@inco/lightning 0.2.17 → 0.3.2-alpha.3

package/src/lightning-parts/AccessControl/BaseAccessControlList.sol

@@ -7,6 +7,7 @@ import {IBaseAccessControlListGen} from "./BaseAccessControlList.gen.sol";
 contract AccessControlListStorage {
     struct ACLStorage {
         mapping(bytes32 handle => mapping(address account => bool isAllowed)) persistedAllowedPairs;
+        mapping(bytes32 handle => bool isAllowed) persistedAllowedForDecryption;
     }
 
     bytes32 private constant ACLStorageLocation = keccak256("inco.storage.ACL");
@@ -30,6 +31,16 @@ contract BaseAccessControlList is IBaseAccessControlListGen, AccessControlListSt
         allowInternal(handle, account);
     }
 
+    /// @dev Permanently allows public decryption/reencryption access to anyone for the given handle.
+    function reveal(bytes32 handle) public {
+        require(
+            isAllowed(handle, msg.sender),
+            SenderNotAllowedForHandle(handle, msg.sender)
+        );
+        ACLStorage storage $ = getACLStorage();
+        $.persistedAllowedForDecryption[handle] = true;
+    }
+
     /// @dev persistent
     function allowInternal(bytes32 handle, address account) internal {
         ACLStorage storage $ = getACLStorage();
@@ -101,6 +112,14 @@ contract BaseAccessControlList is IBaseAccessControlListGen, AccessControlListSt
     ) public view returns (bool) {
         return
             allowedTransient(handle, account) ||
-            persistAllowed(handle, account);
+            persistAllowed(handle, account) ||
+            isRevealed(handle);
+    }
+
+    function isRevealed(
+        bytes32 handle
+    ) public view returns (bool) {
+        ACLStorage storage $ = getACLStorage();
+        return $.persistedAllowedForDecryption[handle];
     }
 }

package/src/lightning-parts/AccessControl/test/TestBaseAccessControl.t.sol

@@ -1,12 +1,25 @@
 // SPDX-License-Identifier: No License
 pragma solidity ^0.8;
 
-import {TestUtils} from "@inco/shared/src/TestUtils.sol";
 import {BaseAccessControlList} from "../BaseAccessControlList.sol";
+import {inco, e, euint256} from "@inco/lightning/src/Lib.sol";
+import {IncoTest} from "@inco/lightning/src/test/IncoTest.sol";
+
+contract TestBaseAccessControl is BaseAccessControlList, IncoTest {
+    using e for euint256;
 
-contract TestBaseAccessControl is BaseAccessControlList, TestUtils {
     function testHandleZeroIsDisallowed() public view {
         bytes32 handle = bytes32(0);
         assert(!isAllowed(handle, alice));
     }
+
+    function testReveal() public {
+        euint256 secret = inco.asEuint256(1337);
+        assert(inco.isAllowed(euint256.unwrap(secret), address(this)));
+        assert(!inco.isAllowed(euint256.unwrap(secret), alice));
+
+        inco.reveal(euint256.unwrap(secret));
+        assert(inco.isAllowed(euint256.unwrap(secret), address(this)));
+        assert(inco.isAllowed(euint256.unwrap(secret), alice));
+    }
 }

package/src/lightning-parts/EncryptedInput.gen.sol

@@ -4,7 +4,8 @@ pragma solidity ^0.8;
 import { BaseAccessControlList } from "./AccessControl/BaseAccessControlList.sol";
 import { EventCounter } from "./primitives/EventCounter.sol";
 import { HandleGeneration } from "./primitives/HandleGeneration.sol";
-import { euint256, ebool, eaddress, ETypes, EVM_HOST_CHAIN_PREFIX, HANDLE_VERSION, HANDLE_INDEX } from "../Types.sol";
+import { euint256, ebool, eaddress, EOps, ETypes, EVM_HOST_CHAIN_PREFIX, HANDLE_VERSION, HANDLE_INDEX } from "../Types.sol";
+import { HandleAlreadyExists } from "../Errors.sol";
 
 interface IEncryptedInputGen {
     function newEuint256(bytes memory ciphertext, address user) external returns (euint256 newValue);

package/src/lightning-parts/EncryptedInput.sol

@@ -4,8 +4,9 @@ pragma solidity ^0.8;
 import {BaseAccessControlList} from "./AccessControl/BaseAccessControlList.sol";
 import {EventCounter} from "./primitives/EventCounter.sol";
 import {HandleGeneration} from "./primitives/HandleGeneration.sol";
-import {euint256, ebool, eaddress, ETypes, EVM_HOST_CHAIN_PREFIX, HANDLE_VERSION, HANDLE_INDEX} from "../Types.sol";
+import {euint256, ebool, eaddress, EOps, ETypes, EVM_HOST_CHAIN_PREFIX, HANDLE_VERSION, HANDLE_INDEX} from "../Types.sol";
 import {IEncryptedInputGen} from "./EncryptedInput.gen.sol";
+import {HandleAlreadyExists} from "../Errors.sol";
 
 abstract contract EncryptedInput is
     IEncryptedInputGen,
@@ -13,7 +14,6 @@ abstract contract EncryptedInput is
     EventCounter,
     HandleGeneration
 {
-    error HandleAlreadyExists();
 
     event NewInput(
         bytes32 indexed result,
@@ -57,13 +57,15 @@ abstract contract EncryptedInput is
         // We allow to user since this is harmless and it is convenient to use the allow mapping to track existing
         allowInternal(newHandle, user);
         allowTransientInternal(newHandle, msg.sender);
+        uint256 id = getNextEventId();
         emit NewInput(
             newHandle,
             msg.sender,
             user,
             inputType,
             ciphertext,
-            getNewEventId()
+            id
         );
+        setDigest(abi.encodePacked(newHandle, id));
     }
 }

package/src/lightning-parts/EncryptedOperations.gen.sol

@@ -1,7 +1,7 @@
 /// SPDX-License-Identifier: No License
 pragma solidity ^0.8;
 
-import { euint256, ebool, EOps, SenderNotAllowedForHandle, ETypes, isTypeSupported } from "../Types.sol";
+import { euint256, ebool, EOps, SenderNotAllowedForHandle, ETypes, isTypeSupported, typeToBitMask } from "../Types.sol";
 import { BaseAccessControlList } from "./AccessControl/BaseAccessControlList.sol";
 import { EventCounter } from "./primitives/EventCounter.sol";
 import { HandleGeneration } from "./primitives/HandleGeneration.sol";

package/src/lightning-parts/EncryptedOperations.sol

@@ -1,7 +1,7 @@
 // SPDX-License-Identifier: No License
 pragma solidity ^0.8;
 
-import {euint256, ebool, EOps, SenderNotAllowedForHandle, ETypes, isTypeSupported} from "../Types.sol";
+import {euint256, ebool, EOps, SenderNotAllowedForHandle, ETypes, isTypeSupported, typeToBitMask} from "../Types.sol";
 import {BaseAccessControlList} from "./AccessControl/BaseAccessControlList.sol";
 import {EventCounter} from "./primitives/EventCounter.sol";
 import {HandleGeneration} from "./primitives/HandleGeneration.sol";
@@ -16,7 +16,7 @@ abstract contract EncryptedOperations is
     error UnexpectedType(ETypes actual, bytes32 expectedTypes);
     error UnsupportedType(ETypes actual);
 
-    uint256 private randCounter;
+    uint256 internal randCounter;
 
     bytes32 constant EBOOL = bytes32(1 << uint256(ETypes.Bool));
     bytes32 constant EUINT160 = bytes32(1 << uint256(ETypes.AddressOrUint160OrBytes20));
@@ -175,10 +175,6 @@ abstract contract EncryptedOperations is
         uint256 eventId
     );
 
-    function typeToBitMask(ETypes t) internal pure returns (bytes32) {
-        return bytes32(1 << uint256(t));
-    }
-
     modifier checked(euint256 lhs, euint256 rhs) {
         checkInput(euint256.unwrap(lhs), typeToBitMask(ETypes.Uint256));
         checkInput(euint256.unwrap(rhs), typeToBitMask(ETypes.Uint256));
@@ -252,7 +248,9 @@ abstract contract EncryptedOperations is
                 euint256.unwrap(rhs)
             )
         );
-        emit EAdd(lhs, rhs, result, getNewEventId());
+        uint256 id = getNextEventId();
+        emit EAdd(lhs, rhs, result, id);
+        setDigest(abi.encodePacked(result, id));
     }
 
     function eSub(
@@ -267,7 +265,9 @@ abstract contract EncryptedOperations is
                 euint256.unwrap(rhs)
             )
         );
-        emit ESub(lhs, rhs, result, getNewEventId());
+        uint256 id = getNextEventId();
+        emit ESub(lhs, rhs, result, id);
+        setDigest(abi.encodePacked(result, id));
     }
 
     function eMul(
@@ -282,8 +282,10 @@ abstract contract EncryptedOperations is
                 euint256.unwrap(rhs)
             )
         );
-        emit EMul(lhs, rhs, result, getNewEventId());
-    }
+        uint256 id = getNextEventId();
+        emit EMul(lhs, rhs, result, id);
+        setDigest(abi.encodePacked(result, id));
+     }
 
     function eDiv(
         euint256 lhs,
@@ -297,7 +299,9 @@ abstract contract EncryptedOperations is
                 euint256.unwrap(rhs)
             )
         );
-        emit EDiv(lhs, rhs, result, getNewEventId());
+        uint256 id = getNextEventId();
+        emit EDiv(lhs, rhs, result, id);
+        setDigest(abi.encodePacked(result, id));
     }
 
     function eRem(
@@ -312,7 +316,9 @@ abstract contract EncryptedOperations is
                 euint256.unwrap(rhs)
             )
         );
-        emit ERem(lhs, rhs, result, getNewEventId());
+        uint256 id = getNextEventId();
+        emit ERem(lhs, rhs, result, id);
+        setDigest(abi.encodePacked(result, id));
     }
 
     function eBitAnd(
@@ -325,7 +331,9 @@ abstract contract EncryptedOperations is
         checkInput(rhs, typeToBitMask(rhsType));
         require(lhsType == rhsType, UnexpectedType(lhsType, typeToBitMask(rhsType)));
         result = createResultHandle(EOps.BitAnd, lhsType, lhs, rhs);
-        emit EBitAnd(lhs, rhs, result, getNewEventId());
+        uint256 id = getNextEventId();
+        emit EBitAnd(lhs, rhs, result, id);
+        setDigest(abi.encodePacked(result, id));
     }
 
     function eBitOr(
@@ -338,7 +346,9 @@ abstract contract EncryptedOperations is
         checkInput(rhs, typeToBitMask(rhsType));
         require(lhsType == rhsType, UnexpectedType(lhsType, typeToBitMask(rhsType)));
         result = createResultHandle(EOps.BitOr, lhsType, lhs, rhs);
-        emit EBitOr(lhs, rhs, result, getNewEventId());
+        uint256 id = getNextEventId();
+        emit EBitOr(lhs, rhs, result, id);
+        setDigest(abi.encodePacked(result, id));
     }
 
     function eBitXor(
@@ -351,7 +361,9 @@ abstract contract EncryptedOperations is
         checkInput(rhs, typeToBitMask(rhsType));
         require(lhsType == rhsType, UnexpectedType(lhsType, typeToBitMask(rhsType)));
         result = createResultHandle(EOps.BitXor, lhsType, lhs, rhs);
-        emit EBitXor(lhs, rhs, result, getNewEventId());
+        uint256 id = getNextEventId();
+        emit EBitXor(lhs, rhs, result, id);
+        setDigest(abi.encodePacked(result, id));
     }
 
     function eShl(
@@ -366,7 +378,9 @@ abstract contract EncryptedOperations is
                 euint256.unwrap(rhs)
             )
         );
-        emit EShl(lhs, rhs, result, getNewEventId());
+        uint256 id = getNextEventId();
+        emit EShl(lhs, rhs, result, id);
+        setDigest(abi.encodePacked(result, id));
     }
 
     function eShr(
@@ -381,7 +395,9 @@ abstract contract EncryptedOperations is
                 euint256.unwrap(rhs)
             )
         );
-        emit EShr(lhs, rhs, result, getNewEventId());
+        uint256 id = getNextEventId();
+        emit EShr(lhs, rhs, result, id);
+        setDigest(abi.encodePacked(result, id));
     }
 
     function eRotl(
@@ -396,7 +412,9 @@ abstract contract EncryptedOperations is
                 euint256.unwrap(rhs)
             )
         );
-        emit ERotl(lhs, rhs, result, getNewEventId());
+        uint256 id = getNextEventId();
+        emit ERotl(lhs, rhs, result, id);
+        setDigest(abi.encodePacked(result, id));
     }
 
     function eRotr(
@@ -411,7 +429,9 @@ abstract contract EncryptedOperations is
                 euint256.unwrap(rhs)
             )
         );
-        emit ERotr(lhs, rhs, result, getNewEventId());
+        uint256 id = getNextEventId();
+        emit ERotr(lhs, rhs, result, id);
+        setDigest(abi.encodePacked(result, id));
     }
 
     function eEq(
@@ -429,7 +449,9 @@ abstract contract EncryptedOperations is
                 rhs
             )
         );
-        emit EEq(lhs, rhs, result, getNewEventId());
+        uint256 id = getNextEventId();
+        emit EEq(lhs, rhs, result, id);
+        setDigest(abi.encodePacked(result, id));
     }
 
     function eNe(
@@ -447,7 +469,9 @@ abstract contract EncryptedOperations is
                 rhs
             )
         );
-        emit ENe(lhs, rhs, result, getNewEventId());
+        uint256 id = getNextEventId();
+        emit ENe(lhs, rhs, result, id);
+        setDigest(abi.encodePacked(result, id));
     }
 
     function eGe(
@@ -462,7 +486,9 @@ abstract contract EncryptedOperations is
                 euint256.unwrap(rhs)
             )
         );
-        emit EGe(lhs, rhs, result, getNewEventId());
+        uint256 id = getNextEventId();
+        emit EGe(lhs, rhs, result, id);
+        setDigest(abi.encodePacked(result, id));
     }
 
     function eGt(
@@ -477,7 +503,9 @@ abstract contract EncryptedOperations is
                 euint256.unwrap(rhs)
             )
         );
-        emit EGt(lhs, rhs, result, getNewEventId());
+        uint256 id = getNextEventId();
+        emit EGt(lhs, rhs, result, id);
+        setDigest(abi.encodePacked(result, id));
     }
 
     function eLe(
@@ -492,7 +520,9 @@ abstract contract EncryptedOperations is
                 euint256.unwrap(rhs)
             )
         );
-        emit ELe(lhs, rhs, result, getNewEventId());
+        uint256 id = getNextEventId();
+        emit ELe(lhs, rhs, result, id);
+        setDigest(abi.encodePacked(result, id));
     }
 
     function eLt(
@@ -507,7 +537,9 @@ abstract contract EncryptedOperations is
                 euint256.unwrap(rhs)
             )
         );
-        emit ELt(lhs, rhs, result, getNewEventId());
+        uint256 id = getNextEventId();
+        emit ELt(lhs, rhs, result, id);
+        setDigest(abi.encodePacked(result, id));
     }
 
     function eMin(
@@ -522,7 +554,9 @@ abstract contract EncryptedOperations is
                 euint256.unwrap(rhs)
             )
         );
-        emit EMin(lhs, rhs, result, getNewEventId());
+        uint256 id = getNextEventId();
+        emit EMin(lhs, rhs, result, id);
+        setDigest(abi.encodePacked(result, id));
     }
 
     function eMax(
@@ -537,7 +571,9 @@ abstract contract EncryptedOperations is
                 euint256.unwrap(rhs)
             )
         );
-        emit EMax(lhs, rhs, result, getNewEventId());
+        uint256 id = getNextEventId();
+        emit EMax(lhs, rhs, result, id);
+        setDigest(abi.encodePacked(result, id));
     }
 
     function eNot(ebool operand) external returns (ebool result) {
@@ -545,7 +581,9 @@ abstract contract EncryptedOperations is
         result = ebool.wrap(
             createResultHandle(EOps.Not, ETypes.Bool, ebool.unwrap(operand))
         );
-        emit ENot(operand, result, getNewEventId());
+        uint256 id = getNextEventId();
+        emit ENot(operand, result, id);
+        setDigest(abi.encodePacked(result, id));
     }
 
     function eCast(
@@ -555,7 +593,9 @@ abstract contract EncryptedOperations is
         bytes32 baseHandle = keccak256(abi.encodePacked(EOps.Cast, ct, toType));
         result = embedTypeVersion(baseHandle, toType);
         allowTransientInternal(result, msg.sender);
-        emit ECast(ct, uint8(toType), result, getNewEventId());
+        uint256 id = getNextEventId();
+        emit ECast(ct, uint8(toType), result, id);
+        setDigest(abi.encodePacked(result, id));
     }
 
     function eRand(
@@ -569,7 +609,12 @@ abstract contract EncryptedOperations is
             bytes32(randCounter++),
             bytes32(uint256(randType))
         );
-        emit ERand(randCounter, randType, result, getNewEventId());
+        //NOTE: We pass the incremented randCounter which is incremented using postfix increment above.
+        // Due to postfix returning the value before incrementing, the emitted randCounter will be larger by one than the number used to build the handle.
+        // So for security and replayability reasons, we always use the incremented randCounter when seeding on the covalidator side, which is fine for as long as we're consistent.
+        uint256 id = getNextEventId();
+        emit ERand(randCounter, randType, result, id);
+        setDigest(abi.encodePacked(result, id));
     }
 
     function eRandBounded(
@@ -586,7 +631,12 @@ abstract contract EncryptedOperations is
             upperBound,
             bytes32(uint256(randType))
         );
-        emit ERandBounded(randCounter, randType, upperBound, result, getNewEventId());
+        //NOTE: We pass the incremented randCounter which is incremented using postfix increment above.
+        // Due to postfix returning the value before incrementing, the emitted randCounter will be larger by one than the number used to build the handle.
+        // So for security and replayability reasons, we always use the incremented randCounter when seeding on the covalidator side, which is fine for as long as we're consistent.
+        uint256 id = getNextEventId();
+        emit ERandBounded(randCounter, randType, upperBound, result, id);
+        setDigest(abi.encodePacked(result, id));
     }
 
     // todo add support in testing framework
@@ -606,7 +656,9 @@ abstract contract EncryptedOperations is
         );
         result = embedTypeVersion(baseHandle, returnType);
         allowTransientInternal(result, msg.sender);
-        emit EIfThenElse(control, ifTrue, ifFalse, result, getNewEventId());
+        uint256 id = getNextEventId();
+        emit EIfThenElse(control, ifTrue, ifFalse, result, id);
+        setDigest(abi.encodePacked(result, id));
     }
 
     function checkEIfThenElseInputs(

package/src/lightning-parts/TEELifecycle.gen.sol

@@ -0,0 +1,58 @@
+/// SPDX-License-Identifier: No License
+pragma solidity ^0.8.19;
+
+import "./TEELifecycle.types.sol";
+import { ECDSA } from "@openzeppelin/contracts/utils/cryptography/ECDSA.sol";
+import { EIP712 } from "@openzeppelin/contracts/utils/cryptography/EIP712.sol";
+import { OwnableUpgradeable } from "@openzeppelin/contracts-upgradeable/access/OwnableUpgradeable.sol";
+import { IQuoteVerifier } from "automata-dcap-attestation/interfaces/IQuoteVerifier.sol";
+import { BELE } from "automata-dcap-attestation/utils/BELE.sol";
+import { HEADER_LENGTH } from "automata-dcap-attestation/types/Constants.sol";
+import { TD10ReportBody, Header } from "automata-dcap-attestation/types/V4Structs.sol";
+import { EIP712Upgradeable } from "@openzeppelin/contracts-upgradeable/utils/cryptography/EIP712Upgradeable.sol";
+import { EnclaveIdentityJsonObj, IdentityObj } from "@automata-network/on-chain-pccs/helpers/EnclaveIdentityHelper.sol";
+import { TcbInfoJsonObj } from "@automata-network/on-chain-pccs/helpers/FmspcTcbHelper.sol";
+import { AutomataFmspcTcbDao } from "@automata-network/on-chain-pccs/automata_pccs/AutomataFmspcTcbDao.sol";
+import { AutomataEnclaveIdentityDao } from "@automata-network/on-chain-pccs/automata_pccs/AutomataEnclaveIdentityDao.sol";
+
+interface ITEELifecycleGen {
+    function initialize(address owner, string memory eip712Name, string memory eip712Version, address quoteVerifierAddress) external;
+
+    ///  @notice Uploads the collateral to the contract
+    ///  @param tcbInfo - The TCB info to upload
+    ///  @param identity - The identity to upload
+    function uploadCollateral(TcbInfoJsonObj memory tcbInfo, EnclaveIdentityJsonObj memory identity) external;
+
+    ///  @notice Verifies the bootstrap data against the provided quote and signature
+    ///  @param bootstrapResult - The bootstrap data to verify
+    ///  @param quote - The quote to verify against
+    ///  @param signature - The signature to verify against
+    function verifyBootstrapResult(BootstrapResult calldata bootstrapResult, bytes calldata quote, bytes calldata signature) external;
+
+    ///  @notice Approves a new TEE version and updates the TEEVersionHistory
+    ///  @param newMRTD - The MRTD bytes of the new TEE version
+    ///  @dev This function increments the version number automatically based on the current history
+    function approveNewTEEVersion(bytes calldata newMRTD) external;
+
+    ///  @notice Adds a new covalidator to the contract state
+    ///  @param quote - The quote from the new covalidator that contains the current MRTD and the eoa address of the new party in the report data
+    function addNewCovalidator(bytes calldata quote) external;
+
+    ///  @notice Checks if the bootstrap is complete, meaning that there is an active TEE version.
+    ///  @return true if the bootstrap is complete, false otherwise
+    function isBootstrapComplete() external view returns (bool);
+
+    ///  @notice From https://github.com/automata-network/automata-dcap-attestation/blob/evm-v1.0.0/evm/contracts/verifiers/V4QuoteVerifier.sol#L309
+    ///  @notice Parses the TD10 report body from the raw quote
+    ///  @param rawQuote - The raw quote bytes
+    ///  @return report - The parsed TD10 report body
+    function parseTD10ReportBody(bytes calldata rawQuote) external pure returns (TD10ReportBody memory report);
+
+    ///  @notice Parses the TD10 report to extract the report data and MRTD
+    ///  @param tdReport - The TD10 report body
+    ///  @return reportDataSigner - The signing address of the report data signer
+    ///  @return reportMRTD - The MRTD bytes from the report
+    function parseReport(TD10ReportBody memory tdReport) external pure returns (address, bytes memory);
+
+    function bootstrapResultDigest(BootstrapResult memory bootstrapResult) external view returns (bytes32);
+}