Skip to content

Commit 5f2a07b

Browse files
obatirouobatirou
authored
feat(host-contracts): implement context-aware KMSVerifier (#2028)
1 parent 2458fa9 commit 5f2a07b

File tree

9 files changed

+2470
-253
lines changed

9 files changed

+2470
-253
lines changed

host-contracts/contracts/KMSVerifier.sol

Lines changed: 215 additions & 57 deletions
Large diffs are not rendered by default.

host-contracts/docs/contract_selectors.txt

Lines changed: 20 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -648,10 +648,18 @@ KMSVerifier
648648
|----------+------------------------------------------------------------+--------------------------------------------------------------------|
649649
| Function | defineNewContext(address[],uint256) | 0xda53c47d |
650650
|----------+------------------------------------------------------------+--------------------------------------------------------------------|
651+
| Function | destroyKmsContext(uint256) | 0xc0ae64f7 |
652+
|----------+------------------------------------------------------------+--------------------------------------------------------------------|
651653
| Function | eip712Domain() | 0x84b0196e |
652654
|----------+------------------------------------------------------------+--------------------------------------------------------------------|
655+
| Function | getContextSignersAndThresholdFromExtraData(bytes) | 0xb7f47bd6 |
656+
|----------+------------------------------------------------------------+--------------------------------------------------------------------|
657+
| Function | getCurrentKmsContextId() | 0x976f3eb9 |
658+
|----------+------------------------------------------------------------+--------------------------------------------------------------------|
653659
| Function | getKmsSigners() | 0x7eaac8f2 |
654660
|----------+------------------------------------------------------------+--------------------------------------------------------------------|
661+
| Function | getSignersForKmsContext(uint256) | 0x724f190b |
662+
|----------+------------------------------------------------------------+--------------------------------------------------------------------|
655663
| Function | getThreshold() | 0xe75235b8 |
656664
|----------+------------------------------------------------------------+--------------------------------------------------------------------|
657665
| Function | getVersion() | 0x0d8e6e2c |
@@ -662,7 +670,7 @@ KMSVerifier
662670
|----------+------------------------------------------------------------+--------------------------------------------------------------------|
663671
| Function | proxiableUUID() | 0x52d1902d |
664672
|----------+------------------------------------------------------------+--------------------------------------------------------------------|
665-
| Function | setThreshold(uint256) | 0x960bfe04 |
673+
| Function | reinitializeV2() | 0xc4115874 |
666674
|----------+------------------------------------------------------------+--------------------------------------------------------------------|
667675
| Function | upgradeToAndCall(address,bytes) | 0x4f1ef286 |
668676
|----------+------------------------------------------------------------+--------------------------------------------------------------------|
@@ -672,14 +680,20 @@ KMSVerifier
672680
|----------+------------------------------------------------------------+--------------------------------------------------------------------|
673681
| Event | Initialized(uint64) | 0xc7f505b2f371ae2175ee4913f4499e1f2633a7b5936321eed1cdaeb6115181d2 |
674682
|----------+------------------------------------------------------------+--------------------------------------------------------------------|
675-
| Event | NewContextSet(address[],uint256) | 0x1dcd7e1de916ad3be0c1097968029899e2e7d0195cfa6967e16520c0e8d07cea |
683+
| Event | KMSContextDestroyed(uint256) | 0x6061b48dc9932cb928f0ea6a9d126c1095be843d19641ed27c9164feb79762eb |
684+
|----------+------------------------------------------------------------+--------------------------------------------------------------------|
685+
| Event | NewContextSet(uint256,address[],uint256) | 0x520e0adcbbe0d097dfe4b243c722ac80df9c2413c936b092d9c4888118f01f92 |
676686
|----------+------------------------------------------------------------+--------------------------------------------------------------------|
677687
| Event | Upgraded(address) | 0xbc7cd75a20ee27fd9adebab32041f755214dbc6bffa90cc0225b39da2e5c2d3b |
678688
|----------+------------------------------------------------------------+--------------------------------------------------------------------|
679689
| Error | AddressEmptyCode(address) | 0x9996b315 |
680690
|----------+------------------------------------------------------------+--------------------------------------------------------------------|
691+
| Error | CurrentKMSContextCannotBeDestroyed(uint256) | 0x669db066 |
692+
|----------+------------------------------------------------------------+--------------------------------------------------------------------|
681693
| Error | DeserializingDecryptionProofFail() | 0x8d9c3069 |
682694
|----------+------------------------------------------------------------+--------------------------------------------------------------------|
695+
| Error | DeserializingExtraDataFail() | 0x8b248b60 |
696+
|----------+------------------------------------------------------------+--------------------------------------------------------------------|
683697
| Error | ECDSAInvalidSignature() | 0xf645eedf |
684698
|----------+------------------------------------------------------------+--------------------------------------------------------------------|
685699
| Error | ECDSAInvalidSignatureLength(uint256) | 0xfce698f7 |
@@ -696,6 +710,8 @@ KMSVerifier
696710
|----------+------------------------------------------------------------+--------------------------------------------------------------------|
697711
| Error | InvalidInitialization() | 0xf92ee8a9 |
698712
|----------+------------------------------------------------------------+--------------------------------------------------------------------|
713+
| Error | InvalidKMSContext(uint256) | 0xb0dafc17 |
714+
|----------+------------------------------------------------------------+--------------------------------------------------------------------|
699715
| Error | KMSAlreadySigner() | 0x9895a42c |
700716
|----------+------------------------------------------------------------+--------------------------------------------------------------------|
701717
| Error | KMSInvalidSigner(address) | 0x6475522d |
@@ -721,6 +737,8 @@ KMSVerifier
721737
| Error | UUPSUnauthorizedCallContext() | 0xe07c8dba |
722738
|----------+------------------------------------------------------------+--------------------------------------------------------------------|
723739
| Error | UUPSUnsupportedProxiableUUID(bytes32) | 0xaa1d49a4 |
740+
|----------+------------------------------------------------------------+--------------------------------------------------------------------|
741+
| Error | UnsupportedExtraDataVersion(uint8) | 0x2139cc2c |
724742
╰----------+------------------------------------------------------------+--------------------------------------------------------------------╯
725743

726744

host-contracts/lib/FHE.sol

Lines changed: 15 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -31,9 +31,9 @@ interface IKMSVerifier {
3131
uint256[] memory extensions
3232
);
3333

34-
function getThreshold() external view returns (uint256);
35-
36-
function getKmsSigners() external view returns (address[] memory);
34+
function getContextSignersAndThresholdFromExtraData(
35+
bytes calldata extraData
36+
) external view returns (address[] memory signers, uint256 threshold);
3737
}
3838

3939
/**
@@ -9563,7 +9563,7 @@ library FHE {
95639563
}
95649564
bytes32 digest = _hashDecryptionResult(handlesList, abiEncodedCleartexts, extraData);
95659565

9566-
return _verifySignaturesDigest(digest, signatures);
9566+
return _verifySignaturesDigest(digest, signatures, extraData);
95679567
}
95689568

95699569
/*
@@ -9621,12 +9621,19 @@ library FHE {
96219621
}
96229622

96239623
/**
9624-
* @notice View function that verifies multiple signatures for a given message at a certain threshold.
9624+
* @notice View function that verifies multiple signatures for a given message using context-aware verification.
9625+
* @dev Delegates extraData parsing and context lookup to KMSVerifier via a single
9626+
* cross-contract call to `getContextSignersAndThresholdFromExtraData`.
96259627
* @param digest The hash of the message that was signed by all signers.
96269628
* @param signatures An array of signatures to verify.
9629+
* @param extraData The extra data bytes from the decryption proof, used to resolve the KMS context.
96279630
* @return isVerified true if enough provided signatures are valid, false otherwise.
96289631
*/
9629-
function _verifySignaturesDigest(bytes32 digest, bytes[] memory signatures) private view returns (bool) {
9632+
function _verifySignaturesDigest(
9633+
bytes32 digest,
9634+
bytes[] memory signatures,
9635+
bytes memory extraData
9636+
) private view returns (bool) {
96309637
uint256 numSignatures = signatures.length;
96319638

96329639
if (numSignatures == 0) {
@@ -9635,14 +9642,13 @@ library FHE {
96359642

96369643
CoprocessorConfig storage $ = Impl.getCoprocessorConfig();
96379644

9638-
uint256 threshold = IKMSVerifier($.KMSVerifierAddress).getThreshold();
9645+
(address[] memory KMSSigners, uint256 threshold) = IKMSVerifier($.KMSVerifierAddress)
9646+
.getContextSignersAndThresholdFromExtraData(extraData);
96399647

96409648
if (numSignatures < threshold) {
96419649
revert KMSSignatureThresholdNotReached(numSignatures);
96429650
}
96439651

9644-
address[] memory KMSSigners = IKMSVerifier($.KMSVerifierAddress).getKmsSigners();
9645-
96469652
address[] memory recoveredSigners = new address[](numSignatures);
96479653
uint256 uniqueValidCount;
96489654
for (uint256 i = 0; i < numSignatures; i++) {

host-contracts/rust_bindings/src/kms_verifier.rs

Lines changed: 1714 additions & 127 deletions
Large diffs are not rendered by default.

host-contracts/test/fhevm-foundry/TestHostContractsDeployerTestUtils.t.sol

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -61,7 +61,7 @@ contract TestHostContractsDeployerTestUtils is HostContractsDeployerTestUtils {
6161

6262
assertEq(address(kmsVerifierProxy), kmsVerifierAdd, "KMSVerifier proxy address mismatch");
6363
assertNotEq(kmsVerifierImplementation, address(0), "Implementation not deployed");
64-
assertEq(kmsVerifierProxy.getVersion(), "KMSVerifier v0.1.0", "Version mismatch");
64+
assertEq(kmsVerifierProxy.getVersion(), "KMSVerifier v0.2.0", "Version mismatch");
6565
assertEq(kmsVerifierProxy.getThreshold(), initialThreshold, "Threshold mismatch");
6666
address[] memory storedSigners = kmsVerifierProxy.getKmsSigners();
6767
assertEq(storedSigners.length, initialSigners.length, "Signers length mismatch");

0 commit comments

Comments
 (0)