fix: bind external signature verification to request

* chore: release v0.4.0-5

* fix: bind external signature verification to request

Author: isaacdecoded

package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "@zama-fhe/relayer-sdk",
-  "version": "0.5.0-alpha.1",
+  "version": "0.5.0-alpha.2",
   "description": "fhevm Relayer SDK",
   "main": "lib/node.js",
   "types": "lib/node.d.ts",
@@ -94,9 +94,9 @@
     "fetch-retry": "^6.0.0",
     "keccak": "^3.0.4",
     "node-tfhe": "1.4.0-alpha.3",
-    "node-tkms": "0.13.10-rc.0",
+    "node-tkms": "0.13.10-rc.2",
     "tfhe": "1.4.0-alpha.3",
-    "tkms": "0.13.10-rc.0",
+    "tkms": "0.13.10-rc.2",
     "wasm-feature-detect": "^1.8.0"
   },
   "devDependencies": {

package.json

@@ -1,3 +1,3 @@
 // This file is auto-generated
-export const version: string = '0.5.0-alpha.1';
+export const version: string = '0.5.0-alpha.2';
 export const sdkName: string = '@zama-fhe/relayer-sdk';

src/_version.ts

@@ -33,6 +33,26 @@ interface DelegatedUserDecryptRequest {
   defaultOptions?: FhevmInstanceOptions;
 }
 
+/**
+ * Validates that every response item's extraData matches the request's extraData.
+ * Returns the sanitized (no 0x prefix) request extraData for use in signature verification.
+ */
+function validateAndSanitizeRequestExtraData(
+  requestExtraData: BytesHex,
+  relayerUserDecryptResults: RelayerUserDecryptResult,
+): string {
+  const sanitized = requestExtraData.replace(/^0x/, '');
+  for (const result of relayerUserDecryptResults) {
+    const responseExtraData = result.extraData.replace(/^0x/, '');
+    if (responseExtraData.toLowerCase() !== sanitized.toLowerCase()) {
+      throw new Error(
+        `Response extraData does not match request extraData: expected ${requestExtraData}, got ${result.extraData}`,
+      );
+    }
+  }
+  return sanitized;
+}
+
 // Add type checking
 const getAddress = (value: string): `0x${string}` =>
   ethersGetAddress(value) as `0x${string}`;
@@ -285,6 +305,12 @@ export const userDecryptRequest =
         ...options,
       });
 
+    // Validate that response extraData matches request to prevent server tampering
+    const requestExtraDataSanitized = validateAndSanitizeRequestExtraData(
+      extraData,
+      relayerUserDecryptResults,
+    );
+
     // Response side: resolve context-aware signers
     const effectiveSigners = await resolveEffectiveSigners(
       relayerUserDecryptResults,
@@ -323,14 +349,16 @@ export const userDecryptRequest =
           h.handle.replace(/^0x/, ''),
         ),
         eip712_verifying_contract: verifyingContractAddressDecryption,
+        extra_data: requestExtraDataSanitized,
       };
 
       // Transform response to match node-tkms expected format
+      // Use request extraData (not response) to bind signature verification to the original request
       const tkmsUserDecryptResults = relayerUserDecryptResults.map(
         (result) => ({
           payload: result.payload,
           signature: result.signature,
-          extra_data: result.extraData.replace(/^0x/, ''),
+          extra_data: requestExtraDataSanitized,
         }),
       );
 
@@ -426,6 +454,12 @@ export const delegatedUserDecryptRequest =
         },
       );
 
+    // Validate that response extraData matches request to prevent server tampering
+    const requestExtraDataSanitized = validateAndSanitizeRequestExtraData(
+      extraData,
+      relayerUserDecryptResults,
+    );
+
     // Response side: resolve context-aware signers
     const effectiveSigners = await resolveEffectiveSigners(
       relayerUserDecryptResults,
@@ -464,14 +498,16 @@ export const delegatedUserDecryptRequest =
           h.handle.replace(/^0x/, ''),
         ),
         eip712_verifying_contract: verifyingContractAddressDecryption,
+        extra_data: requestExtraDataSanitized,
       };
 
       // Transform response to match node-tkms expected format
+      // Use request extraData (not response) to bind signature verification to the original request
       const tkmsUserDecryptResults = relayerUserDecryptResults.map(
         (result) => ({
           payload: result.payload,
           signature: result.signature,
-          extra_data: result.extraData.replace(/^0x/, ''),
+          extra_data: requestExtraDataSanitized,
         }),
       );