ADD file via upload

verify_quote.sol

@@ -0,0 +1,65 @@
+pragma solidity ^0.8.0;
+
+import "@openzeppelin/contracts/utils/Address.sol";
+import "@openzeppelin/contracts/utils/cryptography/ECDSA.sol";
+import "@openzeppelin/contracts/utils/cryptography/draft-EIP712.sol";
+
+// 继承 EIP712 合约，实现基于 EIP712 的消息签名验证
+contract QuoteVerifier is EIP712 {
+  using Address for address;
+  using ECDSA for bytes32;
+
+  // 存储签名者的证书
+  mapping(address => bool) public validCertificates;
+
+  // 定义Quote结构体，用于存储和解析Quote字节数据
+  struct Quote {
+    bytes48 quoteHeader;
+    bytes16 cpuSvn;
+    bytes4 miscSelect;
+    bytes28 reserved1;
+    bytes16 attributes;
+    bytes32 mrEnclave;
+    bytes32 reserved2;
+    bytes32 mrSigner;
+    bytes96 reserved3;
+    bytes2 isvProdId;
+    bytes2 isvSvn;
+    bytes60 reserved4;
+    bytes64 reportData;
+    bytes4 signatureDataLen;
+    bytes signatureData;
+  }
+
+  // 构造函数，传入 EIP712 的 domainName 和 version
+  constructor(string memory domainName, string memory version) EIP712(domainName, version) {}
+
+  // 验证Quote是否合法，使用 calldata 关键字指定数据不可变
+  function verifyQuote(
+    address signer,          // 签名者证书
+    bytes calldata quoteBytes,  // Quote数据的字节数组
+  ) external view returns (bool) {
+    // 将字节数组解码为 Quote 结构体
+    Quote memory quote = abi.decode(quoteBytes, (Quote));
+
+    // 验证证书是否合法
+    require(validCertificates[signer], "证书无效");
+
+    // 验证签名是否正确
+    bytes32 messageHash = encodeDataHash(quote);
+    require(signer == messageHash.recover(quote.signatureData), "签名无效");
+
+    // 验证Enclave Measurement是否正确
+    bytes32 expectedMeasurementHash = bytes32(0x...); // Trusted measurement hash
+    require(quote.enclaveHash == expectedMeasurementHash, "Enclave Measurement无效");
+
+    // 验证Report Data是否正确
+    bytes32 reportDataHash = bytes32(0x...); // Trusted Report Data;
+    require(quote.reportData == reportDataHash, "Report Data无效");
+
+    // 验证Quote是否在有效期内
+    require(block.timestamp <= quote.timestamp, "Quote已过期");
+
+    return true;
+  }
+}