@inco/lightning 0.3.2 → 0.5.0

package/src/lightning-parts/AccessControl/AdvancedAccessControl.sol

@@ -0,0 +1,133 @@
+// SPDX-License-Identifier: No License
+pragma solidity ^0.8;
+
+import {AllowanceVoucher, AllowanceProof} from "./AdvancedAccessControl.types.sol";
+import {ALLOWANCE_GRANTED_MAGIC_VALUE} from "../../Types.sol";
+import {EIP712Upgradeable} from "@openzeppelin/contracts-upgradeable/utils/cryptography/EIP712Upgradeable.sol";
+import {IAdvancedAccessControl, IVoucherEip712Checker} from "./interfaces/IAdvancedAccessControl.sol";
+import {SharerNotAllowedForHandle} from "../../Types.sol";
+import {SignatureChecker} from "@openzeppelin/contracts/utils/cryptography/SignatureChecker.sol";
+import {IBaseAccessControlList} from "./interfaces/IBaseAccessControlList.sol";
+import {LightningAddressGetter} from "../primitives/LightningAddressGetter.sol";
+
+abstract contract AdvancedAccessControlStorage {
+    struct AACStorage {
+        mapping(address => bytes32) activeVouchersSessionNonce; // initial session nonce is 0
+    }
+
+    bytes32 private constant AACStorageLocation =
+        keccak256("inco.storage.AdvancedAccessControl");
+
+    function getAACStorage() internal pure returns (AACStorage storage $) {
+        bytes32 loc = AACStorageLocation;
+        assembly {
+            $.slot := loc
+        }
+    }
+}
+ 
+abstract contract VoucherEip712Checker is IVoucherEip712Checker, EIP712Upgradeable {
+    bytes32 constant AllowanceVoucherStructHash =
+        keccak256(
+            "AllowanceVoucher(bytes32 sessionNonce,address verifyingContract,bytes4 callFunction,bytes sharerArgData)"
+        );
+
+    function allowanceVoucherDigest(
+        AllowanceVoucher memory voucher
+    ) public view returns (bytes32) {
+        return
+            _hashTypedDataV4(
+                keccak256(
+                    abi.encode(
+                        AllowanceVoucherStructHash,
+                        voucher.sessionNonce,
+                        voucher.verifyingContract,
+                        voucher.callFunction,
+                        keccak256(voucher.sharerArgData)
+                    )
+                )
+            );
+    }
+}
+
+abstract contract AdvancedAccessControl is
+    IAdvancedAccessControl,
+    AdvancedAccessControlStorage,
+    VoucherEip712Checker,
+    LightningAddressGetter
+{
+    using SignatureChecker for address;
+
+    error InvalidVoucherSignature(
+        address signer,
+        bytes32 digest,
+        bytes signature
+    );
+    error InvalidVoucherSessionNonce(
+        bytes32 providedSessionNonce,
+        bytes32 activeSessionNonce
+    );
+
+    /// @dev meant to for simulation, can't be a view function as it calls other contracts
+    /// @dev returns true if the account is allowed to access the handle, false or reverts otherwise
+    function isAllowedWithProof(
+        bytes32 handle,
+        address account,
+        AllowanceProof memory proof
+    ) public returns (bool) {
+        require(
+            IBaseAccessControlList(incoLightningAddress).isAllowed(handle, proof.sharer),
+            SharerNotAllowedForHandle(handle, proof.sharer)
+        );
+        bytes32 voucherDigest = allowanceVoucherDigest(proof.voucher);
+        require(
+            proof.sharer.isValidSignatureNow(
+                voucherDigest,
+                proof.voucherSignature
+            ),
+            InvalidVoucherSignature(
+                proof.sharer,
+                voucherDigest,
+                proof.voucherSignature
+            )
+        );
+        bytes32 sharerActiveVouchersSessionNonce = getActiveVouchersSessionNonce(
+                proof.sharer
+            );
+        require(
+            proof.voucher.sessionNonce == sharerActiveVouchersSessionNonce,
+            InvalidVoucherSessionNonce(
+                proof.voucher.sessionNonce,
+                sharerActiveVouchersSessionNonce
+            )
+        );
+        (bool success, bytes memory result) = proof
+            .voucher
+            .verifyingContract
+            .call(
+                abi.encodeWithSelector(
+                    proof.voucher.callFunction,
+                    handle,
+                    account,
+                    proof.voucher.sharerArgData,
+                    proof.requesterArgData
+                )
+            );
+        return (success &&
+            result.length >= 32 &&
+            abi.decode(result, (bytes32)) == ALLOWANCE_GRANTED_MAGIC_VALUE);
+    }
+
+    function getActiveVouchersSessionNonce(
+        address account
+    ) public view returns (bytes32) {
+        return getAACStorage().activeVouchersSessionNonce[account];
+    }
+
+    /// @notice invalidates all previously signed vouchers
+    function updateActiveVouchersSessionNonce() external {
+        getAACStorage().activeVouchersSessionNonce[msg.sender] = keccak256(
+            abi.encodePacked(msg.sender, block.prevrandao)
+        );
+    }
+}

package/src/lightning-parts/AccessControl/AdvancedAccessControl.types.sol

@@ -0,0 +1,18 @@
+// SPDX-License-Identifier: No License
+pragma solidity ^0.8;
+
+// can be for arbitrary handles to arbitrary accounts
+// signed by the account sharing its read access
+struct AllowanceVoucher {
+    bytes32 sessionNonce;
+    address verifyingContract;
+    bytes4 callFunction;
+    bytes sharerArgData;
+}
+
+struct AllowanceProof {
+    address sharer;
+    AllowanceVoucher voucher;
+    bytes voucherSignature;
+    bytes requesterArgData;
+}

package/src/lightning-parts/AccessControl/BaseAccessControlList.sol

@@ -2,11 +2,14 @@
 pragma solidity ^0.8;
 
 import {SenderNotAllowedForHandle} from "../../Types.sol";
-import {IBaseAccessControlListGen} from "./BaseAccessControlList.gen.sol";
+import {IBaseAccessControlList} from "./interfaces/IBaseAccessControlList.sol";
+import {VerifierAddressGetter} from "../primitives/VerifierAddressGetter.sol";
+import {AllowanceProof} from "../AccessControl/AdvancedAccessControl.types.sol";
 
 contract AccessControlListStorage {
     struct ACLStorage {
         mapping(bytes32 handle => mapping(address account => bool isAllowed)) persistedAllowedPairs;
+        mapping(bytes32 handle => bool isAllowed) persistedAllowedForDecryption;
     }
 
     bytes32 private constant ACLStorageLocation = keccak256("inco.storage.ACL");
@@ -20,7 +23,13 @@ contract AccessControlListStorage {
 }
 
 // todo should add allowance events ?
-contract BaseAccessControlList is IBaseAccessControlListGen, AccessControlListStorage {
+abstract contract BaseAccessControlList is IBaseAccessControlList, AccessControlListStorage, VerifierAddressGetter {
+    error ProofVerificationFailed(
+        address verifyingContract,
+        bytes4 callFunction,
+        bytes argData
+    );
+    
     /// @dev persistent
     function allow(bytes32 handle, address account) public {
         require(
@@ -30,6 +39,16 @@ contract BaseAccessControlList is IBaseAccessControlListGen, AccessControlListSt
         allowInternal(handle, account);
     }
 
+    /// @dev Permanently allows public decryption/reencryption access to anyone for the given handle.
+    function reveal(bytes32 handle) public {
+        require(
+            isAllowed(handle, msg.sender),
+            SenderNotAllowedForHandle(handle, msg.sender)
+        );
+        ACLStorage storage $ = getACLStorage();
+        $.persistedAllowedForDecryption[handle] = true;
+    }
+
     /// @dev persistent
     function allowInternal(bytes32 handle, address account) internal {
         ACLStorage storage $ = getACLStorage();
@@ -87,6 +106,18 @@ contract BaseAccessControlList is IBaseAccessControlListGen, AccessControlListSt
         }
     }
 
+    function claimHandle(bytes32 handle, AllowanceProof memory proof) public {
+        require(
+            incoVerifier.isAllowedWithProof(handle, msg.sender, proof),
+            ProofVerificationFailed(
+                proof.voucher.verifyingContract,
+                proof.voucher.callFunction,
+                proof.voucher.sharerArgData
+            )
+        );
+        allowInternal(handle, msg.sender);
+    }
+
     function persistAllowed(
         bytes32 handle,
         address account
@@ -101,6 +132,14 @@ contract BaseAccessControlList is IBaseAccessControlListGen, AccessControlListSt
     ) public view returns (bool) {
         return
             allowedTransient(handle, account) ||
-            persistAllowed(handle, account);
+            persistAllowed(handle, account) ||
+            isRevealed(handle);
+    }
+
+    function isRevealed(
+        bytes32 handle
+    ) public view returns (bool) {
+        ACLStorage storage $ = getACLStorage();
+        return $.persistedAllowedForDecryption[handle];
     }
 }

package/src/lightning-parts/AccessControl/interfaces/IAdvancedAccessControl.sol

@@ -0,0 +1,25 @@
+// SPDX-License-Identifier: No License
+pragma solidity ^0.8;
+
+import {
+    AllowanceProof,
+    AllowanceVoucher
+} from "../AdvancedAccessControl.types.sol";
+
+interface IVoucherEip712Checker {
+    function allowanceVoucherDigest(
+        AllowanceVoucher memory voucher
+    ) external view returns (bytes32);
+}
+
+interface IAdvancedAccessControl is IVoucherEip712Checker {
+    function isAllowedWithProof(
+        bytes32 handle,
+        address account,
+        AllowanceProof memory proof
+    ) external returns (bool);
+    function getActiveVouchersSessionNonce(
+        address account
+    ) external view returns (bytes32);
+    function updateActiveVouchersSessionNonce() external;
+}

package/src/lightning-parts/AccessControl/interfaces/IBaseAccessControlList.sol

@@ -0,0 +1,24 @@
+// SPDX-License-Identifier: No License
+pragma solidity ^0.8;
+
+import {IVerifierAddressGetter} from "../../primitives/interfaces/IVerifierAddressGetter.sol";
+import {AllowanceProof} from "../AdvancedAccessControl.types.sol";
+
+interface IBaseAccessControlList is IVerifierAddressGetter {
+    function allow(bytes32 handle, address account) external;
+    function allowTransient(bytes32 handle, address account) external;
+    function allowedTransient(
+        bytes32 handle,
+        address account
+    ) external view returns (bool);
+    function cleanTransientStorage() external;
+    function persistAllowed(
+        bytes32 handle,
+        address account
+    ) external view returns (bool);
+    function isAllowed(
+        bytes32 handle,
+        address account
+    ) external view returns (bool);
+    function claimHandle(bytes32 handle, AllowanceProof memory proof) external;
+}

package/src/lightning-parts/AccessControl/test/TestAdvancedAccessControl.t.sol

@@ -0,0 +1,234 @@
+// SPDX-License-Identifier: No License
+pragma solidity ^0.8;
+
+import {IncoTest} from "../../../test/IncoTest.sol";
+import {SessionVerifier, Session} from "../../../periphery/SessionVerifier.sol";
+import {AllowanceVoucher, AllowanceProof} from "../AdvancedAccessControl.sol";
+import {euint256} from "../../../Types.sol";
+import {e, inco} from "../../../Lib.sol";
+import {AdvancedAccessControl} from "../AdvancedAccessControl.sol";
+import {ALLOWANCE_GRANTED_MAGIC_VALUE} from "../../../Types.sol";
+import {IIncoVerifier} from "../../../interfaces/IIncoVerifier.sol";
+
+contract SomeContractWithConfidentialData {
+    using e for bytes;
+    using e for euint256;
+
+    euint256 public secret;
+
+    function saveAPersonalSecret(bytes memory ciphertext) public {
+        secret = ciphertext.newEuint256(msg.sender);
+        secret.allow(msg.sender);
+    }
+}
+
+contract SomeVerifier {
+    struct SharerArg {
+        bytes32 handleShared;
+        address allowedAccount;
+    }
+
+    struct RequesterArg {
+        bytes2 mustBeBeef;
+    }
+
+    function someCheck(
+        bytes32 handle,
+        address account,
+        bytes memory sharerArgData,
+        bytes memory requesterArgData
+    ) public pure returns (bytes32) {
+        SharerArg memory sharerArg = abi.decode(sharerArgData, (SharerArg));
+        RequesterArg memory requesterArg = abi.decode(
+            requesterArgData,
+            (RequesterArg)
+        );
+        if (
+            requesterArg.mustBeBeef == bytes2(0xbeef) &&
+            sharerArg.handleShared == handle &&
+            sharerArg.allowedAccount == account
+        ) {
+            return ALLOWANCE_GRANTED_MAGIC_VALUE;
+        }
+        return bytes32(0);
+    }
+}
+
+contract DoesNotVerifyAnything {
+    function someCheck(
+        bytes32 /* handle */,
+        address /* account */,
+        bytes memory /* sharerArgData */,
+        bytes memory /* requesterArgData */
+    ) public pure returns (bytes32) {
+        return ALLOWANCE_GRANTED_MAGIC_VALUE;
+    }
+}
+
+contract TestAdvancedAccessControl is IncoTest {
+    SomeContractWithConfidentialData someContract;
+    bytes32 secretHandle;
+    IIncoVerifier incoVerifier;
+
+    function setUp() public override {
+        super.setUp();
+        someContract = new SomeContractWithConfidentialData();
+        bytes memory secretCt = fakePrepareEuint256Ciphertext(42);
+        vm.prank(alice);
+        someContract.saveAPersonalSecret(secretCt);
+        secretHandle = euint256.unwrap(someContract.secret());
+        incoVerifier = inco.incoVerifier();
+    }
+
+    function testAdvancedSharingWithSession() public {
+        SessionVerifier sessionVerifier = new SessionVerifier("");
+        assertFalse(
+            inco.isAllowed(secretHandle, bob),
+            "bob should't be allowed on secret yet"
+        );
+        assertTrue(
+            inco.isAllowed(secretHandle, alice),
+            "alice should be allowed on secret"
+        );
+        AllowanceVoucher memory aliceSessionVoucherForBob = AllowanceVoucher({
+            sessionNonce: bytes32(0),
+            verifyingContract: address(sessionVerifier),
+            callFunction: SessionVerifier.canUseSession.selector,
+            sharerArgData: abi.encode(
+                Session({decrypter: bob, expiresAt: block.timestamp + 1 days})
+            )
+        });
+        AllowanceProof memory bobsProof = getBobsProof(
+            aliceSessionVoucherForBob
+        );
+        assertTrue(
+            incoVerifier.isAllowedWithProof(secretHandle, bob, bobsProof),
+            "bob should be allowed on secret with proof"
+        );
+        vm.prank(bob);
+        inco.claimHandle(secretHandle, bobsProof);
+        assertTrue(
+            inco.persistAllowed(secretHandle, bob),
+            "bob should have claimed persistent allowance on secret"
+        );
+    }
+
+    function testVoucherSessionIdCheck() public {
+        DoesNotVerifyAnything verifier = new DoesNotVerifyAnything();
+        AllowanceVoucher memory voucher = AllowanceVoucher({
+            sessionNonce: bytes32(0),
+            verifyingContract: address(verifier),
+            callFunction: verifier.someCheck.selector,
+            sharerArgData: ""
+        });
+        AllowanceProof memory bobsFirstProof = getBobsProof(voucher);
+        assertTrue(
+            incoVerifier.isAllowedWithProof(secretHandle, bob, bobsFirstProof),
+            "the initial vouchers session nonce should be 0"
+        );
+        bytes32 madeUpNonce = bytes32(bytes4(0xdeadbeef));
+        voucher = AllowanceVoucher({
+            sessionNonce: madeUpNonce,
+            verifyingContract: address(verifier),
+            callFunction: verifier.someCheck.selector,
+            sharerArgData: ""
+        });
+        AllowanceProof memory invalidBobProof = getBobsProof(voucher);
+        // the session nonce should be checked by inco
+        vm.expectRevert(
+            abi.encodeWithSelector(
+                AdvancedAccessControl.InvalidVoucherSessionNonce.selector,
+                madeUpNonce,
+                bytes32(0)
+            )
+        );
+        incoVerifier.isAllowedWithProof(secretHandle, bob, invalidBobProof);
+        vm.prank(alice);
+        incoVerifier.updateActiveVouchersSessionNonce();
+        bytes32 alicesNewNonce = incoVerifier.getActiveVouchersSessionNonce(
+            alice
+        );
+        // previously valid voucher should now be invalid
+        vm.expectRevert(
+            abi.encodeWithSelector(
+                AdvancedAccessControl.InvalidVoucherSessionNonce.selector,
+                bytes32(0),
+                alicesNewNonce
+            )
+        );
+        incoVerifier.isAllowedWithProof(secretHandle, bob, bobsFirstProof);
+        voucher = AllowanceVoucher({
+            sessionNonce: alicesNewNonce,
+            verifyingContract: address(verifier),
+            callFunction: verifier.someCheck.selector,
+            sharerArgData: ""
+        });
+        AllowanceProof memory bobsSecondProof = getBobsProof(voucher);
+        assertTrue(
+            incoVerifier.isAllowedWithProof(secretHandle, bob, bobsSecondProof),
+            "the voucher should signed with the new nonce should be valid"
+        );
+    }
+
+    function testSessionVerifierAreCorrectlyCalledAsCheckers() public {
+        SomeVerifier verifier = new SomeVerifier();
+        AllowanceVoucher memory voucher = AllowanceVoucher({
+            sessionNonce: bytes32(0),
+            verifyingContract: address(verifier),
+            callFunction: verifier.someCheck.selector,
+            sharerArgData: abi.encode(
+                SomeVerifier.SharerArg({
+                    handleShared: secretHandle,
+                    allowedAccount: bob
+                })
+            )
+        });
+        AllowanceProof memory bobsProof = AllowanceProof({
+            sharer: alice,
+            voucher: voucher,
+            voucherSignature: getAliceSig(voucher),
+            requesterArgData: abi.encode(
+                SomeVerifier.RequesterArg({mustBeBeef: bytes2(0xbeef)})
+            )
+        });
+        assertTrue(
+            incoVerifier.isAllowedWithProof(secretHandle, bob, bobsProof),
+            "bob should be allowed on secret with proof"
+        );
+        bobsProof = AllowanceProof({
+            sharer: alice,
+            voucher: voucher,
+            voucherSignature: getAliceSig(voucher),
+            requesterArgData: abi.encode(
+                SomeVerifier.RequesterArg({mustBeBeef: bytes2(0xbebe)})
+            )
+        });
+        assertFalse(
+            incoVerifier.isAllowedWithProof(secretHandle, bob, bobsProof),
+            "all parameters should be checked"
+        );
+    }
+
+    function getBobsProof(
+        AllowanceVoucher memory alicesVoucher
+    ) private view returns (AllowanceProof memory) {
+        bytes memory voucherSignature = getAliceSig(alicesVoucher);
+        return
+            AllowanceProof({
+                sharer: alice,
+                voucher: alicesVoucher,
+                voucherSignature: voucherSignature,
+                requesterArgData: ""
+            });
+    }
+
+    function getAliceSig(
+        AllowanceVoucher memory voucher
+    ) private view returns (bytes memory) {
+        return
+            getSignatureForDigest(
+                incoVerifier.allowanceVoucherDigest(voucher),
+                alicePrivKey
+            );
+    }
+}

package/src/lightning-parts/AccessControl/test/TestBaseAccessControl.t.sol

@@ -1,12 +1,26 @@
 // SPDX-License-Identifier: No License
 pragma solidity ^0.8;
 
-import {TestUtils} from "@inco/shared/src/TestUtils.sol";
 import {BaseAccessControlList} from "../BaseAccessControlList.sol";
+import {VerifierAddressGetter} from "../../primitives/VerifierAddressGetter.sol";
+import {euint256, inco} from "../../../Lib.sol";
+import {IncoTest} from "../../../test/IncoTest.sol";
+
+contract TestBaseAccessControl is BaseAccessControlList, IncoTest {
+    constructor() VerifierAddressGetter(address(0)) {}
 
-contract TestBaseAccessControl is BaseAccessControlList, TestUtils {
     function testHandleZeroIsDisallowed() public view {
         bytes32 handle = bytes32(0);
         assert(!isAllowed(handle, alice));
     }
+
+    function testReveal() public {
+        euint256 secret = inco.asEuint256(1337);
+        assert(inco.isAllowed(euint256.unwrap(secret), address(this)));
+        assert(!inco.isAllowed(euint256.unwrap(secret), alice));
+
+        inco.reveal(euint256.unwrap(secret));
+        assert(inco.isAllowed(euint256.unwrap(secret), address(this)));
+        assert(inco.isAllowed(euint256.unwrap(secret), alice));
+    }
 }

package/src/lightning-parts/DecryptionAttester.sol

@@ -0,0 +1,45 @@
+// SPDX-License-Identifier: No License
+pragma solidity ^0.8;
+
+import {DecryptionAttestation} from "./DecryptionAttester.types.sol";
+import {EIP712Upgradeable} from "@openzeppelin/contracts-upgradeable/utils/cryptography/EIP712Upgradeable.sol";
+import {SignatureVerifier} from "./primitives/SignatureVerifier.sol";
+import {IDecryptionAttester} from "./interfaces/IDecryptionAttester.sol";
+
+// todo pre charging transient decrypted values leads to a superior DevX
+
+// todo #1032 add DecryptionAttester to IncoVerifier, will include signature verifier as well and fix #874
+abstract contract DecryptionAttester is
+    IDecryptionAttester,
+    SignatureVerifier,
+    EIP712Upgradeable
+{
+    bytes32 constant DecryptionAttestationStructHash =
+        keccak256("DecryptionAttestation(bytes32 handle,bytes32 value)");
+
+    function decryptionAttestationDigest(
+        DecryptionAttestation memory decryption
+    ) public view returns (bytes32) {
+        return
+            _hashTypedDataV4(
+                keccak256(
+                    abi.encode(
+                        DecryptionAttestationStructHash,
+                        decryption.handle,
+                        decryption.value
+                    )
+                )
+            );
+    }
+
+    function isValidDecryptionAttestation(
+        DecryptionAttestation memory decryption,
+        bytes memory signature
+    ) public view returns (bool) {
+        return
+            isValidSignature(
+                decryptionAttestationDigest(decryption),
+                signature
+            );
+    }
+}

package/src/lightning-parts/DecryptionAttester.types.sol

@@ -0,0 +1,7 @@
+// SPDX-License-Identifier: No License
+pragma solidity ^0.8;
+
+struct DecryptionAttestation {
+    bytes32 handle;
+    bytes32 value; // encoded bool or uint256 // todo switch this to bytes
+}

package/src/lightning-parts/EncryptedInput.sol

@@ -4,17 +4,16 @@ pragma solidity ^0.8;
 import {BaseAccessControlList} from "./AccessControl/BaseAccessControlList.sol";
 import {EventCounter} from "./primitives/EventCounter.sol";
 import {HandleGeneration} from "./primitives/HandleGeneration.sol";
-import {euint256, ebool, eaddress, ETypes, EVM_HOST_CHAIN_PREFIX, HANDLE_VERSION, HANDLE_INDEX} from "../Types.sol";
-import {IEncryptedInputGen} from "./EncryptedInput.gen.sol";
+import {euint256, ebool, eaddress, ETypes} from "../Types.sol";
+import {IEncryptedInput} from "./interfaces/IEncryptedInput.sol";
 import {HandleAlreadyExists} from "../Errors.sol";
 
 abstract contract EncryptedInput is
-    IEncryptedInputGen,
+    IEncryptedInput,
     BaseAccessControlList,
     EventCounter,
     HandleGeneration
 {
-
     event NewInput(
         bytes32 indexed result,
         address indexed contractAddress,
@@ -42,7 +41,10 @@ abstract contract EncryptedInput is
         bytes memory ciphertext,
         address user
     ) external returns (eaddress newValue) {
-        return eaddress.wrap(newInput(ciphertext, user, ETypes.AddressOrUint160OrBytes20));
+        return
+            eaddress.wrap(
+                newInput(ciphertext, user, ETypes.AddressOrUint160OrBytes20)
+            );
     }
 
     function newInput(
@@ -57,13 +59,8 @@ abstract contract EncryptedInput is
         // We allow to user since this is harmless and it is convenient to use the allow mapping to track existing
         allowInternal(newHandle, user);
         allowTransientInternal(newHandle, msg.sender);
-        emit NewInput(
-            newHandle,
-            msg.sender,
-            user,
-            inputType,
-            ciphertext,
-            getNewEventId()
-        );
+        uint256 id = getNextEventId();
+        emit NewInput(newHandle, msg.sender, user, inputType, ciphertext, id);
+        setDigest(abi.encodePacked(newHandle, id));
     }
 }