chore(gateway-contracts): clean and rename KmsManagement to KMSGeneration

Author: melanciani

.github/workflows/gateway-contracts-upgrade-tests.yml

@@ -159,67 +159,67 @@ jobs:
 
       # TODO: We should instead automatically detect if the contract needs to be upgraded
       #  See https://github.com/zama-ai/fhevm-internal/issues/379
-      # - name: Upgrade CiphertextCommits contract
-      #   working-directory: current-fhevm/gateway-contracts
-      #   env:
-      #     DOTENV_CONFIG_PATH: .env
-      #     HARDHAT_NETWORK: staging
-      #     CHAIN_ID_GATEWAY: 54321
-      #     RPC_URL: http://localhost:8546
-      #   run: |
-      #     npx hardhat task:upgradeCiphertextCommits \
-      #       --current-implementation previous-contracts/CiphertextCommits.sol:CiphertextCommits \
-      #       --new-implementation contracts/CiphertextCommits.sol:CiphertextCommits \
-      #       --use-internal-proxy-address true \
-      #       --verify-contract false
+      - name: Upgrade CiphertextCommits contract
+        working-directory: current-fhevm/gateway-contracts
+        env:
+          DOTENV_CONFIG_PATH: .env
+          HARDHAT_NETWORK: staging
+          CHAIN_ID_GATEWAY: 54321
+          RPC_URL: http://localhost:8546
+        run: |
+          npx hardhat task:upgradeCiphertextCommits \
+            --current-implementation previous-contracts/CiphertextCommits.sol:CiphertextCommits \
+            --new-implementation contracts/CiphertextCommits.sol:CiphertextCommits \
+            --use-internal-proxy-address true \
+            --verify-contract false
 
       # TODO: We should instead automatically detect if the contract needs to be upgraded
       #  See https://github.com/zama-ai/fhevm-internal/issues/379
-      # - name: Upgrade InputVerification contract
-      #   working-directory: current-fhevm/gateway-contracts
-      #   env:
-      #     DOTENV_CONFIG_PATH: .env
-      #     HARDHAT_NETWORK: staging
-      #     CHAIN_ID_GATEWAY: 54321
-      #     RPC_URL: http://localhost:8546
-      #   run: |
-      #     npx hardhat task:upgradeInputVerification \
-      #       --current-implementation previous-contracts/InputVerification.sol:InputVerification \
-      #       --new-implementation contracts/InputVerification.sol:InputVerification \
-      #       --use-internal-proxy-address true \
-      #       --verify-contract false
+      - name: Upgrade InputVerification contract
+        working-directory: current-fhevm/gateway-contracts
+        env:
+          DOTENV_CONFIG_PATH: .env
+          HARDHAT_NETWORK: staging
+          CHAIN_ID_GATEWAY: 54321
+          RPC_URL: http://localhost:8546
+        run: |
+          npx hardhat task:upgradeInputVerification \
+            --current-implementation previous-contracts/InputVerification.sol:InputVerification \
+            --new-implementation contracts/InputVerification.sol:InputVerification \
+            --use-internal-proxy-address true \
+            --verify-contract false
 
       # TODO: We should instead automatically detect if the contract needs to be upgraded
       #  See https://github.com/zama-ai/fhevm-internal/issues/379
-      # - name: Upgrade MultichainACL contract
-      #   working-directory: current-fhevm/gateway-contracts
-      #   env:
-      #     DOTENV_CONFIG_PATH: .env
-      #     HARDHAT_NETWORK: staging
-      #     CHAIN_ID_GATEWAY: 54321
-      #     RPC_URL: http://localhost:8546
-      #   run: |
-      #     npx hardhat task:upgradeMultichainACL \
-      #       --current-implementation previous-contracts/MultichainACL.sol:MultichainACL \
-      #       --new-implementation contracts/MultichainACL.sol:MultichainACL \
-      #       --use-internal-proxy-address true \
-      #       --verify-contract false
+      - name: Upgrade MultichainACL contract
+        working-directory: current-fhevm/gateway-contracts
+        env:
+          DOTENV_CONFIG_PATH: .env
+          HARDHAT_NETWORK: staging
+          CHAIN_ID_GATEWAY: 54321
+          RPC_URL: http://localhost:8546
+        run: |
+          npx hardhat task:upgradeMultichainACL \
+            --current-implementation previous-contracts/MultichainACL.sol:MultichainACL \
+            --new-implementation contracts/MultichainACL.sol:MultichainACL \
+            --use-internal-proxy-address true \
+            --verify-contract false
 
       # TODO: We should instead automatically detect if the contract needs to be upgraded
       # See https://github.com/zama-ai/fhevm-internal/issues/379
-      # - name: Upgrade KmsManagement contract
-      #   working-directory: current-fhevm/gateway-contracts
-      #   env:
-      #     DOTENV_CONFIG_PATH: .env
-      #     HARDHAT_NETWORK: staging
-      #     CHAIN_ID_GATEWAY: 54321
-      #     RPC_URL: http://localhost:8546
-      #   run: |
-      #     npx hardhat task:upgradeKmsManagement \
-      #       --current-implementation previous-contracts/KmsManagement.sol:KmsManagement \
-      #       --new-implementation contracts/KmsManagement.sol:KmsManagement \
-      #       --use-internal-proxy-address true \
-      #       --verify-contract false
+      - name: Upgrade KMSGeneration contract
+        working-directory: current-fhevm/gateway-contracts
+        env:
+          DOTENV_CONFIG_PATH: .env
+          HARDHAT_NETWORK: staging
+          CHAIN_ID_GATEWAY: 54321
+          RPC_URL: http://localhost:8546
+        run: |
+          npx hardhat task:upgradeKmsGeneration \
+            --current-implementation previous-contracts/KmsGeneration.sol:KmsGeneration \
+            --new-implementation contracts/KmsGeneration.sol:KmsGeneration \
+            --use-internal-proxy-address true \
+            --verify-contract false
 
       - name: Clean up
         working-directory: previous-fhevm/gateway-contracts

gateway-contracts/.env.example

@@ -140,6 +140,7 @@ PAUSER_ADDRESS_1="0xb19e21437c47A541842bB84b018d3955462B35De" # accounts[24] (ad
 # is dynamically set after contracts are deployed.
 # For tests, this address is read directly from the addresses/.env.gateway file, so the value in this file is ignored.
 GATEWAY_CONFIG_ADDRESS="0xa50F5243C70c80a8309e3D39d8c9d958cDa83979" # (address)
+KMS_GENERATION_ADDRESS="0x87A5b1152AA51728258dbc1AA54B6a83DCd1d3dd" # (address)
 
 # The first pauser's private key
 # This is required for local tests and running the pausing task. It must correspond to one of the pauser's private key

gateway-contracts/README.md

@@ -15,7 +15,7 @@ The **FHEVM Gateway** is a set of smart contracts that enables decrypting FHE ci
 | `InputVerification` | Verify an input's zero-knowledge proof of knowledge (ZKPoK) | - Verify a ZKPoK<br>- Reject a ZKPoK                                                                                              |
 | `MultichainACL`     | Centralize Access Control Lists (ACL) from all host chains  | - Grant account access to ciphertexts<br>- Authorize public decryption of ciphertexts<br>- Delegate account access to ciphertexts |
 | `CiphertextCommits` | Store ciphertext commitments from all host chains           | - Store regular ciphertext commitments<br>- Store Switch and Squash (SNS) ciphertext commitments                                  |
-| `KmsManagement`     | Orchestrate KMS-related materials                           | 🚧 _Not in use yet_ 🚧                                                                                                            |
+| `KMSGeneration`     | Orchestrate KMS-related materials                           | 🚧 _Not in use yet_ 🚧                                                                                                            |
 | `GatewayConfig`     | Administer configuration settings                           | - Register KMS nodes, coprocessors and host chains. <br> - Update KMS nodes, coprocessors and host chains.                        |
 
 ## Getting started

gateway-contracts/contracts/CiphertextCommits.sol

@@ -1,10 +1,10 @@
 // SPDX-License-Identifier: BSD-3-Clause-Clear
 pragma solidity ^0.8.24;
-import { gatewayConfigAddress, kmsManagementAddress } from "../addresses/GatewayAddresses.sol";
+import { gatewayConfigAddress, kmsGenerationAddress } from "../addresses/GatewayAddresses.sol";
 import { Strings } from "@openzeppelin/contracts/utils/Strings.sol";
 import { ICiphertextCommits } from "./interfaces/ICiphertextCommits.sol";
 import { IGatewayConfig } from "./interfaces/IGatewayConfig.sol";
-import { IKMSManagement } from "./interfaces/IKMSManagement.sol";
+import { IKMSGeneration } from "./interfaces/IKMSGeneration.sol";
 import { UUPSUpgradeableEmptyProxy } from "./shared/UUPSUpgradeableEmptyProxy.sol";
 import { GatewayConfigChecks } from "./shared/GatewayConfigChecks.sol";
 import { HandleOps } from "./libraries/HandleOps.sol";
@@ -19,8 +19,8 @@ contract CiphertextCommits is ICiphertextCommits, UUPSUpgradeableEmptyProxy, Gat
     /// @notice The address of the GatewayConfig contract, used for fetching information about coprocessors.
     IGatewayConfig private constant GATEWAY_CONFIG = IGatewayConfig(gatewayConfigAddress);
 
-    /// @notice The address of the KmsManagement contract, used for fetching information about the current key.
-    IKMSManagement private constant KMS_MANAGEMENT = IKMSManagement(kmsManagementAddress);
+    /// @notice The address of the KMSGeneration contract, used for fetching information about the current key.
+    IKMSGeneration private constant KMS_GENERATION = IKMSGeneration(kmsGenerationAddress);
 
     /// @dev The following constants are used for versioning the contract. They are made private
     /// @dev in order to force derived contracts to consider a different version. Note that

gateway-contracts/contracts/Decryption.sol

@@ -313,8 +313,10 @@ contract Decryption is
     ) external virtual onlyKmsTxSender {
         DecryptionStorage storage $ = _getDecryptionStorage();
 
-        // Make sure the decryptionId corresponds to a generated decryption request.
-        if (decryptionId > $.publicDecryptionCounter || decryptionId == 0) {
+        // Make sure the decryptionId corresponds to a generated public decryption request:
+        // - it must be greater than the base counter for public decryption requests
+        // - it must be less than or equal to the current public decryption counter
+        if (decryptionId <= PUBLIC_DECRYPT_COUNTER_BASE || decryptionId > $.publicDecryptionCounter) {
             revert DecryptionNotRequested(decryptionId);
         }
 
@@ -547,8 +549,10 @@ contract Decryption is
     ) external virtual onlyKmsTxSender {
         DecryptionStorage storage $ = _getDecryptionStorage();
 
-        // Make sure the decryptionId corresponds to a generated decryption request.
-        if (decryptionId > $.userDecryptionCounter || decryptionId == 0) {
+        // Make sure the decryptionId corresponds to a generated user decryption request:
+        // - it must be greater than the base counter for user decryption requests
+        // - it must be less than or equal to the current user decryption counter
+        if (decryptionId <= USER_DECRYPT_COUNTER_BASE || decryptionId > $.userDecryptionCounter) {
             revert DecryptionNotRequested(decryptionId);
         }