From c8f98471d1343d4a8872671cec778ef4d455eb92 Mon Sep 17 00:00:00 2001 From: Michael de Hoog Date: Sat, 30 Nov 2024 21:38:30 -1000 Subject: [PATCH 1/3] Switch from NitroProver to nitro-validator library --- .gitmodules | 6 +- Makefile | 6 +- deployments/84532-certmanager.json | 3 + deployments/84532-validator.json | 4 -- lib/NitroProver | 1 - lib/nitro-validator | 1 + remappings.txt | 3 +- ...alidator.s.sol => DeployCertManager.s.sol} | 12 ++-- script/DeploySystem.s.sol | 32 +++++------ src/INitroValidator.sol | 13 ----- src/NitroValidator.sol | 21 ------- src/SystemConfigGlobal.sol | 26 ++++++--- test/NitroValidator.t.sol | 51 ----------------- test/SystemConfigGlobal.t.sol | 31 +++++++++++ test/SystemGlobalConfig.t.sol | 55 ------------------- 15 files changed, 77 insertions(+), 188 deletions(-) create mode 100644 deployments/84532-certmanager.json delete mode 100644 deployments/84532-validator.json delete mode 160000 lib/NitroProver create mode 160000 lib/nitro-validator rename script/{DeployNitroValidator.s.sol => DeployCertManager.s.sol} (58%) delete mode 100644 src/INitroValidator.sol delete mode 100644 src/NitroValidator.sol delete mode 100644 test/NitroValidator.t.sol create mode 100644 test/SystemConfigGlobal.t.sol delete mode 100644 test/SystemGlobalConfig.t.sol diff --git a/.gitmodules b/.gitmodules index 2871eef..01be3f2 100644 --- a/.gitmodules +++ b/.gitmodules @@ -4,6 +4,6 @@ [submodule "lib/optimism"] path = lib/optimism url = https://github.com/ethereum-optimism/optimism -[submodule "lib/NitroProver"] - path = lib/NitroProver - url = https://github.com/mdehoog/NitroProver +[submodule "lib/nitro-validator"] + path = lib/nitro-validator + url = https://github.com/mdehoog/nitro-validator diff --git a/Makefile b/Makefile index b46d952..d3cbace 100644 --- a/Makefile +++ b/Makefile @@ -10,9 +10,9 @@ bindings: abigen --abi out/Portal.sol/Portal.abi.json --pkg bindings --type Portal --out bindings/portal.go abigen --abi out/DeployChain.sol/DeployChain.abi.json --pkg bindings --type DeployChain --out bindings/deploy_chain.go -.PHONY: deploy-nitro-validator -deploy-nitro-validator: guard-IMPL_SALT guard-DEPLOY_PRIVATE_KEY guard-RPC_URL - @forge script DeployNitroValidator --rpc-url $(RPC_URL) \ +.PHONY: deploy-cert-manager +deploy-cert-manager: guard-IMPL_SALT guard-DEPLOY_PRIVATE_KEY guard-RPC_URL + @forge script DeployCertManager --rpc-url $(RPC_URL) \ --private-key $(DEPLOY_PRIVATE_KEY) --broadcast .PHONY: deploy diff --git a/deployments/84532-certmanager.json b/deployments/84532-certmanager.json new file mode 100644 index 0000000..61adbc4 --- /dev/null +++ b/deployments/84532-certmanager.json @@ -0,0 +1,3 @@ +{ + "CertManager": "0x6775BB4C4b0D32f07EeE370369ceED41029A5352" +} \ No newline at end of file diff --git a/deployments/84532-validator.json b/deployments/84532-validator.json deleted file mode 100644 index 6d81311..0000000 --- a/deployments/84532-validator.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "CertManager": "0xa0e67E2c59591Fe50c47B07D404a488C7114Bb48", - "NitroValidator": "0x9fAca7Ad7f3D4499335150264B5e05277b3bFcc6" -} \ No newline at end of file diff --git a/lib/NitroProver b/lib/NitroProver deleted file mode 160000 index 8790b46..0000000 --- a/lib/NitroProver +++ /dev/null @@ -1 +0,0 @@ -Subproject commit 8790b462ebc223319e9836d72dd234e49debc3ff diff --git a/lib/nitro-validator b/lib/nitro-validator new file mode 160000 index 0000000..fa8d93d --- /dev/null +++ b/lib/nitro-validator @@ -0,0 +1 @@ +Subproject commit fa8d93d656c0138d3b2d452efe7598daade74c2a diff --git a/remappings.txt b/remappings.txt index 9e33080..6ba539e 100644 --- a/remappings.txt +++ b/remappings.txt @@ -11,5 +11,4 @@ src/libraries/=lib/optimism/packages/contracts-bedrock/src/libraries/ src/universal/=lib/optimism/packages/contracts-bedrock/src/universal/ src/vendor/=lib/optimism/packages/contracts-bedrock/src/vendor/ scripts/=lib/optimism/packages/contracts-bedrock/scripts/ -@marlinprotocol/=lib/NitroProver/src/ -@solidity-cbor/=lib/NitroProver/lib/solidity-cbor/packages/solidity-cbor/contracts/ +@nitro-validator/=lib/nitro-validator/src/ diff --git a/script/DeployNitroValidator.s.sol b/script/DeployCertManager.s.sol similarity index 58% rename from script/DeployNitroValidator.s.sol rename to script/DeployCertManager.s.sol index 44d5527..07bfc65 100644 --- a/script/DeployNitroValidator.s.sol +++ b/script/DeployCertManager.s.sol @@ -4,24 +4,20 @@ pragma solidity 0.8.24; import {Script} from "forge-std/Script.sol"; import {console2 as console} from "forge-std/console2.sol"; import {Config} from "@eth-optimism-bedrock/scripts/libraries/Config.sol"; -import {CertManager} from "@marlinprotocol/CertManager.sol"; -import {NitroValidator} from "../src/NitroValidator.sol"; +import {CertManager} from "@nitro-validator/CertManager.sol"; -/// @notice will deploy the singleton NitroValidatorContract to a deterministic address -contract DeployNitroValidator is Script { +/// @notice will deploy the singleton CertManager to a deterministic address +contract DeployCertManager is Script { function run() public { vm.startBroadcast(); CertManager manager = new CertManager{salt: _implSalt()}(); - NitroValidator validator = new NitroValidator{salt: _implSalt()}(manager); console.log("CertManager deployed at:", address(manager)); - console.log("NitroValidator deployed at:", address(validator)); string memory deploymentOutfile = - string.concat(vm.projectRoot(), "/deployments/", vm.toString(block.chainid), "-validator.json"); + string.concat(vm.projectRoot(), "/deployments/", vm.toString(block.chainid), "-certmanager.json"); vm.writeJson({json: vm.serializeAddress("", "CertManager", address(manager)), path: deploymentOutfile}); - vm.writeJson({json: vm.serializeAddress("", "NitroValidator", address(validator)), path: deploymentOutfile}); vm.stopBroadcast(); } diff --git a/script/DeploySystem.s.sol b/script/DeploySystem.s.sol index 45c613f..cd61660 100644 --- a/script/DeploySystem.s.sol +++ b/script/DeploySystem.s.sol @@ -21,7 +21,7 @@ import {DeployChain} from "src/DeployChain.sol"; import {Constants} from "@eth-optimism-bedrock/src/libraries/Constants.sol"; import {ResourceMetering} from "@eth-optimism-bedrock/src/L1/ResourceMetering.sol"; import {IResourceMetering} from "@eth-optimism-bedrock/src/L1/interfaces/IResourceMetering.sol"; -import "../src/INitroValidator.sol"; +import {CertManager} from "@nitro-validator/CertManager.sol"; import {console2 as console} from "forge-std/console2.sol"; @@ -49,7 +49,7 @@ contract DeploySystem is Deploy { function setupSystemConfigGlobal() public { console.log("Setting up SystemConfigGlobal"); - checkNitroValidator(); + checkCertManager(); deployERC1967Proxy("SystemConfigGlobalProxy"); deploySystemConfigGlobal(); @@ -119,26 +119,22 @@ contract DeploySystem is Deploy { initializeOutputOracle(); } - function checkNitroValidator() public { - console.log("Retrieving NitroValidator deploy"); + function checkCertManager() public { + console.log("Retrieving CertManager deploy"); string memory deploymentOutfile = - string.concat(vm.projectRoot(), "/deployments/", vm.toString(block.chainid), "-validator.json"); - address nitroValidatorAddress = vm.parseJsonAddress(vm.readFile(deploymentOutfile), ".NitroValidator"); - save("NitroValidator", nitroValidatorAddress); + string.concat(vm.projectRoot(), "/deployments/", vm.toString(block.chainid), "-certmanager.json"); + address certManagerAddress = vm.parseJsonAddress(vm.readFile(deploymentOutfile), ".CertManager"); + save("CertManager", certManagerAddress); - INitroValidator validator = INitroValidator(nitroValidatorAddress); - bytes memory attestation = - vm.readFileBinary(string.concat(vm.projectRoot(), "/test/nitro-attestation/sample_attestation.bin")); + bytes memory parent = + hex"3082021130820196a003020102021100f93175681b90afe11d46ccb4e4e7f856300a06082a8648ce3d0403033049310b3009060355040613025553310f300d060355040a0c06416d617a6f6e310c300a060355040b0c03415753311b301906035504030c126177732e6e6974726f2d656e636c61766573301e170d3139313032383133323830355a170d3439313032383134323830355a3049310b3009060355040613025553310f300d060355040a0c06416d617a6f6e310c300a060355040b0c03415753311b301906035504030c126177732e6e6974726f2d656e636c617665733076301006072a8648ce3d020106052b8104002203620004fc0254eba608c1f36870e29ada90be46383292736e894bfff672d989444b5051e534a4b1f6dbe3c0bc581a32b7b176070ede12d69a3fea211b66e752cf7dd1dd095f6f1370f4170843d9dc100121e4cf63012809664487c9796284304dc53ff4a3423040300f0603551d130101ff040530030101ff301d0603551d0e041604149025b50dd90547e796c396fa729dcf99a9df4b96300e0603551d0f0101ff040403020186300a06082a8648ce3d0403030369003066023100a37f2f91a1c9bd5ee7b8627c1698d255038e1f0343f95b63a9628c3d39809545a11ebcbf2e3b55d8aeee71b4c3d6adf3023100a2f39b1605b27028a5dd4ba069b5016e65b4fbde8fe0061d6a53197f9cdaf5d943bc61fc2beb03cb6fee8d2302f3dff6"; + bytes memory cert = + hex"308202bf30820244a00302010202100b93e39c65609c59e8144a2ad34ba3a0300a06082a8648ce3d0403033049310b3009060355040613025553310f300d060355040a0c06416d617a6f6e310c300a060355040b0c03415753311b301906035504030c126177732e6e6974726f2d656e636c61766573301e170d3234313132333036333235355a170d3234313231333037333235355a3064310b3009060355040613025553310f300d060355040a0c06416d617a6f6e310c300a060355040b0c034157533136303406035504030c2d353133623665666332313639303264372e75732d656173742d312e6177732e6e6974726f2d656e636c617665733076301006072a8648ce3d020106052b8104002203620004ee78108039725a03e0b63a5d7d1244f6294eb7631f305e360997c8e5c06c779f23cfaeb64cb9aeac8a031bfac9f4dafc3621b4367f003c08c0ce410c2118396cc5d56ec4e92e1b17f9709b2bffcef462f7bcb97d6ca11325c4a30156c9720de7a381d53081d230120603551d130101ff040830060101ff020102301f0603551d230418301680149025b50dd90547e796c396fa729dcf99a9df4b96301d0603551d0e041604142b3d75d274a3cdd61b2c13f539e08c960ce757dd300e0603551d0f0101ff040403020186306c0603551d1f046530633061a05fa05d865b687474703a2f2f6177732d6e6974726f2d656e636c617665732d63726c2e73332e616d617a6f6e6177732e636f6d2f63726c2f61623439363063632d376436332d343262642d396539662d3539333338636236376638342e63726c300a06082a8648ce3d0403030369003066023100fce7a6c2b38e0a8ebf0d28348d74463458b84bfe8b2b95315dd4da665e8e83d4ab911852a4e92a8263ecf571d2df3b89023100ab92be511136be76aa313018f9f4825eaad602d0342d268e6da632767f68f55f761fa9fd2a7ee716c481c67f26e3f8f4"; uint256 timestamp = vm.getBlockTimestamp(); - vm.warp(1708930774); - (bytes memory enclavePubKey, bytes memory pcr0) = validator.validateAttestation(attestation, 365 days); + vm.warp(1732580000); + CertManager(certManagerAddress).verifyCert(cert, false, keccak256(parent)); vm.warp(timestamp); - - vm.assertEq(enclavePubKey, hex"d239fd059dd0e0a01e280bec44903bb8143bae7e578b9844c6df5fd6351eddc0"); - vm.assertEq( - pcr0, hex"17BF8F048519797BE90497001A7559A3D555395937117D76F8BAAEDF56CA6D97952DE79479BC0C76E5D176D20F663790" - ); } function deploySystemConfigOwnable() public broadcast returns (address addr_) { @@ -161,7 +157,7 @@ contract DeploySystem is Deploy { function deploySystemConfigGlobal() public broadcast returns (address addr_) { console.log("Deploying SystemConfigGlobal implementation"); - addr_ = address(new SystemConfigGlobal{salt: _implSalt()}(INitroValidator(mustGetAddress("NitroValidator")))); + addr_ = address(new SystemConfigGlobal{salt: _implSalt()}(CertManager(mustGetAddress("CertManager")))); save("SystemConfigGlobal", addr_); console.log("SystemConfigGlobal deployed at %s", addr_); } diff --git a/src/INitroValidator.sol b/src/INitroValidator.sol deleted file mode 100644 index 2435863..0000000 --- a/src/INitroValidator.sol +++ /dev/null @@ -1,13 +0,0 @@ -// SPDX-License-Identifier: MIT -pragma solidity ^0.8.15; - -interface INitroValidator { - /// @notice Verifies an AWS Nitro attestation - /// @param attestation The attestation document - /// @param maxAge Maximum age of the attestation in seconds - /// @return enclavePubKey The enclave's public key - /// @return pcr0 User data included in the attestation - function validateAttestation(bytes memory attestation, uint256 maxAge) - external - returns (bytes memory enclavePubKey, bytes memory pcr0); -} diff --git a/src/NitroValidator.sol b/src/NitroValidator.sol deleted file mode 100644 index e8fa136..0000000 --- a/src/NitroValidator.sol +++ /dev/null @@ -1,21 +0,0 @@ -// SPDX-License-Identifier: MIT -pragma solidity ^0.8.15; - -import {CBORDecoding} from "@solidity-cbor/CBORDecoding.sol"; -import {INitroValidator} from "./INitroValidator.sol"; -import {CertManager} from "@marlinprotocol/CertManager.sol"; -import {NitroProver} from "@marlinprotocol/NitroProver.sol"; - -contract NitroValidator is NitroProver, INitroValidator { - constructor(CertManager certManager) NitroProver(certManager) {} - - function validateAttestation(bytes memory attestation, uint256 maxAge) - external - view - returns (bytes memory, bytes memory) - { - (bytes memory enclaveKey,, bytes memory rawPcrs) = verifyAttestation(attestation, maxAge); - bytes memory pcr0 = CBORDecoding.decodeMappingGetValue(rawPcrs, hex"00"); - return (enclaveKey, pcr0); - } -} diff --git a/src/SystemConfigGlobal.sol b/src/SystemConfigGlobal.sol index 1513859..0bf6e34 100644 --- a/src/SystemConfigGlobal.sol +++ b/src/SystemConfigGlobal.sol @@ -4,11 +4,16 @@ pragma solidity ^0.8.0; import {OwnableUpgradeable} from "@openzeppelin/contracts-upgradeable/access/OwnableUpgradeable.sol"; import {ISemver} from "@eth-optimism-bedrock/src/universal/interfaces/ISemver.sol"; -import "./INitroValidator.sol"; +import {NitroValidator} from "@nitro-validator/NitroValidator.sol"; +import {CertManager} from "@nitro-validator/CertManager.sol"; +import {NodePtr, LibNodePtr} from "@nitro-validator/NodePtr.sol"; +import {LibBytes} from "@nitro-validator/LibBytes.sol"; -contract SystemConfigGlobal is OwnableUpgradeable, ISemver { - /// @notice The AWS Nitro validator. - INitroValidator public immutable nitroValidator; +contract SystemConfigGlobal is OwnableUpgradeable, ISemver, NitroValidator { + using LibNodePtr for NodePtr; + using LibBytes for bytes; + + uint256 public constant MAX_AGE = 60 minutes; /// @notice The address of the proposer. address public proposer; @@ -25,8 +30,7 @@ contract SystemConfigGlobal is OwnableUpgradeable, ISemver { return "0.0.1"; } - constructor(INitroValidator _nitroValidator) { - nitroValidator = _nitroValidator; + constructor(CertManager certManager) NitroValidator(certManager) { initialize({_owner: address(0xdEaD)}); } @@ -47,11 +51,15 @@ contract SystemConfigGlobal is OwnableUpgradeable, ISemver { delete validPCR0s[keccak256(pcr0)]; } - function registerSigner(bytes calldata attestation) external onlyOwner { - (bytes memory enclavePublicKey, bytes memory pcr0) = nitroValidator.validateAttestation(attestation, 10 minutes); + function registerSigner(bytes calldata attestationTbs, bytes calldata signature) external onlyOwner { + Ptrs memory ptrs = validateAttestation(attestationTbs, signature); + bytes memory pcr0 = attestationTbs.slice(ptrs.pcrs[0].content(), ptrs.pcrs[0].length()); require(validPCR0s[keccak256(pcr0)], "invalid pcr0 in attestation"); - address enclaveAddress = address(uint160(uint256(keccak256(enclavePublicKey)))); + require(ptrs.timestamp + MAX_AGE > block.timestamp, "attestation too old"); + + bytes memory publicKey = attestationTbs.slice(ptrs.publicKey.content(), ptrs.publicKey.length()); + address enclaveAddress = address(uint160(uint256(keccak256(publicKey)))); validSigners[enclaveAddress] = true; } diff --git a/test/NitroValidator.t.sol b/test/NitroValidator.t.sol deleted file mode 100644 index e4b3f27..0000000 --- a/test/NitroValidator.t.sol +++ /dev/null @@ -1,51 +0,0 @@ -// SPDX-License-Identifier: MIT -pragma solidity ^0.8.15; - -import {Test, console} from "forge-std/Test.sol"; -import {CertManager} from "@marlinprotocol/CertManager.sol"; -import {NitroProver} from "@marlinprotocol/NitroProver.sol"; -import "../src/INitroValidator.sol"; -import "../src/NitroValidator.sol"; - -contract NitroValidatorTest is Test { - NitroValidator validator; - - function setUp() public { - vm.warp(1708930774); - CertManager manager = new CertManager(); - validator = new NitroValidator(manager); - } - - function test_validateAttestation() public view { - bytes memory attestation = vm.readFileBinary("./test/nitro-attestation/sample_attestation.bin"); - - (bytes memory enclavePubKey, bytes memory pcr0) = validator.validateAttestation(attestation, 365 days); - - assertEq(enclavePubKey, hex"d239fd059dd0e0a01e280bec44903bb8143bae7e578b9844c6df5fd6351eddc0"); - assertEq( - pcr0, hex"17BF8F048519797BE90497001A7559A3D555395937117D76F8BAAEDF56CA6D97952DE79479BC0C76E5D176D20F663790" - ); - } - - function test_precacheCerts() public { - bytes memory attestation = vm.readFileBinary("./test/nitro-attestation/sample_attestation.bin"); - - NitroProver(address(validator)).verifyCerts(attestation); - (bytes memory enclavePubKey, bytes memory pcr0) = validator.validateAttestation(attestation, 365 days); - - assertEq(enclavePubKey, hex"d239fd059dd0e0a01e280bec44903bb8143bae7e578b9844c6df5fd6351eddc0"); - assertEq( - pcr0, hex"17BF8F048519797BE90497001A7559A3D555395937117D76F8BAAEDF56CA6D97952DE79479BC0C76E5D176D20F663790" - ); - } - - function test_validateAttestation_RevertOnExpiredTime() public { - bytes memory attestation = vm.readFileBinary("./test/nitro-attestation/sample_attestation.bin"); - - // Warp time to 366 days in the future - vm.warp(block.timestamp + 366 days); - - vm.expectRevert("certificate not valid anymore"); - validator.validateAttestation(attestation, 365 days); - } -} diff --git a/test/SystemConfigGlobal.t.sol b/test/SystemConfigGlobal.t.sol new file mode 100644 index 0000000..951229d --- /dev/null +++ b/test/SystemConfigGlobal.t.sol @@ -0,0 +1,31 @@ +// SPDX-License-Identifier: MIT +pragma solidity ^0.8.15; + +import {Test, console} from "forge-std/Test.sol"; + +import "../src/SystemConfigGlobal.sol"; + +contract SystemConfigGlobalTest is Test { + SystemConfigGlobal systemConfigGlobal; + + function setUp() public { + vm.warp(1708930774); + CertManager certManager = new CertManager(); + systemConfigGlobal = new SystemConfigGlobal(certManager); + } + + function test_validateAttestation() public { + vm.startPrank(systemConfigGlobal.owner()); + + systemConfigGlobal.registerPCR0( + hex"17BF8F048519797BE90497001A7559A3D555395937117D76F8BAAEDF56CA6D97952DE79479BC0C76E5D176D20F663790" + ); + + bytes memory attestation = vm.readFileBinary("./test/nitro-attestation/sample_attestation.bin"); + (bytes memory attestationTbs, bytes memory signature) = systemConfigGlobal.decodeAttestationTbs(attestation); + systemConfigGlobal.registerSigner(attestationTbs, signature); + + address expectedSigner = 0xe04d808785d2BBdE18E9D0C01c05FB8CE0711f2d; + assertTrue(systemConfigGlobal.validSigners(expectedSigner)); + } +} diff --git a/test/SystemGlobalConfig.t.sol b/test/SystemGlobalConfig.t.sol deleted file mode 100644 index 3604aa9..0000000 --- a/test/SystemGlobalConfig.t.sol +++ /dev/null @@ -1,55 +0,0 @@ -// SPDX-License-Identifier: MIT -pragma solidity ^0.8.15; - -import {Test, console} from "forge-std/Test.sol"; - -import "../src/INitroValidator.sol"; -import "../src/SystemConfigGlobal.sol"; - -// Mock NitroValidator contract -contract MockNitroValidator is INitroValidator { - bytes public pcr0; - bytes public publicKey; - - function setValidationResult(bytes memory _publicKey, bytes memory _pcr0) external { - pcr0 = _pcr0; - publicKey = _publicKey; - } - - function validateAttestation(bytes memory, uint256) external view returns (bytes memory, bytes memory) { - return (publicKey, pcr0); - } -} - -contract NitroValidatorTest is Test { - MockNitroValidator mockValidator; - SystemConfigGlobal systemConfigGlobal; - - function setUp() public { - // Create a mock contract - mockValidator = new MockNitroValidator(); - - // create system config global - systemConfigGlobal = new SystemConfigGlobal(mockValidator); - } - - function test_validateAttestation() public { - vm.startPrank(systemConfigGlobal.owner()); - - mockValidator.setValidationResult( - hex"d239fd059dd0e0a01e280bec44903bb8143bae7e578b9844c6df5fd6351eddc0", - hex"17BF8F048519797BE90497001A7559A3D555395937117D76F8BAAEDF56CA6D97952DE79479BC0C76E5D176D20F663790" - ); - - bytes memory attestation = vm.readFileBinary("./test/nitro-attestation/sample_attestation.bin"); - - systemConfigGlobal.registerPCR0( - hex"17BF8F048519797BE90497001A7559A3D555395937117D76F8BAAEDF56CA6D97952DE79479BC0C76E5D176D20F663790" - ); - - systemConfigGlobal.registerSigner(attestation); - - address expectedSigner = 0xe04d808785d2BBdE18E9D0C01c05FB8CE0711f2d; - assertTrue(systemConfigGlobal.validSigners(expectedSigner)); - } -} From 1fb0ef14a9ffadd574a1ea8d75661a17d19d78fc Mon Sep 17 00:00:00 2001 From: Michael de Hoog Date: Mon, 2 Dec 2024 16:23:36 -1000 Subject: [PATCH 2/3] Bump to latest --- lib/nitro-validator | 2 +- src/SystemConfigGlobal.sol | 12 +++++------- 2 files changed, 6 insertions(+), 8 deletions(-) diff --git a/lib/nitro-validator b/lib/nitro-validator index fa8d93d..9a3626e 160000 --- a/lib/nitro-validator +++ b/lib/nitro-validator @@ -1 +1 @@ -Subproject commit fa8d93d656c0138d3b2d452efe7598daade74c2a +Subproject commit 9a3626e348a787e4c0d5f44b022c3656aa9a3fe7 diff --git a/src/SystemConfigGlobal.sol b/src/SystemConfigGlobal.sol index 0bf6e34..918e25f 100644 --- a/src/SystemConfigGlobal.sol +++ b/src/SystemConfigGlobal.sol @@ -5,13 +5,11 @@ pragma solidity ^0.8.0; import {OwnableUpgradeable} from "@openzeppelin/contracts-upgradeable/access/OwnableUpgradeable.sol"; import {ISemver} from "@eth-optimism-bedrock/src/universal/interfaces/ISemver.sol"; import {NitroValidator} from "@nitro-validator/NitroValidator.sol"; +import {CborDecode} from "@nitro-validator/CborDecode.sol"; import {CertManager} from "@nitro-validator/CertManager.sol"; -import {NodePtr, LibNodePtr} from "@nitro-validator/NodePtr.sol"; -import {LibBytes} from "@nitro-validator/LibBytes.sol"; contract SystemConfigGlobal is OwnableUpgradeable, ISemver, NitroValidator { - using LibNodePtr for NodePtr; - using LibBytes for bytes; + using CborDecode for bytes; uint256 public constant MAX_AGE = 60 minutes; @@ -53,12 +51,12 @@ contract SystemConfigGlobal is OwnableUpgradeable, ISemver, NitroValidator { function registerSigner(bytes calldata attestationTbs, bytes calldata signature) external onlyOwner { Ptrs memory ptrs = validateAttestation(attestationTbs, signature); - bytes memory pcr0 = attestationTbs.slice(ptrs.pcrs[0].content(), ptrs.pcrs[0].length()); - require(validPCR0s[keccak256(pcr0)], "invalid pcr0 in attestation"); + bytes32 pcr0 = attestationTbs.keccak(ptrs.pcrs[0]); + require(validPCR0s[pcr0], "invalid pcr0 in attestation"); require(ptrs.timestamp + MAX_AGE > block.timestamp, "attestation too old"); - bytes memory publicKey = attestationTbs.slice(ptrs.publicKey.content(), ptrs.publicKey.length()); + bytes memory publicKey = attestationTbs.slice(ptrs.publicKey); address enclaveAddress = address(uint160(uint256(keccak256(publicKey)))); validSigners[enclaveAddress] = true; } From e438c3ee9af57dad42f3e0eac5064dc13e2f80dd Mon Sep 17 00:00:00 2001 From: Michael de Hoog Date: Mon, 2 Dec 2024 16:48:58 -1000 Subject: [PATCH 3/3] Bump to latest again --- .gitmodules | 2 +- lib/nitro-validator | 2 +- script/DeploySystem.s.sol | 6 +++--- src/SystemConfigGlobal.sol | 4 ++-- test/SystemConfigGlobal.t.sol | 1 + 5 files changed, 8 insertions(+), 7 deletions(-) diff --git a/.gitmodules b/.gitmodules index 01be3f2..c382449 100644 --- a/.gitmodules +++ b/.gitmodules @@ -6,4 +6,4 @@ url = https://github.com/ethereum-optimism/optimism [submodule "lib/nitro-validator"] path = lib/nitro-validator - url = https://github.com/mdehoog/nitro-validator + url = https://github.com/base-org/nitro-validator diff --git a/lib/nitro-validator b/lib/nitro-validator index 9a3626e..25fae48 160000 --- a/lib/nitro-validator +++ b/lib/nitro-validator @@ -1 +1 @@ -Subproject commit 9a3626e348a787e4c0d5f44b022c3656aa9a3fe7 +Subproject commit 25fae4891d77f2349234746e66ea33298ed61652 diff --git a/script/DeploySystem.s.sol b/script/DeploySystem.s.sol index cd61660..4f0d539 100644 --- a/script/DeploySystem.s.sol +++ b/script/DeploySystem.s.sol @@ -21,7 +21,7 @@ import {DeployChain} from "src/DeployChain.sol"; import {Constants} from "@eth-optimism-bedrock/src/libraries/Constants.sol"; import {ResourceMetering} from "@eth-optimism-bedrock/src/L1/ResourceMetering.sol"; import {IResourceMetering} from "@eth-optimism-bedrock/src/L1/interfaces/IResourceMetering.sol"; -import {CertManager} from "@nitro-validator/CertManager.sol"; +import {ICertManager} from "@nitro-validator/ICertManager.sol"; import {console2 as console} from "forge-std/console2.sol"; @@ -133,7 +133,7 @@ contract DeploySystem is Deploy { uint256 timestamp = vm.getBlockTimestamp(); vm.warp(1732580000); - CertManager(certManagerAddress).verifyCert(cert, false, keccak256(parent)); + ICertManager(certManagerAddress).verifyCert(cert, false, keccak256(parent)); vm.warp(timestamp); } @@ -157,7 +157,7 @@ contract DeploySystem is Deploy { function deploySystemConfigGlobal() public broadcast returns (address addr_) { console.log("Deploying SystemConfigGlobal implementation"); - addr_ = address(new SystemConfigGlobal{salt: _implSalt()}(CertManager(mustGetAddress("CertManager")))); + addr_ = address(new SystemConfigGlobal{salt: _implSalt()}(ICertManager(mustGetAddress("CertManager")))); save("SystemConfigGlobal", addr_); console.log("SystemConfigGlobal deployed at %s", addr_); } diff --git a/src/SystemConfigGlobal.sol b/src/SystemConfigGlobal.sol index 918e25f..7fe5533 100644 --- a/src/SystemConfigGlobal.sol +++ b/src/SystemConfigGlobal.sol @@ -6,7 +6,7 @@ import {OwnableUpgradeable} from "@openzeppelin/contracts-upgradeable/access/Own import {ISemver} from "@eth-optimism-bedrock/src/universal/interfaces/ISemver.sol"; import {NitroValidator} from "@nitro-validator/NitroValidator.sol"; import {CborDecode} from "@nitro-validator/CborDecode.sol"; -import {CertManager} from "@nitro-validator/CertManager.sol"; +import {ICertManager} from "@nitro-validator/ICertManager.sol"; contract SystemConfigGlobal is OwnableUpgradeable, ISemver, NitroValidator { using CborDecode for bytes; @@ -28,7 +28,7 @@ contract SystemConfigGlobal is OwnableUpgradeable, ISemver, NitroValidator { return "0.0.1"; } - constructor(CertManager certManager) NitroValidator(certManager) { + constructor(ICertManager certManager) NitroValidator(certManager) { initialize({_owner: address(0xdEaD)}); } diff --git a/test/SystemConfigGlobal.t.sol b/test/SystemConfigGlobal.t.sol index 951229d..898f7b8 100644 --- a/test/SystemConfigGlobal.t.sol +++ b/test/SystemConfigGlobal.t.sol @@ -2,6 +2,7 @@ pragma solidity ^0.8.15; import {Test, console} from "forge-std/Test.sol"; +import {CertManager} from "@nitro-validator/CertManager.sol"; import "../src/SystemConfigGlobal.sol";