From b325965cd25480b62b8dc12a9c1246ee8142a701 Mon Sep 17 00:00:00 2001
From: David Kazlauskas <deividas.kazlauskas@zama.ai>
Date: Mon, 23 Sep 2024 11:20:45 +0300
Subject: [PATCH] Sync EIP712 signature with solidity contracts

---
 .../migrations/20240722111257_coprocessor.sql    |  1 +
 fhevm-engine/coprocessor/src/db_queries.rs       |  5 ++++-
 fhevm-engine/coprocessor/src/server.rs           | 16 ++++++++++++++++
 fhevm-engine/coprocessor/src/tests/utils.rs      |  3 ++-
 fhevm-engine/coprocessor/src/types.rs            |  1 +
 5 files changed, 24 insertions(+), 2 deletions(-)

diff --git a/fhevm-engine/coprocessor/migrations/20240722111257_coprocessor.sql b/fhevm-engine/coprocessor/migrations/20240722111257_coprocessor.sql
index a551766d..116cb88e 100644
--- a/fhevm-engine/coprocessor/migrations/20240722111257_coprocessor.sql
+++ b/fhevm-engine/coprocessor/migrations/20240722111257_coprocessor.sql
@@ -46,6 +46,7 @@ CREATE TABLE IF NOT EXISTS tenants (
     chain_id INT NOT NULL,
     -- for EIP712 signatures
     verifying_contract_address TEXT NOT NULL,
+    acl_contract_address TEXT NOT NULL,
     pks_key BYTEA NOT NULL,
     sks_key BYTEA NOT NULL,
     public_params BYTEA NOT NULL,
diff --git a/fhevm-engine/coprocessor/src/db_queries.rs b/fhevm-engine/coprocessor/src/db_queries.rs
index 3746937b..d2bf677e 100644
--- a/fhevm-engine/coprocessor/src/db_queries.rs
+++ b/fhevm-engine/coprocessor/src/db_queries.rs
@@ -97,6 +97,7 @@ pub async fn check_if_ciphertexts_exist_in_db(
 pub struct FetchTenantKeyResult {
     pub chain_id: i32,
     pub verifying_contract_address: String,
+    pub acl_contract_address: String,
     pub server_key: tfhe::ServerKey,
 }
 
@@ -117,6 +118,7 @@ where
                 return Ok(FetchTenantKeyResult {
                     chain_id: key.chain_id,
                     verifying_contract_address: key.verifying_contract_address.clone(),
+                    acl_contract_address: key.acl_contract_address.clone(),
                     server_key: key.sks.clone(),
                 });
             }
@@ -136,7 +138,7 @@ where
     let mut res = Vec::with_capacity(tenants_to_query.len());
     let keys = query!(
         "
-            SELECT tenant_id, chain_id, verifying_contract_address, pks_key, sks_key, public_params
+            SELECT tenant_id, chain_id, acl_contract_address, verifying_contract_address, pks_key, sks_key, public_params
             FROM tenants
             WHERE tenant_id = ANY($1::INT[])
         ",
@@ -162,6 +164,7 @@ where
             pks,
             public_params,
             chain_id: key.chain_id,
+            acl_contract_address: key.acl_contract_address,
             verifying_contract_address: key.verifying_contract_address,
         });
     }
diff --git a/fhevm-engine/coprocessor/src/server.rs b/fhevm-engine/coprocessor/src/server.rs
index 3541d7cb..6d405a13 100644
--- a/fhevm-engine/coprocessor/src/server.rs
+++ b/fhevm-engine/coprocessor/src/server.rs
@@ -99,6 +99,8 @@ pub async fn run_server_iteration(
 // for EIP712 signature
 alloy::sol! {
     struct CiphertextVerification {
+        address aclAddress;
+        bytes32 hashOfCiphertext;
         uint256[] handlesList;
         address contractAddress;
         address callerAddress;
@@ -171,6 +173,15 @@ impl coprocessor::fhevm_coprocessor_server::FhevmCoprocessor for CoprocessorServ
                     },
                 ))
             })?;
+        let acl_contract_address =
+            alloy::primitives::Address::from_str(&fetch_key_response.acl_contract_address).map_err(|e| {
+                tonic::Status::from_error(Box::new(
+                    CoprocessorError::CannotParseTenantEthereumAddress {
+                        bad_address: fetch_key_response.acl_contract_address.clone(),
+                        parsing_error: e.to_string(),
+                    },
+                ))
+            })?;
 
         let eip_712_domain = alloy::sol_types::eip712_domain! {
             name: "FHEVMCoprocessor",
@@ -285,7 +296,12 @@ impl coprocessor::fhevm_coprocessor_server::FhevmCoprocessor for CoprocessorServ
             .await
             .map_err(Into::<CoprocessorError>::into)?;
 
+            let mut hash_of_ciphertext: [u8; 32] = [0; 32];
+            hash_of_ciphertext.copy_from_slice(&blob_hash);
+
             let mut ct_verification = CiphertextVerification {
+                hashOfCiphertext: alloy::primitives::FixedBytes(hash_of_ciphertext),
+                aclAddress: acl_contract_address,
                 contractAddress: contract_addresses[idx],
                 callerAddress: caller_addresses[idx],
                 handlesList: Vec::with_capacity(corresponding_unpacked.len()),
diff --git a/fhevm-engine/coprocessor/src/tests/utils.rs b/fhevm-engine/coprocessor/src/tests/utils.rs
index 868a9789..bb7bd393 100644
--- a/fhevm-engine/coprocessor/src/tests/utils.rs
+++ b/fhevm-engine/coprocessor/src/tests/utils.rs
@@ -211,11 +211,12 @@ pub async fn setup_test_user(pool: &sqlx::PgPool) -> Result<(), Box<dyn std::err
         .expect("can't read public params");
     sqlx::query!(
         "
-            INSERT INTO tenants(tenant_api_key, tenant_id, chain_id, verifying_contract_address, pks_key, sks_key, public_params, cks_key)
+            INSERT INTO tenants(tenant_api_key, tenant_id, chain_id, acl_contract_address, verifying_contract_address, pks_key, sks_key, public_params, cks_key)
             VALUES (
                 'a1503fb6-d79b-4e9e-826d-44cf262f3e05',
                 1,
                 12345,
+                '0x168813841d158Ea8508f91f71aF338e4cB4d396e',
                 '0x6819e3aDc437fAf9D533490eD3a7552493fCE3B1',
                 $1,
                 $2,
diff --git a/fhevm-engine/coprocessor/src/types.rs b/fhevm-engine/coprocessor/src/types.rs
index 0b1215a2..f848b6b9 100644
--- a/fhevm-engine/coprocessor/src/types.rs
+++ b/fhevm-engine/coprocessor/src/types.rs
@@ -177,6 +177,7 @@ pub struct TfheTenantKeys {
     pub tenant_id: i32,
     pub chain_id: i32,
     pub verifying_contract_address: String,
+    pub acl_contract_address: String,
     pub sks: tfhe::ServerKey,
 
     // only used in tests, that's why we put dead_code