Add remote quote provider arg for flashtestations

Author: avalonche

Cargo.lock

@@ -126,6 +126,7 @@ http = "1.0"
 sha3 = "0.10"
 hex = "0.4"
 ureq = "2.10"
+k256 = "0.13.4"
 
 rollup-boost = { git = "https://github.com/flashbots/rollup-boost", rev = "b86af43969557bee18f17ec1d6bcd3e984f910b2" }
 

crates/op-rbuilder/Cargo.toml

@@ -23,17 +23,24 @@ pub struct FlashtestationsArgs {
     )]
     pub debug: bool,
 
-    // Debug url for attestations
-    #[arg(long = "flashtestations.debug-url", env = "FLASHTESTATIONS_DEBUG_URL")]
-    pub debug_url: Option<String>,
+    // Debug static key for the tee key. DO NOT USE IN PRODUCTION
+    #[arg(
+        long = "flashtestations.debug-tee-key-seed",
+        env = "FLASHTESTATIONS_DEBUG_TEE_KEY_SEED",
+        default_value = "debug"
+    )]
+    pub debug_tee_key_seed: String,
 
-    /// The rpc url to post the onchain attestation requests to
+    // Remote url for attestations
     #[arg(
-        long = "flashtestations.rpc-url",
-        env = "FLASHTESTATIONS_RPC_URL",
-        default_value = "http://localhost:8545"
+        long = "flashtestations.quote-provider",
+        env = "FLASHTESTATIONS_QUOTE_PROVIDER"
     )]
-    pub rpc_url: String,
+    pub quote_provider: Option<String>,
+
+    /// The rpc url to post the onchain attestation requests to
+    #[arg(long = "flashtestations.rpc-url", env = "FLASHTESTATIONS_RPC_URL")]
+    pub rpc_url: Option<String>,
 
     /// Funding key for the TEE key
     #[arg(

crates/op-rbuilder/src/flashtestations/args.rs

@@ -9,27 +9,27 @@ const DEBUG_QUOTE_SERVICE_URL: &str = "http://ns31695324.ip-141-94-163.eu:10080/
 pub struct AttestationConfig {
     /// If true, uses the debug HTTP service instead of real TDX hardware
     pub debug: bool,
-    /// The URL of the debug HTTP service
-    pub debug_url: Option<String>,
+    /// The URL of the quote provider
+    pub quote_provider: Option<String>,
 }
 
 /// Trait for attestation providers
 pub trait AttestationProvider {
     fn get_attestation(&self, report_data: [u8; 64]) -> eyre::Result<Vec<u8>>;
 }
 
-/// Debug HTTP service attestation provider
-pub struct DebugAttestationProvider {
+/// Remote attestation provider
+pub struct RemoteAttestationProvider {
     service_url: String,
 }
 
-impl DebugAttestationProvider {
+impl RemoteAttestationProvider {
     pub fn new(service_url: String) -> Self {
         Self { service_url }
     }
 }
 
-impl AttestationProvider for DebugAttestationProvider {
+impl AttestationProvider for RemoteAttestationProvider {
     fn get_attestation(&self, report_data: [u8; 64]) -> eyre::Result<Vec<u8>> {
         let report_data_hex = hex::encode(report_data);
         let url = format!("{}/{}", self.service_url, report_data_hex);
@@ -51,15 +51,16 @@ pub fn get_attestation_provider(
     config: AttestationConfig,
 ) -> Box<dyn AttestationProvider + Send + Sync> {
     if config.debug {
-        Box::new(DebugAttestationProvider::new(
+        Box::new(RemoteAttestationProvider::new(
             config
-                .debug_url
+                .quote_provider
                 .unwrap_or(DEBUG_QUOTE_SERVICE_URL.to_string()),
         ))
     } else {
-        // TODO: replace with real attestation provider
-        Box::new(DebugAttestationProvider::new(
-            DEBUG_QUOTE_SERVICE_URL.to_string(),
+        Box::new(RemoteAttestationProvider::new(
+            config
+                .quote_provider
+                .expect("remote quote provider must be specified when not in debug mode"),
         ))
     }
 }

crates/op-rbuilder/src/flashtestations/attestation.rs

@@ -47,14 +47,15 @@ impl FlashtestationsService {
 
         let attestation_provider = Arc::new(get_attestation_provider(AttestationConfig {
             debug: args.debug,
-            debug_url: args.debug_url,
+            quote_provider: args.quote_provider,
         }));
 
         let tx_manager = TxManager::new(
             tee_service_signer,
             args.funding_key
                 .expect("funding key required when flashtestations enabled"),
-            args.rpc_url,
+            args.rpc_url
+                .expect("external rpc url required when flashtestations enabled"),
             args.registry_address
                 .expect("registry address required when flashtestations enabled"),
             args.builder_policy_address

crates/op-rbuilder/src/flashtestations/service.rs

@@ -2,6 +2,7 @@ use std::str::FromStr;
 
 use alloy_consensus::SignableTransaction;
 use alloy_primitives::{Address, B256, Signature, U256};
+use k256::sha2::Sha256;
 use op_alloy_consensus::OpTypedTransaction;
 use reth_optimism_primitives::OpTransactionSigned;
 use reth_primitives::Recovered;
@@ -100,6 +101,23 @@ pub fn public_key_to_address(public_key: &PublicKey) -> Address {
     Address::from_slice(&hash[12..32])
 }
 
+// Generate a key deterministically from a seed for debug and testing
+// Do not use in production
+pub fn generate_key_from_seed(seed: &str) -> (SecretKey, PublicKey, Address) {
+    // Hash the seed
+    let mut hasher = Sha256::new();
+    hasher.update(seed.as_bytes());
+    let hash = hasher.finalize();
+
+    // Create signing key
+    let secp = Secp256k1::new();
+    let private_key = SecretKey::from_slice(&hash).expect("Failed to create private key");
+    let public_key = PublicKey::from_secret_key(&secp, &private_key);
+    let address = public_key_to_address(&public_key);
+
+    (private_key, public_key, address)
+}
+
 #[cfg(test)]
 mod test {
     use super::*;