@iexec-nox/nox-protocol-contracts 0.1.0-beta.4 → 0.1.0-beta.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -2
- package/contracts/interfaces/INoxCompute.sol +182 -70
- package/contracts/sdk/Nox.sol +99 -104
- package/contracts/shared/TypeUtils.sol +2 -16
- package/package.json +4 -4
- package/contracts/interfaces/IACL.sol +0 -109
- package/contracts/interfaces/IErrors.sol +0 -14
package/README.md
CHANGED
|
@@ -4,9 +4,8 @@ Smart contracts for the Nox protocol, including on-chain access control for encr
|
|
|
4
4
|
|
|
5
5
|
## What’s inside
|
|
6
6
|
|
|
7
|
-
- `IACL`: access control list for encrypted handles (admins, viewers, public decryption flags).
|
|
8
7
|
- `INoxCompute`: TEE compute entry point (handle validation, plaintext → encrypted conversion, arithmetic ops).
|
|
9
|
-
- `Nox` SDK library: convenience wrapper for app contracts that call `NoxCompute
|
|
8
|
+
- `Nox` SDK library: convenience wrapper for app contracts that call `NoxCompute`.
|
|
10
9
|
|
|
11
10
|
## Requirements
|
|
12
11
|
|
|
@@ -1,18 +1,31 @@
|
|
|
1
1
|
// SPDX-License-Identifier: Apache-2.0
|
|
2
2
|
pragma solidity ^0.8.0;
|
|
3
3
|
|
|
4
|
-
import {IErrors} from "./IErrors.sol";
|
|
5
|
-
import {IACL} from "./IACL.sol";
|
|
6
4
|
import {TEEType} from "../shared/TypeUtils.sol";
|
|
7
5
|
|
|
8
6
|
/**
|
|
9
7
|
* @title INoxCompute
|
|
10
8
|
* @notice Interface for the Nox compute contract powered by TEE.
|
|
11
9
|
*/
|
|
12
|
-
interface INoxCompute
|
|
10
|
+
interface INoxCompute {
|
|
11
|
+
/// Error thrown when account address is zero
|
|
12
|
+
error InvalidZeroAddress();
|
|
13
|
+
/// Error thrown when bytes parameter is empty
|
|
14
|
+
error InvalidEmptyBytes();
|
|
15
|
+
/// Error thrown when sender doesn't have access to the handle
|
|
16
|
+
error UnauthorizedSender(address sender);
|
|
17
|
+
/// Error thrown when an account is not allowed to use a handle
|
|
18
|
+
error NotAllowed(bytes32 handle, address account);
|
|
13
19
|
error InvalidProof(bytes proof, string reason);
|
|
20
|
+
error UnsupportedType();
|
|
14
21
|
error IncompatibleTypes();
|
|
15
22
|
|
|
23
|
+
/// Emitted when admin role is granted
|
|
24
|
+
event Allowed(address indexed sender, address indexed account, bytes32 indexed handle);
|
|
25
|
+
/// Emitted when viewer role is granted
|
|
26
|
+
event ViewerAdded(address indexed sender, address indexed viewer, bytes32 indexed handle);
|
|
27
|
+
/// Emitted when a handle is marked as publicly decryptable
|
|
28
|
+
event MarkedAsPubliclyDecryptable(address indexed sender, bytes32 indexed handle);
|
|
16
29
|
event KmsPublicKeyUpdated(bytes newKmsPublicKey);
|
|
17
30
|
event GatewayUpdated(address indexed newGateway);
|
|
18
31
|
event ProofExpirationDurationUpdated(uint256 newDuration);
|
|
@@ -152,19 +165,83 @@ interface INoxCompute is IErrors {
|
|
|
152
165
|
Burn
|
|
153
166
|
}
|
|
154
167
|
|
|
168
|
+
// ------------- ACL functions -------------
|
|
169
|
+
|
|
155
170
|
/**
|
|
156
|
-
*
|
|
157
|
-
* @
|
|
171
|
+
* Grant admin role to another address for a specific handle
|
|
172
|
+
* @dev Caller must have access (transient OR persistent) to the handle
|
|
173
|
+
* @param handle The handle identifier
|
|
174
|
+
* @param account The address to grant admin role
|
|
158
175
|
*/
|
|
159
|
-
function
|
|
176
|
+
function allow(bytes32 handle, address account) external;
|
|
160
177
|
|
|
161
|
-
|
|
178
|
+
/**
|
|
179
|
+
* Allows the use of `handle` by address `account` for this transaction.
|
|
180
|
+
* @param handle Handle.
|
|
181
|
+
* @param account Address of the account.
|
|
182
|
+
*/
|
|
183
|
+
function allowTransient(bytes32 handle, address account) external;
|
|
162
184
|
|
|
163
185
|
/**
|
|
164
|
-
*
|
|
165
|
-
*
|
|
186
|
+
* Removes all transient authorizations. This is useful for integration with Account Abstraction
|
|
187
|
+
* when bundling several UserOps calling the NoxCompute.
|
|
188
|
+
* @dev Can be called by anyone (typically by AA bundlers between UserOps).
|
|
166
189
|
*/
|
|
167
|
-
function
|
|
190
|
+
function cleanTransientStorage() external;
|
|
191
|
+
|
|
192
|
+
/**
|
|
193
|
+
* Returns whether the account is allowed to use the `handle`, either due to
|
|
194
|
+
* allowTransient() or allow().
|
|
195
|
+
* @param handle Handle.
|
|
196
|
+
* @param account Address of the account.
|
|
197
|
+
* @return Whether the account can access the handle (persistent or transient).
|
|
198
|
+
*/
|
|
199
|
+
function isAllowed(bytes32 handle, address account) external view returns (bool);
|
|
200
|
+
|
|
201
|
+
/**
|
|
202
|
+
* Checks whether the account is allowed to use all provided handles.
|
|
203
|
+
* Reverts with NotAllowed if any handle is not allowed.
|
|
204
|
+
* @param account Address of the account.
|
|
205
|
+
* @param handles Array of handles to check.
|
|
206
|
+
*/
|
|
207
|
+
function validateAllowedForAll(address account, bytes32[] calldata handles) external view;
|
|
208
|
+
|
|
209
|
+
/**
|
|
210
|
+
* Add a viewer for a specific handle
|
|
211
|
+
* @dev Only an admin can add a viewer. The viewer address cannot be address(0).
|
|
212
|
+
* @param handle The handle identifier
|
|
213
|
+
* @param viewer The address to grant viewer role
|
|
214
|
+
*/
|
|
215
|
+
function addViewer(bytes32 handle, address viewer) external;
|
|
216
|
+
|
|
217
|
+
/**
|
|
218
|
+
* Returns whether the account can view the handle.
|
|
219
|
+
* @dev Returns true if any of the following conditions are met:
|
|
220
|
+
* - The handle is publicly decryptable
|
|
221
|
+
* - The account was added as a viewer via `addViewer`
|
|
222
|
+
* - The account has persistent access (is allowed) on the handle
|
|
223
|
+
* @param handle Handle.
|
|
224
|
+
* @param viewer Address of the viewer.
|
|
225
|
+
* @return Whether the account can view the handle.
|
|
226
|
+
*/
|
|
227
|
+
function isViewer(bytes32 handle, address viewer) external view returns (bool);
|
|
228
|
+
|
|
229
|
+
/**
|
|
230
|
+
* Mark a handle as publicly decryptable.
|
|
231
|
+
* @dev The caller must be allowed to use the handle.
|
|
232
|
+
* If not, the function reverts.
|
|
233
|
+
* @param handle Handle to mark as publicly decryptable.
|
|
234
|
+
*/
|
|
235
|
+
function allowPublicDecryption(bytes32 handle) external;
|
|
236
|
+
|
|
237
|
+
/**
|
|
238
|
+
* Checks whether a handle is publicly decryptable.
|
|
239
|
+
* @param handle Handle.
|
|
240
|
+
* @return Whether the handle is publicly decryptable.
|
|
241
|
+
*/
|
|
242
|
+
function isPubliclyDecryptable(bytes32 handle) external view returns (bool);
|
|
243
|
+
|
|
244
|
+
// ------------- Compute functions -------------
|
|
168
245
|
|
|
169
246
|
/**
|
|
170
247
|
* @notice Converts a plaintext value into an encrypted value
|
|
@@ -175,7 +252,21 @@ interface INoxCompute is IErrors {
|
|
|
175
252
|
function plaintextToEncrypted(bytes32 value, TEEType teeType) external returns (bytes32);
|
|
176
253
|
|
|
177
254
|
/**
|
|
178
|
-
* @notice
|
|
255
|
+
* @notice Validates a handle proof for a given owner and type.
|
|
256
|
+
* @param handle handle to validate
|
|
257
|
+
* @param owner owner of the provided handle
|
|
258
|
+
* @param proof proof data
|
|
259
|
+
* @param teeType expected handle type
|
|
260
|
+
*/
|
|
261
|
+
function validateProof(
|
|
262
|
+
bytes32 handle,
|
|
263
|
+
address owner,
|
|
264
|
+
bytes calldata proof,
|
|
265
|
+
TEEType teeType
|
|
266
|
+
) external;
|
|
267
|
+
|
|
268
|
+
/**
|
|
269
|
+
* @notice Performs an addition between two encrypted values without overflow check.
|
|
179
270
|
* @param leftHandOperand Left-hand side operand handle
|
|
180
271
|
* @param rightHandOperand Right-hand side operand handle
|
|
181
272
|
* @return result Result handle
|
|
@@ -186,7 +277,7 @@ interface INoxCompute is IErrors {
|
|
|
186
277
|
) external returns (bytes32 result);
|
|
187
278
|
|
|
188
279
|
/**
|
|
189
|
-
* @notice Performs a subtraction between two encrypted values without
|
|
280
|
+
* @notice Performs a subtraction between two encrypted values without underflow check.
|
|
190
281
|
* @param leftHandOperand Left-hand side operand handle
|
|
191
282
|
* @param rightHandOperand Right-hand side operand handle
|
|
192
283
|
* @return result Result handle
|
|
@@ -197,7 +288,21 @@ interface INoxCompute is IErrors {
|
|
|
197
288
|
) external returns (bytes32 result);
|
|
198
289
|
|
|
199
290
|
/**
|
|
200
|
-
* @notice Performs a
|
|
291
|
+
* @notice Performs a multiplication between two encrypted values without overflow check.
|
|
292
|
+
* @param leftHandOperand Left-hand side operand handle
|
|
293
|
+
* @param rightHandOperand Right-hand side operand handle
|
|
294
|
+
* @return result Result handle
|
|
295
|
+
*/
|
|
296
|
+
function mul(
|
|
297
|
+
bytes32 leftHandOperand,
|
|
298
|
+
bytes32 rightHandOperand
|
|
299
|
+
) external returns (bytes32 result);
|
|
300
|
+
|
|
301
|
+
/**
|
|
302
|
+
* @notice Performs a division between two encrypted values without safety checks.
|
|
303
|
+
* In the case of a division by zero, the result will be as follows:
|
|
304
|
+
* - For unsigned integers uintN: encrypted MAX_UintN (i.e., 2^N - 1)
|
|
305
|
+
* - For signed integers intN: encrypted MAX_IntN (i.e., 2^(N-1) - 1)
|
|
201
306
|
* @param numerator Value to be divided
|
|
202
307
|
* @param denominator Value to divide by
|
|
203
308
|
* @return result Result handle
|
|
@@ -205,15 +310,47 @@ interface INoxCompute is IErrors {
|
|
|
205
310
|
function div(bytes32 numerator, bytes32 denominator) external returns (bytes32 result);
|
|
206
311
|
|
|
207
312
|
/**
|
|
208
|
-
* @notice Performs
|
|
313
|
+
* @notice Performs an addition between two encrypted values with overflow check.
|
|
314
|
+
* If the operation succeeds, the value of the success handle will be an encrypted
|
|
315
|
+
* `true` and the result handle's value will be the encrypted sum.
|
|
316
|
+
* If the operation fails (e.g., due to overflow), the success handle will contain
|
|
317
|
+
* an encrypted `false` and the result handle will contain an encrypted `0`.
|
|
209
318
|
* @param leftHandOperand Left-hand side operand handle
|
|
210
319
|
* @param rightHandOperand Right-hand side operand handle
|
|
320
|
+
* @return success Whether the operation was successful
|
|
211
321
|
* @return result Result handle
|
|
212
322
|
*/
|
|
213
|
-
function
|
|
323
|
+
function safeAdd(
|
|
214
324
|
bytes32 leftHandOperand,
|
|
215
325
|
bytes32 rightHandOperand
|
|
216
|
-
) external returns (bytes32 result);
|
|
326
|
+
) external returns (bytes32 success, bytes32 result);
|
|
327
|
+
|
|
328
|
+
/**
|
|
329
|
+
* @notice Performs a subtraction between two encrypted values with underflow check.
|
|
330
|
+
* If the operation succeeds, the value of the success handle will be an encrypted
|
|
331
|
+
* `true` and the result handle's value will be the encrypted difference.
|
|
332
|
+
* If the operation fails (e.g., due to underflow), the success handle will contain
|
|
333
|
+
* an encrypted `false` and the result handle will contain an encrypted `0`.
|
|
334
|
+
* @param leftHandOperand Left-hand side operand handle
|
|
335
|
+
* @param rightHandOperand Right-hand side operand handle
|
|
336
|
+
* @return success Whether the operation was successful
|
|
337
|
+
* @return result Result handle
|
|
338
|
+
*/
|
|
339
|
+
function safeSub(
|
|
340
|
+
bytes32 leftHandOperand,
|
|
341
|
+
bytes32 rightHandOperand
|
|
342
|
+
) external returns (bytes32 success, bytes32 result);
|
|
343
|
+
|
|
344
|
+
// TODO add safeMul and safeDiv
|
|
345
|
+
|
|
346
|
+
/**
|
|
347
|
+
* @notice Selects between two encrypted values based on a condition
|
|
348
|
+
* @param condition Condition handle
|
|
349
|
+
* @param ifTrue Value handle if condition is true
|
|
350
|
+
* @param ifFalse Value handle if condition is false
|
|
351
|
+
* @return result Selected value handle
|
|
352
|
+
*/
|
|
353
|
+
function select(bytes32 condition, bytes32 ifTrue, bytes32 ifFalse) external returns (bytes32);
|
|
217
354
|
|
|
218
355
|
/**
|
|
219
356
|
* @notice Checks equality between two encrypted values
|
|
@@ -281,45 +418,12 @@ interface INoxCompute is IErrors {
|
|
|
281
418
|
bytes32 rightHandOperand
|
|
282
419
|
) external returns (bytes32 result);
|
|
283
420
|
|
|
284
|
-
// TODO for all safe operations, determine which cyphertexte linked to the new handle to return
|
|
285
|
-
// as result in case of failure.
|
|
286
|
-
/**
|
|
287
|
-
* @notice Performs an addition between two encrypted values with safety checks.
|
|
288
|
-
* The operation fails in the case of overflows.
|
|
289
|
-
* @param leftHandOperand Left-hand side operand handle
|
|
290
|
-
* @param rightHandOperand Right-hand side operand handle
|
|
291
|
-
* @return success Whether the operation was successful
|
|
292
|
-
* @return result Result handle
|
|
293
|
-
*/
|
|
294
|
-
function safeAdd(
|
|
295
|
-
bytes32 leftHandOperand,
|
|
296
|
-
bytes32 rightHandOperand
|
|
297
|
-
) external returns (bytes32 success, bytes32 result);
|
|
298
|
-
|
|
299
|
-
/**
|
|
300
|
-
* @notice Performs a subtraction between two encrypted values with safety checks.
|
|
301
|
-
* The operation fails in the case of underflow.
|
|
302
|
-
* @param leftHandOperand Left-hand side operand handle
|
|
303
|
-
* @param rightHandOperand Right-hand side operand handle
|
|
304
|
-
* @return success Whether the operation was successful
|
|
305
|
-
* @return result Result handle
|
|
306
|
-
*/
|
|
307
|
-
function safeSub(
|
|
308
|
-
bytes32 leftHandOperand,
|
|
309
|
-
bytes32 rightHandOperand
|
|
310
|
-
) external returns (bytes32 success, bytes32 result);
|
|
311
|
-
|
|
312
|
-
/**
|
|
313
|
-
* @notice Selects between two encrypted values based on a condition
|
|
314
|
-
* @param condition Condition handle
|
|
315
|
-
* @param ifTrue Value handle if condition is true
|
|
316
|
-
* @param ifFalse Value handle if condition is false
|
|
317
|
-
* @return result Selected value handle
|
|
318
|
-
*/
|
|
319
|
-
function select(bytes32 condition, bytes32 ifTrue, bytes32 ifFalse) external returns (bytes32);
|
|
320
|
-
|
|
321
421
|
/**
|
|
322
422
|
* @notice Computes a confidential transfer between two balances.
|
|
423
|
+
* The transfer will succeed if the sender has sufficient balance and fail otherwise.
|
|
424
|
+
* If the transfer fails, the success handle will contain an encrypted `false`, the
|
|
425
|
+
* newBalanceFrom and newBalanceTo handles will contain the same values as the input
|
|
426
|
+
* balanceFrom and balanceTo handles.
|
|
323
427
|
* @param balanceFrom Sender's current balance handle
|
|
324
428
|
* @param balanceTo Recipient's current balance handle
|
|
325
429
|
* @param amount Amount handle to transfer
|
|
@@ -335,6 +439,9 @@ interface INoxCompute is IErrors {
|
|
|
335
439
|
|
|
336
440
|
/**
|
|
337
441
|
* @notice Computes a confidential mint operation.
|
|
442
|
+
* If the minting operation fails (e.g., due to overflow), the success handle will
|
|
443
|
+
* contain an encrypted `false` and the newBalanceTo and newTotalSupply handles will
|
|
444
|
+
* contain the same values as the input balanceTo and totalSupply handles.
|
|
338
445
|
* @param balanceTo Recipient's current balance handle
|
|
339
446
|
* @param amount Amount handle to mint
|
|
340
447
|
* @param totalSupply Current total supply handle
|
|
@@ -350,6 +457,9 @@ interface INoxCompute is IErrors {
|
|
|
350
457
|
|
|
351
458
|
/**
|
|
352
459
|
* @notice Computes a confidential burn operation.
|
|
460
|
+
* If the burn operation fails (e.g., due to underflow), the success handle will
|
|
461
|
+
* contain an encrypted `false` and the newBalanceFrom and newTotalSupply handles will
|
|
462
|
+
* contain the same values as the input balanceFrom and totalSupply handles.
|
|
353
463
|
* @param balanceFrom Sender's current balance handle
|
|
354
464
|
* @param amount Amount handle to burn
|
|
355
465
|
* @param totalSupply Current total supply handle
|
|
@@ -363,25 +473,27 @@ interface INoxCompute is IErrors {
|
|
|
363
473
|
bytes32 totalSupply
|
|
364
474
|
) external returns (bytes32 success, bytes32 newBalanceFrom, bytes32 newTotalSupply);
|
|
365
475
|
|
|
366
|
-
|
|
367
|
-
bytes32 handle,
|
|
368
|
-
address owner,
|
|
369
|
-
bytes calldata proof,
|
|
370
|
-
TEEType teeType
|
|
371
|
-
) external;
|
|
476
|
+
// ------------- Admin functions -------------
|
|
372
477
|
|
|
373
|
-
|
|
374
|
-
|
|
375
|
-
|
|
376
|
-
|
|
377
|
-
function
|
|
478
|
+
/**
|
|
479
|
+
* @notice Sets the KMS public key used for ECIES encryption.
|
|
480
|
+
* @param newKmsPublicKey The compressed SEC1 secp256k1 public key (33 bytes)
|
|
481
|
+
*/
|
|
482
|
+
function setKmsPublicKey(bytes calldata newKmsPublicKey) external;
|
|
378
483
|
|
|
379
|
-
|
|
380
|
-
|
|
484
|
+
/**
|
|
485
|
+
* @notice Sets the gateway address in the contract's config.
|
|
486
|
+
* @param gatewayAddress The address of the gateway
|
|
487
|
+
*/
|
|
488
|
+
function setGateway(address gatewayAddress) external;
|
|
381
489
|
|
|
382
|
-
|
|
383
|
-
|
|
490
|
+
/**
|
|
491
|
+
* @notice Sets the proof expiration duration.
|
|
492
|
+
* @param newDuration The new expiration duration in seconds
|
|
493
|
+
*/
|
|
494
|
+
function setProofExpirationDuration(uint256 newDuration) external;
|
|
384
495
|
|
|
385
|
-
|
|
386
|
-
function
|
|
496
|
+
function kmsPublicKey() external view returns (bytes memory);
|
|
497
|
+
function gateway() external view returns (address);
|
|
498
|
+
function proofExpirationDuration() external view returns (uint256);
|
|
387
499
|
}
|
package/contracts/sdk/Nox.sol
CHANGED
|
@@ -3,64 +3,43 @@ pragma solidity ^0.8.0;
|
|
|
3
3
|
|
|
4
4
|
import {TEEType} from "../shared/TypeUtils.sol";
|
|
5
5
|
import {INoxCompute} from "../interfaces/INoxCompute.sol";
|
|
6
|
-
import {IACL} from "../interfaces/IACL.sol";
|
|
7
6
|
import "encrypted-types/EncryptedTypes.sol";
|
|
8
7
|
|
|
9
8
|
/**
|
|
10
9
|
* @title Nox
|
|
11
10
|
* @notice Library providing convenient functions for TEE confidential computations.
|
|
12
|
-
* @dev If an invalid or non-existent handle is passed to any function in the Nox protocol,
|
|
13
|
-
* the transaction will revert as it will not be recognized by the ACL.
|
|
14
11
|
*/
|
|
15
12
|
library Nox {
|
|
16
13
|
// ============ Errors ============
|
|
17
14
|
|
|
18
15
|
error UninitializedHandle();
|
|
19
16
|
|
|
20
|
-
// ============
|
|
17
|
+
// ============ Address resolution ============
|
|
21
18
|
|
|
22
19
|
/**
|
|
23
20
|
* @dev Returns the NoxCompute contract address for the current chain.
|
|
24
21
|
* Supports Arbitrum Mainnet (42161), Arbitrum Sepolia (421614), and local dev chains (31337),
|
|
25
22
|
* including local forks of each network.
|
|
26
23
|
*/
|
|
27
|
-
function
|
|
24
|
+
function noxComputeContract() public view returns (address) {
|
|
28
25
|
// Arbitrum mainnet or its fork
|
|
29
26
|
if (block.chainid == 42161) {
|
|
30
27
|
// TODO: Update after mainnet deployment.
|
|
31
|
-
return
|
|
28
|
+
return address(0);
|
|
32
29
|
}
|
|
33
30
|
// Arbitrum Sepolia or its fork
|
|
34
31
|
if (block.chainid == 421614) {
|
|
35
|
-
return
|
|
32
|
+
return 0x5633472D35E18464CA24Ab974954fB3b1B122eA6;
|
|
36
33
|
}
|
|
37
34
|
// Local development chain
|
|
38
35
|
if (block.chainid == 31337) {
|
|
39
|
-
return
|
|
36
|
+
return 0x188D560Fd7F60f50e4c32a4484B1D0DC486714b3;
|
|
40
37
|
}
|
|
41
38
|
revert("Nox: Unsupported chain");
|
|
42
39
|
}
|
|
43
40
|
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
* Supports Arbitrum Mainnet (42161), Arbitrum Sepolia (421614), and local dev chains (31337),
|
|
47
|
-
* including local forks of each network.
|
|
48
|
-
*/
|
|
49
|
-
function _acl() internal view returns (IACL) {
|
|
50
|
-
// Arbitrum mainnet or its fork
|
|
51
|
-
if (block.chainid == 42161) {
|
|
52
|
-
// TODO: Update after mainnet deployment.
|
|
53
|
-
return IACL(address(0));
|
|
54
|
-
}
|
|
55
|
-
// Arbitrum Sepolia or its fork
|
|
56
|
-
if (block.chainid == 421614) {
|
|
57
|
-
return IACL(0xDC91Ec3F965F2F5F143DbBfcC92cC1340857D3d1);
|
|
58
|
-
}
|
|
59
|
-
// Local development chain
|
|
60
|
-
if (block.chainid == 31337) {
|
|
61
|
-
return IACL(0x3219A802B61028Fc29848863268FE17d750E5701);
|
|
62
|
-
}
|
|
63
|
-
revert("Nox: Unsupported chain");
|
|
41
|
+
function _noxComputeContract() internal view returns (INoxCompute) {
|
|
42
|
+
return INoxCompute(noxComputeContract());
|
|
64
43
|
}
|
|
65
44
|
|
|
66
45
|
// =========== Handle initialization checks ============
|
|
@@ -133,7 +112,10 @@ library Nox {
|
|
|
133
112
|
function toEbool(bool value) internal returns (ebool) {
|
|
134
113
|
return
|
|
135
114
|
ebool.wrap(
|
|
136
|
-
|
|
115
|
+
_noxComputeContract().plaintextToEncrypted(
|
|
116
|
+
bytes32(uint256(value ? 1 : 0)),
|
|
117
|
+
TEEType.Bool
|
|
118
|
+
)
|
|
137
119
|
);
|
|
138
120
|
}
|
|
139
121
|
|
|
@@ -143,7 +125,10 @@ library Nox {
|
|
|
143
125
|
function toEaddress(address value) internal returns (eaddress) {
|
|
144
126
|
return
|
|
145
127
|
eaddress.wrap(
|
|
146
|
-
|
|
128
|
+
_noxComputeContract().plaintextToEncrypted(
|
|
129
|
+
bytes32(uint256(uint160(value))),
|
|
130
|
+
TEEType.Address
|
|
131
|
+
)
|
|
147
132
|
);
|
|
148
133
|
}
|
|
149
134
|
|
|
@@ -152,14 +137,19 @@ library Nox {
|
|
|
152
137
|
*/
|
|
153
138
|
function toEuint16(uint16 value) internal returns (euint16) {
|
|
154
139
|
return
|
|
155
|
-
euint16.wrap(
|
|
140
|
+
euint16.wrap(
|
|
141
|
+
_noxComputeContract().plaintextToEncrypted(bytes32(uint256(value)), TEEType.Uint16)
|
|
142
|
+
);
|
|
156
143
|
}
|
|
157
144
|
|
|
158
145
|
/**
|
|
159
146
|
* @dev Convert a plaintext value to an encrypted euint256 integer.
|
|
160
147
|
*/
|
|
161
148
|
function toEuint256(uint256 value) internal returns (euint256) {
|
|
162
|
-
return
|
|
149
|
+
return
|
|
150
|
+
euint256.wrap(
|
|
151
|
+
_noxComputeContract().plaintextToEncrypted(bytes32(value), TEEType.Uint256)
|
|
152
|
+
);
|
|
163
153
|
}
|
|
164
154
|
|
|
165
155
|
/**
|
|
@@ -168,7 +158,10 @@ library Nox {
|
|
|
168
158
|
function toEint16(int16 value) internal returns (eint16) {
|
|
169
159
|
return
|
|
170
160
|
eint16.wrap(
|
|
171
|
-
|
|
161
|
+
_noxComputeContract().plaintextToEncrypted(
|
|
162
|
+
bytes32(uint256(uint16(value))),
|
|
163
|
+
TEEType.Int16
|
|
164
|
+
)
|
|
172
165
|
);
|
|
173
166
|
}
|
|
174
167
|
|
|
@@ -177,7 +170,9 @@ library Nox {
|
|
|
177
170
|
*/
|
|
178
171
|
function toEint256(int256 value) internal returns (eint256) {
|
|
179
172
|
return
|
|
180
|
-
eint256.wrap(
|
|
173
|
+
eint256.wrap(
|
|
174
|
+
_noxComputeContract().plaintextToEncrypted(bytes32(uint256(value)), TEEType.Int256)
|
|
175
|
+
);
|
|
181
176
|
}
|
|
182
177
|
|
|
183
178
|
// ============ Handle validation ============
|
|
@@ -187,7 +182,7 @@ library Nox {
|
|
|
187
182
|
bytes calldata handleProof
|
|
188
183
|
) internal returns (ebool) {
|
|
189
184
|
bytes32 handle = externalEbool.unwrap(externalHandle);
|
|
190
|
-
|
|
185
|
+
_noxComputeContract().validateProof(handle, msg.sender, handleProof, TEEType.Bool);
|
|
191
186
|
return ebool.wrap(handle);
|
|
192
187
|
}
|
|
193
188
|
|
|
@@ -196,7 +191,7 @@ library Nox {
|
|
|
196
191
|
bytes calldata handleProof
|
|
197
192
|
) internal returns (eaddress) {
|
|
198
193
|
bytes32 handle = externalEaddress.unwrap(externalHandle);
|
|
199
|
-
|
|
194
|
+
_noxComputeContract().validateProof(handle, msg.sender, handleProof, TEEType.Address);
|
|
200
195
|
return eaddress.wrap(handle);
|
|
201
196
|
}
|
|
202
197
|
|
|
@@ -205,7 +200,7 @@ library Nox {
|
|
|
205
200
|
bytes calldata handleProof
|
|
206
201
|
) internal returns (euint16) {
|
|
207
202
|
bytes32 handle = externalEuint16.unwrap(externalHandle);
|
|
208
|
-
|
|
203
|
+
_noxComputeContract().validateProof(handle, msg.sender, handleProof, TEEType.Uint16);
|
|
209
204
|
return euint16.wrap(handle);
|
|
210
205
|
}
|
|
211
206
|
|
|
@@ -214,7 +209,7 @@ library Nox {
|
|
|
214
209
|
bytes calldata handleProof
|
|
215
210
|
) internal returns (euint256) {
|
|
216
211
|
bytes32 handle = externalEuint256.unwrap(externalHandle);
|
|
217
|
-
|
|
212
|
+
_noxComputeContract().validateProof(handle, msg.sender, handleProof, TEEType.Uint256);
|
|
218
213
|
return euint256.wrap(handle);
|
|
219
214
|
}
|
|
220
215
|
|
|
@@ -223,7 +218,7 @@ library Nox {
|
|
|
223
218
|
bytes calldata handleProof
|
|
224
219
|
) internal returns (eint16) {
|
|
225
220
|
bytes32 handle = externalEint16.unwrap(externalHandle);
|
|
226
|
-
|
|
221
|
+
_noxComputeContract().validateProof(handle, msg.sender, handleProof, TEEType.Int16);
|
|
227
222
|
return eint16.wrap(handle);
|
|
228
223
|
}
|
|
229
224
|
|
|
@@ -232,7 +227,7 @@ library Nox {
|
|
|
232
227
|
bytes calldata handleProof
|
|
233
228
|
) internal returns (eint256) {
|
|
234
229
|
bytes32 handle = externalEint256.unwrap(externalHandle);
|
|
235
|
-
|
|
230
|
+
_noxComputeContract().validateProof(handle, msg.sender, handleProof, TEEType.Int256);
|
|
236
231
|
return eint256.wrap(handle);
|
|
237
232
|
}
|
|
238
233
|
|
|
@@ -540,168 +535,168 @@ library Nox {
|
|
|
540
535
|
* @dev Allows the use of value for the address account.
|
|
541
536
|
*/
|
|
542
537
|
function allow(ebool value, address account) internal {
|
|
543
|
-
|
|
538
|
+
_noxComputeContract().allow(ebool.unwrap(value), account);
|
|
544
539
|
}
|
|
545
540
|
|
|
546
541
|
/**
|
|
547
542
|
* @dev Allows the use of value for the address account.
|
|
548
543
|
*/
|
|
549
544
|
function allow(eaddress value, address account) internal {
|
|
550
|
-
|
|
545
|
+
_noxComputeContract().allow(eaddress.unwrap(value), account);
|
|
551
546
|
}
|
|
552
547
|
|
|
553
548
|
/**
|
|
554
549
|
* @dev Allows the use of value for the address account.
|
|
555
550
|
*/
|
|
556
551
|
function allow(euint16 value, address account) internal {
|
|
557
|
-
|
|
552
|
+
_noxComputeContract().allow(euint16.unwrap(value), account);
|
|
558
553
|
}
|
|
559
554
|
|
|
560
555
|
/**
|
|
561
556
|
* @dev Allows the use of value for the address account.
|
|
562
557
|
*/
|
|
563
558
|
function allow(euint256 value, address account) internal {
|
|
564
|
-
|
|
559
|
+
_noxComputeContract().allow(euint256.unwrap(value), account);
|
|
565
560
|
}
|
|
566
561
|
|
|
567
562
|
/**
|
|
568
563
|
* @dev Allows the use of value for the address account.
|
|
569
564
|
*/
|
|
570
565
|
function allow(eint16 value, address account) internal {
|
|
571
|
-
|
|
566
|
+
_noxComputeContract().allow(eint16.unwrap(value), account);
|
|
572
567
|
}
|
|
573
568
|
|
|
574
569
|
/**
|
|
575
570
|
* @dev Allows the use of value for the address account.
|
|
576
571
|
*/
|
|
577
572
|
function allow(eint256 value, address account) internal {
|
|
578
|
-
|
|
573
|
+
_noxComputeContract().allow(eint256.unwrap(value), account);
|
|
579
574
|
}
|
|
580
575
|
|
|
581
576
|
/**
|
|
582
577
|
* @dev Allows the use of value for this address (address(this)).
|
|
583
578
|
*/
|
|
584
579
|
function allowThis(ebool value) internal {
|
|
585
|
-
|
|
580
|
+
_noxComputeContract().allow(ebool.unwrap(value), address(this));
|
|
586
581
|
}
|
|
587
582
|
|
|
588
583
|
/**
|
|
589
584
|
* @dev Allows the use of value for this address (address(this)).
|
|
590
585
|
*/
|
|
591
586
|
function allowThis(eaddress value) internal {
|
|
592
|
-
|
|
587
|
+
_noxComputeContract().allow(eaddress.unwrap(value), address(this));
|
|
593
588
|
}
|
|
594
589
|
|
|
595
590
|
/**
|
|
596
591
|
* @dev Allows the use of value for this address (address(this)).
|
|
597
592
|
*/
|
|
598
593
|
function allowThis(euint16 value) internal {
|
|
599
|
-
|
|
594
|
+
_noxComputeContract().allow(euint16.unwrap(value), address(this));
|
|
600
595
|
}
|
|
601
596
|
|
|
602
597
|
/**
|
|
603
598
|
* @dev Allows the use of value for this address (address(this)).
|
|
604
599
|
*/
|
|
605
600
|
function allowThis(euint256 value) internal {
|
|
606
|
-
|
|
601
|
+
_noxComputeContract().allow(euint256.unwrap(value), address(this));
|
|
607
602
|
}
|
|
608
603
|
|
|
609
604
|
/**
|
|
610
605
|
* @dev Allows the use of value for this address (address(this)).
|
|
611
606
|
*/
|
|
612
607
|
function allowThis(eint16 value) internal {
|
|
613
|
-
|
|
608
|
+
_noxComputeContract().allow(eint16.unwrap(value), address(this));
|
|
614
609
|
}
|
|
615
610
|
|
|
616
611
|
/**
|
|
617
612
|
* @dev Allows the use of value for this address (address(this)).
|
|
618
613
|
*/
|
|
619
614
|
function allowThis(eint256 value) internal {
|
|
620
|
-
|
|
615
|
+
_noxComputeContract().allow(eint256.unwrap(value), address(this));
|
|
621
616
|
}
|
|
622
617
|
|
|
623
618
|
/**
|
|
624
619
|
* @dev Allows the use of value by address account for this transaction.
|
|
625
620
|
*/
|
|
626
621
|
function allowTransient(ebool value, address account) internal {
|
|
627
|
-
|
|
622
|
+
_noxComputeContract().allowTransient(ebool.unwrap(value), account);
|
|
628
623
|
}
|
|
629
624
|
|
|
630
625
|
/**
|
|
631
626
|
* @dev Allows the use of value by address account for this transaction.
|
|
632
627
|
*/
|
|
633
628
|
function allowTransient(eaddress value, address account) internal {
|
|
634
|
-
|
|
629
|
+
_noxComputeContract().allowTransient(eaddress.unwrap(value), account);
|
|
635
630
|
}
|
|
636
631
|
|
|
637
632
|
/**
|
|
638
633
|
* @dev Allows the use of value by address account for this transaction.
|
|
639
634
|
*/
|
|
640
635
|
function allowTransient(euint16 value, address account) internal {
|
|
641
|
-
|
|
636
|
+
_noxComputeContract().allowTransient(euint16.unwrap(value), account);
|
|
642
637
|
}
|
|
643
638
|
|
|
644
639
|
/**
|
|
645
640
|
* @dev Allows the use of value by address account for this transaction.
|
|
646
641
|
*/
|
|
647
642
|
function allowTransient(euint256 value, address account) internal {
|
|
648
|
-
|
|
643
|
+
_noxComputeContract().allowTransient(euint256.unwrap(value), account);
|
|
649
644
|
}
|
|
650
645
|
|
|
651
646
|
/**
|
|
652
647
|
* @dev Allows the use of value by address account for this transaction.
|
|
653
648
|
*/
|
|
654
649
|
function allowTransient(eint16 value, address account) internal {
|
|
655
|
-
|
|
650
|
+
_noxComputeContract().allowTransient(eint16.unwrap(value), account);
|
|
656
651
|
}
|
|
657
652
|
|
|
658
653
|
/**
|
|
659
654
|
* @dev Allows the use of value by address account for this transaction.
|
|
660
655
|
*/
|
|
661
656
|
function allowTransient(eint256 value, address account) internal {
|
|
662
|
-
|
|
657
|
+
_noxComputeContract().allowTransient(eint256.unwrap(value), account);
|
|
663
658
|
}
|
|
664
659
|
|
|
665
660
|
/**
|
|
666
661
|
* @dev Checks if the handle is allowed for the account.
|
|
667
662
|
*/
|
|
668
663
|
function isAllowed(ebool handle, address account) internal view returns (bool) {
|
|
669
|
-
return
|
|
664
|
+
return _noxComputeContract().isAllowed(ebool.unwrap(handle), account);
|
|
670
665
|
}
|
|
671
666
|
|
|
672
667
|
/**
|
|
673
668
|
* @dev Checks if the handle is allowed for the account.
|
|
674
669
|
*/
|
|
675
670
|
function isAllowed(eaddress handle, address account) internal view returns (bool) {
|
|
676
|
-
return
|
|
671
|
+
return _noxComputeContract().isAllowed(eaddress.unwrap(handle), account);
|
|
677
672
|
}
|
|
678
673
|
|
|
679
674
|
/**
|
|
680
675
|
* @dev Checks if the handle is allowed for the account.
|
|
681
676
|
*/
|
|
682
677
|
function isAllowed(euint16 handle, address account) internal view returns (bool) {
|
|
683
|
-
return
|
|
678
|
+
return _noxComputeContract().isAllowed(euint16.unwrap(handle), account);
|
|
684
679
|
}
|
|
685
680
|
|
|
686
681
|
/**
|
|
687
682
|
* @dev Checks if the handle is allowed for the account.
|
|
688
683
|
*/
|
|
689
684
|
function isAllowed(euint256 handle, address account) internal view returns (bool) {
|
|
690
|
-
return
|
|
685
|
+
return _noxComputeContract().isAllowed(euint256.unwrap(handle), account);
|
|
691
686
|
}
|
|
692
687
|
|
|
693
688
|
/**
|
|
694
689
|
* @dev Checks if the handle is allowed for the account.
|
|
695
690
|
*/
|
|
696
691
|
function isAllowed(eint16 handle, address account) internal view returns (bool) {
|
|
697
|
-
return
|
|
692
|
+
return _noxComputeContract().isAllowed(eint16.unwrap(handle), account);
|
|
698
693
|
}
|
|
699
694
|
|
|
700
695
|
/**
|
|
701
696
|
* @dev Checks if the handle is allowed for the account.
|
|
702
697
|
*/
|
|
703
698
|
function isAllowed(eint256 handle, address account) internal view returns (bool) {
|
|
704
|
-
return
|
|
699
|
+
return _noxComputeContract().isAllowed(eint256.unwrap(handle), account);
|
|
705
700
|
}
|
|
706
701
|
|
|
707
702
|
// ============ VIEWER MANAGEMENT ============
|
|
@@ -710,84 +705,84 @@ library Nox {
|
|
|
710
705
|
* @dev Adds a viewer for an ebool handle.
|
|
711
706
|
*/
|
|
712
707
|
function addViewer(ebool value, address viewer) internal {
|
|
713
|
-
|
|
708
|
+
_noxComputeContract().addViewer(ebool.unwrap(value), viewer);
|
|
714
709
|
}
|
|
715
710
|
|
|
716
711
|
/**
|
|
717
712
|
* @dev Adds a viewer for an eaddress handle.
|
|
718
713
|
*/
|
|
719
714
|
function addViewer(eaddress value, address viewer) internal {
|
|
720
|
-
|
|
715
|
+
_noxComputeContract().addViewer(eaddress.unwrap(value), viewer);
|
|
721
716
|
}
|
|
722
717
|
|
|
723
718
|
/**
|
|
724
719
|
* @dev Adds a viewer for an euint16 handle.
|
|
725
720
|
*/
|
|
726
721
|
function addViewer(euint16 value, address viewer) internal {
|
|
727
|
-
|
|
722
|
+
_noxComputeContract().addViewer(euint16.unwrap(value), viewer);
|
|
728
723
|
}
|
|
729
724
|
|
|
730
725
|
/**
|
|
731
726
|
* @dev Adds a viewer for an euint256 handle.
|
|
732
727
|
*/
|
|
733
728
|
function addViewer(euint256 value, address viewer) internal {
|
|
734
|
-
|
|
729
|
+
_noxComputeContract().addViewer(euint256.unwrap(value), viewer);
|
|
735
730
|
}
|
|
736
731
|
|
|
737
732
|
/**
|
|
738
733
|
* @dev Adds a viewer for an eint16 handle.
|
|
739
734
|
*/
|
|
740
735
|
function addViewer(eint16 value, address viewer) internal {
|
|
741
|
-
|
|
736
|
+
_noxComputeContract().addViewer(eint16.unwrap(value), viewer);
|
|
742
737
|
}
|
|
743
738
|
|
|
744
739
|
/**
|
|
745
740
|
* @dev Adds a viewer for an eint256 handle.
|
|
746
741
|
*/
|
|
747
742
|
function addViewer(eint256 value, address viewer) internal {
|
|
748
|
-
|
|
743
|
+
_noxComputeContract().addViewer(eint256.unwrap(value), viewer);
|
|
749
744
|
}
|
|
750
745
|
|
|
751
746
|
/**
|
|
752
747
|
* @dev Checks if the viewer can view the handle.
|
|
753
748
|
*/
|
|
754
749
|
function isViewer(ebool handle, address viewer) internal view returns (bool) {
|
|
755
|
-
return
|
|
750
|
+
return _noxComputeContract().isViewer(ebool.unwrap(handle), viewer);
|
|
756
751
|
}
|
|
757
752
|
|
|
758
753
|
/**
|
|
759
754
|
* @dev Checks if the viewer can view the handle.
|
|
760
755
|
*/
|
|
761
756
|
function isViewer(eaddress handle, address viewer) internal view returns (bool) {
|
|
762
|
-
return
|
|
757
|
+
return _noxComputeContract().isViewer(eaddress.unwrap(handle), viewer);
|
|
763
758
|
}
|
|
764
759
|
|
|
765
760
|
/**
|
|
766
761
|
* @dev Checks if the viewer can view the handle.
|
|
767
762
|
*/
|
|
768
763
|
function isViewer(euint16 handle, address viewer) internal view returns (bool) {
|
|
769
|
-
return
|
|
764
|
+
return _noxComputeContract().isViewer(euint16.unwrap(handle), viewer);
|
|
770
765
|
}
|
|
771
766
|
|
|
772
767
|
/**
|
|
773
768
|
* @dev Checks if the viewer can view the handle.
|
|
774
769
|
*/
|
|
775
770
|
function isViewer(euint256 handle, address viewer) internal view returns (bool) {
|
|
776
|
-
return
|
|
771
|
+
return _noxComputeContract().isViewer(euint256.unwrap(handle), viewer);
|
|
777
772
|
}
|
|
778
773
|
|
|
779
774
|
/**
|
|
780
775
|
* @dev Checks if the viewer can view the handle.
|
|
781
776
|
*/
|
|
782
777
|
function isViewer(eint16 handle, address viewer) internal view returns (bool) {
|
|
783
|
-
return
|
|
778
|
+
return _noxComputeContract().isViewer(eint16.unwrap(handle), viewer);
|
|
784
779
|
}
|
|
785
780
|
|
|
786
781
|
/**
|
|
787
782
|
* @dev Checks if the viewer can view the handle.
|
|
788
783
|
*/
|
|
789
784
|
function isViewer(eint256 handle, address viewer) internal view returns (bool) {
|
|
790
|
-
return
|
|
785
|
+
return _noxComputeContract().isViewer(eint256.unwrap(handle), viewer);
|
|
791
786
|
}
|
|
792
787
|
|
|
793
788
|
// ============ PUBLIC DECRYPTION ============
|
|
@@ -796,84 +791,84 @@ library Nox {
|
|
|
796
791
|
* @dev Marks an ebool handle as publicly decryptable.
|
|
797
792
|
*/
|
|
798
793
|
function allowPublicDecryption(ebool value) internal {
|
|
799
|
-
|
|
794
|
+
_noxComputeContract().allowPublicDecryption(ebool.unwrap(value));
|
|
800
795
|
}
|
|
801
796
|
|
|
802
797
|
/**
|
|
803
798
|
* @dev Marks an eaddress handle as publicly decryptable.
|
|
804
799
|
*/
|
|
805
800
|
function allowPublicDecryption(eaddress value) internal {
|
|
806
|
-
|
|
801
|
+
_noxComputeContract().allowPublicDecryption(eaddress.unwrap(value));
|
|
807
802
|
}
|
|
808
803
|
|
|
809
804
|
/**
|
|
810
805
|
* @dev Marks an euint16 handle as publicly decryptable.
|
|
811
806
|
*/
|
|
812
807
|
function allowPublicDecryption(euint16 value) internal {
|
|
813
|
-
|
|
808
|
+
_noxComputeContract().allowPublicDecryption(euint16.unwrap(value));
|
|
814
809
|
}
|
|
815
810
|
|
|
816
811
|
/**
|
|
817
812
|
* @dev Marks an euint256 handle as publicly decryptable.
|
|
818
813
|
*/
|
|
819
814
|
function allowPublicDecryption(euint256 value) internal {
|
|
820
|
-
|
|
815
|
+
_noxComputeContract().allowPublicDecryption(euint256.unwrap(value));
|
|
821
816
|
}
|
|
822
817
|
|
|
823
818
|
/**
|
|
824
819
|
* @dev Marks an eint16 handle as publicly decryptable.
|
|
825
820
|
*/
|
|
826
821
|
function allowPublicDecryption(eint16 value) internal {
|
|
827
|
-
|
|
822
|
+
_noxComputeContract().allowPublicDecryption(eint16.unwrap(value));
|
|
828
823
|
}
|
|
829
824
|
|
|
830
825
|
/**
|
|
831
826
|
* @dev Marks an eint256 handle as publicly decryptable.
|
|
832
827
|
*/
|
|
833
828
|
function allowPublicDecryption(eint256 value) internal {
|
|
834
|
-
|
|
829
|
+
_noxComputeContract().allowPublicDecryption(eint256.unwrap(value));
|
|
835
830
|
}
|
|
836
831
|
|
|
837
832
|
/**
|
|
838
833
|
* @dev Checks if the handle is publicly decryptable.
|
|
839
834
|
*/
|
|
840
835
|
function isPubliclyDecryptable(ebool handle) internal view returns (bool) {
|
|
841
|
-
return
|
|
836
|
+
return _noxComputeContract().isPubliclyDecryptable(ebool.unwrap(handle));
|
|
842
837
|
}
|
|
843
838
|
|
|
844
839
|
/**
|
|
845
840
|
* @dev Checks if the handle is publicly decryptable.
|
|
846
841
|
*/
|
|
847
842
|
function isPubliclyDecryptable(eaddress handle) internal view returns (bool) {
|
|
848
|
-
return
|
|
843
|
+
return _noxComputeContract().isPubliclyDecryptable(eaddress.unwrap(handle));
|
|
849
844
|
}
|
|
850
845
|
|
|
851
846
|
/**
|
|
852
847
|
* @dev Checks if the handle is publicly decryptable.
|
|
853
848
|
*/
|
|
854
849
|
function isPubliclyDecryptable(euint16 handle) internal view returns (bool) {
|
|
855
|
-
return
|
|
850
|
+
return _noxComputeContract().isPubliclyDecryptable(euint16.unwrap(handle));
|
|
856
851
|
}
|
|
857
852
|
|
|
858
853
|
/**
|
|
859
854
|
* @dev Checks if the handle is publicly decryptable.
|
|
860
855
|
*/
|
|
861
856
|
function isPubliclyDecryptable(euint256 handle) internal view returns (bool) {
|
|
862
|
-
return
|
|
857
|
+
return _noxComputeContract().isPubliclyDecryptable(euint256.unwrap(handle));
|
|
863
858
|
}
|
|
864
859
|
|
|
865
860
|
/**
|
|
866
861
|
* @dev Checks if the handle is publicly decryptable.
|
|
867
862
|
*/
|
|
868
863
|
function isPubliclyDecryptable(eint16 handle) internal view returns (bool) {
|
|
869
|
-
return
|
|
864
|
+
return _noxComputeContract().isPubliclyDecryptable(eint16.unwrap(handle));
|
|
870
865
|
}
|
|
871
866
|
|
|
872
867
|
/**
|
|
873
868
|
* @dev Checks if the handle is publicly decryptable.
|
|
874
869
|
*/
|
|
875
870
|
function isPubliclyDecryptable(eint256 handle) internal view returns (bool) {
|
|
876
|
-
return
|
|
871
|
+
return _noxComputeContract().isPubliclyDecryptable(eint256.unwrap(handle));
|
|
877
872
|
}
|
|
878
873
|
|
|
879
874
|
// ============ Private helpers ============
|
|
@@ -885,80 +880,80 @@ library Nox {
|
|
|
885
880
|
function _add(bytes32 a, bytes32 b) private returns (bytes32) {
|
|
886
881
|
_assertInitialized(a);
|
|
887
882
|
_assertInitialized(b);
|
|
888
|
-
return
|
|
883
|
+
return _noxComputeContract().add(a, b);
|
|
889
884
|
}
|
|
890
885
|
|
|
891
886
|
function _sub(bytes32 a, bytes32 b) private returns (bytes32) {
|
|
892
887
|
_assertInitialized(a);
|
|
893
888
|
_assertInitialized(b);
|
|
894
|
-
return
|
|
889
|
+
return _noxComputeContract().sub(a, b);
|
|
895
890
|
}
|
|
896
891
|
|
|
897
892
|
function _mul(bytes32 a, bytes32 b) private returns (bytes32) {
|
|
898
893
|
_assertInitialized(a);
|
|
899
894
|
_assertInitialized(b);
|
|
900
|
-
return
|
|
895
|
+
return _noxComputeContract().mul(a, b);
|
|
901
896
|
}
|
|
902
897
|
|
|
903
898
|
function _div(bytes32 a, bytes32 b) private returns (bytes32) {
|
|
904
899
|
_assertInitialized(a);
|
|
905
900
|
_assertInitialized(b);
|
|
906
|
-
return
|
|
901
|
+
return _noxComputeContract().div(a, b);
|
|
907
902
|
}
|
|
908
903
|
|
|
909
904
|
function _safeAdd(bytes32 a, bytes32 b) private returns (bytes32, bytes32) {
|
|
910
905
|
_assertInitialized(a);
|
|
911
906
|
_assertInitialized(b);
|
|
912
|
-
return
|
|
907
|
+
return _noxComputeContract().safeAdd(a, b);
|
|
913
908
|
}
|
|
914
909
|
|
|
915
910
|
function _safeSub(bytes32 a, bytes32 b) private returns (bytes32, bytes32) {
|
|
916
911
|
_assertInitialized(a);
|
|
917
912
|
_assertInitialized(b);
|
|
918
|
-
return
|
|
913
|
+
return _noxComputeContract().safeSub(a, b);
|
|
919
914
|
}
|
|
920
915
|
|
|
921
916
|
function _select(bytes32 condition, bytes32 ifTrue, bytes32 ifFalse) private returns (bytes32) {
|
|
922
917
|
_assertInitialized(condition);
|
|
923
918
|
_assertInitialized(ifTrue);
|
|
924
919
|
_assertInitialized(ifFalse);
|
|
925
|
-
return
|
|
920
|
+
return _noxComputeContract().select(condition, ifTrue, ifFalse);
|
|
926
921
|
}
|
|
927
922
|
|
|
928
923
|
function _eq(bytes32 a, bytes32 b) private returns (bytes32) {
|
|
929
924
|
_assertInitialized(a);
|
|
930
925
|
_assertInitialized(b);
|
|
931
|
-
return
|
|
926
|
+
return _noxComputeContract().eq(a, b);
|
|
932
927
|
}
|
|
933
928
|
|
|
934
929
|
function _ne(bytes32 a, bytes32 b) private returns (bytes32) {
|
|
935
930
|
_assertInitialized(a);
|
|
936
931
|
_assertInitialized(b);
|
|
937
|
-
return
|
|
932
|
+
return _noxComputeContract().ne(a, b);
|
|
938
933
|
}
|
|
939
934
|
|
|
940
935
|
function _lt(bytes32 a, bytes32 b) private returns (bytes32) {
|
|
941
936
|
_assertInitialized(a);
|
|
942
937
|
_assertInitialized(b);
|
|
943
|
-
return
|
|
938
|
+
return _noxComputeContract().lt(a, b);
|
|
944
939
|
}
|
|
945
940
|
|
|
946
941
|
function _le(bytes32 a, bytes32 b) private returns (bytes32) {
|
|
947
942
|
_assertInitialized(a);
|
|
948
943
|
_assertInitialized(b);
|
|
949
|
-
return
|
|
944
|
+
return _noxComputeContract().le(a, b);
|
|
950
945
|
}
|
|
951
946
|
|
|
952
947
|
function _gt(bytes32 a, bytes32 b) private returns (bytes32) {
|
|
953
948
|
_assertInitialized(a);
|
|
954
949
|
_assertInitialized(b);
|
|
955
|
-
return
|
|
950
|
+
return _noxComputeContract().gt(a, b);
|
|
956
951
|
}
|
|
957
952
|
|
|
958
953
|
function _ge(bytes32 a, bytes32 b) private returns (bytes32) {
|
|
959
954
|
_assertInitialized(a);
|
|
960
955
|
_assertInitialized(b);
|
|
961
|
-
return
|
|
956
|
+
return _noxComputeContract().ge(a, b);
|
|
962
957
|
}
|
|
963
958
|
|
|
964
959
|
function _transfer(
|
|
@@ -969,7 +964,7 @@ library Nox {
|
|
|
969
964
|
_assertInitialized(balanceFrom);
|
|
970
965
|
_assertInitialized(balanceTo);
|
|
971
966
|
_assertInitialized(amount);
|
|
972
|
-
return
|
|
967
|
+
return _noxComputeContract().transfer(balanceFrom, balanceTo, amount);
|
|
973
968
|
}
|
|
974
969
|
|
|
975
970
|
function _mint(
|
|
@@ -980,7 +975,7 @@ library Nox {
|
|
|
980
975
|
_assertInitialized(balanceTo);
|
|
981
976
|
_assertInitialized(amount);
|
|
982
977
|
_assertInitialized(totalSupply);
|
|
983
|
-
return
|
|
978
|
+
return _noxComputeContract().mint(balanceTo, amount, totalSupply);
|
|
984
979
|
}
|
|
985
980
|
|
|
986
981
|
function _burn(
|
|
@@ -991,6 +986,6 @@ library Nox {
|
|
|
991
986
|
_assertInitialized(balanceFrom);
|
|
992
987
|
_assertInitialized(amount);
|
|
993
988
|
_assertInitialized(totalSupply);
|
|
994
|
-
return
|
|
989
|
+
return _noxComputeContract().burn(balanceFrom, amount, totalSupply);
|
|
995
990
|
}
|
|
996
991
|
}
|
|
@@ -112,7 +112,6 @@ enum TEEType {
|
|
|
112
112
|
Bytes32 // 99
|
|
113
113
|
}
|
|
114
114
|
|
|
115
|
-
error UnsupportedType();
|
|
116
115
|
error NonArithmeticType();
|
|
117
116
|
|
|
118
117
|
library TypeUtils {
|
|
@@ -126,27 +125,14 @@ library TypeUtils {
|
|
|
126
125
|
return TEEType(uint8(handle[30]));
|
|
127
126
|
}
|
|
128
127
|
|
|
129
|
-
/**
|
|
130
|
-
* @notice Validates that a TEE type is within the valid range.
|
|
131
|
-
* Reverts with UnsupportedType if the type value is out of range.
|
|
132
|
-
* @param teeType The TEE type to validate
|
|
133
|
-
*/
|
|
134
|
-
function validateType(TEEType teeType) internal pure {
|
|
135
|
-
if (uint8(teeType) > uint8(TEEType.Bytes32)) {
|
|
136
|
-
revert UnsupportedType();
|
|
137
|
-
}
|
|
138
|
-
}
|
|
139
|
-
|
|
140
128
|
/**
|
|
141
129
|
* @notice Validates that a TEE type is supported for arithmetic operations.
|
|
142
130
|
* Only unsigned integers (Uint8-Uint256) and signed integers (Int8-Int256) are supported.
|
|
143
|
-
* Reverts with
|
|
131
|
+
* Reverts with NonArithmeticType if the type is not arithmetic.
|
|
144
132
|
* @param teeType The TEE type to validate
|
|
145
133
|
*/
|
|
146
134
|
function validateArithmeticType(TEEType teeType) internal pure {
|
|
147
135
|
uint8 t = uint8(teeType);
|
|
148
|
-
|
|
149
|
-
revert NonArithmeticType();
|
|
150
|
-
}
|
|
136
|
+
require(t >= uint8(TEEType.Uint8) && t <= uint8(TEEType.Int256), NonArithmeticType());
|
|
151
137
|
}
|
|
152
138
|
}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@iexec-nox/nox-protocol-contracts",
|
|
3
|
-
"version": "0.1.0-beta.
|
|
3
|
+
"version": "0.1.0-beta.5",
|
|
4
4
|
"description": "Nox protocol smart contracts",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"Nox",
|
|
@@ -22,10 +22,10 @@
|
|
|
22
22
|
"test": "pnpm hardhat test",
|
|
23
23
|
"coverage": "pnpm hardhat test solidity --coverage",
|
|
24
24
|
"deploy": "pnpm hardhat run scripts/deploy.ts",
|
|
25
|
+
"deploy:production": "pnpm hardhat run scripts/deploy.ts --build-profile production",
|
|
25
26
|
"set-gateway": "pnpm hardhat run scripts/set-gateway.ts",
|
|
26
27
|
"set-kms-public-key": "pnpm hardhat run scripts/set-kms-public-key.ts",
|
|
27
|
-
"upgrade
|
|
28
|
-
"upgrade-nox-compute": "pnpm hardhat run scripts/upgrade-nox-compute.ts",
|
|
28
|
+
"upgrade": "pnpm hardhat run scripts/upgrade.ts",
|
|
29
29
|
"format": "pnpm prettier --write .",
|
|
30
30
|
"format:check": "pnpm prettier --check ."
|
|
31
31
|
},
|
|
@@ -44,7 +44,7 @@
|
|
|
44
44
|
"@nomicfoundation/hardhat-toolbox-viem": "^5.0.1",
|
|
45
45
|
"@types/node": "^22.8.5",
|
|
46
46
|
"forge-std": "github:foundry-rs/forge-std#v1.9.4",
|
|
47
|
-
"hardhat": "^3.1.
|
|
47
|
+
"hardhat": "^3.1.10",
|
|
48
48
|
"husky": "^9.1.7",
|
|
49
49
|
"lint-staged": "^16.2.7",
|
|
50
50
|
"prettier": "^3.7.4",
|
|
@@ -1,109 +0,0 @@
|
|
|
1
|
-
// SPDX-License-Identifier: Apache-2.0
|
|
2
|
-
pragma solidity ^0.8.0;
|
|
3
|
-
|
|
4
|
-
import "./IErrors.sol";
|
|
5
|
-
|
|
6
|
-
/**
|
|
7
|
-
* @title IACL
|
|
8
|
-
* @dev Interface for the ACL (Access Control List) permission management system
|
|
9
|
-
*/
|
|
10
|
-
interface IACL is IErrors {
|
|
11
|
-
/// Error thrown when sender doesn't have access to the handle
|
|
12
|
-
error UnauthorizedSender(address sender);
|
|
13
|
-
|
|
14
|
-
/// Error thrown when an account is not allowed to use a handle
|
|
15
|
-
error NotAllowed(bytes32 handle, address account);
|
|
16
|
-
|
|
17
|
-
/// Emitted when admin role is granted
|
|
18
|
-
event Allowed(address indexed sender, address indexed account, bytes32 indexed handle);
|
|
19
|
-
|
|
20
|
-
/// Emitted when viewer role is granted
|
|
21
|
-
event ViewerAdded(address indexed sender, address indexed viewer, bytes32 indexed handle);
|
|
22
|
-
|
|
23
|
-
/// Emitted when a handle is marked as publicly decryptable
|
|
24
|
-
event MarkedAsPubliclyDecryptable(address indexed sender, bytes32 indexed handle);
|
|
25
|
-
|
|
26
|
-
/// Emitted when the NoxCompute address is updated
|
|
27
|
-
event NoxComputeUpdated(address indexed newNoxCompute);
|
|
28
|
-
|
|
29
|
-
/**
|
|
30
|
-
* Updates the NoxCompute address.
|
|
31
|
-
* @dev Only callable by the owner.
|
|
32
|
-
* @param newNoxCompute The new NoxCompute address.
|
|
33
|
-
*/
|
|
34
|
-
function setNoxCompute(address newNoxCompute) external;
|
|
35
|
-
|
|
36
|
-
/**
|
|
37
|
-
* Mark a handle as publicly decryptable.
|
|
38
|
-
* @dev The caller must be allowed to use the handle.
|
|
39
|
-
* If not, the function reverts.
|
|
40
|
-
* @param handle Handle to mark as publicly decryptable.
|
|
41
|
-
*/
|
|
42
|
-
function allowPublicDecryption(bytes32 handle) external;
|
|
43
|
-
|
|
44
|
-
/**
|
|
45
|
-
* Checks whether a handle is publicly decryptable.
|
|
46
|
-
* @param handle Handle.
|
|
47
|
-
* @return Whether the handle is publicly decryptable.
|
|
48
|
-
*/
|
|
49
|
-
function isPubliclyDecryptable(bytes32 handle) external view returns (bool);
|
|
50
|
-
|
|
51
|
-
/**
|
|
52
|
-
* Grant admin role to another address for a specific handle
|
|
53
|
-
* @dev Caller must have access (transient OR persistent) to the handle
|
|
54
|
-
* @param handle The handle identifier
|
|
55
|
-
* @param account The address to grant admin role
|
|
56
|
-
*/
|
|
57
|
-
function allow(bytes32 handle, address account) external;
|
|
58
|
-
|
|
59
|
-
/**
|
|
60
|
-
* Allows the use of `handle` by address `account` for this transaction.
|
|
61
|
-
* @param handle Handle.
|
|
62
|
-
* @param account Address of the account.
|
|
63
|
-
*/
|
|
64
|
-
function allowTransient(bytes32 handle, address account) external;
|
|
65
|
-
|
|
66
|
-
/**
|
|
67
|
-
* Removes all transient authorizations. This is useful for integration with Account Abstraction
|
|
68
|
-
* when bundling several UserOps calling the NoxCompute.
|
|
69
|
-
* @dev Can be called by anyone (typically by AA bundlers between UserOps).
|
|
70
|
-
*/
|
|
71
|
-
function cleanTransientStorage() external;
|
|
72
|
-
|
|
73
|
-
/**
|
|
74
|
-
* Add a viewer for a specific handle
|
|
75
|
-
* @dev Only an admin can add a viewer. The viewer address cannot be address(0).
|
|
76
|
-
* @param handle The handle identifier
|
|
77
|
-
* @param viewer The address to grant viewer role
|
|
78
|
-
*/
|
|
79
|
-
function addViewer(bytes32 handle, address viewer) external;
|
|
80
|
-
|
|
81
|
-
/**
|
|
82
|
-
* Returns whether the account is allowed to use the `handle`, either due to
|
|
83
|
-
* allowTransient() or allow().
|
|
84
|
-
* @param handle Handle.
|
|
85
|
-
* @param account Address of the account.
|
|
86
|
-
* @return Whether the account can access the handle (persistent or transient).
|
|
87
|
-
*/
|
|
88
|
-
function isAllowed(bytes32 handle, address account) external view returns (bool);
|
|
89
|
-
|
|
90
|
-
/**
|
|
91
|
-
* Checks whether the account is allowed to use all provided handles.
|
|
92
|
-
* Reverts with NotAllowed if any handle is not allowed.
|
|
93
|
-
* @param account Address of the account.
|
|
94
|
-
* @param handles Array of handles to check.
|
|
95
|
-
*/
|
|
96
|
-
function validateAllowedForAll(address account, bytes32[] calldata handles) external view;
|
|
97
|
-
|
|
98
|
-
/**
|
|
99
|
-
* Returns whether the account can view the handle.
|
|
100
|
-
* @dev Returns true if any of the following conditions are met:
|
|
101
|
-
* - The handle is publicly decryptable
|
|
102
|
-
* - The account was added as a viewer via `addViewer`
|
|
103
|
-
* - The account has persistent access (is allowed) on the handle
|
|
104
|
-
* @param handle Handle.
|
|
105
|
-
* @param viewer Address of the viewer.
|
|
106
|
-
* @return Whether the account can view the handle.
|
|
107
|
-
*/
|
|
108
|
-
function isViewer(bytes32 handle, address viewer) external view returns (bool);
|
|
109
|
-
}
|
|
@@ -1,14 +0,0 @@
|
|
|
1
|
-
// SPDX-License-Identifier: Apache-2.0
|
|
2
|
-
pragma solidity ^0.8.0;
|
|
3
|
-
|
|
4
|
-
/**
|
|
5
|
-
* @title IErrors
|
|
6
|
-
* @notice Common error definitions shared across contracts
|
|
7
|
-
*/
|
|
8
|
-
interface IErrors {
|
|
9
|
-
/// Error thrown when account address is zero
|
|
10
|
-
error InvalidZeroAddress();
|
|
11
|
-
|
|
12
|
-
/// Error thrown when bytes parameter is empty
|
|
13
|
-
error InvalidEmptyBytes();
|
|
14
|
-
}
|