Add AccountZKEmail.test.js

ernestognw · ernestognw · commit f27f1a185014 · 2025-04-10T22:02:27.000-06:00
diff --git a/contracts/utils/cryptography/SignerZKEmail.sol b/contracts/utils/cryptography/SignerZKEmail.sol
@@ -63,7 +63,8 @@ abstract contract SignerZKEmail is AbstractSigner {
      *
      * The account salt is used for:
      *
-     * * Privacy: Enables email address privacy on-chain so long as the randomly generated account code is not revealed to an adversary.
+     * * Privacy: Enables email address privacy on-chain so long as the randomly generated account code is not revealed
+     *   to an adversary.
      * * Security: Provides a unique identifier that cannot be easily guessed or brute-forced, as it's derived
      *   from both the email address and a random account code.
      * * Deterministic Address Generation: Enables the creation of deterministic addresses based on email addresses,
@@ -124,6 +125,25 @@ abstract contract SignerZKEmail is AbstractSigner {
         bytes32 hash,
         bytes calldata signature
     ) internal view virtual override returns (bool) {
+        // Check if the signature is long enough to contain the EmailAuthMsg
+        // The minimum length is 512 bytes (initial part + pointer offsets)
+        // - `templateId` is a uint256 (32 bytes).
+        // - `commandParams` is a dynamic array of bytes32 (32 bytes offset).
+        // - `skippedCommandPrefixSize` is a uint256 (32 bytes).
+        // - `proof` is a struct with the following fields (32 bytes offset):
+        //   - `domainName` is a dynamic string (32 bytes offset).
+        //   - `publicKeyHash` is a bytes32 (32 bytes).
+        //   - `timestamp` is a uint256 (32 bytes).
+        //   - `maskedCommand` is a dynamic string (32 bytes offset).
+        //   - `emailNullifier` is a bytes32 (32 bytes).
+        //   - `accountSalt` is a bytes32 (32 bytes).
+        //   - `isCodeExist` is a boolean, so its length is 1 byte padded to 32 bytes.
+        //   - `proof` is a dynamic bytes (32 bytes offset).
+        // There are 128 bytes for the EmailAuthMsg type and 256 bytes for the proof.
+        // Considering all dynamic elements are empty (i.e. `commandParams` = [], `domainName` = "", `maskedCommand` = "", `proof` = []),
+        // then we have 128 bytes for the EmailAuthMsg type, 256 bytes for the proof and 4 * 32 for the lenght of the dynamic elements.
+        // So the minimum length is 128 + 256 + 4 * 32 = 512 bytes.
+        if (signature.length < 512) return false;
         EmailAuthMsg memory emailAuthMsg = abi.decode(signature, (EmailAuthMsg));
         return (abi.decode(emailAuthMsg.commandParams[0], (bytes32)) == hash &&
             emailAuthMsg.templateId == templateId() &&
diff --git a/test/account/AccountZKEmail.test.js b/test/account/AccountZKEmail.test.js
@@ -0,0 +1,86 @@
+const { ethers } = require('hardhat');
+const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers');
+
+const { ERC4337Helper } = require('../helpers/erc4337');
+
+const { shouldBehaveLikeAccountCore, shouldBehaveLikeAccountHolder } = require('./Account.behavior');
+const { shouldBehaveLikeERC1271 } = require('../utils/cryptography/ERC1271.behavior');
+const { shouldBehaveLikeERC7821 } = require('./extensions/ERC7821.behavior');
+const { ZKEmailSigningKey, NonNativeSigner } = require('../helpers/signers');
+
+const accountSalt = '0x046582bce36cdd0a8953b9d40b8f20d58302bacf3bcecffeb6741c98a52725e2'; // keccak256("test@example.com")
+const selector = '12345';
+const domainName = 'gmail.com';
+const publicKeyHash = '0x0ea9c777dc7110e5a9e89b13f0cfc540e3845ba120b2b6dc24024d61488d4788';
+const emailNullifier = '0x00a83fce3d4b1c9ef0f600644c1ecc6c8115b57b1596e0e3295e2c5105fbfd8a';
+const templateId = ethers.solidityPackedKeccak256(['string', 'uint256'], ['TEST', 0n]);
+
+const SIGN_HASH_COMMAND = 'signHash';
+
+async function fixture() {
+  // EOAs and environment
+  const [admin, beneficiary, other] = await ethers.getSigners();
+  const target = await ethers.deployContract('CallReceiverMockExtended');
+
+  // Registry
+  const dkim = await ethers.deployContract('ECDSAOwnedDKIMRegistry');
+  await dkim.initialize(admin, admin);
+  await dkim
+    .SET_PREFIX()
+    .then(prefix => dkim.computeSignedMsg(prefix, domainName, publicKeyHash))
+    .then(message => admin.signMessage(message))
+    .then(signature => dkim.setDKIMPublicKeyHash(selector, domainName, publicKeyHash, signature));
+
+  // Verifier
+  const verifier = await ethers.deployContract('ZKEmailVerifierMock');
+
+  // ERC-4337 signer
+  const signer = new NonNativeSigner(
+    new ZKEmailSigningKey(domainName, publicKeyHash, emailNullifier, accountSalt, templateId),
+  );
+
+  // ERC-4337 account
+  const helper = new ERC4337Helper();
+  const mock = await helper.newAccount('$AccountZKEmailMock', [accountSalt, dkim.target, verifier.target, templateId]);
+
+  const signUserOp = async userOp => {
+    // Create email auth message for the user operation hash
+    const hash = await userOp.hash();
+    return Object.assign(userOp, { signature: signer.signingKey.sign(hash).serialized });
+  };
+
+  const userOpInvalidSig = async userOp => {
+    // Create email auth message for the user operation hash
+    const hash = await userOp.hash();
+    const timestamp = Math.floor(Date.now() / 1000);
+    const command = SIGN_HASH_COMMAND + ' ' + ethers.toBigInt(hash).toString();
+    const isCodeExist = true;
+    const proof = '0x00'; // Mocked in ZKEmailVerifierMock
+
+    // Encode the email auth message as the signature
+    return ethers.AbiCoder.defaultAbiCoder().encode(
+      ['tuple(uint256,bytes[],uint256,tuple(string,bytes32,uint256,string,bytes32,bytes32,bool,bytes))'],
+      [
+        [
+          templateId,
+          [hash],
+          0, // skippedCommandPrefix
+          [domainName, publicKeyHash, timestamp, command, emailNullifier, accountSalt, isCodeExist, proof],
+        ],
+      ],
+    );
+  };
+
+  return { helper, mock, dkim, verifier, target, beneficiary, other, signUserOp, userOpInvalidSig, signer };
+}
+
+describe('AccountZKEmail', function () {
+  beforeEach(async function () {
+    Object.assign(this, await loadFixture(fixture));
+  });
+
+  shouldBehaveLikeAccountCore();
+  shouldBehaveLikeAccountHolder();
+  shouldBehaveLikeERC1271({ erc7739: true });
+  shouldBehaveLikeERC7821();
+});
diff --git a/test/helpers/signers.js b/test/helpers/signers.js
@@ -1,4 +1,5 @@
 const {
+  AbiCoder,
   AbstractSigner,
   Signature,
   TypedDataEncoder,
@@ -13,6 +14,7 @@ const {
   hexlify,
   sha256,
   toBeHex,
+  toBigInt,
 } = require('ethers');
 const { secp256r1 } = require('@noble/curves/p256');
 const { generateKeyPairSync, privateEncrypt } = require('crypto');
@@ -156,9 +158,74 @@ class RSASHA256SigningKey extends RSASigningKey {
   }
 }
 
+class ZKEmailSigningKey {
+  #domainName;
+  #publicKeyHash;
+  #emailNullifier;
+  #accountSalt;
+  #templateId;
+
+  constructor(domainName, publicKeyHash, emailNullifier, accountSalt, templateId) {
+    this.#domainName = domainName;
+    this.#publicKeyHash = publicKeyHash;
+    this.#emailNullifier = emailNullifier;
+    this.#accountSalt = accountSalt;
+    this.#templateId = templateId;
+    this.SIGN_HASH_COMMAND = 'signHash';
+  }
+
+  get domainName() {
+    return this.#domainName;
+  }
+
+  get publicKeyHash() {
+    return this.#publicKeyHash;
+  }
+
+  get emailNullifier() {
+    return this.#emailNullifier;
+  }
+
+  get accountSalt() {
+    return this.#accountSalt;
+  }
+
+  sign(digest /*: BytesLike*/ /*: Signature*/) {
+    const timestamp = Math.floor(Date.now() / 1000);
+    const command = this.SIGN_HASH_COMMAND + ' ' + toBigInt(digest).toString();
+    const isCodeExist = true;
+    const proof = '0x01'; // Mocked in ZKEmailVerifierMock
+
+    // Encode the email auth message as the signature
+    return {
+      serialized: AbiCoder.defaultAbiCoder().encode(
+        ['tuple(uint256,bytes[],uint256,tuple(string,bytes32,uint256,string,bytes32,bytes32,bool,bytes))'],
+        [
+          [
+            this.#templateId,
+            [digest],
+            0, // skippedCommandPrefix
+            [
+              this.#domainName,
+              this.#publicKeyHash,
+              timestamp,
+              command,
+              this.#emailNullifier,
+              this.#accountSalt,
+              isCodeExist,
+              proof,
+            ],
+          ],
+        ],
+      ),
+    };
+  }
+}
+
 module.exports = {
   NonNativeSigner,
   P256SigningKey,
   RSASigningKey,
   RSASHA256SigningKey,
+  ZKEmailSigningKey,
 };
