From 0fa8ce4c36bef7a4479a305ad8906751edd4444b Mon Sep 17 00:00:00 2001
From: Jack Gilcrest <me@jp4g.llc>
Date: Thu, 28 Nov 2024 21:16:19 +0700
Subject: [PATCH] fix to work with 1024 bit dkim

---
 lib/src/dkim.nr | 33 +++++++++++++++++++++++++++++----
 lib/src/lib.nr  | 30 ------------------------------
 2 files changed, 29 insertions(+), 34 deletions(-)

diff --git a/lib/src/dkim.nr b/lib/src/dkim.nr
index 38071dc..31d70e5 100644
--- a/lib/src/dkim.nr
+++ b/lib/src/dkim.nr
@@ -13,10 +13,6 @@ impl<let KEY_LIMBS: u32> RSAPubkey<KEY_LIMBS> {
     pub fn new(modulus: [Field; KEY_LIMBS], redc: [Field; KEY_LIMBS]) -> Self {
         Self { modulus, redc }
     }
-
-    pub fn hash(self) -> Field {
-        pedersen_hash(self.modulus)
-    }
 }
 
 impl RSAPubkey<KEY_LIMBS_1024> {
@@ -36,6 +32,22 @@ impl RSAPubkey<KEY_LIMBS_1024> {
         // verify the DKIM signature over the header
         assert(verify_sha256_pkcs1v15(header_hash, signature, RSA_EXPONENT));
     }
+
+    pub fn hash(self) -> Field {
+        let mut dkim_preimage = [0; 9];
+        // compose first 4 limbs of modulus and redc
+        for i in 0..4 {
+            let modulus_hi = self.modulus[i * 2] * 2.pow_32(120);
+            let redc_hi = self.redc[i * 2] * 2.pow_32(120);
+            dkim_preimage[i] = modulus_hi + self.modulus[i * 2 + 1];
+            dkim_preimage[i + 4] = redc_hi + self.redc[i * 2 + 1];
+        }
+        // compose last two elements of redc and modulus together
+        let modulus_hi = self.modulus[8] * 2.pow_32(120);
+        dkim_preimage[8] = modulus_hi + self.redc[8];
+        // hash the pubkey
+        pedersen_hash(dkim_preimage)
+    }
 }
 
 impl RSAPubkey<KEY_LIMBS_2048> {
@@ -55,4 +67,17 @@ impl RSAPubkey<KEY_LIMBS_2048> {
         // verify the DKIM signature over the header
         assert(verify_sha256_pkcs1v15(header_hash, signature, RSA_EXPONENT));
     }
+
+    pub fn hash(self) -> Field {
+        let mut dkim_preimage = [0; 18];
+        // compose limbs
+        for i in 0..18 {
+            let modulus_hi = self.modulus[i * 2] * 2.pow_32(120);
+            let redc_hi = self.redc[i * 2] * 2.pow_32(120);
+            dkim_preimage[i] = modulus_hi + self.modulus[i * 2 + 1];
+            dkim_preimage[i + 9] = redc_hi + self.redc[i * 2 + 1];
+        }
+        // hash the pubkey
+        pedersen_hash(dkim_preimage)
+    }
 }
diff --git a/lib/src/lib.nr b/lib/src/lib.nr
index 81b5c68..550454a 100644
--- a/lib/src/lib.nr
+++ b/lib/src/lib.nr
@@ -39,36 +39,6 @@ global EMAIL_ADDRESS_CHAR_TABLE: [u8; 123] = [
     0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
 ];
 
-/**
- * Standard outputs that essentially every email circuit will need to export (alongside app-specific outputs)
- * @notice if you only need the pubkey hash just import pedersen and hash away 
- *
- * @param pubkey - the pubkey redc and modulus limbs
- * @param signature - the BN limbs of the DKIM RSA signature
- * @returns
- *        0: Pedersen hash of DKIM public key (root of trust)
- *        1: Pedersen hash of DKIM signature (email nullifier)
- */
-pub fn standard_outputs<let KEY_LIMBS: u32>(
-    pubkey: RSAPubkey<KEY_LIMBS>,
-    signature: [Field; KEY_LIMBS],
-) -> [Field; 2] {
-    // create pedersen hash of DKIM signing key to minimize public outputs
-    let mut dkim_preimage: [Field; 18] = [0; 18];
-
-    for i in 0..9 {
-        let modulus_hi = pubkey.modulus[i * 2] * 2.pow_32(120);
-        let redc_hi = pubkey.redc[i * 2] * 2.pow_32(120);
-        dkim_preimage[i] = modulus_hi + pubkey.modulus[i * 2 + 1];
-        dkim_preimage[i + 9] = redc_hi + pubkey.redc[i * 2 + 1];
-    }
-    let pubkey_hash = pedersen_hash(dkim_preimage);
-    // create email nullifier for email
-    let email_nullifier = pedersen_hash(signature);
-    // output the root of trust and email nullifier
-    [pubkey_hash, email_nullifier]
-}
-
 /**
  * Default email verification function
  * @dev use #[zkemail] attribute macro to apply other functionality