Add UserOverrideableDKIMRegistry.sol.

[wshino]

Description

Relates to zkemail/ether-email-auth#22

Type of Change

Please delete options that are not relevant.

• New feature (non-breaking change which adds functionality)

Checklist:

• I have discussed with the team prior to submitting this PR
• I have performed a self-review of my code
• I have commented my code, particularly in hard-to-understand areas
• My changes generate no new warnings
• New and existing unit tests pass locally with my changes

Coverage

| File                                                                               | % Lines          | % Statements     | % Branches      | % Funcs         |
| UserOverrideableDKIMRegistry.sol                                                   | 96.55% (56/58)   | 93.06% (67/72)   | 73.21% (41/56)  | 90.00% (9/10)   |

[SoraSuegami]

Thank you for your PR!
Could you modify the logic as follows?

1. The contract also stores address mainAuthorizer, which is provided when the contract is initialized.

2. For every function, if dkimPublicKeyHashes[domainName][publicKeyHash][mainAuthorizer] is true, a variable setThreshold increases by 1. If dkimPublicKeyHashes[domainName][publicKeyHash][msg.sender] is true, a variable setThreshold increases by 2.
   A variable revokeThreshold is defined in the same way for revokedDKIMPublicKeyHashes.

3. The isDKIMPublicKeyHashValid function returns false if 1) revokeThreshold is larger than or equal to 1 or 2) setThreshold is less than 2. Otherwise, it returns true. This spec implies that 1) either the user or the main authorizer such as the canister signer can revoke a public key alone, and 2) setting a new public key requires the user's signature even when the main authorizer already approves it.

4. The setDKIMPublicKeyHash function takes as input domainName, publicKeyHash, address authorizer, and bytes signature. First, it computes revokeThreshold for domainName and publicKeyHash and requires revokeThreshold < 2. Second, if msg.sender == authorizer, it sets dkimPublicKeyHashes[domainName][publicKeyHash][authorizer] = true and ends the process. Otherwise, it verifies signature as an EIP1271 signature if authorizer is a contract address, and verifies signature as an ECDSA signature otherwise. If and only if the signature is valid, sets dkimPublicKeyHashes[domainName][publicKeyHash][authorizer] = true.

5. The revokeDKIMPublicKeyHash function takes as input publicKeyHash, address authorizer, and bytes signature. First, it computes revokeThreshold for publicKeyHash and requires revokeThreshold < 2. Second, if msg.sender == authorizer, it sets revokedDKIMPublicKeyHashes[publicKeyHash][authorizer] = true and ends the process. Otherwise, it verifies signature as an EIP1271 signature if authorizer is a contract address, and verifies signature as an ECDSA signature otherwise. If and only if the signature is valid, sets revokedDKIMPublicKeyHashes[publicKeyHash][authorizer] = true.

[wshino]

@SoraSuegami

1. I've just fixed some test cases and README.md.
2. Also I updated the natspec for public functions in UserOverrideableDKIMRegistry.sol.
3. For reference, I've pasted the coverage result of the contract.

Question:
Should I update all of package.json version? -> resolved

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@types/psl@1.1.3	None	0	4.11 kB	types
npm/@typescript-eslint/eslint-plugin@7.6.0	Transitive: environment, eval, filesystem, unsafe	+50	13.6 MB	jameshenry
npm/@typescript-eslint/parser@7.6.0	Transitive: environment, eval, filesystem, unsafe	+49	7.07 MB	jameshenry
npm/@zk-email/zk-regex-circom@2.1.0	Transitive: environment, filesystem, shell	+1	722 kB	sora_suegami
npm/addressparser@1.0.1	None	0	11.7 kB	andris
npm/circom_runtime@0.1.24	None	+1	3.17 MB	jbaylina
npm/r1csfile@0.0.47	Transitive: filesystem, network	+3	841 kB	jbaylina
npm/snarkjs@0.7.3	Transitive: environment, eval, filesystem, network, shell, unsafe	+28	15.4 MB	jbaylina

🚮 Removed packages: npm/array.prototype.findlastindex@1.2.5, npm/array.prototype.flat@1.3.2, npm/array.prototype.flatmap@1.3.2, npm/atob@2.1.2, npm/bl@4.1.0, npm/chardet@0.7.0, npm/cli-cursor@3.1.0, npm/cli-width@3.0.0, npm/cliui@8.0.1, npm/clone@1.0.4, npm/cookie@0.4.2, npm/create-jest@29.7.0, npm/defaults@1.0.4, npm/diff@4.0.2, npm/es-shim-unscopables@1.0.2, npm/ethers@5.7.2, npm/has-bigints@1.0.2, npm/immediate@3.0.6, npm/import-local@3.1.0, npm/is-symbol@1.0.4, npm/jest-cli@29.7.0, npm/jest@29.7.0, npm/lie@3.1.1, npm/make-error@1.3.6, npm/minimist@1.2.8, npm/psl@1.9.0, npm/readable-stream@3.6.2, npm/tslib@2.6.2

View full report↗︎

[socket-security]

👍 Dependency issues cleared. Learn more about Socket for GitHub ↗︎

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

Ignoring: npm/@zk-email/zk-regex-circom@2.1.0

View full report↗︎

Next steps

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

[SoraSuegami]

@saleel Do you think we can ignore the above socket security alert?

[saleel]

@SocketSecurity ignore npm/@zk-email/helpers@6.1.1

[saleel]

@saleel Do you think we can ignore the above socket security alert?

I think its ok. The alert is because of the dependency being a http url, but its from a trusted repo.

[SoraSuegami]

@SocketSecurity ignore npm/@zk-email/zk-regex-circom@2.1.0