TEE_UGC/verify_quote.sol

pragma solidity ^0.8.0;

import "@openzeppelin/contracts/utils/Address.sol";
import "@openzeppelin/contracts/utils/cryptography/ECDSA.sol";
import "@openzeppelin/contracts/utils/cryptography/draft-EIP712.sol";

// 继承 EIP712 合约，实现基于 EIP712 的消息签名验证
contract QuoteVerifier is EIP712 {
  using Address for address;
  using ECDSA for bytes32;

  // 存储签名者的证书
  mapping(address => bool) public validCertificates;

  // 定义Quote结构体，用于存储和解析Quote字节数据
  struct Quote {
    bytes48 quoteHeader;
    bytes16 cpuSvn;
    bytes4 miscSelect;
    bytes28 reserved1;
    bytes16 attributes;
    bytes32 mrEnclave;
    bytes32 reserved2;
    bytes32 mrSigner;
    bytes96 reserved3;
    bytes2 isvProdId;
    bytes2 isvSvn;
    bytes60 reserved4;
    bytes64 reportData;
    bytes4 signatureDataLen;
    bytes signatureData;
  }

  // 构造函数，传入 EIP712 的 domainName 和 version
  constructor(string memory domainName, string memory version) EIP712(domainName, version) {}

  // 验证Quote是否合法，使用 calldata 关键字指定数据不可变
  function verifyQuote(
    address signer,          // 签名者证书
    bytes calldata quoteBytes,  // Quote数据的字节数组
  ) external view returns (bool) {
    // 将字节数组解码为 Quote 结构体
    Quote memory quote = abi.decode(quoteBytes, (Quote));

    // 验证证书是否合法
    require(validCertificates[signer], "证书无效");

    // 验证签名是否正确
    bytes32 messageHash = encodeDataHash(quote);
    require(signer == messageHash.recover(quote.signatureData), "签名无效");

    // 验证Enclave Measurement是否正确
    bytes32 expectedMeasurementHash = bytes32(0x...); // Trusted measurement hash
    require(quote.enclaveHash == expectedMeasurementHash, "Enclave Measurement无效");

    // 验证Report Data是否正确
    bytes32 reportDataHash = bytes32(0x...); // Trusted Report Data;
    require(quote.reportData == reportDataHash, "Report Data无效");

    // 验证Quote是否在有效期内
    require(block.timestamp <= quote.timestamp, "Quote已过期");

    return true;
  }
}