Merge pull request #26 from zkemail/audit/normalize-limbs

veredise audit fix: Un-normalized signature/DKIM keys
zkemail · Jan 13, 2025 · 52c5bb4 · 52c5bb4
2 parents 04b39f3 + f83cc66
commit 52c5bb4
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 0 deletions.
diff --git a/lib/src/dkim.nr b/lib/src/dkim.nr
@@ -13,6 +13,10 @@ impl<let KEY_LIMBS: u32> RSAPubkey<KEY_LIMBS> {
     pub fn new(modulus: [Field; KEY_LIMBS], redc: [Field; KEY_LIMBS]) -> Self {
         Self { modulus, redc }
     }
+
+    pub fn validate_range(self, signature: [Field; KEY_LIMBS]) {
+        for i in 0..KEY_LIMBS {}
+    }
 }
 
 impl RSAPubkey<KEY_LIMBS_1024> {
@@ -28,6 +32,7 @@ impl RSAPubkey<KEY_LIMBS_1024> {
             BigNumParams::new(false, self.modulus, self.redc);
 
         let signature: RBN1024 = RuntimeBigNum::from_array(params, signature);
+        signature.validate_in_range();
 
         // verify the DKIM signature over the header
         assert(verify_sha256_pkcs1v15(header_hash, signature, RSA_EXPONENT));
@@ -63,6 +68,7 @@ impl RSAPubkey<KEY_LIMBS_2048> {
             BigNumParams::new(false, self.modulus, self.redc);
 
         let signature: RBN2048 = RuntimeBigNum::from_array(params, signature);
+        signature.validate_in_range();
 
         // verify the DKIM signature over the header
         assert(verify_sha256_pkcs1v15(header_hash, signature, RSA_EXPONENT));

diff --git a/lib/src/tests/mod.nr b/lib/src/tests/mod.nr
@@ -116,6 +116,16 @@ mod test_tampered_hash {
             "SHA256 hash should not match tampered body hash",
         );
     }
+
+    #[test(should_fail_with = "all to assert_max_bit_size")]
+    fn test_dkim_signature_unnormalized() {
+        let mut sig = EmailLarge::SIGNATURE;
+        let pubkey = EmailLarge::PUBKEY;
+        let delta = 1;
+        sig[0] += delta * 0x1000000000000000000000000000000;
+        sig[1] -= delta;
+        pubkey.verify_dkim_signature(EmailLarge::HEADER, sig);
+    }
 }
 
 mod header_field_access {