newton-core 0.4.16

newton protocol core sdk
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45

//! AttestationContext — public values committed by the SP1 attestation circuit.
//!
//! The on-chain AttestationProofVerifier decodes this from the proof's journal
//! and binds each field to on-chain state (PCR0 registry, task attestation hash, etc.).

use alloy::sol;
use serde::{Deserialize, Serialize};

sol! {
    /// Public values committed by the SP1 attestation verification circuit.
    /// Decoded on-chain by AttestationProofVerifier.verifyAttestationProof().
    #[derive(Debug, Serialize, Deserialize)]
    struct AttestationContext {
        /// Task ID the attestation is bound to
        bytes32 taskId;
        /// keccak256(abi.encode(taskResponse)) — binds attestation to specific response
        bytes32 responseDigest;
        /// keccak256(attestation_bytes) — binds proof to the specific on-chain attestation
        bytes32 attestationHash;
        /// keccak256(pcr0_bytes) — matches EnclaveVersionRegistry entries
        bytes32 pcr0Hash;
        /// keccak256(root_cert_der) — matches EnclaveVersionRegistry.rootCertHash
        bytes32 rootCertHash;
        /// false when the circuit proves the attestation is invalid (fraud proof)
        bool isValid;
        /// 0=valid, 1=invalid_cert_chain, 2=pcr0_not_whitelisted, 3=task_binding_mismatch, 4=expired
        uint8 failureReason;
    }
}

/// Failure reason codes matching the on-chain uint8 encoding.
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
#[repr(u8)]
pub enum FailureReason {
    /// Attestation is valid.
    Valid = 0,
    /// X.509 certificate chain does not root to the trusted CA.
    InvalidCertChain = 1,
    /// PCR0 is not in the on-chain whitelist.
    Pcr0NotWhitelisted = 2,
    /// user_data does not match keccak256(task_id || response_digest).
    TaskBindingMismatch = 3,
    /// A certificate in the chain has expired.
    Expired = 4,
}