feat(tee-key-preexec): add support for Solidity-compatible pubkey in report_data

This PR is part of the effort to implement on-chain TEE proof
verification. This PR goes hand in hand with https://github.com/matter-labs/zksync-era/pull/3414.

Cargo.lock

@@ -5214,8 +5214,10 @@ version = "0.3.0"
 dependencies = [
  "anyhow",
  "clap 4.5.23",
+ "hex",
  "rand",
  "secp256k1 0.29.1",
+ "sha3",
  "teepot",
  "tracing",
  "tracing-log 0.2.0",

Cargo.toml

@@ -49,6 +49,7 @@ serde = { version = "1", features = ["derive", "rc"] }
 serde_json = "1"
 serde_with = { version = "3.8", features = ["base64", "hex"] }
 sha2 = "0.10.8"
+sha3 = "0.10.8"
 signature = "2.2.0"
 tdx-attest-rs = { version = "0.1.2", git = "https://github.com/intel/SGXDataCenterAttestationPrimitives.git", rev = "aa239d25a437a28f3f4de92c38f5b6809faac842" }
 teepot = { path = "crates/teepot" }

bin/tee-key-preexec/Cargo.toml

@@ -12,8 +12,10 @@ repository.workspace = true
 [dependencies]
 anyhow.workspace = true
 clap.workspace = true
+hex.workspace = true
 rand.workspace = true
 secp256k1.workspace = true
+sha3.workspace = true
 teepot.workspace = true
 tracing.workspace = true
 tracing-log.workspace = true

bin/tee-key-preexec/src/main.rs

@@ -8,7 +8,8 @@
 
 use anyhow::{Context, Result};
 use clap::Parser;
-use secp256k1::{rand, Keypair, PublicKey, Secp256k1, SecretKey};
+use secp256k1::{rand, PublicKey, Secp256k1, SecretKey};
+use sha3::{Digest, Keccak256};
 use std::{ffi::OsString, os::unix::process::CommandExt, process::Command};
 use teepot::quote::get_quote;
 use tracing::error;
@@ -28,6 +29,19 @@ struct Args {
     cmd_args: Vec<OsString>,
 }
 
+/// Converts a public key into an Ethereum address by hashing the encoded public key with Keccak256.
+pub fn public_key_to_address(public: &PublicKey) -> [u8; 20] {
+    let public_key_bytes = public.serialize_uncompressed();
+
+    // Skip the first byte (0x04) which indicates uncompressed key
+    let hash: [u8; 32] = Keccak256::digest(&public_key_bytes[1..]).into();
+
+    // Take the last 20 bytes of the hash to get the Ethereum address
+    let mut address = [0u8; 20];
+    address.copy_from_slice(&hash[12..]);
+    address
+}
+
 fn main_with_error() -> Result<()> {
     LogTracer::init().context("Failed to set logger")?;
 
@@ -37,14 +51,11 @@ fn main_with_error() -> Result<()> {
     tracing::subscriber::set_global_default(subscriber).context("Failed to set logger")?;
 
     let args = Args::parse();
-
     let mut rng = rand::thread_rng();
     let secp = Secp256k1::new();
-    let keypair = Keypair::new(&secp, &mut rng);
+    let (signing_key, verifying_key) = secp.generate_keypair(&mut rng);
-    let signing_key = SecretKey::from_keypair(&keypair);
+    let ethereum_address = public_key_to_address(&verifying_key);
-    let verifying_key = PublicKey::from_keypair(&keypair);
+    let tee_type = match get_quote(ethereum_address.as_ref()) {
-    let verifying_key_bytes = verifying_key.serialize();
-    let tee_type = match get_quote(verifying_key_bytes.as_ref()) {
         Ok((tee_type, quote)) => {
             // save quote to file
             std::fs::write(TEE_QUOTE_FILE, quote)?;
@@ -85,3 +96,22 @@ fn main() -> Result<()> {
     }
     ret
 }
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn test_public_key_to_address() {
+        let secp = Secp256k1::new();
+        let secret_key_bytes =
+            hex::decode("c87509a1c067bbde78beb793e6fa76530b6382a4c0241e5e4a9ec0a0f44dc0d3")
+                .unwrap();
+        let secret_key = SecretKey::from_slice(&secret_key_bytes).unwrap();
+        let public_key = PublicKey::from_secret_key(&secp, &secret_key);
+        let expected_address = hex::decode("627306090abaB3A6e1400e9345bC60c78a8BEf57").unwrap();
+        let address = public_key_to_address(&public_key);
+
+        assert_eq!(address, expected_address.as_slice());
+    }
+}