From 4f9e6fe5d14dc493144d96743a9d949dea920545 Mon Sep 17 00:00:00 2001 From: p30629751 Date: Sun, 21 May 2023 17:44:38 +0800 Subject: [PATCH] ADD file via upload --- verify_quote.sol | 65 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 65 insertions(+) create mode 100644 verify_quote.sol diff --git a/verify_quote.sol b/verify_quote.sol new file mode 100644 index 0000000..45a2247 --- /dev/null +++ b/verify_quote.sol @@ -0,0 +1,65 @@ +pragma solidity ^0.8.0; + +import "@openzeppelin/contracts/utils/Address.sol"; +import "@openzeppelin/contracts/utils/cryptography/ECDSA.sol"; +import "@openzeppelin/contracts/utils/cryptography/draft-EIP712.sol"; + +// 继承 EIP712 合约,实现基于 EIP712 的消息签名验证 +contract QuoteVerifier is EIP712 { + using Address for address; + using ECDSA for bytes32; + + // 存储签名者的证书 + mapping(address => bool) public validCertificates; + + // 定义Quote结构体,用于存储和解析Quote字节数据 + struct Quote { + bytes48 quoteHeader; + bytes16 cpuSvn; + bytes4 miscSelect; + bytes28 reserved1; + bytes16 attributes; + bytes32 mrEnclave; + bytes32 reserved2; + bytes32 mrSigner; + bytes96 reserved3; + bytes2 isvProdId; + bytes2 isvSvn; + bytes60 reserved4; + bytes64 reportData; + bytes4 signatureDataLen; + bytes signatureData; + } + + // 构造函数,传入 EIP712 的 domainName 和 version + constructor(string memory domainName, string memory version) EIP712(domainName, version) {} + + // 验证Quote是否合法,使用 calldata 关键字指定数据不可变 + function verifyQuote( + address signer, // 签名者证书 + bytes calldata quoteBytes, // Quote数据的字节数组 + ) external view returns (bool) { + // 将字节数组解码为 Quote 结构体 + Quote memory quote = abi.decode(quoteBytes, (Quote)); + + // 验证证书是否合法 + require(validCertificates[signer], "证书无效"); + + // 验证签名是否正确 + bytes32 messageHash = encodeDataHash(quote); + require(signer == messageHash.recover(quote.signatureData), "签名无效"); + + // 验证Enclave Measurement是否正确 + bytes32 expectedMeasurementHash = bytes32(0x...); // Trusted measurement hash + require(quote.enclaveHash == expectedMeasurementHash, "Enclave Measurement无效"); + + // 验证Report Data是否正确 + bytes32 reportDataHash = bytes32(0x...); // Trusted Report Data; + require(quote.reportData == reportDataHash, "Report Data无效"); + + // 验证Quote是否在有效期内 + require(block.timestamp <= quote.timestamp, "Quote已过期"); + + return true; + } +} \ No newline at end of file