zama-ai
diff --git a/‎host-contracts/.env.example‎
Lines changed: 6 additions & 1 deletion b/‎host-contracts/.env.example‎
Lines changed: 6 additions & 1 deletion
diff --git a/‎host-contracts/contracts/KMSGeneration.sol‎
Lines changed: 1021 additions & 0 deletions b/‎host-contracts/contracts/KMSGeneration.sol‎
Lines changed: 1021 additions & 0 deletions
diff --git a/‎host-contracts/contracts/ProtocolConfig.sol‎
Lines changed: 342 additions & 0 deletions b/‎host-contracts/contracts/ProtocolConfig.sol‎
Lines changed: 342 additions & 0 deletions
@@ -6,7 +6,12 @@ INPUT_VERIFICATION_ADDRESS="0x812b06e1CDCE800494b79fFE4f925A504a9A9810"
 NUM_KMS_NODES="1"
 # In practice, the `PUBLIC_DECRYPTION_THRESHOLD` is currently set to `floor(n/2) + 1` with `n`` the number of KMS nodes
 PUBLIC_DECRYPTION_THRESHOLD="1"
+USER_DECRYPTION_THRESHOLD="1"
+KMS_GEN_THRESHOLD="1"
+MPC_THRESHOLD="1"
 COPROCESSOR_THRESHOLD="1"
+KMS_TX_SENDER_ADDRESS_0="0xa44366bAA26296c1409AD1e284264212029F02f1" # account[2] (tx sender for KMS node 0)
+KMS_NODE_STORAGE_URL_0="s3://kms-bucket-0"
 KMS_SIGNER_ADDRESS_0="0x9FE8958A2920985AC7ab8d320fDFaB310135a05B" # account[7] (account[6] is the relayer)
 KMS_SIGNER_ADDRESS_1="0x466f26442DD182C9A1b018Cd06671F9791DdE8Ef" # account[8]
 KMS_SIGNER_ADDRESS_2="0xc45994e4098271c3140117ebD5c74C70dd56D9cd" # account[9]
@@ -43,4 +48,4 @@ PAUSER_PRIVATE_KEY="0x7ae52cf0d3011ef7fecbe22d9537aeda1a9e42a0596e8def5d49970eb5
 
 # This is the private key of the targeted new owner EAO, used to accept the ownership of the host 
 # contracts in case it is not directly transferred to a multisig account.
-NEW_OWNER_PRIVATE_KEY="0x7ae52cf0d3011ef7fecbe22d9537aeda1a9e42a0596e8def5d49970eb59e7a40" # accounts[2], private key (bytes32)
+NEW_OWNER_PRIVATE_KEY="0x7ae52cf0d3011ef7fecbe22d9537aeda1a9e42a0596e8def5d49970eb59e7a40" # accounts[2], private key (bytes32)
@@ -0,0 +1,342 @@
+// SPDX-License-Identifier: BSD-3-Clause-Clear
+pragma solidity ^0.8.24;
+
+import {IProtocolConfig} from "./interfaces/IProtocolConfig.sol";
+import {IKMSGeneration} from "./interfaces/IKMSGeneration.sol";
+import {KmsNode} from "./shared/Structs.sol";
+import {kmsGenerationAdd} from "../addresses/FHEVMHostAddresses.sol";
+import {UUPSUpgradeableEmptyProxy} from "./shared/UUPSUpgradeableEmptyProxy.sol";
+import {ACLOwnable} from "./shared/ACLOwnable.sol";
+import {Strings} from "@openzeppelin/contracts/utils/Strings.sol";
+
+/**
+ * @title ProtocolConfig
+ * @notice Manages KMS node sets, thresholds, and context lifecycle on the Ethereum host chain.
+ */
+contract ProtocolConfig is IProtocolConfig, UUPSUpgradeableEmptyProxy, ACLOwnable {
+    // -----------------------------------------------------------------------------------------
+    // Contract information
+    // -----------------------------------------------------------------------------------------
+
+    string private constant CONTRACT_NAME = "ProtocolConfig";
+    uint256 private constant MAJOR_VERSION = 0;
+    uint256 private constant MINOR_VERSION = 1;
+    uint256 private constant PATCH_VERSION = 0;
+
+    /// @dev Shared between `initializeFromEmptyProxy` and `initializeFromMigration`.
+    uint64 private constant REINITIALIZER_VERSION = 2;
+
+    /// @notice Base value for KMS context IDs. Format: [0x07 type tag | 31 counter bytes].
+    uint256 private constant KMS_CONTEXT_COUNTER_BASE = uint256(0x07) << 248;
+
+    /// @notice Canonical KMSGeneration proxy used for the in-flight guard.
+    IKMSGeneration private constant KMS_GENERATION = IKMSGeneration(kmsGenerationAdd);
+
+    // -----------------------------------------------------------------------------------------
+    // ERC-7201 namespaced storage
+    // -----------------------------------------------------------------------------------------
+
+    /// @custom:storage-location erc7201:fhevm.storage.ProtocolConfig
+    struct ProtocolConfigStorage {
+        /// @notice Current KMS context ID counter.
+        uint256 currentKmsContextId;
+        /// @notice KMS nodes per context.
+        mapping(uint256 contextId => KmsNode[]) contextKmsNodes;
+        /// @notice Tx sender lookup per context.
+        mapping(uint256 contextId => mapping(address => bool)) contextIsKmsTxSender;
+        /// @notice Signer lookup per context.
+        mapping(uint256 contextId => mapping(address => bool)) contextIsKmsSigner;
+        /// @notice KmsNode by tx sender per context.
+        mapping(uint256 contextId => mapping(address => KmsNode)) contextKmsNodeByTxSender;
+        /// @notice Signer addresses per context (for ordered iteration).
+        mapping(uint256 contextId => address[]) contextSigners;
+        /// @notice Public decryption threshold per context.
+        mapping(uint256 contextId => uint256) contextPublicDecryptionThreshold;
+        /// @notice User decryption threshold per context.
+        mapping(uint256 contextId => uint256) contextUserDecryptionThreshold;
+        /// @notice KmsGen threshold per context.
+        mapping(uint256 contextId => uint256) contextKmsGenThreshold;
+        /// @notice MPC threshold per context.
+        mapping(uint256 contextId => uint256) contextMpcThreshold;
+        /// @notice Whether a context has been destroyed.
+        mapping(uint256 contextId => bool) destroyedContexts;
+    }
+
+    /// @dev keccak256(abi.encode(uint256(keccak256("fhevm.storage.ProtocolConfig")) - 1)) & ~bytes32(uint256(0xff))
+    bytes32 private constant PROTOCOL_CONFIG_STORAGE_LOCATION =
+        0x80f3585af86806c5774303b06c1ee640aa83b6ef3e45df49bb26c8524500c200;
+
+    function _getProtocolConfigStorage() internal pure returns (ProtocolConfigStorage storage $) {
+        assembly {
+            $.slot := PROTOCOL_CONFIG_STORAGE_LOCATION
+        }
+    }
+
+    // -----------------------------------------------------------------------------------------
+    // Constructor
+    // -----------------------------------------------------------------------------------------
+
+    /// @custom:oz-upgrades-unsafe-allow constructor
+    constructor() {
+        _disableInitializers();
+    }
+
+    // -----------------------------------------------------------------------------------------
+    // Initialization
+    // -----------------------------------------------------------------------------------------
+
+    /**
+     * @notice Fresh deploy initializer: creates the first KMS context.
+     * @param initialKmsNodes The initial KMS node set.
+     * @param initialThresholds The initial thresholds.
+     */
+    /// @custom:oz-upgrades-validate-as-initializer
+    function initializeFromEmptyProxy(
+        KmsNode[] calldata initialKmsNodes,
+        KmsThresholds calldata initialThresholds
+    ) public virtual onlyFromEmptyProxy reinitializer(REINITIALIZER_VERSION) {
+        ProtocolConfigStorage storage $ = _getProtocolConfigStorage();
+        $.currentKmsContextId = KMS_CONTEXT_COUNTER_BASE;
+        _defineKmsContext(initialKmsNodes, initialThresholds);
+    }
+
+    /**
+     * @notice Migration initializer: seeds the migrated context from an existing KMSVerifier state.
+     * @param existingContextId The context ID from the old KMSVerifier to preserve. The counter is
+     *        seeded to `existingContextId - 1` so that `_defineKmsContext` increments to the exact
+     *        old ID, preserving context continuity for downstream readers.
+     * @param existingKmsNodes The existing KMS node set to migrate.
+     * @param existingThresholds The existing thresholds to migrate.
+     */
+    /// @custom:oz-upgrades-unsafe-allow missing-initializer-call
+    /// @custom:oz-upgrades-validate-as-initializer
+    function initializeFromMigration(
+        uint256 existingContextId,
+        KmsNode[] calldata existingKmsNodes,
+        KmsThresholds calldata existingThresholds
+    ) public virtual onlyACLOwner reinitializer(REINITIALIZER_VERSION) {
+        if (existingContextId < KMS_CONTEXT_COUNTER_BASE + 1) {
+            revert InvalidKmsContext(existingContextId);
+        }
+
+        ProtocolConfigStorage storage $ = _getProtocolConfigStorage();
+        // Seed counter so _defineKmsContext's ++counter lands on the original context ID
+        $.currentKmsContextId = existingContextId - 1;
+        _defineKmsContext(existingKmsNodes, existingThresholds);
+    }
+
+    // -----------------------------------------------------------------------------------------
+    // State-changing functions
+    // -----------------------------------------------------------------------------------------
+
+    /// @inheritdoc IProtocolConfig
+    function defineNewKmsContext(
+        KmsNode[] calldata kmsNodes,
+        KmsThresholds calldata thresholds
+    ) external virtual onlyACLOwner {
+        // Block context creation if the canonical KMSGeneration proxy has a key management request in flight.
+        if (KMS_GENERATION.hasPendingKeyManagementRequest()) {
+            revert KeyManagementRequestInFlight();
+        }
+
+        _defineKmsContext(kmsNodes, thresholds);
+    }
+
+    /// @inheritdoc IProtocolConfig
+    function destroyKmsContext(uint256 kmsContextId) external virtual onlyACLOwner {
+        ProtocolConfigStorage storage $ = _getProtocolConfigStorage();
+
+        if (kmsContextId == $.currentKmsContextId) {
+            revert CurrentKmsContextCannotBeDestroyed(kmsContextId);
+        }
+        if (!_isValidKmsContext(kmsContextId)) {
+            revert InvalidKmsContext(kmsContextId);
+        }
+
+        $.destroyedContexts[kmsContextId] = true;
+        emit KmsContextDestroyed(kmsContextId);
+    }
+
+    // -----------------------------------------------------------------------------------------
+    // View functions
+    // -----------------------------------------------------------------------------------------
+
+    /// @inheritdoc IProtocolConfig
+    function getCurrentKmsContextId() external view virtual returns (uint256) {
+        return _getProtocolConfigStorage().currentKmsContextId;
+    }
+
+    /// @inheritdoc IProtocolConfig
+    function isValidKmsContext(uint256 kmsContextId) external view virtual returns (bool) {
+        return _isValidKmsContext(kmsContextId);
+    }
+
+    /// @inheritdoc IProtocolConfig
+    function getKmsSignersForContext(uint256 kmsContextId) external view virtual returns (address[] memory) {
+        _requireValidContext(kmsContextId);
+        return _getProtocolConfigStorage().contextSigners[kmsContextId];
+    }
+
+    /// @inheritdoc IProtocolConfig
+    function isKmsSignerForContext(uint256 kmsContextId, address signer) external view virtual returns (bool) {
+        _requireValidContext(kmsContextId);
+        return _getProtocolConfigStorage().contextIsKmsSigner[kmsContextId][signer];
+    }
+
+    /// @inheritdoc IProtocolConfig
+    function getKmsNodesForContext(uint256 kmsContextId) external view virtual returns (KmsNode[] memory) {
+        _requireValidContext(kmsContextId);
+        return _getProtocolConfigStorage().contextKmsNodes[kmsContextId];
+    }
+
+    /// @inheritdoc IProtocolConfig
+    function isKmsTxSenderForContext(uint256 kmsContextId, address txSender) external view virtual returns (bool) {
+        _requireValidContext(kmsContextId);
+        return _getProtocolConfigStorage().contextIsKmsTxSender[kmsContextId][txSender];
+    }
+
+    /// @inheritdoc IProtocolConfig
+    function getKmsNodeForContext(
+        uint256 kmsContextId,
+        address txSender
+    ) external view virtual returns (KmsNode memory) {
+        _requireValidContext(kmsContextId);
+        return _getProtocolConfigStorage().contextKmsNodeByTxSender[kmsContextId][txSender];
+    }
+
+    /// @inheritdoc IProtocolConfig
+    function getPublicDecryptionThreshold() external view virtual returns (uint256) {
+        ProtocolConfigStorage storage $ = _getProtocolConfigStorage();
+        return $.contextPublicDecryptionThreshold[$.currentKmsContextId];
+    }
+
+    /// @inheritdoc IProtocolConfig
+    function getUserDecryptionThreshold() external view virtual returns (uint256) {
+        ProtocolConfigStorage storage $ = _getProtocolConfigStorage();
+        return $.contextUserDecryptionThreshold[$.currentKmsContextId];
+    }
+
+    /// @inheritdoc IProtocolConfig
+    function getKmsGenThreshold() external view virtual returns (uint256) {
+        ProtocolConfigStorage storage $ = _getProtocolConfigStorage();
+        return $.contextKmsGenThreshold[$.currentKmsContextId];
+    }
+
+    /// @inheritdoc IProtocolConfig
+    function getMpcThreshold() external view virtual returns (uint256) {
+        ProtocolConfigStorage storage $ = _getProtocolConfigStorage();
+        return $.contextMpcThreshold[$.currentKmsContextId];
+    }
+
+    /// @inheritdoc IProtocolConfig
+    function getVersion() external pure virtual returns (string memory) {
+        return
+            string(
+                abi.encodePacked(
+                    CONTRACT_NAME,
+                    " v",
+                    Strings.toString(MAJOR_VERSION),
+                    ".",
+                    Strings.toString(MINOR_VERSION),
+                    ".",
+                    Strings.toString(PATCH_VERSION)
+                )
+            );
+    }
+
+    // -----------------------------------------------------------------------------------------
+    // Internal
+    // -----------------------------------------------------------------------------------------
+
+    /**
+     * @dev Creates a new KMS context, validates nodes and thresholds, and stores them.
+     */
+    function _defineKmsContext(
+        KmsNode[] calldata kmsNodes,
+        KmsThresholds calldata thresholds
+    ) internal virtual returns (uint256 newContextId) {
+        if (kmsNodes.length == 0) {
+            revert EmptyKmsNodes();
+        }
+
+        _validateThresholds(thresholds, kmsNodes.length);
+
+        ProtocolConfigStorage storage $ = _getProtocolConfigStorage();
+        newContextId = ++$.currentKmsContextId;
+
+        for (uint256 i = 0; i < kmsNodes.length; i++) {
+            KmsNode calldata node = kmsNodes[i];
+
+            if (node.txSenderAddress == address(0)) {
+                revert KmsNodeNullTxSender();
+            }
+            if (node.signerAddress == address(0)) {
+                revert KmsNodeNullSigner();
+            }
+            if ($.contextIsKmsTxSender[newContextId][node.txSenderAddress]) {
+                revert KmsTxSenderAlreadyRegistered(node.txSenderAddress);
+            }
+            if ($.contextIsKmsSigner[newContextId][node.signerAddress]) {
+                revert KmsSignerAlreadyRegistered(node.signerAddress);
+            }
+
+            $.contextKmsNodes[newContextId].push(node);
+            $.contextIsKmsTxSender[newContextId][node.txSenderAddress] = true;
+            $.contextIsKmsSigner[newContextId][node.signerAddress] = true;
+            $.contextKmsNodeByTxSender[newContextId][node.txSenderAddress] = node;
+            $.contextSigners[newContextId].push(node.signerAddress);
+        }
+
+        $.contextPublicDecryptionThreshold[newContextId] = thresholds.publicDecryption;
+        $.contextUserDecryptionThreshold[newContextId] = thresholds.userDecryption;
+        $.contextKmsGenThreshold[newContextId] = thresholds.kmsGen;
+        $.contextMpcThreshold[newContextId] = thresholds.mpc;
+
+        emit NewKmsContext(newContextId, kmsNodes, thresholds);
+    }
+
+    /**
+     * @dev Validates that thresholds are non-zero and not exceeding the node count.
+     */
+    function _validateThresholds(KmsThresholds calldata thresholds, uint256 nodeCount) internal pure virtual {
+        _checkThreshold("publicDecryption", thresholds.publicDecryption, nodeCount);
+        _checkThreshold("userDecryption", thresholds.userDecryption, nodeCount);
+        _checkThreshold("kmsGen", thresholds.kmsGen, nodeCount);
+        _checkThreshold("mpc", thresholds.mpc, nodeCount);
+    }
+
+    /**
+     * @dev Validates a single threshold: must be non-zero and at most nodeCount.
+     */
+    function _checkThreshold(string memory name, uint256 value, uint256 nodeCount) internal pure {
+        if (value == 0) revert InvalidNullThreshold(name);
+        if (value > nodeCount) revert InvalidHighThreshold(name, value, nodeCount);
+    }
+
+    /**
+     * @dev Checks whether a context ID is in range, has nodes, and is not destroyed.
+     */
+    function _isValidKmsContext(uint256 kmsContextId) internal view virtual returns (bool) {
+        ProtocolConfigStorage storage $ = _getProtocolConfigStorage();
+        // A valid context must be in the allocated range and have at least one stored node.
+        // The node check also keeps migration gap IDs invalid when initializeFromMigration
+        // preserves a legacy context ID above BASE + 1.
+        return
+            kmsContextId >= KMS_CONTEXT_COUNTER_BASE + 1 &&
+            kmsContextId <= $.currentKmsContextId &&
+            $.contextKmsNodes[kmsContextId].length != 0 &&
+            !$.destroyedContexts[kmsContextId];
+    }
+
+    function _requireValidContext(uint256 kmsContextId) internal view virtual {
+        if (!_isValidKmsContext(kmsContextId)) {
+            revert InvalidKmsContext(kmsContextId);
+        }
+    }
+
+    /**
+     * @dev Authorization for UUPS upgrades.
+     */
+    // solhint-disable-next-line no-empty-blocks
+    function _authorizeUpgrade(address _newImplementation) internal virtual override onlyACLOwner {}
+}