From 63b9d6f6ee7b49efd8cc63d3f0a4fa2a5c1296fc Mon Sep 17 00:00:00 2001 From: Harald Hoyer Date: Thu, 6 Mar 2025 15:28:31 +0100 Subject: [PATCH] refactor: streamline quote verification process - Replaced direct usage of `QuoteVerificationResult` with `verify_attestation_quote` to simplify API. - Moved `log_quote_verification_summary` call into `verify_batch_proof` for better encapsulation. --- bin/verify-era-proof-attestation/src/main.rs | 11 +++-------- .../src/verification.rs | 17 ++++++++++------- 2 files changed, 13 insertions(+), 15 deletions(-) diff --git a/bin/verify-era-proof-attestation/src/main.rs b/bin/verify-era-proof-attestation/src/main.rs index b1388aa..15f4f3b 100644 --- a/bin/verify-era-proof-attestation/src/main.rs +++ b/bin/verify-era-proof-attestation/src/main.rs @@ -1,5 +1,5 @@ // SPDX-License-Identifier: Apache-2.0 -// Copyright (c) 2023-2024 Matter Labs +// Copyright (c) 2023-2025 Matter Labs //! Tool for SGX attestation and batch signature verification, both continuous and one-shot @@ -8,9 +8,7 @@ mod client; mod proof; mod verification; -use crate::verification::{ - log_quote_verification_summary, verify_attestation_quote, verify_batch_proof, -}; +use crate::verification::verify_batch_proof; use anyhow::Result; use args::{Arguments, AttestationPolicyArgs}; use clap::Parser; @@ -174,9 +172,8 @@ async fn verify_batch_proofs( let attestation = proof.attestation.unwrap_or_default(); debug!(batch_no, "Verifying quote ({} bytes)...", attestation.len()); - let quote_verification_result = verify_attestation_quote(&attestation)?; let verified_successfully = verify_batch_proof( - "e_verification_result, + &attestation, attestation_policy, node_client, &proof.signature.unwrap_or_default(), @@ -184,8 +181,6 @@ async fn verify_batch_proofs( ) .await?; - log_quote_verification_summary("e_verification_result); - if verified_successfully { info!( batch_no, diff --git a/bin/verify-era-proof-attestation/src/verification.rs b/bin/verify-era-proof-attestation/src/verification.rs index a5c9331..bfe16ea 100644 --- a/bin/verify-era-proof-attestation/src/verification.rs +++ b/bin/verify-era-proof-attestation/src/verification.rs @@ -12,10 +12,7 @@ use teepot::{ client::TcbLevel, ethereum::{public_key_to_ethereum_address, recover_signer}, prover::reportdata::ReportData, - quote::{ - error::QuoteContext, tee_qv_get_collateral, verify_quote_with_collateral, - QuoteVerificationResult, Report, - }, + quote::{tee_qv_get_collateral, verify_quote_with_collateral, QuoteVerificationResult, Report}, }; use tracing::{debug, info, trace, warn}; use zksync_basic_types::{L1BatchNumber, H256}; @@ -104,13 +101,19 @@ impl TeeProof { } pub async fn verify_batch_proof( - quote_verification_result: &QuoteVerificationResult, + attestation_quote_bytes: &[u8], attestation_policy: &AttestationPolicyArgs, node_client: &impl JsonRpcClient, signature: &[u8], batch_number: L1BatchNumber, ) -> Result { - if !is_quote_matching_policy(attestation_policy, quote_verification_result) { + use std::fs; + + let quote_verification_result = verify_attestation_quote(attestation_quote_bytes)?; + + log_quote_verification_summary("e_verification_result); + + if !is_quote_matching_policy(attestation_policy, "e_verification_result) { return Ok(false); } @@ -122,7 +125,7 @@ pub async fn verify_batch_proof( } pub fn verify_attestation_quote(attestation_quote_bytes: &[u8]) -> Result { - let collateral = QuoteContext::context( + let collateral = teepot::quote::error::QuoteContext::context( tee_qv_get_collateral(attestation_quote_bytes), "Failed to get collateral!", )?;