harald/teepot
1
0
Fork 0
mirror of https://github.com/matter-labs/teepot.git synced 2025-07-21 15:13:56 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat(tee-key-preexec): add support for Solidity-compatible pubkey in report_data

Browse source 
This PR is part of the effort to implement on-chain TEE proof
verification. This PR goes hand in hand with https://github.com/matter-labs/zksync-era/pull/3414.
This commit is contained in:
Patryk Bęza 2024-12-20 12:19:19 +01:00
parent e5cca31ac0
commit 2d04ba0508
No known key found for this signature in database
GPG key ID: 9AD1B44D9F6258EC
13 changed files with 828 additions and 43 deletions
Download patch file Download diff file Expand all files Collapse all files

1
bin/verify-attestation/Cargo.toml
View file

@ -12,5 +12,6 @@ anyhow.workspace = true
clap.workspace = true
hex.workspace = true
secp256k1.workspace = true
sha3.workspace = true
teepot.workspace = true
zksync_basic_types.workspace = true

32
bin/verify-attestation/src/main.rs
View file

@ -5,10 +5,13 @@
use anyhow::{Context, Result};
use clap::{Args, Parser, Subcommand};
use secp256k1::{ecdsa::Signature, Message, PublicKey};
use core::convert::TryInto;
use hex::encode;
use secp256k1::{Message, PublicKey};
use std::{fs, io::Read, path::PathBuf, str::FromStr, time::UNIX_EPOCH};
use teepot::{
client::TcbLevel,
ethereum::recover_signer,
quote::{error, tee_qv_get_collateral, verify_quote_with_collateral, QuoteVerificationResult},
};
use zksync_basic_types::H256;
@ -87,14 +90,25 @@ fn verify_signature(
let reportdata = &quote_verification_result.quote.get_report_data();
let public_key = PublicKey::from_slice(reportdata)?;
println!("Public key from attestation quote: {}", public_key);
let signature_bytes = fs::read(&signature_args.signature_file)?;
let signature = Signature::from_compact(&signature_bytes)?;
let root_hash_msg = Message::from_digest_slice(&signature_args.root_hash.0)?;
if signature.verify(&root_hash_msg, &public_key).is_ok() {
println!("Signature verified successfully");
} else {
println!("Failed to verify signature");
}
let signature_bytes: &[u8] = &fs::read(&signature_args.signature_file)?;
let ethereum_address_from_quote = &quote_verification_result.quote.get_report_data()[..20];
let root_hash_bytes = signature_args.root_hash.as_bytes();
let root_hash_msg = Message::from_digest_slice(root_hash_bytes)?;
let ethereum_address_from_signature =
recover_signer(&signature_bytes.try_into()?, &root_hash_msg)?;
let verification_successful = ethereum_address_from_signature == ethereum_address_from_quote;
println!(
"Signature '{}' {}. Ethereum address from attestation quote: {}. Ethereum address from signature: {}.",
encode(signature_bytes),
if verification_successful {
"verified successfully"
} else {
"verification failed"
},
encode(ethereum_address_from_quote),
encode(ethereum_address_from_signature)
);
Ok(())
}