add latest_tcb_eval_data_num and allow_non_latest_tcb_eval_data_num to client state

Signed-off-by: Jun Kimura <jun.kimura@datachain.jp>

Author: bluele

contracts/DCAPValidator.sol

@@ -48,6 +48,7 @@ library DCAPValidator {
      */
     struct Output {
         string tcbStatus;
+        uint32 minTcbEvaluationDataNumber;
         bytes32 sgxIntelRootCAHash;
         uint64 validityNotBeforeMax;
         uint64 validityNotAfterMin;
@@ -70,6 +71,7 @@ library DCAPValidator {
 
         Output memory output;
         output.tcbStatus = tcbStatusToString(uint8(outputBytes[8]));
+        output.minTcbEvaluationDataNumber = uint32(bytes4(outputBytes[9:13]));
         output.sgxIntelRootCAHash = bytes32(outputBytes[19:51]);
         output.validityNotBeforeMax = uint64(bytes8(outputBytes[51:59]));
         output.validityNotAfterMin = uint64(bytes8(outputBytes[59:67]));

contracts/ILCPClientErrors.sol

@@ -62,6 +62,7 @@ interface ILCPClientErrors {
     error LCPClientZKDCAPInvalidConstructorParams();
     error LCPClientZKDCAPOutputNotValid();
     error LCPClientZKDCAPUnrecognizedTCBStatus();
+    error LCPClientZKDCAPLatestTcbEvaluationDataNumberNotSet();
     error LCPClientZKDCAPInvalidVerifierInfos();
     error LCPClientZKDCAPInvalidVerifierInfoLength();
     error LCPClientZKDCAPInvalidVerifierInfoZKVMType();
@@ -72,4 +73,5 @@ interface ILCPClientErrors {
     error LCPClientZKDCAPDisallowedTCBStatus();
     error LCPClientZKDCAPDisallowedAdvisoryID();
     error LCPClientZKDCAPUnexpectedEnclaveDebugMode();
+    error LCPClientZKDCAPUnexpectedTcbEvaluationDataNumber();
 }

contracts/LCPClientZKDCAPBase.sol

@@ -22,7 +22,11 @@ abstract contract LCPClientZKDCAPBase is LCPClientBase {
 
     // --------------------- Events ---------------------
 
-    event ZKDCAPRegisteredEnclaveKey(string clientId, address enclaveKey, uint256 expiredAt, address operator);
+    /// @dev Emitted when an enclave key from zkDCAP quote is registered.
+    event LCPClientZKDCAPRegisteredEnclaveKey(string clientId, address enclaveKey, uint256 expiredAt, address operator);
+
+    /// @dev Emitted when the latest TCB evaluation data number is updated.
+    event LCPClientZKDCAPUpdateLatestTcbEvaluationDataNumber(string clientId, uint32 tcbEvaluationDataNumber);
 
     // --------------------- Immutable fields ---------------------
 
@@ -74,23 +78,45 @@ abstract contract LCPClientZKDCAPBase is LCPClientBase {
         ClientStorage storage clientStorage = clientStorages[clientId];
         (ProtoClientState.Data memory clientState,) =
             _initializeClient(clientStorage, protoClientState, protoConsensusState);
+        if (clientState.latest_tcb_evalulation_data_number == 0) {
+            revert LCPClientZKDCAPLatestTcbEvaluationDataNumberNotSet();
+        }
         if (clientState.zkdcap_verifier_infos.length != 1) {
             revert LCPClientZKDCAPInvalidVerifierInfos();
         }
-        bytes memory verifierInfo = clientState.zkdcap_verifier_infos[0];
-        if (verifierInfo.length != 64) {
+        // Currently, the client only supports RISC Zero zkVM
+        clientStorage.zkDCAPRisc0ImageId = parseRiscZeroVerifierInfo(clientState.zkdcap_verifier_infos[0]);
+        return clientState.latest_height;
+    }
+
+    function parseRiscZeroVerifierInfo(bytes memory verifierInfo) internal pure returns (bytes32) {
+        // The verifier information for the zkDCAP
+        //
+        // The format is as follows:
+        // 0: zkVM type
+        // 1-N: arbitrary data for each zkVM type
+        //
+        // The format of the risc0 zkVM is as follows:
+        // | 0 |  1 - 31  |  32 - 64  |
+        // |---|----------|-----------|
+        // | 1 | reserved | image id  |
+        uint256 vlen = verifierInfo.length;
+        if (vlen == 0) {
             revert LCPClientZKDCAPInvalidVerifierInfoLength();
         }
+        // Currently, the client only supports RISC Zero zkVM
         if (uint8(verifierInfo[0]) != ZKVM_TYPE_RISC_ZERO) {
             revert LCPClientZKDCAPInvalidVerifierInfoZKVMType();
         }
+        if (vlen < 64) {
+            revert LCPClientZKDCAPInvalidVerifierInfoLength();
+        }
         // 32..64 bytes: image ID
         bytes32 imageId;
         assembly {
             imageId := mload(add(add(verifierInfo, 32), 32))
         }
-        clientStorage.zkDCAPRisc0ImageId = imageId;
-        return clientState.latest_height;
+        return imageId;
     }
 
     /**
@@ -131,6 +157,7 @@ abstract contract LCPClientZKDCAPBase is LCPClientBase {
         if (clientStorage.zkDCAPRisc0ImageId == bytes32(0)) {
             revert LCPClientZKDCAPRisc0ImageIdNotSet();
         }
+        ProtoClientState.Data storage clientState = clientStorage.clientState;
         // NOTE: the client must revert if the proof is invalid
         riscZeroVerifier.verify(
             message.proof, clientStorage.zkDCAPRisc0ImageId, sha256(message.quote_verification_output)
@@ -139,7 +166,7 @@ abstract contract LCPClientZKDCAPBase is LCPClientBase {
         if (output.sgxIntelRootCAHash != intelRootCAHash) {
             revert LCPClientZKDCAPUnexpectedIntelRootCAHash();
         }
-        if (output.mrenclave != bytes32(clientStorage.clientState.mrenclave)) {
+        if (output.mrenclave != bytes32(clientState.mrenclave)) {
             revert LCPClientClientStateUnexpectedMrenclave();
         }
 
@@ -162,23 +189,38 @@ abstract contract LCPClientZKDCAPBase is LCPClientBase {
             }
         }
 
-        // check if the `output.enclaveDebugEnabled` and `developmentMode` are consistent
-        if (output.enclaveDebugEnabled != developmentMode) {
-            revert LCPClientZKDCAPUnexpectedEnclaveDebugMode();
+        if (clientState.latest_tcb_evalulation_data_number < output.minTcbEvaluationDataNumber) {
+            clientState.latest_tcb_evalulation_data_number = output.minTcbEvaluationDataNumber;
+            heights = new Height.Data[](1);
+            heights[0] = clientState.latest_height;
+            emit LCPClientZKDCAPUpdateLatestTcbEvaluationDataNumber(clientId, output.minTcbEvaluationDataNumber);
+        } else if (clientState.latest_tcb_evalulation_data_number > output.minTcbEvaluationDataNumber) {
+            // NOTE: if the client allows previous TCB evaluation data number, the client should only accept the previous number
+            if (
+                !clientState.allow_previous_tcb_evalulation_data_number
+                    || clientState.latest_tcb_evalulation_data_number != output.minTcbEvaluationDataNumber + 1
+            ) {
+                revert LCPClientZKDCAPUnexpectedTcbEvaluationDataNumber();
+            }
         }
 
         // check if the validity period of the output is valid at the current block timestamp
         if (block.timestamp < output.validityNotBeforeMax || block.timestamp > output.validityNotAfterMin) {
             revert LCPClientZKDCAPOutputNotValid();
         }
 
+        // check if the `output.enclaveDebugEnabled` and `developmentMode` are consistent
+        if (output.enclaveDebugEnabled != developmentMode) {
+            revert LCPClientZKDCAPUnexpectedEnclaveDebugMode();
+        }
+
         // if `operator_signature` is empty, the operator address is zero
         address operator;
         if (message.operator_signature.length != 0) {
             operator = verifyECDSASignature(
                 keccak256(
                     LCPOperator.computeEIP712ZKDCAPRegisterEnclaveKey(
-                        clientStorage.clientState.zkdcap_verifier_infos[0], keccak256(message.quote_verification_output)
+                        clientState.zkdcap_verifier_infos[0], keccak256(message.quote_verification_output)
                     )
                 ),
                 message.operator_signature
@@ -197,15 +239,13 @@ abstract contract LCPClientZKDCAPBase is LCPClientBase {
             if (ekInfo.expiredAt != expiredAt) {
                 revert LCPClientEnclaveKeyUnexpectedExpiredAt();
             }
-            // NOTE: if the key already exists, don't update any state
             return heights;
         }
         ekInfo.expiredAt = expiredAt;
         ekInfo.operator = operator;
 
-        emit ZKDCAPRegisteredEnclaveKey(clientId, output.enclaveKey, expiredAt, operator);
+        emit LCPClientZKDCAPRegisteredEnclaveKey(clientId, output.enclaveKey, expiredAt, operator);
 
-        // Note: client and consensus state are not always updated in registerEnclaveKey
         return heights;
     }
 }

contracts/proto/ibc/lightclients/lcp/v1/LCP.sol

@@ -1440,6 +1440,8 @@ library IbcLightclientsLcpV1ClientState {
     uint64 operators_nonce;
     uint64 operators_threshold_numerator;
     uint64 operators_threshold_denominator;
+    uint32 latest_tcb_evalulation_data_number;
+    bool allow_previous_tcb_evalulation_data_number;
     bytes[] zkdcap_verifier_infos;
   }
 
@@ -1480,7 +1482,7 @@ library IbcLightclientsLcpV1ClientState {
     returns (Data memory, uint)
   {
     Data memory r;
-    uint[12] memory counters;
+    uint[15] memory counters;
     uint256 fieldId;
     ProtoBufRuntime.WireType wireType;
     uint256 bytesRead;
@@ -1520,6 +1522,12 @@ library IbcLightclientsLcpV1ClientState {
         pointer += _read_operators_threshold_denominator(pointer, bs, r);
       } else
       if (fieldId == 11) {
+        pointer += _read_latest_tcb_evalulation_data_number(pointer, bs, r);
+      } else
+      if (fieldId == 12) {
+        pointer += _read_allow_previous_tcb_evalulation_data_number(pointer, bs, r);
+      } else
+      if (fieldId == 14) {
         pointer += _read_unpacked_repeated_zkdcap_verifier_infos(pointer, bs, nil(), counters);
       } else
       {
@@ -1540,9 +1548,9 @@ library IbcLightclientsLcpV1ClientState {
       require(r.operators.length == 0);
       r.operators = new bytes[](counters[7]);
     }
-    if (counters[11] > 0) {
+    if (counters[14] > 0) {
       require(r.zkdcap_verifier_infos.length == 0);
-      r.zkdcap_verifier_infos = new bytes[](counters[11]);
+      r.zkdcap_verifier_infos = new bytes[](counters[14]);
     }
 
     while (pointer < offset + sz) {
@@ -1557,7 +1565,7 @@ library IbcLightclientsLcpV1ClientState {
       if (fieldId == 7) {
         pointer += _read_unpacked_repeated_operators(pointer, bs, r, counters);
       } else
-      if (fieldId == 11) {
+      if (fieldId == 14) {
         pointer += _read_unpacked_repeated_zkdcap_verifier_infos(pointer, bs, r, counters);
       } else
       {
@@ -1649,7 +1657,7 @@ library IbcLightclientsLcpV1ClientState {
     uint256 p,
     bytes memory bs,
     Data memory r,
-    uint[12] memory counters
+    uint[15] memory counters
   ) internal pure returns (uint) {
     /**
      * if `r` is NULL, then only counting the number of fields.
@@ -1676,7 +1684,7 @@ library IbcLightclientsLcpV1ClientState {
     uint256 p,
     bytes memory bs,
     Data memory r,
-    uint[12] memory counters
+    uint[15] memory counters
   ) internal pure returns (uint) {
     /**
      * if `r` is NULL, then only counting the number of fields.
@@ -1703,7 +1711,7 @@ library IbcLightclientsLcpV1ClientState {
     uint256 p,
     bytes memory bs,
     Data memory r,
-    uint[12] memory counters
+    uint[15] memory counters
   ) internal pure returns (uint) {
     /**
      * if `r` is NULL, then only counting the number of fields.
@@ -1769,6 +1777,40 @@ library IbcLightclientsLcpV1ClientState {
     return sz;
   }
 
+  /**
+   * @dev The decoder for reading a field
+   * @param p The offset of bytes array to start decode
+   * @param bs The bytes array to be decoded
+   * @param r The in-memory struct
+   * @return The number of bytes decoded
+   */
+  function _read_latest_tcb_evalulation_data_number(
+    uint256 p,
+    bytes memory bs,
+    Data memory r
+  ) internal pure returns (uint) {
+    (uint32 x, uint256 sz) = ProtoBufRuntime._decode_uint32(p, bs);
+    r.latest_tcb_evalulation_data_number = x;
+    return sz;
+  }
+
+  /**
+   * @dev The decoder for reading a field
+   * @param p The offset of bytes array to start decode
+   * @param bs The bytes array to be decoded
+   * @param r The in-memory struct
+   * @return The number of bytes decoded
+   */
+  function _read_allow_previous_tcb_evalulation_data_number(
+    uint256 p,
+    bytes memory bs,
+    Data memory r
+  ) internal pure returns (uint) {
+    (bool x, uint256 sz) = ProtoBufRuntime._decode_bool(p, bs);
+    r.allow_previous_tcb_evalulation_data_number = x;
+    return sz;
+  }
+
   /**
    * @dev The decoder for reading a field
    * @param p The offset of bytes array to start decode
@@ -1781,17 +1823,17 @@ library IbcLightclientsLcpV1ClientState {
     uint256 p,
     bytes memory bs,
     Data memory r,
-    uint[12] memory counters
+    uint[15] memory counters
   ) internal pure returns (uint) {
     /**
      * if `r` is NULL, then only counting the number of fields.
      */
     (bytes memory x, uint256 sz) = ProtoBufRuntime._decode_bytes(p, bs);
     if (isNil(r)) {
-      counters[11] += 1;
+      counters[14] += 1;
     } else {
-      r.zkdcap_verifier_infos[r.zkdcap_verifier_infos.length - counters[11]] = x;
-      counters[11] -= 1;
+      r.zkdcap_verifier_infos[r.zkdcap_verifier_infos.length - counters[14]] = x;
+      counters[14] -= 1;
     }
     return sz;
   }
@@ -1945,10 +1987,28 @@ library IbcLightclientsLcpV1ClientState {
     );
     pointer += ProtoBufRuntime._encode_uint64(r.operators_threshold_denominator, pointer, bs);
     }
+    if (r.latest_tcb_evalulation_data_number != 0) {
+    pointer += ProtoBufRuntime._encode_key(
+      11,
+      ProtoBufRuntime.WireType.Varint,
+      pointer,
+      bs
+    );
+    pointer += ProtoBufRuntime._encode_uint32(r.latest_tcb_evalulation_data_number, pointer, bs);
+    }
+    if (r.allow_previous_tcb_evalulation_data_number != false) {
+    pointer += ProtoBufRuntime._encode_key(
+      12,
+      ProtoBufRuntime.WireType.Varint,
+      pointer,
+      bs
+    );
+    pointer += ProtoBufRuntime._encode_bool(r.allow_previous_tcb_evalulation_data_number, pointer, bs);
+    }
     if (r.zkdcap_verifier_infos.length != 0) {
     for(i = 0; i < r.zkdcap_verifier_infos.length; i++) {
       pointer += ProtoBufRuntime._encode_key(
-        11,
+        14,
         ProtoBufRuntime.WireType.LengthDelim,
         pointer,
         bs)
@@ -2015,6 +2075,8 @@ library IbcLightclientsLcpV1ClientState {
     e += 1 + ProtoBufRuntime._sz_uint64(r.operators_nonce);
     e += 1 + ProtoBufRuntime._sz_uint64(r.operators_threshold_numerator);
     e += 1 + ProtoBufRuntime._sz_uint64(r.operators_threshold_denominator);
+    e += 1 + ProtoBufRuntime._sz_uint32(r.latest_tcb_evalulation_data_number);
+    e += 1 + 1;
     for(i = 0; i < r.zkdcap_verifier_infos.length; i++) {
       e += 1 + ProtoBufRuntime._sz_lendelim(r.zkdcap_verifier_infos[i].length);
     }
@@ -2062,6 +2124,14 @@ library IbcLightclientsLcpV1ClientState {
     return false;
   }
 
+  if (r.latest_tcb_evalulation_data_number != 0) {
+    return false;
+  }
+
+  if (r.allow_previous_tcb_evalulation_data_number != false) {
+    return false;
+  }
+
   if (r.zkdcap_verifier_infos.length != 0) {
     return false;
   }
@@ -2087,6 +2157,8 @@ library IbcLightclientsLcpV1ClientState {
     output.operators_nonce = input.operators_nonce;
     output.operators_threshold_numerator = input.operators_threshold_numerator;
     output.operators_threshold_denominator = input.operators_threshold_denominator;
+    output.latest_tcb_evalulation_data_number = input.latest_tcb_evalulation_data_number;
+    output.allow_previous_tcb_evalulation_data_number = input.allow_previous_tcb_evalulation_data_number;
     output.zkdcap_verifier_infos = input.zkdcap_verifier_infos;
 
   }