feat: change to gcp attestation verification

app/src/stores/protocolStore.ts

@@ -126,7 +126,7 @@ export const useProtocolStore = create<ProtocolState>((set, get) => ({
       }
     },
     fetch_circuits_dns_mapping: async (environment: 'prod' | 'stg') => {
-      const url = `${environment === 'prod' ? API_URL : API_URL_STAGING}/circuit-dns-mapping`;
+      const url = `${environment === 'prod' ? API_URL : API_URL_STAGING}/circuit-dns-mapping-gcp`;
       try {
         const response = await fetch(url);
         if (!response.ok) {
@@ -255,7 +255,7 @@ export const useProtocolStore = create<ProtocolState>((set, get) => ({
       }
     },
     fetch_circuits_dns_mapping: async (environment: 'prod' | 'stg') => {
-      const url = `${environment === 'prod' ? API_URL : API_URL_STAGING}/circuit-dns-mapping`;
+      const url = `${environment === 'prod' ? API_URL : API_URL_STAGING}/circuit-dns-mapping-gcp`;
       try {
         const response = await fetch(url);
         if (!response.ok) {

app/src/utils/proving/provingMachine.ts

@@ -16,7 +16,10 @@ import {
   getCircuitNameFromPassportData,
   getSolidityPackedUserContextData,
 } from '@selfxyz/common/utils';
-import { getPublicKey, verifyAttestation } from '@selfxyz/common/utils/attest';
+import {
+  checkPCR0Mapping,
+  validatePKIToken,
+} from '@selfxyz/common/utils/attest';
 import {
   clientKey,
   clientPublicKeyHex,
@@ -336,9 +339,25 @@ export const useProvingStore = create<ProvingState>((set, get) => {
           trackEvent(ProofEvents.ATTESTATION_RECEIVED);
           const attestationData = result.result.attestation;
           set({ attestation: attestationData });
+          const attestationToken =
+            Buffer.from(attestationData).toString('utf-8');
+
+          const { userPubkey, serverPubkey, imageHash, verified } =
+            validatePKIToken(attestationToken, __DEV__);
+
+          const pcr0Mapping = await checkPCR0Mapping(imageHash);
+
+          if (!pcr0Mapping) {
+            console.error('PCR0 mapping not found');
+            actor!.send({ type: 'CONNECT_ERROR' });
+            return;
+          }
 
-          const serverPubkey = getPublicKey(attestationData);
-          const verified = await verifyAttestation(attestationData);
+          if (clientPublicKeyHex !== userPubkey.toString('hex')) {
+            console.error('User public key does not match');
+            actor!.send({ type: 'CONNECT_ERROR' });
+            return;
+          }
 
           if (!verified) {
             console.error('Attestation verification failed');
@@ -348,11 +367,11 @@ export const useProvingStore = create<ProvingState>((set, get) => {
 
           trackEvent(ProofEvents.ATTESTATION_VERIFIED);
 
-          const serverKey = ec.keyFromPublic(serverPubkey as string, 'hex');
+          const serverKey = ec.keyFromPublic(serverPubkey, 'hex');
           const derivedKey = clientKey.derive(serverKey.getPublic());
 
           set({
-            serverPublicKey: serverPubkey,
+            serverPublicKey: serverKey.getPublic(true, 'hex'),
             sharedKey: Buffer.from(derivedKey.toArray('be', 32)),
           });
           trackEvent(ProofEvents.SHARED_KEY_DERIVED);
@@ -541,10 +560,7 @@ export const useProvingStore = create<ProvingState>((set, get) => {
         method: 'openpassport_hello',
         id: 1,
         params: {
-          user_pubkey: [
-            4,
-            ...Array.from(Buffer.from(clientPublicKeyHex, 'hex')),
-          ],
+          user_pubkey: [...Array.from(Buffer.from(clientPublicKeyHex, 'hex'))],
           uuid: connectionUuid,
         },
       };