Merge branch 'main' into tore/feat/2489/api-endpoints

Author: jot2re

Cargo.lock

@@ -25,7 +25,7 @@ authors = ["Zama"]
 publish = true
 edition = "2021"
 license = "BSD-3-Clause-Clear"
-version = "0.11.0-24"
+version = "0.11.0-26"
 
 [workspace.dependencies]
 aes = "=0.8.4"

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "backward-compatibility"
-version = "0.11.0-24"
+version = "0.11.0-26"
 publish = false
 authors = ["Zama"]
 edition = "2021"
@@ -9,7 +9,6 @@ license = "BSD-3-Clause-Clear"
 [dependencies]
 # This is a list of kms-core versions we will generate data for. This list will grow over time.
 # They are only activated when generating data, with the binary target and the "generate" feature.
-# TODO update to public repo, once we have a public release
 kms_0_11 = { git = "https://github.com/zama-ai/kms.git", package = "kms", rev = "v0.11.0-22", optional = true }
 kms_grpc_0_11 = { git = "https://github.com/zama-ai/kms.git", package = "kms-grpc", rev = "v0.11.0-22", optional = true }
 threshold_fhe_0_11 = { git = "https://github.com/zama-ai/kms.git", package = "threshold-fhe", rev = "v0.11.0-22", optional = true, features = [

backward-compatibility/Cargo.lock

@@ -901,6 +901,7 @@ fn check_ext_pt_signature(
     external_handles: Vec<Vec<u8>>,
     domain: Eip712Domain,
     kms_addrs: &[alloy_primitives::Address],
+    extra_data: Vec<u8>,
 ) -> anyhow::Result<()> {
     // convert received data into proper format for EIP-712 verification
     if external_sig.len() != 65 {
@@ -918,7 +919,7 @@ fn check_ext_pt_signature(
     tracing::debug!("PTs: {:?}", plaintexts);
     tracing::debug!("ext. handles: {:?}", external_handles);
 
-    let hash = compute_pt_message_hash(external_handles, plaintexts, domain);
+    let hash = compute_pt_message_hash(external_handles, plaintexts, domain, extra_data);
 
     let addr = sig.recover_address_from_prehash(&hash)?;
     tracing::info!("recovered address: {}", addr);
@@ -942,11 +943,12 @@ fn check_external_decryption_signature(
     for response in responses {
         let payload = response.payload.as_ref().unwrap();
         check_ext_pt_signature(
-            payload.external_signature(),
+            response.external_signature(),
             &payload.plaintexts,
             external_handles.to_owned(),
             domain.clone(),
             kms_addrs,
+            vec![],
         )?;
 
         for (idx, pt) in payload.plaintexts.iter().enumerate() {

backward-compatibility/Cargo.toml

@@ -223,6 +223,9 @@ message PublicDecryptionRequest {
 
   // The EIP712 domain used for signing the response.
   Eip712DomainMsg domain = 4;
+
+  // Extra data from the gateway.
+  bytes extra_data = 5;
 }
 
 // KMS-internal Public Decryption Response Payload, containing meta data, plaintexts
@@ -234,27 +237,29 @@ message PublicDecryptionResponsePayload {
   // trusted keys.
   // TODO should be renamed to make it clear it is the server's key
   bytes verification_key = 1;
-  // Digest of the request validated.
-  // Needed to ensure that the response is for the expected request.
-  // THIS IS DEPRECATED AND KMS WILL LEAVE THIS FIELD EMPTY,
-  // instead, we will use request_id to specify the link.
-  bytes digest = 2 [deprecated=true];
+
   // A list of plaintexts, as little endian byte arrays. One for each
   // ciphertext.
-  repeated TypedPlaintext plaintexts = 3;
-  // the signature on external_decryption_result for the external recipient
-  // (e.g. using EIP712 for fhevm)
-  optional bytes external_signature = 4;
+  repeated TypedPlaintext plaintexts = 2;
+
   // Request ID of the request that this response corresponds to.
-  RequestId request_id = 5;
+  RequestId request_id = 3;
 }
 
 // KMS-internal Public Decryption Response
 message PublicDecryptionResponse {
   // Signature of the serialization of [PublicDecryptionResponsePayload].
   bytes signature = 1;
+
+  // the signature on external_decryption_result for the external recipient
+  // (e.g. using EIP712 for fhevm)
+  optional bytes external_signature = 2;
+
   // The payload that is signed
-  PublicDecryptionResponsePayload payload = 2;
+  PublicDecryptionResponsePayload payload = 3;
+
+  // Extra data used in the EIP712 signature - external_signature.
+  bytes extra_data = 4;
 }
 
 // Eip712 domain information. 
@@ -289,38 +294,51 @@ message UserDecryptionRequest {
 
   // The user's EIP712 domain. This MUST be present. Furthermore, the `verifying_contract` MUST be set and be distinct from `client_address`.
   Eip712DomainMsg domain = 6;
+
+  // Extra data from the gateway.
+  bytes extra_data = 7;
 }
 
 message UserDecryptionResponse {
   bytes signature = 1;
+
   // This is the external signature created from the Eip712 domain
   // on the structure, where userDecryptedShare is bc2wrap::serialize(&payload)
   // struct UserDecryptResponseVerification {
   //     bytes publicKey;
   //     uint256[] ctHandles;
-  //     bytes userDecryptedShare;
+  //     bytes userDecryptedShare; // serialization of payload
+  //     bytes extraData;
   // }
   bytes external_signature = 2;
+
   // The actual [UserDecryptionResponsePayload].
   UserDecryptionResponsePayload payload = 3;
+
+  // Extra data used in the EIP712 signature - external_signature.
+  bytes extra_data = 4;
 }
 
 message UserDecryptionResponsePayload {
   // The server's signature verification key, Encoded using SEC1.
   // Needed to validate the response, but MUST also be linked to a list of
   // trusted keys.
   bytes verification_key = 1;
+
   // This is needed to ensure the response corresponds to the request.
   // It is the digest of UserDecryptionLinker hashed using EIP712
   // under the given domain in the request.
   bytes digest = 2;
+
   // The resulting signcrypted ciphertexts, each ciphertext
   // must be decrypted and then reconstructed with the other shares
   // to produce the final plaintext.
   repeated TypedSigncryptedCiphertext signcrypted_ciphertexts = 3;
+
   // The ID of the MPC party doing the user decryption. Used for polynomial
   // reconstruction.
   uint32 party_id = 4;
+
   // The degree of the sharing scheme used.
   uint32 degree = 5;
 }

core-client/src/lib.rs

@@ -42,6 +42,7 @@ alloy_sol_types::sol! {
         bytes publicKey;
         bytes32[] ctHandles;
         bytes userDecryptedShare;
+        bytes extraData;
     }
 }
 
@@ -62,6 +63,7 @@ alloy_sol_types::sol! {
     struct PublicDecryptVerification {
         bytes32[] ctHandles;
         bytes decryptedResult;
+        bytes extraData;
     }
 }
 
@@ -1129,6 +1131,7 @@ mod tests {
                 client_address: client_address.to_checksum(None),
                 enc_key: vec![],
                 domain: None,
+                extra_data: vec![],
             };
             assert!(req
                 .compute_link_checked()
@@ -1146,6 +1149,7 @@ mod tests {
                 client_address: client_address.to_checksum(None),
                 enc_key: vec![],
                 domain: Some(domain.clone()),
+                extra_data: vec![],
             };
             assert!(req
                 .compute_link_checked()
@@ -1166,6 +1170,7 @@ mod tests {
                 client_address: client_address.to_checksum(None),
                 enc_key: vec![],
                 domain: Some(bad_domain),
+                extra_data: vec![],
             };
 
             assert!(req
@@ -1184,6 +1189,7 @@ mod tests {
                 client_address: client_address.to_checksum(None),
                 enc_key: vec![],
                 domain: Some(domain.clone()),
+                extra_data: vec![],
             };
             assert!(req.compute_link_checked().is_ok());
         }

core/grpc/proto/kms.v1.proto

@@ -380,6 +380,7 @@ struct UserDecryptionResponseHex {
     // NOTE: this is the external signature
     signature: String,
     payload: Option<String>,
+    extra_data: Option<String>,
 }
 
 #[cfg(feature = "wasm_tests")]
@@ -392,6 +393,7 @@ fn resp_to_js(agg_resp: Vec<UserDecryptionResponse>) -> JsValue {
                 Some(inner) => Some(hex::encode(serialize(&inner).unwrap())),
                 None => None,
             },
+            extra_data: Some(hex::encode(&resp.extra_data)),
         };
         out.push(r);
     }
@@ -421,6 +423,10 @@ fn js_to_resp(json: JsValue) -> anyhow::Result<Vec<UserDecryptionResponse>> {
                 }
                 None => None,
             },
+            extra_data: match hex_resp.extra_data {
+                Some(inner) => hex::decode(&inner)?,
+                None => vec![],
+            },
         });
     }
     Ok(out)
@@ -473,7 +479,8 @@ fn js_to_resp(json: JsValue) -> anyhow::Result<Vec<UserDecryptionResponse>> {
 /// [
 ///   {
 ///     signature: '69e7e040cab157aa819015b321c012dccb1545ffefd325b359b492653f0347517e28e66c572cdc299e259024329859ff9fcb0096e1ce072af0b6e1ca1fe25ec6',
-///     payload: '0100000029...'
+///     payload: '0100000029...',
+///     extra_data: '01234...',
 ///   }
 /// ]
 /// ```

core/grpc/src/rpc_types.rs

@@ -767,6 +767,7 @@ impl Client {
             key_id: Some((*key_id).into()),
             domain: Some(domain_msg),
             request_id: Some((*request_id).into()),
+            extra_data: vec![],
         };
         Ok(req)
     }
@@ -824,6 +825,7 @@ impl Client {
                 typed_ciphertexts,
                 key_id: Some((*key_id).into()),
                 domain: Some(domain_msg),
+                extra_data: vec![],
             },
             UnifiedPublicEncKey::MlKem512(enc_pk),
             UnifiedPrivateEncKey::MlKem512(enc_sk),
@@ -872,6 +874,7 @@ impl Client {
                 typed_ciphertexts,
                 key_id: Some((*key_id).into()),
                 domain: Some(domain_msg),
+                extra_data: vec![],
             },
             UnifiedPublicEncKey::MlKem1024(enc_pk),
             UnifiedPrivateEncKey::MlKem1024(enc_sk),