@inco/lightning 0.6.8 → 0.6.9

package/src/lightning-parts/Fee.sol

@@ -7,6 +7,7 @@ uint256 constant FEE = 0.0001 ether;
 /// @notice Fee utils for lightning functions that require a fee
 /// @dev the fee may be changed through upgrades, develop your apps accordingly!
 abstract contract Fee {
+
     error FeeNotPaid();
 
     /// @notice the fee to pay through msg.value for inputs and randomness IT MAY CHANGE
@@ -34,8 +35,9 @@ abstract contract Fee {
         uint256 spent = balanceBefore > balanceAfter ? balanceBefore - balanceAfter : 0;
         uint256 refund = msg.value > spent ? msg.value - spent : 0;
         if (refund > 0) {
-            (bool success, ) = msg.sender.call{value: refund}("");
+            (bool success,) = msg.sender.call{value: refund}("");
             require(success, "Refund failed");
         }
     }
+
 }

package/src/lightning-parts/TEELifecycle.sol

@@ -11,48 +11,47 @@ import {
     TcbInfoJsonObj,
     EnclaveIdentityJsonObj,
     IdentityObj,
-    TD10ReportBody,
+    Td10ReportBody,
     Header,
     HEADER_LENGTH
 } from "../interfaces/automata-interfaces/Types.sol";
 import {IFmspcTcbDao} from "../interfaces/automata-interfaces/IFmspcTcbDao.sol";
 import {IAutomataEnclaveIdentityDao} from "../interfaces/automata-interfaces/IAutomataEnclaveIdentityDao.sol";
+import {SignatureVerifier} from "./primitives/SignatureVerifier.sol";
 
 contract TEELifecycleStorage {
-    struct StorageForTEELifecycle {
+
+    struct StorageForTeeLifecycle {
         IQuoteVerifier quoteVerifier;
-        BootstrapResult VerifiedBootstrapResult;
-        bool BootstrapComplete;
+        BootstrapResult verifiedBootstrapResult;
+        bool bootstrapComplete;
         // @notice The list of approved TEE versions, each item is the MR_AGGREGATED 32 bytes
         // @dev The index of the TEE version is the version number
-        bytes32[] ApprovedTEEVersions;
+        bytes32[] approvedTeeVersions;
         // @notice The Network key
         // @todo rename to NetworkPubkey https://github.com/Inco-fhevm/inco-monorepo/issues/983
-        bytes ECIESPubkey;
-        mapping(address => bool) EOASigners;
+        bytes eciesPubkey;
     }
 
-    bytes32 private constant TEELifecycleStorageLocation =
-        keccak256("inco.storage.TEELifecycle");
+    bytes32 private constant TEE_LIFECYCLE_STORAGE_LOCATION = keccak256("inco.storage.TEELifecycle");
 
-    function getTEELifecycleStorage()
-        internal
-        pure
-        returns (StorageForTEELifecycle storage $)
-    {
-        bytes32 loc = TEELifecycleStorageLocation;
+    function getTeeLifecycleStorage() internal pure returns (StorageForTeeLifecycle storage $) {
+        bytes32 loc = TEE_LIFECYCLE_STORAGE_LOCATION;
         assembly {
             $.slot := loc
         }
     }
+
 }
 
 abstract contract TEELifecycle is
     TEELifecycleStorage,
     ITEELifecycle,
     OwnableUpgradeable,
+    SignatureVerifier,
     EIP712Upgradeable
 {
+
     // Errors
     error InvalidQuoteVerifierVersion(uint16 actual, uint16 expected);
     error EmptyTcbInfo();
@@ -66,53 +65,34 @@ abstract contract TEELifecycle is
     error IndexOutOfBounds();
     /// @notice The EIP712 signature recovered an incorrect address
     error InvalidEIP712Signature();
-    error EOASignerAlreadyInitialized();
-    // @notice The EOA signer in the quote is not an existing EOA signer
-    error EOASignerNotFound();
     // @notice The network pubkey signed by the TDX EOA is not the same as the one in the bootstrap result
     error InvalidNetworkPubkey();
 
     // Events
     // @notice A new MR_AGGREGATED has been approved
-    event NewTEEVersionApproved(
-        uint256 indexed version,
-        bytes32 indexed mrAggregated
-    );
+    event NewTEEVersionApproved(uint256 indexed version, bytes32 indexed mrAggregated);
     event NewCovalidatorAdded(address covalidatorAddress, bytes quote);
-    event BootstrapStageComplete(
-        address indexed newEOASigner,
-        BootstrapResult bootstrapResult
-    );
+    event BootstrapStageComplete(address indexed newEoaSigner, BootstrapResult bootstrapResult);
     // @notice Emitted to prove that an EOA has upgraded their TDX to a new
     // MR_AGGREGATED. This is done by checking remote attestation of the quote
     // and verifying the EIP712 signature of the bootstrap/upgrade result by
     // the TDX EOA.
-    event EOAHasUpdatedTDX(
-        address indexed eoaSigner,
-        bytes32 indexed mrAggregated
-    );
+    event SignerHasUpdatedTDX(address indexed eoaSigner, bytes32 indexed mrAggregated);
 
     // Constants
-    bytes32 public constant BootstrapResultStructHash =
-        keccak256(bytes("BootstrapResult(bytes ecies_pubkey)"));
-    bytes32 public constant UpgradeResultStructHash =
-        keccak256(bytes("UpgradeResult(bytes network_pubkey)"));
-    bytes32 public constant AddNodeResultStructHash =
-        keccak256(bytes("AddNodeResult(bytes network_pubkey)"));
+    bytes32 public constant BOOTSTRAP_RESULT_STRUCT_HASH = keccak256(bytes("BootstrapResult(bytes ecies_pubkey)"));
+    bytes32 public constant UPGRADE_RESULT_STRUCT_HASH = keccak256(bytes("UpgradeResult(bytes network_pubkey)"));
+    bytes32 public constant ADD_NODE_RESULT_STRUCT_HASH = keccak256(bytes("AddNodeResult(bytes network_pubkey)"));
 
     uint16 public constant QUOTE_VERIFIER_VERSION = 4;
 
-    function __TEELifecycle_init(
-        IQuoteVerifier _quoteVerifier
-    ) internal onlyInitializing {
-        getTEELifecycleStorage().quoteVerifier = _quoteVerifier;
+    // forge-lint: disable-next-line(mixed-case-function)
+    function __TeeLifecycle_init(IQuoteVerifier _quoteVerifier) internal onlyInitializing {
+        getTeeLifecycleStorage().quoteVerifier = _quoteVerifier;
         uint16 actualQuoteVerifierVersion = _quoteVerifier.quoteVersion();
         require(
             actualQuoteVerifierVersion == QUOTE_VERIFIER_VERSION,
-            InvalidQuoteVerifierVersion(
-                actualQuoteVerifierVersion,
-                QUOTE_VERIFIER_VERSION
-            )
+            InvalidQuoteVerifierVersion(actualQuoteVerifierVersion, QUOTE_VERIFIER_VERSION)
         );
     }
 
@@ -121,30 +101,18 @@ abstract contract TEELifecycle is
      * @param tcbInfo - The TCB info to upload
      * @param identity - The identity to upload
      */
-    function uploadCollateral(
-        TcbInfoJsonObj memory tcbInfo,
-        EnclaveIdentityJsonObj memory identity
-    ) public onlyOwner {
+    function uploadCollateral(TcbInfoJsonObj memory tcbInfo, EnclaveIdentityJsonObj memory identity) public onlyOwner {
         require(bytes(tcbInfo.tcbInfoStr).length != 0, EmptyTcbInfo());
         require(bytes(identity.identityStr).length != 0, EmptyIdentity());
 
         IQuoteVerifier _quoteVerifier = quoteVerifier();
 
-        IFmspcTcbDao fmspcTcbDao = IFmspcTcbDao(
-            _quoteVerifier.pccsRouter().fmspcTcbDaoAddr()
-        );
+        IFmspcTcbDao fmspcTcbDao = IFmspcTcbDao(_quoteVerifier.pccsRouter().fmspcTcbDaoAddr());
         fmspcTcbDao.upsertFmspcTcb(tcbInfo);
-        IAutomataEnclaveIdentityDao enclaveIdDao = IAutomataEnclaveIdentityDao(
-            _quoteVerifier.pccsRouter().qeIdDaoAddr()
-        );
-        (IdentityObj memory identityObj, ) = enclaveIdDao
-            .EnclaveIdentityLib()
-            .parseIdentityString(identity.identityStr);
-        enclaveIdDao.upsertEnclaveIdentity(
-            uint256(identityObj.id),
-            4,
-            identity
-        );
+        IAutomataEnclaveIdentityDao enclaveIdDao =
+            IAutomataEnclaveIdentityDao(_quoteVerifier.pccsRouter().qeIdDaoAddr());
+        (IdentityObj memory identityObj,) = enclaveIdDao.EnclaveIdentityLib().parseIdentityString(identity.identityStr);
+        enclaveIdDao.upsertEnclaveIdentity(uint256(identityObj.id), 4, identity);
     }
 
     /**
@@ -158,27 +126,22 @@ abstract contract TEELifecycle is
         bytes calldata quote,
         bytes calldata signature
     ) public onlyOwner {
-        StorageForTEELifecycle storage $ = getTEELifecycleStorage();
+        StorageForTeeLifecycle storage $ = getTeeLifecycleStorage();
 
         // Make sure the bootstrap is not already complete, and that the contract owner
         // has already submitted the pending TEE MR_AGGREGATED.
         require(!isBootstrapComplete(), BootstrapAlreadyCompleted());
-        require($.ApprovedTEEVersions.length == 1, TEEVersionNotFound());
+        require($.approvedTeeVersions.length == 1, TEEVersionNotFound());
 
         bytes32 digest = bootstrapResultDigest(bootstrapResult);
-        address reportDataSigner = _verifyResultForEOA(
-            $.ApprovedTEEVersions[0],
-            digest,
-            quote,
-            signature
-        );
+        address reportDataSigner = _verifyResultForEoa($.approvedTeeVersions[0], digest, quote, signature);
 
         // For bootstrap phase, we only have one EOA signer
         // So if we arrive here in code, it means that the EOA has signed the bootstrap result
 
         // Update contract publicly viewable state
-        $.ECIESPubkey = bootstrapResult.ecies_pubkey;
-        $.EOASigners[reportDataSigner] = true;
+        addSigner(reportDataSigner);
+        $.eciesPubkey = bootstrapResult.ecies_pubkey;
 
         emit BootstrapStageComplete(reportDataSigner, bootstrapResult);
     }
@@ -196,27 +159,19 @@ abstract contract TEELifecycle is
         bytes calldata quote,
         bytes calldata signature
     ) public {
-        StorageForTEELifecycle storage $ = getTEELifecycleStorage();
+        StorageForTeeLifecycle storage $ = getTeeLifecycleStorage();
 
         require(isBootstrapComplete(), BootstrapNotComplete());
         // Make sure the quote's network pubkey is the same as the one in the bootstrap result
-        require(
-            keccak256($.ECIESPubkey) == keccak256(upgradeResult.network_pubkey),
-            InvalidNetworkPubkey()
-        );
+        require(keccak256($.eciesPubkey) == keccak256(upgradeResult.networkPubkey), InvalidNetworkPubkey());
         // Make sure the new MR_AGGREGATED has been pre-approved.
-        bool isApproved = _isApprovedTEEVersion(newMrAggregated);
+        bool isApproved = _isApprovedTeeVersion(newMrAggregated);
         require(isApproved, TEEVersionNotFound());
 
         bytes32 digest = upgradeResultDigest(upgradeResult);
-        address reportDataSigner = _verifyResultForEOA(
-            newMrAggregated,
-            digest,
-            quote,
-            signature
-        );
+        address reportDataSigner = _verifyResultForEoa(newMrAggregated, digest, quote, signature);
         // Make sure the new EOA signer is an existing EOA signer
-        require($.EOASigners[reportDataSigner], EOASignerNotFound());
+        require(isSigner(reportDataSigner), SignerNotFound(reportDataSigner));
     }
 
     /**
@@ -229,28 +184,20 @@ abstract contract TEELifecycle is
         bytes calldata quote,
         bytes calldata signature
     ) public onlyOwner {
-        StorageForTEELifecycle storage $ = getTEELifecycleStorage();
+        StorageForTeeLifecycle storage $ = getTeeLifecycleStorage();
 
         require(isBootstrapComplete(), BootstrapNotComplete());
         // Make sure the quote's network pubkey is the same as the one in the bootstrap result
-        require(
-            keccak256($.ECIESPubkey) == keccak256(addNodeResult.network_pubkey),
-            InvalidNetworkPubkey()
-        );
+        require(keccak256($.eciesPubkey) == keccak256(addNodeResult.networkPubkey), InvalidNetworkPubkey());
         // Make sure the new MR_AGGREGATED has been pre-approved.
-        bool isApproved = _isApprovedTEEVersion(newMrAggregated);
+        bool isApproved = _isApprovedTeeVersion(newMrAggregated);
         require(isApproved, TEEVersionNotFound());
 
         bytes32 digest = addNodeResultDigest(addNodeResult);
-        address reportDataSigner = _verifyResultForEOA(
-            newMrAggregated,
-            digest,
-            quote,
-            signature
-        );
+        address reportDataSigner = _verifyResultForEoa(newMrAggregated, digest, quote, signature);
 
         // Add this new EOA signer as a new signer to the contract state
-        $.EOASigners[reportDataSigner] = true;
+        addSigner(reportDataSigner);
     }
 
     /**
@@ -259,21 +206,16 @@ abstract contract TEELifecycle is
      * @param newMrAggregated - The MR_AGGREGATED bytes of the new TEE version
      * @dev This function increments the version number automatically based on the current history
      */
-    function approveNewTEEVersion(bytes32 newMrAggregated) public onlyOwner {
-        StorageForTEELifecycle storage $ = getTEELifecycleStorage();
-        $.ApprovedTEEVersions.push(newMrAggregated);
-        emit NewTEEVersionApproved(
-            $.ApprovedTEEVersions.length - 1,
-            newMrAggregated
-        );
+    function approveNewTeeVersion(bytes32 newMrAggregated) public onlyOwner {
+        StorageForTeeLifecycle storage $ = getTeeLifecycleStorage();
+        $.approvedTeeVersions.push(newMrAggregated);
+        emit NewTEEVersionApproved($.approvedTeeVersions.length - 1, newMrAggregated);
     }
 
-    function _isApprovedTEEVersion(
-        bytes32 newMrAggregated
-    ) internal view returns (bool) {
-        StorageForTEELifecycle storage $ = getTEELifecycleStorage();
-        for (uint256 i = 0; i < $.ApprovedTEEVersions.length; i++) {
-            if ($.ApprovedTEEVersions[i] == newMrAggregated) {
+    function _isApprovedTeeVersion(bytes32 newMrAggregated) internal view returns (bool) {
+        StorageForTeeLifecycle storage $ = getTeeLifecycleStorage();
+        for (uint256 i = 0; i < $.approvedTeeVersions.length; i++) {
+            if ($.approvedTeeVersions[i] == newMrAggregated) {
                 return true;
             }
         }
@@ -288,7 +230,7 @@ abstract contract TEELifecycle is
      * @param signature - The EIP712 signature of the digest by the TDX EOA
      * @return reportDataSigner - The address of the report data signer (i.e. the TDX EOA)
      */
-    function _verifyResultForEOA(
+    function _verifyResultForEoa(
         bytes32 newMrAggregated,
         bytes32 resultEip712Digest,
         bytes calldata quote,
@@ -297,18 +239,13 @@ abstract contract TEELifecycle is
         (bool success, bytes memory output) = _verifyAndAttestOnChain(quote);
         require(success, string(output));
 
-        TD10ReportBody memory tdReport = parseTD10ReportBody(quote);
-        (address reportDataSigner, bytes32 reportMrAggregated) = parseReport(
-            tdReport
-        );
-        require(
-            reportMrAggregated == newMrAggregated,
-            InvalidReportMrAggregated()
-        );
+        Td10ReportBody memory tdReport = parseTd10ReportBody(quote);
+        (address reportDataSigner, bytes32 reportMrAggregated) = parseReport(tdReport);
+        require(reportMrAggregated == newMrAggregated, InvalidReportMrAggregated());
         address recoveredAddress = ECDSA.recover(resultEip712Digest, signature);
         require(recoveredAddress == reportDataSigner, InvalidEIP712Signature());
 
-        emit EOAHasUpdatedTDX(reportDataSigner, newMrAggregated);
+        emit SignerHasUpdatedTDX(reportDataSigner, newMrAggregated);
 
         return reportDataSigner;
     }
@@ -320,7 +257,7 @@ abstract contract TEELifecycle is
     function isBootstrapComplete() public view returns (bool) {
         // The network pubkey is set once and once only, during the bootstrap process
         // So we can use the length of the network pubkey to check if the bootstrap is complete
-        return getTEELifecycleStorage().ECIESPubkey.length > 0;
+        return getTeeLifecycleStorage().eciesPubkey.length > 0;
     }
 
     /**
@@ -332,9 +269,11 @@ abstract contract TEELifecycle is
      * For verification failures, the output is simply a UTF-8 encoded string, describing the reason for failure.
      * @dev can directly type-cast the failed output as a string
      */
-    function _verifyAndAttestOnChain(
-        bytes calldata rawQuote
-    ) internal view returns (bool success, bytes memory output) {
+    function _verifyAndAttestOnChain(bytes calldata rawQuote)
+        internal
+        view
+        returns (bool success, bytes memory output)
+    {
         // Parse the header
         Header memory header;
         (success, header) = _parseQuoteHeader(rawQuote);
@@ -348,19 +287,14 @@ abstract contract TEELifecycle is
 
         // We found a supported version, begin verifying the quote
         // Note: The quote header cannot be trusted yet, it will be validated by the Verifier library
-        (success, output) = getTEELifecycleStorage().quoteVerifier.verifyQuote(
-            header,
-            rawQuote
-        );
+        (success, output) = getTeeLifecycleStorage().quoteVerifier.verifyQuote(header, rawQuote);
     }
 
     /**
      * @notice From https://github.com/automata-network/automata-dcap-attestation/blob/evm-v1.0.0/evm/contracts/AttestationEntrypointBase.sol#L168
      * @notice Parses the header to get basic information about the quote, such as the version, TEE types etc.
      */
-    function _parseQuoteHeader(
-        bytes calldata rawQuote
-    ) private pure returns (bool success, Header memory header) {
+    function _parseQuoteHeader(bytes calldata rawQuote) private pure returns (bool success, Header memory header) {
         success = rawQuote.length >= HEADER_LENGTH;
         if (success) {
             uint16 version = uint16(BELE.leBytesToBeUint(rawQuote[0:2]));
@@ -389,44 +323,18 @@ abstract contract TEELifecycle is
      * @param rawQuote - The raw quote bytes
      * @return report - The parsed TD10 report body
      */
-    function parseTD10ReportBody(
-        bytes calldata rawQuote
-    ) public pure returns (TD10ReportBody memory report) {
-        report = TD10ReportBody({
+    function parseTd10ReportBody(bytes calldata rawQuote) public pure returns (Td10ReportBody memory report) {
+        report = Td10ReportBody({
             teeTcbSvn: bytes16(rawQuote[HEADER_LENGTH:HEADER_LENGTH + 16]),
             mrSeam: bytes(rawQuote[HEADER_LENGTH + 16:HEADER_LENGTH + 64]),
-            mrsignerSeam: bytes(
-                rawQuote[HEADER_LENGTH + 64:HEADER_LENGTH + 112]
-            ),
-            seamAttributes: bytes8(
-                uint64(
-                    BELE.leBytesToBeUint(
-                        rawQuote[HEADER_LENGTH + 112:HEADER_LENGTH + 120]
-                    )
-                )
-            ),
-            tdAttributes: bytes8(
-                uint64(
-                    BELE.leBytesToBeUint(
-                        rawQuote[HEADER_LENGTH + 120:HEADER_LENGTH + 128]
-                    )
-                )
-            ),
-            xFAM: bytes8(
-                uint64(
-                    BELE.leBytesToBeUint(
-                        rawQuote[HEADER_LENGTH + 128:HEADER_LENGTH + 136]
-                    )
-                )
-            ),
+            mrsignerSeam: bytes(rawQuote[HEADER_LENGTH + 64:HEADER_LENGTH + 112]),
+            seamAttributes: bytes8(uint64(BELE.leBytesToBeUint(rawQuote[HEADER_LENGTH + 112:HEADER_LENGTH + 120]))),
+            tdAttributes: bytes8(uint64(BELE.leBytesToBeUint(rawQuote[HEADER_LENGTH + 120:HEADER_LENGTH + 128]))),
+            xFAM: bytes8(uint64(BELE.leBytesToBeUint(rawQuote[HEADER_LENGTH + 128:HEADER_LENGTH + 136]))),
             mrTd: bytes(rawQuote[HEADER_LENGTH + 136:HEADER_LENGTH + 184]),
-            mrConfigId: bytes(
-                rawQuote[HEADER_LENGTH + 184:HEADER_LENGTH + 232]
-            ),
+            mrConfigId: bytes(rawQuote[HEADER_LENGTH + 184:HEADER_LENGTH + 232]),
             mrOwner: bytes(rawQuote[HEADER_LENGTH + 232:HEADER_LENGTH + 280]),
-            mrOwnerConfig: bytes(
-                rawQuote[HEADER_LENGTH + 280:HEADER_LENGTH + 328]
-            ),
+            mrOwnerConfig: bytes(rawQuote[HEADER_LENGTH + 280:HEADER_LENGTH + 328]),
             rtMr0: bytes(rawQuote[HEADER_LENGTH + 328:HEADER_LENGTH + 376]),
             rtMr1: bytes(rawQuote[HEADER_LENGTH + 376:HEADER_LENGTH + 424]),
             rtMr2: bytes(rawQuote[HEADER_LENGTH + 424:HEADER_LENGTH + 472]),
@@ -441,17 +349,10 @@ abstract contract TEELifecycle is
      * @return reportDataSigner - The signing address of the report data signer
      * @return reportMrAggregated - The MR_AGGREGATED bytes from the report
      */
-    function parseReport(
-        TD10ReportBody memory tdReport
-    ) public pure returns (address, bytes32) {
+    function parseReport(Td10ReportBody memory tdReport) public pure returns (address, bytes32) {
         return (
             address(bytes20(tdReport.reportData)),
-            computeMrAggregated(
-                tdReport.mrTd,
-                tdReport.rtMr0,
-                tdReport.rtMr1,
-                tdReport.rtMr2
-            )
+            computeMrAggregated(tdReport.mrTd, tdReport.rtMr0, tdReport.rtMr1, tdReport.rtMr2)
         );
     }
 
@@ -464,74 +365,43 @@ abstract contract TEELifecycle is
      * @param rtMr2 - The RTMR2 bytes
      * @return mrAggregated - The MR_AGGREGATED bytes32
      */
-    function computeMrAggregated(
-        bytes memory mrTd,
-        bytes memory rtMr0,
-        bytes memory rtMr1,
-        bytes memory rtMr2
-    ) public pure returns (bytes32) {
+    function computeMrAggregated(bytes memory mrTd, bytes memory rtMr0, bytes memory rtMr1, bytes memory rtMr2)
+        public
+        pure
+        returns (bytes32)
+    {
         bytes memory message = abi.encodePacked(mrTd, rtMr0, rtMr1, rtMr2);
         return keccak256(message);
     }
 
     function quoteVerifier() public view returns (IQuoteVerifier) {
-        return getTEELifecycleStorage().quoteVerifier;
+        return getTeeLifecycleStorage().quoteVerifier;
     }
 
-    function approvedTEEVersions(
-        uint256 index
-    ) external view returns (bytes32) {
-        StorageForTEELifecycle storage $ = getTEELifecycleStorage();
-        require(index < $.ApprovedTEEVersions.length, IndexOutOfBounds());
-        return $.ApprovedTEEVersions[index];
+    function approvedTeeVersions(uint256 index) external view returns (bytes32) {
+        StorageForTeeLifecycle storage $ = getTeeLifecycleStorage();
+        require(index < $.approvedTeeVersions.length, IndexOutOfBounds());
+        return $.approvedTeeVersions[index];
     }
 
     function eciesPubkey() external view returns (bytes memory) {
-        return getTEELifecycleStorage().ECIESPubkey;
+        return getTeeLifecycleStorage().eciesPubkey;
     }
 
-    function isEOASigner(address addr) external view returns (bool) {
-        return getTEELifecycleStorage().EOASigners[addr];
+    function bootstrapResultDigest(BootstrapResult memory bootstrapResult) public view returns (bytes32) {
+        return _hashTypedDataV4(
+            keccak256(abi.encode(BOOTSTRAP_RESULT_STRUCT_HASH, keccak256(bootstrapResult.ecies_pubkey)))
+        );
     }
 
-    function bootstrapResultDigest(
-        BootstrapResult memory bootstrapResult
-    ) public view returns (bytes32) {
+    function upgradeResultDigest(UpgradeResult memory upgradeResult) public view returns (bytes32) {
         return
-            _hashTypedDataV4(
-                keccak256(
-                    abi.encode(
-                        BootstrapResultStructHash,
-                        keccak256(bootstrapResult.ecies_pubkey)
-                    )
-                )
-            );
+            _hashTypedDataV4(keccak256(abi.encode(UPGRADE_RESULT_STRUCT_HASH, keccak256(upgradeResult.networkPubkey))));
     }
 
-    function upgradeResultDigest(
-        UpgradeResult memory upgradeResult
-    ) public view returns (bytes32) {
+    function addNodeResultDigest(AddNodeResult memory addNodeResult) public view returns (bytes32) {
         return
-            _hashTypedDataV4(
-                keccak256(
-                    abi.encode(
-                        UpgradeResultStructHash,
-                        keccak256(upgradeResult.network_pubkey)
-                    )
-                )
-            );
+            _hashTypedDataV4(keccak256(abi.encode(ADD_NODE_RESULT_STRUCT_HASH, keccak256(addNodeResult.networkPubkey))));
     }
 
-    function addNodeResultDigest(
-        AddNodeResult memory addNodeResult
-    ) public view returns (bytes32) {
-        return
-            _hashTypedDataV4(
-                keccak256(abi.encode(
-                    AddNodeResultStructHash,
-                    keccak256(addNodeResult.network_pubkey)
-                )
-            )
-        );
-    }
 }

package/src/lightning-parts/TEELifecycle.types.sol

@@ -5,8 +5,9 @@ pragma solidity ^0.8.19;
  * @notice A struct representing what the TDX EOA signs during the bootstrap process.
  */
 struct BootstrapResult {
-    // TODO: rename to network_pubkey
+    // TODO: rename to networkPubkey
     // https://github.com/Inco-fhevm/inco-monorepo/issues/983
+    // forge-lint: disable-next-line(mixed-case-variable)
     bytes ecies_pubkey;
 }
 
@@ -14,12 +15,12 @@ struct BootstrapResult {
  * @notice A struct representing what the TDX EOA signs during the upgrade process.
  */
 struct UpgradeResult {
-    bytes network_pubkey;
+    bytes networkPubkey;
 }
 
 /**
  * @notice A struct representing what the TDX EOA signs during the add node process.
  */
 struct AddNodeResult {
-    bytes network_pubkey;
+    bytes networkPubkey;
 }

package/src/lightning-parts/TrivialEncryption.sol

@@ -7,18 +7,9 @@ import {BaseAccessControlList} from "./AccessControl/BaseAccessControlList.sol";
 import {HandleGeneration} from "./primitives/HandleGeneration.sol";
 import {ITrivialEncryption} from "./interfaces/ITrivialEncryption.sol";
 
-abstract contract TrivialEncryption is
-    ITrivialEncryption,
-    EventCounter,
-    BaseAccessControlList,
-    HandleGeneration
-{
-    event TrivialEncrypt(
-        bytes32 indexed result,
-        bytes32 plainTextBytes,
-        ETypes handleType,
-        uint256 eventId
-    );
+abstract contract TrivialEncryption is ITrivialEncryption, EventCounter, BaseAccessControlList, HandleGeneration {
+
+    event TrivialEncrypt(bytes32 indexed result, bytes32 plainTextBytes, ETypes handleType, uint256 eventId);
 
     function asEuint256(uint256 value) external returns (euint256 newEuint256) {
         return euint256.wrap(newTrivialEncrypt(bytes32(value), ETypes.Uint256));
@@ -31,20 +22,15 @@ abstract contract TrivialEncryption is
 
     function asEaddress(address value) external returns (eaddress newEaddress) {
         bytes32 castedValue = bytes32(uint256(uint160(value)));
-        return
-            eaddress.wrap(
-                newTrivialEncrypt(castedValue, ETypes.AddressOrUint160OrBytes20)
-            );
+        return eaddress.wrap(newTrivialEncrypt(castedValue, ETypes.AddressOrUint160OrBytes20));
     }
 
-    function newTrivialEncrypt(
-        bytes32 plainTextBytes,
-        ETypes handleType
-    ) internal returns (bytes32 newHandle) {
+    function newTrivialEncrypt(bytes32 plainTextBytes, ETypes handleType) internal returns (bytes32 newHandle) {
         newHandle = getTrivialEncryptHandle(plainTextBytes, handleType);
         allowTransientInternal(newHandle, msg.sender);
         uint256 id = getNextEventId();
         emit TrivialEncrypt(newHandle, plainTextBytes, handleType, id);
         setDigest(abi.encodePacked(newHandle, id));
     }
+
 }

package/src/lightning-parts/interfaces/IDecryptionAttester.sol

@@ -1,9 +1,14 @@
 // SPDX-License-Identifier: No License
 pragma solidity ^0.8;
 
-import { DecryptionAttestation } from "../DecryptionAttester.types.sol";
+import {DecryptionAttestation} from "../DecryptionAttester.types.sol";
 
 interface IDecryptionAttester {
+
     function decryptionAttestationDigest(DecryptionAttestation memory decryption) external view returns (bytes32);
-    function isValidDecryptionAttestation(DecryptionAttestation memory decryption, bytes memory signature) external view returns (bool);
+    function isValidDecryptionAttestation(DecryptionAttestation memory decryption, bytes[] memory signatures)
+        external
+        view
+        returns (bool);
+
 }

package/src/lightning-parts/interfaces/IEncryptedInput.sol

@@ -4,16 +4,9 @@ pragma solidity ^0.8;
 import {euint256, ebool, eaddress} from "../../Types.sol";
 
 interface IEncryptedInput {
-    function newEuint256(
-        bytes memory ciphertext,
-        address user
-    ) external payable returns (euint256 newValue);
-    function newEbool(
-        bytes memory ciphertext,
-        address user
-    ) external payable returns (ebool newValue);
-    function newEaddress(
-        bytes memory ciphertext,
-        address user
-    ) external payable returns (eaddress newValue);
+
+    function newEuint256(bytes memory ciphertext, address user) external payable returns (euint256 newValue);
+    function newEbool(bytes memory ciphertext, address user) external payable returns (ebool newValue);
+    function newEaddress(bytes memory ciphertext, address user) external payable returns (eaddress newValue);
+
 }