chore(kms-connector): adapt storage urls retrieval

Author: eudelins-zama

kms-connector/Cargo.lock

@@ -18,7 +18,7 @@ gw-listener.path = "crates/gw-listener"
 kms-worker.path = "crates/kms-worker"
 tx-sender.path = "crates/tx-sender"
 connector-utils.path = "crates/utils"
-fhevm_gateway_bindings = { git = "https://github.com/zama-ai/fhevm.git", rev = "a51230f0d138586b7b9e49fc1550b554117ad4b1", default-features = false }
+fhevm_gateway_bindings = { git = "https://github.com/zama-ai/fhevm.git", rev = "f9671e161fbff94159bd7355c618954df2ec00fb", default-features = false }
 kms-grpc = { git = "https://github.com/zama-ai/kms.git", tag = "v0.11.0-26", default-features = true }
 tfhe = "=1.3.2"
 

kms-connector/Cargo.toml

@@ -1 +1,2 @@
 ALTER TYPE sns_ciphertext_material DROP ATTRIBUTE coprocessor_tx_sender_addresses CASCADE;
+ALTER TYPE sns_ciphertext_material ADD ATTRIBUTE storage_urls TEXT[] CASCADE;

kms-connector/connector-db/migrations/20250902144114_update_sns_ciphertext.sql

@@ -60,7 +60,8 @@ impl DbEventPublisher {
         let sns_ciphertexts_db = request
             .snsCtMaterials
             .iter()
-            .map(SnsCiphertextMaterialDbItem::from)
+            .zip(request.storageUrls)
+            .map(|(sns_ct, url)| SnsCiphertextMaterialDbItem::new(sns_ct, url))
             .collect::<Vec<SnsCiphertextMaterialDbItem>>();
 
         sqlx::query!(
@@ -80,7 +81,8 @@ impl DbEventPublisher {
         let sns_ciphertexts_db = request
             .snsCtMaterials
             .iter()
-            .map(SnsCiphertextMaterialDbItem::from)
+            .zip(request.storageUrls)
+            .map(|(sns_ct, url)| SnsCiphertextMaterialDbItem::new(sns_ct, url))
             .collect::<Vec<SnsCiphertextMaterialDbItem>>();
 
         sqlx::query!(

kms-connector/crates/gw-listener/src/core/event_publisher.rs

@@ -8,7 +8,7 @@ use crate::core::{
 use alloy::{
     hex,
     primitives::{Address, Bytes, U256},
-    sol_types::{Eip712Domain, SolValue},
+    sol_types::Eip712Domain,
 };
 use anyhow::anyhow;
 use connector_utils::types::KmsGrpcRequest;
@@ -49,6 +49,7 @@ impl DecryptionProcessor {
         &self,
         decryption_id: U256,
         sns_materials: Vec<SnsCiphertextMaterial>,
+        storage_urls: Vec<Vec<String>>,
         extra_data: Vec<u8>,
         user_decrypt_data: Option<UserDecryptionExtraData>,
     ) -> anyhow::Result<KmsGrpcRequest> {
@@ -62,7 +63,7 @@ impl DecryptionProcessor {
         info!("Extracted key_id {key_id} from snsCtMaterials[0]");
 
         let ciphertexts = self
-            .prepare_ciphertexts(decryption_id, &key_id, sns_materials, &extra_data)
+            .prepare_ciphertexts(decryption_id, &key_id, sns_materials, storage_urls)
             .await?;
 
         // Convert alloy domain to protobuf domain
@@ -114,12 +115,11 @@ impl DecryptionProcessor {
         decryption_id: U256,
         key_id: &str,
         sns_materials: Vec<SnsCiphertextMaterial>,
-        extra_data: &[u8],
+        storage_urls: Vec<Vec<String>>,
     ) -> anyhow::Result<Vec<TypedCiphertext>> {
-        let s3_url_matrix = decode_s3_url_matrix(extra_data)?;
         let sns_ciphertext_materials = self
             .s3_service
-            .retrieve_sns_ciphertext_materials(sns_materials, s3_url_matrix)
+            .retrieve_sns_ciphertext_materials(sns_materials, storage_urls)
             .await;
 
         if sns_ciphertext_materials.is_empty() {
@@ -144,11 +144,6 @@ impl DecryptionProcessor {
     }
 }
 
-fn decode_s3_url_matrix(extra_data: &[u8]) -> anyhow::Result<Vec<Vec<String>>> {
-    let (_version, urls): (u32, Vec<Vec<String>>) = SolValue::abi_decode_sequence(extra_data)?;
-    Ok(urls)
-}
-
 pub struct UserDecryptionExtraData {
     pub user_address: Address,
     pub public_key: Bytes,
@@ -162,40 +157,3 @@ impl UserDecryptionExtraData {
         }
     }
 }
-
-#[cfg(test)]
-mod tests {
-    use super::*;
-
-    #[test]
-    fn test_urls_decoding() {
-        let url_matrix = vec![
-            vec![
-                String::from("http://localhost"),
-                String::from("https://127.0.0.1:80/"),
-            ],
-            vec![String::from("http://localhost:81/test")],
-        ];
-
-        let extra_data = hex::decode(REMIX_GENERATED_EXTRA_DATA).unwrap();
-        let decoded_url_matrix = decode_s3_url_matrix(&extra_data).unwrap();
-        assert_eq!(url_matrix, decoded_url_matrix);
-    }
-
-    // Encoded bytes retrieved with the following function in Remix
-    // ```
-    // function encode() public pure returns (bytes memory) {
-    //     string[] memory url_array1 = new string[](2);
-    //     url_array1[0] = "http://localhost";
-    //     url_array1[1] = "https://127.0.0.1:80/";
-    //     string[] memory url_array2 = new string[](1);
-    //     url_array2[0] = "http://localhost:81/test";
-    //     string[][] memory url_matrix =  new string[][](2);
-    //     url_matrix[0] = url_array1;
-    //     url_matrix[1] = url_array2;
-    //     uint32 version = 1;
-    //     return abi.encode(version, url_matrix);
-    // }
-    // ```
-    const REMIX_GENERATED_EXTRA_DATA: &str = "0x000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000000000000000000000001200000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000010687474703a2f2f6c6f63616c686f737400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001568747470733a2f2f3132372e302e302e313a38302f0000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000018687474703a2f2f6c6f63616c686f73743a38312f746573740000000000000000";
-}

kms-connector/crates/kms-worker/src/core/event_processor/decryption.rs

@@ -88,6 +88,7 @@ impl DbEventProcessor {
                     .prepare_decryption_request(
                         req.decryptionId,
                         req.snsCtMaterials,
+                        req.storageUrls,
                         req.extraData.into(),
                         None,
                     )
@@ -98,6 +99,7 @@ impl DbEventProcessor {
                     .prepare_decryption_request(
                         req.decryptionId,
                         req.snsCtMaterials,
+                        req.storageUrls,
                         req.extraData.into(),
                         Some(UserDecryptionExtraData::new(req.userAddress, req.publicKey)),
                     )

kms-connector/crates/kms-worker/src/core/event_processor/processor.rs

@@ -40,11 +40,11 @@ impl S3Service {
     pub async fn retrieve_sns_ciphertext_materials(
         &self,
         sns_materials: Vec<SnsCiphertextMaterial>,
-        s3_urls_metrix: Vec<Vec<String>>,
+        s3_urls_matrix: Vec<Vec<String>>,
     ) -> Vec<TypedCiphertext> {
         let mut sns_ciphertext_materials = Vec::new();
 
-        for (sns_material, mut s3_urls) in sns_materials.into_iter().zip(s3_urls_metrix) {
+        for (sns_material, mut s3_urls) in sns_materials.into_iter().zip(s3_urls_matrix) {
             // 1. For each SNS material, we try to retrieve its ciphertext from multiple possible S3 URLs
             //    1.1. We try to fetch the ciphertext for `self.s3_ct_retrieval_retries` times for each S3 URL
             // 2. Once we successfully retrieve a ciphertext from any of those URLs, we break out of the S3 URLs loop

kms-connector/crates/kms-worker/src/core/event_processor/s3.rs

@@ -1,12 +1,11 @@
-use std::time::Duration;
-
 use alloy::primitives::U256;
 use connector_utils::{
     tests::{rand::rand_sns_ct, setup::TestInstanceBuilder},
     types::{GatewayEvent, db::SnsCiphertextMaterialDbItem},
 };
 use fhevm_gateway_bindings::decryption::Decryption::PublicDecryptionRequest;
 use kms_worker::core::{Config, DbEventPicker, EventPicker};
+use std::time::Duration;
 use tokio::time::timeout;
 
 #[tokio::test]
@@ -18,11 +17,7 @@ async fn test_parallel_event_picker_one_events() -> anyhow::Result<()> {
     let mut event_picker1 = DbEventPicker::connect(test_instance.db().clone(), &config).await?;
 
     let id0 = U256::ZERO;
-    let sns_ct = vec![rand_sns_ct()];
-    let sns_ciphertexts_db = sns_ct
-        .iter()
-        .map(SnsCiphertextMaterialDbItem::from)
-        .collect::<Vec<SnsCiphertextMaterialDbItem>>();
+    let sns_ciphertexts_db = vec![rand_sns_ct()];
 
     println!("Inserting only one PublicDecryptionRequest for two event picker...");
     sqlx::query!(
@@ -47,7 +42,11 @@ async fn test_parallel_event_picker_one_events() -> anyhow::Result<()> {
         events0,
         vec![GatewayEvent::PublicDecryption(PublicDecryptionRequest {
             decryptionId: id0,
-            snsCtMaterials: sns_ct.clone(),
+            storageUrls: sns_ciphertexts_db
+                .iter()
+                .map(|s| s.storage_urls.clone())
+                .collect(),
+            snsCtMaterials: sns_ciphertexts_db.iter().map(|s| s.into()).collect(),
             extraData: vec![].into()
         })]
     );
@@ -68,11 +67,7 @@ async fn test_parallel_event_picker_two_events() -> anyhow::Result<()> {
 
     let id0 = U256::ZERO;
     let id1 = U256::ONE;
-    let sns_ct = vec![rand_sns_ct()];
-    let sns_ciphertexts_db = sns_ct
-        .iter()
-        .map(SnsCiphertextMaterialDbItem::from)
-        .collect::<Vec<SnsCiphertextMaterialDbItem>>();
+    let sns_ciphertexts_db = vec![rand_sns_ct()];
 
     println!("Inserting two PublicDecryptionRequest for two event picker...");
     sqlx::query!(
@@ -86,7 +81,7 @@ async fn test_parallel_event_picker_two_events() -> anyhow::Result<()> {
     sqlx::query!(
         "INSERT INTO public_decryption_requests VALUES ($1, $2, $3) ON CONFLICT DO NOTHING",
         id1.as_le_slice(),
-        sns_ciphertexts_db as Vec<SnsCiphertextMaterialDbItem>,
+        sns_ciphertexts_db.clone() as Vec<SnsCiphertextMaterialDbItem>,
         vec![],
     )
     .execute(test_instance.db())
@@ -101,15 +96,23 @@ async fn test_parallel_event_picker_two_events() -> anyhow::Result<()> {
         events0,
         vec![GatewayEvent::PublicDecryption(PublicDecryptionRequest {
             decryptionId: id0,
-            snsCtMaterials: sns_ct.clone(),
+            storageUrls: sns_ciphertexts_db
+                .iter()
+                .map(|s| s.storage_urls.clone())
+                .collect(),
+            snsCtMaterials: sns_ciphertexts_db.iter().map(|s| s.into()).collect(),
             extraData: vec![].into(),
         })]
     );
     assert_eq!(
         events1,
         vec![GatewayEvent::PublicDecryption(PublicDecryptionRequest {
             decryptionId: id1,
-            snsCtMaterials: sns_ct,
+            storageUrls: sns_ciphertexts_db
+                .iter()
+                .map(|s| s.storage_urls.clone())
+                .collect(),
+            snsCtMaterials: sns_ciphertexts_db.iter().map(|s| s.into()).collect(),
             extraData: vec![].into(),
         })]
     );

kms-connector/crates/kms-worker/tests/event_picker/parallel.rs

@@ -1,5 +1,3 @@
-use std::time::Duration;
-
 use connector_utils::{
     tests::{
         rand::{rand_address, rand_digest, rand_public_key, rand_sns_ct, rand_u256},
@@ -15,6 +13,7 @@ use fhevm_gateway_bindings::{
     },
 };
 use kms_worker::core::{Config, DbEventPicker, EventPicker};
+use std::time::Duration;
 
 #[tokio::test]
 async fn test_pick_public_decryption() -> anyhow::Result<()> {
@@ -24,17 +23,13 @@ async fn test_pick_public_decryption() -> anyhow::Result<()> {
         DbEventPicker::connect(test_instance.db().clone(), &Config::default()).await?;
 
     let decryption_id = rand_u256();
-    let sns_ct = vec![rand_sns_ct()];
-    let sns_ciphertexts_db = sns_ct
-        .iter()
-        .map(SnsCiphertextMaterialDbItem::from)
-        .collect::<Vec<SnsCiphertextMaterialDbItem>>();
+    let sns_ciphertexts_db = vec![rand_sns_ct()];
 
     println!("Triggering Postgres notification with PublicDecryptionRequest insertion...");
     sqlx::query!(
         "INSERT INTO public_decryption_requests VALUES ($1, $2, $3) ON CONFLICT DO NOTHING",
         decryption_id.as_le_slice(),
-        sns_ciphertexts_db as Vec<SnsCiphertextMaterialDbItem>,
+        sns_ciphertexts_db.clone() as Vec<SnsCiphertextMaterialDbItem>,
         vec![],
     )
     .execute(test_instance.db())
@@ -48,7 +43,11 @@ async fn test_pick_public_decryption() -> anyhow::Result<()> {
         events,
         vec![GatewayEvent::PublicDecryption(PublicDecryptionRequest {
             decryptionId: decryption_id,
-            snsCtMaterials: sns_ct,
+            storageUrls: sns_ciphertexts_db
+                .iter()
+                .map(|s| s.storage_urls.clone())
+                .collect(),
+            snsCtMaterials: sns_ciphertexts_db.iter().map(|s| s.into()).collect(),
             extraData: vec![].into(),
         })]
     );
@@ -64,19 +63,15 @@ async fn test_pick_user_decryption() -> anyhow::Result<()> {
         DbEventPicker::connect(test_instance.db().clone(), &Config::default()).await?;
 
     let decryption_id = rand_u256();
-    let sns_ct = vec![rand_sns_ct()];
+    let sns_ciphertexts_db = vec![rand_sns_ct()];
     let user_address = rand_address();
     let public_key = rand_public_key();
-    let sns_ciphertexts_db = sns_ct
-        .iter()
-        .map(SnsCiphertextMaterialDbItem::from)
-        .collect::<Vec<SnsCiphertextMaterialDbItem>>();
 
     println!("Triggering Postgres notification with UserDecryptionRequest insertion...");
     sqlx::query!(
         "INSERT INTO user_decryption_requests VALUES ($1, $2, $3, $4, $5) ON CONFLICT DO NOTHING",
         decryption_id.as_le_slice(),
-        sns_ciphertexts_db as Vec<SnsCiphertextMaterialDbItem>,
+        sns_ciphertexts_db.clone() as Vec<SnsCiphertextMaterialDbItem>,
         user_address.as_slice(),
         &public_key,
         vec![],
@@ -92,7 +87,11 @@ async fn test_pick_user_decryption() -> anyhow::Result<()> {
         events,
         vec![GatewayEvent::UserDecryption(UserDecryptionRequest {
             decryptionId: decryption_id,
-            snsCtMaterials: sns_ct,
+            storageUrls: sns_ciphertexts_db
+                .iter()
+                .map(|s| s.storage_urls.clone())
+                .collect(),
+            snsCtMaterials: sns_ciphertexts_db.iter().map(|s| s.into()).collect(),
             userAddress: user_address,
             publicKey: public_key.into(),
             extraData: vec![].into(),
@@ -283,16 +282,13 @@ async fn test_polling_backup() -> anyhow::Result<()> {
     let test_instance = TestInstanceBuilder::db_setup().await?;
 
     let decryption_id = rand_u256();
-    let sns_ct = vec![rand_sns_ct()];
-    let sns_ciphertexts_db = sns_ct
-        .iter()
-        .map(SnsCiphertextMaterialDbItem::from)
-        .collect::<Vec<SnsCiphertextMaterialDbItem>>();
+    let sns_ciphertexts_db = vec![rand_sns_ct()];
+
     println!("Inserting PublicDecryptionRequest before starting the event picker...");
     sqlx::query!(
         "INSERT INTO public_decryption_requests VALUES ($1, $2, $3) ON CONFLICT DO NOTHING",
         decryption_id.as_le_slice(),
-        sns_ciphertexts_db as Vec<SnsCiphertextMaterialDbItem>,
+        sns_ciphertexts_db.clone() as Vec<SnsCiphertextMaterialDbItem>,
         vec![],
     )
     .execute(test_instance.db())
@@ -312,7 +308,11 @@ async fn test_polling_backup() -> anyhow::Result<()> {
         events,
         vec![GatewayEvent::PublicDecryption(PublicDecryptionRequest {
             decryptionId: decryption_id,
-            snsCtMaterials: sns_ct,
+            storageUrls: sns_ciphertexts_db
+                .iter()
+                .map(|s| s.storage_urls.clone())
+                .collect(),
+            snsCtMaterials: sns_ciphertexts_db.iter().map(|s| s.into()).collect(),
             extraData: vec![].into(),
         })]
     );

kms-connector/crates/kms-worker/tests/event_picker/simple.rs

@@ -1,5 +1,5 @@
+use crate::types::db::SnsCiphertextMaterialDbItem;
 use alloy::primitives::{Address, FixedBytes, U256};
-use fhevm_gateway_bindings::decryption::Decryption::SnsCiphertextMaterial;
 use rand::Rng;
 
 pub fn rand_u256() -> U256 {
@@ -22,10 +22,11 @@ pub fn rand_digest() -> FixedBytes<32> {
     rand::rng().random::<[u8; 32]>().into()
 }
 
-pub fn rand_sns_ct() -> SnsCiphertextMaterial {
-    SnsCiphertextMaterial {
-        keyId: rand_u256(),
-        ctHandle: rand::rng().random::<[u8; 32]>().into(),
-        snsCiphertextDigest: rand::rng().random::<[u8; 32]>().into(),
+pub fn rand_sns_ct() -> SnsCiphertextMaterialDbItem {
+    SnsCiphertextMaterialDbItem {
+        key_id: rand::rng().random::<[u8; 32]>(),
+        ct_handle: rand::rng().random::<[u8; 32]>(),
+        sns_ciphertext_digest: rand::rng().random::<[u8; 32]>(),
+        storage_urls: vec!["http://localhost:9000/ct/128".to_string()],
     }
 }