@inco/lightning 0.5.2 → 0.6.0

package/src/lightning-parts/test/InputsFee.t.sol

@@ -0,0 +1,65 @@
+// SPDX-License-Identifier: No License
+pragma solidity ^0.8;
+
+import {Test} from "forge-std/Test.sol";
+import {EncryptedInput} from "../EncryptedInput.sol";
+import {VerifierAddressGetter} from "../primitives/VerifierAddressGetter.sol";
+import {FEE, Fee} from "../Fee.sol";
+import {IncoTest} from "../../test/IncoTest.sol";
+
+contract InputsTester is EncryptedInput {
+    constructor() VerifierAddressGetter(address(0)) {}
+}
+
+contract TestInputsFee is IncoTest {
+    InputsTester inputsTester;
+
+    function setUp() public override {
+        inputsTester = new InputsTester();
+    }
+
+    function testPayOnInputs() public {
+        // should fail if no fee
+        vm.expectRevert(Fee.FeeNotPaid.selector);
+        inputsTester.newEuint256{value: 0}(
+            fakePrepareEuint256Ciphertext(12),
+            address(0)
+        );
+
+        // should fail if not enough fee
+        vm.expectRevert(Fee.FeeNotPaid.selector);
+        inputsTester.newEuint256{value: FEE - 1}(
+            fakePrepareEuint256Ciphertext(12),
+            address(0)
+        );
+
+        // should fail if too much fee
+        vm.expectRevert(Fee.FeeNotPaid.selector);
+        inputsTester.newEuint256{value: FEE + 1}(
+            fakePrepareEuint256Ciphertext(12),
+            address(0)
+        );
+
+        // should work with exact fee
+        inputsTester.newEuint256{value: FEE}(
+            fakePrepareEuint256Ciphertext(12),
+            address(0)
+        );
+    }
+
+    function testPayForNewEbool() public {
+        // should work with exact fee
+        inputsTester.newEbool{value: FEE}(
+            fakePrepareEboolCiphertext(true),
+            address(0)
+        );
+    }
+
+    function testPayForNewEaddress() public {
+        // should work with exact fee
+        inputsTester.newEaddress{value: FEE}(
+            fakePrepareEaddressCiphertext(address(this)),
+            address(0)
+        );
+    }
+}

package/src/lightning-parts/test/TestDecryptionAttestationInSynchronousFlow.t.sol

@@ -35,6 +35,7 @@ contract TestDecryptionAttestationInSynchronousFlow is IncoTest {
     AllowanceProof emptyProof; // no proof needed when requester has the handle in persisted allowed pairs
     function testSynchronousBurning() public {
         TokenBurnCurrentBalance token = new TokenBurnCurrentBalance();
+        vm.deal(address(token), 100 ether);
         token.confidentialTransfer(
             alice,
             fakePrepareEuint256Ciphertext(10 * GWEI),

package/src/test/AddTwo.sol

@@ -1,14 +1,13 @@
 // SPDX-License-Identifier: No License
 pragma solidity ^0.8;
 
-import {euint256} from "../Types.sol";
+import {euint256, ebool} from "../Types.sol";
 import {IncoLightning} from "../IncoLightning.sol";
-
-// import {console} from "forge-std/console.sol";
+import {Fee} from "../lightning-parts/Fee.sol";
 
 // To implement such a contract, we would normally import e form Lib.sol. For test purposes, we take inco as
 // a constructor argument instead, so we can test it from other deployment addresses.
-contract AddTwo {
+contract AddTwo is Fee {
     IncoLightning inco;
 
     constructor(IncoLightning _inco) {
@@ -31,8 +30,11 @@ contract AddTwo {
 
     function addTwoEOA(
         bytes memory uint256EInput
-    ) external returns (euint256 result, euint256 resultRevealed) {
-        euint256 value = inco.newEuint256(uint256EInput, msg.sender);
+    ) external payable refundUnspent returns (euint256 result, euint256 resultRevealed) {
+        euint256 value = inco.newEuint256{value: getFee()}(
+            uint256EInput,
+            msg.sender
+        );
         result = addTwo(value);
 
         inco.allow(euint256.unwrap(result), address(this));
@@ -43,4 +45,14 @@ contract AddTwo {
         resultRevealed = addTwoAlt(value);
         inco.reveal(euint256.unwrap(resultRevealed));
     }
+
+    function getTrue() external returns (ebool) {
+        ebool trueHandle = inco.asEbool(true);
+        inco.reveal(ebool.unwrap(trueHandle));
+        return trueHandle;
+    }
+
+    receive() external payable {
+        // Accept ETH payments
+    }
 }

package/src/test/FakeIncoInfra/FakeIncoInfraBase.sol

@@ -47,6 +47,18 @@ contract FakeIncoInfraBase is TestUtils, KVStore {
         ciphertext = abi.encode(value);
     }
 
+    function fakePrepareEaddressCiphertext(
+        address value
+    ) internal pure returns (bytes memory ciphertext) {
+        ciphertext = abi.encode(value);
+    }
+
+    function fakeDecryptEaddressCiphertext(
+        bytes memory ciphertext
+    ) internal pure returns (address value) {
+        value = abi.decode(ciphertext, (address));
+    }
+
     function fakeDecryptEboolCiphertext(
         bytes memory ciphertext
     ) internal pure returns (bool value) {

package/src/test/FakeIncoInfra/MockRemoteAttestation.sol

@@ -9,6 +9,12 @@ import {
 } from "../../interfaces/automata-interfaces/Types.sol";
 
 contract MockRemoteAttestation is TestUtils {
+    /**
+     * @notice Creates a mock quote for the given MRTD and signer
+     * The RTMR0, RTMR1, RTMR2 are set to zeros
+     * @dev This function is the same as the non-TDX version of
+     * get_tdx_quote in attestation/src/remote_attestation.rs
+     */
     function createQuote(
         bytes memory mrtd,
         address signer

package/src/test/FakeIncoInfra/getOpForSelector.sol

@@ -1,6 +1,7 @@
 // SPDX-License-Identifier: No License
 pragma solidity ^0.8;
 
+import {BaseAccessControlList} from "../../lightning-parts/AccessControl/BaseAccessControlList.sol";
 import {EncryptedOperations} from "../../lightning-parts/EncryptedOperations.sol";
 import {TrivialEncryption} from "../../lightning-parts/TrivialEncryption.sol";
 import {EncryptedInput} from "../../lightning-parts/EncryptedInput.sol";
@@ -62,6 +63,10 @@ function getOpForSelector(bytes32 opEventSelector) pure returns (EOps) {
         return EOps.Rand;
     } else if (opEventSelector == EncryptedOperations.ERandBounded.selector) {
         return EOps.RandBounded;
+    } else if (opEventSelector == BaseAccessControlList.Allow.selector) {
+        return EOps.Allow;
+    } else if (opEventSelector == BaseAccessControlList.Reveal.selector) {
+        return EOps.Reveal;
     } else {
         revert("getOpForSelector: Unsupported selector");
     }

package/src/test/IncoTest.sol

@@ -32,6 +32,7 @@ contract IncoTest is MockOpHandler, DeployUtils, FakeDecryptionAttester {
         (IIncoLightning proxy, ) = deployIncoLightningUsingConfig({
             deployer: testDeployer,
             // The highest precedent deployment
+            // We select the pepper that will be used that will be generated in the lib.sol (usually "testnet"), but currently "devnet" has higher major version
             pepper: "devnet",
             quoteVerifier: new FakeQuoteVerifier()
         });

package/src/test/TEELifecycle/TEELifecycleMockTest.t.sol

@@ -19,10 +19,10 @@ contract TEELifecycleMockTest is Test, MockRemoteAttestation, TEELifecycle {
             ,
             bytes memory quote,
             bytes memory signature,
-            bytes memory mrtd
+            bytes32 mrAggregated
         ) = successfulBootstrapResult();
         vm.startPrank(this.owner());
-        this.approveNewTEEVersion(mrtd);
+        this.approveNewTEEVersion(mrAggregated);
         this.verifyBootstrapResult(bootstrapResult, quote, signature);
         assertTrue(this.isBootstrapComplete(), "Bootstrap should be complete");
         vm.stopPrank();
@@ -38,13 +38,13 @@ contract TEELifecycleMockTest is Test, MockRemoteAttestation, TEELifecycle {
             address bootstrapPartyAddress,
             bytes memory quote,
             bytes memory signature,
-            bytes memory mrtd
+            bytes32 mrAggregated
         ) = successfulBootstrapResult();
 
         quote = createQuote(badMrtd, bootstrapPartyAddress); // Replace with bad MRTD
         vm.startPrank(this.owner());
-        this.approveNewTEEVersion(mrtd);
-        vm.expectRevert(TEELifecycle.InvalidReportMRTD.selector);
+        this.approveNewTEEVersion(mrAggregated);
+        vm.expectRevert(TEELifecycle.InvalidReportMrAggregated.selector);
         this.verifyBootstrapResult(bootstrapResult, quote, signature);
         vm.stopPrank();
     }
@@ -56,7 +56,7 @@ contract TEELifecycleMockTest is Test, MockRemoteAttestation, TEELifecycle {
             ,
             bytes memory quote,
             ,
-            bytes memory mrtd
+            bytes32 mrAggregated
         ) = successfulBootstrapResult();
         (uint256 bootstrapPartyFakePrivkey, ) = getLabeledKeyPair(
             "bootstrapPartyFake"
@@ -66,8 +66,8 @@ contract TEELifecycleMockTest is Test, MockRemoteAttestation, TEELifecycle {
             bootstrapPartyFakePrivkey
         );
         vm.startPrank(this.owner());
-        this.approveNewTEEVersion(mrtd);
-        vm.expectRevert(TEELifecycle.InvalidBootstrapDataSignature.selector);
+        this.approveNewTEEVersion(mrAggregated);
+        vm.expectRevert(TEELifecycle.InvalidEIP712Signature.selector);
         this.verifyBootstrapResult(bootstrapResult, quote, signatureInvalid);
         vm.stopPrank();
     }
@@ -79,29 +79,21 @@ contract TEELifecycleMockTest is Test, MockRemoteAttestation, TEELifecycle {
             ,
             bytes memory quote,
             bytes memory signature,
-            bytes memory mrtd
+            bytes32 mrAggregated
         ) = successfulBootstrapResult();
         vm.startPrank(this.owner());
-        this.approveNewTEEVersion(mrtd);
+        this.approveNewTEEVersion(mrAggregated);
         this.verifyBootstrapResult(bootstrapResult, quote, signature);
         vm.expectRevert(TEELifecycle.BootstrapAlreadyCompleted.selector);
         this.verifyBootstrapResult(bootstrapResult, quote, signature);
         vm.stopPrank();
     }
 
-    function testApproveNewTEEInvalidMrtd() public {
-        bytes memory mrtd = hex"deadbeef";
-        vm.startPrank(this.owner());
-        vm.expectRevert(TEELifecycle.MrtdInvalidLength.selector);
-        this.approveNewTEEVersion(mrtd);
-        vm.stopPrank();
-    }
-
     function testBootstrapNotCompleteNewCoval() public {
         bytes
-            memory mrtd = hex"2a90c8fa38672cafd791d994beb6836b99383b2563736858632284f0f760a6446efd1e7ec457cf08b629ea630f7b4525";
+            memory mrAggregated = hex"2a90c8fa38672cafd791d994beb6836b99383b2563736858632284f0f760a6446efd1e7ec457cf08b629ea630f7b4525";
         (, address newCoval) = getLabeledKeyPair("newCoval");
-        bytes memory quote = createQuote(mrtd, newCoval);
+        bytes memory quote = createQuote(mrAggregated, newCoval);
         vm.startPrank(this.owner());
         vm.expectRevert(TEELifecycle.BootstrapNotComplete.selector);
         this.addNewCovalidator(quote);
@@ -115,17 +107,17 @@ contract TEELifecycleMockTest is Test, MockRemoteAttestation, TEELifecycle {
             ,
             bytes memory quote,
             bytes memory signature,
-            bytes memory mrtd
+            bytes32 mrAggregated
         ) = successfulBootstrapResult();
         vm.startPrank(this.owner());
-        this.approveNewTEEVersion(mrtd);
+        this.approveNewTEEVersion(mrAggregated);
         this.verifyBootstrapResult(bootstrapResult, quote, signature);
         bytes
             memory badMrtd = hex"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef";
         (, address newCoval) = getLabeledKeyPair("newCoval");
         bytes memory quoteNew = createQuote(badMrtd, newCoval);
 
-        vm.expectRevert(TEELifecycle.InvalidMrtdReport.selector);
+        vm.expectRevert(TEELifecycle.TEEVersionNotFound.selector);
         this.addNewCovalidator(quoteNew);
         vm.stopPrank();
     }
@@ -139,7 +131,7 @@ contract TEELifecycleMockTest is Test, MockRemoteAttestation, TEELifecycle {
             address bootstrapPartyAddress,
             bytes memory quote,
             bytes memory signature,
-            bytes memory mrtd
+            bytes32 mrAggregated
         )
     {
         (bootstrapPartyPrivkey, bootstrapPartyAddress) = getLabeledKeyPair(
@@ -147,8 +139,11 @@ contract TEELifecycleMockTest is Test, MockRemoteAttestation, TEELifecycle {
         );
         bytes
             memory eciesPubkey = hex"04ff5c6dd72ad7583288b84ee2598e081fe0bc6ef543c342e925a5dfcff9afb2444d25454d7d5dcfadc9ed99477c245efa93caf58d7f58143300d81cc948e7bdf5";
-        mrtd = hex"2a90c8fa38672cafd791d994beb6836b99383b2563736858632284f0f760a6446efd1e7ec457cf08b629ea630f7b4525";
-
+        // See DEFAULT_MRTD in attestation/src/remote_attestation.rs
+        bytes memory mrtd = hex"010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101";
+        // See DEFAULT_MR_AGGREGATED in attestation/src/remote_attestation.rs to
+        // see the calculation of the default value.
+        mrAggregated = hex"c3a67bac251d4946d7b17481d39631676042fe3afab06e70c22105ad8383c19f";
         bootstrapResult = BootstrapResult({ecies_pubkey: eciesPubkey});
 
         quote = createQuote(mrtd, bootstrapPartyAddress);

package/src/test/TestAddTwo.t.sol

@@ -2,7 +2,7 @@
 pragma solidity ^0.8;
 
 import {inco} from "../Lib.sol";
-import {euint256} from "../Types.sol";
+import {euint256, ebool} from "../Types.sol";
 import {IncoTest} from "./IncoTest.sol";
 import {AddTwo} from "./AddTwo.sol";
 
@@ -12,6 +12,7 @@ contract TestAddTwo is IncoTest {
     function setUp() public override {
         super.setUp();
         addTwo = new AddTwo(inco);
+        vm.deal(address(addTwo), 1 ether);
         vm.label(address(addTwo), "addTwo");
     }
 
@@ -33,4 +34,11 @@ contract TestAddTwo is IncoTest {
         assertFalse(inco.isAllowed(euint256.unwrap(result), bob));
         assertTrue(inco.isAllowed(euint256.unwrap(revealedResult), bob));
     }
+
+    function testTrueHandleReveal() public {
+        ebool trueVal = addTwo.getTrue();
+        processAllOperations();
+        assertEq(getBoolValue(trueVal), true);
+        assertTrue(inco.isAllowed(ebool.unwrap(trueVal), bob));
+    }
 }

package/src/test/TestFakeInfra.t.sol

@@ -270,6 +270,7 @@ contract TestFakeInfra is IncoTest, MockRemoteAttestation {
 
     function testEInput() public {
         TakesEInput inputContract = new TakesEInput();
+        vm.deal(address(inputContract), 1 ether);
         inputContract.setA(fakePrepareEuint256Ciphertext(12));
         inputContract.setB(fakePrepareEboolCiphertext(true));
         processAllOperations();
@@ -290,17 +291,25 @@ contract TestFakeInfra is IncoTest, MockRemoteAttestation {
         a.add(euint256.wrap(randomHandle));
     }
 
-    function testCreateQuote() public {
+    function testCreateQuote() public view {
         bytes
             memory mrtd = hex"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef";
         address signer = address(0x1234567890123456789012345678901234567890);
         bytes memory quote = createQuote(mrtd, signer);
         TEELifecycle lifecycle = TEELifecycle(address(inco.incoVerifier()));
         TD10ReportBody memory tdReport = lifecycle.parseTD10ReportBody(quote);
-        (address reportDataSigner, bytes memory reportMrtd) = lifecycle
+        (address reportDataSigner, bytes32 reportMrAggregated) = lifecycle
             .parseReport(tdReport);
         assertEq(reportDataSigner, signer);
-        assertEq(keccak256(reportMrtd), keccak256(mrtd));
+        assertEq(
+            reportMrAggregated,
+            lifecycle.computeMrAggregated(
+                tdReport.mrTd,
+                tdReport.rtMr0,
+                tdReport.rtMr1,
+                tdReport.rtMr2
+            )
+        );
         assertEq(quote.length, MINIMUM_QUOTE_LENGTH);
     }
 }

package/src/version/IncoLightningConfig.sol

@@ -9,6 +9,8 @@ pragma solidity ^0.8;
 string constant CONTRACT_NAME = "incoLightning";
 uint8 constant MAJOR_VERSION = 1;
 uint8 constant MINOR_VERSION = 0;
-uint8 constant PATCH_VERSION = 0;
+// whenever a new major version is deployed, we need to pump this up
+// otherwise make test_upgrade will fail
+uint8 constant PATCH_VERSION = 2;
 
 string constant VERIFIER_NAME = "incoVerifier";

package/src/test/TEELifecycle/README.md

@@ -1,53 +0,0 @@
-# TEE Lifecycle Test
-
-## TEELifecycle HW Test
-
-This test data was generated using Adrian's V0 TDX VM running in GCP. The data
-was returned collected using the `agent-lib` tool. 
-
-* To generate new test data: for `test_LifecycleBootstrap`
-
-```bash
-cd agent-lib
-
-cargo run --features hw -- start-bootstrap \
-    --expected-mrtd 0x409c0cd3e63d9ea54d817cf851983a220131262664ac8cd02cc6a2e19fd291d2fdd0cc035d7789b982a43a92a4424c99 \
-    --tee-lifecycle-grpc-url http://34.91.236.235:4321 \
-    --output-dir ../contracts/lightning/src/test/TEELifecycle/bootstrap_data 
-```
-
-* To generate new test data for `test_LifecycleNewEOA`
-
-```bash
-cd agent-lib
-
-# TODO: change this to add-node endpoint after https://github.com/Inco-fhevm/inco-monorepo/issues/889
-cargo run --features hw -- start-bootstrap \
-    --expected-mrtd 0x409c0cd3e63d9ea54d817cf851983a220131262664ac8cd02cc6a2e19fd291d2fdd0cc035d7789b982a43a92a4424c99 \
-    --tee-lifecycle-grpc-url http://34.91.236.235:4321 \
-    --output-dir ../contracts/lightning/src/test/TEELifecycle/addnode_data 
-
-# Delete the unused output data since it is not used
-# to add a node
-rm ../contracts/lightning/src/test/TEELifecycle/addnode_data/ecies_pubkey.bin
-rm ../contracts/lightning/src/test/TEELifecycle/addnode_data/eip712_signature.bin
-rm ../contracts/lightning/src/test/TEELifecycle/addnode_data/qe_identity
-rm ../contracts/lightning/src/test/TEELifecycle/addnode_data/qe_identity_signature.bin
-rm ../contracts/lightning/src/test/TEELifecycle/addnode_data/tcb_info
-rm ../contracts/lightning/src/test/TEELifecycle/addnode_data/tcb_info_signature.bin
-```
-
-* To generate the Intel root certificates
-
-```bash
-cd contracts/lightning/src/test/TEELifecycle/test_cert
-python3 -m pip install -r ../../../../../lightning-deployment/script/tee/requirements.txt
-python3 ../../../../../lightning-deployment/script/tee/get_ca_certs.py
-```
-
-* Hard code the block timestamp to the current time to ensure that there is no certificate out of date errors 
-by setting  `uint256 collateral_timestamp =` in [TEELifecycleHWTest.t](TEELifecycleHWTest.t.sol#24) to the output of:
-
-```bash
-echo $(date +%s)
-```