From f90088be7683e08b6f1b07a1bf68333056aff852 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Patryk=20B=C4=99za?= <patryk.beza@gmail.com>
Date: Wed, 10 Jul 2024 12:09:56 +0200
Subject: [PATCH 1/5] SGX attestation & batch signature verification tool

---
 Cargo.lock                                    | 11 +++
 bin/verify-attestation-sgx/Cargo.toml         | 15 ++++
 bin/verify-attestation-sgx/src/main.rs        | 83 +++++++++++++++++++
 .../src/lib.rs                                |  2 +-
 packages/teepot/default.nix                   |  1 +
 5 files changed, 111 insertions(+), 1 deletion(-)
 create mode 100644 bin/verify-attestation-sgx/Cargo.toml
 create mode 100644 bin/verify-attestation-sgx/src/main.rs

diff --git a/Cargo.lock b/Cargo.lock
index 0054c20..bafde04 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -3075,6 +3075,17 @@ dependencies = [
  "teepot",
 ]
 
+[[package]]
+name = "verify-attestation-sgx"
+version = "0.1.2-alpha.1"
+dependencies = [
+ "anyhow",
+ "clap",
+ "hex",
+ "secp256k1",
+ "teepot",
+]
+
 [[package]]
 name = "version_check"
 version = "0.9.4"
diff --git a/bin/verify-attestation-sgx/Cargo.toml b/bin/verify-attestation-sgx/Cargo.toml
new file mode 100644
index 0000000..cac3436
--- /dev/null
+++ b/bin/verify-attestation-sgx/Cargo.toml
@@ -0,0 +1,15 @@
+[package]
+name = "verify-attestation-sgx"
+version.workspace = true
+edition.workspace = true
+authors.workspace = true
+license.workspace = true
+repository.workspace = true
+homepage.workspace = true
+
+[dependencies]
+anyhow.workspace = true
+clap.workspace = true
+hex.workspace = true
+secp256k1.workspace = true
+teepot.workspace = true
diff --git a/bin/verify-attestation-sgx/src/main.rs b/bin/verify-attestation-sgx/src/main.rs
new file mode 100644
index 0000000..f5535eb
--- /dev/null
+++ b/bin/verify-attestation-sgx/src/main.rs
@@ -0,0 +1,83 @@
+// SPDX-License-Identifier: Apache-2.0
+// Copyright (c) 2023-2024 Matter Labs
+
+//! Tool for SGX attestation and batch signature verification
+
+use anyhow::{bail, Context, Result};
+use clap::Parser;
+use secp256k1::{ecdsa::Signature, Message, PublicKey};
+use std::fs;
+use std::path::PathBuf;
+use std::time::UNIX_EPOCH;
+use teepot::client::TcbLevel;
+use teepot::sgx::{tee_qv_get_collateral, verify_quote_with_collateral, QuoteVerificationResult};
+
+#[derive(Parser, Debug)]
+#[command(author = "Matter Labs", version, about = "TEE attestation verifier", long_about = None)]
+struct Arguments {
+    /// File containing a batch signature signed within a TEE enclave.
+    #[clap(long)]
+    signature_file: Option<PathBuf>,
+    /// File with attestation quote proving signature originated from a TEE enclave.
+    #[clap(long)]
+    attestation_file: PathBuf,
+}
+
+fn main() -> Result<()> {
+    let args = Arguments::parse();
+    let attestation_quote_bytes = fs::read(&args.attestation_file)?;
+    let quote_verification_result = verify_attestation_quote(&attestation_quote_bytes)?;
+    print_quote_verification_summary(&quote_verification_result);
+    if let Some(signature_file) = args.signature_file {
+        let reportdata = &quote_verification_result.quote.report_body.reportdata;
+        let verifying_key = PublicKey::from_slice(reportdata)?;
+        // let signature_bytes = fs::read(&args.signature_file)?;
+        // let signature = Signature::from_compact(&signature_bytes)?;
+        let signature = fs::read(&args.signature_file)?.map(Signature::from_compact)?;
+        let message = Message::from_slice(reportdata)?; // TODO
+        if signature.verify(&message, &verifying_key).is_ok() {
+            println!("Signature verified successfully");
+        } else {
+            println!("Failed to verify signature");
+        }
+    }
+    Ok(())
+}
+
+fn verify_attestation_quote<'a>(
+    attestation_quote_bytes: &'a Vec<u8>,
+) -> Result<QuoteVerificationResult<'a>> {
+    println!(
+        "Verifying quote ({} bytes)...",
+        attestation_quote_bytes.len()
+    );
+    let collateral =
+        tee_qv_get_collateral(&attestation_quote_bytes).context("Failed to get collateral")?;
+    let unix_time: i64 = std::time::SystemTime::now()
+        .duration_since(UNIX_EPOCH)?
+        .as_secs() as _;
+    verify_quote_with_collateral(&attestation_quote_bytes, Some(&collateral), unix_time)
+        .context("Failed to verify quote with collateral")
+}
+
+fn print_quote_verification_summary<'a>(quote_verification_result: &QuoteVerificationResult<'a>) {
+    let QuoteVerificationResult {
+        collateral_expired,
+        result,
+
+        quote,
+        advisories,
+        ..
+    } = quote_verification_result;
+    if *collateral_expired {
+        println!("Freshly fetched collateral expired");
+    }
+    let tcblevel = TcbLevel::from(*result);
+    for advisory in advisories {
+        println!("\tInfo: Advisory ID: {advisory}");
+    }
+    println!("Quote verification result: {}", tcblevel);
+    println!("mrsigner: {}", hex::encode(quote.report_body.mrsigner));
+    println!("mrenclave: {}", hex::encode(quote.report_body.mrenclave));
+    println!("reportdata: {}", hex::encode(quote.report_body.reportdata));
+}
diff --git a/crates/teepot-tee-quote-verification-rs/src/lib.rs b/crates/teepot-tee-quote-verification-rs/src/lib.rs
index 82922a3..22c8055 100644
--- a/crates/teepot-tee-quote-verification-rs/src/lib.rs
+++ b/crates/teepot-tee-quote-verification-rs/src/lib.rs
@@ -416,7 +416,7 @@ impl<'a> Deref for SgxQlQveCollateralT<'a> {
 /// SGX/TDX Quote, presented as u8 vector.
 ///
 /// # Return
-/// Result type of quote_collecteral.
+/// Result type of quote_collateral.
 ///
 /// - **quote_collateral**\
 /// This is the Quote Certification Collateral retrieved based on Quote.
diff --git a/packages/teepot/default.nix b/packages/teepot/default.nix
index 1a8745c..8f04925 100644
--- a/packages/teepot/default.nix
+++ b/packages/teepot/default.nix
@@ -29,6 +29,7 @@
       "vault_admin"
       "vault_unseal"
       "verify_attestation"
+      "verify_attestation_sgx"
     ];
     postInstall = ''
       removeReferencesToVendoredSources "$out" "$cargoVendorDir"

From f3f6ea1dba50104a73abc3dc8224df4d52857653 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Patryk=20B=C4=99za?= <patryk.beza@gmail.com>
Date: Wed, 10 Jul 2024 20:01:41 +0200
Subject: [PATCH 2/5] Introduce root_hash option

---
 Cargo.lock                             | 894 +++++++++++++++++++++----
 Cargo.toml                             |   3 +-
 bin/verify-attestation-sgx/Cargo.toml  |   1 +
 bin/verify-attestation-sgx/src/main.rs |  78 ++-
 4 files changed, 814 insertions(+), 162 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index bafde04..a3dca27 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -66,7 +66,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "e01ed3140b2f8d422c68afa1ed2e85d996ea619c988ac834d255db32138655cb"
 dependencies = [
  "quote",
- "syn",
+ "syn 2.0.70",
 ]
 
 [[package]]
@@ -205,7 +205,7 @@ dependencies = [
  "actix-router",
  "proc-macro2",
  "quote",
- "syn",
+ "syn 2.0.70",
 ]
 
 [[package]]
@@ -295,6 +295,38 @@ dependencies = [
  "alloc-no-stdlib",
 ]
 
+[[package]]
+name = "alloy-primitives"
+version = "0.7.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ccb3ead547f4532bc8af961649942f0b9c16ee9226e26caa3f38420651cc0bf4"
+dependencies = [
+ "alloy-rlp",
+ "bytes",
+ "cfg-if",
+ "const-hex",
+ "derive_more",
+ "hex-literal",
+ "itoa",
+ "k256",
+ "keccak-asm",
+ "proptest",
+ "rand",
+ "ruint",
+ "serde",
+ "tiny-keccak",
+]
+
+[[package]]
+name = "alloy-rlp"
+version = "0.3.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a43b18702501396fa9bcdeecd533bc85fac75150d308fc0f6800a01e6234a003"
+dependencies = [
+ "arrayvec",
+ "bytes",
+]
+
 [[package]]
 name = "android-tzdata"
 version = "0.1.1"
@@ -334,6 +366,147 @@ dependencies = [
  "password-hash",
 ]
 
+[[package]]
+name = "ark-ff"
+version = "0.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6b3235cc41ee7a12aaaf2c575a2ad7b46713a8a50bda2fc3b003a04845c05dd6"
+dependencies = [
+ "ark-ff-asm 0.3.0",
+ "ark-ff-macros 0.3.0",
+ "ark-serialize 0.3.0",
+ "ark-std 0.3.0",
+ "derivative",
+ "num-bigint",
+ "num-traits",
+ "paste",
+ "rustc_version 0.3.3",
+ "zeroize",
+]
+
+[[package]]
+name = "ark-ff"
+version = "0.4.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ec847af850f44ad29048935519032c33da8aa03340876d351dfab5660d2966ba"
+dependencies = [
+ "ark-ff-asm 0.4.2",
+ "ark-ff-macros 0.4.2",
+ "ark-serialize 0.4.2",
+ "ark-std 0.4.0",
+ "derivative",
+ "digest 0.10.7",
+ "itertools",
+ "num-bigint",
+ "num-traits",
+ "paste",
+ "rustc_version 0.4.0",
+ "zeroize",
+]
+
+[[package]]
+name = "ark-ff-asm"
+version = "0.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "db02d390bf6643fb404d3d22d31aee1c4bc4459600aef9113833d17e786c6e44"
+dependencies = [
+ "quote",
+ "syn 1.0.109",
+]
+
+[[package]]
+name = "ark-ff-asm"
+version = "0.4.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3ed4aa4fe255d0bc6d79373f7e31d2ea147bcf486cba1be5ba7ea85abdb92348"
+dependencies = [
+ "quote",
+ "syn 1.0.109",
+]
+
+[[package]]
+name = "ark-ff-macros"
+version = "0.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "db2fd794a08ccb318058009eefdf15bcaaaaf6f8161eb3345f907222bac38b20"
+dependencies = [
+ "num-bigint",
+ "num-traits",
+ "quote",
+ "syn 1.0.109",
+]
+
+[[package]]
+name = "ark-ff-macros"
+version = "0.4.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7abe79b0e4288889c4574159ab790824d0033b9fdcb2a112a3182fac2e514565"
+dependencies = [
+ "num-bigint",
+ "num-traits",
+ "proc-macro2",
+ "quote",
+ "syn 1.0.109",
+]
+
+[[package]]
+name = "ark-serialize"
+version = "0.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1d6c2b318ee6e10f8c2853e73a83adc0ccb88995aa978d8a3408d492ab2ee671"
+dependencies = [
+ "ark-std 0.3.0",
+ "digest 0.9.0",
+]
+
+[[package]]
+name = "ark-serialize"
+version = "0.4.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "adb7b85a02b83d2f22f89bd5cac66c9c89474240cb6207cb1efc16d098e822a5"
+dependencies = [
+ "ark-std 0.4.0",
+ "digest 0.10.7",
+ "num-bigint",
+]
+
+[[package]]
+name = "ark-std"
+version = "0.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1df2c09229cbc5a028b1d70e00fdb2acee28b1055dfb5ca73eea49c5a25c4e7c"
+dependencies = [
+ "num-traits",
+ "rand",
+]
+
+[[package]]
+name = "ark-std"
+version = "0.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "94893f1e0c6eeab764ade8dc4c0db24caf4fe7cbbaafc0eba0a9030f447b5185"
+dependencies = [
+ "num-traits",
+ "rand",
+]
+
+[[package]]
+name = "arrayvec"
+version = "0.7.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "96d30a06541fbafbc7f82ed10c06164cfbd2c401138f6addd8404629c4b16711"
+
+[[package]]
+name = "auto_impl"
+version = "1.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3c87f3f15e7794432337fc718554eaa4dc8f04c9677a950ffe366f20a162ae42"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 2.0.70",
+]
+
 [[package]]
 name = "autocfg"
 version = "1.3.0"
@@ -426,10 +599,25 @@ dependencies = [
  "regex",
  "rustc-hash",
  "shlex",
- "syn",
+ "syn 2.0.70",
  "which",
 ]
 
+[[package]]
+name = "bit-set"
+version = "0.5.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0700ddab506f33b20a03b13996eccd309a48e5ff77d0d95926aa0210fb4e95f1"
+dependencies = [
+ "bit-vec",
+]
+
+[[package]]
+name = "bit-vec"
+version = "0.6.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "349f9b6a179ed607305526ca489b34ad0a41aed5f7980fa90eb03160b69598fb"
+
 [[package]]
 name = "bitfield"
 version = "0.14.0"
@@ -448,13 +636,25 @@ version = "2.6.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "b048fb63fd8b5923fc5aa7b340d8e156aec7ec02f0c78fa8a6ddc2613f6f71de"
 
+[[package]]
+name = "bitvec"
+version = "1.0.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1bc2832c24239b0141d5674bb9174f9d68a8b5b3f2753311927c172ca46f7e9c"
+dependencies = [
+ "funty",
+ "radium",
+ "tap",
+ "wyz",
+]
+
 [[package]]
 name = "blake2"
 version = "0.10.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "46502ad458c9a52b69d4d4d32775c788b7a1b85e8bc9d482d92250fc0e3f8efe"
 dependencies = [
- "digest",
+ "digest 0.10.7",
 ]
 
 [[package]]
@@ -531,6 +731,12 @@ version = "3.16.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "79296716171880943b8470b5f8d03aa55eb2e645a4874bdbb28adb49162e012c"
 
+[[package]]
+name = "byte-slice-cast"
+version = "1.2.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c3ac9f8b63eca6fd385229b3675f6cc0dc5c8a5c8a54a59d4f52ffd670d87b0c"
+
 [[package]]
 name = "bytemuck"
 version = "1.16.1"
@@ -548,7 +754,7 @@ checksum = "1ee891b04274a59bd38b412188e24b849617b2e45a0fd8d057deb63e7403761b"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn",
+ "syn 2.0.70",
 ]
 
 [[package]]
@@ -593,9 +799,9 @@ dependencies = [
 
 [[package]]
 name = "cc"
-version = "1.0.99"
+version = "1.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "96c51067fd44124faa7f870b4b1c969379ad32b2ba805aa959430ceaa384f695"
+checksum = "eaff6f8ce506b9773fa786672d63fc7a191ffea1be33f72bbd4aeacefca9ffc8"
 dependencies = [
  "jobserver",
  "libc",
@@ -636,7 +842,7 @@ dependencies = [
  "iana-time-zone",
  "num-traits",
  "serde",
- "windows-targets 0.52.5",
+ "windows-targets 0.52.6",
 ]
 
 [[package]]
@@ -662,9 +868,9 @@ dependencies = [
 
 [[package]]
 name = "clap"
-version = "4.5.8"
+version = "4.5.9"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "84b3edb18336f4df585bc9aa31dd99c036dfa5dc5e9a2939a722a188f3a8970d"
+checksum = "64acc1846d54c1fe936a78dc189c34e28d3f5afc348403f28ecf53660b9b8462"
 dependencies = [
  "clap_builder",
  "clap_derive",
@@ -672,9 +878,9 @@ dependencies = [
 
 [[package]]
 name = "clap_builder"
-version = "4.5.8"
+version = "4.5.9"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c1c09dd5ada6c6c78075d6fd0da3f90d8080651e2d6cc8eb2f1aaa4034ced708"
+checksum = "6fb8393d67ba2e7bfaf28a23458e4e2b543cc73a99595511eb207fdb8aede942"
 dependencies = [
  "anstyle",
  "clap_lex",
@@ -690,7 +896,7 @@ dependencies = [
  "heck",
  "proc-macro2",
  "quote",
- "syn",
+ "syn 2.0.70",
 ]
 
 [[package]]
@@ -707,7 +913,20 @@ checksum = "8543454e3c3f5126effff9cd44d562af4e31fb8ce1cc0d3dcd8f084515dbc1aa"
 dependencies = [
  "cipher",
  "dbl",
- "digest",
+ "digest 0.10.7",
+]
+
+[[package]]
+name = "const-hex"
+version = "1.12.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "94fb8a24a26d37e1ffd45343323dc9fe6654ceea44c12f2fcb3d7ac29e610bc6"
+dependencies = [
+ "cfg-if",
+ "cpufeatures",
+ "hex",
+ "proptest",
+ "serde",
 ]
 
 [[package]]
@@ -763,6 +982,12 @@ dependencies = [
  "cfg-if",
 ]
 
+[[package]]
+name = "crunchy"
+version = "0.2.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7a81dae078cea95a014a339291cec439d2f232ebe854a9d672b796c6afafa9b7"
+
 [[package]]
 name = "crypto-bigint"
 version = "0.5.5"
@@ -804,9 +1029,9 @@ dependencies = [
  "cfg-if",
  "cpufeatures",
  "curve25519-dalek-derive",
- "digest",
+ "digest 0.10.7",
  "fiat-crypto",
- "rustc_version",
+ "rustc_version 0.4.0",
  "subtle",
  "zeroize",
 ]
@@ -819,14 +1044,14 @@ checksum = "f46882e17999c6cc590af592290432be3bce0428cb0d5f8b6715e4dc7b383eb3"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn",
+ "syn 2.0.70",
 ]
 
 [[package]]
 name = "darling"
-version = "0.20.9"
+version = "0.20.10"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "83b2eb4d90d12bdda5ed17de686c2acb4c57914f8f921b8da7e112b5a36f3fe1"
+checksum = "6f63b86c8a8826a49b8c21f08a2d07338eec8d900540f8630dc76284be802989"
 dependencies = [
  "darling_core",
  "darling_macro",
@@ -834,27 +1059,27 @@ dependencies = [
 
 [[package]]
 name = "darling_core"
-version = "0.20.9"
+version = "0.20.10"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "622687fe0bac72a04e5599029151f5796111b90f1baaa9b544d807a5e31cd120"
+checksum = "95133861a8032aaea082871032f5815eb9e98cef03fa916ab4500513994df9e5"
 dependencies = [
  "fnv",
  "ident_case",
  "proc-macro2",
  "quote",
  "strsim",
- "syn",
+ "syn 2.0.70",
 ]
 
 [[package]]
 name = "darling_macro"
-version = "0.20.9"
+version = "0.20.10"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "733cabb43482b1a1b53eee8583c2b9e8684d592215ea83efd305dd31bc2f0178"
+checksum = "d336a2a514f6ccccaa3e09b02d41d35330c07ddf03a62165fcec10bb561c7806"
 dependencies = [
  "darling_core",
  "quote",
- "syn",
+ "syn 2.0.70",
 ]
 
 [[package]]
@@ -881,13 +1106,13 @@ dependencies = [
 
 [[package]]
 name = "der_derive"
-version = "0.7.2"
+version = "0.7.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5fe87ce4529967e0ba1dcf8450bab64d97dfd5010a6256187ffe2e43e6f0e049"
+checksum = "8034092389675178f570469e6c3b0465d3d30b4505c294a6550db47f3c17ad18"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn",
+ "syn 2.0.70",
 ]
 
 [[package]]
@@ -900,6 +1125,17 @@ dependencies = [
  "serde",
 ]
 
+[[package]]
+name = "derivative"
+version = "2.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "fcc3dd5e9e9c0b295d6e1e4d811fb6f157d5ffd784b8d202fc62eac8035a770b"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 1.0.109",
+]
+
 [[package]]
 name = "derive_builder"
 version = "0.20.0"
@@ -918,7 +1154,7 @@ dependencies = [
  "darling",
  "proc-macro2",
  "quote",
- "syn",
+ "syn 2.0.70",
 ]
 
 [[package]]
@@ -928,7 +1164,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "206868b8242f27cecce124c19fd88157fbd0dd334df2587f36417bafbc85097b"
 dependencies = [
  "derive_builder_core",
- "syn",
+ "syn 2.0.70",
 ]
 
 [[package]]
@@ -940,8 +1176,8 @@ dependencies = [
  "convert_case",
  "proc-macro2",
  "quote",
- "rustc_version",
- "syn",
+ "rustc_version 0.4.0",
+ "syn 2.0.70",
 ]
 
 [[package]]
@@ -953,6 +1189,15 @@ dependencies = [
  "cipher",
 ]
 
+[[package]]
+name = "digest"
+version = "0.9.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d3dd60d1080a57a05ab032377049e0591415d2b31afd7028356dbf3cc6dcb066"
+dependencies = [
+ "generic-array",
+]
+
 [[package]]
 name = "digest"
 version = "0.10.7"
@@ -971,7 +1216,7 @@ version = "0.6.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "48bc224a9084ad760195584ce5abb3c2c34a225fa312a128ad245a6b412b7689"
 dependencies = [
- "digest",
+ "digest 0.10.7",
  "num-bigint-dig",
  "num-traits",
  "pkcs8",
@@ -1001,7 +1246,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "ee27f32b5c5292967d2d4a9d7f1e0b0aed2c15daded5a60300e4abb9d8020bca"
 dependencies = [
  "der",
- "digest",
+ "digest 0.10.7",
  "elliptic-curve",
  "rfc6979",
  "signature",
@@ -1034,9 +1279,9 @@ dependencies = [
 
 [[package]]
 name = "either"
-version = "1.12.0"
+version = "1.13.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3dca9240753cf90908d7e4aac30f630662b02aebaa1b58a3cadabdb23385b58b"
+checksum = "60b1af1c220855b6ceac025d3f6ecdd2b7c4894bfe9cd9bda4fbb4bc7c0d4cf0"
 
 [[package]]
 name = "elliptic-curve"
@@ -1046,7 +1291,7 @@ checksum = "b5e6043086bf7973472e0c7dff2142ea0b680d30e18d9cc40f267efbf222bd47"
 dependencies = [
  "base16ct",
  "crypto-bigint",
- "digest",
+ "digest 0.10.7",
  "ff",
  "generic-array",
  "group",
@@ -1085,10 +1330,10 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "e08b6c6ab82d70f08844964ba10c7babb716de2ecaeab9be5717918a5177d3af"
 dependencies = [
  "darling",
- "proc-macro-crate",
+ "proc-macro-crate 1.3.1",
  "proc-macro2",
  "quote",
- "syn",
+ "syn 2.0.70",
 ]
 
 [[package]]
@@ -1107,6 +1352,23 @@ dependencies = [
  "windows-sys 0.52.0",
 ]
 
+[[package]]
+name = "fastrand"
+version = "2.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9fc0510504f03c51ada170672ac806f1f105a88aa97a5281117e1ddc3368e51a"
+
+[[package]]
+name = "fastrlp"
+version = "0.3.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "139834ddba373bbdd213dffe02c8d110508dcf1726c2be27e8d1f7d7e1856418"
+dependencies = [
+ "arrayvec",
+ "auto_impl",
+ "bytes",
+]
+
 [[package]]
 name = "ff"
 version = "0.13.0"
@@ -1123,6 +1385,18 @@ version = "0.2.9"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "28dea519a9695b9977216879a3ebfddf92f1c08c05d984f8996aecd6ecdc811d"
 
+[[package]]
+name = "fixed-hash"
+version = "0.8.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "835c052cb0c08c1acf6ffd71c022172e18723949c8282f2b9f27efbc51e64534"
+dependencies = [
+ "byteorder",
+ "rand",
+ "rustc-hex",
+ "static_assertions",
+]
+
 [[package]]
 name = "flagset"
 version = "0.4.5"
@@ -1154,6 +1428,12 @@ dependencies = [
  "percent-encoding",
 ]
 
+[[package]]
+name = "funty"
+version = "2.0.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e6d5a32815ae3f33302d95fdcb2ce17862f8c65363dcfd29360480ba1001fc9c"
+
 [[package]]
 name = "futures-core"
 version = "0.3.30"
@@ -1283,6 +1563,12 @@ version = "0.4.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "7f24254aa9a54b5c858eaee2f5bccdb46aaf0e486a595ed5fd8f86ba55232a70"
 
+[[package]]
+name = "hex-literal"
+version = "0.4.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6fe2267d4ed49bc07b63801559be28c718ea06c4738b7a03c94df7386d2cde46"
+
 [[package]]
 name = "hkdf"
 version = "0.12.4"
@@ -1298,7 +1584,7 @@ version = "0.12.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "6c49c37c09c17a53d937dfbb742eb3a961d65a994e6bcdcf37e7399d0cc8ab5e"
 dependencies = [
- "digest",
+ "digest 0.10.7",
 ]
 
 [[package]]
@@ -1392,12 +1678,32 @@ dependencies = [
  "unicode-normalization",
 ]
 
+[[package]]
+name = "impl-codec"
+version = "0.6.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ba6a270039626615617f3f36d15fc827041df3b78c439da2cadfa47455a77f2f"
+dependencies = [
+ "parity-scale-codec",
+]
+
 [[package]]
 name = "impl-more"
 version = "0.1.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "206ca75c9c03ba3d4ace2460e57b189f39f43de612c2f85836e65c929701bb2d"
 
+[[package]]
+name = "impl-trait-for-tuples"
+version = "0.2.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "11d7a9f6330b71fea57921c9b61c47ee6e84f72d394754eff6163ae67e7395eb"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 1.0.109",
+]
+
 [[package]]
 name = "indexmap"
 version = "1.9.3"
@@ -1444,6 +1750,15 @@ version = "1.0.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "a598c1abae8e3456ebda517868b254b6bc2a9bb6501ffd5b9d0875bf332e048b"
 
+[[package]]
+name = "itertools"
+version = "0.10.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b0fd2260e829bddf4cb6ea802289de2f86d6a7a690192fbe91b3f46e0f2c8473"
+dependencies = [
+ "either",
+]
+
 [[package]]
 name = "itoa"
 version = "1.0.11"
@@ -1491,6 +1806,16 @@ dependencies = [
  "cpufeatures",
 ]
 
+[[package]]
+name = "keccak-asm"
+version = "0.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "47a3633291834c4fbebf8673acbc1b04ec9d151418ff9b8e26dcd79129928758"
+dependencies = [
+ "digest 0.10.7",
+ "sha3-asm",
+]
+
 [[package]]
 name = "language-tags"
 version = "0.3.2"
@@ -1499,11 +1824,11 @@ checksum = "d4345964bb142484797b161f473a503a434de77149dd8c7427788c6e13379388"
 
 [[package]]
 name = "lazy_static"
-version = "1.4.0"
+version = "1.5.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646"
+checksum = "bbd2bcb4c963f2ddae06a2efc7e9f3591312473c50c6685e1f298068316e66fe"
 dependencies = [
- "spin 0.5.2",
+ "spin",
 ]
 
 [[package]]
@@ -1520,12 +1845,12 @@ checksum = "97b3888a4aecf77e811145cadf6eef5901f4782c53886191b2f693f24761847c"
 
 [[package]]
 name = "libloading"
-version = "0.8.3"
+version = "0.8.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0c2a198fb6b0eada2a8df47933734e6d35d350665a33a3593d7164fa52c75c19"
+checksum = "e310b3a6b5907f99202fcdb4960ff45b93735d7c7d96b760fcff8db2dc0e103d"
 dependencies = [
  "cfg-if",
- "windows-targets 0.48.5",
+ "windows-targets 0.52.6",
 ]
 
 [[package]]
@@ -1589,7 +1914,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "d89e7ee0cfbedfc4da3340218492196241d89eefb6dab27de5df917a6d2e78cf"
 dependencies = [
  "cfg-if",
- "digest",
+ "digest 0.10.7",
 ]
 
 [[package]]
@@ -1657,6 +1982,16 @@ dependencies = [
  "winapi",
 ]
 
+[[package]]
+name = "num-bigint"
+version = "0.4.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a5e44f723f1133c9deac646763579fdb3ac745e418f2a7af9cd0c431da1f20b9"
+dependencies = [
+ "num-integer",
+ "num-traits",
+]
+
 [[package]]
 name = "num-bigint-dig"
 version = "0.8.4"
@@ -1726,17 +2061,17 @@ version = "0.7.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "681030a937600a36906c185595136d26abfebb4aa9c65701cefcaf8578bb982b"
 dependencies = [
- "proc-macro-crate",
+ "proc-macro-crate 3.1.0",
  "proc-macro2",
  "quote",
- "syn",
+ "syn 2.0.70",
 ]
 
 [[package]]
 name = "object"
-version = "0.36.0"
+version = "0.36.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "576dfe1fc8f9df304abb159d767a29d0476f7750fbf8aa7ad07816004a207434"
+checksum = "081b846d1d56ddfc18fdf1a922e4f6e07a11768ea1b92dec44e42b72712ccfce"
 dependencies = [
  "memchr",
 ]
@@ -1809,6 +2144,32 @@ dependencies = [
  "sha2",
 ]
 
+[[package]]
+name = "parity-scale-codec"
+version = "3.6.12"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "306800abfa29c7f16596b5970a588435e3d5b3149683d00c12b699cc19f895ee"
+dependencies = [
+ "arrayvec",
+ "bitvec",
+ "byte-slice-cast",
+ "impl-trait-for-tuples",
+ "parity-scale-codec-derive",
+ "serde",
+]
+
+[[package]]
+name = "parity-scale-codec-derive"
+version = "3.6.12"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d830939c76d294956402033aee57a6da7b438f2294eb94864c37b0569053a42c"
+dependencies = [
+ "proc-macro-crate 3.1.0",
+ "proc-macro2",
+ "quote",
+ "syn 1.0.109",
+]
+
 [[package]]
 name = "parking_lot"
 version = "0.12.3"
@@ -1829,7 +2190,7 @@ dependencies = [
  "libc",
  "redox_syscall",
  "smallvec",
- "windows-targets 0.52.5",
+ "windows-targets 0.52.6",
 ]
 
 [[package]]
@@ -1870,6 +2231,17 @@ version = "2.3.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "e3148f5046208a5d56bcfc03053e3ca6334e51da8dfb19b6cdc8b306fae3283e"
 
+[[package]]
+name = "pest"
+version = "2.7.11"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "cd53dff83f26735fdc1ca837098ccf133605d794cdae66acfc2bfac3ec809d95"
+dependencies = [
+ "memchr",
+ "thiserror",
+ "ucd-trie",
+]
+
 [[package]]
 name = "pgp"
 version = "0.13.1"
@@ -1896,7 +2268,7 @@ dependencies = [
  "curve25519-dalek",
  "derive_builder",
  "des",
- "digest",
+ "digest 0.10.7",
  "dsa",
  "eax",
  "ecdsa",
@@ -1951,7 +2323,7 @@ checksum = "2f38a4412a78282e09a2cf38d195ea5420d15ba0602cb375210efbc877243965"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn",
+ "syn 2.0.70",
 ]
 
 [[package]]
@@ -2024,7 +2396,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "5f12335488a2f3b0a83b14edad48dca9879ce89b2edd10e80237e4e852dd645e"
 dependencies = [
  "proc-macro2",
- "syn",
+ "syn 2.0.70",
 ]
 
 [[package]]
@@ -2036,6 +2408,17 @@ dependencies = [
  "elliptic-curve",
 ]
 
+[[package]]
+name = "primitive-types"
+version = "0.12.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0b34d9fd68ae0b74a41b21c03c2f62847aa0ffea044eee893b4c140b37e244e2"
+dependencies = [
+ "fixed-hash",
+ "impl-codec",
+ "uint",
+]
+
 [[package]]
 name = "proc-macro-crate"
 version = "1.3.1"
@@ -2043,18 +2426,53 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "7f4c021e1093a56626774e81216a4ce732a735e5bad4868a03f3ed65ca0c3919"
 dependencies = [
  "once_cell",
- "toml_edit",
+ "toml_edit 0.19.15",
+]
+
+[[package]]
+name = "proc-macro-crate"
+version = "3.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6d37c51ca738a55da99dc0c4a34860fd675453b8b36209178c2249bb13651284"
+dependencies = [
+ "toml_edit 0.21.1",
 ]
 
 [[package]]
 name = "proc-macro2"
-version = "1.0.85"
+version = "1.0.86"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "22244ce15aa966053a896d1accb3a6e68469b97c7f33f284b99f0d576879fc23"
+checksum = "5e719e8df665df0d1c8fbfd238015744736151d4445ec0836b8e628aae103b77"
 dependencies = [
  "unicode-ident",
 ]
 
+[[package]]
+name = "proptest"
+version = "1.5.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b4c2511913b88df1637da85cc8d96ec8e43a3f8bb8ccb71ee1ac240d6f3df58d"
+dependencies = [
+ "bit-set",
+ "bit-vec",
+ "bitflags 2.6.0",
+ "lazy_static",
+ "num-traits",
+ "rand",
+ "rand_chacha",
+ "rand_xorshift",
+ "regex-syntax 0.8.4",
+ "rusty-fork",
+ "tempfile",
+ "unarray",
+]
+
+[[package]]
+name = "quick-error"
+version = "1.2.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a1d01941d82fa2ab50be1e79e6714289dd7cde78eba4c074bc5a4374f650dfe0"
+
 [[package]]
 name = "quote"
 version = "1.0.36"
@@ -2064,6 +2482,12 @@ dependencies = [
  "proc-macro2",
 ]
 
+[[package]]
+name = "radium"
+version = "0.7.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "dc33ff2d4973d518d823d61aa239014831e521c75da58e3df4840d3f47749d09"
+
 [[package]]
 name = "rand"
 version = "0.8.5"
@@ -2094,6 +2518,15 @@ dependencies = [
  "getrandom",
 ]
 
+[[package]]
+name = "rand_xorshift"
+version = "0.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d25bf25ec5ae4a3f1b92f929810509a2f53d7dca2f50b794ff57e3face536c8f"
+dependencies = [
+ "rand_core",
+]
+
 [[package]]
 name = "redox_syscall"
 version = "0.5.2"
@@ -2173,7 +2606,7 @@ dependencies = [
  "cfg-if",
  "getrandom",
  "libc",
- "spin 0.9.8",
+ "spin",
  "untrusted",
  "windows-sys 0.52.0",
 ]
@@ -2184,7 +2617,17 @@ version = "0.1.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "bd124222d17ad93a644ed9d011a40f4fb64aa54275c08cc216524a9ea82fb09f"
 dependencies = [
- "digest",
+ "digest 0.10.7",
+]
+
+[[package]]
+name = "rlp"
+version = "0.5.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "bb919243f34364b6bd2fc10ef797edbfa75f33c252e7998527479c6d6b47e1ec"
+dependencies = [
+ "bytes",
+ "rustc-hex",
 ]
 
 [[package]]
@@ -2194,7 +2637,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "5d0e5124fcb30e76a7e79bfee683a2746db83784b86289f6251b54b7950a0dfc"
 dependencies = [
  "const-oid",
- "digest",
+ "digest 0.10.7",
  "num-bigint-dig",
  "num-integer",
  "num-traits",
@@ -2208,6 +2651,36 @@ dependencies = [
  "zeroize",
 ]
 
+[[package]]
+name = "ruint"
+version = "1.12.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2c3cc4c2511671f327125da14133d0c5c5d137f006a1017a16f557bc85b16286"
+dependencies = [
+ "alloy-rlp",
+ "ark-ff 0.3.0",
+ "ark-ff 0.4.2",
+ "bytes",
+ "fastrlp",
+ "num-bigint",
+ "num-traits",
+ "parity-scale-codec",
+ "primitive-types",
+ "proptest",
+ "rand",
+ "rlp",
+ "ruint-macro",
+ "serde",
+ "valuable",
+ "zeroize",
+]
+
+[[package]]
+name = "ruint-macro"
+version = "1.2.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "48fd7bd8a6377e15ad9d42a8ec25371b94ddc67abe7c8b9127bec79bebaaae18"
+
 [[package]]
 name = "rustc-demangle"
 version = "0.1.24"
@@ -2220,13 +2693,28 @@ version = "1.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "08d43f7aa6b08d49f382cde6a7982047c3426db949b1424bc4b7ec9ae12c6ce2"
 
+[[package]]
+name = "rustc-hex"
+version = "2.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3e75f6a532d0fd9f7f13144f392b6ad56a32696bfcd9c78f797f16bbb6f072d6"
+
+[[package]]
+name = "rustc_version"
+version = "0.3.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f0dfe2087c51c460008730de8b57e6a320782fbfb312e1f4d520e6c6fae155ee"
+dependencies = [
+ "semver 0.11.0",
+]
+
 [[package]]
 name = "rustc_version"
 version = "0.4.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "bfa0f585226d2e68097d4f95d113b15b83a82e819ab25717ec0590d9584ef366"
 dependencies = [
- "semver",
+ "semver 1.0.23",
 ]
 
 [[package]]
@@ -2264,15 +2752,27 @@ checksum = "976295e77ce332211c0d24d92c0e83e50f5c5f046d11082cea19f3df13a3562d"
 
 [[package]]
 name = "rustls-webpki"
-version = "0.102.4"
+version = "0.102.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ff448f7e92e913c4b7d4c6d8e4540a1724b319b4152b8aef6d4cf8339712b33e"
+checksum = "f9a6fccd794a42c2c105b513a2f62bc3fd8f3ba57a4593677ceb0bd035164d78"
 dependencies = [
  "ring",
  "rustls-pki-types",
  "untrusted",
 ]
 
+[[package]]
+name = "rusty-fork"
+version = "0.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "cb3dcc6e454c328bb824492db107ab7c0ae8fcffe4ad210136ef014458c1bc4f"
+dependencies = [
+ "fnv",
+ "quick-error",
+ "tempfile",
+ "wait-timeout",
+]
+
 [[package]]
 name = "ryu"
 version = "1.0.18"
@@ -2318,30 +2818,48 @@ dependencies = [
  "cc",
 ]
 
+[[package]]
+name = "semver"
+version = "0.11.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f301af10236f6df4160f7c3f04eec6dbc70ace82d23326abad5edee88801c6b6"
+dependencies = [
+ "semver-parser",
+]
+
 [[package]]
 name = "semver"
 version = "1.0.23"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "61697e0a1c7e512e84a621326239844a24d8207b4669b41bc18b32ea5cbf988b"
 
+[[package]]
+name = "semver-parser"
+version = "0.10.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "00b0bef5b7f9e0df16536d3961cfb6e84331c065b4066afb39768d0e319411f7"
+dependencies = [
+ "pest",
+]
+
 [[package]]
 name = "serde"
-version = "1.0.203"
+version = "1.0.204"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7253ab4de971e72fb7be983802300c30b5a7f0c2e56fab8abfc6a214307c0094"
+checksum = "bc76f558e0cbb2a839d37354c575f1dc3fdc6546b5be373ba43d95f231bf7c12"
 dependencies = [
  "serde_derive",
 ]
 
 [[package]]
 name = "serde_derive"
-version = "1.0.203"
+version = "1.0.204"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "500cbc0ebeb6f46627f50f3f5811ccf6bf00643be300b4c3eabc0ef55dc5b5ba"
+checksum = "e0cd7e117be63d3c3678776753929474f3b04a43a080c744d6b0ae2a8c28e222"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn",
+ "syn 2.0.70",
 ]
 
 [[package]]
@@ -2369,9 +2887,9 @@ dependencies = [
 
 [[package]]
 name = "serde_with"
-version = "3.8.2"
+version = "3.8.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "079f3a42cd87588d924ed95b533f8d30a483388c4e400ab736a7058e34f16169"
+checksum = "e73139bc5ec2d45e6c5fd85be5a46949c1c39a4c18e56915f5eb4c12f975e377"
 dependencies = [
  "base64",
  "chrono",
@@ -2387,14 +2905,14 @@ dependencies = [
 
 [[package]]
 name = "serde_with_macros"
-version = "3.8.2"
+version = "3.8.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bc03aad67c1d26b7de277d51c86892e7d9a0110a2fe44bf6b26cc569fba302d6"
+checksum = "b80d3d6b56b64335c0180e5ffde23b3c5e08c14c585b51a15bd0e95393f46703"
 dependencies = [
  "darling",
  "proc-macro2",
  "quote",
- "syn",
+ "syn 2.0.70",
 ]
 
 [[package]]
@@ -2405,7 +2923,7 @@ checksum = "e3bf829a2d51ab4a5ddf1352d8470c140cadc8301b2ae1789db023f01cedd6ba"
 dependencies = [
  "cfg-if",
  "cpufeatures",
- "digest",
+ "digest 0.10.7",
 ]
 
 [[package]]
@@ -2414,7 +2932,7 @@ version = "0.10.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "89f599ac0c323ebb1c6082821a54962b839832b03984598375bff3975b804423"
 dependencies = [
- "digest",
+ "digest 0.10.7",
  "sha1",
 ]
 
@@ -2426,7 +2944,7 @@ checksum = "793db75ad2bcafc3ffa7c68b215fee268f537982cd901d132f89c6343f3a3dc8"
 dependencies = [
  "cfg-if",
  "cpufeatures",
- "digest",
+ "digest 0.10.7",
 ]
 
 [[package]]
@@ -2435,10 +2953,20 @@ version = "0.10.8"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "75872d278a8f37ef87fa0ddbda7802605cb18344497949862c0d4dcb291eba60"
 dependencies = [
- "digest",
+ "digest 0.10.7",
  "keccak",
 ]
 
+[[package]]
+name = "sha3-asm"
+version = "0.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a9b57fd861253bff08bb1919e995f90ba8f4889de2726091c8876f3a4e823b40"
+dependencies = [
+ "cc",
+ "cfg-if",
+]
+
 [[package]]
 name = "sharded-slab"
 version = "0.1.7"
@@ -2469,7 +2997,7 @@ version = "2.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "77549399552de45a898a580c1b41d445bf730df867cc44e6c0233bbc4b8329de"
 dependencies = [
- "digest",
+ "digest 0.10.7",
  "rand_core",
 ]
 
@@ -2498,12 +3026,6 @@ dependencies = [
  "windows-sys 0.52.0",
 ]
 
-[[package]]
-name = "spin"
-version = "0.5.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d"
-
 [[package]]
 name = "spin"
 version = "0.9.8"
@@ -2520,6 +3042,12 @@ dependencies = [
  "der",
 ]
 
+[[package]]
+name = "static_assertions"
+version = "1.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a2eb9349b6444b326872e140eb1cf5e7c522154d69e7a0ffb0fb81c06b37543f"
+
 [[package]]
 name = "strsim"
 version = "0.11.1"
@@ -2528,21 +3056,38 @@ checksum = "7da8b5736845d9f2fcb837ea5d9e2628564b3b043a70948a3f0b778838c5fb4f"
 
 [[package]]
 name = "subtle"
-version = "2.6.0"
+version = "2.6.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292"
+
+[[package]]
+name = "syn"
+version = "1.0.109"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0d0208408ba0c3df17ed26eb06992cb1a1268d41b2c0e12e65203fbe3972cee5"
+checksum = "72b64191b275b66ffe2469e8af2c1cfe3bafa67b529ead792a6d0160888b4237"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "unicode-ident",
+]
 
 [[package]]
 name = "syn"
-version = "2.0.66"
+version = "2.0.70"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c42f3f41a2de00b01c0aaad383c5a45241efc8b2d1eda5661812fda5f3cdcff5"
+checksum = "2f0209b68b3613b093e0ec905354eccaedcfe83b8cb37cbdeae64026c3064c16"
 dependencies = [
  "proc-macro2",
  "quote",
  "unicode-ident",
 ]
 
+[[package]]
+name = "tap"
+version = "1.0.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "55937e1799185b12863d447f42597ed69d9928686b8d88a1df17376a097d8369"
+
 [[package]]
 name = "tee-key-preexec"
 version = "0.1.2-alpha.1"
@@ -2710,6 +3255,18 @@ dependencies = [
  "tracing-subscriber",
 ]
 
+[[package]]
+name = "tempfile"
+version = "3.10.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "85b77fafb263dd9d05cbeac119526425676db3784113aa9295c88498cbf8bff1"
+dependencies = [
+ "cfg-if",
+ "fastrand",
+ "rustix",
+ "windows-sys 0.52.0",
+]
+
 [[package]]
 name = "terminal_size"
 version = "0.3.0"
@@ -2743,7 +3300,7 @@ checksum = "46c3384250002a6d5af4d114f2845d37b57521033f30d5c3f46c4d70e1197533"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn",
+ "syn 2.0.70",
 ]
 
 [[package]]
@@ -2787,11 +3344,20 @@ dependencies = [
  "time-core",
 ]
 
+[[package]]
+name = "tiny-keccak"
+version = "2.0.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2c9d3793400a45f954c52e73d068316d76b6f4e36977e3fcebb13a2721e80237"
+dependencies = [
+ "crunchy",
+]
+
 [[package]]
 name = "tinyvec"
-version = "1.6.0"
+version = "1.8.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "87cc5ceb3875bb20c2890005a4e226a4651264a5c75edb2421b52861a0a0cb50"
+checksum = "445e881f4f6d382d5f27c034e25eb92edd7c784ceab92a0937db7f2e9471b938"
 dependencies = [
  "tinyvec_macros",
 ]
@@ -2820,7 +3386,7 @@ checksum = "8d9ef545650e79f30233c0003bcc2504d7efac6dad25fca40744de773fe2049c"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn",
+ "syn 2.0.70",
 ]
 
 [[package]]
@@ -2881,6 +3447,17 @@ dependencies = [
  "winnow",
 ]
 
+[[package]]
+name = "toml_edit"
+version = "0.21.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6a8534fd7f78b5405e860340ad6575217ce99f38d4d5c8f2442cb5ecb50090e1"
+dependencies = [
+ "indexmap 2.2.6",
+ "toml_datetime",
+ "winnow",
+]
+
 [[package]]
 name = "tracing"
 version = "0.1.40"
@@ -2914,7 +3491,7 @@ checksum = "34704c8d6ebcbc939824180af020566b01a7c01f80641264eba0999f6c2b6be7"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn",
+ "syn 2.0.70",
 ]
 
 [[package]]
@@ -2971,6 +3548,30 @@ version = "1.17.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "42ff0bf0c66b8238c6f3b578df37d0b7848e55df8577b3f74f92a69acceeb825"
 
+[[package]]
+name = "ucd-trie"
+version = "0.1.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ed646292ffc8188ef8ea4d1e0e0150fb15a5c2e12ad9b8fc191ae7a8a7f3c4b9"
+
+[[package]]
+name = "uint"
+version = "0.9.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "76f64bba2c53b04fcab63c01a7d7427eadc821e3bc48c34dc9ba29c501164b52"
+dependencies = [
+ "byteorder",
+ "crunchy",
+ "hex",
+ "static_assertions",
+]
+
+[[package]]
+name = "unarray"
+version = "0.1.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "eaea85b334db583fe3274d12b4cd1880032beab409c0d774be044d4480ab9a94"
+
 [[package]]
 name = "unicode-bidi"
 version = "0.3.15"
@@ -3021,9 +3622,9 @@ dependencies = [
 
 [[package]]
 name = "uuid"
-version = "1.8.0"
+version = "1.10.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a183cf7feeba97b4dd1c0d46788634f6221d87fa961b305bed08c851829efcc0"
+checksum = "81dfa00651efa65069b0b6b651f4aaa31ba9e3c3ce0137aaad053604ee7e0314"
 dependencies = [
  "getrandom",
 ]
@@ -3079,6 +3680,7 @@ dependencies = [
 name = "verify-attestation-sgx"
 version = "0.1.2-alpha.1"
 dependencies = [
+ "alloy-primitives",
  "anyhow",
  "clap",
  "hex",
@@ -3092,6 +3694,15 @@ version = "0.9.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f"
 
+[[package]]
+name = "wait-timeout"
+version = "0.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9f200f5b12eb75f8c1ed65abd4b2db8a6e1b138a20de009dacee265a2498f3f6"
+dependencies = [
+ "libc",
+]
+
 [[package]]
 name = "wasi"
 version = "0.11.0+wasi-snapshot-preview1"
@@ -3119,7 +3730,7 @@ dependencies = [
  "once_cell",
  "proc-macro2",
  "quote",
- "syn",
+ "syn 2.0.70",
  "wasm-bindgen-shared",
 ]
 
@@ -3141,7 +3752,7 @@ checksum = "e94f17b526d0a461a191c78ea52bbce64071ed5c04c9ffe424dcb38f74171bb7"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn",
+ "syn 2.0.70",
  "wasm-bindgen-backend",
  "wasm-bindgen-shared",
 ]
@@ -3201,7 +3812,7 @@ version = "0.52.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "33ab640c8d7e35bf8ba19b884ba838ceb4fba93a4e8c65a9059d08afcfc683d9"
 dependencies = [
- "windows-targets 0.52.5",
+ "windows-targets 0.52.6",
 ]
 
 [[package]]
@@ -3219,7 +3830,7 @@ version = "0.52.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "282be5f36a8ce781fad8c8ae18fa3f9beff57ec1b52cb3de0789201425d9a33d"
 dependencies = [
- "windows-targets 0.52.5",
+ "windows-targets 0.52.6",
 ]
 
 [[package]]
@@ -3239,18 +3850,18 @@ dependencies = [
 
 [[package]]
 name = "windows-targets"
-version = "0.52.5"
+version = "0.52.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6f0713a46559409d202e70e28227288446bf7841d3211583a4b53e3f6d96e7eb"
+checksum = "9b724f72796e036ab90c1021d4780d4d3d648aca59e491e6b98e725b84e99973"
 dependencies = [
- "windows_aarch64_gnullvm 0.52.5",
- "windows_aarch64_msvc 0.52.5",
- "windows_i686_gnu 0.52.5",
+ "windows_aarch64_gnullvm 0.52.6",
+ "windows_aarch64_msvc 0.52.6",
+ "windows_i686_gnu 0.52.6",
  "windows_i686_gnullvm",
- "windows_i686_msvc 0.52.5",
- "windows_x86_64_gnu 0.52.5",
- "windows_x86_64_gnullvm 0.52.5",
- "windows_x86_64_msvc 0.52.5",
+ "windows_i686_msvc 0.52.6",
+ "windows_x86_64_gnu 0.52.6",
+ "windows_x86_64_gnullvm 0.52.6",
+ "windows_x86_64_msvc 0.52.6",
 ]
 
 [[package]]
@@ -3261,9 +3872,9 @@ checksum = "2b38e32f0abccf9987a4e3079dfb67dcd799fb61361e53e2882c3cbaf0d905d8"
 
 [[package]]
 name = "windows_aarch64_gnullvm"
-version = "0.52.5"
+version = "0.52.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7088eed71e8b8dda258ecc8bac5fb1153c5cffaf2578fc8ff5d61e23578d3263"
+checksum = "32a4622180e7a0ec044bb555404c800bc9fd9ec262ec147edd5989ccd0c02cd3"
 
 [[package]]
 name = "windows_aarch64_msvc"
@@ -3273,9 +3884,9 @@ checksum = "dc35310971f3b2dbbf3f0690a219f40e2d9afcf64f9ab7cc1be722937c26b4bc"
 
 [[package]]
 name = "windows_aarch64_msvc"
-version = "0.52.5"
+version = "0.52.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9985fd1504e250c615ca5f281c3f7a6da76213ebd5ccc9561496568a2752afb6"
+checksum = "09ec2a7bb152e2252b53fa7803150007879548bc709c039df7627cabbd05d469"
 
 [[package]]
 name = "windows_i686_gnu"
@@ -3285,15 +3896,15 @@ checksum = "a75915e7def60c94dcef72200b9a8e58e5091744960da64ec734a6c6e9b3743e"
 
 [[package]]
 name = "windows_i686_gnu"
-version = "0.52.5"
+version = "0.52.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "88ba073cf16d5372720ec942a8ccbf61626074c6d4dd2e745299726ce8b89670"
+checksum = "8e9b5ad5ab802e97eb8e295ac6720e509ee4c243f69d781394014ebfe8bbfa0b"
 
 [[package]]
 name = "windows_i686_gnullvm"
-version = "0.52.5"
+version = "0.52.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "87f4261229030a858f36b459e748ae97545d6f1ec60e5e0d6a3d32e0dc232ee9"
+checksum = "0eee52d38c090b3caa76c563b86c3a4bd71ef1a819287c19d586d7334ae8ed66"
 
 [[package]]
 name = "windows_i686_msvc"
@@ -3303,9 +3914,9 @@ checksum = "8f55c233f70c4b27f66c523580f78f1004e8b5a8b659e05a4eb49d4166cca406"
 
 [[package]]
 name = "windows_i686_msvc"
-version = "0.52.5"
+version = "0.52.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "db3c2bf3d13d5b658be73463284eaf12830ac9a26a90c717b7f771dfe97487bf"
+checksum = "240948bc05c5e7c6dabba28bf89d89ffce3e303022809e73deaefe4f6ec56c66"
 
 [[package]]
 name = "windows_x86_64_gnu"
@@ -3315,9 +3926,9 @@ checksum = "53d40abd2583d23e4718fddf1ebec84dbff8381c07cae67ff7768bbf19c6718e"
 
 [[package]]
 name = "windows_x86_64_gnu"
-version = "0.52.5"
+version = "0.52.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4e4246f76bdeff09eb48875a0fd3e2af6aada79d409d33011886d3e1581517d9"
+checksum = "147a5c80aabfbf0c7d901cb5895d1de30ef2907eb21fbbab29ca94c5b08b1a78"
 
 [[package]]
 name = "windows_x86_64_gnullvm"
@@ -3327,9 +3938,9 @@ checksum = "0b7b52767868a23d5bab768e390dc5f5c55825b6d30b86c844ff2dc7414044cc"
 
 [[package]]
 name = "windows_x86_64_gnullvm"
-version = "0.52.5"
+version = "0.52.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "852298e482cd67c356ddd9570386e2862b5673c85bd5f88df9ab6802b334c596"
+checksum = "24d5b23dc417412679681396f2b49f3de8c1473deb516bd34410872eff51ed0d"
 
 [[package]]
 name = "windows_x86_64_msvc"
@@ -3339,9 +3950,9 @@ checksum = "ed94fce61571a4006852b7389a063ab983c02eb1bb37b47f8272ce92d06d9538"
 
 [[package]]
 name = "windows_x86_64_msvc"
-version = "0.52.5"
+version = "0.52.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bec47e5bfd1bff0eeaf6d8b485cc1074891a197ab4225d504cb7a1ab88b02bf0"
+checksum = "589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec"
 
 [[package]]
 name = "winnow"
@@ -3352,6 +3963,15 @@ dependencies = [
  "memchr",
 ]
 
+[[package]]
+name = "wyz"
+version = "0.5.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "05f360fc0b24296329c78fda852a1e9ae82de9cf7b27dae4b7f62f118f77b9ed"
+dependencies = [
+ "tap",
+]
+
 [[package]]
 name = "x25519-dalek"
 version = "2.0.1"
@@ -3380,22 +4000,22 @@ dependencies = [
 
 [[package]]
 name = "zerocopy"
-version = "0.7.34"
+version = "0.7.35"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ae87e3fcd617500e5d106f0380cf7b77f3c6092aae37191433159dda23cfb087"
+checksum = "1b9b4fd18abc82b8136838da5d50bae7bdea537c574d8dc1a34ed098d6c166f0"
 dependencies = [
  "zerocopy-derive",
 ]
 
 [[package]]
 name = "zerocopy-derive"
-version = "0.7.34"
+version = "0.7.35"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "15e934569e47891f7d9411f1a451d947a60e000ab3bd24fbb970f000387d1b3b"
+checksum = "fa4f8080344d4671fb4e831a13ad1e68092748387dfc4f55e356242fae12ce3e"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn",
+ "syn 2.0.70",
 ]
 
 [[package]]
@@ -3416,32 +4036,32 @@ checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn",
+ "syn 2.0.70",
 ]
 
 [[package]]
 name = "zstd"
-version = "0.13.1"
+version = "0.13.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2d789b1514203a1120ad2429eae43a7bd32b90976a7bb8a05f7ec02fa88cc23a"
+checksum = "fcf2b778a664581e31e389454a7072dab1647606d44f7feea22cd5abb9c9f3f9"
 dependencies = [
  "zstd-safe",
 ]
 
 [[package]]
 name = "zstd-safe"
-version = "7.1.0"
+version = "7.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1cd99b45c6bc03a018c8b8a86025678c87e55526064e38f9df301989dce7ec0a"
+checksum = "fa556e971e7b568dc775c136fc9de8c779b1c2fc3a63defaafadffdbd3181afa"
 dependencies = [
  "zstd-sys",
 ]
 
 [[package]]
 name = "zstd-sys"
-version = "2.0.11+zstd.1.5.6"
+version = "2.0.12+zstd.1.5.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "75652c55c0b6f3e6f12eb786fe1bc960396bf05a1eb3bf1f3691c3610ac2e6d4"
+checksum = "0a4e40c320c3cb459d9a9ff6de98cff88f4751ee9275d140e2be94a2b74e4c13"
 dependencies = [
  "cc",
  "pkg-config",
diff --git a/Cargo.toml b/Cargo.toml
index 144c2c3..92584ee 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -19,6 +19,7 @@ homepage = "https://github.com/matter-labs/teepot"
 actix-http = "3"
 actix-tls = "3"
 actix-web = { version = "4.5", features = ["rustls-0_22"] }
+alloy-primitives = "0.7.7"
 anyhow = "1.0.82"
 awc = { version = "3.4", features = ["rustls-0_22-webpki-roots"] }
 base64 = "0.22.0"
@@ -34,7 +35,7 @@ getrandom = "0.2.14"
 hex = { version = "0.4.3", features = ["std"], default-features = false }
 intel-tee-quote-verification-rs = { package = "teepot-tee-quote-verification-rs", path = "crates/teepot-tee-quote-verification-rs", version = "0.2.3-alpha.1" }
 intel-tee-quote-verification-sys = { version = "0.2.1" }
-secp256k1 = { version = "0.29", features = ["rand-std"] }
+secp256k1 = { version = "0.29", features = ["rand-std",  "global-context"] }
 log = "0.4"
 num-integer = "0.1.46"
 num-traits = "0.2.18"
diff --git a/bin/verify-attestation-sgx/Cargo.toml b/bin/verify-attestation-sgx/Cargo.toml
index cac3436..feed910 100644
--- a/bin/verify-attestation-sgx/Cargo.toml
+++ b/bin/verify-attestation-sgx/Cargo.toml
@@ -8,6 +8,7 @@ repository.workspace = true
 homepage.workspace = true
 
 [dependencies]
+alloy-primitives.workspace = true
 anyhow.workspace = true
 clap.workspace = true
 hex.workspace = true
diff --git a/bin/verify-attestation-sgx/src/main.rs b/bin/verify-attestation-sgx/src/main.rs
index f5535eb..2a0273a 100644
--- a/bin/verify-attestation-sgx/src/main.rs
+++ b/bin/verify-attestation-sgx/src/main.rs
@@ -3,50 +3,80 @@
 
 //! Tool for SGX attestation and batch signature verification
 
-use anyhow::{bail, Context, Result};
-use clap::Parser;
+use alloy_primitives::B256;
+use anyhow::{Context, Result};
+use clap::{Args, Parser, Subcommand};
 use secp256k1::{ecdsa::Signature, Message, PublicKey};
 use std::fs;
 use std::path::PathBuf;
 use std::time::UNIX_EPOCH;
-use teepot::client::TcbLevel;
-use teepot::sgx::{tee_qv_get_collateral, verify_quote_with_collateral, QuoteVerificationResult};
+use teepot::{
+    client::TcbLevel,
+    sgx::{tee_qv_get_collateral, verify_quote_with_collateral, QuoteVerificationResult},
+};
 
 #[derive(Parser, Debug)]
-#[command(author = "Matter Labs", version, about = "TEE attestation verifier", long_about = None)]
+#[command(author = "Matter Labs", version, about = "SGX attestation and batch signature verifier", long_about = None)]
 struct Arguments {
-    /// File containing a batch signature signed within a TEE enclave.
-    #[clap(long)]
-    signature_file: Option<PathBuf>,
     /// File with attestation quote proving signature originated from a TEE enclave.
-    #[clap(long)]
+    #[clap()]
     attestation_file: PathBuf,
+    /// An optional subcommand, for instance, for optional signature verification.
+    #[clap(subcommand)]
+    command: Option<SubCommands>,
+}
+
+#[derive(Args, Debug)]
+struct SignatureArgs {
+    /// File containing a batch signature signed within a TEE enclave.
+    #[arg(long)]
+    signature_file: PathBuf,
+    /// Batch root hash for signature verification.
+    #[arg(long)]
+    root_hash: B256,
+}
+
+#[derive(Subcommand, Debug)]
+enum SubCommands {
+    /// Provide both signature_file and root_hash
+    SignVerify(SignatureArgs),
 }
 
 fn main() -> Result<()> {
     let args = Arguments::parse();
+
     let attestation_quote_bytes = fs::read(&args.attestation_file)?;
     let quote_verification_result = verify_attestation_quote(&attestation_quote_bytes)?;
     print_quote_verification_summary(&quote_verification_result);
-    if let Some(signature_file) = args.signature_file {
-        let reportdata = &quote_verification_result.quote.report_body.reportdata;
-        let verifying_key = PublicKey::from_slice(reportdata)?;
-        // let signature_bytes = fs::read(&args.signature_file)?;
-        // let signature = Signature::from_compact(&signature_bytes)?;
-        let signature = fs::read(&args.signature_file)?.map(Signature::from_compact)?;
-        let message = Message::from_slice(reportdata)?; // TODO
-        if signature.verify(&message, &verifying_key).is_ok() {
-            println!("Signature verified successfully");
-        } else {
-            println!("Failed to verify signature");
+
+    match &args.command {
+        Some(SubCommands::SignVerify(signature_args)) => {
+            verify_signature(&quote_verification_result, signature_args)?;
         }
+        None => {}
+    }
+    Ok(())
+}
+
+fn verify_signature(
+    quote_verification_result: &QuoteVerificationResult,
+    signature_args: &SignatureArgs,
+) -> Result<()> {
+    let reportdata = &quote_verification_result.quote.report_body.reportdata;
+    let public_key = PublicKey::from_slice(reportdata)?;
+    println!("Public key from attestation quote: {}", public_key);
+    let signature_bytes = fs::read(&signature_args.signature_file)?;
+    let signature = Signature::from_compact(&signature_bytes)?;
+    let root_hash_msg = Message::from_digest_slice(&signature_args.root_hash.0)?;
+    if signature.verify(&root_hash_msg, &public_key).is_ok() {
+        println!("Signature verified successfully");
+    } else {
+        println!("Failed to verify signature");
     }
     Ok(())
 }
 
-fn verify_attestation_quote<'a>(
-    attestation_quote_bytes: &'a Vec<u8>,
-) -> Result<QuoteVerificationResult<'a>> {
+fn verify_attestation_quote(attestation_quote_bytes: &[u8]) -> Result<QuoteVerificationResult> {
     println!(
         "Verifying quote ({} bytes)...",
         attestation_quote_bytes.len()
@@ -60,7 +90,7 @@ fn verify_attestation_quote<'a>(
         .context("Failed to verify quote with collateral")
 }
 
-fn print_quote_verification_summary<'a>(quote_verification_result: &QuoteVerificationResult<'a>) {
+fn print_quote_verification_summary(quote_verification_result: &QuoteVerificationResult) {
     let QuoteVerificationResult {
         collateral_expired,
         result,

From 0a0811e99e7e01cec58320f7500b5f82f3ffb934 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Patryk=20B=C4=99za?= <patryk.beza@gmail.com>
Date: Thu, 11 Jul 2024 13:16:16 +0200
Subject: [PATCH 3/5] Fix formatting

---
 Cargo.toml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Cargo.toml b/Cargo.toml
index 92584ee..6bce2ce 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -35,7 +35,7 @@ getrandom = "0.2.14"
 hex = { version = "0.4.3", features = ["std"], default-features = false }
 intel-tee-quote-verification-rs = { package = "teepot-tee-quote-verification-rs", path = "crates/teepot-tee-quote-verification-rs", version = "0.2.3-alpha.1" }
 intel-tee-quote-verification-sys = { version = "0.2.1" }
-secp256k1 = { version = "0.29", features = ["rand-std",  "global-context"] }
+secp256k1 = { version = "0.29", features = ["rand-std", "global-context"] }
 log = "0.4"
 num-integer = "0.1.46"
 num-traits = "0.2.18"

From 78447ea307f7b0062749c4abd91e93a81375090e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Patryk=20B=C4=99za?= <patryk.beza@gmail.com>
Date: Thu, 11 Jul 2024 17:13:11 +0200
Subject: [PATCH 4/5] Unify verify-attestation-sgx and verify-attestation

Rationale: too much copy-paste
---
 Cargo.lock                             |   9 --
 bin/verify-attestation-sgx/Cargo.toml  |  16 ---
 bin/verify-attestation-sgx/src/main.rs | 113 --------------------
 bin/verify-attestation/Cargo.toml      |   3 +
 bin/verify-attestation/src/main.rs     | 142 +++++++++++++++++++------
 packages/teepot/default.nix            |   1 -
 6 files changed, 111 insertions(+), 173 deletions(-)
 delete mode 100644 bin/verify-attestation-sgx/Cargo.toml
 delete mode 100644 bin/verify-attestation-sgx/src/main.rs

diff --git a/Cargo.lock b/Cargo.lock
index a3dca27..65700eb 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -3670,15 +3670,6 @@ dependencies = [
 [[package]]
 name = "verify-attestation"
 version = "0.1.2-alpha.1"
-dependencies = [
- "anyhow",
- "hex",
- "teepot",
-]
-
-[[package]]
-name = "verify-attestation-sgx"
-version = "0.1.2-alpha.1"
 dependencies = [
  "alloy-primitives",
  "anyhow",
diff --git a/bin/verify-attestation-sgx/Cargo.toml b/bin/verify-attestation-sgx/Cargo.toml
deleted file mode 100644
index feed910..0000000
--- a/bin/verify-attestation-sgx/Cargo.toml
+++ /dev/null
@@ -1,16 +0,0 @@
-[package]
-name = "verify-attestation-sgx"
-version.workspace = true
-edition.workspace = true
-authors.workspace = true
-license.workspace = true
-repository.workspace = true
-homepage.workspace = true
-
-[dependencies]
-alloy-primitives.workspace = true
-anyhow.workspace = true
-clap.workspace = true
-hex.workspace = true
-secp256k1.workspace = true
-teepot.workspace = true
diff --git a/bin/verify-attestation-sgx/src/main.rs b/bin/verify-attestation-sgx/src/main.rs
deleted file mode 100644
index 2a0273a..0000000
--- a/bin/verify-attestation-sgx/src/main.rs
+++ /dev/null
@@ -1,113 +0,0 @@
-// SPDX-License-Identifier: Apache-2.0
-// Copyright (c) 2023-2024 Matter Labs
-
-//! Tool for SGX attestation and batch signature verification
-
-use alloy_primitives::B256;
-use anyhow::{Context, Result};
-use clap::{Args, Parser, Subcommand};
-use secp256k1::{ecdsa::Signature, Message, PublicKey};
-use std::fs;
-use std::path::PathBuf;
-use std::time::UNIX_EPOCH;
-use teepot::{
-    client::TcbLevel,
-    sgx::{tee_qv_get_collateral, verify_quote_with_collateral, QuoteVerificationResult},
-};
-
-#[derive(Parser, Debug)]
-#[command(author = "Matter Labs", version, about = "SGX attestation and batch signature verifier", long_about = None)]
-struct Arguments {
-    /// File with attestation quote proving signature originated from a TEE enclave.
-    #[clap()]
-    attestation_file: PathBuf,
-    /// An optional subcommand, for instance, for optional signature verification.
-    #[clap(subcommand)]
-    command: Option<SubCommands>,
-}
-
-#[derive(Args, Debug)]
-struct SignatureArgs {
-    /// File containing a batch signature signed within a TEE enclave.
-    #[arg(long)]
-    signature_file: PathBuf,
-    /// Batch root hash for signature verification.
-    #[arg(long)]
-    root_hash: B256,
-}
-
-#[derive(Subcommand, Debug)]
-enum SubCommands {
-    /// Provide both signature_file and root_hash
-    SignVerify(SignatureArgs),
-}
-
-fn main() -> Result<()> {
-    let args = Arguments::parse();
-
-    let attestation_quote_bytes = fs::read(&args.attestation_file)?;
-    let quote_verification_result = verify_attestation_quote(&attestation_quote_bytes)?;
-    print_quote_verification_summary(&quote_verification_result);
-
-    match &args.command {
-        Some(SubCommands::SignVerify(signature_args)) => {
-            verify_signature(&quote_verification_result, signature_args)?;
-        }
-        None => {}
-    }
-    Ok(())
-}
-
-fn verify_signature(
-    quote_verification_result: &QuoteVerificationResult,
-    signature_args: &SignatureArgs,
-) -> Result<()> {
-    let reportdata = &quote_verification_result.quote.report_body.reportdata;
-    let public_key = PublicKey::from_slice(reportdata)?;
-    println!("Public key from attestation quote: {}", public_key);
-    let signature_bytes = fs::read(&signature_args.signature_file)?;
-    let signature = Signature::from_compact(&signature_bytes)?;
-    let root_hash_msg = Message::from_digest_slice(&signature_args.root_hash.0)?;
-    if signature.verify(&root_hash_msg, &public_key).is_ok() {
-        println!("Signature verified successfully");
-    } else {
-        println!("Failed to verify signature");
-    }
-    Ok(())
-}
-
-fn verify_attestation_quote(attestation_quote_bytes: &[u8]) -> Result<QuoteVerificationResult> {
-    println!(
-        "Verifying quote ({} bytes)...",
-        attestation_quote_bytes.len()
-    );
-    let collateral =
-        tee_qv_get_collateral(&attestation_quote_bytes).context("Failed to get collateral")?;
-    let unix_time: i64 = std::time::SystemTime::now()
-        .duration_since(UNIX_EPOCH)?
-        .as_secs() as _;
-    verify_quote_with_collateral(&attestation_quote_bytes, Some(&collateral), unix_time)
-        .context("Failed to verify quote with collateral")
-}
-
-fn print_quote_verification_summary(quote_verification_result: &QuoteVerificationResult) {
-    let QuoteVerificationResult {
-        collateral_expired,
-        result,
-
-        quote,
-        advisories,
-        ..
-    } = quote_verification_result;
-    if *collateral_expired {
-        println!("Freshly fetched collateral expired");
-    }
-    let tcblevel = TcbLevel::from(*result);
-    for advisory in advisories {
-        println!("\tInfo: Advisory ID: {advisory}");
-    }
-    println!("Quote verification result: {}", tcblevel);
-    println!("mrsigner: {}", hex::encode(quote.report_body.mrsigner));
-    println!("mrenclave: {}", hex::encode(quote.report_body.mrenclave));
-    println!("reportdata: {}", hex::encode(quote.report_body.reportdata));
-}
diff --git a/bin/verify-attestation/Cargo.toml b/bin/verify-attestation/Cargo.toml
index 007b526..9a17bfc 100644
--- a/bin/verify-attestation/Cargo.toml
+++ b/bin/verify-attestation/Cargo.toml
@@ -7,6 +7,9 @@ license.workspace = true
 repository.workspace = true
 
 [dependencies]
+alloy-primitives.workspace = true
 anyhow.workspace = true
+clap.workspace = true
 hex.workspace = true
+secp256k1.workspace = true
 teepot.workspace = true
diff --git a/bin/verify-attestation/src/main.rs b/bin/verify-attestation/src/main.rs
index 7fa15d6..3b8ffc1 100644
--- a/bin/verify-attestation/src/main.rs
+++ b/bin/verify-attestation/src/main.rs
@@ -1,60 +1,134 @@
 // SPDX-License-Identifier: Apache-2.0
 // Copyright (c) 2023-2024 Matter Labs
 
-//! Simple TEE attestation verification test
+//! Tool for SGX attestation and batch signature verification
 
-#![deny(missing_docs)]
-#![deny(clippy::all)]
+use alloy_primitives::B256;
+use anyhow::{Context, Result};
+use clap::{Args, Parser, Subcommand};
+use secp256k1::{ecdsa::Signature, Message, PublicKey};
+use std::{fs, io::Read, path::PathBuf, str::FromStr, time::UNIX_EPOCH};
+use teepot::{
+    client::TcbLevel,
+    sgx::{tee_qv_get_collateral, verify_quote_with_collateral, QuoteVerificationResult},
+};
 
-use anyhow::{bail, Context, Result};
-use std::io::Read;
-use std::time::UNIX_EPOCH;
-use teepot::client::TcbLevel;
-use teepot::sgx::{tee_qv_get_collateral, verify_quote_with_collateral, QuoteVerificationResult};
+#[derive(Parser, Debug)]
+#[command(author = "Matter Labs", version, about = "SGX attestation and batch signature verifier", long_about = None)]
+struct Arguments {
+    /// Attestation quote proving the signature originated from a TEE enclave.
+    #[clap(value_parser)]
+    attestation: ArgSource,
+    /// An optional subcommand, for instance, for optional signature verification.
+    #[clap(subcommand)]
+    command: Option<SubCommands>,
+}
 
-fn main() -> Result<()> {
-    // read myquote from stdin
-    let mut myquote = Vec::new();
-    std::io::stdin()
-        .read_to_end(&mut myquote)
-        .context("Failed to read quote from stdin")?;
+#[derive(Debug, Clone)]
+enum ArgSource {
+    File(PathBuf),
+    Stdin,
+}
+
+impl FromStr for ArgSource {
+    type Err = &'static str;
+
+    fn from_str(s: &str) -> Result<Self, Self::Err> {
+        match s {
+            "-" => Ok(ArgSource::Stdin),
+            _ => Ok(ArgSource::File(PathBuf::from(s))),
+        }
+    }
+}
 
-    println!("Verifying quote ({} bytes)...", myquote.len());
+#[derive(Args, Debug)]
+struct SignatureArgs {
+    /// File containing a batch signature signed within a TEE enclave.
+    #[arg(long)]
+    signature_file: PathBuf,
+    /// Batch root hash for signature verification.
+    #[arg(long)]
+    root_hash: B256,
+}
+
+#[derive(Subcommand, Debug)]
+enum SubCommands {
+    /// Verify a batch signature signed within a TEE enclave.
+    SignVerify(SignatureArgs),
+}
 
-    let collateral = tee_qv_get_collateral(&myquote).context("Failed to get collateral")?;
+fn main() -> Result<()> {
+    let args = Arguments::parse();
+    let attestation_quote_bytes = match args.attestation {
+        ArgSource::File(path) => fs::read(&path)?,
+        ArgSource::Stdin => {
+            let mut quote = Vec::new();
+            std::io::stdin()
+                .read_to_end(&mut quote)
+                .context("Failed to read attestation quote from stdin")?;
+            quote
+        }
+    };
+    let quote_verification_result = verify_attestation_quote(&attestation_quote_bytes)?;
+    print_quote_verification_summary(&quote_verification_result);
+    match &args.command {
+        Some(SubCommands::SignVerify(signature_args)) => {
+            verify_signature(&quote_verification_result, signature_args)?;
+        }
+        None => {}
+    }
+    Ok(())
+}
 
+fn verify_signature(
+    quote_verification_result: &QuoteVerificationResult,
+    signature_args: &SignatureArgs,
+) -> Result<()> {
+    let reportdata = &quote_verification_result.quote.report_body.reportdata;
+    let public_key = PublicKey::from_slice(reportdata)?;
+    println!("Public key from attestation quote: {}", public_key);
+    let signature_bytes = fs::read(&signature_args.signature_file)?;
+    let signature = Signature::from_compact(&signature_bytes)?;
+    let root_hash_msg = Message::from_digest_slice(&signature_args.root_hash.0)?;
+    if signature.verify(&root_hash_msg, &public_key).is_ok() {
+        println!("Signature verified successfully");
+    } else {
+        println!("Failed to verify signature");
+    }
+    Ok(())
+}
+
+fn verify_attestation_quote(attestation_quote_bytes: &[u8]) -> Result<QuoteVerificationResult> {
+    println!(
+        "Verifying quote ({} bytes)...",
+        attestation_quote_bytes.len()
+    );
+    let collateral =
+        tee_qv_get_collateral(&attestation_quote_bytes).context("Failed to get collateral")?;
     let unix_time: i64 = std::time::SystemTime::now()
-        .duration_since(UNIX_EPOCH)
-        .unwrap()
+        .duration_since(UNIX_EPOCH)?
         .as_secs() as _;
+    verify_quote_with_collateral(&attestation_quote_bytes, Some(&collateral), unix_time)
+        .context("Failed to verify quote with collateral")
+}
 
+fn print_quote_verification_summary(quote_verification_result: &QuoteVerificationResult) {
     let QuoteVerificationResult {
         collateral_expired,
         result,
-
         quote,
         advisories,
         ..
-    } = verify_quote_with_collateral(&myquote, Some(&collateral), unix_time.saturating_add(60))
-        .context("Failed to verify quote with collateral")?;
-
-    if collateral_expired {
-        bail!("Freshly fetched collateral expired");
+    } = quote_verification_result;
+    if *collateral_expired {
+        println!("Freshly fetched collateral expired");
     }
-
-    let tcblevel = TcbLevel::from(result);
-    if tcblevel != TcbLevel::Ok {
-        println!("Quote verification result: {}", tcblevel);
-    }
-
+    let tcblevel = TcbLevel::from(*result);
     for advisory in advisories {
         println!("\tInfo: Advisory ID: {advisory}");
     }
-
-    println!("Quote verified successfully: {}", tcblevel);
+    println!("Quote verification result: {}", tcblevel);
     println!("mrsigner: {}", hex::encode(quote.report_body.mrsigner));
     println!("mrenclave: {}", hex::encode(quote.report_body.mrenclave));
     println!("reportdata: {}", hex::encode(quote.report_body.reportdata));
-
-    Ok(())
 }
diff --git a/packages/teepot/default.nix b/packages/teepot/default.nix
index 8f04925..1a8745c 100644
--- a/packages/teepot/default.nix
+++ b/packages/teepot/default.nix
@@ -29,7 +29,6 @@
       "vault_admin"
       "vault_unseal"
       "verify_attestation"
-      "verify_attestation_sgx"
     ];
     postInstall = ''
       removeReferencesToVendoredSources "$out" "$cargoVendorDir"

From 51c1e72a032dc848789cbd1eca6a38d384f25339 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Patryk=20B=C4=99za?= <patryk.beza@gmail.com>
Date: Thu, 11 Jul 2024 17:49:37 +0200
Subject: [PATCH 5/5] Use Docker's entrypoint instead of command

---
 bin/tee-self-attestation-test/README.md               | 6 +++---
 bin/verify-attestation/src/main.rs                    | 2 +-
 packages/container-verify-attestation-sgx/default.nix | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/bin/tee-self-attestation-test/README.md b/bin/tee-self-attestation-test/README.md
index f7612a3..55d273a 100644
--- a/bin/tee-self-attestation-test/README.md
+++ b/bin/tee-self-attestation-test/README.md
@@ -14,7 +14,7 @@ $ nix build -L .#container-self-attestation-test-sgx-azure && docker load -i res
 ❯ docker run -i --init --rm --privileged --device /dev/sgx_enclave \
     matterlabsrobot/teepot-self-attestation-test-sgx-azure:latest \
     | base64 -d --ignore-garbage \
-    | docker run -i --rm matterlabsrobot/verify-attestation-sgx:latest
+    | docker run -i --rm matterlabsrobot/verify-attestation-sgx:latest -
 
 aesm_service: warning: Turn to daemon. Use "--no-daemon" option to execute in foreground.
 Gramine is starting. Parsing TOML manifest file, this may take some time...
@@ -33,7 +33,7 @@ reportdata: 00000000000000000000000000000000000000000000000000000000000000000000
 ❯ docker run -i --init --rm --privileged --device /dev/sgx_enclave \
     matterlabsrobot/teepot-self-attestation-test-sgx-dcap:latest \
     | base64 -d --ignore-garbage \
-    | docker run -i --rm matterlabsrobot/verify-attestation-sgx:latest
+    | docker run -i --rm matterlabsrobot/verify-attestation-sgx:latest -
 
 aesm_service: warning: Turn to daemon. Use "--no-daemon" option to execute in foreground.
 Gramine is starting. Parsing TOML manifest file, this may take some time...
@@ -50,7 +50,7 @@ On an outdated machine, this might look like this:
 ❯ docker run -i --init --rm --privileged --device /dev/sgx_enclave \
                 matterlabsrobot/teepot-self-attestation-test-sgx-dcap:latest \
                 | base64 -d --ignore-garbage \
-                | docker run -i --rm matterlabsrobot/verify-attestation-sgx:latest
+                | docker run -i --rm matterlabsrobot/verify-attestation-sgx:latest -
 
 aesm_service: warning: Turn to daemon. Use "--no-daemon" option to execute in foreground.
 Gramine is starting. Parsing TOML manifest file, this may take some time...
diff --git a/bin/verify-attestation/src/main.rs b/bin/verify-attestation/src/main.rs
index 3b8ffc1..bf8acaf 100644
--- a/bin/verify-attestation/src/main.rs
+++ b/bin/verify-attestation/src/main.rs
@@ -17,7 +17,7 @@ use teepot::{
 #[command(author = "Matter Labs", version, about = "SGX attestation and batch signature verifier", long_about = None)]
 struct Arguments {
     /// Attestation quote proving the signature originated from a TEE enclave.
-    #[clap(value_parser)]
+    #[clap(name = "attestation_file", value_parser)]
     attestation: ArgSource,
     /// An optional subcommand, for instance, for optional signature verification.
     #[clap(subcommand)]
diff --git a/packages/container-verify-attestation-sgx/default.nix b/packages/container-verify-attestation-sgx/default.nix
index 3d88a1a..d01e540 100644
--- a/packages/container-verify-attestation-sgx/default.nix
+++ b/packages/container-verify-attestation-sgx/default.nix
@@ -10,7 +10,7 @@
 dockerTools.buildLayeredImage {
   name = "verify-attestation-sgx";
 
-  config.Cmd = [ "${teepot.teepot.verify_attestation}/bin/verify-attestation" ];
+  config.Entrypoint = [ "${teepot.teepot.verify_attestation}/bin/verify-attestation" ];
   config.Env = [ "LD_LIBRARY_PATH=/lib" ];
   contents = buildEnv {
     name = "image-root";