From 2605e2ae3a415b13529a0e8f31fb53fd51bcea5d Mon Sep 17 00:00:00 2001 From: Harald Hoyer Date: Wed, 2 Apr 2025 16:03:01 +0200 Subject: [PATCH] refactor(verify-era-proof-attestation): modularize and restructure proof verification logic - Split `verify-era-proof-attestation` into modular subcomponents for maintainability. - Moved client, proof handling, and core types into dedicated modules. --- Cargo.lock | 1856 +++-------------- Cargo.toml | 1 - bin/verify-era-proof-attestation/Cargo.toml | 14 +- bin/verify-era-proof-attestation/README.md | 76 + .../examples/attestation_policy.yaml | 31 + bin/verify-era-proof-attestation/src/args.rs | 95 - .../src/client.rs | 45 - .../src/client/http.rs | 66 + .../src/client/json_rpc.rs | 58 + .../src/client/mod.rs | 12 + .../src/client/retry.rs | 107 + .../src/core/config.rs | 455 ++++ .../src/core/constants.rs | 19 + .../src/core/mod.rs | 12 + .../src/core/types.rs | 101 + bin/verify-era-proof-attestation/src/error.rs | 103 + bin/verify-era-proof-attestation/src/main.rs | 270 +-- .../src/processor/batch_processor.rs | 118 ++ .../src/processor/continuous_processor.rs | 95 + .../src/processor/mod.rs | 65 + .../src/processor/one_shot_processor.rs | 79 + bin/verify-era-proof-attestation/src/proof.rs | 172 -- .../src/proof/fetcher.rs | 139 ++ .../src/proof/mod.rs | 9 + .../src/proof/parsing.rs | 277 +++ .../src/proof/types.rs | 83 + .../src/verification.rs | 208 -- .../src/verification/attestation.rs | 35 + .../src/verification/batch.rs | 141 ++ .../src/verification/mod.rs | 14 + .../src/verification/policy.rs | 212 ++ .../src/verification/reporting.rs | 93 + .../src/verification/signature.rs | 157 ++ crates/teepot/src/quote/tcblevel.rs | 4 +- 34 files changed, 2918 insertions(+), 2304 deletions(-) create mode 100644 bin/verify-era-proof-attestation/README.md create mode 100644 bin/verify-era-proof-attestation/examples/attestation_policy.yaml delete mode 100644 bin/verify-era-proof-attestation/src/args.rs delete mode 100644 bin/verify-era-proof-attestation/src/client.rs create mode 100644 bin/verify-era-proof-attestation/src/client/http.rs create mode 100644 bin/verify-era-proof-attestation/src/client/json_rpc.rs create mode 100644 bin/verify-era-proof-attestation/src/client/mod.rs create mode 100644 bin/verify-era-proof-attestation/src/client/retry.rs create mode 100644 bin/verify-era-proof-attestation/src/core/config.rs create mode 100644 bin/verify-era-proof-attestation/src/core/constants.rs create mode 100644 bin/verify-era-proof-attestation/src/core/mod.rs create mode 100644 bin/verify-era-proof-attestation/src/core/types.rs create mode 100644 bin/verify-era-proof-attestation/src/error.rs create mode 100644 bin/verify-era-proof-attestation/src/processor/batch_processor.rs create mode 100644 bin/verify-era-proof-attestation/src/processor/continuous_processor.rs create mode 100644 bin/verify-era-proof-attestation/src/processor/mod.rs create mode 100644 bin/verify-era-proof-attestation/src/processor/one_shot_processor.rs delete mode 100644 bin/verify-era-proof-attestation/src/proof.rs create mode 100644 bin/verify-era-proof-attestation/src/proof/fetcher.rs create mode 100644 bin/verify-era-proof-attestation/src/proof/mod.rs create mode 100644 bin/verify-era-proof-attestation/src/proof/parsing.rs create mode 100644 bin/verify-era-proof-attestation/src/proof/types.rs delete mode 100644 bin/verify-era-proof-attestation/src/verification.rs create mode 100644 bin/verify-era-proof-attestation/src/verification/attestation.rs create mode 100644 bin/verify-era-proof-attestation/src/verification/batch.rs create mode 100644 bin/verify-era-proof-attestation/src/verification/mod.rs create mode 100644 bin/verify-era-proof-attestation/src/verification/policy.rs create mode 100644 bin/verify-era-proof-attestation/src/verification/reporting.rs create mode 100644 bin/verify-era-proof-attestation/src/verification/signature.rs diff --git a/Cargo.lock b/Cargo.lock index e12e690..08b0c8c 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -31,7 +31,7 @@ dependencies = [ "actix-tls", "actix-utils", "ahash", - "base64 0.22.1", + "base64", "bitflags 2.8.0", "brotli", "bytes", @@ -434,7 +434,7 @@ dependencies = [ "actix-service", "actix-tls", "actix-utils", - "base64 0.22.1", + "base64", "bytes", "cfg-if", "cookie", @@ -481,34 +481,6 @@ dependencies = [ "paste", ] -[[package]] -name = "axum" -version = "0.6.20" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3b829e4e32b91e643de6eafe82b1d90675f5874230191a4ffbc1b336dec4d6bf" -dependencies = [ - "async-trait", - "axum-core 0.3.4", - "bitflags 1.3.2", - "bytes", - "futures-util", - "http 0.2.12", - "http-body 0.4.6", - "hyper 0.14.32", - "itoa", - "matchit", - "memchr", - "mime", - "percent-encoding", - "pin-project-lite", - "rustversion", - "serde", - "sync_wrapper 0.1.2", - "tower 0.4.13", - "tower-layer", - "tower-service", -] - [[package]] name = "axum" version = "0.7.9" @@ -516,11 +488,11 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "edca88bc138befd0323b20752846e6587272d3b03b0343c8ea28a6f819e6e71f" dependencies = [ "async-trait", - "axum-core 0.4.5", + "axum-core", "bytes", "futures-util", "http 1.2.0", - "http-body 1.0.1", + "http-body", "http-body-util", "itoa", "matchit", @@ -530,29 +502,12 @@ dependencies = [ "pin-project-lite", "rustversion", "serde", - "sync_wrapper 1.0.2", + "sync_wrapper", "tower 0.5.2", "tower-layer", "tower-service", ] -[[package]] -name = "axum-core" -version = "0.3.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "759fa577a247914fd3f7f76d62972792636412fbfd634cd452f6a385a74d2d2c" -dependencies = [ - "async-trait", - "bytes", - "futures-util", - "http 0.2.12", - "http-body 0.4.6", - "mime", - "rustversion", - "tower-layer", - "tower-service", -] - [[package]] name = "axum-core" version = "0.4.5" @@ -563,12 +518,12 @@ dependencies = [ "bytes", "futures-util", "http 1.2.0", - "http-body 1.0.1", + "http-body", "http-body-util", "mime", "pin-project-lite", "rustversion", - "sync_wrapper 1.0.2", + "sync_wrapper", "tower-layer", "tower-service", ] @@ -585,27 +540,15 @@ dependencies = [ "miniz_oxide", "object", "rustc-demangle", - "windows-targets 0.52.6", + "windows-targets", ] -[[package]] -name = "base16ct" -version = "0.1.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "349a06037c7bf932dd7e7d1f653678b2038b9ad46a74102f1fc7bd7872678cce" - [[package]] name = "base16ct" version = "0.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4c7f02d4ea65f2c1853089ffd8d2787bdbc63de2f0d29dedbcf8ccdfa0ccd4cf" -[[package]] -name = "base64" -version = "0.21.7" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9d297deb1925b89f2ccc13d7635fa0714f12c87adce1c75356b39ca9b7178567" - [[package]] name = "base64" version = "0.22.1" @@ -618,26 +561,6 @@ version = "1.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8c3c1a368f70d6cf7302d78f8f7093da241fb8e8807c05cc9e51a125895a6d5b" -[[package]] -name = "beef" -version = "0.5.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3a8241f3ebb85c056b509d4327ad0358fbbba6ffb340bf388f26350aeda225b1" -dependencies = [ - "serde", -] - -[[package]] -name = "bigdecimal" -version = "0.3.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a6773ddc0eafc0e509fb60e48dff7f450f8e674a0686ae8605e8d9901bd5eefa" -dependencies = [ - "num-bigint", - "num-integer", - "num-traits", -] - [[package]] name = "bindgen" version = "0.59.2" @@ -656,7 +579,7 @@ dependencies = [ "proc-macro2", "quote", "regex", - "rustc-hash", + "rustc-hash 1.1.0", "shlex", "which", ] @@ -678,7 +601,7 @@ dependencies = [ "proc-macro2", "quote", "regex", - "rustc-hash", + "rustc-hash 1.1.0", "shlex", "syn 2.0.98", "which", @@ -701,18 +624,12 @@ dependencies = [ "proc-macro2", "quote", "regex", - "rustc-hash", + "rustc-hash 1.1.0", "shlex", "syn 2.0.98", "which", ] -[[package]] -name = "bit-vec" -version = "0.6.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "349f9b6a179ed607305526ca489b34ad0a41aed5f7980fa90eb03160b69598fb" - [[package]] name = "bitcoin-io" version = "0.1.3" @@ -957,11 +874,9 @@ checksum = "7e36cc9d416881d2e24f9a963be5fb1cd90966419ac844274161d10488b3e825" dependencies = [ "android-tzdata", "iana-time-zone", - "js-sys", "num-traits", "serde", - "wasm-bindgen", - "windows-targets 0.52.6", + "windows-targets", ] [[package]] @@ -1027,7 +942,7 @@ version = "4.5.28" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "bf4ced95c6f4a675af3da73304b9ac4ed991640c36374e4b46795c49e17cf1ed" dependencies = [ - "heck 0.5.0", + "heck", "proc-macro2", "quote", "syn 2.0.98", @@ -1066,8 +981,8 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7b77c319abfd5219629c45c34c89ba945ed3c5e49fcde9d16b6c3885f118a730" dependencies = [ "const-oid", - "der 0.7.9", - "spki 0.7.3", + "der", + "spki", "x509-cert", ] @@ -1098,10 +1013,19 @@ dependencies = [ "serde", "serde_json", "toml", - "winnow 0.7.3", + "winnow", "yaml-rust2", ] +[[package]] +name = "const-decoder" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b381abde2cdc1bc3817e394b24e05667a2dc89f37570cbd34d9c397d99e56e3f" +dependencies = [ + "compile-fmt", +] + [[package]] name = "const-oid" version = "0.9.6" @@ -1200,39 +1124,12 @@ dependencies = [ "cfg-if", ] -[[package]] -name = "crossbeam-channel" -version = "0.5.14" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "06ba6d68e24814cb8de6bb986db8222d3a027d15872cabc0d18817bc3c0e4471" -dependencies = [ - "crossbeam-utils", -] - -[[package]] -name = "crossbeam-utils" -version = "0.8.21" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d0a5c400df2834b80a4c3327b3aad3a4c4cd4de0629063962b03235697506a28" - [[package]] name = "crunchy" version = "0.2.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "43da5946c66ffcc7745f48db692ffbb10a83bfe0afd96235c5c2a4fb23994929" -[[package]] -name = "crypto-bigint" -version = "0.4.9" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ef2b4b23cddf68b89b8f8069890e8c270d54e2d5fe1b143820234805e4cb17ef" -dependencies = [ - "generic-array", - "rand_core", - "subtle", - "zeroize", -] - [[package]] name = "crypto-bigint" version = "0.5.5" @@ -1256,6 +1153,16 @@ dependencies = [ "typenum", ] +[[package]] +name = "ctor" +version = "0.2.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "32a2785755761f3ddc1492979ce1e48d2c00d09311c39e4466429188f3dd6501" +dependencies = [ + "quote", + "syn 2.0.98", +] + [[package]] name = "ctr" version = "0.9.2" @@ -1371,26 +1278,6 @@ dependencies = [ "generic-array", ] -[[package]] -name = "debugid" -version = "0.8.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bef552e6f588e446098f6ba40d89ac146c8c7b64aade83c051ee00bb5d2bc18d" -dependencies = [ - "serde", - "uuid", -] - -[[package]] -name = "der" -version = "0.6.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f1a467a65c5e759bce6e65eaf91cc29f466cdc57cb65777bd646872a8a1fd4de" -dependencies = [ - "const-oid", - "zeroize", -] - [[package]] name = "der" version = "0.7.9" @@ -1471,18 +1358,18 @@ dependencies = [ [[package]] name = "derive_more" -version = "1.0.0-beta.6" +version = "1.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f7abbfc297053be59290e3152f8cbcd52c8642e0728b69ee187d991d4c1af08d" +checksum = "4a9b99b9cbbe49445b21764dc0625032a89b145a2642e67603e1c936f5458d05" dependencies = [ "derive_more-impl", ] [[package]] name = "derive_more-impl" -version = "1.0.0-beta.6" +version = "1.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2bba3e9872d7c58ce7ef0fcf1844fcc3e23ef2a58377b50df35dd98e42a5726e" +checksum = "cb7330aeadfbe296029522e6c40f315320aba36fc43a5b3632f3795348f3bd22" dependencies = [ "proc-macro2", "quote", @@ -1531,10 +1418,10 @@ dependencies = [ "digest", "num-bigint-dig", "num-traits", - "pkcs8 0.10.2", - "rfc6979 0.4.0", + "pkcs8", + "rfc6979", "sha2", - "signature 2.2.0", + "signature", "zeroize", ] @@ -1563,30 +1450,18 @@ dependencies = [ "subtle", ] -[[package]] -name = "ecdsa" -version = "0.14.8" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "413301934810f597c1d19ca71c8710e99a3f1ba28a0d2ebc01551a2daeea3c5c" -dependencies = [ - "der 0.6.1", - "elliptic-curve 0.12.3", - "rfc6979 0.3.1", - "signature 1.6.4", -] - [[package]] name = "ecdsa" version = "0.16.9" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ee27f32b5c5292967d2d4a9d7f1e0b0aed2c15daded5a60300e4abb9d8020bca" dependencies = [ - "der 0.7.9", + "der", "digest", - "elliptic-curve 0.13.8", - "rfc6979 0.4.0", - "signature 2.2.0", - "spki 0.7.3", + "elliptic-curve", + "rfc6979", + "signature", + "spki", ] [[package]] @@ -1595,8 +1470,8 @@ version = "2.2.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "115531babc129696a58c64a4fef0a8bf9e9698629fb97e9e40767d235cfbcd53" dependencies = [ - "pkcs8 0.10.2", - "signature 2.2.0", + "pkcs8", + "signature", ] [[package]] @@ -1619,43 +1494,23 @@ version = "1.13.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "60b1af1c220855b6ceac025d3f6ecdd2b7c4894bfe9cd9bda4fbb4bc7c0d4cf0" -[[package]] -name = "elliptic-curve" -version = "0.12.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e7bb888ab5300a19b8e5bceef25ac745ad065f3c9f7efc6de1b91958110891d3" -dependencies = [ - "base16ct 0.1.1", - "crypto-bigint 0.4.9", - "der 0.6.1", - "digest", - "ff 0.12.1", - "generic-array", - "group 0.12.1", - "pkcs8 0.9.0", - "rand_core", - "sec1 0.3.0", - "subtle", - "zeroize", -] - [[package]] name = "elliptic-curve" version = "0.13.8" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b5e6043086bf7973472e0c7dff2142ea0b680d30e18d9cc40f267efbf222bd47" dependencies = [ - "base16ct 0.2.0", - "crypto-bigint 0.5.5", + "base16ct", + "crypto-bigint", "digest", - "ff 0.13.0", + "ff", "generic-array", - "group 0.13.0", + "group", "hkdf", "pem-rfc7468 0.7.0", - "pkcs8 0.10.2", + "pkcs8", "rand_core", - "sec1 0.7.3", + "sec1", "subtle", "zeroize", ] @@ -1788,16 +1643,6 @@ version = "2.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "37909eebbb50d72f9059c3b6d82c0463f2ff062c9e95845c43a6c9c0355411be" -[[package]] -name = "ff" -version = "0.12.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d013fc25338cc558c5c2cfbad646908fb23591e2404481826742b651c9af7160" -dependencies = [ - "rand_core", - "subtle", -] - [[package]] name = "ff" version = "0.13.0" @@ -1814,18 +1659,6 @@ version = "0.2.9" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "28dea519a9695b9977216879a3ebfddf92f1c08c05d984f8996aecd6ecdc811d" -[[package]] -name = "findshlibs" -version = "0.10.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "40b9e59cd0f7e0806cca4be089683ecb6434e602038df21fe6bf6711b2f07f64" -dependencies = [ - "cc", - "lazy_static", - "libc", - "winapi", -] - [[package]] name = "fixed-hash" version = "0.8.0" @@ -1838,12 +1671,6 @@ dependencies = [ "static_assertions", ] -[[package]] -name = "fixedbitset" -version = "0.4.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0ce7134b9999ecaf8bcd65542e436736ef32ddca1b3e06094cb6ec5755203b80" - [[package]] name = "flagset" version = "0.4.6" @@ -2032,7 +1859,7 @@ dependencies = [ "cfg-if", "libc", "wasi 0.13.3+wasi-0.2.2", - "windows-targets 0.52.6", + "windows-targets", ] [[package]] @@ -2059,15 +1886,15 @@ checksum = "a8d1add55171497b4705a648c6b583acafb01d58050a51727785f0b2c8e0a2b2" [[package]] name = "gloo-net" -version = "0.5.0" +version = "0.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "43aaa242d1239a8822c15c645f02166398da4f8b5c4bae795c1f5b44e9eee173" +checksum = "c06f627b1a58ca3d42b45d6104bf1e1a03799df472df00988b6ba21accc10580" dependencies = [ "futures-channel", "futures-core", "futures-sink", "gloo-utils", - "http 0.2.12", + "http 1.2.0", "js-sys", "pin-project", "serde", @@ -2115,24 +1942,13 @@ dependencies = [ "uuid", ] -[[package]] -name = "group" -version = "0.12.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5dfbfb3a6cfbd390d5c9564ab283a0349b9b9fcd46a706c1eb10e0db70bfbac7" -dependencies = [ - "ff 0.12.1", - "rand_core", - "subtle", -] - [[package]] name = "group" version = "0.13.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f0f9ef7462f7c099f518d754361858f86d8a07af53ba9af0fe635bbccb151a63" dependencies = [ - "ff 0.13.0", + "ff", "rand_core", "subtle", ] @@ -2205,12 +2021,6 @@ dependencies = [ "hashbrown 0.14.5", ] -[[package]] -name = "heck" -version = "0.4.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "95505c38b4572b2d910cecb0281560f54b440a19336cbbcb27bf6ce6adc6f5a8" - [[package]] name = "heck" version = "0.5.0" @@ -2268,17 +2078,6 @@ dependencies = [ "windows-sys 0.59.0", ] -[[package]] -name = "hostname" -version = "0.3.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3c731c3e10504cc8ed35cfe2f1db4c9274c3d35fa486e3b31df46f068ef3e867" -dependencies = [ - "libc", - "match_cfg", - "winapi", -] - [[package]] name = "http" version = "0.2.12" @@ -2301,17 +2100,6 @@ dependencies = [ "itoa", ] -[[package]] -name = "http-body" -version = "0.4.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7ceab25649e9960c0311ea418d17bee82c0dcec1bd053b5f9a66e265a693bed2" -dependencies = [ - "bytes", - "http 0.2.12", - "pin-project-lite", -] - [[package]] name = "http-body" version = "1.0.1" @@ -2331,7 +2119,7 @@ dependencies = [ "bytes", "futures-util", "http 1.2.0", - "http-body 1.0.1", + "http-body", "pin-project-lite", ] @@ -2353,30 +2141,6 @@ version = "2.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9a3a5bfb195931eeb336b2a7b4d761daec841b97f947d34394601737a7bba5e4" -[[package]] -name = "hyper" -version = "0.14.32" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "41dfc780fdec9373c01bae43289ea34c972e40ee3c9f6b3c8801a35f35586ce7" -dependencies = [ - "bytes", - "futures-channel", - "futures-core", - "futures-util", - "h2 0.3.26", - "http 0.2.12", - "http-body 0.4.6", - "httparse", - "httpdate", - "itoa", - "pin-project-lite", - "socket2", - "tokio", - "tower-service", - "tracing", - "want", -] - [[package]] name = "hyper" version = "1.6.0" @@ -2388,7 +2152,7 @@ dependencies = [ "futures-util", "h2 0.4.8", "http 1.2.0", - "http-body 1.0.1", + "http-body", "httparse", "httpdate", "itoa", @@ -2406,7 +2170,7 @@ checksum = "2d191583f3da1305256f22463b9bb0471acad48a4e534a5218b9963e9c1f59b2" dependencies = [ "futures-util", "http 1.2.0", - "hyper 1.6.0", + "hyper", "hyper-util", "log", "rustls", @@ -2416,44 +2180,19 @@ dependencies = [ "tower-service", ] -[[package]] -name = "hyper-timeout" -version = "0.4.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bbb958482e8c7be4bc3cf272a766a2b0bf1a6755e7a6ae777f017a31d11b13b1" -dependencies = [ - "hyper 0.14.32", - "pin-project-lite", - "tokio", - "tokio-io-timeout", -] - [[package]] name = "hyper-timeout" version = "0.5.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2b90d566bffbce6a75bd8b09a05aa8c2cb1fabb6cb348f8840c9e4c90a0d83b0" dependencies = [ - "hyper 1.6.0", + "hyper", "hyper-util", "pin-project-lite", "tokio", "tower-service", ] -[[package]] -name = "hyper-tls" -version = "0.5.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d6183ddfa99b85da61a140bea0efc93fdf56ceaa041b37d553518030827f9905" -dependencies = [ - "bytes", - "hyper 0.14.32", - "native-tls", - "tokio", - "tokio-native-tls", -] - [[package]] name = "hyper-tls" version = "0.6.0" @@ -2462,7 +2201,7 @@ checksum = "70206fc6890eaca9fde8a0bf71caa2ddfc9fe045ac9e5c70df101a7dbde866e0" dependencies = [ "bytes", "http-body-util", - "hyper 1.6.0", + "hyper", "hyper-util", "native-tls", "tokio", @@ -2480,8 +2219,8 @@ dependencies = [ "futures-channel", "futures-util", "http 1.2.0", - "http-body 1.0.1", - "hyper 1.6.0", + "http-body", + "hyper", "pin-project-lite", "socket2", "tokio", @@ -2762,15 +2501,6 @@ version = "1.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "071ed4cc1afd86650602c7b11aa2e1ce30762a1c27193201cb5cee9c6ebb1294" -[[package]] -name = "itertools" -version = "0.10.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b0fd2260e829bddf4cb6ea802289de2f86d6a7a690192fbe91b3f46e0f2c8473" -dependencies = [ - "either", -] - [[package]] name = "itertools" version = "0.12.1" @@ -2836,15 +2566,15 @@ dependencies = [ [[package]] name = "jsonrpsee" -version = "0.23.2" +version = "0.24.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "62b089779ad7f80768693755a031cc14a7766aba707cbe886674e3f79e9b7e47" +checksum = "834af00800e962dee8f7bfc0f60601de215e73e78e5497d733a2919da837d3c8" dependencies = [ "jsonrpsee-client-transport", "jsonrpsee-core", "jsonrpsee-http-client", "jsonrpsee-proc-macros", - "jsonrpsee-types 0.23.2", + "jsonrpsee-types", "jsonrpsee-wasm-client", "jsonrpsee-ws-client", "tracing", @@ -2852,11 +2582,11 @@ dependencies = [ [[package]] name = "jsonrpsee-client-transport" -version = "0.23.2" +version = "0.24.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "08163edd8bcc466c33d79e10f695cdc98c00d1e6ddfb95cec41b6b0279dd5432" +checksum = "def0fd41e2f53118bd1620478d12305b2c75feef57ea1f93ef70568c98081b7e" dependencies = [ - "base64 0.22.1", + "base64", "futures-channel", "futures-util", "gloo-net", @@ -2877,22 +2607,20 @@ dependencies = [ [[package]] name = "jsonrpsee-core" -version = "0.23.2" +version = "0.24.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "79712302e737d23ca0daa178e752c9334846b08321d439fd89af9a384f8c830b" +checksum = "76637f6294b04e747d68e69336ef839a3493ca62b35bf488ead525f7da75c5bb" dependencies = [ - "anyhow", "async-trait", - "beef", "bytes", "futures-timer", "futures-util", "http 1.2.0", - "http-body 1.0.1", + "http-body", "http-body-util", - "jsonrpsee-types 0.23.2", + "jsonrpsee-types", "pin-project", - "rustc-hash", + "rustc-hash 2.1.1", "serde", "serde_json", "thiserror 1.0.69", @@ -2904,18 +2632,18 @@ dependencies = [ [[package]] name = "jsonrpsee-http-client" -version = "0.23.2" +version = "0.24.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2d90064e04fb9d7282b1c71044ea94d0bbc6eff5621c66f1a0bce9e9de7cf3ac" +checksum = "87c24e981ad17798bbca852b0738bfb7b94816ed687bd0d5da60bfa35fa0fdc3" dependencies = [ "async-trait", - "base64 0.22.1", - "http-body 1.0.1", - "hyper 1.6.0", + "base64", + "http-body", + "hyper", "hyper-rustls", "hyper-util", "jsonrpsee-core", - "jsonrpsee-types 0.23.2", + "jsonrpsee-types", "rustls", "rustls-platform-verifier", "serde", @@ -2929,12 +2657,12 @@ dependencies = [ [[package]] name = "jsonrpsee-proc-macros" -version = "0.23.2" +version = "0.24.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7895f186d5921065d96e16bd795e5ca89ac8356ec423fafc6e3d7cf8ec11aee4" +checksum = "5e65763c942dfc9358146571911b0cd1c361c2d63e2d2305622d40d36376ca80" dependencies = [ - "heck 0.5.0", - "proc-macro-crate 3.2.0", + "heck", + "proc-macro-crate", "proc-macro2", "quote", "syn 2.0.98", @@ -2942,22 +2670,9 @@ dependencies = [ [[package]] name = "jsonrpsee-types" -version = "0.23.2" +version = "0.24.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d9c465fbe385238e861fdc4d1c85e04ada6c1fd246161d26385c1b311724d2af" -dependencies = [ - "beef", - "http 1.2.0", - "serde", - "serde_json", - "thiserror 1.0.69", -] - -[[package]] -name = "jsonrpsee-types" -version = "0.24.8" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ddb81adb1a5ae9182df379e374a79e24e992334e7346af4d065ae5b2acb8d4c6" +checksum = "08a8e70baf945b6b5752fc8eb38c918a48f1234daf11355e07106d963f860089" dependencies = [ "http 1.2.0", "serde", @@ -2967,40 +2682,28 @@ dependencies = [ [[package]] name = "jsonrpsee-wasm-client" -version = "0.23.2" +version = "0.24.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4727ac037f834c6f04c0912cada7532dbddb54e92fbc64e33d6cb8c24af313c9" +checksum = "42e41af42ca39657313748174d02766e5287d3a57356f16756dbd8065b933977" dependencies = [ "jsonrpsee-client-transport", "jsonrpsee-core", - "jsonrpsee-types 0.23.2", + "jsonrpsee-types", ] [[package]] name = "jsonrpsee-ws-client" -version = "0.23.2" +version = "0.24.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1c28759775f5cb2f1ea9667672d3fe2b0e701d1f4b7b67954e60afe7fd058b5e" +checksum = "6f4f3642a292f5b76d8a16af5c88c16a0860f2ccc778104e5c848b28183d9538" dependencies = [ "http 1.2.0", "jsonrpsee-client-transport", "jsonrpsee-core", - "jsonrpsee-types 0.23.2", + "jsonrpsee-types", "url", ] -[[package]] -name = "k256" -version = "0.11.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "72c1e0b51e7ec0a97369623508396067a486bd0cbed95a2659a4b863d28cfc8b" -dependencies = [ - "cfg-if", - "ecdsa 0.14.8", - "elliptic-curve 0.12.3", - "sha2", -] - [[package]] name = "k256" version = "0.13.4" @@ -3008,11 +2711,11 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f6e3919bbaa2945715f0bb6d3934a173d1e9a59ac23767fbaaef277265a7411b" dependencies = [ "cfg-if", - "ecdsa 0.16.9", - "elliptic-curve 0.13.8", + "ecdsa", + "elliptic-curve", "once_cell", "sha2", - "signature 2.2.0", + "signature", ] [[package]] @@ -3058,7 +2761,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "fc2f4eb4bc735547cfed7c0a4922cbd04a4655978c09b54f1f7b228750664c34" dependencies = [ "cfg-if", - "windows-targets 0.52.6", + "windows-targets", ] [[package]] @@ -3067,26 +2770,6 @@ version = "0.2.11" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8355be11b20d696c8f18f6cc018c4e372165b1fa8126cef092399c9951984ffa" -[[package]] -name = "linkme" -version = "0.3.31" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "566336154b9e58a4f055f6dd4cbab62c7dc0826ce3c0a04e63b2d2ecd784cdae" -dependencies = [ - "linkme-impl", -] - -[[package]] -name = "linkme-impl" -version = "0.3.31" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "edbe595006d355eaf9ae11db92707d4338cd2384d16866131cc1afdbdd35d8d9" -dependencies = [ - "proc-macro2", - "quote", - "syn 2.0.98", -] - [[package]] name = "linux-raw-sys" version = "0.4.15" @@ -3132,44 +2815,6 @@ version = "0.4.25" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "04cbf5b083de1c7e0222a7a51dbfdba1cbe1c6ab0b15e29fff3f6c077fd9cd9f" -[[package]] -name = "logos" -version = "0.13.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c000ca4d908ff18ac99b93a062cb8958d331c3220719c52e77cb19cc6ac5d2c1" -dependencies = [ - "logos-derive", -] - -[[package]] -name = "logos-codegen" -version = "0.13.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dc487311295e0002e452025d6b580b77bb17286de87b57138f3b5db711cded68" -dependencies = [ - "beef", - "fnv", - "proc-macro2", - "quote", - "regex-syntax 0.6.29", - "syn 2.0.98", -] - -[[package]] -name = "logos-derive" -version = "0.13.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dbfc0d229f1f42d790440136d941afd806bc9e949e2bcb8faa813b0f00d1267e" -dependencies = [ - "logos-codegen", -] - -[[package]] -name = "match_cfg" -version = "0.1.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ffbee8634e0d45d258acb448e7eaab3fce7a0a467395d4d9f228e3c1f01fb2e4" - [[package]] name = "matchers" version = "0.1.0" @@ -3201,29 +2846,6 @@ version = "2.7.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "78ca9ab1a0babb1e7d5695e3530886289c18cf2f87ec19a575a0abdce112e3a3" -[[package]] -name = "miette" -version = "5.10.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "59bb584eaeeab6bd0226ccf3509a69d7936d148cf3d036ad350abe35e8c6856e" -dependencies = [ - "miette-derive", - "once_cell", - "thiserror 1.0.69", - "unicode-width", -] - -[[package]] -name = "miette-derive" -version = "5.10.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "49e7bc1560b95a3c4a25d03de42fe76ca718ab92d1a22a55b9b4cf67b3ae635c" -dependencies = [ - "proc-macro2", - "quote", - "syn 2.0.98", -] - [[package]] name = "mime" version = "0.3.17" @@ -3257,12 +2879,6 @@ dependencies = [ "windows-sys 0.52.0", ] -[[package]] -name = "multimap" -version = "0.10.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "defc4c55412d89136f966bbb339008b474350e5e6e78d2714439c386b3137a03" - [[package]] name = "mutually_exclusive_features" version = "0.1.0" @@ -3306,20 +2922,6 @@ dependencies = [ "winapi", ] -[[package]] -name = "num" -version = "0.4.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "35bd024e8b2ff75562e5f34e7f4905839deb4b22955ef5e73d2fea1b9813cb23" -dependencies = [ - "num-bigint", - "num-complex", - "num-integer", - "num-iter", - "num-rational", - "num-traits", -] - [[package]] name = "num-bigint" version = "0.4.6" @@ -3328,7 +2930,6 @@ checksum = "a5e44f723f1133c9deac646763579fdb3ac745e418f2a7af9cd0c431da1f20b9" dependencies = [ "num-integer", "num-traits", - "serde", ] [[package]] @@ -3349,16 +2950,6 @@ dependencies = [ "zeroize", ] -[[package]] -name = "num-complex" -version = "0.4.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "73f88a1307638156682bada9d7604135552957b7818057dcef22705b4d509495" -dependencies = [ - "num-traits", - "serde", -] - [[package]] name = "num-conv" version = "0.1.0" @@ -3385,18 +2976,6 @@ dependencies = [ "num-traits", ] -[[package]] -name = "num-rational" -version = "0.4.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f83d14da390562dca69fc84082e73e548e1ad308d24accdedd2720017cb37824" -dependencies = [ - "num-bigint", - "num-integer", - "num-traits", - "serde", -] - [[package]] name = "num-traits" version = "0.2.19" @@ -3407,34 +2986,13 @@ dependencies = [ "libm", ] -[[package]] -name = "num_enum" -version = "0.6.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7a015b430d3c108a207fd776d2e2196aaf8b1cf8cf93253e3a097ff3085076a1" -dependencies = [ - "num_enum_derive 0.6.1", -] - [[package]] name = "num_enum" version = "0.7.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4e613fc340b2220f734a8595782c551f1250e969d87d3be1ae0579e8d4065179" dependencies = [ - "num_enum_derive 0.7.3", -] - -[[package]] -name = "num_enum_derive" -version = "0.6.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "96667db765a921f7b295ffee8b60472b686a51d4f21c2ee4ffdb94c7013b65a6" -dependencies = [ - "proc-macro-crate 1.3.1", - "proc-macro2", - "quote", - "syn 2.0.98", + "num_enum_derive", ] [[package]] @@ -3443,7 +3001,7 @@ version = "0.7.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "af1844ef2428cc3e1cb900be36181049ef3d3193c63e43026cfe202983b27a56" dependencies = [ - "proc-macro-crate 3.2.0", + "proc-macro-crate", "proc-macro2", "quote", "syn 2.0.98", @@ -3526,16 +3084,6 @@ dependencies = [ "vcpkg", ] -[[package]] -name = "opentelemetry" -version = "0.20.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9591d937bc0e6d2feb6f71a559540ab300ea49955229c347a517a28d27784c54" -dependencies = [ - "opentelemetry_api", - "opentelemetry_sdk 0.20.0", -] - [[package]] name = "opentelemetry" version = "0.28.0" @@ -3557,26 +3105,13 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c513c7af3bec30113f3d4620134ff923295f1e9c580fda2b8abe0831f925ddc0" dependencies = [ "log", - "opentelemetry 0.28.0", + "opentelemetry", "tracing", "tracing-core", - "tracing-log 0.2.0", + "tracing-log", "tracing-subscriber", ] -[[package]] -name = "opentelemetry-http" -version = "0.9.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c7594ec0e11d8e33faf03530a4c49af7064ebba81c1480e01be67d90b356508b" -dependencies = [ - "async-trait", - "bytes", - "http 0.2.12", - "opentelemetry_api", - "reqwest 0.11.27", -] - [[package]] name = "opentelemetry-http" version = "0.28.0" @@ -3586,32 +3121,11 @@ dependencies = [ "async-trait", "bytes", "http 1.2.0", - "opentelemetry 0.28.0", - "reqwest 0.12.12", + "opentelemetry", + "reqwest", "tracing", ] -[[package]] -name = "opentelemetry-otlp" -version = "0.13.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7e5e5a5c4135864099f3faafbe939eb4d7f9b80ebf68a8448da961b32a7c1275" -dependencies = [ - "async-trait", - "futures-core", - "http 0.2.12", - "opentelemetry-http 0.9.0", - "opentelemetry-proto 0.3.0", - "opentelemetry-semantic-conventions 0.12.0", - "opentelemetry_api", - "opentelemetry_sdk 0.20.0", - "prost 0.11.9", - "reqwest 0.11.27", - "thiserror 1.0.69", - "tokio", - "tonic 0.9.2", -] - [[package]] name = "opentelemetry-otlp" version = "0.28.0" @@ -3621,49 +3135,28 @@ dependencies = [ "async-trait", "futures-core", "http 1.2.0", - "opentelemetry 0.28.0", - "opentelemetry-http 0.28.0", - "opentelemetry-proto 0.28.0", - "opentelemetry_sdk 0.28.0", - "prost 0.13.5", - "reqwest 0.12.12", + "opentelemetry", + "opentelemetry-http", + "opentelemetry-proto", + "opentelemetry_sdk", + "prost", + "reqwest", "thiserror 2.0.11", "tokio", - "tonic 0.12.3", + "tonic", "tracing", ] -[[package]] -name = "opentelemetry-proto" -version = "0.3.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b1e3f814aa9f8c905d0ee4bde026afd3b2577a97c10e1699912e3e44f0c4cbeb" -dependencies = [ - "opentelemetry_api", - "opentelemetry_sdk 0.20.0", - "prost 0.11.9", - "tonic 0.9.2", -] - [[package]] name = "opentelemetry-proto" version = "0.28.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "56f8870d3024727e99212eb3bb1762ec16e255e3e6f58eeb3dc8db1aa226746d" dependencies = [ - "opentelemetry 0.28.0", - "opentelemetry_sdk 0.28.0", - "prost 0.13.5", - "tonic 0.12.3", -] - -[[package]] -name = "opentelemetry-semantic-conventions" -version = "0.12.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "73c9f9340ad135068800e7f1b24e9e09ed9e7143f5bf8518ded3d3ec69789269" -dependencies = [ - "opentelemetry 0.20.0", + "opentelemetry", + "opentelemetry_sdk", + "prost", + "tonic", ] [[package]] @@ -3672,45 +3165,6 @@ version = "0.28.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2fb3a2f78c2d55362cd6c313b8abedfbc0142ab3c2676822068fd2ab7d51f9b7" -[[package]] -name = "opentelemetry_api" -version = "0.20.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8a81f725323db1b1206ca3da8bb19874bbd3f57c3bcd59471bfb04525b265b9b" -dependencies = [ - "futures-channel", - "futures-util", - "indexmap 1.9.3", - "js-sys", - "once_cell", - "pin-project-lite", - "thiserror 1.0.69", - "urlencoding", -] - -[[package]] -name = "opentelemetry_sdk" -version = "0.20.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fa8e705a0612d48139799fcbaba0d4a90f06277153e43dd2bdc16c6f0edd8026" -dependencies = [ - "async-trait", - "crossbeam-channel", - "futures-channel", - "futures-executor", - "futures-util", - "once_cell", - "opentelemetry_api", - "ordered-float 3.9.2", - "percent-encoding", - "rand", - "regex", - "serde_json", - "thiserror 1.0.69", - "tokio", - "tokio-stream", -] - [[package]] name = "opentelemetry_sdk" version = "0.28.0" @@ -3722,7 +3176,7 @@ dependencies = [ "futures-executor", "futures-util", "glob", - "opentelemetry 0.28.0", + "opentelemetry", "percent-encoding", "rand", "serde_json", @@ -3732,35 +3186,6 @@ dependencies = [ "tracing", ] -[[package]] -name = "ordered-float" -version = "2.10.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "68f19d67e5a2795c94e73e0bb1cc1a7edeb2e28efd39e2e1c9b7a40c1108b11c" -dependencies = [ - "num-traits", -] - -[[package]] -name = "ordered-float" -version = "3.9.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f1e1c390732d15f1d48471625cd92d154e66db2c56645e29a9cd26f4699f72dc" -dependencies = [ - "num-traits", -] - -[[package]] -name = "os_info" -version = "3.10.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2a604e53c24761286860eba4e2c8b23a0161526476b1de520139d69cdb85a6b5" -dependencies = [ - "log", - "serde", - "windows-sys 0.52.0", -] - [[package]] name = "overload" version = "0.1.1" @@ -3773,8 +3198,8 @@ version = "0.13.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c9863ad85fa8f4460f9c48cb909d38a0d689dba1f6f6988a5e3e0d31071bcd4b" dependencies = [ - "ecdsa 0.16.9", - "elliptic-curve 0.13.8", + "ecdsa", + "elliptic-curve", "primeorder", "sha2", ] @@ -3785,8 +3210,8 @@ version = "0.13.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "fe42f1670a52a47d448f14b6a5c61dd78fce51856e68edaa38f7ae3a46b8d6b6" dependencies = [ - "ecdsa 0.16.9", - "elliptic-curve 0.13.8", + "ecdsa", + "elliptic-curve", "primeorder", "sha2", ] @@ -3797,9 +3222,9 @@ version = "0.13.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0fc9e2161f1f215afdfce23677034ae137bbd45016a880c2eb3ba8eb95f085b2" dependencies = [ - "base16ct 0.2.0", - "ecdsa 0.16.9", - "elliptic-curve 0.13.8", + "base16ct", + "ecdsa", + "elliptic-curve", "primeorder", "rand_core", "sha2", @@ -3827,7 +3252,7 @@ version = "3.7.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "581c837bb6b9541ce7faa9377c20616e4fb7650f6b0f68bc93c827ee504fb7b3" dependencies = [ - "proc-macro-crate 3.2.0", + "proc-macro-crate", "proc-macro2", "quote", "syn 2.0.98", @@ -3853,7 +3278,7 @@ dependencies = [ "libc", "redox_syscall", "smallvec", - "windows-targets 0.52.6", + "windows-targets", ] [[package]] @@ -3887,11 +3312,11 @@ checksum = "c04c052a5cf901a229d69fb8804b04c8017c143712529c6e8277aac243fc2989" dependencies = [ "chrono", "cms", - "der 0.7.9", + "der", "digest", "num-traits", "pem-rfc7468 1.0.0-rc.2", - "reqwest 0.12.12", + "reqwest", "rsa", "sha1", "sha2", @@ -3928,16 +3353,6 @@ version = "2.3.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e3148f5046208a5d56bcfc03053e3ca6334e51da8dfb19b6cdc8b306fae3283e" -[[package]] -name = "petgraph" -version = "0.6.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b4c5cc86750666a3ed20bdaf5ca2a0344f9c67674cae0515bec2da16fbaa47db" -dependencies = [ - "fixedbitset", - "indexmap 2.7.1", -] - [[package]] name = "pgp" version = "0.15.0" @@ -3948,7 +3363,7 @@ dependencies = [ "aes-gcm", "aes-kw", "argon2", - "base64 0.22.1", + "base64", "bitfield", "block-padding", "blowfish", @@ -3964,27 +3379,27 @@ dependencies = [ "crc24", "curve25519-dalek", "derive_builder", - "derive_more 1.0.0-beta.6", + "derive_more 1.0.0", "des", "digest", "dsa", "eax", - "ecdsa 0.16.9", + "ecdsa", "ed25519-dalek", - "elliptic-curve 0.13.8", + "elliptic-curve", "flate2", "generic-array", "hex", "hkdf", "idea", "iter-read", - "k256 0.13.4", + "k256", "log", "md-5", "nom", "num-bigint-dig", "num-traits", - "num_enum 0.7.3", + "num_enum", "ocb3", "p256", "p384", @@ -3996,7 +3411,7 @@ dependencies = [ "sha1-checked", "sha2", "sha3", - "signature 2.2.0", + "signature", "smallvec", "thiserror 2.0.11", "twofish", @@ -4042,19 +3457,9 @@ version = "0.7.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c8ffb9f10fa047879315e6625af03c164b16962a5368d724ed16323b68ace47f" dependencies = [ - "der 0.7.9", - "pkcs8 0.10.2", - "spki 0.7.3", -] - -[[package]] -name = "pkcs8" -version = "0.9.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9eca2c590a5f85da82668fa685c09ce2888b9430e83299debf1f34b65fd4a4ba" -dependencies = [ - "der 0.6.1", - "spki 0.6.0", + "der", + "pkcs8", + "spki", ] [[package]] @@ -4063,8 +3468,8 @@ version = "0.10.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f950b2377845cebe5cf8b5165cb3cc1a5e0fa5cfa3e1f7f55707d8fd82e0a7b7" dependencies = [ - "der 0.7.9", - "spki 0.7.3", + "der", + "spki", ] [[package]] @@ -4116,7 +3521,7 @@ version = "0.13.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "353e1ca18966c16d9deb1c69278edbc5f194139612772bd9537af60ac231e1e6" dependencies = [ - "elliptic-curve 0.13.8", + "elliptic-curve", ] [[package]] @@ -4132,23 +3537,13 @@ dependencies = [ "uint", ] -[[package]] -name = "proc-macro-crate" -version = "1.3.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7f4c021e1093a56626774e81216a4ce732a735e5bad4868a03f3ed65ca0c3919" -dependencies = [ - "once_cell", - "toml_edit 0.19.15", -] - [[package]] name = "proc-macro-crate" version = "3.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8ecf48c7ca261d60b74ab1a7b20da18bede46776b2e55535cb958eb595c5fa7b" dependencies = [ - "toml_edit 0.22.24", + "toml_edit", ] [[package]] @@ -4183,26 +3578,6 @@ dependencies = [ "syn 2.0.98", ] -[[package]] -name = "prost" -version = "0.11.9" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0b82eaa1d779e9a4bc1c3217db8ffbeabaae1dca241bf70183242128d48681cd" -dependencies = [ - "bytes", - "prost-derive 0.11.9", -] - -[[package]] -name = "prost" -version = "0.12.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "deb1435c188b76130da55f17a466d252ff7b1418b2ad3e037d127b94e3411f29" -dependencies = [ - "bytes", - "prost-derive 0.12.6", -] - [[package]] name = "prost" version = "0.13.5" @@ -4210,54 +3585,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2796faa41db3ec313a31f7624d9286acf277b52de526150b7e69f3debf891ee5" dependencies = [ "bytes", - "prost-derive 0.13.5", -] - -[[package]] -name = "prost-build" -version = "0.12.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "22505a5c94da8e3b7c2996394d1c933236c4d743e81a410bcca4e6989fc066a4" -dependencies = [ - "bytes", - "heck 0.5.0", - "itertools 0.12.1", - "log", - "multimap", - "once_cell", - "petgraph", - "prettyplease", - "prost 0.12.6", - "prost-types", - "regex", - "syn 2.0.98", - "tempfile", -] - -[[package]] -name = "prost-derive" -version = "0.11.9" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e5d2d8d10f3c6ded6da8b05b5fb3b8a5082514344d56c9f871412d29b4e075b4" -dependencies = [ - "anyhow", - "itertools 0.10.5", - "proc-macro2", - "quote", - "syn 1.0.109", -] - -[[package]] -name = "prost-derive" -version = "0.12.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "81bddcdb20abf9501610992b6759a4c888aef7d1a7247ef75e2404275ac24af1" -dependencies = [ - "anyhow", - "itertools 0.12.1", - "proc-macro2", - "quote", - "syn 2.0.98", + "prost-derive", ] [[package]] @@ -4273,67 +3601,6 @@ dependencies = [ "syn 2.0.98", ] -[[package]] -name = "prost-reflect" -version = "0.12.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "057237efdb71cf4b3f9396302a3d6599a92fa94063ba537b66130980ea9909f3" -dependencies = [ - "base64 0.21.7", - "logos", - "miette", - "once_cell", - "prost 0.12.6", - "prost-types", - "serde", - "serde-value", -] - -[[package]] -name = "prost-types" -version = "0.12.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9091c90b0a32608e984ff2fa4091273cbdd755d54935c51d520887f4a1dbd5b0" -dependencies = [ - "prost 0.12.6", -] - -[[package]] -name = "protox" -version = "0.5.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "00bb76c5f6221de491fe2c8f39b106330bbd9762c6511119c07940e10eb9ff11" -dependencies = [ - "bytes", - "miette", - "prost 0.12.6", - "prost-reflect", - "prost-types", - "protox-parse", - "thiserror 1.0.69", -] - -[[package]] -name = "protox-parse" -version = "0.5.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7b4581f441c58863525a3e6bec7b8de98188cf75239a56c725a3e7288450a33f" -dependencies = [ - "logos", - "miette", - "prost-types", - "thiserror 1.0.69", -] - -[[package]] -name = "quick-protobuf" -version = "0.8.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9d6da84cc204722a989e01ba2f6e1e276e190f22263d0cb6ce8526fcdb0d2e1f" -dependencies = [ - "byteorder", -] - [[package]] name = "quote" version = "1.0.38" @@ -4438,53 +3705,13 @@ version = "0.8.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2b15c43186be67a4fd63bee50d0303afffcef381492ebe2c5d87f324e1b8815c" -[[package]] -name = "reqwest" -version = "0.11.27" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dd67538700a17451e7cba03ac727fb961abb7607553461627b97de0b89cf4a62" -dependencies = [ - "base64 0.21.7", - "bytes", - "encoding_rs", - "futures-core", - "futures-util", - "h2 0.3.26", - "http 0.2.12", - "http-body 0.4.6", - "hyper 0.14.32", - "hyper-tls 0.5.0", - "ipnet", - "js-sys", - "log", - "mime", - "native-tls", - "once_cell", - "percent-encoding", - "pin-project-lite", - "rustls-pemfile 1.0.4", - "serde", - "serde_json", - "serde_urlencoded", - "sync_wrapper 0.1.2", - "system-configuration 0.5.1", - "tokio", - "tokio-native-tls", - "tower-service", - "url", - "wasm-bindgen", - "wasm-bindgen-futures", - "web-sys", - "winreg", -] - [[package]] name = "reqwest" version = "0.12.12" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "43e734407157c3c2034e0258f5e4473ddb361b1e85f95a66690d67264d7cd1da" dependencies = [ - "base64 0.22.1", + "base64", "bytes", "encoding_rs", "futures-channel", @@ -4492,11 +3719,11 @@ dependencies = [ "futures-util", "h2 0.4.8", "http 1.2.0", - "http-body 1.0.1", + "http-body", "http-body-util", - "hyper 1.6.0", + "hyper", "hyper-rustls", - "hyper-tls 0.6.0", + "hyper-tls", "hyper-util", "ipnet", "js-sys", @@ -4506,12 +3733,12 @@ dependencies = [ "once_cell", "percent-encoding", "pin-project-lite", - "rustls-pemfile 2.2.0", + "rustls-pemfile", "serde", "serde_json", "serde_urlencoded", - "sync_wrapper 1.0.2", - "system-configuration 0.6.1", + "sync_wrapper", + "system-configuration", "tokio", "tokio-native-tls", "tower 0.5.2", @@ -4523,17 +3750,6 @@ dependencies = [ "windows-registry", ] -[[package]] -name = "rfc6979" -version = "0.3.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7743f17af12fa0b03b803ba12cd6a8d9483a587e89c69445e3909655c0b9fabb" -dependencies = [ - "crypto-bigint 0.4.9", - "hmac", - "zeroize", -] - [[package]] name = "rfc6979" version = "0.4.0" @@ -4589,11 +3805,11 @@ dependencies = [ "num-integer", "num-traits", "pkcs1", - "pkcs8 0.10.2", + "pkcs8", "rand_core", "sha2", - "signature 2.2.0", - "spki 0.7.3", + "signature", + "spki", "subtle", "zeroize", ] @@ -4624,6 +3840,12 @@ version = "1.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "08d43f7aa6b08d49f382cde6a7982047c3426db949b1424bc4b7ec9ae12c6ce2" +[[package]] +name = "rustc-hash" +version = "2.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "357703d41365b4b27c590e3ed91eabb1b663f07c4c084095e60cbed4362dff0d" + [[package]] name = "rustc-hex" version = "2.1.0" @@ -4675,21 +3897,12 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e5bfb394eeed242e909609f56089eecfe5fda225042e8b171791b9c95f5931e5" dependencies = [ "openssl-probe", - "rustls-pemfile 2.2.0", + "rustls-pemfile", "rustls-pki-types", "schannel", "security-framework", ] -[[package]] -name = "rustls-pemfile" -version = "1.0.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1c74cae0a4cf6ccbbf5f359f08efdf8ee7e1dc532573bf0db71968cb56b1448c" -dependencies = [ - "base64 0.21.7", -] - [[package]] name = "rustls-pemfile" version = "2.2.0" @@ -4780,30 +3993,16 @@ version = "1.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49" -[[package]] -name = "sec1" -version = "0.3.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3be24c1842290c45df0a7bf069e0c268a747ad05a192f2fd7dcfdbc1cba40928" -dependencies = [ - "base16ct 0.1.1", - "der 0.6.1", - "generic-array", - "pkcs8 0.9.0", - "subtle", - "zeroize", -] - [[package]] name = "sec1" version = "0.7.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d3e97a565f76233a6003f9f5c54be1d9c5bdfa3eccfb189469f11ec4901c47dc" dependencies = [ - "base16ct 0.2.0", - "der 0.7.9", + "base16ct", + "der", "generic-array", - "pkcs8 0.10.2", + "pkcs8", "subtle", "zeroize", ] @@ -4848,9 +4047,9 @@ dependencies = [ [[package]] name = "secrecy" -version = "0.8.0" +version = "0.10.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9bd1c54ea06cfd2f6b63219704de0b9b4f72dcc2b8fdef820be6cd799780e91e" +checksum = "e891af845473308773346dc847b2c23ee78fe442e0472ac50e22a18a93d3ae5a" dependencies = [ "zeroize", ] @@ -4891,114 +4090,6 @@ version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f638d531eccd6e23b980caf34876660d38e265409d8e99b397ab71eb3612fad0" -[[package]] -name = "sentry" -version = "0.31.8" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6ce4b57f1b521f674df7a1d200be8ff5d74e3712020ee25b553146657b5377d5" -dependencies = [ - "httpdate", - "native-tls", - "reqwest 0.11.27", - "sentry-backtrace", - "sentry-contexts", - "sentry-core", - "sentry-debug-images", - "sentry-panic", - "sentry-tracing", - "tokio", - "ureq", -] - -[[package]] -name = "sentry-backtrace" -version = "0.31.8" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "58cc8d4e04a73de8f718dc703943666d03f25d3e9e4d0fb271ca0b8c76dfa00e" -dependencies = [ - "backtrace", - "once_cell", - "regex", - "sentry-core", -] - -[[package]] -name = "sentry-contexts" -version = "0.31.8" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6436c1bad22cdeb02179ea8ef116ffc217797c028927def303bc593d9320c0d1" -dependencies = [ - "hostname", - "libc", - "os_info", - "rustc_version", - "sentry-core", - "uname", -] - -[[package]] -name = "sentry-core" -version = "0.31.8" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "901f761681f97db3db836ef9e094acdd8756c40215326c194201941947164ef1" -dependencies = [ - "once_cell", - "rand", - "sentry-types", - "serde", - "serde_json", -] - -[[package]] -name = "sentry-debug-images" -version = "0.31.8" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "afdb263e73d22f39946f6022ed455b7561b22ff5553aca9be3c6a047fa39c328" -dependencies = [ - "findshlibs", - "once_cell", - "sentry-core", -] - -[[package]] -name = "sentry-panic" -version = "0.31.8" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "74fbf1c163f8b6a9d05912e1b272afa27c652e8b47ea60cb9a57ad5e481eea99" -dependencies = [ - "sentry-backtrace", - "sentry-core", -] - -[[package]] -name = "sentry-tracing" -version = "0.31.8" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "82eabcab0a047040befd44599a1da73d3adb228ff53b5ed9795ae04535577704" -dependencies = [ - "sentry-backtrace", - "sentry-core", - "tracing-core", - "tracing-subscriber", -] - -[[package]] -name = "sentry-types" -version = "0.31.8" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "da956cca56e0101998c8688bc65ce1a96f00673a0e58e663664023d4c7911e82" -dependencies = [ - "debugid", - "hex", - "rand", - "serde", - "serde_json", - "thiserror 1.0.69", - "time", - "url", - "uuid", -] - [[package]] name = "serde" version = "1.0.218" @@ -5008,16 +4099,6 @@ dependencies = [ "serde_derive", ] -[[package]] -name = "serde-value" -version = "0.7.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f3a1a3341211875ef120e117ea7fd5228530ae7e7036a779fdc9117be6b3282c" -dependencies = [ - "ordered-float 2.10.1", - "serde", -] - [[package]] name = "serde_derive" version = "1.0.218" @@ -5068,6 +4149,7 @@ version = "1.14.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "678b5a069e50bf00ecd22d0cd8ddf7c236f68581b03db652061ed5eb13a312ff" dependencies = [ + "hex", "serde", "serde_with_macros 1.5.2", ] @@ -5078,7 +4160,7 @@ version = "3.12.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d6b6f7f2fcb69f747921f79f3926bd1e203fce4fef62c268dd3abfb6d86029aa" dependencies = [ - "base64 0.22.1", + "base64", "chrono", "hex", "indexmap 1.9.3", @@ -5160,17 +4242,6 @@ dependencies = [ "digest", ] -[[package]] -name = "sha2_ce" -version = "0.10.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "eca2daa77078f4ddff27e75c4bf59e4c2697525f56dbb3c842d34a5d1f2b04a2" -dependencies = [ - "cfg-if", - "cpufeatures", - "digest", -] - [[package]] name = "sha3" version = "0.10.8" @@ -5192,16 +4263,6 @@ dependencies = [ "teepot", ] -[[package]] -name = "sha3_ce" -version = "0.10.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "34c9a08202c50378d8a07a5f458193a5f542d2828ac6640263dbc0c2533ea25e" -dependencies = [ - "digest", - "keccak", -] - [[package]] name = "sharded-slab" version = "0.1.7" @@ -5226,16 +4287,6 @@ dependencies = [ "libc", ] -[[package]] -name = "signature" -version = "1.6.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "74233d3b3b2f6d4b006dc19dee745e73e2a6bfb6f93607cd3b02bd5b00797d7c" -dependencies = [ - "digest", - "rand_core", -] - [[package]] name = "signature" version = "2.2.0" @@ -5283,7 +4334,7 @@ version = "0.8.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2e859df029d160cb88608f5d7df7fb4753fd20fdfb4de5644f3d8b8440841721" dependencies = [ - "base64 0.22.1", + "base64", "bytes", "futures", "httparse", @@ -5298,16 +4349,6 @@ version = "0.9.8" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6980e8d7511241f8acf4aebddbb1ff938df5eebe98691418c4468d0b72a96a67" -[[package]] -name = "spki" -version = "0.6.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "67cf02bbac7a337dc36e4f5a693db6c21e7863f45070f7064577eb4367a3212b" -dependencies = [ - "base64ct", - "der 0.6.1", -] - [[package]] name = "spki" version = "0.7.3" @@ -5315,7 +4356,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d91ed6c858b01f942cd56b37a94b3e0a1798290327d1236e4d9cf4eaca44d29d" dependencies = [ "base64ct", - "der 0.7.9", + "der", ] [[package]] @@ -5350,24 +4391,24 @@ checksum = "7da8b5736845d9f2fcb837ea5d9e2628564b3b043a70948a3f0b778838c5fb4f" [[package]] name = "strum" -version = "0.24.1" +version = "0.26.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "063e6045c0e62079840579a7e47a355ae92f60eb74daaf156fb1e84ba164e63f" +checksum = "8fec0f0aef304996cf250b31b5a10dee7980c85da9d759361292b8bca5a18f06" dependencies = [ "strum_macros", ] [[package]] name = "strum_macros" -version = "0.24.3" +version = "0.26.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1e385be0d24f186b4ce2f9982191e7101bb737312ad61c1f2f984f34bcf85d59" +checksum = "4c6bee85a5a24955dc440386795aa378cd9cf82acd5f764469152d2270e581be" dependencies = [ - "heck 0.4.1", + "heck", "proc-macro2", "quote", "rustversion", - "syn 1.0.109", + "syn 2.0.98", ] [[package]] @@ -5398,12 +4439,6 @@ dependencies = [ "unicode-ident", ] -[[package]] -name = "sync_wrapper" -version = "0.1.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2047c6ded9c721764247e62cd3b03c09ffc529b2ba5b10ec482ae507a4a70160" - [[package]] name = "sync_wrapper" version = "1.0.2" @@ -5424,17 +4459,6 @@ dependencies = [ "syn 2.0.98", ] -[[package]] -name = "system-configuration" -version = "0.5.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ba3a3adc5c275d719af8cb4272ea1c4a6d668a777f37e115f6d11ddbc1c8e0e7" -dependencies = [ - "bitflags 1.3.2", - "core-foundation", - "system-configuration-sys 0.5.0", -] - [[package]] name = "system-configuration" version = "0.6.1" @@ -5443,17 +4467,7 @@ checksum = "3c879d448e9d986b661742763247d3693ed13609438cf3d006f51f5368a5ba6b" dependencies = [ "bitflags 2.8.0", "core-foundation", - "system-configuration-sys 0.6.0", -] - -[[package]] -name = "system-configuration-sys" -version = "0.5.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a75fb188eb626b924683e3b95e3a48e63551fcfb51949de2f06a9d91dbee93c9" -dependencies = [ - "core-foundation-sys", - "libc", + "system-configuration-sys", ] [[package]] @@ -5520,7 +4534,7 @@ dependencies = [ "secp256k1 0.30.0", "teepot", "tracing", - "tracing-log 0.2.0", + "tracing-log", "tracing-subscriber", ] @@ -5533,7 +4547,7 @@ dependencies = [ "rsa", "teepot", "tracing", - "tracing-log 0.2.0", + "tracing-log", "tracing-subscriber", "x509-cert", ] @@ -5544,10 +4558,10 @@ version = "0.3.0" dependencies = [ "actix-web", "anyhow", - "base64 0.22.1", + "base64", "teepot", "tracing", - "tracing-log 0.2.0", + "tracing-log", "tracing-subscriber", ] @@ -5562,7 +4576,7 @@ dependencies = [ "teepot", "teepot-vault", "tracing", - "tracing-log 0.2.0", + "tracing-log", "tracing-subscriber", ] @@ -5583,7 +4597,7 @@ dependencies = [ "teepot-vault", "tracing", "tracing-actix-web", - "tracing-log 0.2.0", + "tracing-log", "tracing-subscriber", ] @@ -5600,7 +4614,7 @@ dependencies = [ "teepot", "teepot-vault", "tracing", - "tracing-log 0.2.0", + "tracing-log", "tracing-subscriber", ] @@ -5610,7 +4624,7 @@ version = "0.3.0" dependencies = [ "anyhow", "async-trait", - "base64 0.22.1", + "base64", "bytemuck", "clap 4.5.30", "config", @@ -5620,14 +4634,14 @@ dependencies = [ "hex", "num-integer", "num-traits", - "opentelemetry 0.28.0", + "opentelemetry", "opentelemetry-appender-tracing", - "opentelemetry-otlp 0.28.0", - "opentelemetry-semantic-conventions 0.28.0", - "opentelemetry_sdk 0.28.0", + "opentelemetry-otlp", + "opentelemetry-semantic-conventions", + "opentelemetry_sdk", "p256", - "pkcs8 0.10.2", - "reqwest 0.12.12", + "pkcs8", + "reqwest", "rsa", "rustls", "secp256k1 0.30.0", @@ -5635,7 +4649,7 @@ dependencies = [ "serde_json", "sha2", "sha3", - "signature 2.2.0", + "signature", "tdx-attest-rs", "teepot-tee-quote-verification-rs", "testaso", @@ -5643,7 +4657,7 @@ dependencies = [ "tokio", "tracing", "tracing-futures", - "tracing-log 0.2.0", + "tracing-log", "tracing-subscriber", "tracing-test", "x509-cert", @@ -5661,7 +4675,7 @@ dependencies = [ "serde_json", "teepot-vault", "tracing", - "tracing-log 0.2.0", + "tracing-log", "tracing-subscriber", ] @@ -5681,7 +4695,7 @@ dependencies = [ "actix-web", "anyhow", "awc", - "base64 0.22.1", + "base64", "bytes", "clap 4.5.30", "const-oid", @@ -5713,7 +4727,7 @@ dependencies = [ "serde_json", "teepot-vault", "tracing", - "tracing-log 0.2.0", + "tracing-log", "tracing-subscriber", ] @@ -5904,16 +4918,6 @@ dependencies = [ "windows-sys 0.52.0", ] -[[package]] -name = "tokio-io-timeout" -version = "1.2.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "30b74022ada614a1b4834de765f9bb43877f910cc8ce4be40e89042c9223a8bf" -dependencies = [ - "pin-project-lite", - "tokio", -] - [[package]] name = "tokio-macros" version = "2.5.0" @@ -5979,7 +4983,7 @@ dependencies = [ "serde", "serde_spanned", "toml_datetime", - "toml_edit 0.22.24", + "toml_edit", ] [[package]] @@ -5991,17 +4995,6 @@ dependencies = [ "serde", ] -[[package]] -name = "toml_edit" -version = "0.19.15" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1b5bb770da30e5cbfde35a2d7b9b8a2c4b8ef89548a7a6aeab5c9a576e3e7421" -dependencies = [ - "indexmap 2.7.1", - "toml_datetime", - "winnow 0.5.40", -] - [[package]] name = "toml_edit" version = "0.22.24" @@ -6012,35 +5005,7 @@ dependencies = [ "serde", "serde_spanned", "toml_datetime", - "winnow 0.7.3", -] - -[[package]] -name = "tonic" -version = "0.9.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3082666a3a6433f7f511c7192923fa1fe07c69332d3c6a2e6bb040b569199d5a" -dependencies = [ - "async-trait", - "axum 0.6.20", - "base64 0.21.7", - "bytes", - "futures-core", - "futures-util", - "h2 0.3.26", - "http 0.2.12", - "http-body 0.4.6", - "hyper 0.14.32", - "hyper-timeout 0.4.1", - "percent-encoding", - "pin-project", - "prost 0.11.9", - "tokio", - "tokio-stream", - "tower 0.4.13", - "tower-layer", - "tower-service", - "tracing", + "winnow", ] [[package]] @@ -6051,19 +5016,19 @@ checksum = "877c5b330756d856ffcc4553ab34a5684481ade925ecc54bcd1bf02b1d0d4d52" dependencies = [ "async-stream", "async-trait", - "axum 0.7.9", - "base64 0.22.1", + "axum", + "base64", "bytes", "h2 0.4.8", "http 1.2.0", - "http-body 1.0.1", + "http-body", "http-body-util", - "hyper 1.6.0", - "hyper-timeout 0.5.2", + "hyper", + "hyper-timeout", "hyper-util", "percent-encoding", "pin-project", - "prost 0.13.5", + "prost", "socket2", "tokio", "tokio-stream", @@ -6102,7 +5067,7 @@ dependencies = [ "futures-core", "futures-util", "pin-project-lite", - "sync_wrapper 1.0.2", + "sync_wrapper", "tokio", "tower-layer", "tower-service", @@ -6176,17 +5141,6 @@ dependencies = [ "tracing", ] -[[package]] -name = "tracing-log" -version = "0.1.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f751112709b4e791d8ce53e32c4ed2d353565a795ce84da2285393f41557bdf2" -dependencies = [ - "log", - "once_cell", - "tracing-core", -] - [[package]] name = "tracing-log" version = "0.2.0" @@ -6198,22 +5152,6 @@ dependencies = [ "tracing-core", ] -[[package]] -name = "tracing-opentelemetry" -version = "0.21.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "75327c6b667828ddc28f5e3f169036cb793c3f588d83bf0f262a7f062ffed3c8" -dependencies = [ - "once_cell", - "opentelemetry 0.20.0", - "opentelemetry_sdk 0.20.0", - "smallvec", - "tracing", - "tracing-core", - "tracing-log 0.1.4", - "tracing-subscriber", -] - [[package]] name = "tracing-serde" version = "0.2.0" @@ -6239,10 +5177,9 @@ dependencies = [ "sharded-slab", "smallvec", "thread_local", - "time", "tracing", "tracing-core", - "tracing-log 0.2.0", + "tracing-log", "tracing-serde", ] @@ -6300,15 +5237,6 @@ dependencies = [ "static_assertions", ] -[[package]] -name = "uname" -version = "0.1.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b72f89f0ca32e4db1c04e2a72f5345d59796d4866a1ee0609084569f73683dc8" -dependencies = [ - "libc", -] - [[package]] name = "unicode-ident" version = "1.0.17" @@ -6349,19 +5277,6 @@ version = "0.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1" -[[package]] -name = "ureq" -version = "2.12.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "02d1a66277ed75f640d608235660df48c8e3c19f3b4edb6a263315626cc3c01d" -dependencies = [ - "base64 0.22.1", - "log", - "native-tls", - "once_cell", - "url", -] - [[package]] name = "url" version = "2.5.4" @@ -6374,12 +5289,6 @@ dependencies = [ "serde", ] -[[package]] -name = "urlencoding" -version = "2.1.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "daf8dba3b7eb870caf1ddeed7bc9d2a049f3cfdfae7cb521b087cc33ae4c49da" - [[package]] name = "utf16_iter" version = "1.0.5" @@ -6399,7 +5308,6 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8c1f41ffb7cf259f1ecc2876861a17e7142e63ead296f671f81f6ae85903e0d6" dependencies = [ "getrandom 0.3.1", - "serde", ] [[package]] @@ -6430,12 +5338,12 @@ version = "0.3.0" dependencies = [ "actix-web", "anyhow", - "base64 0.22.1", + "base64", "clap 4.5.30", "serde_json", "teepot-vault", "tracing", - "tracing-log 0.2.0", + "tracing-log", "tracing-subscriber", ] @@ -6464,15 +5372,19 @@ dependencies = [ name = "verify-era-proof-attestation" version = "0.3.0" dependencies = [ - "anyhow", + "bytes", "clap 4.5.30", + "enumset", "hex", - "jsonrpsee-types 0.24.8", - "reqwest 0.12.12", + "jsonrpsee-types", + "reqwest", "secp256k1 0.30.0", "serde", + "serde_json", "serde_with 3.12.0", + "serde_yaml", "teepot", + "thiserror 2.0.11", "tokio", "tracing", "tracing-subscriber", @@ -6490,36 +5402,23 @@ checksum = "0b928f33d975fc6ad9f86c8f283853ad26bdd5b10b7f1542aa2fa15e2289105a" [[package]] name = "vise" -version = "0.1.0" +version = "0.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "229baafe01d5177b63c6ee1def80d8e39a2365e64caf69ddb05a57594b15647c" +checksum = "90ade36f3548b1524396f4de7b36f4f210c8a01dfab568eb2bff466af64eb6e5" dependencies = [ "compile-fmt", + "ctor", "elsa", - "linkme", "once_cell", "prometheus-client", "vise-macros", ] -[[package]] -name = "vise-exporter" -version = "0.1.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "23981b18d697026f5430249ab01ba739ef2edc463e400042394331cb2bb63494" -dependencies = [ - "hyper 0.14.32", - "once_cell", - "tokio", - "tracing", - "vise", -] - [[package]] name = "vise-macros" -version = "0.1.0" +version = "0.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8bb19c33cd5f04dcf4e767635e058a998edbc2b7fca32ade0a4a1cea0f8e9b34" +checksum = "6a511871dc5de990a3b2a0e715facfbc5da848c0c0395597a1415029fb7c250a" dependencies = [ "proc-macro2", "quote", @@ -6699,7 +5598,7 @@ version = "0.52.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "33ab640c8d7e35bf8ba19b884ba838ceb4fba93a4e8c65a9059d08afcfc683d9" dependencies = [ - "windows-targets 0.52.6", + "windows-targets", ] [[package]] @@ -6710,7 +5609,7 @@ checksum = "e400001bb720a623c1c69032f8e3e4cf09984deec740f007dd2b03ec864804b0" dependencies = [ "windows-result", "windows-strings", - "windows-targets 0.52.6", + "windows-targets", ] [[package]] @@ -6719,7 +5618,7 @@ version = "0.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1d1043d8214f791817bab27572aaa8af63732e11bf84aa21a45a78d6c317ae0e" dependencies = [ - "windows-targets 0.52.6", + "windows-targets", ] [[package]] @@ -6729,16 +5628,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4cd9b125c486025df0eabcb585e62173c6c9eddcec5d117d3b6e8c30e2ee4d10" dependencies = [ "windows-result", - "windows-targets 0.52.6", -] - -[[package]] -name = "windows-sys" -version = "0.48.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "677d2418bec65e3338edb076e806bc1ec15693c5d0104683f2efe857f61056a9" -dependencies = [ - "windows-targets 0.48.5", + "windows-targets", ] [[package]] @@ -6747,7 +5637,7 @@ version = "0.52.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "282be5f36a8ce781fad8c8ae18fa3f9beff57ec1b52cb3de0789201425d9a33d" dependencies = [ - "windows-targets 0.52.6", + "windows-targets", ] [[package]] @@ -6756,22 +5646,7 @@ version = "0.59.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1e38bc4d79ed67fd075bcc251a1c39b32a1776bbe92e5bef1f0bf1f8c531853b" dependencies = [ - "windows-targets 0.52.6", -] - -[[package]] -name = "windows-targets" -version = "0.48.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9a2fa6e2155d7247be68c096456083145c183cbbbc2764150dda45a87197940c" -dependencies = [ - "windows_aarch64_gnullvm 0.48.5", - "windows_aarch64_msvc 0.48.5", - "windows_i686_gnu 0.48.5", - "windows_i686_msvc 0.48.5", - "windows_x86_64_gnu 0.48.5", - "windows_x86_64_gnullvm 0.48.5", - "windows_x86_64_msvc 0.48.5", + "windows-targets", ] [[package]] @@ -6780,46 +5655,28 @@ version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9b724f72796e036ab90c1021d4780d4d3d648aca59e491e6b98e725b84e99973" dependencies = [ - "windows_aarch64_gnullvm 0.52.6", - "windows_aarch64_msvc 0.52.6", - "windows_i686_gnu 0.52.6", + "windows_aarch64_gnullvm", + "windows_aarch64_msvc", + "windows_i686_gnu", "windows_i686_gnullvm", - "windows_i686_msvc 0.52.6", - "windows_x86_64_gnu 0.52.6", - "windows_x86_64_gnullvm 0.52.6", - "windows_x86_64_msvc 0.52.6", + "windows_i686_msvc", + "windows_x86_64_gnu", + "windows_x86_64_gnullvm", + "windows_x86_64_msvc", ] -[[package]] -name = "windows_aarch64_gnullvm" -version = "0.48.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2b38e32f0abccf9987a4e3079dfb67dcd799fb61361e53e2882c3cbaf0d905d8" - [[package]] name = "windows_aarch64_gnullvm" version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "32a4622180e7a0ec044bb555404c800bc9fd9ec262ec147edd5989ccd0c02cd3" -[[package]] -name = "windows_aarch64_msvc" -version = "0.48.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dc35310971f3b2dbbf3f0690a219f40e2d9afcf64f9ab7cc1be722937c26b4bc" - [[package]] name = "windows_aarch64_msvc" version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "09ec2a7bb152e2252b53fa7803150007879548bc709c039df7627cabbd05d469" -[[package]] -name = "windows_i686_gnu" -version = "0.48.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a75915e7def60c94dcef72200b9a8e58e5091744960da64ec734a6c6e9b3743e" - [[package]] name = "windows_i686_gnu" version = "0.52.6" @@ -6832,63 +5689,30 @@ version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0eee52d38c090b3caa76c563b86c3a4bd71ef1a819287c19d586d7334ae8ed66" -[[package]] -name = "windows_i686_msvc" -version = "0.48.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8f55c233f70c4b27f66c523580f78f1004e8b5a8b659e05a4eb49d4166cca406" - [[package]] name = "windows_i686_msvc" version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "240948bc05c5e7c6dabba28bf89d89ffce3e303022809e73deaefe4f6ec56c66" -[[package]] -name = "windows_x86_64_gnu" -version = "0.48.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "53d40abd2583d23e4718fddf1ebec84dbff8381c07cae67ff7768bbf19c6718e" - [[package]] name = "windows_x86_64_gnu" version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "147a5c80aabfbf0c7d901cb5895d1de30ef2907eb21fbbab29ca94c5b08b1a78" -[[package]] -name = "windows_x86_64_gnullvm" -version = "0.48.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0b7b52767868a23d5bab768e390dc5f5c55825b6d30b86c844ff2dc7414044cc" - [[package]] name = "windows_x86_64_gnullvm" version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "24d5b23dc417412679681396f2b49f3de8c1473deb516bd34410872eff51ed0d" -[[package]] -name = "windows_x86_64_msvc" -version = "0.48.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ed94fce61571a4006852b7389a063ab983c02eb1bb37b47f8272ce92d06d9538" - [[package]] name = "windows_x86_64_msvc" version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec" -[[package]] -name = "winnow" -version = "0.5.40" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f593a95398737aeed53e489c785df13f3618e41dbcd6718c6addbf1395aa6876" -dependencies = [ - "memchr", -] - [[package]] name = "winnow" version = "0.7.3" @@ -6898,16 +5722,6 @@ dependencies = [ "memchr", ] -[[package]] -name = "winreg" -version = "0.50.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "524e57b2c537c0f9b1e69f1965311ec12182b4122e45035b1508cd24d2adadb1" -dependencies = [ - "cfg-if", - "windows-sys 0.48.0", -] - [[package]] name = "wit-bindgen-rt" version = "0.33.0" @@ -6957,10 +5771,10 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1301e935010a701ae5f8655edc0ad17c44bad3ac5ce8c39185f75453b720ae94" dependencies = [ "const-oid", - "der 0.7.9", + "der", "sha1", - "signature 2.2.0", - "spki 0.7.3", + "signature", + "spki", "tls_codec", ] @@ -7084,64 +5898,23 @@ dependencies = [ "syn 2.0.98", ] -[[package]] -name = "zk_evm" -version = "0.133.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9af08e9284686a1b0c89ec4931eb915ac0729367f1247abd06164874fe738106" -dependencies = [ - "anyhow", - "lazy_static", - "num", - "serde", - "serde_json", - "static_assertions", - "zk_evm_abstractions", - "zkevm_opcode_defs", -] - -[[package]] -name = "zk_evm_abstractions" -version = "0.140.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "be696258861eba4e6625a5665084b2266720bb67f4ba69819469700ac5c6a401" -dependencies = [ - "anyhow", - "num_enum 0.6.1", - "serde", - "static_assertions", - "zkevm_opcode_defs", -] - -[[package]] -name = "zkevm_opcode_defs" -version = "0.132.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e0769f7b27d8fb06e715da3290c575cac5d04d10a557faef180e847afce50ac4" -dependencies = [ - "bitflags 2.8.0", - "blake2", - "ethereum-types", - "k256 0.11.6", - "lazy_static", - "sha2_ce", - "sha3_ce", -] - [[package]] name = "zksync_basic_types" -version = "0.1.0" +version = "27.0.0-non-semver-compat" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5d4e4a41a89d72763b860245ea3a323ac0f6b7b9289a07b481f47168f2973171" +checksum = "2d7c1c35e9886151899e0636967b60f65b3bccd18f1e3ba71a98859e9d53bfab" dependencies = [ "anyhow", "chrono", + "const-decoder", "ethabi", "hex", - "num_enum 0.7.3", + "num_enum", + "secrecy", "serde", "serde_json", "serde_with 1.14.0", + "sha2", "strum", "thiserror 1.0.69", "tiny-keccak", @@ -7150,9 +5923,9 @@ dependencies = [ [[package]] name = "zksync_concurrency" -version = "0.1.0-rc.2" +version = "0.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1af85d9a31c534a29877c88474cf5f1c46ad25f7c48efff61ea40f4aa83c5459" +checksum = "cec98400a9e8ba02bfd029eacfe7d6fb7b85b8ef00de59d6bb119d29cc9f7442" dependencies = [ "anyhow", "once_cell", @@ -7169,15 +5942,14 @@ dependencies = [ [[package]] name = "zksync_config" -version = "0.1.0" +version = "27.0.0-non-semver-compat" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "663261a7c6064c6d52eafa254057b0d96493280ef28f5fb14efe90faa73aff25" +checksum = "91cf4af6d7e83c9ed0422a36c603b8bf84079ab510d295fda74f95ce49f62388" dependencies = [ "anyhow", "rand", "secrecy", "serde", - "url", "zksync_basic_types", "zksync_concurrency", "zksync_consensus_utils", @@ -7186,9 +5958,9 @@ dependencies = [ [[package]] name = "zksync_consensus_utils" -version = "0.1.0-rc.2" +version = "0.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "587de103f745d0b88b49a9fb98cb002c4b7ce6ad042e17845091dce67b8aa984" +checksum = "f2f9fa69ef68e6a1955a1d7b33077103fb6d106b560fec0d599c6de268f5be03" dependencies = [ "anyhow", "rand", @@ -7198,24 +5970,24 @@ dependencies = [ [[package]] name = "zksync_contracts" -version = "0.1.0" +version = "27.0.0-non-semver-compat" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "facdc0d63d452d1a7992e0dae773d6f73e4c2a5fda29c2b5119b8ee2be71d98a" +checksum = "48199dbf89c06eb242ba1c5f1d8d66dbefb1a8b6c41f08201b084cd56b08ceb5" dependencies = [ "envy", - "ethabi", "hex", "once_cell", "serde", "serde_json", + "zksync_basic_types", "zksync_utils", ] [[package]] name = "zksync_crypto_primitives" -version = "0.1.0" +version = "27.0.0-non-semver-compat" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "61cf6a098fa3e479285f8bad8d4f9ef4852bbd13e2d5f7c8e652ce6c50899453" +checksum = "cd63cde705950e4dd9d1f5b3a532d2d8304e7af27efd197bd67c15f4d0954ab7" dependencies = [ "anyhow", "blake2", @@ -7227,155 +5999,85 @@ dependencies = [ "sha2", "thiserror 1.0.69", "zksync_basic_types", - "zksync_utils", +] + +[[package]] +name = "zksync_da_client" +version = "27.0.0-non-semver-compat" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ee8889a7e5d7f003424cd476b28f4a8e8632aee6371209a84dc301df1f646405" +dependencies = [ + "anyhow", + "async-trait", + "serde", ] [[package]] name = "zksync_mini_merkle_tree" -version = "0.1.0" +version = "27.0.0-non-semver-compat" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e1b34e4e287bc40bf7f6c3ef9bb075401755614b27c64bdf67ac243658ee607b" +checksum = "0816cec4ccc46ca86e9f31507e3112e6036a99aa29e38b4f13d2fe70da14efc4" dependencies = [ "once_cell", "zksync_basic_types", "zksync_crypto_primitives", ] -[[package]] -name = "zksync_protobuf" -version = "0.1.0-rc.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d86baa84d8bbbbeea269c0f99aca88364e4fd2a08e6ae7051ff87317132b4ef9" -dependencies = [ - "anyhow", - "bit-vec", - "once_cell", - "prost 0.12.6", - "prost-reflect", - "quick-protobuf", - "rand", - "serde", - "serde_json", - "serde_yaml", - "zksync_concurrency", - "zksync_consensus_utils", - "zksync_protobuf_build", -] - -[[package]] -name = "zksync_protobuf_build" -version = "0.1.0-rc.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f221ce83f4622c3d8732d09f4461d116d7b10f1cc9d1d1cd014c1fa836c168e6" -dependencies = [ - "anyhow", - "heck 0.5.0", - "prettyplease", - "proc-macro2", - "prost-build", - "prost-reflect", - "protox", - "quote", - "syn 2.0.98", -] - [[package]] name = "zksync_system_constants" -version = "0.1.0" +version = "27.0.0-non-semver-compat" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f82b9f2537f81bddfb67af6e6ae3f1df216e552e89170edd0ed8aa0e0e58fb9d" +checksum = "b5f8e8c2887e282651cc354affe217b749b0c3a31200bdf8c597a9a467056255" dependencies = [ "once_cell", "zksync_basic_types", - "zksync_utils", ] [[package]] name = "zksync_types" -version = "0.1.0" +version = "27.0.0-non-semver-compat" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "463b6b22f788347b746b276b1f4420173e5570d533d5fd10a5d1e9ca1d01c1f3" +checksum = "edf281daa468c05be17029d42693b6e1f0ad946f44ff44bc448d377f18d45b15" dependencies = [ "anyhow", - "bigdecimal", + "async-trait", "blake2", "chrono", - "derive_more 1.0.0-beta.6", + "derive_more 1.0.0", "hex", - "itertools 0.10.5", - "num", - "num_enum 0.7.3", + "num_enum", "once_cell", - "prost 0.12.6", "rlp", - "secp256k1 0.27.0", "serde", "serde_json", - "strum", + "serde_with 1.14.0", "thiserror 1.0.69", "tracing", "zksync_basic_types", - "zksync_config", "zksync_contracts", "zksync_crypto_primitives", + "zksync_da_client", "zksync_mini_merkle_tree", - "zksync_protobuf", - "zksync_protobuf_build", "zksync_system_constants", - "zksync_utils", ] [[package]] name = "zksync_utils" -version = "0.1.0" +version = "27.0.0-non-semver-compat" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2046c95fbcca2789cdfd133a4111197739b45504d887f9ff17e4e8706bcaabaf" +checksum = "858ae870fc2b2b6af07de7cbb3e9b09418774d42d25d380dd0bfc01009767258" dependencies = [ "anyhow", - "bigdecimal", - "futures", - "hex", - "itertools 0.10.5", - "num", "once_cell", - "reqwest 0.12.12", - "serde", - "serde_json", - "thiserror 1.0.69", - "tokio", - "tracing", - "zk_evm", - "zksync_basic_types", - "zksync_vlog", -] - -[[package]] -name = "zksync_vlog" -version = "0.1.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ff02e5df2e986592b916077f210b28a35e63d947936f99431041ad79289306e8" -dependencies = [ - "anyhow", - "chrono", - "opentelemetry 0.20.0", - "opentelemetry-otlp 0.13.0", - "opentelemetry-semantic-conventions 0.12.0", - "sentry", - "serde", "serde_json", "tokio", - "tracing", - "tracing-opentelemetry", - "tracing-subscriber", - "vise", - "vise-exporter", ] [[package]] name = "zksync_web3_decl" -version = "0.1.0" +version = "27.0.0-non-semver-compat" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f4a6342270ad3220b287b01675875c450c365e4a4495c84a2f2376e7f18f973f" +checksum = "b938259cc07b01c56a54d6ec24939cda621c39f0a4d7c294daa883e95445d0aa" dependencies = [ "anyhow", "async-trait", diff --git a/Cargo.toml b/Cargo.toml index 717d8b0..508f166 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -32,7 +32,6 @@ gpt = "4.0.0" hex = { version = "0.4.3", features = ["std"], default-features = false } intel-tee-quote-verification-rs = { package = "teepot-tee-quote-verification-rs", path = "crates/teepot-tee-quote-verification-rs", version = "0.3.0" } intel-tee-quote-verification-sys = { version = "0.2.1" } -jsonrpsee-types = { version = "0.24", default-features = false } num-integer = "0.1.46" num-traits = "0.2.18" opentelemetry = { version = "0.28.0", features = ["default", "logs"] } diff --git a/bin/verify-era-proof-attestation/Cargo.toml b/bin/verify-era-proof-attestation/Cargo.toml index a818dbd..533a3dc 100644 --- a/bin/verify-era-proof-attestation/Cargo.toml +++ b/bin/verify-era-proof-attestation/Cargo.toml @@ -8,19 +8,23 @@ repository.workspace = true version.workspace = true [dependencies] -anyhow.workspace = true +bytes.workspace = true clap.workspace = true +enumset.workspace = true hex.workspace = true -jsonrpsee-types.workspace = true +jsonrpsee-types = "0.24" reqwest.workspace = true secp256k1.workspace = true serde.workspace = true +serde_json.workspace = true serde_with = { workspace = true, features = ["hex"] } +serde_yaml = "0.9.33" teepot.workspace = true +thiserror.workspace = true tokio.workspace = true tracing.workspace = true tracing-subscriber.workspace = true url.workspace = true -zksync_basic_types = "=0.1.0" -zksync_types = "=0.1.0" -zksync_web3_decl = "=0.1.0" +zksync_basic_types = "27.0.0-non-semver-compat" +zksync_types = "27.0.0-non-semver-compat" +zksync_web3_decl = "27.0.0-non-semver-compat" diff --git a/bin/verify-era-proof-attestation/README.md b/bin/verify-era-proof-attestation/README.md new file mode 100644 index 0000000..00e6728 --- /dev/null +++ b/bin/verify-era-proof-attestation/README.md @@ -0,0 +1,76 @@ +# Era Proof Attestation Verifier + +This tool verifies the SGX/TDX attestations and signatures for zkSync Era L1 batches. + +## Usage + +Basic usage with attestation policy provided from a YAML file: + +```bash +verify-era-proof-attestation --rpc https://mainnet.era.zksync.io \ + --continuous 493220 \ + --attestation-policy-file examples/attestation_policy.yaml \ + --log-level info +``` + +## Attestation Policy Configuration + +You can specify the attestation policy either through command-line arguments or by providing a YAML configuration file. + +### Command-line Arguments + +The following command-line arguments are available: + +- `--batch`, `-n `: The batch number or range of batch numbers to verify the attestation and signature (e.g., " + 42" or "42-45"). Mutually exclusive with `--continuous`. +- `--continuous `: Continuous mode: keep verifying new batches starting from the specified batch number + until interrupted. Mutually exclusive with `--batch`. +- `--rpc `: URL of the RPC server to query for the batch attestation and signature. +- `--chain `: Chain ID of the network to query (default: L2ChainId::default()). +- `--rate-limit `: Rate limit between requests in milliseconds (default: 0). +- `--log-level `: Log level for the log output. Valid values are: `off`, `error`, `warn`, `info`, `debug`, + `trace` (default: `warn`). +- `--attestation-policy-file `: Path to a YAML file containing attestation policy configuration. This overrides + any attestation policy settings provided via command line options. + +Either `--batch` or `--continuous` mode must be specified. + +### YAML Configuration File + +The attestation policy is loaded from a YAML file using the `--attestation-policy-file` option. + +Example YAML configuration file: + +```yaml +sgx: + mrenclaves: + - a2caa7055e333f69c3e46ca7ba65b135a86c90adfde2afb356e05075b7818b3c + - 36eeb64cc816f80a1cf5818b26710f360714b987d3799e757cbefba7697b9589 + - 4a8b79e5123f4dbf23453d583cb8e5dcf4d19a6191a0be6dd85b7b3052c32faf + - 1498845b3f23667356cc49c38cae7b4ac234621a5b85fdd5c52b5f5d12703ec9 + - 1b2374631bb2572a0e05b3be8b5cdd23c42e9d7551e1ef200351cae67c515a65 + - 6fb19e47d72a381a9f3235c450f8c40f01428ce19a941f689389be3eac24f42a + - b610fd1d749775cc3de88beb84afe8bb79f55a19100db12d76f6a62ac576e35d + - a0b1b069b01bdcf3c1517ef8d4543794a27ed4103e464be7c4afdc6136b42d66 + - 71e2a11a74b705082a7286b2008f812f340c0e4de19f8b151baa347eda32d057 + - d5a0bf8932d9a3d7af6d9405d4c6de7dcb7b720bb5510666b4396fc58ee58bb2 + allowed_tcb_levels: + - Ok + - SwHardeningNeeded + allowed_advisory_ids: + - INTEL-SA-00615 +tdx: + mrs: + - - 2a90c8fa38672cafd791d994beb6836b99383b2563736858632284f0f760a6446efd1e7ec457cf08b629ea630f7b4525 + - 3300980705adf09d28b707b79699d9874892164280832be2c386a715b6e204e0897fb564a064f810659207ba862b304f + - c08ab64725566bcc8a6fb1c79e2e64744fcff1594b8f1f02d716fb66592ecd5de94933b2bc54ffbbc43a52aab7eb1146 + - 092a4866a9e6a1672d7439a5d106fbc6eb57b738d5bfea5276d41afa2551824365fdd66700c1ce9c0b20542b9f9d5945 + - 971fb52f90ec98a234301ca9b8fc30b613c33e3dd9c0cc42dcb8003d4a95d8fb218b75baf028b70a3cabcb947e1ca453 + - - 2a90c8fa38672cafd791d994beb6836b99383b2563736858632284f0f760a6446efd1e7ec457cf08b629ea630f7b4525 + - 3300980705adf09d28b707b79699d9874892164280832be2c386a715b6e204e0897fb564a064f810659207ba862b304f + - c08ab64725566bcc8a6fb1c79e2e64744fcff1594b8f1f02d716fb66592ecd5de94933b2bc54ffbbc43a52aab7eb1146 + - 092a4866a9e6a1672d7439a5d106fbc6eb57b738d5bfea5276d41afa2551824365fdd66700c1ce9c0b20542b9f9d5945 + - f57bb7ed82c6ae4a29e6c9879338c592c7d42a39135583e8ccbe3940f2344b0eb6eb8503db0ffd6a39ddd00cd07d8317 + allowed_tcb_levels: + - Ok +``` diff --git a/bin/verify-era-proof-attestation/examples/attestation_policy.yaml b/bin/verify-era-proof-attestation/examples/attestation_policy.yaml new file mode 100644 index 0000000..cfb6a34 --- /dev/null +++ b/bin/verify-era-proof-attestation/examples/attestation_policy.yaml @@ -0,0 +1,31 @@ +sgx: + mrenclaves: + - a2caa7055e333f69c3e46ca7ba65b135a86c90adfde2afb356e05075b7818b3c + - 36eeb64cc816f80a1cf5818b26710f360714b987d3799e757cbefba7697b9589 + - 4a8b79e5123f4dbf23453d583cb8e5dcf4d19a6191a0be6dd85b7b3052c32faf + - 1498845b3f23667356cc49c38cae7b4ac234621a5b85fdd5c52b5f5d12703ec9 + - 1b2374631bb2572a0e05b3be8b5cdd23c42e9d7551e1ef200351cae67c515a65 + - 6fb19e47d72a381a9f3235c450f8c40f01428ce19a941f689389be3eac24f42a + - b610fd1d749775cc3de88beb84afe8bb79f55a19100db12d76f6a62ac576e35d + - a0b1b069b01bdcf3c1517ef8d4543794a27ed4103e464be7c4afdc6136b42d66 + - 71e2a11a74b705082a7286b2008f812f340c0e4de19f8b151baa347eda32d057 + - d5a0bf8932d9a3d7af6d9405d4c6de7dcb7b720bb5510666b4396fc58ee58bb2 + allowed_tcb_levels: + - Ok + - SwHardeningNeeded + allowed_advisory_ids: + - INTEL-SA-00615 +tdx: + mrs: + - - 2a90c8fa38672cafd791d994beb6836b99383b2563736858632284f0f760a6446efd1e7ec457cf08b629ea630f7b4525 + - 3300980705adf09d28b707b79699d9874892164280832be2c386a715b6e204e0897fb564a064f810659207ba862b304f + - c08ab64725566bcc8a6fb1c79e2e64744fcff1594b8f1f02d716fb66592ecd5de94933b2bc54ffbbc43a52aab7eb1146 + - 092a4866a9e6a1672d7439a5d106fbc6eb57b738d5bfea5276d41afa2551824365fdd66700c1ce9c0b20542b9f9d5945 + - 971fb52f90ec98a234301ca9b8fc30b613c33e3dd9c0cc42dcb8003d4a95d8fb218b75baf028b70a3cabcb947e1ca453 + - - 2a90c8fa38672cafd791d994beb6836b99383b2563736858632284f0f760a6446efd1e7ec457cf08b629ea630f7b4525 + - 3300980705adf09d28b707b79699d9874892164280832be2c386a715b6e204e0897fb564a064f810659207ba862b304f + - c08ab64725566bcc8a6fb1c79e2e64744fcff1594b8f1f02d716fb66592ecd5de94933b2bc54ffbbc43a52aab7eb1146 + - 092a4866a9e6a1672d7439a5d106fbc6eb57b738d5bfea5276d41afa2551824365fdd66700c1ce9c0b20542b9f9d5945 + - f57bb7ed82c6ae4a29e6c9879338c592c7d42a39135583e8ccbe3940f2344b0eb6eb8503db0ffd6a39ddd00cd07d8317 + allowed_tcb_levels: + - Ok diff --git a/bin/verify-era-proof-attestation/src/args.rs b/bin/verify-era-proof-attestation/src/args.rs deleted file mode 100644 index cea2a1c..0000000 --- a/bin/verify-era-proof-attestation/src/args.rs +++ /dev/null @@ -1,95 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 -// Copyright (c) 2023-2024 Matter Labs - -use anyhow::{anyhow, Result}; -use clap::{ArgGroup, Args, Parser}; -use std::time::Duration; -use teepot::log::LogLevelParser; -use teepot::sgx::{parse_tcb_levels, EnumSet, TcbLevel}; -use tracing_subscriber::filter::LevelFilter; -use url::Url; -use zksync_basic_types::L1BatchNumber; -use zksync_types::L2ChainId; - -#[derive(Parser, Debug, Clone)] -#[command(author = "Matter Labs", version, about = "SGX attestation and batch signature verifier", long_about = None)] -#[clap(group( - ArgGroup::new("mode") - .required(true) - .args(&["batch_range", "continuous"]), -))] -pub struct Arguments { - /// Log level for the log output. - /// Valid values are: `off`, `error`, `warn`, `info`, `debug`, `trace` - #[clap(long, default_value_t = LevelFilter::WARN, value_parser = LogLevelParser)] - pub log_level: LevelFilter, - /// The batch number or range of batch numbers to verify the attestation and signature (e.g., - /// "42" or "42-45"). This option is mutually exclusive with the `--continuous` mode. - #[clap(short = 'n', long = "batch", value_parser = parse_batch_range)] - pub batch_range: Option<(L1BatchNumber, L1BatchNumber)>, - /// Continuous mode: keep verifying new batches until interrupted. This option is mutually - /// exclusive with the `--batch` option. - #[clap(long, value_name = "FIRST_BATCH")] - pub continuous: Option, - /// URL of the RPC server to query for the batch attestation and signature. - #[clap(long = "rpc")] - pub rpc_url: Url, - /// Chain ID of the network to query. - #[clap(long = "chain", default_value_t = L2ChainId::default().as_u64())] - pub chain_id: u64, - /// Rate limit between requests in milliseconds. - #[clap(long, default_value = "0", value_parser = parse_duration)] - pub rate_limit: Duration, - /// Criteria for valid attestation policy. Invalid proofs will be rejected. - #[clap(flatten)] - pub attestation_policy: AttestationPolicyArgs, -} - -/// Attestation policy implemented as a set of criteria that must be met by SGX attestation. -#[derive(Args, Debug, Clone)] -pub struct AttestationPolicyArgs { - /// Comma-separated list of allowed hex-encoded SGX mrsigners. Batch attestation must consist of - /// one of these mrsigners. If the list is empty, the mrsigner check is skipped. - #[arg(long = "mrsigners")] - pub sgx_mrsigners: Option, - /// Comma-separated list of allowed hex-encoded SGX mrenclaves. Batch attestation must consist - /// of one of these mrenclaves. If the list is empty, the mrenclave check is skipped. - #[arg(long = "mrenclaves")] - pub sgx_mrenclaves: Option, - /// Comma-separated list of allowed TCB levels. If the list is empty, the TCB level check is - /// skipped. Allowed values: Ok, ConfigNeeded, ConfigAndSwHardeningNeeded, SwHardeningNeeded, - /// OutOfDate, OutOfDateConfigNeeded. - #[arg(long, value_parser = parse_tcb_levels, default_value = "Ok")] - pub sgx_allowed_tcb_levels: EnumSet, -} - -fn parse_batch_range(s: &str) -> Result<(L1BatchNumber, L1BatchNumber)> { - let parse = |s: &str| { - s.parse::() - .map(L1BatchNumber::from) - .map_err(|e| anyhow!(e)) - }; - match s.split_once('-') { - Some((start, end)) => { - let (start, end) = (parse(start)?, parse(end)?); - if start > end { - Err(anyhow!( - "Start batch number ({}) must be less than or equal to end batch number ({})", - start, - end - )) - } else { - Ok((start, end)) - } - } - None => { - let batch_number = parse(s)?; - Ok((batch_number, batch_number)) - } - } -} - -fn parse_duration(s: &str) -> Result { - let millis = s.parse()?; - Ok(Duration::from_millis(millis)) -} diff --git a/bin/verify-era-proof-attestation/src/client.rs b/bin/verify-era-proof-attestation/src/client.rs deleted file mode 100644 index 6746e38..0000000 --- a/bin/verify-era-proof-attestation/src/client.rs +++ /dev/null @@ -1,45 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 -// Copyright (c) 2023-2024 Matter Labs - -use anyhow::{anyhow, Context, Result}; -use url::Url; -use zksync_basic_types::{L1BatchNumber, H256}; -use zksync_types::L2ChainId; -use zksync_web3_decl::{ - client::{Client as NodeClient, L2}, - error::ClientRpcContext, - namespaces::ZksNamespaceClient, -}; - -pub trait JsonRpcClient { - async fn get_root_hash(&self, batch_number: L1BatchNumber) -> Result; - // TODO implement get_tee_proofs(batch_number, tee_type) once https://crates.io/crates/zksync_web3_decl crate is updated -} - -pub struct MainNodeClient(NodeClient); - -impl MainNodeClient { - pub fn new(rpc_url: Url, chain_id: u64) -> Result { - let node_client = NodeClient::http(rpc_url.into()) - .context("failed creating JSON-RPC client for main node")? - .for_network( - L2ChainId::try_from(chain_id) - .map_err(anyhow::Error::msg)? - .into(), - ) - .build(); - - Ok(MainNodeClient(node_client)) - } -} - -impl JsonRpcClient for MainNodeClient { - async fn get_root_hash(&self, batch_number: L1BatchNumber) -> Result { - self.0 - .get_l1_batch_details(batch_number) - .rpc_context("get_l1_batch_details") - .await? - .and_then(|res| res.base.root_hash) - .ok_or_else(|| anyhow!("No root hash found for batch #{}", batch_number)) - } -} diff --git a/bin/verify-era-proof-attestation/src/client/http.rs b/bin/verify-era-proof-attestation/src/client/http.rs new file mode 100644 index 0000000..c23b9c7 --- /dev/null +++ b/bin/verify-era-proof-attestation/src/client/http.rs @@ -0,0 +1,66 @@ +// SPDX-License-Identifier: Apache-2.0 +// Copyright (c) 2023-2025 Matter Labs + +//! HTTP client for making requests to external services + +use reqwest::Client; +use serde::{de::DeserializeOwned, Serialize}; +use std::time::Duration; +use url::Url; + +use crate::{ + core::DEFAULT_HTTP_REQUEST_TIMEOUT, + error::{Error, Result}, +}; + +/// Client for making HTTP requests +#[derive(Clone)] +pub struct HttpClient { + client: Client, +} + +impl HttpClient { + /// Create a new HTTP client with default configuration + pub fn new() -> Self { + let client = Client::builder() + .timeout(Duration::from_secs(DEFAULT_HTTP_REQUEST_TIMEOUT)) + .build() + .expect("Failed to create HTTP client"); + + Self { client } + } + + /// Make a POST request to the specified URL with the provided body + pub async fn post(&self, url: &Url, body: T) -> Result { + let response = self.client.post(url.clone()).json(&body).send().await?; + self.handle_response(response).await + } + + /// Send a JSON request and parse the response + pub async fn send_json( + &self, + url: &Url, + body: T, + ) -> Result { + let response_text = self.post(url, body).await?; + let response: R = serde_json::from_str(&response_text) + .map_err(|e| Error::JsonRpcInvalidResponse(e.to_string()))?; + + Ok(response) + } + + /// Handle the HTTP response + async fn handle_response(&self, response: reqwest::Response) -> Result { + let status = response.status(); + let body = response.text().await?; + + if status.is_success() { + Ok(body) + } else { + Err(Error::Http { + status_code: status.as_u16(), + message: body, + }) + } + } +} diff --git a/bin/verify-era-proof-attestation/src/client/json_rpc.rs b/bin/verify-era-proof-attestation/src/client/json_rpc.rs new file mode 100644 index 0000000..a9417ff --- /dev/null +++ b/bin/verify-era-proof-attestation/src/client/json_rpc.rs @@ -0,0 +1,58 @@ +// SPDX-License-Identifier: Apache-2.0 +// Copyright (c) 2023-2025 Matter Labs + +use url::Url; +use zksync_basic_types::{L1BatchNumber, H256}; +use zksync_types::L2ChainId; +use zksync_web3_decl::{ + client::{Client as NodeClient, L2}, + error::ClientRpcContext, + namespaces::ZksNamespaceClient, +}; + +use crate::error; + +/// Trait for interacting with the JSON-RPC API +pub trait JsonRpcClient { + /// Get the root hash for a specific batch + async fn get_root_hash(&self, batch_number: L1BatchNumber) -> error::Result; + // TODO implement get_tee_proofs(batch_number, tee_type) once https://crates.io/crates/zksync_web3_decl crate is updated +} + +/// Client for interacting with the main node +pub struct MainNodeClient(NodeClient); + +impl MainNodeClient { + /// Create a new client for the main node + pub fn new(rpc_url: Url, chain_id: u64) -> error::Result { + let chain_id = L2ChainId::try_from(chain_id) + .map_err(|e| error::Error::Internal(format!("Invalid chain ID: {}", e)))?; + + let node_client = NodeClient::http(rpc_url.into()) + .map_err(|e| { + error::Error::Internal(format!("Failed to create JSON-RPC client: {}", e)) + })? + .for_network(chain_id.into()) + .build(); + + Ok(MainNodeClient(node_client)) + } +} + +impl JsonRpcClient for MainNodeClient { + async fn get_root_hash(&self, batch_number: L1BatchNumber) -> error::Result { + let batch_details = self + .0 + .get_l1_batch_details(batch_number) + .rpc_context("get_l1_batch_details") + .await + .map_err(|e| error::Error::JsonRpc(format!("Failed to get batch details: {}", e)))? + .ok_or_else(|| { + error::Error::JsonRpc(format!("No details found for batch #{}", batch_number)) + })?; + + batch_details.base.root_hash.ok_or_else(|| { + error::Error::JsonRpc(format!("No root hash found for batch #{}", batch_number)) + }) + } +} diff --git a/bin/verify-era-proof-attestation/src/client/mod.rs b/bin/verify-era-proof-attestation/src/client/mod.rs new file mode 100644 index 0000000..3c070e6 --- /dev/null +++ b/bin/verify-era-proof-attestation/src/client/mod.rs @@ -0,0 +1,12 @@ +// SPDX-License-Identifier: Apache-2.0 +// Copyright (c) 2023-2025 Matter Labs + +//! Client modules for external API communication + +mod http; +mod json_rpc; +mod retry; + +pub use http::HttpClient; +pub use json_rpc::{JsonRpcClient, MainNodeClient}; +pub use retry::{RetryConfig, RetryHelper}; diff --git a/bin/verify-era-proof-attestation/src/client/retry.rs b/bin/verify-era-proof-attestation/src/client/retry.rs new file mode 100644 index 0000000..12c7855 --- /dev/null +++ b/bin/verify-era-proof-attestation/src/client/retry.rs @@ -0,0 +1,107 @@ +// SPDX-License-Identifier: Apache-2.0 +// Copyright (c) 2023-2025 Matter Labs + +//! Retry mechanism for handling transient failures + +use std::time::Duration; +use tokio::time::sleep; + +use crate::{ + core::{DEFAULT_RETRY_DELAY_MS, MAX_PROOF_FETCH_RETRIES}, + error::{Error, Result}, +}; + +/// Configuration for retry behavior +#[derive(Debug, Clone)] +pub struct RetryConfig { + /// Maximum number of retry attempts + pub max_attempts: u32, + /// Delay between retry attempts + pub delay: Duration, + /// Whether to use exponential backoff + pub use_exponential_backoff: bool, +} + +impl Default for RetryConfig { + fn default() -> Self { + Self { + max_attempts: MAX_PROOF_FETCH_RETRIES, + delay: Duration::from_millis(DEFAULT_RETRY_DELAY_MS), + use_exponential_backoff: true, + } + } +} + +/// Helper for executing operations with retries +pub struct RetryHelper { + config: RetryConfig, +} + +impl RetryHelper { + /// Create a new retry helper with the given configuration + pub fn new(config: RetryConfig) -> Self { + Self { config } + } + + /// Execute an operation with retries + pub async fn execute(&self, operation_name: &str, operation: F) -> Result + where + F: Fn() -> Fut, + Fut: std::future::Future>, + { + let mut attempt = 0; + let mut last_error; + + loop { + attempt += 1; + tracing::debug!( + "Executing operation '{}' (attempt {}/{})", + operation_name, + attempt, + self.config.max_attempts + ); + + match operation().await { + Ok(result) => { + tracing::debug!( + "Operation '{}' succeeded on attempt {}", + operation_name, + attempt + ); + return Ok(result); + } + Err(Error::Interrupted) => return Err(Error::Interrupted), + Err(e) => { + last_error = e; + + if attempt >= self.config.max_attempts { + tracing::warn!( + "Operation '{}' failed after {} attempts. Giving up.", + operation_name, + attempt + ); + break; + } + + let delay = if self.config.use_exponential_backoff { + self.config.delay.mul_f32(2.0_f32.powi(attempt as i32 - 1)) + } else { + self.config.delay + }; + + tracing::warn!( + "Operation '{}' failed on attempt {}: {}. Retrying in {:?}...", + operation_name, + attempt, + last_error, + delay + ); + + sleep(delay).await; + } + } + } + + Err(last_error) + } +} diff --git a/bin/verify-era-proof-attestation/src/core/config.rs b/bin/verify-era-proof-attestation/src/core/config.rs new file mode 100644 index 0000000..8132ddc --- /dev/null +++ b/bin/verify-era-proof-attestation/src/core/config.rs @@ -0,0 +1,455 @@ +// SPDX-License-Identifier: Apache-2.0 +// Copyright (c) 2023-2025 Matter Labs + +//! Configuration settings for the verification process + +use crate::{ + core::{SGX_HASH_SIZE, TDX_HASH_SIZE}, + error, +}; +use bytes::{Bytes, BytesMut}; +use clap::{ArgGroup, Parser}; +use enumset::EnumSet; +use serde::{Deserialize, Serialize}; +use std::{collections::HashSet, fs, ops::Deref, path::PathBuf, str::FromStr, time::Duration}; +use teepot::{log::LogLevelParser, quote::tcblevel::TcbLevel}; +use tracing_subscriber::filter::LevelFilter; +use url::Url; +use zksync_basic_types::{tee_types::TeeType, L1BatchNumber}; +use zksync_types::L2ChainId; + +/// Primary configuration for the verification process +#[derive(Parser, Debug, Clone)] +#[command(author = "Matter Labs", version, about = "SGX attestation and batch signature verifier", long_about = None +)] +#[clap(group( + ArgGroup::new("mode") + .required(true) + .args(&["batch_range", "continuous"]), +))] +pub struct VerifierConfigArgs { + /// Log level for the log output. + /// Valid values are: `off`, `error`, `warn`, `info`, `debug`, `trace` + #[clap(long, default_value_t = LevelFilter::WARN, value_parser = LogLevelParser)] + pub log_level: LevelFilter, + + /// The batch number or range of batch numbers to verify the attestation and signature (e.g., + /// "42" or "42-45"). This option is mutually exclusive with the `--continuous` mode. + #[clap(short = 'n', long = "batch", value_parser = parse_batch_range)] + pub batch_range: Option<(L1BatchNumber, L1BatchNumber)>, + + /// Continuous mode: keep verifying new batches until interrupted. This option is mutually + /// exclusive with the `--batch` option. + #[clap(long, value_name = "FIRST_BATCH")] + pub continuous: Option, + + /// URL of the RPC server to query for the batch attestation and signature. + #[clap(long = "rpc")] + pub rpc_url: Url, + + /// Chain ID of the network to query. + #[clap(long = "chain", default_value_t = L2ChainId::default().as_u64())] + pub chain_id: u64, + + /// Rate limit between requests in milliseconds. + #[clap(long, default_value = "0", value_parser = parse_duration)] + pub rate_limit: Duration, + + /// Path to a YAML file containing attestation policy configuration. + /// This overrides any attestation policy settings provided via command line options. + #[clap(long = "attestation-policy-file")] + pub attestation_policy_file: Option, + + /// Comma separated list of Tee types to process + #[clap(long)] + pub tee_types: TeeTypes, +} + +/// Attestation policy implemented as a set of criteria that must be met by SGX attestation. +#[derive(Default, Debug, Clone, Serialize, Deserialize)] +pub struct SgxAttestationPolicyConfig { + /// List of allowed hex-encoded SGX mrsigners. Batch attestation must consist of + /// one of these mrsigners. If the list is empty, the mrsigner check is skipped. + #[serde(default)] + pub mrsigners: Option>, + + /// List of allowed hex-encoded SGX mrenclaves. Batch attestation must consist + /// of one of these mrenclaves. If the list is empty, the mrenclave check is skipped. + #[serde(default)] + pub mrenclaves: Option>, + + /// List of allowed SGX TCB levels. If the list is empty, the TCB level check is + /// skipped. Allowed values: Ok, ConfigNeeded, ConfigAndSwHardeningNeeded, SwHardeningNeeded, + /// OutOfDate, OutOfDateConfigNeeded. + #[serde(default = "default_tcb_levels")] + pub allowed_tcb_levels: EnumSet, + + /// List of allowed SGX Advisories. If the list is empty, theAdvisories check is skipped. + #[serde(default)] + pub allowed_advisory_ids: Option>, +} + +/// Attestation policy implemented as a set of criteria that must be met by TDX attestation. +#[derive(Default, Debug, Clone, Serialize, Deserialize)] +pub struct TdxAttestationPolicyConfig { + /// List of allowed hex-encoded TDX mrs. Batch attestation must consist + /// of one of these mrs. If the list is empty, the mrs check is skipped. + #[serde(default)] + pub mrs: Option>, + + /// List of allowed SGX TCB levels. If the list is empty, the TCB level check is + /// skipped. Allowed values: Ok, ConfigNeeded, ConfigAndSwHardeningNeeded, SwHardeningNeeded, + /// OutOfDate, OutOfDateConfigNeeded. + #[serde(default = "default_tcb_levels")] + pub allowed_tcb_levels: EnumSet, + + /// List of allowed TDX Advisories. If the list is empty, theAdvisories check is skipped. + #[serde(default)] + pub allowed_advisory_ids: Option>, +} + +/// Attestation policy implemented as a set of criteria that must be met by SGX or TDX attestation. +#[derive(Default, Debug, Clone, Serialize, Deserialize)] +pub struct AttestationPolicyConfig { + /// SGX attestation policy + pub sgx: SgxAttestationPolicyConfig, + /// TDX attestation policy + pub tdx: TdxAttestationPolicyConfig, +} + +#[derive(Debug, Clone)] +pub struct AttestationPolicy { + pub sgx_mrsigners: Option>, + pub sgx_mrenclaves: Option>, + pub sgx_allowed_tcb_levels: EnumSet, + pub sgx_allowed_advisory_ids: Option>, + pub tdx_allowed_tcb_levels: EnumSet, + pub tdx_mrs: Option>, + pub tdx_allowed_advisory_ids: Option>, +} + +/// Default TCB levels used for Serde deserialization +fn default_tcb_levels() -> EnumSet { + let mut set = EnumSet::new(); + set.insert(TcbLevel::Ok); + set +} + +// TODO: +// When moving this binary to the `zksync-era` repo, we +// should be using `EnumSet` but this requires +// #[derive(EnumSetType, Debug, Serialize, Deserialize)] +// #[enumset(serialize_repr = "list")] +// for `TeeType` +#[derive(Clone, Debug)] +pub struct TeeTypes(HashSet); + +impl FromStr for TeeTypes { + type Err = error::Error; + + fn from_str(s: &str) -> Result { + let mut hs = HashSet::new(); + let tee_strs: Vec<&str> = s.split(',').collect(); + for tee_str in tee_strs { + match tee_str.to_ascii_lowercase().as_str() { + "sgx" => { + hs.insert(TeeType::Sgx); + } + "tdx" => { + hs.insert(TeeType::Tdx); + } + _ => { + return Err(error::Error::internal("Unknown TEE type")); + } + } + } + Ok(Self(hs)) + } +} +impl Default for TeeTypes { + fn default() -> Self { + Self(HashSet::from([TeeType::Sgx, TeeType::Tdx])) + } +} + +impl Deref for TeeTypes { + type Target = HashSet; + + fn deref(&self) -> &Self::Target { + &self.0 + } +} + +#[derive(Debug, Clone)] +pub struct VerifierConfig { + pub args: VerifierConfigArgs, + pub policy: AttestationPolicy, +} + +impl VerifierConfig { + pub fn new(args: VerifierConfigArgs) -> error::Result { + let policy = if let Some(path) = &args.attestation_policy_file { + let policy_content = fs::read_to_string(path).map_err(|e| { + error::Error::internal(format!("Failed to read attestation policy file: {}", e)) + })?; + + let policy_config: AttestationPolicyConfig = serde_yaml::from_str(&policy_content) + .map_err(|e| { + error::Error::internal(format!( + "Failed to parse attestation policy file: {}", + e + )) + })?; + + tracing::info!("Loaded attestation policy from file: {:?}", path); + policy_config + } else { + AttestationPolicyConfig::default() + }; + + let policy = AttestationPolicy { + sgx_mrsigners: decode_hex_vec_option(policy.sgx.mrsigners, SGX_HASH_SIZE)?, + sgx_mrenclaves: decode_hex_vec_option(policy.sgx.mrenclaves, SGX_HASH_SIZE)?, + sgx_allowed_tcb_levels: policy.sgx.allowed_tcb_levels, + sgx_allowed_advisory_ids: policy.sgx.allowed_advisory_ids, + tdx_allowed_tcb_levels: policy.tdx.allowed_tcb_levels, + tdx_mrs: decode_tdx_mrs(policy.tdx.mrs, TDX_HASH_SIZE)?, + tdx_allowed_advisory_ids: policy.tdx.allowed_advisory_ids, + }; + + if policy.sgx_mrsigners.is_none() && policy.sgx_mrenclaves.is_none() { + tracing::error!( + "Neither `--sgx-mrenclaves` nor `--sgx-mrsigners` specified. Any code could have produced the SGX proof." + ); + } + + if policy.tdx_mrs.is_none() { + tracing::error!( + "`--tdxmrs` not specified. Any code could have produced the TDX proof." + ); + } + + Ok(Self { args, policy }) + } +} + +// Helper function to decode a vector of hex strings +fn decode_hex_vec_option( + hex_strings: Option>, + bytes_length: usize, +) -> Result>, hex::FromHexError> { + hex_strings + .map(|strings| { + strings + .into_iter() + .map(|s| { + if s.len() > (bytes_length * 2) { + return Err(hex::FromHexError::InvalidStringLength); + } + hex::decode(s).map(Bytes::from) + }) + .collect::, _>>() + }) + .transpose() +} + +// Improved decode_tdx_mrs function +fn decode_tdx_mrs( + tdx_mrs_opt: Option>, + bytes_length: usize, +) -> Result>, hex::FromHexError> { + match tdx_mrs_opt { + None => Ok(None), + Some(mrs_array) => { + let result = mrs_array + .into_iter() + .map(|strings| decode_and_combine_mrs(strings, bytes_length)) + .collect::, _>>()?; + Ok(Some(result)) + } + } +} + +// Helper function to decode and combine MRs +fn decode_and_combine_mrs( + strings: [String; 5], + bytes_length: usize, +) -> Result { + let mut buffer = BytesMut::with_capacity(bytes_length * 5); + + for s in &strings { + if s.len() > (bytes_length * 2) { + return Err(hex::FromHexError::InvalidStringLength); + } + let decoded = hex::decode(s)?; + buffer.extend(decoded); + } + + Ok(buffer.freeze()) +} + +/// Parse a batch range from a string like "42" or "42-45" +fn parse_batch_range(s: &str) -> error::Result<(L1BatchNumber, L1BatchNumber)> { + let parse = |s: &str| { + s.parse::() + .map(L1BatchNumber::from) + .map_err(|e| error::Error::internal(format!("Can't convert batch {s} to number: {e}"))) + }; + match s.split_once('-') { + Some((start, end)) => { + let (start, end) = (parse(start)?, parse(end)?); + if start > end { + Err(error::Error::InvalidBatchRange(s.into())) + } else { + Ok((start, end)) + } + } + None => { + let batch_number = parse(s)?; + Ok((batch_number, batch_number)) + } + } +} + +/// Parse a duration from a millisecond string +fn parse_duration(s: &str) -> error::Result { + let millis = s + .parse() + .map_err(|e| error::Error::internal(format!("Can't convert {s} to duration: {e}")))?; + Ok(Duration::from_millis(millis)) +} + +#[cfg(test)] +mod test { + use super::*; + use std::{env, fs, path::PathBuf}; + use teepot::quote::tcblevel::TcbLevel; + + #[test] + fn test_load_attestation_policy_from_yaml() { + // Create a temporary directory for the test + let temp_dir = env::temp_dir().join("test_attestation_policy"); + fs::create_dir_all(&temp_dir).expect("Failed to create temp directory"); + + // Create a temporary YAML file + let yaml_path = temp_dir.join("policy.yaml"); + let yaml_content = r#" +sgx: + mrenclaves: + - a2caa7055e333f69c3e46ca7ba65b135a86c90adfde2afb356e05075b7818b3c + - 36eeb64cc816f80a1cf5818b26710f360714b987d3799e757cbefba7697b9589 + allowed_tcb_levels: + - Ok + - SwHardeningNeeded +tdx: + mrs: + - - 2a90c8fa38672cafd791d994beb6836b99383b2563736858632284f0f760a6446efd1e7ec457cf08b629ea630f7b4525 + - 3300980705adf09d28b707b79699d9874892164280832be2c386a715b6e204e0897fb564a064f810659207ba862b304f + - c08ab64725566bcc8a6fb1c79e2e64744fcff1594b8f1f02d716fb66592ecd5de94933b2bc54ffbbc43a52aab7eb1146 + - 092a4866a9e6a1672d7439a5d106fbc6eb57b738d5bfea5276d41afa2551824365fdd66700c1ce9c0b20542b9f9d5945 + - 971fb52f90ec98a234301ca9b8fc30b613c33e3dd9c0cc42dcb8003d4a95d8fb218b75baf028b70a3cabcb947e1ca453 +"#; + fs::write(&yaml_path, yaml_content).expect("Failed to write YAML file"); + + // Create a minimal config + let config = VerifierConfig::new(VerifierConfigArgs { + log_level: LevelFilter::INFO, + batch_range: Some((L1BatchNumber(1), L1BatchNumber(10))), + continuous: None, + rpc_url: Url::parse("http://localhost:8545").unwrap(), + chain_id: 270, + rate_limit: Duration::from_millis(0), + attestation_policy_file: Some(yaml_path.clone()), + tee_types: Default::default(), + }) + .expect("Failed to load attestation policy"); + + // Verify that the attestation policy was loaded correctly + assert_eq!(config.policy.sgx_mrsigners, None); + assert_eq!( + config.policy.sgx_mrenclaves, + Some(vec![ + Bytes::from( + hex::decode("a2caa7055e333f69c3e46ca7ba65b135a86c90adfde2afb356e05075b7818b3c") + .unwrap(), + ), + Bytes::from( + hex::decode("36eeb64cc816f80a1cf5818b26710f360714b987d3799e757cbefba7697b9589") + .unwrap(), + ), + ]) + ); + assert!(config.policy.sgx_allowed_tcb_levels.contains(TcbLevel::Ok)); + assert!(config + .policy + .sgx_allowed_tcb_levels + .contains(TcbLevel::SwHardeningNeeded)); + assert_eq!( + config.policy.tdx_mrs, + Some(vec![Bytes::from( + hex::decode(concat!( + "2a90c8fa38672cafd791d994beb6836b99383b2563736858632284f0f760a6446efd1e7ec457cf08b629ea630f7b4525", + "3300980705adf09d28b707b79699d9874892164280832be2c386a715b6e204e0897fb564a064f810659207ba862b304f", + "c08ab64725566bcc8a6fb1c79e2e64744fcff1594b8f1f02d716fb66592ecd5de94933b2bc54ffbbc43a52aab7eb1146", + "092a4866a9e6a1672d7439a5d106fbc6eb57b738d5bfea5276d41afa2551824365fdd66700c1ce9c0b20542b9f9d5945", + "971fb52f90ec98a234301ca9b8fc30b613c33e3dd9c0cc42dcb8003d4a95d8fb218b75baf028b70a3cabcb947e1ca453" + )).unwrap()), + ]) + ); + + // Clean up + fs::remove_file(yaml_path).expect("Failed to remove temp YAML file"); + fs::remove_dir_all(temp_dir).expect("Failed to remove temp directory"); + } + + #[test] + fn test_invalid_yaml_file_path() { + // Create a minimal config with a non-existent YAML file path + let result = VerifierConfig::new(VerifierConfigArgs { + log_level: LevelFilter::INFO, + batch_range: Some((L1BatchNumber(1), L1BatchNumber(10))), + continuous: None, + rpc_url: Url::parse("http://localhost:8545").unwrap(), + chain_id: 270, + rate_limit: Duration::from_millis(0), + attestation_policy_file: Some(PathBuf::from("/non/existent/path.yaml")), + tee_types: Default::default(), + }); + assert!(result.is_err()); + } + + #[test] + fn test_invalid_yaml_content() { + // Create a temporary directory for the test + let temp_dir = env::temp_dir().join("test_invalid_yaml"); + fs::create_dir_all(&temp_dir).expect("Failed to create temp directory"); + + // Create a temporary YAML file with invalid content + let yaml_path = temp_dir.join("invalid_policy.yaml"); + let yaml_content = r#" +sgx_mrsigners: 1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef +invalid_key: "some value" +allowed_tcb_levels: + - Invalid + - ConfigNeeded +"#; + fs::write(&yaml_path, yaml_content).expect("Failed to write YAML file"); + + // Create a minimal config + let result = VerifierConfig::new(VerifierConfigArgs { + log_level: LevelFilter::INFO, + batch_range: Some((L1BatchNumber(1), L1BatchNumber(10))), + continuous: None, + rpc_url: Url::parse("http://localhost:8545").unwrap(), + chain_id: 270, + rate_limit: Duration::from_millis(0), + attestation_policy_file: Some(yaml_path.clone()), + tee_types: Default::default(), + }); + assert!(result.is_err()); + + // Clean up + fs::remove_file(yaml_path).expect("Failed to remove temp YAML file"); + fs::remove_dir_all(temp_dir).expect("Failed to remove temp directory"); + } +} diff --git a/bin/verify-era-proof-attestation/src/core/constants.rs b/bin/verify-era-proof-attestation/src/core/constants.rs new file mode 100644 index 0000000..488f240 --- /dev/null +++ b/bin/verify-era-proof-attestation/src/core/constants.rs @@ -0,0 +1,19 @@ +// SPDX-License-Identifier: Apache-2.0 +// Copyright (c) 2023-2025 Matter Labs + +//! Constants used throughout the application + +/// Maximum number of retry attempts for fetching proofs +pub const MAX_PROOF_FETCH_RETRIES: u32 = 3; + +/// Default delay between retries (in milliseconds) +pub const DEFAULT_RETRY_DELAY_MS: u64 = 1000; + +/// Default timeout for HTTP requests (in seconds) +pub const DEFAULT_HTTP_REQUEST_TIMEOUT: u64 = 30; + +/// SGX hash size in bytes +pub const SGX_HASH_SIZE: usize = 32; + +/// TDX hash size in bytes +pub const TDX_HASH_SIZE: usize = 48; diff --git a/bin/verify-era-proof-attestation/src/core/mod.rs b/bin/verify-era-proof-attestation/src/core/mod.rs new file mode 100644 index 0000000..de76247 --- /dev/null +++ b/bin/verify-era-proof-attestation/src/core/mod.rs @@ -0,0 +1,12 @@ +// SPDX-License-Identifier: Apache-2.0 +// Copyright (c) 2023-2025 Matter Labs + +//! Core components for Era proof attestation verification + +mod config; +mod constants; +mod types; + +pub use config::*; +pub use constants::*; +pub use types::*; diff --git a/bin/verify-era-proof-attestation/src/core/types.rs b/bin/verify-era-proof-attestation/src/core/types.rs new file mode 100644 index 0000000..11636c2 --- /dev/null +++ b/bin/verify-era-proof-attestation/src/core/types.rs @@ -0,0 +1,101 @@ +// SPDX-License-Identifier: Apache-2.0 +// Copyright (c) 2023-2025 Matter Labs + +//! Common type definitions used throughout the application + +use std::fmt; +use zksync_basic_types::L1BatchNumber; + +/// Represents the operating mode of the verifier +#[derive(Debug, Clone, Copy, PartialEq, Eq)] +pub enum VerifierMode { + /// Run on a single batch or range of batches and then exit + OneShot { + /// Starting batch number + start_batch: L1BatchNumber, + /// Ending batch number + end_batch: L1BatchNumber, + }, + /// Run continuously starting from a specific batch, until interrupted + Continuous { + /// Starting batch number + start_batch: L1BatchNumber, + }, +} + +impl fmt::Display for VerifierMode { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { + match self { + VerifierMode::OneShot { + start_batch, + end_batch, + } => { + if start_batch == end_batch { + write!(f, "one-shot mode (batch {})", start_batch) + } else { + write!(f, "one-shot mode (batches {}-{})", start_batch, end_batch) + } + } + VerifierMode::Continuous { start_batch } => { + write!(f, "continuous mode (starting from batch {})", start_batch) + } + } + } +} + +/// Result of proof verification for a single batch +#[derive(Debug, Clone, Copy, PartialEq, Eq)] +pub enum VerificationResult { + /// All proofs for the batch were verified successfully + Success, + /// Some proofs for the batch failed verification + PartialSuccess { + /// Number of successfully verified proofs + verified_count: u32, + /// Number of proofs that failed verification + unverified_count: u32, + }, + /// No proofs for the batch were verified successfully + Failure, + /// Verification was interrupted before completion + Interrupted, + /// No proofs were found for the batch + NoProofsFound, +} + +impl VerificationResult { + /// Check if the majority of the proofs was verified successfully + pub fn is_successful(&self) -> bool { + match self { + VerificationResult::Success => true, + VerificationResult::PartialSuccess { + verified_count, + unverified_count, + } => verified_count > unverified_count, + VerificationResult::Failure => false, + VerificationResult::Interrupted => false, + VerificationResult::NoProofsFound => false, + } + } +} + +impl fmt::Display for VerificationResult { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { + match self { + VerificationResult::Success => write!(f, "Success"), + VerificationResult::PartialSuccess { + verified_count, + unverified_count, + } => { + write!( + f, + "Partial Success ({} verified, {} failed)", + verified_count, unverified_count + ) + } + VerificationResult::Failure => write!(f, "Failure"), + VerificationResult::Interrupted => write!(f, "Interrupted"), + VerificationResult::NoProofsFound => write!(f, "No Proofs Found"), + } + } +} diff --git a/bin/verify-era-proof-attestation/src/error.rs b/bin/verify-era-proof-attestation/src/error.rs new file mode 100644 index 0000000..ced5a6a --- /dev/null +++ b/bin/verify-era-proof-attestation/src/error.rs @@ -0,0 +1,103 @@ +// SPDX-License-Identifier: Apache-2.0 +// Copyright (c) 2023-2025 Matter Labs + +//! Error types for the verification process + +use teepot::sgx::QuoteError; +use thiserror::Error; +use zksync_basic_types::L1BatchNumber; + +/// Result type used throughout the application +pub type Result = std::result::Result; + +/// Error types that can occur during verification +#[derive(Error, Debug)] +pub enum Error { + /// Error fetching proof + #[error("Failed to fetch proof for batch {batch_number}: {reason}")] + ProofFetch { + /// Batch number that caused the error + batch_number: L1BatchNumber, + /// Reason for the error + reason: String, + }, + + /// Error communicating with the HTTP server + #[error("HTTP request failed with status {status_code}: {message}")] + Http { + /// HTTP status code + status_code: u16, + /// Error message + message: String, + }, + + /// Error communicating with the JSON-RPC server + #[error("JSON-RPC error: {0}")] + JsonRpc(String), + + /// JSON-RPC response has an invalid format + #[error("JSON-RPC response has an invalid format")] + JsonRpcInvalidResponse(String), + + /// Invalid batch range + #[error("Invalid batch range: {0}")] + InvalidBatchRange(String), + + /// Error verifying attestation + #[error(transparent)] + AttestationVerification(#[from] QuoteError), + + /// Error verifying signature + #[error("Signature verification failed: {0}")] + SignatureVerification(String), + + /// Attestation policy violation + #[error("Attestation policy violation: {0}")] + PolicyViolation(String), + + /// Operation interrupted + #[error("Operation interrupted")] + Interrupted, + + #[error(transparent)] + FromHex(#[from] hex::FromHexError), + + /// Internal error + #[error("Internal error: {0}")] + Internal(String), +} + +/// Utility functions for working with errors +impl Error { + /// Create a new proof fetch error + pub fn proof_fetch(batch_number: L1BatchNumber, reason: impl Into) -> Self { + Self::ProofFetch { + batch_number, + reason: reason.into(), + } + } + + /// Create a new policy violation error + pub fn policy_violation(reason: impl Into) -> Self { + Self::PolicyViolation(reason.into()) + } + + /// Create a new signature verification error + pub fn signature_verification(reason: impl Into) -> Self { + Self::SignatureVerification(reason.into()) + } + + /// Create a new internal error + pub fn internal(reason: impl Into) -> Self { + Self::Internal(reason.into()) + } +} + +impl From for Error { + fn from(value: reqwest::Error) -> Self { + Self::Http { + status_code: value.status().map(|v| v.as_u16()).unwrap_or(0), + message: value.to_string(), + } + } +} diff --git a/bin/verify-era-proof-attestation/src/main.rs b/bin/verify-era-proof-attestation/src/main.rs index b1388aa..9fa03ae 100644 --- a/bin/verify-era-proof-attestation/src/main.rs +++ b/bin/verify-era-proof-attestation/src/main.rs @@ -1,221 +1,91 @@ // SPDX-License-Identifier: Apache-2.0 -// Copyright (c) 2023-2024 Matter Labs +// Copyright (c) 2023-2025 Matter Labs //! Tool for SGX attestation and batch signature verification, both continuous and one-shot -mod args; mod client; +mod core; +mod error; +mod processor; mod proof; mod verification; -use crate::verification::{ - log_quote_verification_summary, verify_attestation_quote, verify_batch_proof, -}; -use anyhow::Result; -use args::{Arguments, AttestationPolicyArgs}; use clap::Parser; -use client::MainNodeClient; -use proof::get_proofs; -use reqwest::Client; -use teepot::log::setup_logging; +use error::Result; use tokio::{signal, sync::watch}; -use tracing::{debug, error, info, trace, warn}; -use url::Url; -use zksync_basic_types::L1BatchNumber; + +use crate::{ + core::{VerifierConfig, VerifierConfigArgs}, + error::Error, + processor::ProcessorFactory, +}; #[tokio::main] async fn main() -> Result<()> { - let args = Arguments::parse(); - tracing::subscriber::set_global_default(setup_logging( - env!("CARGO_CRATE_NAME"), - &args.log_level, - )?)?; + // Parse command-line arguments + let config = VerifierConfig::new(VerifierConfigArgs::parse())?; - validate_arguments(&args)?; + // Initialize logging + tracing::subscriber::set_global_default( + teepot::log::setup_logging(env!("CARGO_CRATE_NAME"), &config.args.log_level) + .map_err(|e| Error::internal(e.to_string()))?, + ) + .map_err(|e| Error::internal(e.to_string()))?; + + // Create processor based on config + let (processor, mode) = ProcessorFactory::create(config.clone())?; + + // Set up stop channel let (stop_sender, stop_receiver) = watch::channel(false); - let mut process_handle = tokio::spawn(verify_batches_proofs(stop_receiver, args)); + + // Log startup information + tracing::info!("Starting verification in {}", mode); + + // Spawn processing task + let mut process_handle = tokio::spawn(async move { processor.run(stop_receiver).await }); + + // Wait for processing to complete or for stop signal tokio::select! { - ret = &mut process_handle => { return ret?; }, + result = &mut process_handle => { + match result { + Ok(Ok(verification_results)) => { + tracing::info!("Verification completed successfully"); + + let total_batches = verification_results.len(); + let successful_batches = verification_results.iter() + .filter(|(_, result)| result.is_successful()) + .count(); + + tracing::info!( + "Verified {} batches: {} succeeded, {} failed", + total_batches, + successful_batches, + total_batches - successful_batches + ); + + Ok(()) + }, + Ok(Err(e)) => { + tracing::error!("Verification failed: {}", e); + Err(e) + }, + Err(e) => { + tracing::error!("Task panicked: {}", e); + Err(Error::internal(format!("Task panicked: {}", e))) + } + } + }, _ = signal::ctrl_c() => { - tracing::info!("Stop signal received, shutting down"); + tracing::info!("Stop signal received, shutting down gracefully..."); stop_sender.send(true).ok(); - // Wait for process_batches to complete gracefully - process_handle.await??; + + // Wait for processor to complete gracefully + match process_handle.await { + Ok(_) => tracing::info!("Processor stopped gracefully"), + Err(e) => tracing::error!("Error stopping processor: {}", e), + } + + Ok(()) } } - - Ok(()) -} - -fn validate_arguments(args: &Arguments) -> Result<()> { - if args.attestation_policy.sgx_mrsigners.is_none() - && args.attestation_policy.sgx_mrenclaves.is_none() - { - error!("Neither `--sgx-mrenclaves` nor `--sgx-mrsigners` specified. Any code could have produced the proof."); - } - - Ok(()) -} - -/// Verify all TEE proofs for all batches starting from the given batch number up to the specified -/// batch number, if a range is provided. Otherwise, continue verifying batches until the stop -/// signal is received. -async fn verify_batches_proofs( - mut stop_receiver: watch::Receiver, - args: Arguments, -) -> Result<()> { - let node_client = MainNodeClient::new(args.rpc_url.clone(), args.chain_id)?; - let http_client = Client::new(); - let first_batch_number = match args.batch_range { - Some((first_batch_number, _)) => first_batch_number, - None => args - .continuous - .expect("clap::ArgGroup should guarantee batch range or continuous option is set"), - }; - let end_batch_number = args - .batch_range - .map_or(u32::MAX, |(_, end_batch_number)| end_batch_number.0); - let mut unverified_batches_count: u32 = 0; - let mut last_processed_batch_number = first_batch_number.0; - - for current_batch_number in first_batch_number.0..=end_batch_number { - if *stop_receiver.borrow() { - tracing::warn!("Stop signal received, shutting down"); - break; - } - - trace!("Verifying TEE proofs for batch #{}", current_batch_number); - - let all_verified = verify_batch_proofs( - &mut stop_receiver, - current_batch_number.into(), - &args.rpc_url, - &http_client, - &node_client, - &args.attestation_policy, - ) - .await?; - - if !all_verified { - unverified_batches_count += 1; - } - - if current_batch_number < end_batch_number { - tokio::time::timeout(args.rate_limit, stop_receiver.changed()) - .await - .ok(); - } - - last_processed_batch_number = current_batch_number; - } - - let verified_batches_count = - last_processed_batch_number + 1 - first_batch_number.0 - unverified_batches_count; - - if unverified_batches_count > 0 { - if verified_batches_count == 0 { - error!( - "All {} batches failed verification!", - unverified_batches_count - ); - } else { - error!( - "Some batches failed verification! Unverified batches: {}. Verified batches: {}.", - unverified_batches_count, verified_batches_count - ); - } - } else { - info!( - "All {} batches verified successfully!", - verified_batches_count - ); - } - - Ok(()) -} - -/// Verify all TEE proofs for the given batch number. Note that each batch number can potentially -/// have multiple proofs of the same TEE type. -async fn verify_batch_proofs( - stop_receiver: &mut watch::Receiver, - batch_number: L1BatchNumber, - rpc_url: &Url, - http_client: &Client, - node_client: &MainNodeClient, - attestation_policy: &AttestationPolicyArgs, -) -> Result { - let proofs = get_proofs(stop_receiver, batch_number, http_client, rpc_url).await?; - let batch_no = batch_number.0; - let mut total_proofs_count: u32 = 0; - let mut unverified_proofs_count: u32 = 0; - - for proof in proofs - .into_iter() - // only support SGX proofs for now - .filter(|proof| proof.tee_type.eq_ignore_ascii_case("sgx")) - { - let batch_no = proof.l1_batch_number; - - total_proofs_count += 1; - let tee_type = proof.tee_type.to_uppercase(); - - if proof - .status - .map_or(false, |s| s.eq_ignore_ascii_case("permanently_ignored")) - { - trace!( - batch_no, - tee_type, - "Proof is marked as permanently ignored. Skipping." - ); - continue; - } - trace!(batch_no, tee_type, proof.proved_at, "Verifying proof."); - - let attestation = proof.attestation.unwrap_or_default(); - debug!(batch_no, "Verifying quote ({} bytes)...", attestation.len()); - let quote_verification_result = verify_attestation_quote(&attestation)?; - let verified_successfully = verify_batch_proof( - "e_verification_result, - attestation_policy, - node_client, - &proof.signature.unwrap_or_default(), - L1BatchNumber(proof.l1_batch_number), - ) - .await?; - - log_quote_verification_summary("e_verification_result); - - if verified_successfully { - info!( - batch_no, - proof.proved_at, tee_type, "Verification succeeded.", - ); - } else { - unverified_proofs_count += 1; - warn!(batch_no, proof.proved_at, tee_type, "Verification failed!",); - } - } - - let verified_proofs_count = total_proofs_count - unverified_proofs_count; - if unverified_proofs_count > 0 { - if verified_proofs_count == 0 { - error!( - batch_no, - "All {} proofs failed verification!", unverified_proofs_count - ); - } else { - warn!( - batch_no, - "Some proofs failed verification. Unverified proofs: {}. Verified proofs: {}.", - unverified_proofs_count, - verified_proofs_count - ); - } - } - - // if at least one proof is verified, consider the batch verified - let is_batch_verified = verified_proofs_count > 0; - - Ok(is_batch_verified) } diff --git a/bin/verify-era-proof-attestation/src/processor/batch_processor.rs b/bin/verify-era-proof-attestation/src/processor/batch_processor.rs new file mode 100644 index 0000000..f7520c2 --- /dev/null +++ b/bin/verify-era-proof-attestation/src/processor/batch_processor.rs @@ -0,0 +1,118 @@ +// SPDX-License-Identifier: Apache-2.0 +// Copyright (c) 2023-2025 Matter Labs + +//! Core functionality for processing individual batches + +use crate::error; +use tokio::sync::watch; +use zksync_basic_types::L1BatchNumber; + +use crate::{ + client::{HttpClient, MainNodeClient, RetryConfig}, + core::{VerificationResult, VerifierConfig}, + proof::ProofFetcher, + verification::{BatchVerifier, VerificationReporter}, +}; + +/// Responsible for processing individual batches +pub struct BatchProcessor { + config: VerifierConfig, + proof_fetcher: ProofFetcher, + batch_verifier: BatchVerifier, +} + +impl BatchProcessor { + /// Create a new batch processor with the given configuration + pub fn new(config: VerifierConfig) -> error::Result { + // Initialize clients and fetchers + let node_client = MainNodeClient::new(config.args.rpc_url.clone(), config.args.chain_id)?; + let http_client = HttpClient::new(); + let retry_config = RetryConfig::default(); + let proof_fetcher = + ProofFetcher::new(http_client, config.args.rpc_url.clone(), retry_config); + let batch_verifier = BatchVerifier::new(node_client, config.policy.clone()); + Ok(Self { + config, + proof_fetcher, + batch_verifier, + }) + } + + /// Process a single batch and return the verification result + pub async fn process_batch( + &self, + stop_receiver: &mut watch::Receiver, + batch_number: L1BatchNumber, + ) -> error::Result { + if *stop_receiver.borrow() { + tracing::info!("Stop signal received, shutting down"); + return Ok(VerificationResult::Interrupted); + } + + tracing::trace!("Verifying TEE proofs for batch #{}", batch_number.0); + + // Fetch proofs for the current batch across different TEE types + let mut proofs = Vec::new(); + for tee_type in self.config.args.tee_types.iter() { + match self + .proof_fetcher + .get_proofs(stop_receiver, batch_number, tee_type) + .await + { + Ok(batch_proofs) => proofs.extend(batch_proofs), + Err(error::Error::Interrupted) => return Err(error::Error::Interrupted), + Err(e) => { + tracing::error!( + "Failed to fetch proofs for TEE type {:?} at batch {}: {:#}", + tee_type, + batch_number.0, + e + ); + continue; + } + } + } + + if proofs.is_empty() { + tracing::warn!("No proofs found for batch #{}", batch_number.0); + return Ok(VerificationResult::NoProofsFound); + } + + // Verify proofs for the current batch + let verification_result = self + .batch_verifier + .verify_batch_proofs(stop_receiver, batch_number, proofs) + .await?; + + let result = if verification_result.total_count == 0 { + VerificationResult::NoProofsFound + } else if verification_result.verified_count == verification_result.total_count { + VerificationResult::Success + } else if verification_result.verified_count > 0 { + VerificationResult::PartialSuccess { + verified_count: verification_result.verified_count, + unverified_count: verification_result.unverified_count, + } + } else { + VerificationResult::Failure + }; + + tracing::debug!("Batch #{} verification result: {}", batch_number.0, result); + + // Apply rate limiting between batches if needed + if !matches!(result, VerificationResult::Interrupted) + && self.config.args.rate_limit.as_millis() > 0 + { + tokio::time::timeout(self.config.args.rate_limit, stop_receiver.changed()) + .await + .ok(); + } + + Ok(result) + } + + /// Log the overall verification results + pub fn log_overall_results(success_count: u32, failure_count: u32) { + VerificationReporter::log_overall_verification_results(success_count, failure_count); + } +} diff --git a/bin/verify-era-proof-attestation/src/processor/continuous_processor.rs b/bin/verify-era-proof-attestation/src/processor/continuous_processor.rs new file mode 100644 index 0000000..4e66ce0 --- /dev/null +++ b/bin/verify-era-proof-attestation/src/processor/continuous_processor.rs @@ -0,0 +1,95 @@ +// SPDX-License-Identifier: Apache-2.0 +// Copyright (c) 2023-2025 Matter Labs + +//! Continuous batch processor for ongoing verification of new batches + +use tokio::sync::watch; +use zksync_basic_types::L1BatchNumber; + +use crate::{ + core::{VerificationResult, VerifierConfig}, + error, + processor::BatchProcessor, +}; + +/// Processes batches continuously until stopped +pub struct ContinuousProcessor { + batch_processor: BatchProcessor, + start_batch: L1BatchNumber, +} + +impl ContinuousProcessor { + /// Create a new continuous processor that starts from the given batch + pub fn new(config: VerifierConfig, start_batch: L1BatchNumber) -> error::Result { + let batch_processor = BatchProcessor::new(config)?; + + Ok(Self { + batch_processor, + start_batch, + }) + } + + /// Run the processor until stopped + pub async fn run( + &self, + mut stop_receiver: watch::Receiver, + ) -> error::Result> { + tracing::info!( + "Starting continuous verification from batch {}", + self.start_batch.0 + ); + + let mut results = Vec::new(); + let mut success_count = 0; + let mut failure_count = 0; + let mut current_batch = self.start_batch.0; + + // Continue processing batches until stopped or reaching maximum batch number + while !*stop_receiver.borrow() { + let batch = L1BatchNumber(current_batch); + match self + .batch_processor + .process_batch(&mut stop_receiver, batch) + .await + { + Ok(result) => { + match result { + VerificationResult::Success => success_count += 1, + VerificationResult::PartialSuccess { .. } => success_count += 1, + VerificationResult::Failure => failure_count += 1, + VerificationResult::Interrupted => { + results.push((current_batch, result)); + break; + } + VerificationResult::NoProofsFound => { + // In continuous mode, we might hit batches that don't have proofs yet + // Wait a bit longer before retrying + if !*stop_receiver.borrow() { + tokio::time::sleep(tokio::time::Duration::from_secs(5)).await; + // Don't increment batch number, try again + continue; + } + } + } + + results.push((current_batch, result)); + } + Err(e) => { + tracing::error!("Error processing batch {}: {}", current_batch, e); + results.push((current_batch, VerificationResult::Failure)); + failure_count += 1; + } + } + + // Move to the next batch + current_batch = current_batch + .checked_add(1) + .ok_or(error::Error::internal("Maximum batch number reached"))?; + } + + // Log overall results + BatchProcessor::log_overall_results(success_count, failure_count); + + Ok(results) + } +} diff --git a/bin/verify-era-proof-attestation/src/processor/mod.rs b/bin/verify-era-proof-attestation/src/processor/mod.rs new file mode 100644 index 0000000..449f694 --- /dev/null +++ b/bin/verify-era-proof-attestation/src/processor/mod.rs @@ -0,0 +1,65 @@ +// SPDX-License-Identifier: Apache-2.0 +// Copyright (c) 2023-2025 Matter Labs + +//! Processing logic for batch verification + +mod batch_processor; +mod continuous_processor; +mod one_shot_processor; + +pub use batch_processor::BatchProcessor; +pub use continuous_processor::ContinuousProcessor; +pub use one_shot_processor::OneShotProcessor; + +use crate::{ + core::{VerificationResult, VerifierConfig, VerifierMode}, + error::Result, +}; +use tokio::sync::watch; + +// Using an enum instead of a trait because async functions in traits can't be used in trait objects +/// Processor variants for different verification modes +pub enum ProcessorType { + /// One-shot processor for processing a specific range of batches + OneShot(OneShotProcessor), + /// Continuous processor for monitoring new batches + Continuous(ContinuousProcessor), +} + +impl ProcessorType { + /// Run the processor until completion or interruption + pub async fn run( + &self, + stop_receiver: watch::Receiver, + ) -> Result> { + match self { + ProcessorType::OneShot(processor) => processor.run(stop_receiver).await, + ProcessorType::Continuous(processor) => processor.run(stop_receiver).await, + } + } +} + +/// Factory for creating the appropriate processor based on configuration +pub struct ProcessorFactory; + +impl ProcessorFactory { + /// Create a new processor based on the provided configuration + pub fn create(config: VerifierConfig) -> Result<(ProcessorType, VerifierMode)> { + let mode = if let Some((start, end)) = config.args.batch_range { + let processor = OneShotProcessor::new(config.clone(), start, end)?; + let mode = VerifierMode::OneShot { + start_batch: start, + end_batch: end, + }; + (ProcessorType::OneShot(processor), mode) + } else if let Some(start) = config.args.continuous { + let processor = ContinuousProcessor::new(config.clone(), start)?; + let mode = VerifierMode::Continuous { start_batch: start }; + (ProcessorType::Continuous(processor), mode) + } else { + unreachable!("Clap ArgGroup should ensure either batch_range or continuous is set") + }; + + Ok(mode) + } +} diff --git a/bin/verify-era-proof-attestation/src/processor/one_shot_processor.rs b/bin/verify-era-proof-attestation/src/processor/one_shot_processor.rs new file mode 100644 index 0000000..469e9de --- /dev/null +++ b/bin/verify-era-proof-attestation/src/processor/one_shot_processor.rs @@ -0,0 +1,79 @@ +// SPDX-License-Identifier: Apache-2.0 +// Copyright (c) 2023-2025 Matter Labs + +//! One-shot batch processor for verifying a single batch or a range of batches + +use crate::error; +use tokio::sync::watch; +use zksync_basic_types::L1BatchNumber; + +use crate::{ + core::{VerificationResult, VerifierConfig}, + processor::BatchProcessor, +}; + +/// Processes a specific range of batches and then exits +pub struct OneShotProcessor { + batch_processor: BatchProcessor, + start_batch: L1BatchNumber, + end_batch: L1BatchNumber, +} + +impl OneShotProcessor { + /// Create a new one-shot processor for the given batch range + pub fn new( + config: VerifierConfig, + start_batch: L1BatchNumber, + end_batch: L1BatchNumber, + ) -> error::Result { + let batch_processor = BatchProcessor::new(config)?; + + Ok(Self { + batch_processor, + start_batch, + end_batch, + }) + } + + /// Run the processor until completion or interruption + pub async fn run( + &self, + mut stop_receiver: watch::Receiver, + ) -> error::Result> { + tracing::info!( + "Starting one-shot verification of batches {} to {}", + self.start_batch.0, + self.end_batch.0 + ); + + let mut results = Vec::new(); + let mut success_count = 0; + let mut failure_count = 0; + + for batch_number in self.start_batch.0..=self.end_batch.0 { + let batch = L1BatchNumber(batch_number); + let result = self + .batch_processor + .process_batch(&mut stop_receiver, batch) + .await?; + + match result { + VerificationResult::Success => success_count += 1, + VerificationResult::PartialSuccess { .. } => success_count += 1, + VerificationResult::Failure => failure_count += 1, + VerificationResult::Interrupted => { + results.push((batch_number, result)); + break; + } + VerificationResult::NoProofsFound => {} + } + + results.push((batch_number, result)); + } + + // Log overall results + BatchProcessor::log_overall_results(success_count, failure_count); + + Ok(results) + } +} diff --git a/bin/verify-era-proof-attestation/src/proof.rs b/bin/verify-era-proof-attestation/src/proof.rs deleted file mode 100644 index 3ee9990..0000000 --- a/bin/verify-era-proof-attestation/src/proof.rs +++ /dev/null @@ -1,172 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 -// Copyright (c) 2023-2024 Matter Labs - -use anyhow::{bail, Result}; -use jsonrpsee_types::error::ErrorObject; -use reqwest::Client; -use serde::{Deserialize, Serialize}; -use serde_with::{hex::Hex, serde_as}; -use std::time::Duration; -use tokio::sync::watch; -use tracing::{error, warn}; -use url::Url; -use zksync_basic_types::L1BatchNumber; - -#[derive(Debug, Serialize, Deserialize)] -pub struct GetProofsRequest { - pub jsonrpc: String, - pub id: u32, - pub method: String, - pub params: (L1BatchNumber, String), -} - -pub async fn get_proofs( - stop_receiver: &mut watch::Receiver, - batch_number: L1BatchNumber, - http_client: &Client, - rpc_url: &Url, -) -> Result> { - let mut proofs_request = GetProofsRequest::new(batch_number); - let mut retries = 0; - let mut backoff = Duration::from_secs(1); - let max_backoff = Duration::from_secs(128); - let retry_backoff_multiplier: f32 = 2.0; - - while !*stop_receiver.borrow() { - let proofs = proofs_request - .send(stop_receiver, http_client, rpc_url) - .await?; - - if !proofs.is_empty() - && proofs.iter().all(|proof| { - !proof.status.as_ref().map_or(false, |s| { - s.eq_ignore_ascii_case("failed") | s.eq_ignore_ascii_case("picked_by_prover") - }) - }) - { - return Ok(proofs); - } - - retries += 1; - warn!( - batch_no = batch_number.0, retries, - "No TEE proofs found for batch #{}. They may not be ready yet. Retrying in {} milliseconds.", - batch_number, backoff.as_millis(), - ); - - tokio::time::timeout(backoff, stop_receiver.changed()) - .await - .ok(); - - backoff = std::cmp::min(backoff.mul_f32(retry_backoff_multiplier), max_backoff); - } - - Ok(vec![]) -} - -impl GetProofsRequest { - pub fn new(batch_number: L1BatchNumber) -> Self { - GetProofsRequest { - jsonrpc: "2.0".to_string(), - id: 1, - method: "unstable_getTeeProofs".to_string(), - params: (batch_number, "sgx".to_string()), - } - } - - pub async fn send( - &mut self, - stop_receiver: &mut watch::Receiver, - http_client: &Client, - rpc_url: &Url, - ) -> Result> { - let mut retries = 0; - let max_retries = 5; - let mut backoff = Duration::from_secs(1); - let max_backoff = Duration::from_secs(128); - let retry_backoff_multiplier: f32 = 2.0; - let mut response = None; - - while !*stop_receiver.borrow() { - let result = http_client - .post(rpc_url.clone()) - .json(self) - .send() - .await? - .error_for_status()? - .json::() - .await; - - match result { - Ok(res) => match res.error { - None => { - response = Some(res); - break; - } - Some(error) => { - // Handle corner case, where the old RPC interface expects 'Sgx' - if let Some(data) = error.data() { - if data.get().contains("unknown variant `sgx`, expected `Sgx`") { - self.params.1 = "Sgx".to_string(); - continue; - } - } - error!(?error, "received JSONRPC error {error:?}"); - bail!("JSONRPC error {error:?}"); - } - }, - Err(err) => { - retries += 1; - if retries >= max_retries { - return Err(anyhow::anyhow!( - "Failed to send request to {} after {} retries: {}. Request details: {:?}", - rpc_url, - max_retries, - err, - self - )); - } - warn!( - %err, - "Failed to send request to {rpc_url}. {retries}/{max_retries}, retrying in {} milliseconds. Request details: {:?}", - backoff.as_millis(), - self - ); - tokio::time::timeout(backoff, stop_receiver.changed()) - .await - .ok(); - backoff = std::cmp::min(backoff.mul_f32(retry_backoff_multiplier), max_backoff); - } - }; - } - - Ok(response.map_or_else(Vec::new, |res| res.result.unwrap_or_default())) - } -} - -#[derive(Debug, Serialize, Deserialize)] -pub struct GetProofsResponse { - pub jsonrpc: String, - pub result: Option>, - pub id: u32, - #[serde(skip_serializing_if = "Option::is_none")] - pub error: Option>, -} - -#[serde_as] -#[derive(Debug, Serialize, Deserialize)] -#[serde(rename_all = "camelCase")] -pub struct Proof { - pub l1_batch_number: u32, - pub tee_type: String, - #[serde_as(as = "Option")] - pub pubkey: Option>, - #[serde_as(as = "Option")] - pub signature: Option>, - #[serde_as(as = "Option")] - pub proof: Option>, - pub proved_at: String, - pub status: Option, - #[serde_as(as = "Option")] - pub attestation: Option>, -} diff --git a/bin/verify-era-proof-attestation/src/proof/fetcher.rs b/bin/verify-era-proof-attestation/src/proof/fetcher.rs new file mode 100644 index 0000000..0a22445 --- /dev/null +++ b/bin/verify-era-proof-attestation/src/proof/fetcher.rs @@ -0,0 +1,139 @@ +// SPDX-License-Identifier: Apache-2.0 +// Copyright (c) 2023-2025 Matter Labs + +use crate::{ + client::{HttpClient, RetryConfig, RetryHelper}, + error::{Error, Result}, + proof::{ + parsing::ProofResponseParser, + types::{GetProofsRequest, GetProofsResponse, Proof}, + }, +}; +use std::time::Duration; +use tokio::sync::watch; +use url::Url; +use zksync_basic_types::{tee_types::TeeType, L1BatchNumber}; + +/// Handles fetching proofs from the server with retry logic +pub struct ProofFetcher { + http_client: HttpClient, + rpc_url: Url, + retry_config: RetryConfig, +} + +impl ProofFetcher { + /// Create a new proof fetcher + pub fn new(http_client: HttpClient, rpc_url: Url, retry_config: RetryConfig) -> Self { + Self { + http_client, + rpc_url, + retry_config, + } + } + + /// Get proofs for a batch number with retry logic + pub async fn get_proofs( + &self, + stop_receiver: &mut watch::Receiver, + batch_number: L1BatchNumber, + tee_type: &TeeType, + ) -> Result> { + let mut proofs_request = GetProofsRequest::new(batch_number, tee_type); + let mut backoff = Duration::from_secs(1); + let max_backoff = Duration::from_secs(128); + let retry_backoff_multiplier: f32 = 2.0; + + while !*stop_receiver.borrow() { + match self.send_request(&proofs_request, stop_receiver).await { + Ok(response) => { + // Parse the response using the ProofResponseParser + match ProofResponseParser::parse_response(response) { + Ok(proofs) => { + // Filter valid proofs + let valid_proofs = ProofResponseParser::filter_valid_proofs(&proofs); + + if !valid_proofs.is_empty() { + return Ok(valid_proofs); + } + + // No valid proofs found, retry + let error_msg = format!( + "No valid TEE proofs found for batch #{}. They may not be ready yet. Retrying in {} milliseconds.", + batch_number.0, + backoff.as_millis() + ); + tracing::warn!(batch_no = batch_number.0, "{}", error_msg); + // Here we could use the ProofFetching error if we needed to return immediately + // return Err(Error::ProofFetching(error_msg)); + } + Err(e) => { + // Handle specific error for Sgx variant + if let Error::JsonRpc(msg) = &e { + if msg.contains("RPC requires 'Sgx' variant") { + tracing::debug!("Switching to 'Sgx' variant for RPC"); + proofs_request.params.1 = "Sgx".to_string(); + continue; + } + } + return Err(e); + } + } + } + Err(e) => { + return Err(e); + } + } + + tokio::time::timeout(backoff, stop_receiver.changed()) + .await + .ok(); + + backoff = std::cmp::min( + Duration::from_millis( + (backoff.as_millis() as f32 * retry_backoff_multiplier) as u64, + ), + max_backoff, + ); + + if *stop_receiver.borrow() { + break; + } + } + + // If we've reached this point, we've either been stopped or exhausted retries + if *stop_receiver.borrow() { + // Return empty vector if stopped + Ok(vec![]) + } else { + // Use the ProofFetching error variant if we've exhausted retries + Err(Error::proof_fetch(batch_number, "exhausted retries")) + } + } + + /// Send a request to the server with retry logic + async fn send_request( + &self, + request: &GetProofsRequest, + stop_receiver: &mut watch::Receiver, + ) -> Result { + let retry_helper = RetryHelper::new(self.retry_config.clone()); + let request_clone = request.clone(); + let http_client = self.http_client.clone(); + let rpc_url = self.rpc_url.clone(); + + retry_helper + .execute(&format!("get_proofs_{}", request.params.0), || async { + let result = http_client + .send_json::<_, GetProofsResponse>(&rpc_url, &request_clone) + .await; + + // Check if we need to abort due to stop signal + if *stop_receiver.borrow() { + return Err(Error::Interrupted); + } + + result + }) + .await + } +} diff --git a/bin/verify-era-proof-attestation/src/proof/mod.rs b/bin/verify-era-proof-attestation/src/proof/mod.rs new file mode 100644 index 0000000..46c125a --- /dev/null +++ b/bin/verify-era-proof-attestation/src/proof/mod.rs @@ -0,0 +1,9 @@ +// SPDX-License-Identifier: Apache-2.0 +// Copyright (c) 2023-2025 Matter Labs + +mod fetcher; +mod parsing; +mod types; + +pub use fetcher::ProofFetcher; +pub use types::Proof; diff --git a/bin/verify-era-proof-attestation/src/proof/parsing.rs b/bin/verify-era-proof-attestation/src/proof/parsing.rs new file mode 100644 index 0000000..6519e17 --- /dev/null +++ b/bin/verify-era-proof-attestation/src/proof/parsing.rs @@ -0,0 +1,277 @@ +// SPDX-License-Identifier: Apache-2.0 +// Copyright (c) 2023-2025 Matter Labs + +use super::types::{GetProofsResponse, Proof}; +use crate::error; + +/// Handles parsing of proof responses and error handling +pub struct ProofResponseParser; + +impl ProofResponseParser { + /// Parse a response and extract the proofs + pub fn parse_response(response: GetProofsResponse) -> error::Result> { + // Handle JSON-RPC errors + if let Some(error) = response.error { + // Special case for handling the old RPC interface + if let Some(data) = error.data() { + if data.get().contains("unknown variant `sgx`, expected `Sgx`") { + return Err(error::Error::JsonRpc( + "RPC requires 'Sgx' variant instead of 'sgx'".to_string(), + )); + } + } + + return Err(error::Error::JsonRpc(format!("JSONRPC error: {:?}", error))); + } + + // Extract proofs from the result + Ok(response.result.unwrap_or_default()) + } + + /// Filter proofs to find valid ones + pub fn filter_valid_proofs(proofs: &[Proof]) -> Vec { + proofs + .iter() + .filter(|proof| !proof.is_failed_or_picked()) + .cloned() + .collect() + } +} + +#[cfg(test)] +mod tests { + use super::*; + use jsonrpsee_types::error::ErrorObject; + + #[test] + fn test_proof_is_permanently_ignored() { + let proof = Proof { + l1_batch_number: 123, + tee_type: "TDX".to_string(), + pubkey: None, + signature: None, + proof: None, + proved_at: "2023-01-01T00:00:00Z".to_string(), + status: Some("permanently_ignored".to_string()), + attestation: None, + }; + + assert!(proof.is_permanently_ignored()); + + let proof = Proof { + l1_batch_number: 123, + tee_type: "TDX".to_string(), + pubkey: None, + signature: None, + proof: None, + proved_at: "2023-01-01T00:00:00Z".to_string(), + status: Some("PERMANENTLY_IGNORED".to_string()), + attestation: None, + }; + + assert!(proof.is_permanently_ignored()); + + let proof = Proof { + l1_batch_number: 123, + tee_type: "TDX".to_string(), + pubkey: None, + signature: None, + proof: None, + proved_at: "2023-01-01T00:00:00Z".to_string(), + status: Some("other".to_string()), + attestation: None, + }; + + assert!(!proof.is_permanently_ignored()); + + let proof = Proof { + l1_batch_number: 123, + tee_type: "TDX".to_string(), + pubkey: None, + signature: None, + proof: None, + proved_at: "2023-01-01T00:00:00Z".to_string(), + status: None, + attestation: None, + }; + + assert!(!proof.is_permanently_ignored()); + } + + #[test] + fn test_proof_is_failed_or_picked() { + let proof = Proof { + l1_batch_number: 123, + tee_type: "TDX".to_string(), + pubkey: None, + signature: None, + proof: None, + proved_at: "2023-01-01T00:00:00Z".to_string(), + status: Some("failed".to_string()), + attestation: None, + }; + + assert!(proof.is_failed_or_picked()); + + let proof = Proof { + l1_batch_number: 123, + tee_type: "TDX".to_string(), + pubkey: None, + signature: None, + proof: None, + proved_at: "2023-01-01T00:00:00Z".to_string(), + status: Some("picked_by_prover".to_string()), + attestation: None, + }; + + assert!(proof.is_failed_or_picked()); + + let proof = Proof { + l1_batch_number: 123, + tee_type: "TDX".to_string(), + pubkey: None, + signature: None, + proof: None, + proved_at: "2023-01-01T00:00:00Z".to_string(), + status: Some("FAILED".to_string()), + attestation: None, + }; + + assert!(proof.is_failed_or_picked()); + + let proof = Proof { + l1_batch_number: 123, + tee_type: "TDX".to_string(), + pubkey: None, + signature: None, + proof: None, + proved_at: "2023-01-01T00:00:00Z".to_string(), + status: Some("other".to_string()), + attestation: None, + }; + + assert!(!proof.is_failed_or_picked()); + + let proof = Proof { + l1_batch_number: 123, + tee_type: "TDX".to_string(), + pubkey: None, + signature: None, + proof: None, + proved_at: "2023-01-01T00:00:00Z".to_string(), + status: None, + attestation: None, + }; + + assert!(!proof.is_failed_or_picked()); + } + + #[test] + fn test_parse_response_success() { + let response = GetProofsResponse { + jsonrpc: "2.0".to_string(), + result: Some(vec![Proof { + l1_batch_number: 123, + tee_type: "TDX".to_string(), + pubkey: None, + signature: None, + proof: None, + proved_at: "2023-01-01T00:00:00Z".to_string(), + status: None, + attestation: None, + }]), + id: 1, + error: None, + }; + + let proofs = ProofResponseParser::parse_response(response).unwrap(); + assert_eq!(proofs.len(), 1); + assert_eq!(proofs[0].l1_batch_number, 123); + } + + #[test] + fn test_parse_response_error() { + let response = GetProofsResponse { + jsonrpc: "2.0".to_string(), + result: None, + id: 1, + error: Some(ErrorObject::owned(1, "Error", None::<()>)), + }; + + let error = ProofResponseParser::parse_response(response).unwrap_err(); + match error { + error::Error::JsonRpc(msg) => { + assert!(msg.contains("JSONRPC error")); + } + _ => panic!("Expected JsonRpc error"), + } + } + + #[test] + fn test_parse_response_sgx_variant_error() { + let error_obj = ErrorObject::owned( + 1, + "Error", + Some( + serde_json::to_value("unknown variant `sgx`, expected `Sgx`") + .unwrap() + .to_string(), + ), + ); + + let response = GetProofsResponse { + jsonrpc: "2.0".to_string(), + result: None, + id: 1, + error: Some(error_obj), + }; + + let error = ProofResponseParser::parse_response(response).unwrap_err(); + match error { + error::Error::JsonRpc(msg) => { + assert!(msg.contains("RPC requires 'Sgx' variant")); + } + _ => panic!("Expected JsonRpc error about Sgx variant"), + } + } + + #[test] + fn test_filter_valid_proofs() { + let proofs = vec![ + Proof { + l1_batch_number: 123, + tee_type: "TDX".to_string(), + pubkey: None, + signature: None, + proof: None, + proved_at: "2023-01-01T00:00:00Z".to_string(), + status: None, + attestation: None, + }, + Proof { + l1_batch_number: 124, + tee_type: "TDX".to_string(), + pubkey: None, + signature: None, + proof: None, + proved_at: "2023-01-01T00:00:00Z".to_string(), + status: Some("failed".to_string()), + attestation: None, + }, + Proof { + l1_batch_number: 125, + tee_type: "TDX".to_string(), + pubkey: None, + signature: None, + proof: None, + proved_at: "2023-01-01T00:00:00Z".to_string(), + status: Some("picked_by_prover".to_string()), + attestation: None, + }, + ]; + + let valid_proofs = ProofResponseParser::filter_valid_proofs(&proofs); + assert_eq!(valid_proofs.len(), 1); + assert_eq!(valid_proofs[0].l1_batch_number, 123); + } +} diff --git a/bin/verify-era-proof-attestation/src/proof/types.rs b/bin/verify-era-proof-attestation/src/proof/types.rs new file mode 100644 index 0000000..af3e905 --- /dev/null +++ b/bin/verify-era-proof-attestation/src/proof/types.rs @@ -0,0 +1,83 @@ +// SPDX-License-Identifier: Apache-2.0 +// Copyright (c) 2023-2025 Matter Labs + +use jsonrpsee_types::error::ErrorObject; +use serde::{Deserialize, Serialize}; +use serde_with::{hex::Hex, serde_as}; +use zksync_basic_types::{tee_types::TeeType, L1BatchNumber}; + +/// Request structure for fetching proofs +#[derive(Debug, Serialize, Deserialize, Clone)] +pub struct GetProofsRequest { + pub jsonrpc: String, + pub id: u32, + pub method: String, + pub params: (L1BatchNumber, String), +} + +impl GetProofsRequest { + /// Create a new request for the given batch number + pub fn new(batch_number: L1BatchNumber, tee_type: &TeeType) -> Self { + GetProofsRequest { + jsonrpc: "2.0".to_string(), + id: 1, + method: "unstable_getTeeProofs".to_string(), + params: (batch_number, tee_type.to_string()), + } + } +} + +/// Response structure for proof requests +#[derive(Debug, Serialize, Deserialize)] +pub struct GetProofsResponse { + pub jsonrpc: String, + pub result: Option>, + pub id: u32, + #[serde(skip_serializing_if = "Option::is_none")] + pub error: Option>, +} + +/// Proof structure containing attestation and signature data +#[serde_as] +#[derive(Debug, Serialize, Deserialize, Clone)] +#[serde(rename_all = "camelCase")] +pub struct Proof { + pub l1_batch_number: u32, + pub tee_type: String, + #[serde_as(as = "Option")] + pub pubkey: Option>, + #[serde_as(as = "Option")] + pub signature: Option>, + #[serde_as(as = "Option")] + pub proof: Option>, + pub proved_at: String, + pub status: Option, + #[serde_as(as = "Option")] + pub attestation: Option>, +} + +impl Proof { + /// Check if the proof is marked as permanently ignored + pub fn is_permanently_ignored(&self) -> bool { + self.status + .as_ref() + .map_or(false, |s| s.eq_ignore_ascii_case("permanently_ignored")) + } + + /// Check if the proof is failed or picked by a prover + pub fn is_failed_or_picked(&self) -> bool { + self.status.as_ref().map_or(false, |s| { + s.eq_ignore_ascii_case("failed") || s.eq_ignore_ascii_case("picked_by_prover") + }) + } + + /// Get the attestation bytes or an empty vector if not present + pub fn attestation_bytes(&self) -> Vec { + self.attestation.clone().unwrap_or_default() + } + + /// Get the signature bytes or an empty vector if not present + pub fn signature_bytes(&self) -> Vec { + self.signature.clone().unwrap_or_default() + } +} diff --git a/bin/verify-era-proof-attestation/src/verification.rs b/bin/verify-era-proof-attestation/src/verification.rs deleted file mode 100644 index 4ae892e..0000000 --- a/bin/verify-era-proof-attestation/src/verification.rs +++ /dev/null @@ -1,208 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 -// Copyright (c) 2023-2025 Matter Labs - -use crate::{args::AttestationPolicyArgs, client::JsonRpcClient}; -use anyhow::{anyhow, Context, Result}; -use hex::encode; -use secp256k1::{ - ecdsa::{RecoverableSignature, RecoveryId, Signature}, - Message, SECP256K1, -}; -use teepot::{ - ethereum::{public_key_to_ethereum_address, recover_signer}, - prover::reportdata::ReportData, - quote::{ - error::QuoteContext, tee_qv_get_collateral, verify_quote_with_collateral, - QuoteVerificationResult, Report, - }, - sgx::TcbLevel, -}; -use tracing::{debug, info, trace, warn}; -use zksync_basic_types::{L1BatchNumber, H256}; - -struct TeeProof { - report: ReportData, - root_hash: H256, - signature: Vec, -} - -impl TeeProof { - pub fn new(report: ReportData, root_hash: H256, signature: Vec) -> Self { - Self { - report, - root_hash, - signature, - } - } - - pub fn verify(&self) -> Result { - match &self.report { - ReportData::V0(report) => { - debug!("ReportData::V0"); - let signature = Signature::from_compact(&self.signature)?; - let root_hash_msg = Message::from_digest_slice(&self.root_hash.0)?; - Ok(signature.verify(&root_hash_msg, &report.pubkey).is_ok()) - } - ReportData::V1(report) => { - debug!("ReportData::V1"); - let ethereum_address_from_report = report.ethereum_address; - let root_hash_msg = Message::from_digest_slice(self.root_hash.as_bytes())?; - - trace!("sig len = {}", self.signature.len()); - - let sig_vec = self.signature.clone(); - - if self.signature.len() == 64 { - info!("Signature is missing RecoveryId!"); - // Fallback for missing RecoveryId - for rec_id in [ - RecoveryId::Zero, - RecoveryId::One, - RecoveryId::Two, - RecoveryId::Three, - ] { - let Ok(sig) = RecoverableSignature::from_compact(&sig_vec, rec_id) else { - continue; - }; - let Ok(public) = SECP256K1.recover_ecdsa(&root_hash_msg, &sig) else { - continue; - }; - let ethereum_address_from_signature = - public_key_to_ethereum_address(&public); - - debug!( - "Root hash: {}. Ethereum address from the attestation quote: {}. Ethereum address from the signature: {}.", - self.root_hash, - encode(ethereum_address_from_report), - encode(ethereum_address_from_signature), - ); - if ethereum_address_from_signature == ethereum_address_from_report { - info!("Had to use RecoveryId::{rec_id:?}"); - return Ok(true); - } - } - return Ok(false); - } - - let signature_bytes: [u8; 65] = sig_vec - .try_into() - .map_err(|e| anyhow!("{:?}", e)) - .context("invalid length of signature bytes")?; - let ethereum_address_from_signature = - recover_signer(&signature_bytes, &root_hash_msg)?; - debug!( - "Root hash: {}. Ethereum address from the attestation quote: {}. Ethereum address from the signature: {}.", - self.root_hash, - encode(ethereum_address_from_report), - encode(ethereum_address_from_signature), - ); - Ok(ethereum_address_from_signature == ethereum_address_from_report) - } - ReportData::Unknown(_) => Ok(false), - } - } -} - -pub async fn verify_batch_proof( - quote_verification_result: &QuoteVerificationResult, - attestation_policy: &AttestationPolicyArgs, - node_client: &impl JsonRpcClient, - signature: &[u8], - batch_number: L1BatchNumber, -) -> Result { - if !is_quote_matching_policy(attestation_policy, quote_verification_result) { - return Ok(false); - } - - let root_hash = node_client.get_root_hash(batch_number).await?; - let report_data_bytes = quote_verification_result.quote.get_report_data(); - let report_data = ReportData::try_from(report_data_bytes)?; - let tee_proof = TeeProof::new(report_data, root_hash, signature.to_vec()); - tee_proof.verify() -} - -pub fn verify_attestation_quote(attestation_quote_bytes: &[u8]) -> Result { - let collateral = QuoteContext::context( - tee_qv_get_collateral(attestation_quote_bytes), - "Failed to get collateral!", - )?; - let unix_time: i64 = std::time::SystemTime::now() - .duration_since(std::time::UNIX_EPOCH)? - .as_secs() as _; - verify_quote_with_collateral(attestation_quote_bytes, Some(&collateral), unix_time) - .context("Failed to verify quote with collateral!") -} - -pub fn log_quote_verification_summary(quote_verification_result: &QuoteVerificationResult) { - let QuoteVerificationResult { - collateral_expired, - result, - quote, - advisories, - .. - } = quote_verification_result; - if *collateral_expired { - warn!("Freshly fetched collateral expired!"); - } - let tcblevel = TcbLevel::from(*result); - let advisories = if advisories.is_empty() { - "None".to_string() - } else { - advisories - .iter() - .map(ToString::to_string) - .collect::>() - .join(", ") - }; - - info!( - "Quote verification result: {tcblevel}. {report}. Advisory IDs: {advisories}.", - report = "e.report - ); -} - -fn is_quote_matching_policy( - attestation_policy: &AttestationPolicyArgs, - quote_verification_result: &QuoteVerificationResult, -) -> bool { - let quote = "e_verification_result.quote; - let tcblevel = TcbLevel::from(quote_verification_result.result); - - if !attestation_policy.sgx_allowed_tcb_levels.contains(tcblevel) { - warn!( - "Quote verification failed: TCB level mismatch (expected one of: {:?}, actual: {})", - attestation_policy.sgx_allowed_tcb_levels, tcblevel - ); - return false; - } - match "e.report { - Report::SgxEnclave(report_body) => { - check_policy( - attestation_policy.sgx_mrsigners.as_deref(), - &report_body.mr_signer, - "mrsigner", - ) && check_policy( - attestation_policy.sgx_mrenclaves.as_deref(), - &report_body.mr_enclave, - "mrenclave", - ) - } - _ => false, - } -} - -fn check_policy(policy: Option<&str>, actual_value: &[u8], field_name: &str) -> bool { - if let Some(valid_values) = policy { - let valid_values: Vec<&str> = valid_values.split(',').collect(); - let actual_value = hex::encode(actual_value); - if !valid_values.contains(&actual_value.as_str()) { - warn!( - "Quote verification failed: {} mismatch (expected one of: {:?}, actual: {})", - field_name, valid_values, actual_value - ); - return false; - } - debug!(field_name, actual_value, "Attestation policy check passed"); - } - true -} diff --git a/bin/verify-era-proof-attestation/src/verification/attestation.rs b/bin/verify-era-proof-attestation/src/verification/attestation.rs new file mode 100644 index 0000000..cfbc00a --- /dev/null +++ b/bin/verify-era-proof-attestation/src/verification/attestation.rs @@ -0,0 +1,35 @@ +// SPDX-License-Identifier: Apache-2.0 +// Copyright (c) 2023-2025 Matter Labs + +use teepot::quote::{ + error::QuoteContext, tee_qv_get_collateral, verify_quote_with_collateral, + QuoteVerificationResult, +}; + +use crate::error; + +/// Handles verification of attestation quotes +pub struct AttestationVerifier; + +impl AttestationVerifier { + /// Verify an attestation quote + pub fn verify_quote(attestation_quote_bytes: &[u8]) -> error::Result { + // Get collateral for the quote + let collateral = QuoteContext::context( + tee_qv_get_collateral(attestation_quote_bytes), + "Failed to get collateral!", + )?; + + // Get current time for verification + let unix_time: i64 = std::time::SystemTime::now() + .duration_since(std::time::UNIX_EPOCH) + .map_err(|e| error::Error::internal(format!("Failed to get system time: {}", e)))? + .as_secs() as _; + + // Verify the quote with the collateral + let res = + verify_quote_with_collateral(attestation_quote_bytes, Some(&collateral), unix_time)?; + + Ok(res) + } +} diff --git a/bin/verify-era-proof-attestation/src/verification/batch.rs b/bin/verify-era-proof-attestation/src/verification/batch.rs new file mode 100644 index 0000000..53c3438 --- /dev/null +++ b/bin/verify-era-proof-attestation/src/verification/batch.rs @@ -0,0 +1,141 @@ +// SPDX-License-Identifier: Apache-2.0 +// Copyright (c) 2025 Matter Labs + +use crate::{ + client::JsonRpcClient, + core::AttestationPolicy, + error, + proof::Proof, + verification::{AttestationVerifier, PolicyEnforcer, SignatureVerifier, VerificationReporter}, +}; +use tokio::sync::watch; +use zksync_basic_types::L1BatchNumber; + +/// Result of a batch verification +#[derive(Debug, Clone, Copy)] +pub struct BatchVerificationResult { + /// Total number of proofs processed + pub total_count: u32, + /// Number of proofs that were verified successfully + pub verified_count: u32, + /// Number of proofs that failed verification + pub unverified_count: u32, +} + +/// Handles the batch verification process +pub struct BatchVerifier { + node_client: C, + attestation_policy: AttestationPolicy, +} + +impl BatchVerifier { + /// Create a new batch verifier + pub fn new(node_client: C, attestation_policy: AttestationPolicy) -> Self { + Self { + node_client, + attestation_policy, + } + } + + /// Verify proofs for a batch + pub async fn verify_batch_proofs( + &self, + stop_receiver: &mut watch::Receiver, + batch_number: L1BatchNumber, + proofs: Vec, + ) -> error::Result { + let batch_no = batch_number.0; + let mut total_proofs_count: u32 = 0; + let mut verified_proofs_count: u32 = 0; + + for proof in proofs.into_iter() { + if *stop_receiver.borrow() { + tracing::warn!("Stop signal received during batch verification"); + return Ok(BatchVerificationResult { + total_count: total_proofs_count, + verified_count: verified_proofs_count, + unverified_count: total_proofs_count - verified_proofs_count, + }); + } + + total_proofs_count += 1; + let tee_type = proof.tee_type.to_uppercase(); + + if proof.is_permanently_ignored() { + tracing::debug!( + batch_no, + tee_type, + "Proof is marked as permanently ignored. Skipping." + ); + continue; + } + + tracing::debug!(batch_no, tee_type, proof.proved_at, "Verifying proof."); + + let attestation_bytes = proof.attestation_bytes(); + let signature_bytes = proof.signature_bytes(); + + tracing::debug!( + batch_no, + "Verifying quote ({} bytes)...", + attestation_bytes.len() + ); + + // Verify attestation + let quote_verification_result = AttestationVerifier::verify_quote(&attestation_bytes)?; + + // Log verification results + VerificationReporter::log_quote_verification_summary("e_verification_result); + + // Check if attestation matches policy + let policy_matches = PolicyEnforcer::validate_policy( + &self.attestation_policy, + "e_verification_result, + ); + + if let Err(e) = policy_matches { + tracing::error!(batch_no, tee_type, "Attestation policy check failed: {e}"); + continue; + } + + // Verify signature + let root_hash = self + .node_client + .get_root_hash(L1BatchNumber(proof.l1_batch_number)) + .await?; + + let signature_verified = SignatureVerifier::verify_batch_proof( + "e_verification_result, + root_hash, + &signature_bytes, + )?; + + if signature_verified { + tracing::info!( + batch_no, + proof.proved_at, + tee_type, + "Verification succeeded.", + ); + verified_proofs_count += 1; + } else { + tracing::warn!(batch_no, proof.proved_at, tee_type, "Verification failed!",); + } + } + + let unverified_proofs_count = total_proofs_count.saturating_sub(verified_proofs_count); + + // Log batch verification results + VerificationReporter::log_batch_verification_results( + batch_no, + verified_proofs_count, + unverified_proofs_count, + ); + + Ok(BatchVerificationResult { + total_count: total_proofs_count, + verified_count: verified_proofs_count, + unverified_count: unverified_proofs_count, + }) + } +} diff --git a/bin/verify-era-proof-attestation/src/verification/mod.rs b/bin/verify-era-proof-attestation/src/verification/mod.rs new file mode 100644 index 0000000..1a8f19b --- /dev/null +++ b/bin/verify-era-proof-attestation/src/verification/mod.rs @@ -0,0 +1,14 @@ +// SPDX-License-Identifier: Apache-2.0 +// Copyright (c) 2023-2025 Matter Labs + +mod attestation; +mod batch; +mod policy; +mod reporting; +mod signature; + +pub use attestation::AttestationVerifier; +pub use batch::BatchVerifier; +pub use policy::PolicyEnforcer; +pub use reporting::VerificationReporter; +pub use signature::SignatureVerifier; diff --git a/bin/verify-era-proof-attestation/src/verification/policy.rs b/bin/verify-era-proof-attestation/src/verification/policy.rs new file mode 100644 index 0000000..babff24 --- /dev/null +++ b/bin/verify-era-proof-attestation/src/verification/policy.rs @@ -0,0 +1,212 @@ +// SPDX-License-Identifier: Apache-2.0 +// Copyright (c) 2023-2025 Matter Labs + +use crate::{ + core::AttestationPolicy, + error::{Error, Result}, +}; +use bytes::Bytes; +use enumset::EnumSet; +use teepot::quote::{tcblevel::TcbLevel, QuoteVerificationResult, Report}; + +/// Enforces policy requirements on attestation quotes +pub struct PolicyEnforcer; + +impl PolicyEnforcer { + /// Check if a quote matches the attestation policy + pub fn validate_policy( + attestation_policy: &AttestationPolicy, + quote_verification_result: &QuoteVerificationResult, + ) -> Result<()> { + let quote = "e_verification_result.quote; + let tcblevel = TcbLevel::from(quote_verification_result.result); + + match "e.report { + Report::SgxEnclave(report_body) => { + // Validate TCB level + Self::validate_tcb_level(&attestation_policy.sgx_allowed_tcb_levels, tcblevel)?; + + // Validate SGX Advisories + for advisory in "e_verification_result.advisories { + Self::check_policy( + attestation_policy.sgx_allowed_advisory_ids.as_deref(), + advisory, + "advisories", + )?; + } + + // Validate SGX policies + Self::check_policy_hash( + attestation_policy.sgx_mrsigners.as_deref(), + &report_body.mr_signer, + "mrsigner", + )?; + + Self::check_policy_hash( + attestation_policy.sgx_mrenclaves.as_deref(), + &report_body.mr_enclave, + "mrenclave", + ) + } + Report::TD10(report_body) => { + // Validate TCB level + Self::validate_tcb_level(&attestation_policy.tdx_allowed_tcb_levels, tcblevel)?; + + // Validate TDX Advisories + for advisory in "e_verification_result.advisories { + Self::check_policy( + attestation_policy.tdx_allowed_advisory_ids.as_deref(), + advisory, + "mrsigner", + )?; + } + + // Build combined TDX MR and validate + let tdx_mr = Self::build_tdx_mr([ + &report_body.mr_td, + &report_body.rt_mr0, + &report_body.rt_mr1, + &report_body.rt_mr2, + &report_body.rt_mr3, + ]); + + Self::check_policy_hash(attestation_policy.tdx_mrs.as_deref(), &tdx_mr, "tdxmr") + } + Report::TD15(report_body) => { + // Validate TCB level + Self::validate_tcb_level(&attestation_policy.tdx_allowed_tcb_levels, tcblevel)?; + + // Validate TDX Advisories + for advisory in "e_verification_result.advisories { + Self::check_policy( + attestation_policy.tdx_allowed_advisory_ids.as_deref(), + advisory, + "advisories", + )?; + } + + // Build combined TDX MR and validate + let tdx_mr = Self::build_tdx_mr([ + &report_body.base.mr_td, + &report_body.base.rt_mr0, + &report_body.base.rt_mr1, + &report_body.base.rt_mr2, + &report_body.base.rt_mr3, + ]); + + Self::check_policy_hash(attestation_policy.tdx_mrs.as_deref(), &tdx_mr, "tdxmr") + } + _ => Err(Error::policy_violation("Unknown quote report format")), + } + } + + /// Helper method to validate TCB levels + fn validate_tcb_level( + allowed_levels: &EnumSet, + actual_level: TcbLevel, + ) -> Result<()> { + if !allowed_levels.contains(actual_level) { + let error_msg = format!( + "Quote verification failed: TCB level mismatch (expected one of: {:?}, actual: {})", + allowed_levels, actual_level + ); + return Err(Error::policy_violation(error_msg)); + } + Ok(()) + } + + /// Helper method to build combined TDX measurement register + fn build_tdx_mr(parts: [&[u8]; N]) -> Vec { + parts.into_iter().flatten().cloned().collect() + } + + /// Check if a policy value matches the actual value + fn check_policy(policy: Option<&[String]>, actual_value: &str, field_name: &str) -> Result<()> { + if let Some(valid_values) = policy { + if !valid_values.iter().any(|value| value == actual_value) { + let error_msg = + format!( + "Quote verification failed: {} mismatch (expected one of: [ {} ], actual: {})", + field_name, valid_values.join(", "), actual_value + ); + return Err(Error::policy_violation(error_msg)); + } + + tracing::debug!(field_name, actual_value, "Attestation policy check passed"); + } + + Ok(()) + } + + fn check_policy_hash( + policy: Option<&[Bytes]>, + actual_value: &[u8], + field_name: &str, + ) -> Result<()> { + if let Some(valid_values) = policy { + let actual_value = Bytes::copy_from_slice(actual_value); + if !valid_values.contains(&actual_value) { + let valid_values = valid_values + .iter() + .map(hex::encode) + .collect::>() + .join(", "); + let error_msg = format!( + "Quote verification failed: {} mismatch (expected one of: [ {} ], actual: {:x})", + field_name, valid_values, actual_value + ); + return Err(Error::policy_violation(error_msg)); + } + + tracing::debug!( + field_name, + actual_value = format!("{actual_value:x}"), + "Attestation policy check passed" + ); + } + + Ok(()) + } +} + +#[cfg(test)] +mod tests { + use super::*; + + #[test] + fn test_check_policy() { + // Test with no policy (should pass) + PolicyEnforcer::check_policy_hash(None, &[1, 2, 3], "test").unwrap(); + + // Test with matching policy + let actual_value: Bytes = hex::decode("01020304").unwrap().into(); + PolicyEnforcer::check_policy_hash( + Some(vec![actual_value.clone()]).as_deref(), + &actual_value, + "test", + ) + .unwrap(); + + //.clone() Test with matching policy (multiple values) + PolicyEnforcer::check_policy_hash( + Some(vec![ + "aabbcc".into(), + "01020304".into(), + "ddeeff".into(), + actual_value.clone(), + ]) + .as_deref(), + &actual_value, + "test", + ) + .unwrap(); + + // Test with non-matching policy + PolicyEnforcer::check_policy_hash( + Some(vec!["aabbcc".into(), "ddeeff".into()]).as_deref(), + &actual_value, + "test", + ) + .unwrap_err(); + } +} diff --git a/bin/verify-era-proof-attestation/src/verification/reporting.rs b/bin/verify-era-proof-attestation/src/verification/reporting.rs new file mode 100644 index 0000000..6c1b7aa --- /dev/null +++ b/bin/verify-era-proof-attestation/src/verification/reporting.rs @@ -0,0 +1,93 @@ +// SPDX-License-Identifier: Apache-2.0 +// Copyright (c) 2023-2025 Matter Labs + +use teepot::quote::{tcblevel::TcbLevel, QuoteVerificationResult}; + +/// Handles reporting and logging of verification results +pub struct VerificationReporter; + +impl VerificationReporter { + /// Log summary of a quote verification + pub fn log_quote_verification_summary(quote_verification_result: &QuoteVerificationResult) { + let QuoteVerificationResult { + collateral_expired, + result, + quote, + advisories, + .. + } = quote_verification_result; + + if *collateral_expired { + tracing::warn!("Freshly fetched collateral expired!"); + } + + let tcblevel = TcbLevel::from(*result); + let advisories = if advisories.is_empty() { + "None".to_string() + } else { + advisories + .iter() + .map(ToString::to_string) + .collect::>() + .join(", ") + }; + + tracing::debug!( + "Quote verification result: {tcblevel}. {report}. Advisory IDs: {advisories}.", + report = "e.report + ); + } + + /// Log the results of batch verification + pub fn log_batch_verification_results( + batch_no: u32, + verified_proofs_count: u32, + unverified_proofs_count: u32, + ) { + if unverified_proofs_count > 0 { + if verified_proofs_count == 0 { + tracing::error!( + batch_no, + "All {} proofs failed verification!", + unverified_proofs_count + ); + } else { + tracing::warn!( + batch_no, + "Some proofs failed verification. Unverified proofs: {}. Verified proofs: {}.", + unverified_proofs_count, + verified_proofs_count + ); + } + } else if verified_proofs_count > 0 { + tracing::info!( + batch_no, + "All {} proofs verified successfully!", + verified_proofs_count + ); + } + } + + /// Log overall verification results for multiple batches + pub fn log_overall_verification_results( + verified_batches_count: u32, + unverified_batches_count: u32, + ) { + if unverified_batches_count > 0 { + if verified_batches_count == 0 { + tracing::error!( + "All {} batches failed verification!", + unverified_batches_count + ); + } else { + tracing::error!( + "Some batches failed verification! Unverified batches: {}. Verified batches: {}.", + unverified_batches_count, + verified_batches_count + ); + } + } else { + tracing::info!("{} batches verified successfully!", verified_batches_count); + } + } +} diff --git a/bin/verify-era-proof-attestation/src/verification/signature.rs b/bin/verify-era-proof-attestation/src/verification/signature.rs new file mode 100644 index 0000000..314218a --- /dev/null +++ b/bin/verify-era-proof-attestation/src/verification/signature.rs @@ -0,0 +1,157 @@ +// SPDX-License-Identifier: Apache-2.0 +// Copyright (c) 2023-2025 Matter Labs + +use secp256k1::{ + ecdsa::{RecoverableSignature, RecoveryId, Signature}, + Message, SECP256K1, +}; +use teepot::{ + ethereum::{public_key_to_ethereum_address, recover_signer}, + prover::reportdata::ReportData, + quote::QuoteVerificationResult, +}; +use zksync_basic_types::H256; + +use crate::error; + +const SIGNATURE_LENGTH_WITH_RECOVERY_ID: usize = 65; +const SIGNATURE_LENGTH_WITHOUT_RECOVERY_ID: usize = 64; + +/// Handles verification of signatures in proofs +pub struct SignatureVerifier; + +impl SignatureVerifier { + /// Verify a batch proof signature + pub fn verify_batch_proof( + quote_verification_result: &QuoteVerificationResult, + root_hash: H256, + signature: &[u8], + ) -> error::Result { + let report_data_bytes = quote_verification_result.quote.get_report_data(); + tracing::trace!(?report_data_bytes); + + let report_data = ReportData::try_from(report_data_bytes).map_err(|e| { + error::Error::internal(format!("Could not convert to ReportData: {}", e)) + })?; + + Self::verify(&report_data, &root_hash, signature) + } + + /// Verify signature against report data and root hash + pub fn verify( + report_data: &ReportData, + root_hash: &H256, + signature: &[u8], + ) -> error::Result { + match report_data { + ReportData::V0(report) => Self::verify_v0(report, root_hash, signature), + ReportData::V1(report) => Self::verify_v1(report, root_hash, signature), + ReportData::Unknown(_) => Ok(false), + } + } + + /// Verify a V0 report + fn verify_v0( + report: &teepot::prover::reportdata::ReportDataV0, + root_hash: &H256, + signature: &[u8], + ) -> error::Result { + tracing::debug!("ReportData::V0"); + let signature = Signature::from_compact(signature) + .map_err(|e| error::Error::signature_verification(e.to_string()))?; + let root_hash_msg = Message::from_digest(root_hash.0); + Ok(signature.verify(&root_hash_msg, &report.pubkey).is_ok()) + } + + /// Verify a V1 report + fn verify_v1( + report: &teepot::prover::reportdata::ReportDataV1, + root_hash: &H256, + signature: &[u8], + ) -> error::Result { + tracing::debug!("ReportData::V1"); + let ethereum_address_from_report = report.ethereum_address; + + let root_hash_msg = Message::from_digest( + root_hash + .as_bytes() + .try_into() + .map_err(|_| error::Error::signature_verification("root hash not 32 bytes"))?, + ); + + tracing::trace!("sig len = {}", signature.len()); + + // Try to recover Ethereum address from signature + let ethereum_address_from_signature = match signature.len() { + // Handle 64-byte signature case (missing recovery ID) + SIGNATURE_LENGTH_WITHOUT_RECOVERY_ID => { + SignatureVerifier::recover_address_with_missing_recovery_id( + signature, + &root_hash_msg, + )? + } + // Standard 65-byte signature case + SIGNATURE_LENGTH_WITH_RECOVERY_ID => { + let signature_bytes: [u8; SIGNATURE_LENGTH_WITH_RECOVERY_ID] = + signature.try_into().map_err(|_| { + error::Error::signature_verification( + "Expected 65-byte signature but got a different length", + ) + })?; + + recover_signer(&signature_bytes, &root_hash_msg).map_err(|e| { + error::Error::signature_verification(format!("Failed to recover signer: {}", e)) + })? + } + // Any other length is invalid + len => { + return Err(error::Error::signature_verification(format!( + "Invalid signature length: {len} bytes" + ))) + } + }; + + // Log verification details + tracing::debug!( + "Root hash: {}. Ethereum address from the attestation quote: {}. Ethereum address from the signature: {}.", + root_hash, + hex::encode(ethereum_address_from_report), + hex::encode(ethereum_address_from_signature), + ); + + Ok(ethereum_address_from_signature == ethereum_address_from_report) + } + + /// Helper function to recover Ethereum address when recovery ID is missing + fn recover_address_with_missing_recovery_id( + signature: &[u8], + message: &Message, + ) -> error::Result<[u8; 20]> { + tracing::info!("Signature is missing RecoveryId!"); + + // Try all possible recovery IDs + for rec_id in [ + RecoveryId::Zero, + RecoveryId::One, + RecoveryId::Two, + RecoveryId::Three, + ] { + let Ok(rec_sig) = RecoverableSignature::from_compact(signature, rec_id) else { + continue; + }; + + let Ok(public) = SECP256K1.recover_ecdsa(message, &rec_sig) else { + continue; + }; + + let ethereum_address = public_key_to_ethereum_address(&public); + tracing::info!("Had to use RecoveryId::{rec_id:?}"); + return Ok(ethereum_address); + } + + // No valid recovery ID found + Err(error::Error::signature_verification( + "Could not find valid recovery ID", + )) + } +} diff --git a/crates/teepot/src/quote/tcblevel.rs b/crates/teepot/src/quote/tcblevel.rs index f7b7990..25669f0 100644 --- a/crates/teepot/src/quote/tcblevel.rs +++ b/crates/teepot/src/quote/tcblevel.rs @@ -14,7 +14,9 @@ use std::{ pub use enumset::EnumSet; /// TCB level -#[derive(EnumSetType, Debug)] +#[derive(EnumSetType, Debug, Serialize, Deserialize)] +#[enumset(serialize_repr = "list")] +#[non_exhaustive] pub enum TcbLevel { /// TCB is up to date Ok,