From bd918fb3c0fd87b80a5ec06aaa970dbc8cec44c4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Patryk=20B=C4=99za?= Date: Tue, 7 Jan 2025 17:29:47 +0100 Subject: [PATCH] feat(tee-proof-verifier): add backward compatibility logic --- .../src/verification.rs | 61 +++++++++---------- 1 file changed, 28 insertions(+), 33 deletions(-) diff --git a/bin/verify-era-proof-attestation/src/verification.rs b/bin/verify-era-proof-attestation/src/verification.rs index 4c99bf3..809931f 100644 --- a/bin/verify-era-proof-attestation/src/verification.rs +++ b/bin/verify-era-proof-attestation/src/verification.rs @@ -4,17 +4,39 @@ use crate::{args::AttestationPolicyArgs, client::JsonRpcClient}; use anyhow::{Context, Result}; use hex::encode; -use secp256k1::Message; +use secp256k1::{constants::PUBLIC_KEY_SIZE, ecdsa::Signature, Message, PublicKey}; use teepot::{ client::TcbLevel, ethereum::recover_signer, quote::{ - error::QuoteContext, tee_qv_get_collateral, verify_quote_with_collateral, + error::QuoteContext, tee_qv_get_collateral, verify_quote_with_collateral, Quote, QuoteVerificationResult, Report, }, }; use tracing::{debug, info, warn}; -use zksync_basic_types::L1BatchNumber; +use zksync_basic_types::{L1BatchNumber, H256}; + +fn verify_batch_proof_new_format(quote: &Quote, root_hash: H256, signature: &[u8]) -> Result { + let ethereum_address_from_quote = "e.get_report_data()[..20]; + let signature_bytes: &[u8; 65] = signature.try_into()?; + let root_hash_bytes = root_hash.as_bytes(); + let root_hash_msg = Message::from_digest_slice(root_hash_bytes)?; + let ethereum_address_from_signature = recover_signer(signature_bytes, &root_hash_msg)?; + debug!( + "Root hash: {}. Ethereum address from the attestation quote: {}. Ethereum address from the signature: {}.", + root_hash, + encode(ethereum_address_from_quote), + encode(ethereum_address_from_signature), + ); + Ok(ethereum_address_from_signature == ethereum_address_from_quote) +} + +fn verify_batch_proof_old_format(quote: &Quote, root_hash: H256, signature: &[u8]) -> Result { + let public_key = PublicKey::from_slice("e.get_report_data()[..PUBLIC_KEY_SIZE])?; + let signature = Signature::from_compact(signature)?; + let root_hash_msg = Message::from_digest_slice(&root_hash.0)?; + Ok(signature.verify(&root_hash_msg, &public_key).is_ok()) +} pub async fn verify_batch_proof( quote_verification_result: &QuoteVerificationResult, @@ -27,38 +49,11 @@ pub async fn verify_batch_proof( return Ok(false); } - let batch_no = batch_number.0; let root_hash = node_client.get_root_hash(batch_number).await?; - let ethereum_address_from_quote = "e_verification_result.quote.get_report_data()[..20]; - let signature_bytes: &[u8; 65] = signature.try_into()?; - let root_hash_bytes = root_hash.as_bytes(); - let root_hash_msg = Message::from_digest_slice(root_hash_bytes)?; - let ethereum_address_from_signature = recover_signer(signature_bytes, &root_hash_msg)?; - let verification_successful = ethereum_address_from_signature == ethereum_address_from_quote; - debug!( - batch_no, - "Root hash: {}. Ethereum address from the attestation quote: {}. Ethereum address from the signature: {}.", - root_hash, - encode(ethereum_address_from_quote), - encode(ethereum_address_from_signature), - ); + let quote = "e_verification_result.quote; + let verification_successful = verify_batch_proof_old_format("e, root_hash, signature)? + || verify_batch_proof_new_format("e, root_hash, signature)?; - if verification_successful { - info!( - batch_no, - signature = encode(signature), - ethereum_address = encode(ethereum_address_from_quote), - "Signature verified successfully." - ); - } else { - warn!( - batch_no, - signature = encode(signature), - ethereum_address_from_signature = encode(ethereum_address_from_signature), - ethereum_address_from_quote = encode(ethereum_address_from_quote), - "Failed to verify signature!" - ); - } Ok(verification_successful) }