Move cert into standardized part of OSP validation

Author: Tristan-Wilson

src/osp/ICustomDAProofValidator.sol

@@ -7,13 +7,13 @@ pragma solidity ^0.8.0;
 /**
  * @title ICustomDAProofValidator
  * @notice Interface for custom data availability proof validators
- * @dev All proofs MUST start with [certKeccak256(32), offset(8), ...] format
- *      Implementations MUST validate certKeccak256 against the certificate.
+ * @dev All proofs MUST start with [certKeccak256(32), offset(8), certSize(8), certificate, ...]
+ *      The OSP validates certKeccak256 matches the machine's request before calling this
  */
 interface ICustomDAProofValidator {
     /**
      * @notice Validates a custom DA proof and returns the preimage chunk
-     * @param proof The complete proof data starting with [certKeccak256(32), offset(8), ...]
+     * @param proof The complete proof data starting with [certKeccak256(32), offset(8), certSize(8), certificate, ...]
      * @return preimageChunk The 32-byte chunk of preimage data
      */
     function validateReadPreimage(

src/osp/OneStepProverHostIo.sol

@@ -236,18 +236,33 @@ contract OneStepProverHostIo is IOneStepProver {
 
             bytes calldata customProof = proof[proofOffset:];
 
-            // All CustomDA proofs must start with [certKeccak256(32), offset(8), ...]
-            require(customProof.length >= 40, "CUSTOM_DA_PROOF_TOO_SHORT");
+            // All CustomDA proofs must start with [certKeccak256(32), offset(8), certSize(8), certificate, ...]
+            require(customProof.length >= 48, "CUSTOM_DA_PROOF_TOO_SHORT");
 
+            // Extract standardized header
             bytes32 certKeccak256;
+            uint256 requestedOffsetInProof;
+            uint256 certSize;
             assembly {
                 certKeccak256 := calldataload(add(customProof.offset, 0))
+                requestedOffsetInProof := shr(192, calldataload(add(customProof.offset, 32))) // Read 8 bytes at position 32
+                certSize := shr(192, calldataload(add(customProof.offset, 40))) // Read 8 bytes at position 40
             }
 
-			// leafContents containts the preimage hash that we have proven to exist in machine memory.
+            // SECURITY CHECK: Verify the offset in the proof matches what the machine requested
+            require(requestedOffsetInProof == preimageOffset, "WRONG_OFFSET");
+
+            require(customProof.length >= 48 + certSize, "PROOF_TOO_SHORT_FOR_CERT");
+
+            // Extract and validate certificate
+            bytes calldata certificate = customProof[48:48 + certSize];
+            require(keccak256(certificate) == certKeccak256, "INVALID_CERTIFICATE_HASH");
+
+            // SECURITY CHECK: Verify this is the certificate the machine requested
+            // leafContents contains the preimage hash that we have proven to exist in machine memory
             require(certKeccak256 == leafContents, "WRONG_CERTIFICATE_HASH");
 
-            // Now delegate to the custom validator
+            // Now delegate to the custom validator with the full proof
             extracted = customDAValidator.validateReadPreimage(customProof);
 
             // Ensure we got a valid response

src/osp/ReferenceDAProofValidator.sol

@@ -13,76 +13,63 @@ import "./ICustomDAProofValidator.sol";
 contract ReferenceDAProofValidator is ICustomDAProofValidator {
     /**
      * @notice Validates a ReferenceDA proof and returns the preimage chunk
-     * @param proof ReferenceDA proof format: [certKeccak256(32), offset(8), Version(1), CertificateSize(8), Certificate, PreimageSize(8), PreimageData]
+     * @param proof Standardized CustomDA proof format is: [certKeccak256(32), offset(8), certSize(8), certificate]
+	                followed by the ReferenceDA specific: [version(1), preimageSize(8), preimageData]
      * @return preimageChunk The 32-byte chunk at the specified offset
      */
     function validateReadPreimage(
         bytes calldata proof
     ) external pure override returns (bytes memory preimageChunk) {
-        // Proof format: [certKeccak256(32), offset(8), Version(1), CertificateSize(8), Certificate, PreimageSize(8), PreimageData]
-        require(proof.length >= 58, "Proof too short"); // 32 + 8 + 1 + 8 + 8 + at least 1 byte
-
-        // Extract certKeccak256 and offset from enhanced proof wrapper
-        bytes32 certKeccak256;
+        // Extract offset from standardized header (already validated by OSP)
         uint256 offset;
+        uint256 certSize;
         assembly {
-            certKeccak256 := calldataload(add(proof.offset, 0))
-            offset := shr(192, calldataload(add(proof.offset, 32))) // Read 8 bytes as uint256
+            offset := shr(192, calldataload(add(proof.offset, 32))) // Read 8 bytes at position 32
+            certSize := shr(192, calldataload(add(proof.offset, 40))) // Read 8 bytes at position 40
         }
 
-        // The actual custom proof starts at offset 40
-        uint256 customProofStart = 40;
+        // Certificate has already been validated by OSP, just extract it
+        uint256 certStart = 48;
+        require(proof.length >= certStart + certSize, "Proof too short for certificate");
+        bytes calldata certificate = proof[certStart:certStart + certSize];
 
-        // Verify version
-        require(proof[customProofStart] == 0x01, "Unsupported proof version");
+        // Validate certificate format for ReferenceDA
+        require(certificate.length == 33, "Invalid certificate length");
+        require(certificate[0] == 0x01, "Invalid certificate header");
 
-        // Extract certificate size
-        uint256 certSize;
-        assembly {
-            certSize := shr(192, calldataload(add(proof.offset, add(customProofStart, 1)))) // Read 8 bytes as uint256
-        }
-        require(certSize == 33, "Certificate must be 33 bytes");
+        // Extract SHA256 hash from certificate
+        bytes32 sha256Hash = bytes32(certificate[1:33]);
 
-        // Extract and verify certificate
-        uint256 certStart = customProofStart + 9; // Skip version(1) + certSize(8)
-        bytes memory certificate = proof[certStart:certStart + certSize];
-        require(certificate[0] == 0x01, "Invalid certificate header");
-        require(keccak256(certificate) == certKeccak256, "Invalid certificate hash");
+        // Custom data starts after certificate
+        uint256 customDataStart = certStart + certSize;
+        require(proof.length >= customDataStart + 9, "Proof too short for custom data");
 
-        // Extract SHA256 from certificate
-        bytes32 sha256Hash;
-        assembly {
-            sha256Hash := mload(add(certificate, 33)) // Skip length prefix and header byte
-        }
+        // Verify version
+        require(proof[customDataStart] == 0x01, "Unsupported proof version");
 
         // Extract preimage size
-        uint256 preimageOffset = certStart + certSize;
         uint256 preimageSize;
         assembly {
-            preimageSize := shr(192, calldataload(add(proof.offset, preimageOffset))) // Read 8 bytes as uint256
+            preimageSize := shr(192, calldataload(add(proof.offset, add(customDataStart, 1))))
         }
 
-        require(proof.length >= preimageOffset + 8 + preimageSize, "Invalid proof length");
-
-        // Extract preimage data
-        bytes memory preimage = proof[preimageOffset + 8:preimageOffset + 8 + preimageSize];
+        require(proof.length >= customDataStart + 9 + preimageSize, "Invalid proof length");
 
-        // Verify SHA256 hash matches
-        require(sha256(abi.encodePacked(preimage)) == sha256Hash, "Invalid preimage hash");
+        // Extract and verify preimage
+        bytes calldata preimage = proof[customDataStart + 9:customDataStart + 9 + preimageSize];
+        require(sha256(preimage) == sha256Hash, "Invalid preimage hash");
 
         // Extract chunk at offset
-        uint256 chunkStart = offset;
         uint256 chunkEnd = offset + 32;
         if (chunkEnd > preimage.length) {
             chunkEnd = preimage.length;
         }
 
-        uint256 chunkSize = chunkEnd - chunkStart;
         preimageChunk = new bytes(32);
-
-        if (chunkSize > 0) {
+        if (offset < preimage.length) {
+            uint256 chunkSize = chunkEnd - offset;
             for (uint256 i = 0; i < chunkSize; i++) {
-                preimageChunk[i] = preimage[chunkStart + i];
+                preimageChunk[i] = preimage[offset + i];
             }
         }