add latest_tcb_eval_data_num and allow_non_latest_tcb_eval_data_num to client state

Signed-off-by: Jun Kimura <[email protected]>

Author: bluele

contracts/DCAPValidator.sol

@@ -48,6 +48,7 @@ library DCAPValidator {
      */
     struct Output {
         string tcbStatus;
+        uint32 minTcbEvaluationDataNumber;
         bytes32 sgxIntelRootCAHash;
         uint64 validityNotBeforeMax;
         uint64 validityNotAfterMin;
@@ -70,6 +71,7 @@ library DCAPValidator {
 
         Output memory output;
         output.tcbStatus = tcbStatusToString(uint8(outputBytes[8]));
+        output.minTcbEvaluationDataNumber = uint32(bytes4(outputBytes[9:13]));
         output.sgxIntelRootCAHash = bytes32(outputBytes[19:51]);
         output.validityNotBeforeMax = uint64(bytes8(outputBytes[51:59]));
         output.validityNotAfterMin = uint64(bytes8(outputBytes[59:67]));

contracts/ILCPClientErrors.sol

@@ -62,6 +62,7 @@ interface ILCPClientErrors {
     error LCPClientZKDCAPInvalidConstructorParams();
     error LCPClientZKDCAPOutputNotValid();
     error LCPClientZKDCAPUnrecognizedTCBStatus();
+    error LCPClientZKDCAPLatestTcbEvaluationDataNumberNotSet();
     error LCPClientZKDCAPInvalidVerifierInfos();
     error LCPClientZKDCAPInvalidVerifierInfoLength();
     error LCPClientZKDCAPInvalidVerifierInfoZKVMType();
@@ -72,4 +73,5 @@ interface ILCPClientErrors {
     error LCPClientZKDCAPDisallowedTCBStatus();
     error LCPClientZKDCAPDisallowedAdvisoryID();
     error LCPClientZKDCAPUnexpectedEnclaveDebugMode();
+    error LCPClientZKDCAPUnexpectedTcbEvaluationDataNumber();
 }

contracts/LCPClientZKDCAPBase.sol

@@ -24,6 +24,8 @@ abstract contract LCPClientZKDCAPBase is LCPClientBase {
 
     event ZKDCAPRegisteredEnclaveKey(string clientId, address enclaveKey, uint256 expiredAt, address operator);
 
+    event ZKDCAPBumpLatestTcbEvaluationDataNumber(string clientId, uint32 tcbEvaluationDataNumber);
+
     // --------------------- Immutable fields ---------------------
 
     /// @dev if developmentMode is true, the client allows the target enclave which is debug mode enabled.
@@ -74,6 +76,9 @@ abstract contract LCPClientZKDCAPBase is LCPClientBase {
         ClientStorage storage clientStorage = clientStorages[clientId];
         (ProtoClientState.Data memory clientState,) =
             _initializeClient(clientStorage, protoClientState, protoConsensusState);
+        if (clientState.latest_tcb_evalulation_data_number == 0) {
+            revert LCPClientZKDCAPLatestTcbEvaluationDataNumberNotSet();
+        }
         if (clientState.zkdcap_verifier_infos.length != 1) {
             revert LCPClientZKDCAPInvalidVerifierInfos();
         }
@@ -131,6 +136,7 @@ abstract contract LCPClientZKDCAPBase is LCPClientBase {
         if (clientStorage.zkDCAPRisc0ImageId == bytes32(0)) {
             revert LCPClientZKDCAPRisc0ImageIdNotSet();
         }
+        ProtoClientState.Data storage clientState = clientStorage.clientState;
         // NOTE: the client must revert if the proof is invalid
         riscZeroVerifier.verify(
             message.proof, clientStorage.zkDCAPRisc0ImageId, sha256(message.quote_verification_output)
@@ -139,7 +145,7 @@ abstract contract LCPClientZKDCAPBase is LCPClientBase {
         if (output.sgxIntelRootCAHash != intelRootCAHash) {
             revert LCPClientZKDCAPUnexpectedIntelRootCAHash();
         }
-        if (output.mrenclave != bytes32(clientStorage.clientState.mrenclave)) {
+        if (output.mrenclave != bytes32(clientState.mrenclave)) {
             revert LCPClientClientStateUnexpectedMrenclave();
         }
 
@@ -167,6 +173,18 @@ abstract contract LCPClientZKDCAPBase is LCPClientBase {
             revert LCPClientZKDCAPUnexpectedEnclaveDebugMode();
         }
 
+        if (clientState.latest_tcb_evalulation_data_number < output.minTcbEvaluationDataNumber) {
+            clientState.latest_tcb_evalulation_data_number = output.minTcbEvaluationDataNumber;
+            emit ZKDCAPBumpLatestTcbEvaluationDataNumber(clientId, output.minTcbEvaluationDataNumber);
+        } else if (clientState.latest_tcb_evalulation_data_number > output.minTcbEvaluationDataNumber) {
+            if (!clientState.allow_previous_tcb_evalulation_data_number) {
+                revert LCPClientZKDCAPUnexpectedTcbEvaluationDataNumber();
+            } else if (clientState.latest_tcb_evalulation_data_number != output.minTcbEvaluationDataNumber + 1) {
+                // NOTE: if the client allows previous TCB evaluation data number, the client should only accept the previous number
+                revert LCPClientZKDCAPUnexpectedTcbEvaluationDataNumber();
+            }
+        }
+
         // check if the validity period of the output is valid at the current block timestamp
         if (block.timestamp < output.validityNotBeforeMax || block.timestamp > output.validityNotAfterMin) {
             revert LCPClientZKDCAPOutputNotValid();
@@ -178,7 +196,7 @@ abstract contract LCPClientZKDCAPBase is LCPClientBase {
             operator = verifyECDSASignature(
                 keccak256(
                     LCPOperator.computeEIP712ZKDCAPRegisterEnclaveKey(
-                        clientStorage.clientState.zkdcap_verifier_infos[0], keccak256(message.quote_verification_output)
+                        clientState.zkdcap_verifier_infos[0], keccak256(message.quote_verification_output)
                     )
                 ),
                 message.operator_signature

contracts/proto/ibc/lightclients/lcp/v1/LCP.sol

@@ -1440,6 +1440,8 @@ library IbcLightclientsLcpV1ClientState {
     uint64 operators_nonce;
     uint64 operators_threshold_numerator;
     uint64 operators_threshold_denominator;
+    uint32 latest_tcb_evalulation_data_number;
+    bool allow_previous_tcb_evalulation_data_number;
     bytes[] zkdcap_verifier_infos;
   }
 
@@ -1480,7 +1482,7 @@ library IbcLightclientsLcpV1ClientState {
     returns (Data memory, uint)
   {
     Data memory r;
-    uint[12] memory counters;
+    uint[15] memory counters;
     uint256 fieldId;
     ProtoBufRuntime.WireType wireType;
     uint256 bytesRead;
@@ -1520,6 +1522,12 @@ library IbcLightclientsLcpV1ClientState {
         pointer += _read_operators_threshold_denominator(pointer, bs, r);
       } else
       if (fieldId == 11) {
+        pointer += _read_latest_tcb_evalulation_data_number(pointer, bs, r);
+      } else
+      if (fieldId == 12) {
+        pointer += _read_allow_previous_tcb_evalulation_data_number(pointer, bs, r);
+      } else
+      if (fieldId == 14) {
         pointer += _read_unpacked_repeated_zkdcap_verifier_infos(pointer, bs, nil(), counters);
       } else
       {
@@ -1540,9 +1548,9 @@ library IbcLightclientsLcpV1ClientState {
       require(r.operators.length == 0);
       r.operators = new bytes[](counters[7]);
     }
-    if (counters[11] > 0) {
+    if (counters[14] > 0) {
       require(r.zkdcap_verifier_infos.length == 0);
-      r.zkdcap_verifier_infos = new bytes[](counters[11]);
+      r.zkdcap_verifier_infos = new bytes[](counters[14]);
     }
 
     while (pointer < offset + sz) {
@@ -1557,7 +1565,7 @@ library IbcLightclientsLcpV1ClientState {
       if (fieldId == 7) {
         pointer += _read_unpacked_repeated_operators(pointer, bs, r, counters);
       } else
-      if (fieldId == 11) {
+      if (fieldId == 14) {
         pointer += _read_unpacked_repeated_zkdcap_verifier_infos(pointer, bs, r, counters);
       } else
       {
@@ -1649,7 +1657,7 @@ library IbcLightclientsLcpV1ClientState {
     uint256 p,
     bytes memory bs,
     Data memory r,
-    uint[12] memory counters
+    uint[15] memory counters
   ) internal pure returns (uint) {
     /**
      * if `r` is NULL, then only counting the number of fields.
@@ -1676,7 +1684,7 @@ library IbcLightclientsLcpV1ClientState {
     uint256 p,
     bytes memory bs,
     Data memory r,
-    uint[12] memory counters
+    uint[15] memory counters
   ) internal pure returns (uint) {
     /**
      * if `r` is NULL, then only counting the number of fields.
@@ -1703,7 +1711,7 @@ library IbcLightclientsLcpV1ClientState {
     uint256 p,
     bytes memory bs,
     Data memory r,
-    uint[12] memory counters
+    uint[15] memory counters
   ) internal pure returns (uint) {
     /**
      * if `r` is NULL, then only counting the number of fields.
@@ -1769,6 +1777,40 @@ library IbcLightclientsLcpV1ClientState {
     return sz;
   }
 
+  /**
+   * @dev The decoder for reading a field
+   * @param p The offset of bytes array to start decode
+   * @param bs The bytes array to be decoded
+   * @param r The in-memory struct
+   * @return The number of bytes decoded
+   */
+  function _read_latest_tcb_evalulation_data_number(
+    uint256 p,
+    bytes memory bs,
+    Data memory r
+  ) internal pure returns (uint) {
+    (uint32 x, uint256 sz) = ProtoBufRuntime._decode_uint32(p, bs);
+    r.latest_tcb_evalulation_data_number = x;
+    return sz;
+  }
+
+  /**
+   * @dev The decoder for reading a field
+   * @param p The offset of bytes array to start decode
+   * @param bs The bytes array to be decoded
+   * @param r The in-memory struct
+   * @return The number of bytes decoded
+   */
+  function _read_allow_previous_tcb_evalulation_data_number(
+    uint256 p,
+    bytes memory bs,
+    Data memory r
+  ) internal pure returns (uint) {
+    (bool x, uint256 sz) = ProtoBufRuntime._decode_bool(p, bs);
+    r.allow_previous_tcb_evalulation_data_number = x;
+    return sz;
+  }
+
   /**
    * @dev The decoder for reading a field
    * @param p The offset of bytes array to start decode
@@ -1781,17 +1823,17 @@ library IbcLightclientsLcpV1ClientState {
     uint256 p,
     bytes memory bs,
     Data memory r,
-    uint[12] memory counters
+    uint[15] memory counters
   ) internal pure returns (uint) {
     /**
      * if `r` is NULL, then only counting the number of fields.
      */
     (bytes memory x, uint256 sz) = ProtoBufRuntime._decode_bytes(p, bs);
     if (isNil(r)) {
-      counters[11] += 1;
+      counters[14] += 1;
     } else {
-      r.zkdcap_verifier_infos[r.zkdcap_verifier_infos.length - counters[11]] = x;
-      counters[11] -= 1;
+      r.zkdcap_verifier_infos[r.zkdcap_verifier_infos.length - counters[14]] = x;
+      counters[14] -= 1;
     }
     return sz;
   }
@@ -1945,10 +1987,28 @@ library IbcLightclientsLcpV1ClientState {
     );
     pointer += ProtoBufRuntime._encode_uint64(r.operators_threshold_denominator, pointer, bs);
     }
+    if (r.latest_tcb_evalulation_data_number != 0) {
+    pointer += ProtoBufRuntime._encode_key(
+      11,
+      ProtoBufRuntime.WireType.Varint,
+      pointer,
+      bs
+    );
+    pointer += ProtoBufRuntime._encode_uint32(r.latest_tcb_evalulation_data_number, pointer, bs);
+    }
+    if (r.allow_previous_tcb_evalulation_data_number != false) {
+    pointer += ProtoBufRuntime._encode_key(
+      12,
+      ProtoBufRuntime.WireType.Varint,
+      pointer,
+      bs
+    );
+    pointer += ProtoBufRuntime._encode_bool(r.allow_previous_tcb_evalulation_data_number, pointer, bs);
+    }
     if (r.zkdcap_verifier_infos.length != 0) {
     for(i = 0; i < r.zkdcap_verifier_infos.length; i++) {
       pointer += ProtoBufRuntime._encode_key(
-        11,
+        14,
         ProtoBufRuntime.WireType.LengthDelim,
         pointer,
         bs)
@@ -2015,6 +2075,8 @@ library IbcLightclientsLcpV1ClientState {
     e += 1 + ProtoBufRuntime._sz_uint64(r.operators_nonce);
     e += 1 + ProtoBufRuntime._sz_uint64(r.operators_threshold_numerator);
     e += 1 + ProtoBufRuntime._sz_uint64(r.operators_threshold_denominator);
+    e += 1 + ProtoBufRuntime._sz_uint32(r.latest_tcb_evalulation_data_number);
+    e += 1 + 1;
     for(i = 0; i < r.zkdcap_verifier_infos.length; i++) {
       e += 1 + ProtoBufRuntime._sz_lendelim(r.zkdcap_verifier_infos[i].length);
     }
@@ -2062,6 +2124,14 @@ library IbcLightclientsLcpV1ClientState {
     return false;
   }
 
+  if (r.latest_tcb_evalulation_data_number != 0) {
+    return false;
+  }
+
+  if (r.allow_previous_tcb_evalulation_data_number != false) {
+    return false;
+  }
+
   if (r.zkdcap_verifier_infos.length != 0) {
     return false;
   }
@@ -2087,6 +2157,8 @@ library IbcLightclientsLcpV1ClientState {
     output.operators_nonce = input.operators_nonce;
     output.operators_threshold_numerator = input.operators_threshold_numerator;
     output.operators_threshold_denominator = input.operators_threshold_denominator;
+    output.latest_tcb_evalulation_data_number = input.latest_tcb_evalulation_data_number;
+    output.allow_previous_tcb_evalulation_data_number = input.allow_previous_tcb_evalulation_data_number;
     output.zkdcap_verifier_infos = input.zkdcap_verifier_infos;
 
   }

proto/ibc/lightclients/lcp/v1/LCP.proto

@@ -48,15 +48,26 @@ message ClientState {
   uint64 operators_nonce = 8;
   uint64 operators_threshold_numerator = 9;
   uint64 operators_threshold_denominator = 10;
-  // An optional field to store the verifier info for zkDCAP
+
+  // The latest TCB evaluation data number
+  //
+  // The client updates the number when receiving TCB evaluation data whose number is greater than the current number.
+  uint32 latest_tcb_evalulation_data_number = 11;
+  // Whether to allow the previous TCB evaluation data number
+  //
+  // If this is true, the client will accept the previous TCB evaluation data number (i.e., `latest_tcb_evalulation_data_number` - 1).
+  // Otherwise, the client will only accept the latest TCB evaluation data number or greater.
+  bool allow_previous_tcb_evalulation_data_number = 12;
+  // The verifier info for zkDCAP
+  //
+  // The format is as follows:
+  // 0: zkVM type
+  // 1-N: arbitrary data for each zkVM type
   //
-  // if empty, the zkDCAP is not enabled
-  // otherwise, the zkDCAP is enabled
-  // The layout of each element is as follows:
-  // 0: zkVM type (e.g. 1 for risc0)
-  // 1-31: reserved
-  // 32-64: guest program identifier
-  repeated bytes zkdcap_verifier_infos = 11;
+  // zkVM type:
+  // 0: unspecified
+  // 1: risc0
+  repeated bytes zkdcap_verifier_infos = 14;
 }
 
 message ConsensusState {