harald/teepot
1
0
Fork 0
mirror of https://github.com/matter-labs/teepot.git synced 2025-07-22 07:24:48 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat(tee-proof-verifier): add backward compatibility logic

Browse source
This commit is contained in:
Patryk Bęza 2025-01-08 18:25:35 +01:00
parent bdb213c5f6
commit 7f15706733
No known key found for this signature in database
GPG key ID: 9AD1B44D9F6258EC
4 changed files with 252 additions and 34 deletions
Download patch file Download diff file Expand all files Collapse all files

87
bin/verify-era-proof-attestation/src/verification.rs
View file

@ -2,19 +2,65 @@
// Copyright (c) 2023-2024 Matter Labs
use crate::{args::AttestationPolicyArgs, client::JsonRpcClient};
use anyhow::{Context, Result};
use anyhow::{anyhow, Context, Result};
use hex::encode;
use secp256k1::Message;
use secp256k1::{ecdsa::Signature, Message};
use teepot::{
client::TcbLevel,
ethereum::recover_signer,
prover::reportdata::ReportData,
quote::{
error::QuoteContext, tee_qv_get_collateral, verify_quote_with_collateral,
QuoteVerificationResult, Report,
},
};
use tracing::{debug, info, warn};
use zksync_basic_types::L1BatchNumber;
use zksync_basic_types::{L1BatchNumber, H256};
struct TeeProof {
report: ReportData,
root_hash: H256,
signature: Vec<u8>,
}
impl TeeProof {
pub fn new(report: ReportData, root_hash: H256, signature: Vec<u8>) -> Self {
Self {
report,
root_hash,
signature,
}
}
pub fn verify(&self) -> Result<bool> {
match &self.report {
ReportData::V0(report) => {
let signature = Signature::from_compact(&self.signature)?;
let root_hash_msg = Message::from_digest_slice(&self.root_hash.0)?;
Ok(signature.verify(&root_hash_msg, &report.pubkey).is_ok())
}
ReportData::V1(report) => {
let ethereum_address_from_report = report.ethereum_addr;
let root_hash_msg = Message::from_digest_slice(self.root_hash.as_bytes())?;
let signature_bytes: [u8; 65] = self
.signature
.clone()
.try_into()
.map_err(|e| anyhow!("{:?}", e))?;
let ethereum_address_from_signature =
recover_signer(&signature_bytes, &root_hash_msg)?;
debug!(
"Root hash: {}. Ethereum address from the attestation quote: {}. Ethereum address from the signature: {}.",
self.root_hash,
encode(ethereum_address_from_report),
encode(ethereum_address_from_signature),
);
Ok(ethereum_address_from_signature == ethereum_address_from_report)
}
ReportData::Unknown(_) => Ok(false),
}
}
}
pub async fn verify_batch_proof(
quote_verification_result: &QuoteVerificationResult,
@ -27,38 +73,11 @@ pub async fn verify_batch_proof(
return Ok(false);
}
let batch_no = batch_number.0;
let root_hash = node_client.get_root_hash(batch_number).await?;
let ethereum_address_from_quote = &quote_verification_result.quote.get_report_data()[..20];
let signature_bytes: &[u8; 65] = signature.try_into()?;
let root_hash_bytes = root_hash.as_bytes();
let root_hash_msg = Message::from_digest_slice(root_hash_bytes)?;
let ethereum_address_from_signature = recover_signer(signature_bytes, &root_hash_msg)?;
let verification_successful = ethereum_address_from_signature == ethereum_address_from_quote;
debug!(
batch_no,
"Root hash: {}. Ethereum address from the attestation quote: {}. Ethereum address from the signature: {}.",
root_hash,
encode(ethereum_address_from_quote),
encode(ethereum_address_from_signature),
);
if verification_successful {
info!(
batch_no,
signature = encode(signature),
ethereum_address = encode(ethereum_address_from_quote),
"Signature verified successfully."
);
} else {
warn!(
batch_no,
signature = encode(signature),
ethereum_address_from_signature = encode(ethereum_address_from_signature),
ethereum_address_from_quote = encode(ethereum_address_from_quote),
"Failed to verify signature!"
);
}
let report_data_bytes = quote_verification_result.quote.get_report_data();
let report_data = ReportData::try_from(report_data_bytes)?;
let tee_proof = TeeProof::new(report_data, root_hash, signature.to_vec());
let verification_successful = tee_proof.verify().is_ok();
Ok(verification_successful)
}