@inco/lightning 0.8.0-devnet-2 → 0.8.0-devnet-3

package/src/lightning-parts/test/HandleMetadata.t.sol

@@ -3,13 +3,25 @@ pragma solidity ^0.8;
 
 import {TestUtils} from "../../shared/TestUtils.sol";
 import {HandleMetadata} from "../primitives/HandleMetadata.sol";
+import {HandleGeneration} from "../primitives/HandleGeneration.sol";
 import {TrivialEncryption} from "../TrivialEncryption.sol";
 import {EncryptedOperations} from "../EncryptedOperations.sol";
 import {EncryptedInput} from "../EncryptedInput.sol";
 import {EIP712} from "@openzeppelin/contracts/utils/cryptography/EIP712.sol";
-import {ETypes, ebool, euint256, eaddress, typeToBitMask} from "../../Types.sol";
+import {
+    ETypes,
+    ebool,
+    euint256,
+    eaddress,
+    typeToBitMask,
+    EOps,
+    isTypeSupported,
+    SenderNotAllowedForHandle
+} from "../../Types.sol";
 import {VerifierAddressGetter} from "../primitives/VerifierAddressGetter.sol";
 import {FEE} from "../Fee.sol";
+import {HandleAlreadyExists} from "../../Errors.sol";
+import {ExternalHandleDoesNotMatchComputedHandle} from "../EncryptedInput.sol";
 
 contract TestHandleMetadata is
     EIP712,
@@ -97,4 +109,326 @@ contract TestHandleMetadata is
         input = abi.encode(handle, ciphertext);
     }
 
+    // ============ Tests for HandleGeneration functions ============
+
+    function testGetTrivialEncryptHandle() public view {
+        bytes32 plaintext = bytes32(uint256(42));
+        bytes32 handle = this.getTrivialEncryptHandle(plaintext, ETypes.Uint256);
+        // Verify handle has correct type embedded
+        assert(typeOf(handle) == ETypes.Uint256);
+
+        // Test with different types
+        bytes32 boolHandle = this.getTrivialEncryptHandle(bytes32(uint256(1)), ETypes.Bool);
+        assert(typeOf(boolHandle) == ETypes.Bool);
+
+        bytes32 addrHandle =
+            this.getTrivialEncryptHandle(bytes32(uint256(0xdeadbeef)), ETypes.AddressOrUint160OrBytes20);
+        assert(typeOf(addrHandle) == ETypes.AddressOrUint160OrBytes20);
+    }
+
+    function testGetOpResultHandle() public view {
+        bytes32 inputA = bytes32(uint256(1));
+        bytes32 inputB = bytes32(uint256(2));
+        bytes memory packedInputs = abi.encodePacked(inputA, inputB);
+
+        // Test Add operation
+        bytes32 addHandle = this.getOpResultHandle(EOps.Add, ETypes.Uint256, packedInputs);
+        assert(typeOf(addHandle) == ETypes.Uint256);
+
+        // Test comparison operation (returns bool)
+        bytes32 eqHandle = this.getOpResultHandle(EOps.Eq, ETypes.Bool, packedInputs);
+        assert(typeOf(eqHandle) == ETypes.Bool);
+    }
+
+    // ============ Tests for EncryptedInput internal functions ============
+
+    /// @notice Expose the internal newInputNotPaying for testing
+    function exposedNewInputNotPaying(bytes memory ciphertext, address user, ETypes inputType)
+        public
+        returns (bytes32)
+    {
+        return newInputNotPaying(ciphertext, user, inputType);
+    }
+
+    function testNewInputNotPaying() public {
+        address self = address(this);
+        bytes32 ciphertextData = keccak256(abi.encodePacked("notpaying_ciphertext"));
+        // Create input with handle computed for this contract as msg.sender (since exposedNewInputNotPaying is public)
+        bytes memory input = getCiphertextInputForExposedCall(ciphertextData, self, ETypes.Uint256);
+        // Call the exposed version without paying
+        bytes32 handle = this.exposedNewInputNotPaying(input, self, ETypes.Uint256);
+        assert(typeOf(handle) == ETypes.Uint256);
+    }
+
+    /// @notice Helper to create input for exposed internal function calls where msg.sender == address(this)
+    function getCiphertextInputForExposedCall(bytes32 word, address user, ETypes inputType)
+        public
+        view
+        returns (bytes memory input)
+    {
+        bytes memory ciphertext = abi.encode(word);
+        // For external calls via this., msg.sender is address(this)
+        bytes32 handle = getInputHandle(ciphertext, address(this), user, address(this), inputType);
+        input = abi.encode(handle, ciphertext);
+    }
+
+    // ============ Tests for EncryptedInput error branches ============
+
+    function testNewInputTooShort() public {
+        address self = address(this);
+        // Input less than 64 bytes should revert
+        bytes memory shortInput = hex"deadbeef";
+        vm.expectRevert("Input too short, should be at least 64 bytes");
+        this.exposedNewInputNotPaying(shortInput, self, ETypes.Uint256);
+    }
+
+    function testNewInputHandleMismatch() public {
+        address self = address(this);
+        bytes32 ciphertextData = keccak256(abi.encodePacked("mismatch_test"));
+        bytes memory ciphertext = abi.encode(ciphertextData);
+        // Create input with wrong handle (just a random bytes32)
+        bytes32 wrongHandle = bytes32(uint256(12345));
+        bytes memory badInput = abi.encode(wrongHandle, ciphertext);
+
+        // Compute the expected handle for the error message
+        bytes32 expectedHandle = getInputHandle(ciphertext, address(this), self, address(this), ETypes.Uint256);
+
+        vm.expectRevert(
+            abi.encodeWithSelector(
+                ExternalHandleDoesNotMatchComputedHandle.selector,
+                wrongHandle,
+                expectedHandle,
+                block.chainid,
+                address(this),
+                self,
+                address(this)
+            )
+        );
+        this.exposedNewInputNotPaying(badInput, self, ETypes.Uint256);
+    }
+
+    function testNewInputHandleAlreadyExists() public {
+        address self = address(this);
+        bytes32 ciphertextData = keccak256(abi.encodePacked("duplicate_test"));
+        bytes memory input = getCiphertextInputForExposedCall(ciphertextData, self, ETypes.Uint256);
+
+        // First call should succeed
+        bytes32 handle = this.exposedNewInputNotPaying(input, self, ETypes.Uint256);
+
+        // Second call with same input should revert with HandleAlreadyExists
+        vm.expectRevert(abi.encodeWithSelector(HandleAlreadyExists.selector, handle));
+        this.exposedNewInputNotPaying(input, self, ETypes.Uint256);
+    }
+
+    // Tests for EncryptedOperations error branches
+
+    /// @notice Test eBitAnd with mismatched types (line 122)
+    function testEBitAndTypeMismatch() public {
+        euint256 a = this.asEuint256(42);
+        ebool b = this.asEbool(true);
+        // Error: UnexpectedType(lhsType, typeToBitMask(rhsType))
+        // With lhs=Uint256, rhs=Bool: UnexpectedType(Uint256, typeToBitMask(Bool))
+        vm.expectRevert(
+            abi.encodeWithSelector(
+                EncryptedOperations.UnexpectedType.selector, ETypes.Uint256, typeToBitMask(ETypes.Bool)
+            )
+        );
+        this.eBitAnd(euint256.unwrap(a), ebool.unwrap(b));
+    }
+
+    /// @notice Test eBitOr with mismatched types (line 134)
+    function testEBitOrTypeMismatch() public {
+        euint256 a = this.asEuint256(42);
+        ebool b = this.asEbool(true);
+        vm.expectRevert(
+            abi.encodeWithSelector(
+                EncryptedOperations.UnexpectedType.selector, ETypes.Uint256, typeToBitMask(ETypes.Bool)
+            )
+        );
+        this.eBitOr(euint256.unwrap(a), ebool.unwrap(b));
+    }
+
+    /// @notice Test eBitXor with mismatched types (line 146)
+    function testEBitXorTypeMismatch() public {
+        euint256 a = this.asEuint256(42);
+        ebool b = this.asEbool(true);
+        vm.expectRevert(
+            abi.encodeWithSelector(
+                EncryptedOperations.UnexpectedType.selector, ETypes.Uint256, typeToBitMask(ETypes.Bool)
+            )
+        );
+        this.eBitXor(euint256.unwrap(a), ebool.unwrap(b));
+    }
+
+    /// @notice Test eCast with unsupported target type (line 273)
+    function testECastUnsupportedType() public {
+        euint256 a = this.asEuint256(42);
+        ETypes unsupportedType = ETypes.Uint4UNSUPPORTED;
+        vm.expectRevert(abi.encodeWithSelector(EncryptedOperations.UnsupportedType.selector, unsupportedType));
+        this.eCast(euint256.unwrap(a), unsupportedType);
+    }
+
+    /// @notice Test eRand with unsupported type (line 282)
+    function testERandUnsupportedType() public {
+        ETypes unsupportedType = ETypes.Uint4UNSUPPORTED;
+        vm.expectRevert(abi.encodeWithSelector(EncryptedOperations.UnsupportedType.selector, unsupportedType));
+        this.eRand{value: FEE}(unsupportedType);
+    }
+
+    /// @notice Test eRandBounded with unsupported type (line 291)
+    function testERandBoundedUnsupportedType() public {
+        euint256 bound = this.asEuint256(100);
+        ETypes unsupportedType = ETypes.Uint4UNSUPPORTED;
+        vm.expectRevert(abi.encodeWithSelector(EncryptedOperations.UnsupportedType.selector, unsupportedType));
+        this.eRandBounded{value: FEE}(euint256.unwrap(bound), unsupportedType);
+    }
+
+    /// @notice Test eIfThenElse with unsupported ifTrue type (line 318)
+    function testEIfThenElseUnsupportedType() public {
+        ebool control = this.asEbool(true);
+        // Create a handle with unsupported type by manually crafting one
+        bytes32 unsupportedHandle = embedIndexTypeVersion(bytes32(uint256(1)), ETypes.Uint4UNSUPPORTED);
+        ebool ifFalse = this.asEbool(false);
+        vm.expectRevert(abi.encodeWithSelector(EncryptedOperations.UnsupportedType.selector, ETypes.Uint4UNSUPPORTED));
+        this.eIfThenElse(control, unsupportedHandle, ebool.unwrap(ifFalse));
+    }
+
+    /// @notice Test eIfThenElse with mismatched types between ifTrue and ifFalse (line 322)
+    function testEIfThenElseTypeMismatch() public {
+        ebool control = this.asEbool(true);
+        euint256 ifTrue = this.asEuint256(42);
+        ebool ifFalse = this.asEbool(false);
+        // ifTrue is Uint256, ifFalse is Bool - type mismatch should trigger checkInput failure
+        // Error is UnexpectedType(ifFalse type=Bool, required type mask for Uint256)
+        vm.expectRevert(
+            abi.encodeWithSelector(
+                EncryptedOperations.UnexpectedType.selector, ETypes.Bool, typeToBitMask(ETypes.Uint256)
+            )
+        );
+        this.eIfThenElse(control, euint256.unwrap(ifTrue), ebool.unwrap(ifFalse));
+    }
+
+    /// @notice Test eIfThenElse with ifTrue handle not allowed for sender
+    function testEIfThenElseIfTrueNotAllowed() public {
+        // Create handles from this contract (allowed)
+        ebool control = this.asEbool(true);
+        euint256 ifTrue = this.asEuint256(42);
+        ebool ifFalse = this.asEbool(false);
+
+        // Allow alice to access control and ifFalse, but NOT ifTrue
+        this.allow(ebool.unwrap(control), alice);
+        this.allow(ebool.unwrap(ifFalse), alice);
+
+        // Call eIfThenElse as alice - should fail on ifTrue check
+        vm.prank(alice);
+        vm.expectRevert(abi.encodeWithSelector(SenderNotAllowedForHandle.selector, euint256.unwrap(ifTrue), alice));
+        this.eIfThenElse(control, euint256.unwrap(ifTrue), ebool.unwrap(ifFalse));
+    }
+
+    // ============ Fuzz Tests for HandleMetadata ============
+
+    /// @dev Fuzz test for type embedding round-trip: typeOf(embedTypeVersion(h, t)) == t
+    function testFuzzTypeEmbeddingRoundTrip(bytes32 prehandle, uint8 typeIndex) public pure {
+        // Constrain to supported types (0=Bool, 7=AddressOrUint160OrBytes20, 8=Uint256)
+        ETypes inputType;
+        uint8 typeSelector = typeIndex % 3;
+        if (typeSelector == 0) {
+            inputType = ETypes.Bool;
+        } else if (typeSelector == 1) {
+            inputType = ETypes.AddressOrUint160OrBytes20;
+        } else {
+            inputType = ETypes.Uint256;
+        }
+
+        bytes32 embeddedHandle = embedTypeVersion(prehandle, inputType);
+        ETypes extractedType = typeOf(embeddedHandle);
+
+        assert(extractedType == inputType);
+    }
+
+    /// @dev Fuzz test for embedIndexTypeVersion round-trip
+    function testFuzzEmbedIndexTypeVersionRoundTrip(bytes32 prehandle, uint8 typeIndex) public pure {
+        // Constrain to supported types
+        ETypes inputType;
+        uint8 typeSelector = typeIndex % 3;
+        if (typeSelector == 0) {
+            inputType = ETypes.Bool;
+        } else if (typeSelector == 1) {
+            inputType = ETypes.AddressOrUint160OrBytes20;
+        } else {
+            inputType = ETypes.Uint256;
+        }
+
+        bytes32 embeddedHandle = embedIndexTypeVersion(prehandle, inputType);
+        ETypes extractedType = typeOf(embeddedHandle);
+
+        assert(extractedType == inputType);
+    }
+
+    /// @dev Fuzz test that typeOf correctly extracts type from handles with valid embedded types
+    function testFuzzTypeOfExtraction(bytes32 prehandle, uint8 typeIndex) public pure {
+        // First embed a valid type, then verify extraction
+        ETypes inputType;
+        uint8 typeSelector = typeIndex % 3;
+        if (typeSelector == 0) {
+            inputType = ETypes.Bool;
+        } else if (typeSelector == 1) {
+            inputType = ETypes.AddressOrUint160OrBytes20;
+        } else {
+            inputType = ETypes.Uint256;
+        }
+
+        bytes32 handle = embedTypeVersion(prehandle, inputType);
+
+        // Extract the type from the handle
+        ETypes extractedType = typeOf(handle);
+
+        // Manually compute what the type should be (bits 8-15 of the handle)
+        uint8 expectedTypeValue = uint8(uint256(handle) >> 8);
+
+        // Verify the extraction matches manual computation
+        assert(uint8(extractedType) == expectedTypeValue);
+        // Also verify it matches what we embedded
+        assert(extractedType == inputType);
+    }
+
+    /// @dev Fuzz test that embedding preserves upper bits of handle
+    function testFuzzEmbeddingPreservesUpperBits(bytes32 prehandle, uint8 typeIndex) public pure {
+        ETypes inputType;
+        uint8 typeSelector = typeIndex % 3;
+        if (typeSelector == 0) {
+            inputType = ETypes.Bool;
+        } else if (typeSelector == 1) {
+            inputType = ETypes.AddressOrUint160OrBytes20;
+        } else {
+            inputType = ETypes.Uint256;
+        }
+
+        bytes32 embeddedHandle = embedTypeVersion(prehandle, inputType);
+
+        // Verify upper 30 bytes (240 bits) are preserved
+        // Mask out the lower 2 bytes (16 bits) for comparison
+        bytes32 upperMask = 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0000;
+        assert((prehandle & upperMask) == (embeddedHandle & upperMask));
+    }
+
+    /// @dev Fuzz test that embedIndexTypeVersion clears index byte correctly
+    function testFuzzEmbedIndexClearsCorrectly(bytes32 prehandle, uint8 typeIndex) public pure {
+        ETypes inputType;
+        uint8 typeSelector = typeIndex % 3;
+        if (typeSelector == 0) {
+            inputType = ETypes.Bool;
+        } else if (typeSelector == 1) {
+            inputType = ETypes.AddressOrUint160OrBytes20;
+        } else {
+            inputType = ETypes.Uint256;
+        }
+
+        bytes32 embeddedHandle = embedIndexTypeVersion(prehandle, inputType);
+
+        // Extract index byte (bits 16-23) - should be HANDLE_INDEX (0)
+        uint8 indexByte = uint8(uint256(embeddedHandle) >> 16);
+        assert(indexByte == 0); // HANDLE_INDEX is 0
+    }
+
 }

package/src/periphery/SessionVerifier.sol

@@ -39,12 +39,14 @@ contract SessionVerifier is UUPSUpgradeable, OwnableUpgradeable, Version {
         bytes32, /* handle */
         address account,
         bytes memory sharerArgData,
-        bytes memory /* requesterArgData */
+        bytes memory requesterArgData
     )
         external
         view
         returns (bytes32)
     {
+        // unused variable just here to bypass linter
+        (requesterArgData);
         Session memory session = abi.decode(sharerArgData, (Session));
         if (session.expiresAt >= block.timestamp && session.decrypter == account) {
             return ALLOWANCE_GRANTED_MAGIC_VALUE;

package/src/test/TEELifecycle/TEELifecycleMockTest.t.sol

@@ -2,9 +2,18 @@
 pragma solidity ^0.8.0;
 
 import {TEELifecycle} from "../../lightning-parts/TEELifecycle.sol";
-import {BootstrapResult, AddNodeResult} from "../../lightning-parts/TEELifecycle.types.sol";
+import {BootstrapResult, AddNodeResult, UpgradeResult} from "../../lightning-parts/TEELifecycle.types.sol";
 import {MockRemoteAttestation} from "../FakeIncoInfra/MockRemoteAttestation.sol";
 import {FakeQuoteVerifier} from "../FakeIncoInfra/FakeQuoteVerifier.sol";
+import {IQuoteVerifier} from "../../interfaces/automata-interfaces/IQuoteVerifier.sol";
+import {
+    TcbInfoJsonObj,
+    EnclaveIdentityJsonObj,
+    TDX_TEE,
+    HEADER_LENGTH,
+    MINIMUM_QUOTE_LENGTH
+} from "../../interfaces/automata-interfaces/Types.sol";
+import {SignatureVerifier} from "../../lightning-parts/primitives/SignatureVerifier.sol";
 
 contract TEELifecycleMockTest is MockRemoteAttestation, TEELifecycle {
 
@@ -219,4 +228,225 @@ contract TEELifecycleMockTest is MockRemoteAttestation, TEELifecycle {
         return getSignatureForDigest(addNodeResultDigest, privateKey);
     }
 
+    // Helper function to sign the upgrade result
+    function signUpgradeResult(UpgradeResult memory upgradeResult, uint256 privateKey)
+        internal
+        view
+        returns (bytes memory)
+    {
+        bytes32 upgradeResultDigest = upgradeResultDigest(upgradeResult);
+        return getSignatureForDigest(upgradeResultDigest, privateKey);
+    }
+
+    // ============ Getter Tests ============
+
+    function testQuoteVerifier() public view {
+        IQuoteVerifier qv = this.quoteVerifier();
+        assertEq(address(qv), address(getTeeLifecycleStorage().quoteVerifier));
+    }
+
+    function testNetworkPubkeyGetter() public {
+        // Before bootstrap, network pubkey should be empty
+        assertEq(this.networkPubkey().length, 0);
+
+        // Complete bootstrap
+        (BootstrapResult memory bootstrapResult,,, bytes memory quote, bytes memory signature, bytes32 mrAggregated) =
+            successfulBootstrapResult();
+        vm.startPrank(this.owner());
+        this.approveNewTeeVersion(mrAggregated);
+        this.verifyBootstrapResult(bootstrapResult, quote, signature);
+        vm.stopPrank();
+
+        // After bootstrap, network pubkey should be set
+        assertEq(this.networkPubkey(), testNetworkPubkey);
+    }
+
+    function testApprovedTeeVersions() public {
+        vm.startPrank(this.owner());
+        this.approveNewTeeVersion(testMrAggregated);
+        vm.stopPrank();
+
+        bytes32 version = this.approvedTeeVersions(0);
+        assertEq(version, testMrAggregated);
+    }
+
+    function testApprovedTeeVersions_IndexOutOfBounds() public {
+        vm.expectRevert(TEELifecycle.IndexOutOfBounds.selector);
+        this.approvedTeeVersions(0);
+    }
+
+    function testUpgradeResultDigest() public view {
+        UpgradeResult memory upgradeResult = UpgradeResult({networkPubkey: testNetworkPubkey});
+        bytes32 digest = this.upgradeResultDigest(upgradeResult);
+        // Digest should not be zero
+        assertTrue(digest != bytes32(0));
+    }
+
+    // ============ verifyUpgradeResult Tests ============
+
+    function testVerifyUpgradeResult() public {
+        // First complete bootstrap
+        (
+            BootstrapResult memory bootstrapResult,
+            uint256 bootstrapPartyPrivkey,
+            address bootstrapPartyAddress,
+            bytes memory quote,
+            bytes memory signature,
+            bytes32 mrAggregated
+        ) = successfulBootstrapResult();
+        vm.startPrank(this.owner());
+        this.approveNewTeeVersion(mrAggregated);
+        this.verifyBootstrapResult(bootstrapResult, quote, signature);
+
+        // Now test upgrade - use the same signer (they're upgrading their TDX)
+        UpgradeResult memory upgradeResult = UpgradeResult({networkPubkey: testNetworkPubkey});
+        bytes memory upgradeSignature = signUpgradeResult(upgradeResult, bootstrapPartyPrivkey);
+        bytes memory upgradeQuote = createQuote(testMrtd, bootstrapPartyAddress);
+
+        // verifyUpgradeResult calls _verifyResultForEoa which has onlyOwner
+        this.verifyUpgradeResult(mrAggregated, upgradeResult, upgradeQuote, upgradeSignature);
+        vm.stopPrank();
+    }
+
+    function testVerifyUpgradeResult_BootstrapNotComplete() public {
+        UpgradeResult memory upgradeResult = UpgradeResult({networkPubkey: testNetworkPubkey});
+        vm.expectRevert(TEELifecycle.BootstrapNotComplete.selector);
+        this.verifyUpgradeResult(testMrAggregated, upgradeResult, hex"", hex"");
+    }
+
+    function testVerifyUpgradeResult_InvalidNetworkPubkey() public {
+        // First complete bootstrap
+        (BootstrapResult memory bootstrapResult,,, bytes memory quote, bytes memory signature, bytes32 mrAggregated) =
+            successfulBootstrapResult();
+        vm.startPrank(this.owner());
+        this.approveNewTeeVersion(mrAggregated);
+        this.verifyBootstrapResult(bootstrapResult, quote, signature);
+        vm.stopPrank();
+
+        // Try upgrade with wrong network pubkey
+        UpgradeResult memory upgradeResult = UpgradeResult({networkPubkey: hex"deadbeef"});
+        vm.expectRevert(TEELifecycle.InvalidNetworkPubkey.selector);
+        this.verifyUpgradeResult(mrAggregated, upgradeResult, quote, signature);
+    }
+
+    function testVerifyUpgradeResult_TEEVersionNotFound() public {
+        // First complete bootstrap
+        (BootstrapResult memory bootstrapResult,,, bytes memory quote, bytes memory signature, bytes32 mrAggregated) =
+            successfulBootstrapResult();
+        vm.startPrank(this.owner());
+        this.approveNewTeeVersion(mrAggregated);
+        this.verifyBootstrapResult(bootstrapResult, quote, signature);
+        vm.stopPrank();
+
+        // Try upgrade with unapproved MR_AGGREGATED
+        bytes32 unapprovedMr = bytes32(uint256(1234));
+        UpgradeResult memory upgradeResult = UpgradeResult({networkPubkey: testNetworkPubkey});
+        vm.expectRevert(TEELifecycle.TEEVersionNotFound.selector);
+        this.verifyUpgradeResult(unapprovedMr, upgradeResult, quote, signature);
+    }
+
+    // ============ Tests for digest functions ============
+
+    function testAddNodeResultDigest() public view {
+        AddNodeResult memory addNodeResult = AddNodeResult({networkPubkey: testNetworkPubkey});
+        bytes32 digest = this.addNodeResultDigest(addNodeResult);
+        // Verify digest is non-zero and deterministic
+        assertTrue(digest != bytes32(0), "Digest should not be zero");
+        // Call again to verify determinism
+        bytes32 digest2 = this.addNodeResultDigest(addNodeResult);
+        assertEq(digest, digest2, "Digest should be deterministic");
+    }
+
+    // ============ Tests for uploadCollateral validation ============
+
+    function testUploadCollateral_RevertsWhenEmptyTcbInfo() public {
+        TcbInfoJsonObj memory emptyTcbInfo = TcbInfoJsonObj({tcbInfoStr: "", signature: ""});
+        EnclaveIdentityJsonObj memory validIdentity = EnclaveIdentityJsonObj({identityStr: "valid", signature: ""});
+
+        vm.prank(this.owner());
+        vm.expectRevert(TEELifecycle.EmptyTcbInfo.selector);
+        this.uploadCollateral(emptyTcbInfo, validIdentity);
+    }
+
+    function testUploadCollateral_RevertsWhenEmptyIdentity() public {
+        TcbInfoJsonObj memory validTcbInfo = TcbInfoJsonObj({tcbInfoStr: "valid", signature: ""});
+        EnclaveIdentityJsonObj memory emptyIdentity = EnclaveIdentityJsonObj({identityStr: "", signature: ""});
+
+        vm.prank(this.owner());
+        vm.expectRevert(TEELifecycle.EmptyIdentity.selector);
+        this.uploadCollateral(validTcbInfo, emptyIdentity);
+    }
+
+    // ============ Tests for verifyUpgradeResult SignerNotFound ============
+
+    function testVerifyUpgradeResult_RevertsWhenNotASigner() public {
+        // First complete bootstrap
+        (BootstrapResult memory bootstrapResult,,, bytes memory quote, bytes memory signature, bytes32 mrAggregated) =
+            successfulBootstrapResult();
+        vm.startPrank(this.owner());
+        this.approveNewTeeVersion(mrAggregated);
+        this.verifyBootstrapResult(bootstrapResult, quote, signature);
+
+        // Create a new EOA that is NOT a signer
+        (uint256 nonSignerPrivkey, address nonSignerAddress) = getLabeledKeyPair("nonSigner");
+
+        // Create upgrade result and quote for the non-signer
+        UpgradeResult memory upgradeResult = UpgradeResult({networkPubkey: testNetworkPubkey});
+        bytes memory upgradeSignature = signUpgradeResult(upgradeResult, nonSignerPrivkey);
+        bytes memory upgradeQuote = createQuote(testMrtd, nonSignerAddress);
+
+        // Should revert because nonSignerAddress is not a registered signer
+        vm.expectRevert(abi.encodeWithSelector(SignatureVerifier.SignerNotFound.selector, nonSignerAddress));
+        this.verifyUpgradeResult(mrAggregated, upgradeResult, upgradeQuote, upgradeSignature);
+        vm.stopPrank();
+    }
+
+    // ============ Tests for _verifyAndAttestOnChain error paths ============
+
+    function testVerifyBootstrapResult_RevertsWhenQuoteTooShort() public {
+        BootstrapResult memory bootstrapResult = BootstrapResult({networkPubkey: testNetworkPubkey});
+        bytes memory shortQuote = hex"0102030405"; // Much shorter than HEADER_LENGTH (48 bytes)
+        bytes memory signature = signBootstrapResult(bootstrapResult, teePrivKey);
+
+        vm.startPrank(this.owner());
+        this.approveNewTeeVersion(testMrAggregated);
+        vm.expectRevert("Could not parse quote header");
+        this.verifyBootstrapResult(bootstrapResult, shortQuote, signature);
+        vm.stopPrank();
+    }
+
+    function testVerifyBootstrapResult_RevertsWhenUnsupportedQuoteVersion() public {
+        BootstrapResult memory bootstrapResult = BootstrapResult({networkPubkey: testNetworkPubkey});
+
+        // Create a quote with wrong version (version 3 instead of 4)
+        // Version is in first 2 bytes as little-endian
+        bytes memory wrongVersionQuote = createQuoteWithVersion(testMrtd, teeEOA, 3);
+        bytes memory signature = signBootstrapResult(bootstrapResult, teePrivKey);
+
+        vm.startPrank(this.owner());
+        this.approveNewTeeVersion(testMrAggregated);
+        vm.expectRevert("Unsupported quote version");
+        this.verifyBootstrapResult(bootstrapResult, wrongVersionQuote, signature);
+        vm.stopPrank();
+    }
+
+    // Helper function to create a quote with a specific version
+    function createQuoteWithVersion(bytes memory mrtd, address signer, uint16 version)
+        internal
+        pure
+        returns (bytes memory quote)
+    {
+        require(mrtd.length == 48, "MRTD should be 48 bytes");
+        // Version as little-endian 2 bytes, then 2 bytes padding
+        bytes4 versionBytes = bytes4(uint32(version)); // little-endian
+        bytes4 tdxTeeType = TDX_TEE;
+        bytes memory prefix = new bytes(HEADER_LENGTH + 136 - 8);
+        bytes memory middle = new bytes(520 - 184);
+        bytes memory reportDataSuffix = new bytes(44);
+        bytes memory suffix = new bytes(MINIMUM_QUOTE_LENGTH - HEADER_LENGTH - 584);
+        quote = abi.encodePacked(
+            versionBytes, tdxTeeType, prefix, mrtd, middle, abi.encodePacked(signer), reportDataSuffix, suffix
+        );
+    }
+
 }

package/src/test/TestEventCounter.t.sol

@@ -0,0 +1,43 @@
+// SPDX-License-Identifier: No License
+pragma solidity ^0.8;
+
+import {IncoTest} from "./IncoTest.sol";
+import {inco} from "../Lib.sol";
+import {EventCounter} from "../lightning-parts/primitives/EventCounter.sol";
+
+/// @dev Test harness to expose internal getNewEventId() for coverage
+contract EventCounterHarness is EventCounter {
+
+    function exposed_getNewEventId() external returns (uint256) {
+        return getNewEventId();
+    }
+
+}
+
+contract TestEventCounter is IncoTest {
+
+    /// @dev Tests the deprecated getEventCounter() function for coverage.
+    /// getEventCounter() is deprecated in favor of getNextEventId().
+    function testGetEventCounter_Deprecated() public view {
+        // Both functions should return the same value
+        uint256 counter = inco.getEventCounter();
+        uint256 nextId = inco.getNextEventId();
+        assertEq(counter, nextId, "getEventCounter should equal getNextEventId");
+    }
+
+    /// @dev Tests getNewEventId() which increments the counter and returns the new ID.
+    /// This function is used by lightning-preview's EList operations.
+    function testGetNewEventId() public {
+        EventCounterHarness harness = new EventCounterHarness();
+
+        uint256 firstId = harness.exposed_getNewEventId();
+        assertEq(firstId, 0, "First event ID should be 0");
+
+        uint256 secondId = harness.exposed_getNewEventId();
+        assertEq(secondId, 1, "Second event ID should be 1");
+
+        uint256 thirdId = harness.exposed_getNewEventId();
+        assertEq(thirdId, 2, "Third event ID should be 2");
+    }
+
+}

package/src/test/TestFakeInfra.t.sol

@@ -139,9 +139,10 @@ contract TestFakeInfra is IncoTest {
     function testEShr() public {
         euint256 a = e.asEuint256(10);
         euint256 b = e.asEuint256(4);
-        euint256 c = a.xor(b);
+
+        euint256 c = a.shr(b);
         processAllOperations();
-        assertEq(getUint256Value(c), 14);
+        assertEq(getUint256Value(c), 0);
     }
 
     function testERotl() public {
@@ -546,6 +547,12 @@ contract TestFakeInfra is IncoTest {
         a.add(euint256.wrap(randomHandle));
     }
 
+    function testECastAllowed() public {
+        bytes32 invalidHandle = keccak256("invalid handle");
+        vm.expectRevert(abi.encodeWithSelector(SenderNotAllowedForHandle.selector, invalidHandle, address(this)));
+        euint256.wrap(invalidHandle).asEbool();
+    }
+
     function testCreateQuote() public view {
         bytes memory mrtd =
             hex"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef";