refactor: streamline quote verification process

- Replaced direct usage of `QuoteVerificationResult` with `verify_attestation_quote` to simplify API. - Moved `log_quote_verification_summary` call into `verify_batch_proof` for better encapsulation.
2025-07-21 15:13:56 +02:00 · 2025-03-06 15:28:31 +01:00 · 2025-03-06 15:28:31 +01:00 · 63b9d6f6ee
commit 63b9d6f6ee
parent 8cf7651781
2 changed files with 13 additions and 15 deletions
--- a/bin/verify-era-proof-attestation/src/main.rs
+++ b/bin/verify-era-proof-attestation/src/main.rs
@ -1,5 +1,5 @@
 // SPDX-License-Identifier: Apache-2.0
-// Copyright (c) 2023-2024 Matter Labs
+// Copyright (c) 2023-2025 Matter Labs

 //! Tool for SGX attestation and batch signature verification, both continuous and one-shot

@ -8,9 +8,7 @@ mod client;
 mod proof;
 mod verification;

-use crate::verification::{
-    log_quote_verification_summary, verify_attestation_quote, verify_batch_proof,
-};
+use crate::verification::verify_batch_proof;
 use anyhow::Result;
 use args::{Arguments, AttestationPolicyArgs};
 use clap::Parser;
@ -174,9 +172,8 @@ async fn verify_batch_proofs(

        let attestation = proof.attestation.unwrap_or_default();
        debug!(batch_no, "Verifying quote ({} bytes)...", attestation.len());
-        let quote_verification_result = verify_attestation_quote(&attestation)?;
        let verified_successfully = verify_batch_proof(
-            &quote_verification_result,
+            &attestation,
            attestation_policy,
            node_client,
            &proof.signature.unwrap_or_default(),
@ -184,8 +181,6 @@ async fn verify_batch_proofs(
        )
        .await?;

-        log_quote_verification_summary(&quote_verification_result);
-
        if verified_successfully {
            info!(
                batch_no,
--- a/bin/verify-era-proof-attestation/src/verification.rs
+++ b/bin/verify-era-proof-attestation/src/verification.rs
@ -12,10 +12,7 @@ use teepot::{
    client::TcbLevel,
    ethereum::{public_key_to_ethereum_address, recover_signer},
    prover::reportdata::ReportData,
-    quote::{
-        error::QuoteContext, tee_qv_get_collateral, verify_quote_with_collateral,
-        QuoteVerificationResult, Report,
-    },
+    quote::{tee_qv_get_collateral, verify_quote_with_collateral, QuoteVerificationResult, Report},
 };
 use tracing::{debug, info, trace, warn};
 use zksync_basic_types::{L1BatchNumber, H256};
@ -104,13 +101,19 @@ impl TeeProof {
 }

 pub async fn verify_batch_proof(
-    quote_verification_result: &QuoteVerificationResult,
+    attestation_quote_bytes: &[u8],
    attestation_policy: &AttestationPolicyArgs,
    node_client: &impl JsonRpcClient,
    signature: &[u8],
    batch_number: L1BatchNumber,
 ) -> Result<bool> {
-    if !is_quote_matching_policy(attestation_policy, quote_verification_result) {
+    use std::fs;
+
+    let quote_verification_result = verify_attestation_quote(attestation_quote_bytes)?;
+
+    log_quote_verification_summary(&quote_verification_result);
+
+    if !is_quote_matching_policy(attestation_policy, &quote_verification_result) {
        return Ok(false);
    }

@ -122,7 +125,7 @@ pub async fn verify_batch_proof(
 }

 pub fn verify_attestation_quote(attestation_quote_bytes: &[u8]) -> Result<QuoteVerificationResult> {
-    let collateral = QuoteContext::context(
+    let collateral = teepot::quote::error::QuoteContext::context(
        tee_qv_get_collateral(attestation_quote_bytes),
        "Failed to get collateral!",
    )?;