update zkdcap and fix proto definitions

bluele · bluele · commit e3f52d2ed49d · 2025-02-18T01:42:42.000+09:00
Signed-off-by: Jun Kimura &lt;jun.kimura@datachain.jp&gt;
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/app/Cargo.toml b/app/Cargo.toml
@@ -27,7 +27,7 @@ crypto = { path = "../modules/crypto" }
 keymanager = { path = "../modules/keymanager" }
 remote-attestation = { path = "../modules/remote-attestation" }
 attestation-report = { path = "../modules/attestation-report" }
-zkdcap-risc0 = { git = "https://github.com/datachainlab/zkdcap", rev = "e6fd9cf9e6ad0ff80b8e20247d1cafa6fed59c6e" }
+zkdcap-risc0 = { git = "https://github.com/datachainlab/zkdcap", rev = "54ab01c04ca8738b8568b4a6c74a493715af9d2b" }
 
 [build-dependencies]
 git2 = { version = "0.20", default-features = false }
diff --git a/modules/attestation-report/Cargo.toml b/modules/attestation-report/Cargo.toml
@@ -18,7 +18,7 @@ pem = { version = "2.0", default-features = false }
 webpki = { version = "0.22", features = ["alloc"] }
 anyhow = { version = "1", default-features = false }
 
-dcap-quote-verifier = { git = "https://github.com/datachainlab/zkdcap", rev = "e6fd9cf9e6ad0ff80b8e20247d1cafa6fed59c6e", optional = true }
+dcap-quote-verifier = { git = "https://github.com/datachainlab/zkdcap", rev = "54ab01c04ca8738b8568b4a6c74a493715af9d2b", optional = true }
 
 [dev-dependencies]
 tokio = { version = "1.0", default-features = false, features = ["macros"] }
diff --git a/modules/attestation-report/src/dcap.rs b/modules/attestation-report/src/dcap.rs
@@ -53,10 +53,10 @@ pub enum ZKVMProof {
 }
 
 impl ZKVMProof {
-    /// Returns the commit corresponding to the proof
-    pub fn commit(&self) -> &[u8] {
+    /// Returns the output of dcap-quote-verifier program executed inside the zkVM
+    pub fn output(&self) -> &[u8] {
         match self {
-            ZKVMProof::Risc0(ref proof) => &proof.commit,
+            ZKVMProof::Risc0(ref proof) => &proof.output,
         }
     }
 
@@ -81,9 +81,9 @@ pub struct Risc0ZKVMProof {
     #[serde_as(as = "serde_with::hex::Hex<serde_with::formats::Lowercase>")]
     /// A Groth16 proof for the correct execution of the guest program.
     pub seal: Vec<u8>,
-    /// The public outputs of dcap-quote-verifier program executed inside the zkVM
+    /// The output of dcap-quote-verifier program executed inside the zkVM
     #[serde_as(as = "serde_with::hex::Hex<serde_with::formats::Lowercase>")]
-    pub commit: Vec<u8>,
+    pub output: Vec<u8>,
 }
 
 impl Risc0ZKVMProof {
@@ -137,8 +137,8 @@ impl ZKDCAPQuote {
 
     /// Returns the commit corresponding to the zkVM proof
     #[cfg(feature = "std")]
-    pub fn commit(&self) -> Result<dcap_quote_verifier::verifier::VerifiedOutput, Error> {
-        dcap_quote_verifier::verifier::VerifiedOutput::from_bytes(self.zkp.commit())
+    pub fn commit(&self) -> Result<dcap_quote_verifier::verifier::QuoteVerificationOutput, Error> {
+        dcap_quote_verifier::verifier::QuoteVerificationOutput::from_bytes(self.zkp.output())
             .map_err(Error::dcap_quote_verifier)
     }
 }
diff --git a/modules/keymanager/src/lib.rs b/modules/keymanager/src/lib.rs
@@ -447,7 +447,7 @@ impl TryFrom<SealedEnclaveKeyInfo> for ProtoEnclaveKeyInfo {
                                         image_id: proof.image_id.to_vec(),
                                         selector: proof.selector.to_vec(),
                                         seal: proof.seal,
-                                        commit: proof.commit,
+                                        output: proof.output,
                                     })
                                 }
                             }),
diff --git a/modules/lcp-client/Cargo.toml b/modules/lcp-client/Cargo.toml
@@ -11,7 +11,7 @@ flex-error = { version = "0.4.4", default-features = false }
 tiny-keccak = { version = "2.0" }
 hex-literal = { version = "0.4.1" }
 alloy-sol-types = { version = "0.8", default-features = false }
-dcap-quote-verifier = { git = "https://github.com/datachainlab/zkdcap", rev = "e6fd9cf9e6ad0ff80b8e20247d1cafa6fed59c6e" }
+dcap-quote-verifier = { git = "https://github.com/datachainlab/zkdcap", rev = "54ab01c04ca8738b8568b4a6c74a493715af9d2b" }
 
 attestation-report = { path = "../attestation-report", default-features = false }
 remote-attestation = { path = "../remote-attestation", default-features = false }
diff --git a/modules/lcp-client/src/client_def.rs b/modules/lcp-client/src/client_def.rs
@@ -251,40 +251,47 @@ impl LCPClient {
             selector,
             seal,
             zkdcap_verifier_info.program_id,
-            message.commit.to_bytes(),
+            message.quote_verification_output.to_bytes(),
         )?;
 
-        let report = if let QuoteBody::SGXQuoteBody(report) = message.commit.quote_body {
-            report
-        } else {
-            return Err(Error::unexpected_quote_body());
-        };
+        let report =
+            if let QuoteBody::SGXQuoteBody(report) = message.quote_verification_output.quote_body {
+                report
+            } else {
+                return Err(Error::unexpected_quote_body());
+            };
         let report_data = ReportData(report.report_data);
 
         assert_eq!(
             report.mrenclave.as_slice(),
             client_state.mr_enclave.as_slice(),
             "mrenclave mismatch"
         );
-        assert_eq!(message.commit.quote_version, 3, "unexpected quote version");
-        assert_eq!(message.commit.tee_type, SGX_TEE_TYPE, "unexpected tee type");
         assert_eq!(
-            message.commit.sgx_intel_root_ca_hash,
+            message.quote_verification_output.quote_version, 3,
+            "unexpected quote version"
+        );
+        assert_eq!(
+            message.quote_verification_output.tee_type, SGX_TEE_TYPE,
+            "unexpected tee type"
+        );
+        assert_eq!(
+            message.quote_verification_output.sgx_intel_root_ca_hash,
             remote_attestation::dcap::INTEL_ROOT_CA_HASH,
         );
         assert!(
             message
-                .commit
+                .quote_verification_output
                 .validity
                 .validate_time(ctx.host_timestamp().as_unix_timestamp_secs()),
             "invalid validity intersection"
         );
-        let tcb_status = message.commit.tcb_status.to_string();
+        let tcb_status = message.quote_verification_output.tcb_status.to_string();
         assert!(
             tcb_status == "UpToDate" || client_state.allowed_quote_statuses.contains(&tcb_status),
             "unexpected tcb status"
         );
-        for advisory_id in message.commit.advisory_ids.iter() {
+        for advisory_id in message.quote_verification_output.advisory_ids.iter() {
             assert!(
                 client_state.allowed_advisory_ids.contains(advisory_id),
                 "unexpected advisory id"
@@ -295,7 +302,7 @@ impl LCPClient {
             verify_signature_address(
                 compute_eip712_zkdcap_register_enclave_key(
                     zkdcap_verifier_info,
-                    message.commit.hash(),
+                    message.quote_verification_output.hash(),
                 )
                 .as_ref(),
                 operator_signature.as_ref(),
@@ -310,7 +317,10 @@ impl LCPClient {
             ctx,
             &client_id,
             report_data.enclave_key(),
-            EKOperatorInfo::new(message.commit.validity.not_after_min, operator),
+            EKOperatorInfo::new(
+                message.quote_verification_output.validity.not_after_min,
+                operator,
+            ),
         );
         Ok(())
     }
diff --git a/modules/lcp-client/src/message.rs b/modules/lcp-client/src/message.rs
@@ -4,7 +4,7 @@ use crate::prelude::*;
 use alloy_sol_types::{sol, SolValue};
 use attestation_report::IASSignedReport;
 use crypto::Address;
-use dcap_quote_verifier::verifier::VerifiedOutput;
+use dcap_quote_verifier::verifier::QuoteVerificationOutput;
 use light_client::commitments::{Error as CommitmentError, EthABIEncoder, ProxyMessage};
 use light_client::types::proto::ibc::lightclients::lcp::v1::{
     RegisterEnclaveKeyMessage as RawRegisterEnclaveKeyMessage,
@@ -113,7 +113,7 @@ impl From<RegisterEnclaveKeyMessage> for RawRegisterEnclaveKeyMessage {
 #[derive(Debug, Clone, PartialEq)]
 pub struct ZKDCAPRegisterEnclaveKeyMessage {
     pub zkvm_type: ZKVMType,
-    pub commit: VerifiedOutput,
+    pub quote_verification_output: QuoteVerificationOutput,
     pub proof: Vec<u8>,
     pub operator_signature: Option<Vec<u8>>,
 }
@@ -141,8 +141,10 @@ impl TryFrom<RawZKDCAPRegisterEnclaveKeyMessage> for ZKDCAPRegisterEnclaveKeyMes
             zkvm_type: ZKVMType::from_u8(
                 u8::try_from(value.zkvm_type).map_err(Error::zk_vm_type_conversion)?,
             )?,
-            commit: VerifiedOutput::from_bytes(&value.commit)
-                .map_err(Error::dcap_quote_verifier)?,
+            quote_verification_output: QuoteVerificationOutput::from_bytes(
+                &value.quote_verification_output,
+            )
+            .map_err(Error::dcap_quote_verifier)?,
             proof: value.proof,
             operator_signature: (!value.operator_signature.is_empty())
                 .then_some(value.operator_signature),
@@ -154,7 +156,7 @@ impl From<ZKDCAPRegisterEnclaveKeyMessage> for RawZKDCAPRegisterEnclaveKeyMessag
     fn from(value: ZKDCAPRegisterEnclaveKeyMessage) -> Self {
         RawZKDCAPRegisterEnclaveKeyMessage {
             zkvm_type: value.zkvm_type as u32,
-            commit: value.commit.to_bytes(),
+            quote_verification_output: value.quote_verification_output.to_bytes(),
             proof: value.proof,
             operator_signature: value.operator_signature.unwrap_or_default(),
         }
diff --git a/modules/remote-attestation/Cargo.toml b/modules/remote-attestation/Cargo.toml
@@ -28,8 +28,8 @@ serde_json = { version = "1.0", features = ["preserve_order"] }
 rsa = { version = "0.9.2", features = ["pem"], optional = true }
 chrono = { version = "0.4.38", features = ["now"], optional = true }
 
-dcap-quote-verifier = { git = "https://github.com/datachainlab/zkdcap", rev = "e6fd9cf9e6ad0ff80b8e20247d1cafa6fed59c6e" }
-dcap-collaterals = { git = "https://github.com/datachainlab/zkdcap", rev = "e6fd9cf9e6ad0ff80b8e20247d1cafa6fed59c6e" }
+dcap-quote-verifier = { git = "https://github.com/datachainlab/zkdcap", rev = "54ab01c04ca8738b8568b4a6c74a493715af9d2b" }
+dcap-collaterals = { git = "https://github.com/datachainlab/zkdcap", rev = "54ab01c04ca8738b8568b4a6c74a493715af9d2b" }
 
 lcp-types = { path = "../types" }
 crypto = { path = "../crypto", default-features = false }
diff --git a/modules/remote-attestation/src/dcap.rs b/modules/remote-attestation/src/dcap.rs
@@ -6,7 +6,7 @@ use dcap_quote_verifier::cert::{get_x509_subject_cn, parse_certchain};
 use dcap_quote_verifier::sgx_extensions::extract_sgx_extensions;
 use dcap_quote_verifier::types::quotes::version_3::QuoteV3;
 use dcap_quote_verifier::types::utils::parse_pem;
-use dcap_quote_verifier::{collaterals::IntelCollateral, quotes::version_3::verify_quote_dcapv3};
+use dcap_quote_verifier::{collaterals::IntelCollateral, quotes::version_3::verify_quote_v3};
 use keymanager::EnclaveKeyManager;
 use lcp_types::Time;
 use log::*;
@@ -75,7 +75,7 @@ pub(crate) fn dcap_ra(
     let quote = QuoteV3::from_bytes(&raw_quote).map_err(Error::dcap_quote_verifier)?;
 
     let collateral = get_collateral(pccs_url, certs_service_url, is_early_update, &quote)?;
-    let output = verify_quote_dcapv3(&quote, &collateral, current_time.as_unix_timestamp_secs())
+    let output = verify_quote_v3(&quote, &collateral, current_time.as_unix_timestamp_secs())
         .map_err(Error::dcap_quote_verifier)?;
 
     debug!(
@@ -226,7 +226,7 @@ mod tests {
             &quote,
         )
         .unwrap();
-        let res = verify_quote_dcapv3(&quote, &collateral, Time::now().as_unix_timestamp_secs());
+        let res = verify_quote_v3(&quote, &collateral, Time::now().as_unix_timestamp_secs());
         assert!(res.is_ok(), "{:?}", res);
         let output = res.unwrap();
         assert_eq!(output.tee_type, SGX_TEE_TYPE);
diff --git a/modules/remote-attestation/src/dcap_simulation.rs b/modules/remote-attestation/src/dcap_simulation.rs
@@ -18,7 +18,7 @@ use dcap_collaterals::tcbinfo::{
 };
 use dcap_collaterals::utils::{gen_key, p256_prvkey_to_pubkey_bytes};
 use dcap_collaterals::{certs::gen_tcb_certchain, sgx_extensions::SgxExtensionsBuilder};
-use dcap_quote_verifier::quotes::version_3::verify_quote_dcapv3;
+use dcap_quote_verifier::quotes::version_3::verify_quote_v3;
 use dcap_quote_verifier::types::quotes::body::EnclaveReport;
 use dcap_quote_verifier::types::quotes::version_3::QuoteV3;
 use dcap_quote_verifier::types::Status;
@@ -166,7 +166,7 @@ pub(crate) fn dcap_ra_simulation(
         quote, collateral
     );
 
-    let output = verify_quote_dcapv3(&quote, &collateral, current_time.as_unix_timestamp_secs())
+    let output = verify_quote_v3(&quote, &collateral, current_time.as_unix_timestamp_secs())
         .map_err(Error::dcap_quote_verifier)?;
 
     Ok(DCAPRemoteAttestationResult {
diff --git a/modules/remote-attestation/src/dcap_utils.rs b/modules/remote-attestation/src/dcap_utils.rs
@@ -1,13 +1,13 @@
 use attestation_report::DCAPQuote;
 use dcap_quote_verifier::collaterals::IntelCollateral;
-use dcap_quote_verifier::verifier::VerifiedOutput;
+use dcap_quote_verifier::verifier::QuoteVerificationOutput;
 use lcp_types::proto::lcp::service::enclave::v1::DcapCollateral;
 use lcp_types::Time;
 
 #[derive(Debug)]
 pub struct DCAPRemoteAttestationResult {
     pub raw_quote: Vec<u8>,
-    pub output: VerifiedOutput,
+    pub output: QuoteVerificationOutput,
     pub collateral: IntelCollateral,
 }
 
diff --git a/modules/remote-attestation/src/zkdcap.rs b/modules/remote-attestation/src/zkdcap.rs
@@ -7,7 +7,7 @@ use crate::{
 use anyhow::anyhow;
 use attestation_report::{Risc0ZKVMProof, ZKDCAPQuote, ZKVMProof};
 use crypto::Address;
-use dcap_quote_verifier::{collaterals::IntelCollateral, verifier::VerifiedOutput};
+use dcap_quote_verifier::{collaterals::IntelCollateral, verifier::QuoteVerificationOutput};
 use keymanager::EnclaveKeyManager;
 use lcp_types::Time;
 use log::*;
@@ -166,7 +166,7 @@ fn zkdcap_ra(
         );
     }
 
-    let output = VerifiedOutput::from_bytes(&prover_info.receipt.journal.bytes)
+    let output = QuoteVerificationOutput::from_bytes(&prover_info.receipt.journal.bytes)
         .map_err(|e| Error::anyhow(anyhow!("cannot parse receipt: {}", e)))?;
 
     let quote = DCAPRemoteAttestationResult {
@@ -184,7 +184,7 @@ fn zkdcap_ra(
                     image_id: image_id.into(),
                     selector,
                     seal,
-                    commit: prover_info.receipt.journal.bytes,
+                    output: prover_info.receipt.journal.bytes,
                 }),
             )
             .into(),
diff --git a/proto/definitions/ibc/lightclients/lcp/v1/lcp.proto b/proto/definitions/ibc/lightclients/lcp/v1/lcp.proto
@@ -21,7 +21,7 @@ message RegisterEnclaveKeyMessage {
 
 message ZKDCAPRegisterEnclaveKeyMessage {
   uint32 zkvm_type = 1;
-  bytes commit = 2;
+  bytes quote_verification_output = 2;
   bytes proof = 3;
   bytes operator_signature = 4;
 }
diff --git a/proto/definitions/lcp/service/enclave/v1/query.proto b/proto/definitions/lcp/service/enclave/v1/query.proto
@@ -70,7 +70,7 @@ message Risc0ZKVMProof {
   bytes image_id = 1;
   bytes selector = 2;
   bytes seal = 3;
-  bytes commit = 4;
+  bytes output = 4;
 }
 
 message DCAPCollateral {
diff --git a/proto/src/descriptor.bin b/proto/src/descriptor.bin
diff --git a/proto/src/prost/ibc.lightclients.lcp.v1.rs b/proto/src/prost/ibc.lightclients.lcp.v1.rs
@@ -24,7 +24,7 @@ pub struct ZkdcapRegisterEnclaveKeyMessage {
     #[prost(uint32, tag = "1")]
     pub zkvm_type: u32,
     #[prost(bytes = "vec", tag = "2")]
-    pub commit: ::prost::alloc::vec::Vec<u8>,
+    pub quote_verification_output: ::prost::alloc::vec::Vec<u8>,
     #[prost(bytes = "vec", tag = "3")]
     pub proof: ::prost::alloc::vec::Vec<u8>,
     #[prost(bytes = "vec", tag = "4")]
diff --git a/proto/src/prost/lcp.service.enclave.v1.rs b/proto/src/prost/lcp.service.enclave.v1.rs
@@ -121,7 +121,7 @@ pub struct Risc0ZkvmProof {
     #[prost(bytes = "vec", tag = "3")]
     pub seal: ::prost::alloc::vec::Vec<u8>,
     #[prost(bytes = "vec", tag = "4")]
-    pub commit: ::prost::alloc::vec::Vec<u8>,
+    pub output: ::prost::alloc::vec::Vec<u8>,
 }
 #[derive(::serde::Serialize, ::serde::Deserialize)]
 #[allow(clippy::derive_partial_eq_without_eq)]
diff --git a/tests/integration/Cargo.toml b/tests/integration/Cargo.toml
@@ -35,7 +35,7 @@ attestation-report = { path = "../../modules/attestation-report" }
 keymanager = { path = "../../modules/keymanager" }
 remote-attestation = { path = "../../modules/remote-attestation" }
 
-zkdcap-risc0 = { git = "https://github.com/datachainlab/zkdcap", rev = "e6fd9cf9e6ad0ff80b8e20247d1cafa6fed59c6e" }
+zkdcap-risc0 = { git = "https://github.com/datachainlab/zkdcap", rev = "54ab01c04ca8738b8568b4a6c74a493715af9d2b" }
 
 [features]
 default = []

Original file line number	Diff line number	Diff line change
`@@ -53,10 +53,10 @@ pub enum ZKVMProof {`
`53`	`53`	`}`
`54`	`54`
`55`	`55`	`impl ZKVMProof {`
`56`		`- /// Returns the commit corresponding to the proof`
`57`		`- pub fn commit(&self) -> &[u8] {`
	`56`	`+ /// Returns the output of dcap-quote-verifier program executed inside the zkVM`
	`57`	`+ pub fn output(&self) -> &[u8] {`
`58`	`58`	`match self {`
`59`		`- ZKVMProof::Risc0(ref proof) => &proof.commit,`
	`59`	`+ ZKVMProof::Risc0(ref proof) => &proof.output,`
`60`	`60`	`}`
`61`	`61`	`}`
`62`	`62`
`@@ -81,9 +81,9 @@ pub struct Risc0ZKVMProof {`
`81`	`81`	`#[serde_as(as = "serde_with::hex::Hex<serde_with::formats::Lowercase>")]`
`82`	`82`	`/// A Groth16 proof for the correct execution of the guest program.`
`83`	`83`	`pub seal: Vec<u8>,`
`84`		`- /// The public outputs of dcap-quote-verifier program executed inside the zkVM`
	`84`	`+ /// The output of dcap-quote-verifier program executed inside the zkVM`
`85`	`85`	`#[serde_as(as = "serde_with::hex::Hex<serde_with::formats::Lowercase>")]`
`86`		`- pub commit: Vec<u8>,`
	`86`	`+ pub output: Vec<u8>,`
`87`	`87`	`}`
`88`	`88`
`89`	`89`	`impl Risc0ZKVMProof {`
`@@ -137,8 +137,8 @@ impl ZKDCAPQuote {`
`137`	`137`
`138`	`138`	`/// Returns the commit corresponding to the zkVM proof`
`139`	`139`	`#[cfg(feature = "std")]`
`140`		`- pub fn commit(&self) -> Result<dcap_quote_verifier::verifier::VerifiedOutput, Error> {`
`141`		`- dcap_quote_verifier::verifier::VerifiedOutput::from_bytes(self.zkp.commit())`
	`140`	`+ pub fn commit(&self) -> Result<dcap_quote_verifier::verifier::QuoteVerificationOutput, Error> {`
	`141`	`+ dcap_quote_verifier::verifier::QuoteVerificationOutput::from_bytes(self.zkp.output())`
`142`	`142`	`.map_err(Error::dcap_quote_verifier)`
`143`	`143`	`}`
`144`	`144`	`}`
Original file line number	Diff line number	Diff line change
`@@ -447,7 +447,7 @@ impl TryFrom<SealedEnclaveKeyInfo> for ProtoEnclaveKeyInfo {`
`447`	`447`	`image_id: proof.image_id.to_vec(),`
`448`	`448`	`selector: proof.selector.to_vec(),`
`449`	`449`	`seal: proof.seal,`
`450`		`- commit: proof.commit,`
	`450`	`+ output: proof.output,`
`451`	`451`	`})`
`452`	`452`	`}`
`453`	`453`	`}),`