add latest_tcb_evalulation_data_number and allow_previous_tcb_evalulation_data_number to client state of the LCP client

Signed-off-by: Jun Kimura <jun.kimura@datachain.jp>

Author: bluele

modules/lcp-client/src/client_def.rs

@@ -10,6 +10,7 @@ use attestation_report::{IASSignedReport, ReportData};
 use crypto::{verify_signature_address, Address, Keccak256};
 use dcap_quote_verifier::types::quotes::body::QuoteBody;
 use dcap_quote_verifier::types::SGX_TEE_TYPE;
+use dcap_quote_verifier::verifier::Status;
 use hex_literal::hex;
 use light_client::commitments::{
     CommitmentPrefix, EthABIEncoder, MisbehaviourProxyMessage, ProxyMessage,
@@ -246,52 +247,72 @@ impl LCPClient {
         let zkdcap_verifier_info = &client_state.zkdcap_verifier_infos[0];
         assert!(message.zkvm_type == ZKVMType::Risc0);
         let (selector, seal) = message.risc0_seal_selector()?;
+        let output = message.quote_verification_output;
 
         zkvm::verifier::verify_groth16_proof(
             selector,
             seal,
             zkdcap_verifier_info.program_id,
-            message.quote_verification_output.to_bytes(),
+            output.to_bytes(),
         )?;
 
-        let report =
-            if let QuoteBody::SGXQuoteBody(report) = message.quote_verification_output.quote_body {
-                report
-            } else {
-                return Err(Error::unexpected_quote_body());
-            };
+        let report = if let QuoteBody::SGXQuoteBody(report) = output.quote_body {
+            report
+        } else {
+            return Err(Error::unexpected_quote_body());
+        };
         let report_data = ReportData(report.report_data);
 
         assert_eq!(
             report.mrenclave.as_slice(),
             client_state.mr_enclave.as_slice(),
             "mrenclave mismatch"
         );
+        assert_eq!(output.quote_version, 3, "unexpected quote version");
+        assert_eq!(output.tee_type, SGX_TEE_TYPE, "unexpected tee type");
         assert_eq!(
-            message.quote_verification_output.quote_version, 3,
-            "unexpected quote version"
-        );
-        assert_eq!(
-            message.quote_verification_output.tee_type, SGX_TEE_TYPE,
-            "unexpected tee type"
-        );
-        assert_eq!(
-            message.quote_verification_output.sgx_intel_root_ca_hash,
+            output.sgx_intel_root_ca_hash,
             remote_attestation::dcap::INTEL_ROOT_CA_HASH,
         );
+
+        #[allow(clippy::comparison_chain)]
+        #[allow(clippy::assertions_on_constants)]
+        let new_client_state = if client_state.latest_tcb_evaluation_data_number
+            < output.min_tcb_evaluation_data_number
+        {
+            Some(ClientState {
+                latest_tcb_evaluation_data_number: output.min_tcb_evaluation_data_number,
+                ..client_state.clone()
+            })
+        } else if client_state.latest_tcb_evaluation_data_number
+            > output.min_tcb_evaluation_data_number
+        {
+            if !client_state.allow_previous_tcb_evaluation_data_number
+                || client_state.latest_tcb_evaluation_data_number
+                    != output.min_tcb_evaluation_data_number + 1
+            {
+                assert!(false, "unexpected tcb evaluation data number");
+            }
+            None
+        } else {
+            None
+        };
+
         assert!(
-            message
-                .quote_verification_output
+            output
                 .validity
                 .validate_time(ctx.host_timestamp().as_unix_timestamp_secs()),
             "invalid validity intersection"
         );
-        let tcb_status = message.quote_verification_output.status.to_string();
+
         assert!(
-            tcb_status == "UpToDate" || client_state.allowed_quote_statuses.contains(&tcb_status),
+            output.status == Status::Ok
+                || client_state
+                    .allowed_quote_statuses
+                    .contains(&output.status.to_string()),
             "unexpected tcb status"
         );
-        for advisory_id in message.quote_verification_output.advisory_ids.iter() {
+        for advisory_id in output.advisory_ids.iter() {
             assert!(
                 client_state.allowed_advisory_ids.contains(advisory_id),
                 "unexpected advisory id"
@@ -302,7 +323,7 @@ impl LCPClient {
             verify_signature_address(
                 compute_eip712_zkdcap_register_enclave_key(
                     zkdcap_verifier_info,
-                    keccak256(&message.quote_verification_output.to_bytes()),
+                    keccak256(&output.to_bytes()),
                 )
                 .as_ref(),
                 operator_signature.as_ref(),
@@ -317,11 +338,11 @@ impl LCPClient {
             ctx,
             &client_id,
             report_data.enclave_key(),
-            EKOperatorInfo::new(
-                message.quote_verification_output.validity.not_after_min,
-                operator,
-            ),
+            EKOperatorInfo::new(output.validity.not_after_min, operator),
         );
+        if let Some(new_client_state) = new_client_state {
+            ctx.store_any_client_state(client_id, new_client_state.into())?;
+        }
         Ok(())
     }
 
@@ -566,16 +587,16 @@ pub fn compute_eip712_register_enclave_key_hash(avr: &str) -> [u8; 32] {
 
 pub fn compute_eip712_zkdcap_register_enclave_key(
     zkdcap_verifier_info: &ZKDCAPVerifierInfo,
-    commit_hash: [u8; 32],
+    output_hash: [u8; 32],
 ) -> Vec<u8> {
-    // 0x1901 | DOMAIN_SEPARATOR_ZKDCAP_REGISTER_ENCLAVE_KEY | keccak256(keccak256("ZKDCAPRegisterEnclaveKey(bytes zkDCAPVerifierInfo,bytes32 commitHash)") | keccak256(zkdcap_verifier_info) | commit_hash)
+    // 0x1901 | DOMAIN_SEPARATOR_ZKDCAP_REGISTER_ENCLAVE_KEY | keccak256(keccak256("ZKDCAPRegisterEnclaveKey(bytes zkDCAPVerifierInfo,bytes32 outputHash)") | keccak256(zkdcap_verifier_info) | output_hash)
     let type_hash = {
         let mut h = Keccak::v256();
         h.update(&keccak256(
-            b"ZKDCAPRegisterEnclaveKey(bytes zkDCAPVerifierInfo,bytes32 commitHash)",
+            b"ZKDCAPRegisterEnclaveKey(bytes zkDCAPVerifierInfo,bytes32 outputHash)",
         ));
         h.update(&keccak256(zkdcap_verifier_info.to_bytes().as_ref()));
-        h.update(&commit_hash);
+        h.update(&output_hash);
         let mut result = [0u8; 32];
         h.finalize(result.as_mut());
         result

modules/lcp-client/src/client_state.rs

@@ -28,6 +28,8 @@ pub struct ClientState {
     pub operators_nonce: u64,
     pub operators_threshold_numerator: u64,
     pub operators_threshold_denominator: u64,
+    pub latest_tcb_evaluation_data_number: u32,
+    pub allow_previous_tcb_evaluation_data_number: bool,
     pub zkdcap_verifier_infos: Vec<ZKDCAPVerifierInfo>,
 }
 
@@ -131,6 +133,9 @@ impl From<ClientState> for RawClientState {
             operators_nonce: 0,
             operators_threshold_numerator: 0,
             operators_threshold_denominator: 0,
+            latest_tcb_evalulation_data_number: value.latest_tcb_evaluation_data_number,
+            allow_previous_tcb_evalulation_data_number: value
+                .allow_previous_tcb_evaluation_data_number,
             zkdcap_verifier_infos: value
                 .zkdcap_verifier_infos
                 .iter()
@@ -160,6 +165,9 @@ impl TryFrom<RawClientState> for ClientState {
             operators_nonce: raw.operators_nonce,
             operators_threshold_numerator: raw.operators_threshold_numerator,
             operators_threshold_denominator: raw.operators_threshold_denominator,
+            latest_tcb_evaluation_data_number: raw.latest_tcb_evalulation_data_number,
+            allow_previous_tcb_evaluation_data_number: raw
+                .allow_previous_tcb_evalulation_data_number,
             zkdcap_verifier_infos: raw
                 .zkdcap_verifier_infos
                 .into_iter()

proto/definitions/ibc/lightclients/lcp/v1/lcp.proto

@@ -8,61 +8,107 @@ option go_package = "github.com/datachainlab/lcp/go/light-clients/lcp/types";
 option (gogoproto.goproto_getters_all) = false;
 
 message UpdateClientMessage {
+  // A message generated by the LCP node running on the target platform
   bytes proxy_message = 1;
+  // Signatures of the proxy message by the LCP node
   repeated bytes signatures = 2;
 }
 
+// A message to verify IAS report and signature for the enclave key registration
 message RegisterEnclaveKeyMessage {
+  // IAS report
   bytes report = 1;
+  // A signature of the IAS report by the IAS signing key
   bytes signature = 2;
+  // A certificate of the IAS signing key
   bytes signing_cert = 3;
+  // An operator's signature of the EIP-712 message `RegisterEnclaveKey`
   bytes operator_signature = 4;
 }
 
+// A message to verify zkDCAP output and proof for the enclave key registration
 message ZKDCAPRegisterEnclaveKeyMessage {
+  // A type of zkVM generated the `quote_verification_output` and `proof`
   uint32 zkvm_type = 1;
+  // An output of the zkDCAP program that verifies the quote
   bytes quote_verification_output = 2;
+  // A proof of the zkVM generated the `quote_verification_output`
   bytes proof = 3;
+  // An operator's signature of the EIP-712 message `ZKDCAPRegisterEnclaveKey`
   bytes operator_signature = 4;
 }
 
 message UpdateOperatorsMessage {
+  // A nonce for this operators update
   uint64 nonce = 1;
+  // A list of new operators
   repeated bytes new_operators = 2;
+  // A numerator of the threshold of signatures required for new operators
   uint64 new_operators_threshold_numerator = 3;
+  // A denominator of the threshold of signatures required for new operators
   uint64 new_operators_threshold_denominator = 4;
+  // Signatures of the EIP-712 message `UpdateOperators` by the current operators
   repeated bytes signatures = 5;
 }
 
 message ClientState {
+  // The MRENCLAVE of the enclave in running on the target platform
   bytes mrenclave = 1;
-  // enclave key's expiration from the remote attestation time in seconds
+  // An enclave key's expiration period from the remote attestation time in seconds
   //
-  // If the key is got from the DCAP/zkDCAP's quote, it should be the collateral's expiration time instead.
+  // This is only used for the IAS.
   uint64 key_expiration = 2;
+  // Whether the client is frozen
   bool frozen = 3;
+  // The height of the latest consensus state that the client has tracked
   ibc.core.client.v1.Height latest_height = 4 [(gogoproto.nullable) = false];
-  // e.g. SW_HARDENING_NEEDED, CONFIGURATION_AND_SW_HARDENING_NEEDED (except "OK")
+  // The quote statuses of the target enclave that the client allows
+  //
+  // e.g. IAS: SW_HARDENING_NEEDED, CONFIGURATION_AND_SW_HARDENING_NEEDED
+  //      DCAP: SWHardeningNeeded, ConfigurationAndSWHardeningNeeded
   repeated string allowed_quote_statuses = 5;
-  // e.g. INTEL-SA-XXXXX
+  // Security Advisory IDs that the client allows
+  //
+  // e.g. INTEL-SA-00001, INTEL-SA-00002
   repeated string allowed_advisory_ids = 6;
+  // A list of addresses of LCP Operators corresponding to this client.
+  //
+  // Please check LCP operator details: <https://docs.lcp.network/protocol/lcp-client#lcp-operator>
   repeated bytes operators = 7;
+  // A current nonce for the operators update
   uint64 operators_nonce = 8;
+  // The numerator of the threshold of the signature number for the operators update
   uint64 operators_threshold_numerator = 9;
+  // The denominator of the threshold of the signature number for the operators update
   uint64 operators_threshold_denominator = 10;
-  // An optional field to store the verifier info for zkDCAP
+  // The latest TCB evaluation data number
+  //
+  // The client updates the number when receiving TCB evaluation data whose number is greater than the current number.
+  uint32 latest_tcb_evalulation_data_number = 11;
+  // Whether to allow the previous TCB evaluation data number
   //
-  // if empty, the zkDCAP is not enabled
-  // otherwise, the zkDCAP is enabled
-  // The layout of each element is as follows:
-  // 0: zkVM type (e.g. 1 for risc0)
-  // 1-31: reserved
-  // 32-64: guest program identifier
-  repeated bytes zkdcap_verifier_infos = 11;
+  // If this is true, the client will accept the previous TCB evaluation data number (i.e., `latest_tcb_evalulation_data_number` - 1).
+  // Otherwise, the client will only accept the latest TCB evaluation data number or greater.
+  bool allow_previous_tcb_evalulation_data_number = 12;
+  // The zkVM verifier information for the zkDCAP
+  //
+  // The format is as follows:
+  // 0: zkVM type
+  // 1-N: arbitrary data for each zkVM type
+  //
+  // zkVM type:
+  // 0: unspecified
+  // 1: risc0
+  repeated bytes zkdcap_verifier_infos = 14;
 }
 
 message ConsensusState {
+  // An identifier that uniquely indicates the state of the ELC corresponding to a certain height.
+  //
+  // Please check the state ID details: <https://docs.lcp.network/protocol/elc#state-id>
   bytes state_id = 1;
+  // A timestamp of the target chain's block corresponding to the consensus height
+  //
   // unix timestamp in seconds
   uint64 timestamp = 2;
 }