerifier} and {_setTemplateId}
  * either during construction (if used standalone) or during initialization (if used as a clone) may
  * leave the signer either front-runnable or unusable.
  */
@@ -47,7 +47,7 @@ abstract contract SignerZKEmail is AbstractSigner {
     bytes32 private _accountSalt;
     IDKIMRegistry private _registry;
     IVerifier private _verifier;
-    uint256 private _commandTemplate;
+    uint256 private _templateId;
 
     /// @dev Proof verification error.
     error InvalidEmailProof(ZKEmailUtils.EmailProofError err);
@@ -84,9 +84,9 @@ abstract contract SignerZKEmail is AbstractSigner {
         return _verifier;
     }
 
-    /// @dev The templateId of the sign hash command.
-    function commandTemplate() public view virtual returns (uint256) {
-        return _commandTemplate;
+    /// @dev The command template of the sign hash command.
+    function templateId() public view virtual returns (uint256) {
+        return _templateId;
     }
 
     /// @dev Set the {accountSalt}.
@@ -104,9 +104,9 @@ abstract contract SignerZKEmail is AbstractSigner {
         _verifier = verifier_;
     }
 
-    /// @dev Set the {commandTemplate} ID.
-    function _setCommandTemplate(uint256 commandTemplate_) internal virtual {
-        _commandTemplate = commandTemplate_;
+    /// @dev Set the command's {templateId}.
+    function _setTemplateId(uint256 templateId_) internal virtual {
+        _templateId = templateId_;
     }
 
     /**
@@ -117,6 +117,9 @@ abstract contract SignerZKEmail is AbstractSigner {
      * to prevent replay attacks, similar to how nonces are used with ECDSA signatures.
      */
     function verifyEmail(EmailAuthMsg memory emailAuthMsg) public view virtual {
+        if (emailAuthMsg.templateId != templateId() || emailAuthMsg.proof.accountSalt != accountSalt()) {
+            revert InvalidEmailProof(ZKEmailUtils.EmailProofError.EmailProof);
+        }
         ZKEmailUtils.EmailProofError err = emailAuthMsg.isValidZKEmail(DKIMRegistry(), verifier());
         if (err != ZKEmailUtils.EmailProofError.NoError) revert InvalidEmailProof(err);
     }
@@ -136,7 +139,7 @@ abstract contract SignerZKEmail is AbstractSigner {
     ) internal view virtual override returns (bool) {
         EmailAuthMsg memory emailAuthMsg = abi.decode(signature, (EmailAuthMsg));
         return (abi.decode(emailAuthMsg.commandParams[0], (bytes32)) == hash &&
-            emailAuthMsg.templateId == commandTemplate() &&
+            emailAuthMsg.templateId == templateId() &&
             emailAuthMsg.proof.accountSalt == accountSalt() &&
             emailAuthMsg.isValidZKEmail(DKIMRegistry(), verifier()) == ZKEmailUtils.EmailProofError.NoError);
     }

contracts/utils/cryptography/ZKEmailUtils.sol

@@ -26,6 +26,7 @@ import {AbstractSigner} from "./AbstractSigner.sol";
  * mechanism to ensure the email was actually sent and received without revealing its contents. Defined by an `IVerifier` interface.
  */
 library ZKEmailUtils {
+    using CommandUtils for bytes[];
     using Strings for string;
 
     /// @dev Enumeration of possible email proof validation errors.
@@ -34,62 +35,84 @@ library ZKEmailUtils {
         DKIMPublicKeyHash, // The DKIM public key hash verification fails
         MaskedCommandLength, // The masked command length exceeds the maximum
         SkippedCommandPrefixSize, // The skipped command prefix size is invalid
-        Command, // The command format is invalid
+        MismatchedCommand, // The command does not match the proof command
         EmailProof // The email proof verification fails
     }
 
+    /// @dev Enumeration of possible string cases used to compare the command with the expected proven command.
+    enum Case {
+        LOWERCASE, // Converts the command to hex lowercase.
+        UPPERCASE, // Converts the command to hex uppercase.
+        CHECKSUM, // Computes a checksum of the command.
+        ANY
+    }
+
+    /// @dev Variant of {isValidZKEmail} that validates the `["signHash", "{uint}"]` command template.
+    function isValidZKEmail(
+        EmailAuthMsg memory emailAuthMsg,
+        IDKIMRegistry dkimregistry,
+        IVerifier verifier
+    ) internal view returns (EmailProofError) {
+        string[] memory signHashTemplate = new string[](2);
+        signHashTemplate[0] = "signHash";
+        signHashTemplate[1] = CommandUtils.UINT_MATCHER;
+
+        // UINT_MATCHER is always lowercase
+        return isValidZKEmail(emailAuthMsg, dkimregistry, verifier, signHashTemplate, Case.LOWERCASE);
+    }
+
     /**
-     * @dev Validates a ZK-Email authentication message.
-     *
-     * Requirements:
-     *
-     * - The DKIM public key hash must be valid according to the registry
-     * - The masked command length must not exceed the verifier's limit
-     * - The skipped command prefix size must be valid
-     * - The command format and parameters must be valid
-     * - The email proof must be verified by the verifier
+     * @dev Validates a ZKEmail authentication message.
      *
      * This function takes an email authentication message, a DKIM registry contract, and a verifier contract
      * as inputs. It performs several validation checks and returns a tuple containing a boolean success flag
-     * and an {EmailProofError} if validation failed. The function will return true with {EmailProofError.NoError}
-     * if all validations pass, or false with a specific {EmailProofError} indicating which validation check failed.
+     * and an {EmailProofError} if validation failed. Returns {EmailProofError.NoError} if all validations pass,
+     * or false with a specific {EmailProofError} indicating which validation check failed.
      *
-     * NOTE: Validates `["signHash", "{uint}"]` command template by default.
+     * NOTE: Attempts to validate the command for all possible string {Case} values.
      */
     function isValidZKEmail(
         EmailAuthMsg memory emailAuthMsg,
         IDKIMRegistry dkimregistry,
-        IVerifier verifier
+        IVerifier verifier,
+        string[] memory template
+    ) internal view returns (EmailProofError) {
+        return isValidZKEmail(emailAuthMsg, dkimregistry, verifier, template, Case.ANY);
+    }
+
+    /// @dev Variant of {isValidZKEmail} that validates a template with a specific string {Case}.
+    function isValidZKEmail(
+        EmailAuthMsg memory emailAuthMsg,
+        IDKIMRegistry dkimregistry,
+        IVerifier verifier,
+        string[] memory template,
+        Case stringCase
     ) internal view returns (EmailProofError) {
         if (!dkimregistry.isDKIMPublicKeyHashValid(emailAuthMsg.proof.domainName, emailAuthMsg.proof.publicKeyHash)) {
             return EmailProofError.DKIMPublicKeyHash;
         } else if (bytes(emailAuthMsg.proof.maskedCommand).length > verifier.commandBytes()) {
             return EmailProofError.MaskedCommandLength;
         } else if (emailAuthMsg.skippedCommandPrefix >= verifier.commandBytes()) {
             return EmailProofError.SkippedCommandPrefixSize;
+        } else if (!_commandMatch(emailAuthMsg, template, stringCase)) {
+            return EmailProofError.MismatchedCommand;
         } else {
-            string[] memory signHashTemplate = new string[](2);
-            signHashTemplate[0] = "signHash";
-            signHashTemplate[1] = CommandUtils.UINT_MATCHER;
-
-            // Construct an expectedCommand from template and the values of emailAuthMsg.commandParams.
-            string memory trimmedMaskedCommand = CommandUtils.removePrefix(
-                emailAuthMsg.proof.maskedCommand,
-                emailAuthMsg.skippedCommandPrefix
-            );
-            for (uint256 stringCase = 0; stringCase < 3; stringCase++) {
-                if (
-                    CommandUtils.computeExpectedCommand(emailAuthMsg.commandParams, signHashTemplate, stringCase).equal(
-                        trimmedMaskedCommand
-                    )
-                ) {
-                    return
-                        verifier.verifyEmailProof(emailAuthMsg.proof)
-                            ? EmailProofError.NoError
-                            : EmailProofError.EmailProof;
-                }
-            }
-            return EmailProofError.Command;
+            return verifier.verifyEmailProof(emailAuthMsg.proof) ? EmailProofError.NoError : EmailProofError.EmailProof;
         }
     }
+
+    function _commandMatch(
+        EmailAuthMsg memory emailAuthMsg,
+        string[] memory template,
+        Case stringCase
+    ) private pure returns (bool) {
+        bytes[] memory commandParams = emailAuthMsg.commandParams; // Not a memory copy
+        string memory maskedCommand = emailAuthMsg.proof.maskedCommand; // Not a memory copy
+        return
+            stringCase == Case.ANY
+                ? (commandParams.computeExpectedCommand(template, uint8(Case.LOWERCASE)).equal(maskedCommand) ||
+                    commandParams.computeExpectedCommand(template, uint8(Case.UPPERCASE)).equal(maskedCommand) ||
+                    commandParams.computeExpectedCommand(template, uint8(Case.CHECKSUM)).equal(maskedCommand))
+                : commandParams.computeExpectedCommand(template, uint8(stringCase)).equal(maskedCommand);
+    }
 }

docs/modules/ROOT/pages/account-abstraction.adoc

@@ -72,7 +72,7 @@ To use this signer, developers must set up several components during initializat
   * Deterministic Address Generation: Enables the creation of deterministic addresses based on email addresses
 * **DKIMRegistry**: An instance of the DKIM registry contract for domain verification
 * **verifier**: An instance of the Verifier contract for zero-knowledge proof validation
-* **commandTemplate**: The template ID of the sign hash command, defining the expected format
+* **templateId**: The command template of the sign hash command, defining the expected format
 
 [source,solidity]
 ----

test/account/AccountZKEmail.t.sol

@@ -0,0 +1,105 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.20;
+
+import {Test} from "forge-std/Test.sol";
+import {AccountZKEmailMock} from "../../contracts/mocks/account/AccountZKEmailMock.sol";
+import {SignerZKEmail, IDKIMRegistry, IVerifier, EmailAuthMsg, EmailProof} from "../../contracts/utils/cryptography/SignerZKEmail.sol";
+import {CallReceiverMockExtended} from "../../contracts/mocks/CallReceiverMock.sol";
+import {Strings} from "@openzeppelin/contracts/utils/Strings.sol";
+
+contract AccountZKEmailTest is Test {
+    using Strings for string;
+
+    AccountZKEmailMock private _account;
+    CallReceiverMockExtended private _target;
+    IDKIMRegistry private _dkimRegistry;
+    IVerifier private _verifier;
+    bytes32 private _accountSalt;
+    uint256 private _templateId;
+    bytes32 private _publicKeyHash;
+    bytes32 private _emailNullifier;
+    bytes private _mockProof;
+
+    function setUp() public {
+        // Deploy DKIM Registry
+        _dkimRegistry = IDKIMRegistry(address(new MockDKIMRegistry()));
+
+        // Deploy Verifier
+        _verifier = IVerifier(address(new MockVerifier()));
+
+        // Generate test data
+        _accountSalt = keccak256("[email protected]");
+        _templateId = 1;
+        _publicKeyHash = keccak256("publicKey");
+        _emailNullifier = keccak256("emailNullifier");
+        _mockProof = abi.encodePacked(bytes1(0x01));
+
+        // Deploy account
+        _account = new AccountZKEmailMock(_accountSalt, _dkimRegistry, _verifier, _templateId);
+
+        // Deploy target
+        _target = new CallReceiverMockExtended();
+    }
+
+    function buildEmailAuthMsg(bytes32 hash) public returns (EmailAuthMsg memory emailAuthMsg) {
+        bytes[] memory commandParams = new bytes[](1);
+        commandParams[0] = abi.encode(hash);
+
+        EmailProof memory emailProof = EmailProof({
+            domainName: "gmail.com",
+            publicKeyHash: _publicKeyHash,
+            timestamp: block.timestamp,
+            maskedCommand: string.concat("signHash ", Strings.toString(uint256(hash))),
+            emailNullifier: _emailNullifier,
+            accountSalt: _accountSalt,
+            isCodeExist: true,
+            proof: _mockProof
+        });
+
+        emailAuthMsg = EmailAuthMsg({
+            templateId: _templateId,
+            commandParams: commandParams,
+            skippedCommandPrefix: 0,
+            proof: emailProof
+        });
+
+        // Setup mock verifier
+        MockVerifier(address(_verifier)).setCommandBytes(1000);
+        MockDKIMRegistry(address(_dkimRegistry)).setValidPublicKeyHash("gmail.com", _publicKeyHash);
+    }
+
+    function testVerifyEmail(bytes32 hash) public {
+        EmailAuthMsg memory emailAuthMsg = buildEmailAuthMsg(hash);
+        _account.verifyEmail(emailAuthMsg);
+    }
+}
+
+// Mock DKIM Registry for testing
+contract MockDKIMRegistry is IDKIMRegistry {
+    mapping(string => bytes32) private _validPublicKeyHashes;
+
+    function setValidPublicKeyHash(string memory domainName, bytes32 publicKeyHash) public {
+        _validPublicKeyHashes[domainName] = publicKeyHash;
+    }
+
+    function isDKIMPublicKeyHashValid(string memory domainName, bytes32 publicKeyHash) external view returns (bool) {
+        return _validPublicKeyHashes[domainName] == publicKeyHash;
+    }
+}
+
+// Mock Verifier for testing
+contract MockVerifier is IVerifier {
+    uint256 private _commandBytes;
+
+    function setCommandBytes(uint256 commandBytes_) public {
+        _commandBytes = commandBytes_;
+    }
+
+    function commandBytes() external view returns (uint256) {
+        return _commandBytes;
+    }
+
+    function verifyEmailProof(EmailProof memory /* proof */) external pure returns (bool) {
+        return true; // Always return true for testing
+    }
+}