From 82da3ab907c455c813c1b1f9ffcc7484ef0a9e9e Mon Sep 17 00:00:00 2001
From: Jack Gilcrest <me@jp4g.llc>
Date: Fri, 29 Nov 2024 16:13:08 +0700
Subject: [PATCH 1/2] add normalization with unit test

---
 lib/src/dkim.nr      | 10 ++++++++++
 lib/src/tests/mod.nr | 10 ++++++++++
 2 files changed, 20 insertions(+)

diff --git a/lib/src/dkim.nr b/lib/src/dkim.nr
index 4d76470..31fbc2c 100644
--- a/lib/src/dkim.nr
+++ b/lib/src/dkim.nr
@@ -13,6 +13,12 @@ impl<let KEY_LIMBS: u32> RSAPubkey<KEY_LIMBS> {
     pub fn new(modulus: [Field; KEY_LIMBS], redc: [Field; KEY_LIMBS]) -> Self {
         Self { modulus, redc }
     }
+
+    pub fn validate_range(self, signature: [Field; KEY_LIMBS]) {
+        for i in 0..KEY_LIMBS {
+
+        }
+    }
 }
 
 impl RSAPubkey<KEY_LIMBS_1024> {
@@ -28,6 +34,7 @@ impl RSAPubkey<KEY_LIMBS_1024> {
             BigNumParams::new(false, self.modulus, self.redc);
 
         let signature: RBN1024 = RuntimeBigNum::from_array(params, signature);
+        signature.validate_in_range();
 
         // verify the DKIM signature over the header
         assert(verify_sha256_pkcs1v15(header_hash, signature, RSA_EXPONENT));
@@ -48,6 +55,8 @@ impl RSAPubkey<KEY_LIMBS_1024> {
         // hash the pubkey
         pedersen_hash(dkim_preimage)
     }
+
+    
 }
 
 impl RSAPubkey<KEY_LIMBS_2048> {
@@ -63,6 +72,7 @@ impl RSAPubkey<KEY_LIMBS_2048> {
             BigNumParams::new(false, self.modulus, self.redc);
 
         let signature: RBN2048 = RuntimeBigNum::from_array(params, signature);
+        signature.validate_in_range();
 
         // verify the DKIM signature over the header
         assert(verify_sha256_pkcs1v15(header_hash, signature, RSA_EXPONENT));
diff --git a/lib/src/tests/mod.nr b/lib/src/tests/mod.nr
index 0cd8810..d1b9b35 100644
--- a/lib/src/tests/mod.nr
+++ b/lib/src/tests/mod.nr
@@ -116,6 +116,16 @@ mod test_tampered_hash {
             "SHA256 hash should not match tampered body hash",
         );
     }
+
+    #[test(should_fail_with = "all to assert_max_bit_size")]
+    fn test_dkim_signature_unnormalized() {
+        let mut sig = EmailLarge::SIGNATURE;
+        let pubkey = EmailLarge::PUBKEY;
+        let delta = 1;
+        sig[0] += delta * 0x1000000000000000000000000000000;
+        sig[1] -= delta;
+        pubkey.verify_dkim_signature(EmailLarge::HEADER, sig);
+    }
 }
 
 mod header_field_access {

From f83cc669be6a16469a35dadc1e9b26df11ab7c21 Mon Sep 17 00:00:00 2001
From: Jack Gilcrest <me@jp4g.llc>
Date: Fri, 29 Nov 2024 16:19:57 +0700
Subject: [PATCH 2/2] fmt

---
 lib/src/dkim.nr | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/lib/src/dkim.nr b/lib/src/dkim.nr
index 31fbc2c..7371fd3 100644
--- a/lib/src/dkim.nr
+++ b/lib/src/dkim.nr
@@ -15,9 +15,7 @@ impl<let KEY_LIMBS: u32> RSAPubkey<KEY_LIMBS> {
     }
 
     pub fn validate_range(self, signature: [Field; KEY_LIMBS]) {
-        for i in 0..KEY_LIMBS {
-
-        }
+        for i in 0..KEY_LIMBS {}
     }
 }
 
@@ -55,8 +53,6 @@ impl RSAPubkey<KEY_LIMBS_1024> {
         // hash the pubkey
         pedersen_hash(dkim_preimage)
     }
-
-    
 }
 
 impl RSAPubkey<KEY_LIMBS_2048> {