chore: split-out vault code from teepot in teepot-vault

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>

bin/verify-attestation/Cargo.toml

@@ -10,7 +10,4 @@ repository.workspace = true
 [dependencies]
 anyhow.workspace = true
 clap.workspace = true
-hex.workspace = true
-secp256k1.workspace = true
 teepot.workspace = true
-zksync_basic_types.workspace = true

bin/verify-attestation/src/main.rs

@@ -3,19 +3,14 @@
 
 //! Tool for SGX attestation and batch signature verification
 
-use anyhow::{anyhow, bail, Context, Result};
-use clap::{Args, Parser, Subcommand};
-use core::convert::TryInto;
-use hex::encode;
-use secp256k1::Message;
+use anyhow::{bail, Context, Result};
+use clap::Parser;
+
 use std::{fs, io::Read, path::PathBuf, str::FromStr, time::UNIX_EPOCH};
 use teepot::{
-    client::TcbLevel,
-    ethereum::recover_signer,
-    prover::reportdata::ReportData,
     quote::{error, tee_qv_get_collateral, verify_quote_with_collateral, QuoteVerificationResult},
+    sgx::TcbLevel,
 };
-use zksync_basic_types::H256;
 
 #[derive(Parser, Debug)]
 #[command(author = "Matter Labs", version, about = "SGX attestation and batch signature verifier", long_about = None)]
@@ -23,9 +18,6 @@ struct Arguments {
     /// Attestation quote proving the signature originated from a TEE enclave.
     #[clap(name = "attestation_file", value_parser)]
     attestation: ArgSource,
-    /// An optional subcommand, for instance, for optional signature verification.
-    #[clap(subcommand)]
-    command: Option<SubCommands>,
 }
 
 #[derive(Debug, Clone)]
@@ -45,22 +37,6 @@ impl FromStr for ArgSource {
     }
 }
 
-#[derive(Args, Debug)]
-struct SignatureArgs {
-    /// File containing a batch signature signed within a TEE enclave.
-    #[arg(long)]
-    signature_file: PathBuf,
-    /// Batch root hash for signature verification.
-    #[arg(long)]
-    root_hash: H256,
-}
-
-#[derive(Subcommand, Debug)]
-enum SubCommands {
-    /// Verify a batch signature signed within a TEE enclave.
-    SignVerify(SignatureArgs),
-}
-
 fn main() -> Result<()> {
     let args = Arguments::parse();
     let attestation_quote_bytes = match args.attestation {
@@ -75,40 +51,6 @@ fn main() -> Result<()> {
     };
     let quote_verification_result = verify_attestation_quote(&attestation_quote_bytes)?;
     print_quote_verification_summary(&quote_verification_result);
-    match &args.command {
-        Some(SubCommands::SignVerify(signature_args)) => {
-            verify_signature(&quote_verification_result, signature_args)?;
-        }
-        None => {}
-    }
-    Ok(())
-}
-
-fn verify_signature(
-    quote_verification_result: &QuoteVerificationResult,
-    signature_args: &SignatureArgs,
-) -> Result<()> {
-    let report_data = ReportData::try_from(quote_verification_result.quote.get_report_data())?;
-    let ethereum_address_from_quote = match report_data {
-        ReportData::V1(report_data_v1) => report_data_v1.ethereum_address,
-        _ => return Err(anyhow!("Unsupported report data version")),
-    };
-    let signature_bytes: &[u8] = &fs::read(&signature_args.signature_file)?;
-    let root_hash = Message::from_digest_slice(signature_args.root_hash.as_bytes())?;
-    let ethereum_address_from_signature = recover_signer(&signature_bytes.try_into()?, &root_hash)?;
-    let verification_successful = ethereum_address_from_signature == ethereum_address_from_quote;
-
-    println!(
-        "Signature '{}' {}. Ethereum address from attestation quote: {}. Ethereum address from signature: {}.",
-        encode(signature_bytes),
-        if verification_successful {
-            "verified successfully"
-        } else {
-            "verification failed"
-        },
-        encode(ethereum_address_from_quote),
-        encode(ethereum_address_from_signature)
-    );
     Ok(())
 }