Hash entrypoint payload in account contract

yarn-project/acir-simulator/src/client/simulator.ts

@@ -96,7 +96,7 @@ export class AcirSimulator {
       entryPointABI,
       contractAddress,
       request.functionData,
-      request.args,
+      request.getExpandedArgs(),
       callContext,
     );
 

yarn-project/end-to-end/src/e2e_account_contract.test.ts

@@ -15,14 +15,14 @@ import { AccountContractAbi, ChildAbi } from '@aztec/noir-contracts/examples';
 
 import { ARGS_LENGTH, ContractDeploymentData, FunctionData, TxContext, TxRequest } from '@aztec/circuits.js';
 import { padArrayEnd } from '@aztec/foundation/collection';
+import { sha256 } from '@aztec/foundation/crypto';
+import { toBigInt } from '@aztec/foundation/serialize';
+import { secp256k1 } from '@noble/curves/secp256k1';
 import times from 'lodash.times';
 import { mnemonicToAccount } from 'viem/accounts';
 import { createAztecRpcServer } from './create_aztec_rpc_client.js';
 import { deployL1Contracts } from './deploy_l1_contracts.js';
 import { MNEMONIC } from './fixtures.js';
-import { toBigInt } from '@aztec/foundation/serialize';
-import { keccak } from '@aztec/foundation/crypto';
-import { secp256k1 } from '@noble/curves/secp256k1';
 
 const logger = createDebugLogger('aztec:e2e_account_contract');
 
@@ -104,6 +104,8 @@ describe('e2e_account_contract', () => {
     return [...payload.flattened_args, ...payload.flattened_selectors, ...payload.flattened_targets, payload.nonce];
   };
 
+  const toFrArray = (buf: Buffer) => Array.from(buf).map(byte => new Fr(byte));
+
   const buildPayload = (privateCalls: FunctionCall[], publicCalls: FunctionCall[]): EntrypointPayload => {
     const nonce = Fr.random();
     const emptyCall = { args: times(ARGS_LENGTH, Fr.zero), selector: Buffer.alloc(32), target: AztecAddress.ZERO };
@@ -134,7 +136,8 @@ describe('e2e_account_contract', () => {
     );
 
     // Hash the payload object, so we sign over it
-    const payloadHash = keccak(Buffer.concat(flattenPayload(payload).map(fr => fr.toBuffer())));
+    // TODO: Switch to keccak when avaiable in Noir
+    const payloadHash = sha256(Buffer.concat(flattenPayload(payload).map(fr => fr.toBuffer())));
     logger(`Payload hash: ${payloadHash.toString('hex')} (${payloadHash.length} bytes)`);
 
     // Sign using the private key that matches account contract's pubkey by default
@@ -145,17 +148,15 @@ describe('e2e_account_contract', () => {
     logger(`Signature: ${signature.toString('hex')} (${signature.length} bytes)`);
 
     // Set packed args for the call
-    const toFrArray = (buf: Buffer) => Array.from(buf).map(byte => new Fr(byte));
     txRequest.setPackedArg(0, flattenPayload(payload));
     txRequest.setPackedArg(1, toFrArray(signature));
-    txRequest.setPackedArg(2, toFrArray(payloadHash));
 
     // Create the method call using the actual args to send into Noir
     return new ContractFunctionInteractionFromTxRequest(
       aztecRpcServer,
       account.address,
       'entrypoint',
-      [...flattenPayload(payload), ...toFrArray(signature), ...toFrArray(payloadHash)],
+      [...flattenPayload(payload), ...toFrArray(signature)],
       FunctionType.SECRET,
     ).withTxRequest(txRequest);
   };
@@ -171,7 +172,7 @@ describe('e2e_account_contract', () => {
     expect(receipt.status).toBe(TxStatus.MINED);
   });
 
-  it.only('calls a public function', async () => {
+  it('calls a public function', async () => {
     const payload = buildPayload([], [callChildPubStoreValue(42)]);
     const call = buildCall(payload);
     const tx = call.send({ from: accounts[0] });

yarn-project/noir-contracts/src/contracts/account_contract/src/entrypoint.nr

@@ -25,6 +25,7 @@ impl FunctionCall {
 
 // FUNCTION_CALL_SIZE * (ACCOUNT_MAX_PUBLIC_CALLS + ACCOUNT_MAX_PRIVATE_CALLS) + 1
 global ENTRYPOINT_PAYLOAD_SIZE: comptime Field = 21;
+global ENTRYPOINT_PAYLOAD_SIZE_IN_BYTES: comptime Field = 672;
 
 // MAX_ARGS * (ACCOUNT_MAX_PUBLIC_CALLS + ACCOUNT_MAX_PRIVATE_CALLS)
 global ACCOUNT_FLATTENED_ARGS_SIZE: comptime Field = 16;
@@ -52,4 +53,73 @@ impl EntrypointPayload {
     fields = fields.push(self.nonce);
     fields.storage
   }
+
+  // Serializes the payload as an array of bytes. Useful for hashing with sha256.
+  fn to_be_bytes(self) -> [u8; ENTRYPOINT_PAYLOAD_SIZE_IN_BYTES] {
+    let mut bytes: [u8; ENTRYPOINT_PAYLOAD_SIZE_IN_BYTES] = [0; ENTRYPOINT_PAYLOAD_SIZE_IN_BYTES];
+
+    let args_len = self.flattened_args.len();
+    let selectors_len = self.flattened_selectors.len();
+    let targets_len = self.flattened_targets.len();
+
+    for i in 0..args_len {
+      let item_bytes = self.flattened_args[i].to_be_bytes(32);
+      for j in 0..32 { 
+        bytes[i * 32 + j] = item_bytes[j];
+      }
+    }
+
+    for i in 0..selectors_len {
+      let item_bytes = self.flattened_selectors[i].to_be_bytes(32);
+      for j in 0..32 { 
+        bytes[args_len * 32 + i * 32 + j] = item_bytes[j];
+      }
+    }
+
+    for i in 0..targets_len {
+      let item_bytes = self.flattened_targets[i].to_be_bytes(32);
+      for j in 0..32 { 
+        bytes[(args_len + selectors_len) * 32 + i * 32 + j] = item_bytes[j];
+      }
+    }
+
+    let item_bytes = self.nonce.to_be_bytes(32);
+    for j in 0..32 { 
+      bytes[(args_len + selectors_len + targets_len) * 32 + j] = item_bytes[j];
+    }
+
+    bytes
+  }
+
+  // TODO: This function returns all zeroes. Figure out why!
+  fn to_be_bytes_fail(self) -> [u8; ENTRYPOINT_PAYLOAD_SIZE_IN_BYTES] {
+    let mut bytes: BoundedVec<u8, ENTRYPOINT_PAYLOAD_SIZE_IN_BYTES> = BoundedVec::new(0);
+
+    // Noir crashes if we try to push_bytes the whole item_bytes into the vec
+    // See https://github.com/noir-lang/noir/issues/1023
+    for item in self.flattened_args {
+      let item_bytes = item.to_be_bytes(32);
+      for i in 0..32 { 
+        bytes.push(item_bytes[i]); 
+      }
+    }
+    for item in self.flattened_selectors {
+      let item_bytes = item.to_be_bytes(32);
+      for i in 0..32 { 
+        bytes.push(item_bytes[i]); 
+      }
+    }
+    for item in self.flattened_targets {
+      let item_bytes = item.to_be_bytes(32);
+      for i in 0..32 { 
+        bytes.push(item_bytes[i]); 
+      }
+    }
+
+    let nonce_bytes = self.nonce.to_be_bytes(32);
+    for i in 0..32 { 
+      bytes.push(nonce_bytes[i]); 
+    }
+    bytes.storage
+  }
 }

yarn-project/noir-contracts/src/contracts/account_contract/src/main.nr

@@ -18,8 +18,7 @@ contract Account {
     fn entrypoint(
         inputs: pub Inputs,
         payload: pub EntrypointPayload,
-        signature: pub [u8;64],
-        payload_hash: pub [u8;32]
+        signature: pub [u8;64]
     ) -> pub [Field; dep::aztec3::abi::PUBLIC_INPUTS_LENGTH] {
         let mut context = PrivateFunctionContext::new();
 
@@ -28,7 +27,9 @@ contract Account {
         context.args = context.args.push(payload.hash());
 
         // Verify payload signature using ethereum's signing scheme
-        // TODO: calculate payload hash here instead of receiving it as an argument
+        // TODO: Switch to keccak when available in Noir
+        let payload_bytes: [u8; entrypoint::ENTRYPOINT_PAYLOAD_SIZE_IN_BYTES] = payload.to_be_bytes();
+        let payload_hash: [u8; 32] = std::hash::sha256(payload_bytes);
         let verification = std::ecdsa_secp256k1::verify_signature(pub_key_x, pub_key_y, signature, payload_hash);
         constrain verification == 1;