Skip to content

Commit 91aa0da

Browse files
obatirouobatirou
committed
feat(host-contracts): implement context-aware signer storage and verification in KMSVerifier
Add per-context signer sets and thresholds so that old KMS contexts remain verifiable after governance rotates signers via defineNewContext. Includes destroyKmsContext, v0/v1 extraData parsing, reinitializeV3 migration path, legacy view redirection, and IKMSVerifier interface updates.
1 parent 2458fa9 commit 91aa0da

File tree

9 files changed

+3025
-176
lines changed

9 files changed

+3025
-176
lines changed

host-contracts/contracts/KMSVerifier.sol

Lines changed: 229 additions & 52 deletions
Large diffs are not rendered by default.

host-contracts/docs/contract_selectors.txt

Lines changed: 21 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -648,10 +648,18 @@ KMSVerifier
648648
|----------+------------------------------------------------------------+--------------------------------------------------------------------|
649649
| Function | defineNewContext(address[],uint256) | 0xda53c47d |
650650
|----------+------------------------------------------------------------+--------------------------------------------------------------------|
651+
| Function | destroyKmsContext(uint256) | 0xc0ae64f7 |
652+
|----------+------------------------------------------------------------+--------------------------------------------------------------------|
651653
| Function | eip712Domain() | 0x84b0196e |
652654
|----------+------------------------------------------------------------+--------------------------------------------------------------------|
655+
| Function | getContextSignersAndThresholdForExtraData(bytes) | 0xf1886e42 |
656+
|----------+------------------------------------------------------------+--------------------------------------------------------------------|
657+
| Function | getCurrentKmsContextId() | 0x976f3eb9 |
658+
|----------+------------------------------------------------------------+--------------------------------------------------------------------|
653659
| Function | getKmsSigners() | 0x7eaac8f2 |
654660
|----------+------------------------------------------------------------+--------------------------------------------------------------------|
661+
| Function | getSignersForKmsContext(uint256) | 0x724f190b |
662+
|----------+------------------------------------------------------------+--------------------------------------------------------------------|
655663
| Function | getThreshold() | 0xe75235b8 |
656664
|----------+------------------------------------------------------------+--------------------------------------------------------------------|
657665
| Function | getVersion() | 0x0d8e6e2c |
@@ -660,8 +668,12 @@ KMSVerifier
660668
|----------+------------------------------------------------------------+--------------------------------------------------------------------|
661669
| Function | isSigner(address) | 0x7df73e27 |
662670
|----------+------------------------------------------------------------+--------------------------------------------------------------------|
671+
| Function | isValidKmsContext(uint256) | 0xbf9b16c8 |
672+
|----------+------------------------------------------------------------+--------------------------------------------------------------------|
663673
| Function | proxiableUUID() | 0x52d1902d |
664674
|----------+------------------------------------------------------------+--------------------------------------------------------------------|
675+
| Function | reinitializeV2() | 0xc4115874 |
676+
|----------+------------------------------------------------------------+--------------------------------------------------------------------|
665677
| Function | setThreshold(uint256) | 0x960bfe04 |
666678
|----------+------------------------------------------------------------+--------------------------------------------------------------------|
667679
| Function | upgradeToAndCall(address,bytes) | 0x4f1ef286 |
@@ -672,12 +684,16 @@ KMSVerifier
672684
|----------+------------------------------------------------------------+--------------------------------------------------------------------|
673685
| Event | Initialized(uint64) | 0xc7f505b2f371ae2175ee4913f4499e1f2633a7b5936321eed1cdaeb6115181d2 |
674686
|----------+------------------------------------------------------------+--------------------------------------------------------------------|
675-
| Event | NewContextSet(address[],uint256) | 0x1dcd7e1de916ad3be0c1097968029899e2e7d0195cfa6967e16520c0e8d07cea |
687+
| Event | KMSContextDestroyed(uint256) | 0x6061b48dc9932cb928f0ea6a9d126c1095be843d19641ed27c9164feb79762eb |
688+
|----------+------------------------------------------------------------+--------------------------------------------------------------------|
689+
| Event | NewContextSet(uint256,address[],uint256) | 0x520e0adcbbe0d097dfe4b243c722ac80df9c2413c936b092d9c4888118f01f92 |
676690
|----------+------------------------------------------------------------+--------------------------------------------------------------------|
677691
| Event | Upgraded(address) | 0xbc7cd75a20ee27fd9adebab32041f755214dbc6bffa90cc0225b39da2e5c2d3b |
678692
|----------+------------------------------------------------------------+--------------------------------------------------------------------|
679693
| Error | AddressEmptyCode(address) | 0x9996b315 |
680694
|----------+------------------------------------------------------------+--------------------------------------------------------------------|
695+
| Error | CurrentKMSContextCannotBeDestroyed(uint256) | 0x669db066 |
696+
|----------+------------------------------------------------------------+--------------------------------------------------------------------|
681697
| Error | DeserializingDecryptionProofFail() | 0x8d9c3069 |
682698
|----------+------------------------------------------------------------+--------------------------------------------------------------------|
683699
| Error | ECDSAInvalidSignature() | 0xf645eedf |
@@ -696,6 +712,8 @@ KMSVerifier
696712
|----------+------------------------------------------------------------+--------------------------------------------------------------------|
697713
| Error | InvalidInitialization() | 0xf92ee8a9 |
698714
|----------+------------------------------------------------------------+--------------------------------------------------------------------|
715+
| Error | InvalidKMSContext(uint256) | 0xb0dafc17 |
716+
|----------+------------------------------------------------------------+--------------------------------------------------------------------|
699717
| Error | KMSAlreadySigner() | 0x9895a42c |
700718
|----------+------------------------------------------------------------+--------------------------------------------------------------------|
701719
| Error | KMSInvalidSigner(address) | 0x6475522d |
@@ -721,6 +739,8 @@ KMSVerifier
721739
| Error | UUPSUnauthorizedCallContext() | 0xe07c8dba |
722740
|----------+------------------------------------------------------------+--------------------------------------------------------------------|
723741
| Error | UUPSUnsupportedProxiableUUID(bytes32) | 0xaa1d49a4 |
742+
|----------+------------------------------------------------------------+--------------------------------------------------------------------|
743+
| Error | UnsupportedExtraDataVersion(uint8) | 0x2139cc2c |
724744
╰----------+------------------------------------------------------------+--------------------------------------------------------------------╯
725745

726746

host-contracts/lib/FHE.sol

Lines changed: 15 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -31,9 +31,9 @@ interface IKMSVerifier {
3131
uint256[] memory extensions
3232
);
3333

34-
function getThreshold() external view returns (uint256);
35-
36-
function getKmsSigners() external view returns (address[] memory);
34+
function getContextSignersAndThresholdForExtraData(
35+
bytes calldata extraData
36+
) external view returns (address[] memory signers, uint256 threshold);
3737
}
3838

3939
/**
@@ -9563,7 +9563,7 @@ library FHE {
95639563
}
95649564
bytes32 digest = _hashDecryptionResult(handlesList, abiEncodedCleartexts, extraData);
95659565

9566-
return _verifySignaturesDigest(digest, signatures);
9566+
return _verifySignaturesDigest(digest, signatures, extraData);
95679567
}
95689568

95699569
/*
@@ -9621,12 +9621,19 @@ library FHE {
96219621
}
96229622

96239623
/**
9624-
* @notice View function that verifies multiple signatures for a given message at a certain threshold.
9624+
* @notice View function that verifies multiple signatures for a given message using context-aware verification.
9625+
* @dev Delegates extraData parsing and context lookup to KMSVerifier via a single
9626+
* cross-contract call to `getContextSignersAndThresholdForExtraData`.
96259627
* @param digest The hash of the message that was signed by all signers.
96269628
* @param signatures An array of signatures to verify.
9629+
* @param extraData The extra data bytes from the decryption proof, used to resolve the KMS context.
96279630
* @return isVerified true if enough provided signatures are valid, false otherwise.
96289631
*/
9629-
function _verifySignaturesDigest(bytes32 digest, bytes[] memory signatures) private view returns (bool) {
9632+
function _verifySignaturesDigest(
9633+
bytes32 digest,
9634+
bytes[] memory signatures,
9635+
bytes memory extraData
9636+
) private view returns (bool) {
96309637
uint256 numSignatures = signatures.length;
96319638

96329639
if (numSignatures == 0) {
@@ -9635,14 +9642,13 @@ library FHE {
96359642

96369643
CoprocessorConfig storage $ = Impl.getCoprocessorConfig();
96379644

9638-
uint256 threshold = IKMSVerifier($.KMSVerifierAddress).getThreshold();
9645+
(address[] memory KMSSigners, uint256 threshold) = IKMSVerifier($.KMSVerifierAddress)
9646+
.getContextSignersAndThresholdForExtraData(extraData);
96399647

96409648
if (numSignatures < threshold) {
96419649
revert KMSSignatureThresholdNotReached(numSignatures);
96429650
}
96439651

9644-
address[] memory KMSSigners = IKMSVerifier($.KMSVerifierAddress).getKmsSigners();
9645-
96469652
address[] memory recoveredSigners = new address[](numSignatures);
96479653
uint256 uniqueValidCount;
96489654
for (uint256 i = 0; i < numSignatures; i++) {

host-contracts/rust_bindings/src/kms_verifier.rs

Lines changed: 1986 additions & 92 deletions
Large diffs are not rendered by default.

host-contracts/test/fhevm-foundry/TestHostContractsDeployerTestUtils.t.sol

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -61,7 +61,7 @@ contract TestHostContractsDeployerTestUtils is HostContractsDeployerTestUtils {
6161

6262
assertEq(address(kmsVerifierProxy), kmsVerifierAdd, "KMSVerifier proxy address mismatch");
6363
assertNotEq(kmsVerifierImplementation, address(0), "Implementation not deployed");
64-
assertEq(kmsVerifierProxy.getVersion(), "KMSVerifier v0.1.0", "Version mismatch");
64+
assertEq(kmsVerifierProxy.getVersion(), "KMSVerifier v0.2.0", "Version mismatch");
6565
assertEq(kmsVerifierProxy.getThreshold(), initialThreshold, "Threshold mismatch");
6666
address[] memory storedSigners = kmsVerifierProxy.getKmsSigners();
6767
assertEq(storedSigners.length, initialSigners.length, "Signers length mismatch");

0 commit comments

Comments
 (0)