Merge branch 'main' into tore/chore/fix-to-rc25

Author: jot2re

Cargo.lock

@@ -901,6 +901,7 @@ fn check_ext_pt_signature(
     external_handles: Vec<Vec<u8>>,
     domain: Eip712Domain,
     kms_addrs: &[alloy_primitives::Address],
+    extra_data: Vec<u8>,
 ) -> anyhow::Result<()> {
     // convert received data into proper format for EIP-712 verification
     if external_sig.len() != 65 {
@@ -918,7 +919,7 @@ fn check_ext_pt_signature(
     tracing::debug!("PTs: {:?}", plaintexts);
     tracing::debug!("ext. handles: {:?}", external_handles);
 
-    let hash = compute_pt_message_hash(external_handles, plaintexts, domain);
+    let hash = compute_pt_message_hash(external_handles, plaintexts, domain, extra_data);
 
     let addr = sig.recover_address_from_prehash(&hash)?;
     tracing::info!("recovered address: {}", addr);
@@ -942,11 +943,12 @@ fn check_external_decryption_signature(
     for response in responses {
         let payload = response.payload.as_ref().unwrap();
         check_ext_pt_signature(
-            payload.external_signature(),
+            response.external_signature(),
             &payload.plaintexts,
             external_handles.to_owned(),
             domain.clone(),
             kms_addrs,
+            vec![],
         )?;
 
         for (idx, pt) in payload.plaintexts.iter().enumerate() {

core-client/src/lib.rs

@@ -223,6 +223,9 @@ message PublicDecryptionRequest {
 
   // The EIP712 domain used for signing the response.
   Eip712DomainMsg domain = 4;
+
+  // Extra data from the gateway.
+  bytes extra_data = 5;
 }
 
 // KMS-internal Public Decryption Response Payload, containing meta data, plaintexts
@@ -234,27 +237,29 @@ message PublicDecryptionResponsePayload {
   // trusted keys.
   // TODO should be renamed to make it clear it is the server's key
   bytes verification_key = 1;
-  // Digest of the request validated.
-  // Needed to ensure that the response is for the expected request.
-  // THIS IS DEPRECATED AND KMS WILL LEAVE THIS FIELD EMPTY,
-  // instead, we will use request_id to specify the link.
-  bytes digest = 2 [deprecated=true];
+
   // A list of plaintexts, as little endian byte arrays. One for each
   // ciphertext.
-  repeated TypedPlaintext plaintexts = 3;
-  // the signature on external_decryption_result for the external recipient
-  // (e.g. using EIP712 for fhevm)
-  optional bytes external_signature = 4;
+  repeated TypedPlaintext plaintexts = 2;
+
   // Request ID of the request that this response corresponds to.
-  RequestId request_id = 5;
+  RequestId request_id = 3;
 }
 
 // KMS-internal Public Decryption Response
 message PublicDecryptionResponse {
   // Signature of the serialization of [PublicDecryptionResponsePayload].
   bytes signature = 1;
+
+  // the signature on external_decryption_result for the external recipient
+  // (e.g. using EIP712 for fhevm)
+  optional bytes external_signature = 2;
+
   // The payload that is signed
-  PublicDecryptionResponsePayload payload = 2;
+  PublicDecryptionResponsePayload payload = 3;
+
+  // Extra data used in the EIP712 signature - external_signature.
+  bytes extra_data = 4;
 }
 
 // Eip712 domain information. 
@@ -289,38 +294,51 @@ message UserDecryptionRequest {
 
   // The user's EIP712 domain. This MUST be present. Furthermore, the `verifying_contract` MUST be set and be distinct from `client_address`.
   Eip712DomainMsg domain = 6;
+
+  // Extra data from the gateway.
+  bytes extra_data = 7;
 }
 
 message UserDecryptionResponse {
   bytes signature = 1;
+
   // This is the external signature created from the Eip712 domain
   // on the structure, where userDecryptedShare is bc2wrap::serialize(&payload)
   // struct UserDecryptResponseVerification {
   //     bytes publicKey;
   //     uint256[] ctHandles;
-  //     bytes userDecryptedShare;
+  //     bytes userDecryptedShare; // serialization of payload
+  //     bytes extraData;
   // }
   bytes external_signature = 2;
+
   // The actual [UserDecryptionResponsePayload].
   UserDecryptionResponsePayload payload = 3;
+
+  // Extra data used in the EIP712 signature - external_signature.
+  bytes extra_data = 4;
 }
 
 message UserDecryptionResponsePayload {
   // The server's signature verification key, Encoded using SEC1.
   // Needed to validate the response, but MUST also be linked to a list of
   // trusted keys.
   bytes verification_key = 1;
+
   // This is needed to ensure the response corresponds to the request.
   // It is the digest of UserDecryptionLinker hashed using EIP712
   // under the given domain in the request.
   bytes digest = 2;
+
   // The resulting signcrypted ciphertexts, each ciphertext
   // must be decrypted and then reconstructed with the other shares
   // to produce the final plaintext.
   repeated TypedSigncryptedCiphertext signcrypted_ciphertexts = 3;
+
   // The ID of the MPC party doing the user decryption. Used for polynomial
   // reconstruction.
   uint32 party_id = 4;
+
   // The degree of the sharing scheme used.
   uint32 degree = 5;
 }

core/grpc/proto/kms.v1.proto

@@ -41,6 +41,7 @@ alloy_sol_types::sol! {
         bytes publicKey;
         bytes32[] ctHandles;
         bytes userDecryptedShare;
+        bytes extraData;
     }
 }
 
@@ -61,6 +62,7 @@ alloy_sol_types::sol! {
     struct PublicDecryptVerification {
         bytes32[] ctHandles;
         bytes decryptedResult;
+        bytes extraData;
     }
 }
 
@@ -1080,6 +1082,7 @@ mod tests {
                 client_address: client_address.to_checksum(None),
                 enc_key: vec![],
                 domain: None,
+                extra_data: vec![],
             };
             assert!(req
                 .compute_link_checked()
@@ -1097,6 +1100,7 @@ mod tests {
                 client_address: client_address.to_checksum(None),
                 enc_key: vec![],
                 domain: Some(domain.clone()),
+                extra_data: vec![],
             };
             assert!(req
                 .compute_link_checked()
@@ -1117,6 +1121,7 @@ mod tests {
                 client_address: client_address.to_checksum(None),
                 enc_key: vec![],
                 domain: Some(bad_domain),
+                extra_data: vec![],
             };
 
             assert!(req
@@ -1135,6 +1140,7 @@ mod tests {
                 client_address: client_address.to_checksum(None),
                 enc_key: vec![],
                 domain: Some(domain.clone()),
+                extra_data: vec![],
             };
             assert!(req.compute_link_checked().is_ok());
         }

core/grpc/src/rpc_types.rs

@@ -380,6 +380,7 @@ struct UserDecryptionResponseHex {
     // NOTE: this is the external signature
     signature: String,
     payload: Option<String>,
+    extra_data: Option<String>,
 }
 
 #[cfg(feature = "wasm_tests")]
@@ -392,6 +393,7 @@ fn resp_to_js(agg_resp: Vec<UserDecryptionResponse>) -> JsValue {
                 Some(inner) => Some(hex::encode(serialize(&inner).unwrap())),
                 None => None,
             },
+            extra_data: Some(hex::encode(&resp.extra_data)),
         };
         out.push(r);
     }
@@ -421,6 +423,10 @@ fn js_to_resp(json: JsValue) -> anyhow::Result<Vec<UserDecryptionResponse>> {
                 }
                 None => None,
             },
+            extra_data: match hex_resp.extra_data {
+                Some(inner) => hex::decode(&inner)?,
+                None => vec![],
+            },
         });
     }
     Ok(out)
@@ -473,7 +479,8 @@ fn js_to_resp(json: JsValue) -> anyhow::Result<Vec<UserDecryptionResponse>> {
 /// [
 ///   {
 ///     signature: '69e7e040cab157aa819015b321c012dccb1545ffefd325b359b492653f0347517e28e66c572cdc299e259024329859ff9fcb0096e1ce072af0b6e1ca1fe25ec6',
-///     payload: '0100000029...'
+///     payload: '0100000029...',
+///     extra_data: '01234...',
 ///   }
 /// ]
 /// ```

core/service/src/client/js_api.rs

@@ -767,6 +767,7 @@ impl Client {
             key_id: Some((*key_id).into()),
             domain: Some(domain_msg),
             request_id: Some((*request_id).into()),
+            extra_data: vec![],
         };
         Ok(req)
     }
@@ -824,6 +825,7 @@ impl Client {
                 typed_ciphertexts,
                 key_id: Some((*key_id).into()),
                 domain: Some(domain_msg),
+                extra_data: vec![],
             },
             UnifiedPublicEncKey::MlKem512(enc_pk),
             UnifiedPrivateEncKey::MlKem512(enc_sk),
@@ -872,6 +874,7 @@ impl Client {
                 typed_ciphertexts,
                 key_id: Some((*key_id).into()),
                 domain: Some(domain_msg),
+                extra_data: vec![],
             },
             UnifiedPublicEncKey::MlKem1024(enc_pk),
             UnifiedPrivateEncKey::MlKem1024(enc_sk),

core/service/src/client/mod.rs

@@ -439,8 +439,10 @@ pub(crate) fn compute_external_user_decrypt_signature(
     payload: &UserDecryptionResponsePayload,
     eip712_domain: &Eip712Domain,
     user_pk: &UnifiedPublicEncKey,
+    extra_data: Vec<u8>,
 ) -> anyhow::Result<Vec<u8>> {
-    let message_hash = compute_user_decrypt_message_hash(payload, eip712_domain, user_pk)?;
+    let message_hash =
+        compute_user_decrypt_message_hash(payload, eip712_domain, user_pk, extra_data)?;
 
     let signer = PrivateKeySigner::from_signing_key(server_sk.sk().clone());
     let signer_address = signer.address();
@@ -462,9 +464,10 @@ pub(crate) fn compute_external_pt_signature(
     server_sk: &PrivateSigKey,
     ext_handles_bytes: Vec<Vec<u8>>,
     pts: &[TypedPlaintext],
+    extra_data: Vec<u8>,
     eip712_domain: Eip712Domain,
 ) -> Vec<u8> {
-    let message_hash = compute_pt_message_hash(ext_handles_bytes, pts, eip712_domain);
+    let message_hash = compute_pt_message_hash(ext_handles_bytes, pts, eip712_domain, extra_data);
 
     let signer = PrivateKeySigner::from_signing_key(server_sk.sk().clone());
     let signer_address = signer.address();
@@ -715,6 +718,7 @@ pub fn compute_pt_message_hash(
     ext_handles_bytes: Vec<Vec<u8>>,
     pts: &[TypedPlaintext],
     eip712_domain: Eip712Domain,
+    extra_data: Vec<u8>,
 ) -> B256 {
     // convert external_handles back to U256 to be signed
     #[allow(clippy::useless_conversion)]
@@ -730,6 +734,7 @@ pub fn compute_pt_message_hash(
     let message = PublicDecryptVerification {
         ctHandles: external_handles,
         decryptedResult: pt_bytes,
+        extraData: extra_data.into(),
     };
 
     let message_hash = message.eip712_signing_hash(&eip712_domain);
@@ -749,14 +754,14 @@ pub type KeyGenCallValues = HashMap<PubDataType, SignedPubDataHandleInternal>;
 
 // Values that need to be stored temporarily as part of an async decryption call.
 // Represents the request ID of the request and the result of the decryption (a batch of plaintests),
-// as well as an external signature on the batch.
+// an external signature on the batch and any extra data.
 #[cfg(feature = "non-wasm")]
-pub type PubDecCallValues = (RequestId, Vec<TypedPlaintext>, Vec<u8>);
+pub type PubDecCallValues = (RequestId, Vec<TypedPlaintext>, Vec<u8>, Vec<u8>);
 
 // Values that need to be stored temporarily as part of an async user decryption call.
-// Represents UserDecryptionResponsePayload, external_handles, external_signature.
+// Represents UserDecryptionResponsePayload, external_handles, external_signature and extra_data.
 #[cfg(feature = "non-wasm")]
-pub type UserDecryptCallValues = (UserDecryptionResponsePayload, Vec<u8>);
+pub type UserDecryptCallValues = (UserDecryptionResponsePayload, Vec<u8>, Vec<u8>);
 
 /// Helper method which takes a [KeyGenCallValues] and returns
 /// [HashMap<String, SignedPubDataHandle>] by applying the [ToString] function on [PubDataType] for each element in the map.

core/service/src/engine/base.rs

@@ -527,6 +527,7 @@ pub async fn async_user_decrypt<
     server_verf_key: Vec<u8>,
     domain: &alloy_sol_types::Eip712Domain,
     metric_tags: Vec<(&'static str, String)>,
+    extra_data: Vec<u8>,
 ) -> anyhow::Result<(UserDecryptionResponsePayload, Vec<u8>)> {
     use observability::{
         metrics,
@@ -582,8 +583,13 @@ pub async fn async_user_decrypt<
         degree: 0,   // In the centralized KMS, the degree is always 0 since result is a constant
     };
 
-    let external_signature =
-        compute_external_user_decrypt_signature(sig_key, &payload, domain, client_enc_key)?;
+    let external_signature = compute_external_user_decrypt_signature(
+        sig_key,
+        &payload,
+        domain,
+        client_enc_key,
+        extra_data,
+    )?;
 
     Ok((payload, external_signature))
 }