From 68191d46c7bd5b663e958a45b832267f033df80c Mon Sep 17 00:00:00 2001 From: Louis Tremblay Thibault Date: Mon, 4 Dec 2023 16:39:58 +0100 Subject: [PATCH 1/5] feat(): fetch reencryptions from kms --- fhevm/contracts_test.go | 2 +- fhevm/precompiles.go | 41 +++- go.mod | 16 +- go.sum | 28 ++- kms/kms.pb.go | 473 ++++++++++++++++++++++++++++++++++++++++ kms/kms_grpc.pb.go | 148 +++++++++++++ proto/kms.proto | 34 +++ 7 files changed, 719 insertions(+), 23 deletions(-) create mode 100644 kms/kms.pb.go create mode 100644 kms/kms_grpc.pb.go create mode 100644 proto/kms.proto diff --git a/fhevm/contracts_test.go b/fhevm/contracts_test.go index 0ea0dbd..d89627f 100644 --- a/fhevm/contracts_test.go +++ b/fhevm/contracts_test.go @@ -1334,7 +1334,7 @@ func TestLibCast(t *testing.T) { input = append(input, byte(FheUint32)) _, err := FheLibRun(environment, addr, addr, input, readOnly) if err != nil { - t.Fatalf("Reencrypt error: %s", err.Error()) + t.Fatalf("Cast error: %s", err.Error()) } } diff --git a/fhevm/precompiles.go b/fhevm/precompiles.go index 97dcde8..a602116 100644 --- a/fhevm/precompiles.go +++ b/fhevm/precompiles.go @@ -2,18 +2,23 @@ package fhevm import ( "bytes" + "context" "crypto/rand" "encoding/binary" "encoding/hex" "errors" "math/big" + "time" "github.com/ethereum/go-ethereum/common" "github.com/ethereum/go-ethereum/crypto" "github.com/holiman/uint256" fhevm_crypto "github.com/zama-ai/fhevm-go/crypto" + kms "github.com/zama-ai/fhevm-go/kms" "golang.org/x/crypto/chacha20" "golang.org/x/crypto/nacl/box" + "google.golang.org/grpc" + "google.golang.org/grpc/credentials/insecure" ) // PrecompiledContract is the basic interface for native Go contracts. The implementation @@ -1909,17 +1914,41 @@ func reencryptRun(environment EVMEnvironment, caller common.Address, addr common } else if !optReqResult { return nil, ErrExecutionReverted } - decryptedValue, err := ct.ciphertext.decrypt() - if err != nil { - logger.Error("reencrypt decryption failed", "err", err) - return nil, err + + // TODO: generate merkle proof for some data (handle? ciphertext bytes?) + proof := &kms.Proof{ + Height: 666, + MerklePatriciaProof: []byte{}, } + pubKey := input[32:64] - reencryptedValue, err := encryptToUserKey(&decryptedValue, pubKey) + + reencryptionRequest := &kms.ReencryptionRequest{ + Ciphertext: ct.ciphertext.serialization, + Proof: proof, + PublicKey: pubKey, + } + + conn, err := grpc.Dial(kms.KmsEndpointAddr, grpc.WithTransportCredentials(insecure.NewCredentials())) + if err != nil { + return nil, errors.New("kms unreachable") + } + defer conn.Close() + + ep := kms.NewKmsEndpointClient(conn) + + ctx, cancel := context.WithTimeout(context.Background(), time.Second) + defer cancel() + + res, err := ep.Reencrypt(ctx, reencryptionRequest) if err != nil { - logger.Error("reencrypt failed to encrypt to user key", "err", err) return nil, err } + + // TODO: decide if `res.Signature` should be verified here + + var reencryptedValue = res.ReencryptedCiphertext + logger.Info("reencrypt success", "input", hex.EncodeToString(input), "callerAddr", caller) return toEVMBytes(reencryptedValue), nil } diff --git a/go.mod b/go.mod index 98cc357..765e13a 100644 --- a/go.mod +++ b/go.mod @@ -5,7 +5,12 @@ go 1.20 require ( github.com/ethereum/go-ethereum v1.12.0 github.com/holiman/uint256 v1.2.2-0.20230321075855-87b91420868c - golang.org/x/crypto v0.1.0 + golang.org/x/crypto v0.16.0 +) + +require ( + golang.org/x/net v0.14.0 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d // indirect ) require ( @@ -25,7 +30,7 @@ require ( github.com/go-stack/stack v1.8.1 // indirect github.com/gofrs/flock v0.8.1 // indirect github.com/gogo/protobuf v1.3.2 // indirect - github.com/golang/protobuf v1.5.2 // indirect + github.com/golang/protobuf v1.5.3 // indirect github.com/golang/snappy v0.0.5-0.20220116011046-fa5810519dcb // indirect github.com/holiman/bloomfilter/v2 v2.0.3 // indirect github.com/klauspost/compress v1.15.15 // indirect @@ -45,7 +50,8 @@ require ( github.com/tklauser/go-sysconf v0.3.5 // indirect github.com/tklauser/numcpus v0.2.2 // indirect golang.org/x/exp v0.0.0-20230206171751-46f607a40771 // indirect - golang.org/x/sys v0.7.0 // indirect - golang.org/x/text v0.8.0 // indirect - google.golang.org/protobuf v1.28.1 // indirect + golang.org/x/sys v0.15.0 // indirect + golang.org/x/text v0.14.0 // indirect + google.golang.org/grpc v1.59.0 + google.golang.org/protobuf v1.31.0 ) diff --git a/go.sum b/go.sum index f5ef0f5..5acf759 100644 --- a/go.sum +++ b/go.sum @@ -107,8 +107,9 @@ github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvq github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8= github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= -github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw= github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= +github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= +github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/golang/snappy v0.0.5-0.20220116011046-fa5810519dcb h1:PBC98N2aIaM3XXiurYmW7fx4GZkL8feAMVq7nEjURHk= @@ -286,8 +287,8 @@ golang.org/x/crypto v0.0.0-20191227163750-53104e6ec876/go.mod h1:LzIPMQfyMNhhGPh golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.1.0 h1:MDRAIl0xIo9Io2xV565hzXHw3zVseKrJKodhohM5CjU= -golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw= +golang.org/x/crypto v0.16.0 h1:mMMrFzRSCF0GvB7Ne27XVtVAaXLrPmgPC7/v0tkwHaY= +golang.org/x/crypto v0.16.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20230206171751-46f607a40771 h1:xP7rWLUr1e1n2xkK5YB4LI0hPEy3LJC6Wk+D4pGlOJg= golang.org/x/exp v0.0.0-20230206171751-46f607a40771/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= @@ -318,7 +319,8 @@ golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwY golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= golang.org/x/net v0.0.0-20211008194852-3b03d305991f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ= +golang.org/x/net v0.14.0 h1:BONx9s002vGdD9umnlX1Po8vOZmrgH34qlHcD1MfK14= +golang.org/x/net v0.14.0/go.mod h1:PpSgVXXLK0OxS0F31C1/tv6XNguvCrnXIDrFMspZIUI= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -328,7 +330,7 @@ golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o= +golang.org/x/sync v0.3.0 h1:ftCYgMx6zT/asHUrPw8BLLscYtGznsLAnjq5RH9P66E= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -358,8 +360,8 @@ golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.7.0 h1:3jlCCIQZPdOYu1h8BkNvLz8Kgwtae2cagcG/VamtZRU= -golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc= +golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= @@ -367,8 +369,8 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -golang.org/x/text v0.8.0 h1:57P1ETyNKtuIjB4SRd15iJxuhj8Gc416Y78H3qgMh68= -golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= +golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= +golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/time v0.0.0-20201208040808-7e3f01d25324/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20181221001348-537d06c36207/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -395,12 +397,16 @@ google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoA google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= google.golang.org/genproto v0.0.0-20210624195500-8bfb893ecb84/go.mod h1:SzzZ/N+nwJDaO1kznhnlzqS8ocJICar6hYhVyhi++24= +google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d h1:uvYuEyMHKNt+lT4K3bN6fGswmK8qSvcreM3BwjDh+y4= +google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d/go.mod h1:+Bk1OCOj40wS2hwAMA+aCW9ypzm63QTBBHp6lQ3p+9M= google.golang.org/grpc v1.12.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= +google.golang.org/grpc v1.59.0 h1:Z5Iec2pjwb+LEOqzpB2MR12/eKFhDPhuqW91O+4bwUk= +google.golang.org/grpc v1.59.0/go.mod h1:aUPDwccQo6OTjy7Hct4AfBPD1GptF4fyUjIkQ9YtF98= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= @@ -412,8 +418,8 @@ google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpAD google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.28.1 h1:d0NfwRgPtno5B1Wa6L2DAG+KivqkdutMf1UhdNx175w= -google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= +google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8= +google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= diff --git a/kms/kms.pb.go b/kms/kms.pb.go new file mode 100644 index 0000000..084e5fa --- /dev/null +++ b/kms/kms.pb.go @@ -0,0 +1,473 @@ +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.31.0 +// protoc v4.25.1 +// source: kms.proto + +package kms + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type Proof struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Height uint32 `protobuf:"varint,1,opt,name=height,proto3" json:"height,omitempty"` + MerklePatriciaProof []byte `protobuf:"bytes,2,opt,name=merkle_patricia_proof,json=merklePatriciaProof,proto3" json:"merkle_patricia_proof,omitempty"` +} + +func (x *Proof) Reset() { + *x = Proof{} + if protoimpl.UnsafeEnabled { + mi := &file_kms_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *Proof) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Proof) ProtoMessage() {} + +func (x *Proof) ProtoReflect() protoreflect.Message { + mi := &file_kms_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Proof.ProtoReflect.Descriptor instead. +func (*Proof) Descriptor() ([]byte, []int) { + return file_kms_proto_rawDescGZIP(), []int{0} +} + +func (x *Proof) GetHeight() uint32 { + if x != nil { + return x.Height + } + return 0 +} + +func (x *Proof) GetMerklePatriciaProof() []byte { + if x != nil { + return x.MerklePatriciaProof + } + return nil +} + +type DecryptionRequest struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Ciphertext []byte `protobuf:"bytes,1,opt,name=ciphertext,proto3" json:"ciphertext,omitempty"` + Proof *Proof `protobuf:"bytes,2,opt,name=proof,proto3" json:"proof,omitempty"` +} + +func (x *DecryptionRequest) Reset() { + *x = DecryptionRequest{} + if protoimpl.UnsafeEnabled { + mi := &file_kms_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *DecryptionRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*DecryptionRequest) ProtoMessage() {} + +func (x *DecryptionRequest) ProtoReflect() protoreflect.Message { + mi := &file_kms_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use DecryptionRequest.ProtoReflect.Descriptor instead. +func (*DecryptionRequest) Descriptor() ([]byte, []int) { + return file_kms_proto_rawDescGZIP(), []int{1} +} + +func (x *DecryptionRequest) GetCiphertext() []byte { + if x != nil { + return x.Ciphertext + } + return nil +} + +func (x *DecryptionRequest) GetProof() *Proof { + if x != nil { + return x.Proof + } + return nil +} + +type DecryptionResponse struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Plaintext uint32 `protobuf:"varint,1,opt,name=plaintext,proto3" json:"plaintext,omitempty"` + Signature []byte `protobuf:"bytes,2,opt,name=signature,proto3" json:"signature,omitempty"` +} + +func (x *DecryptionResponse) Reset() { + *x = DecryptionResponse{} + if protoimpl.UnsafeEnabled { + mi := &file_kms_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *DecryptionResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*DecryptionResponse) ProtoMessage() {} + +func (x *DecryptionResponse) ProtoReflect() protoreflect.Message { + mi := &file_kms_proto_msgTypes[2] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use DecryptionResponse.ProtoReflect.Descriptor instead. +func (*DecryptionResponse) Descriptor() ([]byte, []int) { + return file_kms_proto_rawDescGZIP(), []int{2} +} + +func (x *DecryptionResponse) GetPlaintext() uint32 { + if x != nil { + return x.Plaintext + } + return 0 +} + +func (x *DecryptionResponse) GetSignature() []byte { + if x != nil { + return x.Signature + } + return nil +} + +type ReencryptionRequest struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Ciphertext []byte `protobuf:"bytes,1,opt,name=ciphertext,proto3" json:"ciphertext,omitempty"` + Proof *Proof `protobuf:"bytes,2,opt,name=proof,proto3" json:"proof,omitempty"` + PublicKey []byte `protobuf:"bytes,3,opt,name=public_key,json=publicKey,proto3" json:"public_key,omitempty"` +} + +func (x *ReencryptionRequest) Reset() { + *x = ReencryptionRequest{} + if protoimpl.UnsafeEnabled { + mi := &file_kms_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ReencryptionRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ReencryptionRequest) ProtoMessage() {} + +func (x *ReencryptionRequest) ProtoReflect() protoreflect.Message { + mi := &file_kms_proto_msgTypes[3] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ReencryptionRequest.ProtoReflect.Descriptor instead. +func (*ReencryptionRequest) Descriptor() ([]byte, []int) { + return file_kms_proto_rawDescGZIP(), []int{3} +} + +func (x *ReencryptionRequest) GetCiphertext() []byte { + if x != nil { + return x.Ciphertext + } + return nil +} + +func (x *ReencryptionRequest) GetProof() *Proof { + if x != nil { + return x.Proof + } + return nil +} + +func (x *ReencryptionRequest) GetPublicKey() []byte { + if x != nil { + return x.PublicKey + } + return nil +} + +type ReencryptionResponse struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + ReencryptedCiphertext []byte `protobuf:"bytes,1,opt,name=reencrypted_ciphertext,json=reencryptedCiphertext,proto3" json:"reencrypted_ciphertext,omitempty"` + Signature []byte `protobuf:"bytes,2,opt,name=signature,proto3" json:"signature,omitempty"` +} + +func (x *ReencryptionResponse) Reset() { + *x = ReencryptionResponse{} + if protoimpl.UnsafeEnabled { + mi := &file_kms_proto_msgTypes[4] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ReencryptionResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ReencryptionResponse) ProtoMessage() {} + +func (x *ReencryptionResponse) ProtoReflect() protoreflect.Message { + mi := &file_kms_proto_msgTypes[4] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ReencryptionResponse.ProtoReflect.Descriptor instead. +func (*ReencryptionResponse) Descriptor() ([]byte, []int) { + return file_kms_proto_rawDescGZIP(), []int{4} +} + +func (x *ReencryptionResponse) GetReencryptedCiphertext() []byte { + if x != nil { + return x.ReencryptedCiphertext + } + return nil +} + +func (x *ReencryptionResponse) GetSignature() []byte { + if x != nil { + return x.Signature + } + return nil +} + +var File_kms_proto protoreflect.FileDescriptor + +var file_kms_proto_rawDesc = []byte{ + 0x0a, 0x09, 0x6b, 0x6d, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x03, 0x6b, 0x6d, 0x73, + 0x22, 0x53, 0x0a, 0x05, 0x50, 0x72, 0x6f, 0x6f, 0x66, 0x12, 0x16, 0x0a, 0x06, 0x68, 0x65, 0x69, + 0x67, 0x68, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x06, 0x68, 0x65, 0x69, 0x67, 0x68, + 0x74, 0x12, 0x32, 0x0a, 0x15, 0x6d, 0x65, 0x72, 0x6b, 0x6c, 0x65, 0x5f, 0x70, 0x61, 0x74, 0x72, + 0x69, 0x63, 0x69, 0x61, 0x5f, 0x70, 0x72, 0x6f, 0x6f, 0x66, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, + 0x52, 0x13, 0x6d, 0x65, 0x72, 0x6b, 0x6c, 0x65, 0x50, 0x61, 0x74, 0x72, 0x69, 0x63, 0x69, 0x61, + 0x50, 0x72, 0x6f, 0x6f, 0x66, 0x22, 0x55, 0x0a, 0x11, 0x44, 0x65, 0x63, 0x72, 0x79, 0x70, 0x74, + 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1e, 0x0a, 0x0a, 0x63, 0x69, + 0x70, 0x68, 0x65, 0x72, 0x74, 0x65, 0x78, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0a, + 0x63, 0x69, 0x70, 0x68, 0x65, 0x72, 0x74, 0x65, 0x78, 0x74, 0x12, 0x20, 0x0a, 0x05, 0x70, 0x72, + 0x6f, 0x6f, 0x66, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0a, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, + 0x50, 0x72, 0x6f, 0x6f, 0x66, 0x52, 0x05, 0x70, 0x72, 0x6f, 0x6f, 0x66, 0x22, 0x50, 0x0a, 0x12, + 0x44, 0x65, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, + 0x73, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x70, 0x6c, 0x61, 0x69, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x09, 0x70, 0x6c, 0x61, 0x69, 0x6e, 0x74, 0x65, 0x78, 0x74, + 0x12, 0x1c, 0x0a, 0x09, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x18, 0x02, 0x20, + 0x01, 0x28, 0x0c, 0x52, 0x09, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x22, 0x76, + 0x0a, 0x13, 0x52, 0x65, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, + 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1e, 0x0a, 0x0a, 0x63, 0x69, 0x70, 0x68, 0x65, 0x72, 0x74, + 0x65, 0x78, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0a, 0x63, 0x69, 0x70, 0x68, 0x65, + 0x72, 0x74, 0x65, 0x78, 0x74, 0x12, 0x20, 0x0a, 0x05, 0x70, 0x72, 0x6f, 0x6f, 0x66, 0x18, 0x02, + 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0a, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x50, 0x72, 0x6f, 0x6f, 0x66, + 0x52, 0x05, 0x70, 0x72, 0x6f, 0x6f, 0x66, 0x12, 0x1d, 0x0a, 0x0a, 0x70, 0x75, 0x62, 0x6c, 0x69, + 0x63, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x09, 0x70, 0x75, 0x62, + 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x22, 0x6b, 0x0a, 0x14, 0x52, 0x65, 0x65, 0x6e, 0x63, 0x72, + 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x35, + 0x0a, 0x16, 0x72, 0x65, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x65, 0x64, 0x5f, 0x63, 0x69, + 0x70, 0x68, 0x65, 0x72, 0x74, 0x65, 0x78, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x15, + 0x72, 0x65, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x65, 0x64, 0x43, 0x69, 0x70, 0x68, 0x65, + 0x72, 0x74, 0x65, 0x78, 0x74, 0x12, 0x1c, 0x0a, 0x09, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, + 0x72, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x09, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, + 0x75, 0x72, 0x65, 0x32, 0x8b, 0x01, 0x0a, 0x0b, 0x4b, 0x6d, 0x73, 0x45, 0x6e, 0x64, 0x70, 0x6f, + 0x69, 0x6e, 0x74, 0x12, 0x3a, 0x0a, 0x07, 0x44, 0x65, 0x63, 0x72, 0x79, 0x70, 0x74, 0x12, 0x16, + 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x44, 0x65, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x52, + 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x17, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x44, 0x65, 0x63, + 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, + 0x40, 0x0a, 0x09, 0x52, 0x65, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x12, 0x18, 0x2e, 0x6b, + 0x6d, 0x73, 0x2e, 0x52, 0x65, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x52, + 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x19, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x52, 0x65, 0x65, + 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, + 0x65, 0x42, 0x21, 0x5a, 0x1f, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, + 0x7a, 0x61, 0x6d, 0x61, 0x2d, 0x61, 0x69, 0x2f, 0x66, 0x68, 0x65, 0x76, 0x6d, 0x2d, 0x67, 0x6f, + 0x2f, 0x6b, 0x6d, 0x73, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, +} + +var ( + file_kms_proto_rawDescOnce sync.Once + file_kms_proto_rawDescData = file_kms_proto_rawDesc +) + +func file_kms_proto_rawDescGZIP() []byte { + file_kms_proto_rawDescOnce.Do(func() { + file_kms_proto_rawDescData = protoimpl.X.CompressGZIP(file_kms_proto_rawDescData) + }) + return file_kms_proto_rawDescData +} + +var file_kms_proto_msgTypes = make([]protoimpl.MessageInfo, 5) +var file_kms_proto_goTypes = []interface{}{ + (*Proof)(nil), // 0: kms.Proof + (*DecryptionRequest)(nil), // 1: kms.DecryptionRequest + (*DecryptionResponse)(nil), // 2: kms.DecryptionResponse + (*ReencryptionRequest)(nil), // 3: kms.ReencryptionRequest + (*ReencryptionResponse)(nil), // 4: kms.ReencryptionResponse +} +var file_kms_proto_depIdxs = []int32{ + 0, // 0: kms.DecryptionRequest.proof:type_name -> kms.Proof + 0, // 1: kms.ReencryptionRequest.proof:type_name -> kms.Proof + 1, // 2: kms.KmsEndpoint.Decrypt:input_type -> kms.DecryptionRequest + 3, // 3: kms.KmsEndpoint.Reencrypt:input_type -> kms.ReencryptionRequest + 2, // 4: kms.KmsEndpoint.Decrypt:output_type -> kms.DecryptionResponse + 4, // 5: kms.KmsEndpoint.Reencrypt:output_type -> kms.ReencryptionResponse + 4, // [4:6] is the sub-list for method output_type + 2, // [2:4] is the sub-list for method input_type + 2, // [2:2] is the sub-list for extension type_name + 2, // [2:2] is the sub-list for extension extendee + 0, // [0:2] is the sub-list for field type_name +} + +func init() { file_kms_proto_init() } +func file_kms_proto_init() { + if File_kms_proto != nil { + return + } + if !protoimpl.UnsafeEnabled { + file_kms_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*Proof); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_kms_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*DecryptionRequest); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_kms_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*DecryptionResponse); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_kms_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ReencryptionRequest); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_kms_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ReencryptionResponse); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_kms_proto_rawDesc, + NumEnums: 0, + NumMessages: 5, + NumExtensions: 0, + NumServices: 1, + }, + GoTypes: file_kms_proto_goTypes, + DependencyIndexes: file_kms_proto_depIdxs, + MessageInfos: file_kms_proto_msgTypes, + }.Build() + File_kms_proto = out.File + file_kms_proto_rawDesc = nil + file_kms_proto_goTypes = nil + file_kms_proto_depIdxs = nil +} diff --git a/kms/kms_grpc.pb.go b/kms/kms_grpc.pb.go new file mode 100644 index 0000000..eb10210 --- /dev/null +++ b/kms/kms_grpc.pb.go @@ -0,0 +1,148 @@ +// Code generated by protoc-gen-go-grpc. DO NOT EDIT. +// versions: +// - protoc-gen-go-grpc v1.3.0 +// - protoc v4.25.1 +// source: kms.proto + +package kms + +import ( + context "context" + grpc "google.golang.org/grpc" + codes "google.golang.org/grpc/codes" + status "google.golang.org/grpc/status" +) + +// This is a compile-time assertion to ensure that this generated file +// is compatible with the grpc package it is being compiled against. +// Requires gRPC-Go v1.32.0 or later. +const _ = grpc.SupportPackageIsVersion7 + +const KmsEndpointAddr = "localhost:50051" + +const ( + KmsEndpoint_Decrypt_FullMethodName = "/kms.KmsEndpoint/Decrypt" + KmsEndpoint_Reencrypt_FullMethodName = "/kms.KmsEndpoint/Reencrypt" +) + +// KmsEndpointClient is the client API for KmsEndpoint service. +// +// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. +type KmsEndpointClient interface { + Decrypt(ctx context.Context, in *DecryptionRequest, opts ...grpc.CallOption) (*DecryptionResponse, error) + Reencrypt(ctx context.Context, in *ReencryptionRequest, opts ...grpc.CallOption) (*ReencryptionResponse, error) +} + +type kmsEndpointClient struct { + cc grpc.ClientConnInterface +} + +func NewKmsEndpointClient(cc grpc.ClientConnInterface) KmsEndpointClient { + return &kmsEndpointClient{cc} +} + +func (c *kmsEndpointClient) Decrypt(ctx context.Context, in *DecryptionRequest, opts ...grpc.CallOption) (*DecryptionResponse, error) { + out := new(DecryptionResponse) + err := c.cc.Invoke(ctx, KmsEndpoint_Decrypt_FullMethodName, in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *kmsEndpointClient) Reencrypt(ctx context.Context, in *ReencryptionRequest, opts ...grpc.CallOption) (*ReencryptionResponse, error) { + out := new(ReencryptionResponse) + err := c.cc.Invoke(ctx, KmsEndpoint_Reencrypt_FullMethodName, in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +// KmsEndpointServer is the server API for KmsEndpoint service. +// All implementations must embed UnimplementedKmsEndpointServer +// for forward compatibility +type KmsEndpointServer interface { + Decrypt(context.Context, *DecryptionRequest) (*DecryptionResponse, error) + Reencrypt(context.Context, *ReencryptionRequest) (*ReencryptionResponse, error) + mustEmbedUnimplementedKmsEndpointServer() +} + +// UnimplementedKmsEndpointServer must be embedded to have forward compatible implementations. +type UnimplementedKmsEndpointServer struct { +} + +func (UnimplementedKmsEndpointServer) Decrypt(context.Context, *DecryptionRequest) (*DecryptionResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method Decrypt not implemented") +} +func (UnimplementedKmsEndpointServer) Reencrypt(context.Context, *ReencryptionRequest) (*ReencryptionResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method Reencrypt not implemented") +} +func (UnimplementedKmsEndpointServer) mustEmbedUnimplementedKmsEndpointServer() {} + +// UnsafeKmsEndpointServer may be embedded to opt out of forward compatibility for this service. +// Use of this interface is not recommended, as added methods to KmsEndpointServer will +// result in compilation errors. +type UnsafeKmsEndpointServer interface { + mustEmbedUnimplementedKmsEndpointServer() +} + +func RegisterKmsEndpointServer(s grpc.ServiceRegistrar, srv KmsEndpointServer) { + s.RegisterService(&KmsEndpoint_ServiceDesc, srv) +} + +func _KmsEndpoint_Decrypt_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(DecryptionRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(KmsEndpointServer).Decrypt(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: KmsEndpoint_Decrypt_FullMethodName, + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(KmsEndpointServer).Decrypt(ctx, req.(*DecryptionRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _KmsEndpoint_Reencrypt_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(ReencryptionRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(KmsEndpointServer).Reencrypt(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: KmsEndpoint_Reencrypt_FullMethodName, + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(KmsEndpointServer).Reencrypt(ctx, req.(*ReencryptionRequest)) + } + return interceptor(ctx, in, info, handler) +} + +// KmsEndpoint_ServiceDesc is the grpc.ServiceDesc for KmsEndpoint service. +// It's only intended for direct use with grpc.RegisterService, +// and not to be introspected or modified (even as a copy) +var KmsEndpoint_ServiceDesc = grpc.ServiceDesc{ + ServiceName: "kms.KmsEndpoint", + HandlerType: (*KmsEndpointServer)(nil), + Methods: []grpc.MethodDesc{ + { + MethodName: "Decrypt", + Handler: _KmsEndpoint_Decrypt_Handler, + }, + { + MethodName: "Reencrypt", + Handler: _KmsEndpoint_Reencrypt_Handler, + }, + }, + Streams: []grpc.StreamDesc{}, + Metadata: "kms.proto", +} diff --git a/proto/kms.proto b/proto/kms.proto new file mode 100644 index 0000000..b5c4945 --- /dev/null +++ b/proto/kms.proto @@ -0,0 +1,34 @@ +syntax = "proto3"; +package kms; +option go_package = "github.com/zama-ai/fhevm-go/kms"; + +service KmsEndpoint { + rpc Decrypt(DecryptionRequest) returns (DecryptionResponse); + rpc Reencrypt(ReencryptionRequest) returns (ReencryptionResponse); +} + +message Proof { + uint32 height = 1; + bytes merkle_patricia_proof = 2; +} + +message DecryptionRequest { + bytes ciphertext = 1; + Proof proof = 2; +} + +message DecryptionResponse { + uint32 plaintext = 1; + bytes signature = 2; +} + +message ReencryptionRequest { + bytes ciphertext = 1; + Proof proof = 2; + bytes public_key = 3; +} + +message ReencryptionResponse { + bytes reencrypted_ciphertext = 1; + bytes signature = 2; +} \ No newline at end of file From 87efb89937e2d89e474c56d13f0e7e52c658f3d3 Mon Sep 17 00:00:00 2001 From: Louis Tremblay Thibault Date: Fri, 8 Dec 2023 14:59:54 +0100 Subject: [PATCH 2/5] fix(): make e2e test work --- fhevm/precompiles.go | 4 ++-- kms/kms_grpc.pb.go | 3 ++- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/fhevm/precompiles.go b/fhevm/precompiles.go index a602116..daf36fe 100644 --- a/fhevm/precompiles.go +++ b/fhevm/precompiles.go @@ -1917,7 +1917,7 @@ func reencryptRun(environment EVMEnvironment, caller common.Address, addr common // TODO: generate merkle proof for some data (handle? ciphertext bytes?) proof := &kms.Proof{ - Height: 666, + Height: 5, MerklePatriciaProof: []byte{}, } @@ -1949,7 +1949,7 @@ func reencryptRun(environment EVMEnvironment, caller common.Address, addr common var reencryptedValue = res.ReencryptedCiphertext - logger.Info("reencrypt success", "input", hex.EncodeToString(input), "callerAddr", caller) + logger.Info("reencrypt success", "input", hex.EncodeToString(input), "callerAddr", caller, "reencryptedValue", reencryptedValue) return toEVMBytes(reencryptedValue), nil } msg := "reencrypt unverified ciphertext handle" diff --git a/kms/kms_grpc.pb.go b/kms/kms_grpc.pb.go index eb10210..08eb831 100644 --- a/kms/kms_grpc.pb.go +++ b/kms/kms_grpc.pb.go @@ -18,7 +18,8 @@ import ( // Requires gRPC-Go v1.32.0 or later. const _ = grpc.SupportPackageIsVersion7 -const KmsEndpointAddr = "localhost:50051" +// URL of the KMS gRPC endpoint +const KmsEndpointAddr = "kms.zama.ai:50051" const ( KmsEndpoint_Decrypt_FullMethodName = "/kms.KmsEndpoint/Decrypt" From fb2cfa5b66240a87347a491948bf137eaa870852 Mon Sep 17 00:00:00 2001 From: Louis Tremblay Thibault Date: Mon, 11 Dec 2023 20:44:54 +0100 Subject: [PATCH 3/5] fix(): use new protobuf API version --- fhevm/precompiles.go | 31 ++++-- kms/kms.pb.go | 250 +++++++++++++++++++++++++++++++------------ kms/kms_grpc.pb.go | 78 +++++++++++++- proto/kms.proto | 30 ++++-- 4 files changed, 303 insertions(+), 86 deletions(-) diff --git a/fhevm/precompiles.go b/fhevm/precompiles.go index daf36fe..e2f843e 100644 --- a/fhevm/precompiles.go +++ b/fhevm/precompiles.go @@ -1908,25 +1908,36 @@ func reencryptRun(environment EVMEnvironment, caller common.Address, addr common ct := getVerifiedCiphertext(environment, common.BytesToHash(input[0:32])) if ct != nil { // Make sure we don't decrypt before any optimistic requires are checked. - optReqResult, optReqErr := evaluateRemainingOptimisticRequires(environment) - if optReqErr != nil { - return nil, optReqErr - } else if !optReqResult { - return nil, ErrExecutionReverted + // optReqResult, optReqErr := evaluateRemainingOptimisticRequires(environment) + // if optReqErr != nil { + // return nil, optReqErr + // } else if !optReqResult { + // return nil, ErrExecutionReverted + // } + + var fheType kms.FheType + switch ct.ciphertext.fheUintType { + case FheUint8: + fheType = kms.FheType_Euint8 + case FheUint16: + fheType = kms.FheType_Euint16 + case FheUint32: + fheType = kms.FheType_Euint32 } - // TODO: generate merkle proof for some data (handle? ciphertext bytes?) + pubKey := input[32:64] + + // TODO: generate merkle proof for some data proof := &kms.Proof{ - Height: 5, + Height: 3, MerklePatriciaProof: []byte{}, } - pubKey := input[32:64] - reencryptionRequest := &kms.ReencryptionRequest{ + FheType: fheType, Ciphertext: ct.ciphertext.serialization, + Request: pubKey, // TODO: change according to the structure of `Request` Proof: proof, - PublicKey: pubKey, } conn, err := grpc.Dial(kms.KmsEndpointAddr, grpc.WithTransportCredentials(insecure.NewCredentials())) diff --git a/kms/kms.pb.go b/kms/kms.pb.go index 084e5fa..26318df 100644 --- a/kms/kms.pb.go +++ b/kms/kms.pb.go @@ -20,6 +20,58 @@ const ( _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) ) +type FheType int32 + +const ( + FheType_Bool FheType = 0 + FheType_Euint8 FheType = 1 + FheType_Euint16 FheType = 2 + FheType_Euint32 FheType = 3 +) + +// Enum value maps for FheType. +var ( + FheType_name = map[int32]string{ + 0: "Bool", + 1: "Euint8", + 2: "Euint16", + 3: "Euint32", + } + FheType_value = map[string]int32{ + "Bool": 0, + "Euint8": 1, + "Euint16": 2, + "Euint32": 3, + } +) + +func (x FheType) Enum() *FheType { + p := new(FheType) + *p = x + return p +} + +func (x FheType) String() string { + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) +} + +func (FheType) Descriptor() protoreflect.EnumDescriptor { + return file_kms_proto_enumTypes[0].Descriptor() +} + +func (FheType) Type() protoreflect.EnumType { + return &file_kms_proto_enumTypes[0] +} + +func (x FheType) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Use FheType.Descriptor instead. +func (FheType) EnumDescriptor() ([]byte, []int) { + return file_kms_proto_rawDescGZIP(), []int{0} +} + type Proof struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -80,8 +132,10 @@ type DecryptionRequest struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - Ciphertext []byte `protobuf:"bytes,1,opt,name=ciphertext,proto3" json:"ciphertext,omitempty"` - Proof *Proof `protobuf:"bytes,2,opt,name=proof,proto3" json:"proof,omitempty"` + FheType FheType `protobuf:"varint,1,opt,name=fhe_type,json=fheType,proto3,enum=kms.FheType" json:"fhe_type,omitempty"` + Ciphertext []byte `protobuf:"bytes,2,opt,name=ciphertext,proto3" json:"ciphertext,omitempty"` + Request []byte `protobuf:"bytes,3,opt,name=request,proto3" json:"request,omitempty"` + Proof *Proof `protobuf:"bytes,4,opt,name=proof,proto3" json:"proof,omitempty"` } func (x *DecryptionRequest) Reset() { @@ -116,6 +170,13 @@ func (*DecryptionRequest) Descriptor() ([]byte, []int) { return file_kms_proto_rawDescGZIP(), []int{1} } +func (x *DecryptionRequest) GetFheType() FheType { + if x != nil { + return x.FheType + } + return FheType_Bool +} + func (x *DecryptionRequest) GetCiphertext() []byte { if x != nil { return x.Ciphertext @@ -123,6 +184,13 @@ func (x *DecryptionRequest) GetCiphertext() []byte { return nil } +func (x *DecryptionRequest) GetRequest() []byte { + if x != nil { + return x.Request + } + return nil +} + func (x *DecryptionRequest) GetProof() *Proof { if x != nil { return x.Proof @@ -135,8 +203,9 @@ type DecryptionResponse struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - Plaintext uint32 `protobuf:"varint,1,opt,name=plaintext,proto3" json:"plaintext,omitempty"` - Signature []byte `protobuf:"bytes,2,opt,name=signature,proto3" json:"signature,omitempty"` + Signature []byte `protobuf:"bytes,1,opt,name=signature,proto3" json:"signature,omitempty"` + FheType FheType `protobuf:"varint,2,opt,name=fhe_type,json=fheType,proto3,enum=kms.FheType" json:"fhe_type,omitempty"` + Plaintext uint32 `protobuf:"varint,3,opt,name=plaintext,proto3" json:"plaintext,omitempty"` } func (x *DecryptionResponse) Reset() { @@ -171,18 +240,25 @@ func (*DecryptionResponse) Descriptor() ([]byte, []int) { return file_kms_proto_rawDescGZIP(), []int{2} } -func (x *DecryptionResponse) GetPlaintext() uint32 { +func (x *DecryptionResponse) GetSignature() []byte { if x != nil { - return x.Plaintext + return x.Signature } - return 0 + return nil } -func (x *DecryptionResponse) GetSignature() []byte { +func (x *DecryptionResponse) GetFheType() FheType { if x != nil { - return x.Signature + return x.FheType } - return nil + return FheType_Bool +} + +func (x *DecryptionResponse) GetPlaintext() uint32 { + if x != nil { + return x.Plaintext + } + return 0 } type ReencryptionRequest struct { @@ -190,9 +266,10 @@ type ReencryptionRequest struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - Ciphertext []byte `protobuf:"bytes,1,opt,name=ciphertext,proto3" json:"ciphertext,omitempty"` - Proof *Proof `protobuf:"bytes,2,opt,name=proof,proto3" json:"proof,omitempty"` - PublicKey []byte `protobuf:"bytes,3,opt,name=public_key,json=publicKey,proto3" json:"public_key,omitempty"` + FheType FheType `protobuf:"varint,1,opt,name=fhe_type,json=fheType,proto3,enum=kms.FheType" json:"fhe_type,omitempty"` + Ciphertext []byte `protobuf:"bytes,2,opt,name=ciphertext,proto3" json:"ciphertext,omitempty"` + Request []byte `protobuf:"bytes,3,opt,name=request,proto3" json:"request,omitempty"` + Proof *Proof `protobuf:"bytes,4,opt,name=proof,proto3" json:"proof,omitempty"` } func (x *ReencryptionRequest) Reset() { @@ -227,6 +304,13 @@ func (*ReencryptionRequest) Descriptor() ([]byte, []int) { return file_kms_proto_rawDescGZIP(), []int{3} } +func (x *ReencryptionRequest) GetFheType() FheType { + if x != nil { + return x.FheType + } + return FheType_Bool +} + func (x *ReencryptionRequest) GetCiphertext() []byte { if x != nil { return x.Ciphertext @@ -234,16 +318,16 @@ func (x *ReencryptionRequest) GetCiphertext() []byte { return nil } -func (x *ReencryptionRequest) GetProof() *Proof { +func (x *ReencryptionRequest) GetRequest() []byte { if x != nil { - return x.Proof + return x.Request } return nil } -func (x *ReencryptionRequest) GetPublicKey() []byte { +func (x *ReencryptionRequest) GetProof() *Proof { if x != nil { - return x.PublicKey + return x.Proof } return nil } @@ -253,8 +337,8 @@ type ReencryptionResponse struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - ReencryptedCiphertext []byte `protobuf:"bytes,1,opt,name=reencrypted_ciphertext,json=reencryptedCiphertext,proto3" json:"reencrypted_ciphertext,omitempty"` - Signature []byte `protobuf:"bytes,2,opt,name=signature,proto3" json:"signature,omitempty"` + ReencryptedCiphertext []byte `protobuf:"bytes,1,opt,name=reencrypted_ciphertext,json=reencryptedCiphertext,proto3" json:"reencrypted_ciphertext,omitempty"` + FheType FheType `protobuf:"varint,2,opt,name=fhe_type,json=fheType,proto3,enum=kms.FheType" json:"fhe_type,omitempty"` } func (x *ReencryptionResponse) Reset() { @@ -296,11 +380,11 @@ func (x *ReencryptionResponse) GetReencryptedCiphertext() []byte { return nil } -func (x *ReencryptionResponse) GetSignature() []byte { +func (x *ReencryptionResponse) GetFheType() FheType { if x != nil { - return x.Signature + return x.FheType } - return nil + return FheType_Bool } var File_kms_proto protoreflect.FileDescriptor @@ -312,33 +396,56 @@ var file_kms_proto_rawDesc = []byte{ 0x74, 0x12, 0x32, 0x0a, 0x15, 0x6d, 0x65, 0x72, 0x6b, 0x6c, 0x65, 0x5f, 0x70, 0x61, 0x74, 0x72, 0x69, 0x63, 0x69, 0x61, 0x5f, 0x70, 0x72, 0x6f, 0x6f, 0x66, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x13, 0x6d, 0x65, 0x72, 0x6b, 0x6c, 0x65, 0x50, 0x61, 0x74, 0x72, 0x69, 0x63, 0x69, 0x61, - 0x50, 0x72, 0x6f, 0x6f, 0x66, 0x22, 0x55, 0x0a, 0x11, 0x44, 0x65, 0x63, 0x72, 0x79, 0x70, 0x74, - 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1e, 0x0a, 0x0a, 0x63, 0x69, - 0x70, 0x68, 0x65, 0x72, 0x74, 0x65, 0x78, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0a, - 0x63, 0x69, 0x70, 0x68, 0x65, 0x72, 0x74, 0x65, 0x78, 0x74, 0x12, 0x20, 0x0a, 0x05, 0x70, 0x72, - 0x6f, 0x6f, 0x66, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0a, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, - 0x50, 0x72, 0x6f, 0x6f, 0x66, 0x52, 0x05, 0x70, 0x72, 0x6f, 0x6f, 0x66, 0x22, 0x50, 0x0a, 0x12, - 0x44, 0x65, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, - 0x73, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x70, 0x6c, 0x61, 0x69, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x18, - 0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x09, 0x70, 0x6c, 0x61, 0x69, 0x6e, 0x74, 0x65, 0x78, 0x74, - 0x12, 0x1c, 0x0a, 0x09, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x18, 0x02, 0x20, - 0x01, 0x28, 0x0c, 0x52, 0x09, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x22, 0x76, - 0x0a, 0x13, 0x52, 0x65, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, - 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1e, 0x0a, 0x0a, 0x63, 0x69, 0x70, 0x68, 0x65, 0x72, 0x74, - 0x65, 0x78, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0a, 0x63, 0x69, 0x70, 0x68, 0x65, - 0x72, 0x74, 0x65, 0x78, 0x74, 0x12, 0x20, 0x0a, 0x05, 0x70, 0x72, 0x6f, 0x6f, 0x66, 0x18, 0x02, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0a, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x50, 0x72, 0x6f, 0x6f, 0x66, - 0x52, 0x05, 0x70, 0x72, 0x6f, 0x6f, 0x66, 0x12, 0x1d, 0x0a, 0x0a, 0x70, 0x75, 0x62, 0x6c, 0x69, - 0x63, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x09, 0x70, 0x75, 0x62, - 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x22, 0x6b, 0x0a, 0x14, 0x52, 0x65, 0x65, 0x6e, 0x63, 0x72, - 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x35, - 0x0a, 0x16, 0x72, 0x65, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x65, 0x64, 0x5f, 0x63, 0x69, - 0x70, 0x68, 0x65, 0x72, 0x74, 0x65, 0x78, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x15, - 0x72, 0x65, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x65, 0x64, 0x43, 0x69, 0x70, 0x68, 0x65, - 0x72, 0x74, 0x65, 0x78, 0x74, 0x12, 0x1c, 0x0a, 0x09, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, - 0x72, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x09, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, - 0x75, 0x72, 0x65, 0x32, 0x8b, 0x01, 0x0a, 0x0b, 0x4b, 0x6d, 0x73, 0x45, 0x6e, 0x64, 0x70, 0x6f, - 0x69, 0x6e, 0x74, 0x12, 0x3a, 0x0a, 0x07, 0x44, 0x65, 0x63, 0x72, 0x79, 0x70, 0x74, 0x12, 0x16, + 0x50, 0x72, 0x6f, 0x6f, 0x66, 0x22, 0x98, 0x01, 0x0a, 0x11, 0x44, 0x65, 0x63, 0x72, 0x79, 0x70, + 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x27, 0x0a, 0x08, 0x66, + 0x68, 0x65, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x0c, 0x2e, + 0x6b, 0x6d, 0x73, 0x2e, 0x46, 0x68, 0x65, 0x54, 0x79, 0x70, 0x65, 0x52, 0x07, 0x66, 0x68, 0x65, + 0x54, 0x79, 0x70, 0x65, 0x12, 0x1e, 0x0a, 0x0a, 0x63, 0x69, 0x70, 0x68, 0x65, 0x72, 0x74, 0x65, + 0x78, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0a, 0x63, 0x69, 0x70, 0x68, 0x65, 0x72, + 0x74, 0x65, 0x78, 0x74, 0x12, 0x18, 0x0a, 0x07, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x18, + 0x03, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x07, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x20, + 0x0a, 0x05, 0x70, 0x72, 0x6f, 0x6f, 0x66, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0a, 0x2e, + 0x6b, 0x6d, 0x73, 0x2e, 0x50, 0x72, 0x6f, 0x6f, 0x66, 0x52, 0x05, 0x70, 0x72, 0x6f, 0x6f, 0x66, + 0x22, 0x79, 0x0a, 0x12, 0x44, 0x65, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, + 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, + 0x75, 0x72, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x09, 0x73, 0x69, 0x67, 0x6e, 0x61, + 0x74, 0x75, 0x72, 0x65, 0x12, 0x27, 0x0a, 0x08, 0x66, 0x68, 0x65, 0x5f, 0x74, 0x79, 0x70, 0x65, + 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x0c, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x46, 0x68, 0x65, + 0x54, 0x79, 0x70, 0x65, 0x52, 0x07, 0x66, 0x68, 0x65, 0x54, 0x79, 0x70, 0x65, 0x12, 0x1c, 0x0a, + 0x09, 0x70, 0x6c, 0x61, 0x69, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0d, + 0x52, 0x09, 0x70, 0x6c, 0x61, 0x69, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x22, 0x9a, 0x01, 0x0a, 0x13, + 0x52, 0x65, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, + 0x65, 0x73, 0x74, 0x12, 0x27, 0x0a, 0x08, 0x66, 0x68, 0x65, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x0c, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x46, 0x68, 0x65, 0x54, + 0x79, 0x70, 0x65, 0x52, 0x07, 0x66, 0x68, 0x65, 0x54, 0x79, 0x70, 0x65, 0x12, 0x1e, 0x0a, 0x0a, + 0x63, 0x69, 0x70, 0x68, 0x65, 0x72, 0x74, 0x65, 0x78, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, + 0x52, 0x0a, 0x63, 0x69, 0x70, 0x68, 0x65, 0x72, 0x74, 0x65, 0x78, 0x74, 0x12, 0x18, 0x0a, 0x07, + 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x07, 0x72, + 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x20, 0x0a, 0x05, 0x70, 0x72, 0x6f, 0x6f, 0x66, 0x18, + 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0a, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x50, 0x72, 0x6f, 0x6f, + 0x66, 0x52, 0x05, 0x70, 0x72, 0x6f, 0x6f, 0x66, 0x22, 0x76, 0x0a, 0x14, 0x52, 0x65, 0x65, 0x6e, + 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, + 0x12, 0x35, 0x0a, 0x16, 0x72, 0x65, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x65, 0x64, 0x5f, + 0x63, 0x69, 0x70, 0x68, 0x65, 0x72, 0x74, 0x65, 0x78, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, + 0x52, 0x15, 0x72, 0x65, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x65, 0x64, 0x43, 0x69, 0x70, + 0x68, 0x65, 0x72, 0x74, 0x65, 0x78, 0x74, 0x12, 0x27, 0x0a, 0x08, 0x66, 0x68, 0x65, 0x5f, 0x74, + 0x79, 0x70, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x0c, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, + 0x46, 0x68, 0x65, 0x54, 0x79, 0x70, 0x65, 0x52, 0x07, 0x66, 0x68, 0x65, 0x54, 0x79, 0x70, 0x65, + 0x2a, 0x39, 0x0a, 0x07, 0x46, 0x68, 0x65, 0x54, 0x79, 0x70, 0x65, 0x12, 0x08, 0x0a, 0x04, 0x42, + 0x6f, 0x6f, 0x6c, 0x10, 0x00, 0x12, 0x0a, 0x0a, 0x06, 0x45, 0x75, 0x69, 0x6e, 0x74, 0x38, 0x10, + 0x01, 0x12, 0x0b, 0x0a, 0x07, 0x45, 0x75, 0x69, 0x6e, 0x74, 0x31, 0x36, 0x10, 0x02, 0x12, 0x0b, + 0x0a, 0x07, 0x45, 0x75, 0x69, 0x6e, 0x74, 0x33, 0x32, 0x10, 0x03, 0x32, 0xa3, 0x02, 0x0a, 0x0b, + 0x4b, 0x6d, 0x73, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x12, 0x47, 0x0a, 0x14, 0x56, + 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x5f, 0x61, 0x6e, 0x64, 0x5f, 0x64, 0x65, 0x63, 0x72, + 0x79, 0x70, 0x74, 0x12, 0x16, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x44, 0x65, 0x63, 0x72, 0x79, 0x70, + 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x17, 0x2e, 0x6b, 0x6d, + 0x73, 0x2e, 0x44, 0x65, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70, + 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x4d, 0x0a, 0x16, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, + 0x5f, 0x61, 0x6e, 0x64, 0x5f, 0x72, 0x65, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x12, 0x18, + 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x52, 0x65, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, + 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x19, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x52, + 0x65, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, + 0x6e, 0x73, 0x65, 0x12, 0x3a, 0x0a, 0x07, 0x44, 0x65, 0x63, 0x72, 0x79, 0x70, 0x74, 0x12, 0x16, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x44, 0x65, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x17, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x44, 0x65, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, @@ -363,26 +470,36 @@ func file_kms_proto_rawDescGZIP() []byte { return file_kms_proto_rawDescData } +var file_kms_proto_enumTypes = make([]protoimpl.EnumInfo, 1) var file_kms_proto_msgTypes = make([]protoimpl.MessageInfo, 5) var file_kms_proto_goTypes = []interface{}{ - (*Proof)(nil), // 0: kms.Proof - (*DecryptionRequest)(nil), // 1: kms.DecryptionRequest - (*DecryptionResponse)(nil), // 2: kms.DecryptionResponse - (*ReencryptionRequest)(nil), // 3: kms.ReencryptionRequest - (*ReencryptionResponse)(nil), // 4: kms.ReencryptionResponse + (FheType)(0), // 0: kms.FheType + (*Proof)(nil), // 1: kms.Proof + (*DecryptionRequest)(nil), // 2: kms.DecryptionRequest + (*DecryptionResponse)(nil), // 3: kms.DecryptionResponse + (*ReencryptionRequest)(nil), // 4: kms.ReencryptionRequest + (*ReencryptionResponse)(nil), // 5: kms.ReencryptionResponse } var file_kms_proto_depIdxs = []int32{ - 0, // 0: kms.DecryptionRequest.proof:type_name -> kms.Proof - 0, // 1: kms.ReencryptionRequest.proof:type_name -> kms.Proof - 1, // 2: kms.KmsEndpoint.Decrypt:input_type -> kms.DecryptionRequest - 3, // 3: kms.KmsEndpoint.Reencrypt:input_type -> kms.ReencryptionRequest - 2, // 4: kms.KmsEndpoint.Decrypt:output_type -> kms.DecryptionResponse - 4, // 5: kms.KmsEndpoint.Reencrypt:output_type -> kms.ReencryptionResponse - 4, // [4:6] is the sub-list for method output_type - 2, // [2:4] is the sub-list for method input_type - 2, // [2:2] is the sub-list for extension type_name - 2, // [2:2] is the sub-list for extension extendee - 0, // [0:2] is the sub-list for field type_name + 0, // 0: kms.DecryptionRequest.fhe_type:type_name -> kms.FheType + 1, // 1: kms.DecryptionRequest.proof:type_name -> kms.Proof + 0, // 2: kms.DecryptionResponse.fhe_type:type_name -> kms.FheType + 0, // 3: kms.ReencryptionRequest.fhe_type:type_name -> kms.FheType + 1, // 4: kms.ReencryptionRequest.proof:type_name -> kms.Proof + 0, // 5: kms.ReencryptionResponse.fhe_type:type_name -> kms.FheType + 2, // 6: kms.KmsEndpoint.Validate_and_decrypt:input_type -> kms.DecryptionRequest + 4, // 7: kms.KmsEndpoint.Validate_and_reencrypt:input_type -> kms.ReencryptionRequest + 2, // 8: kms.KmsEndpoint.Decrypt:input_type -> kms.DecryptionRequest + 4, // 9: kms.KmsEndpoint.Reencrypt:input_type -> kms.ReencryptionRequest + 3, // 10: kms.KmsEndpoint.Validate_and_decrypt:output_type -> kms.DecryptionResponse + 5, // 11: kms.KmsEndpoint.Validate_and_reencrypt:output_type -> kms.ReencryptionResponse + 3, // 12: kms.KmsEndpoint.Decrypt:output_type -> kms.DecryptionResponse + 5, // 13: kms.KmsEndpoint.Reencrypt:output_type -> kms.ReencryptionResponse + 10, // [10:14] is the sub-list for method output_type + 6, // [6:10] is the sub-list for method input_type + 6, // [6:6] is the sub-list for extension type_name + 6, // [6:6] is the sub-list for extension extendee + 0, // [0:6] is the sub-list for field type_name } func init() { file_kms_proto_init() } @@ -457,13 +574,14 @@ func file_kms_proto_init() { File: protoimpl.DescBuilder{ GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: file_kms_proto_rawDesc, - NumEnums: 0, + NumEnums: 1, NumMessages: 5, NumExtensions: 0, NumServices: 1, }, GoTypes: file_kms_proto_goTypes, DependencyIndexes: file_kms_proto_depIdxs, + EnumInfos: file_kms_proto_enumTypes, MessageInfos: file_kms_proto_msgTypes, }.Build() File_kms_proto = out.File diff --git a/kms/kms_grpc.pb.go b/kms/kms_grpc.pb.go index 08eb831..f96d747 100644 --- a/kms/kms_grpc.pb.go +++ b/kms/kms_grpc.pb.go @@ -22,14 +22,18 @@ const _ = grpc.SupportPackageIsVersion7 const KmsEndpointAddr = "kms.zama.ai:50051" const ( - KmsEndpoint_Decrypt_FullMethodName = "/kms.KmsEndpoint/Decrypt" - KmsEndpoint_Reencrypt_FullMethodName = "/kms.KmsEndpoint/Reencrypt" + KmsEndpoint_ValidateAndDecrypt_FullMethodName = "/kms.KmsEndpoint/Validate_and_decrypt" + KmsEndpoint_ValidateAndReencrypt_FullMethodName = "/kms.KmsEndpoint/Validate_and_reencrypt" + KmsEndpoint_Decrypt_FullMethodName = "/kms.KmsEndpoint/Decrypt" + KmsEndpoint_Reencrypt_FullMethodName = "/kms.KmsEndpoint/Reencrypt" ) // KmsEndpointClient is the client API for KmsEndpoint service. // // For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. type KmsEndpointClient interface { + ValidateAndDecrypt(ctx context.Context, in *DecryptionRequest, opts ...grpc.CallOption) (*DecryptionResponse, error) + ValidateAndReencrypt(ctx context.Context, in *ReencryptionRequest, opts ...grpc.CallOption) (*ReencryptionResponse, error) Decrypt(ctx context.Context, in *DecryptionRequest, opts ...grpc.CallOption) (*DecryptionResponse, error) Reencrypt(ctx context.Context, in *ReencryptionRequest, opts ...grpc.CallOption) (*ReencryptionResponse, error) } @@ -42,6 +46,24 @@ func NewKmsEndpointClient(cc grpc.ClientConnInterface) KmsEndpointClient { return &kmsEndpointClient{cc} } +func (c *kmsEndpointClient) ValidateAndDecrypt(ctx context.Context, in *DecryptionRequest, opts ...grpc.CallOption) (*DecryptionResponse, error) { + out := new(DecryptionResponse) + err := c.cc.Invoke(ctx, KmsEndpoint_ValidateAndDecrypt_FullMethodName, in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *kmsEndpointClient) ValidateAndReencrypt(ctx context.Context, in *ReencryptionRequest, opts ...grpc.CallOption) (*ReencryptionResponse, error) { + out := new(ReencryptionResponse) + err := c.cc.Invoke(ctx, KmsEndpoint_ValidateAndReencrypt_FullMethodName, in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + func (c *kmsEndpointClient) Decrypt(ctx context.Context, in *DecryptionRequest, opts ...grpc.CallOption) (*DecryptionResponse, error) { out := new(DecryptionResponse) err := c.cc.Invoke(ctx, KmsEndpoint_Decrypt_FullMethodName, in, out, opts...) @@ -64,6 +86,8 @@ func (c *kmsEndpointClient) Reencrypt(ctx context.Context, in *ReencryptionReque // All implementations must embed UnimplementedKmsEndpointServer // for forward compatibility type KmsEndpointServer interface { + ValidateAndDecrypt(context.Context, *DecryptionRequest) (*DecryptionResponse, error) + ValidateAndReencrypt(context.Context, *ReencryptionRequest) (*ReencryptionResponse, error) Decrypt(context.Context, *DecryptionRequest) (*DecryptionResponse, error) Reencrypt(context.Context, *ReencryptionRequest) (*ReencryptionResponse, error) mustEmbedUnimplementedKmsEndpointServer() @@ -73,6 +97,12 @@ type KmsEndpointServer interface { type UnimplementedKmsEndpointServer struct { } +func (UnimplementedKmsEndpointServer) ValidateAndDecrypt(context.Context, *DecryptionRequest) (*DecryptionResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method ValidateAndDecrypt not implemented") +} +func (UnimplementedKmsEndpointServer) ValidateAndReencrypt(context.Context, *ReencryptionRequest) (*ReencryptionResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method ValidateAndReencrypt not implemented") +} func (UnimplementedKmsEndpointServer) Decrypt(context.Context, *DecryptionRequest) (*DecryptionResponse, error) { return nil, status.Errorf(codes.Unimplemented, "method Decrypt not implemented") } @@ -92,6 +122,42 @@ func RegisterKmsEndpointServer(s grpc.ServiceRegistrar, srv KmsEndpointServer) { s.RegisterService(&KmsEndpoint_ServiceDesc, srv) } +func _KmsEndpoint_ValidateAndDecrypt_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(DecryptionRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(KmsEndpointServer).ValidateAndDecrypt(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: KmsEndpoint_ValidateAndDecrypt_FullMethodName, + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(KmsEndpointServer).ValidateAndDecrypt(ctx, req.(*DecryptionRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _KmsEndpoint_ValidateAndReencrypt_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(ReencryptionRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(KmsEndpointServer).ValidateAndReencrypt(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: KmsEndpoint_ValidateAndReencrypt_FullMethodName, + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(KmsEndpointServer).ValidateAndReencrypt(ctx, req.(*ReencryptionRequest)) + } + return interceptor(ctx, in, info, handler) +} + func _KmsEndpoint_Decrypt_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { in := new(DecryptionRequest) if err := dec(in); err != nil { @@ -135,6 +201,14 @@ var KmsEndpoint_ServiceDesc = grpc.ServiceDesc{ ServiceName: "kms.KmsEndpoint", HandlerType: (*KmsEndpointServer)(nil), Methods: []grpc.MethodDesc{ + { + MethodName: "Validate_and_decrypt", + Handler: _KmsEndpoint_ValidateAndDecrypt_Handler, + }, + { + MethodName: "Validate_and_reencrypt", + Handler: _KmsEndpoint_ValidateAndReencrypt_Handler, + }, { MethodName: "Decrypt", Handler: _KmsEndpoint_Decrypt_Handler, diff --git a/proto/kms.proto b/proto/kms.proto index b5c4945..fe2cc7a 100644 --- a/proto/kms.proto +++ b/proto/kms.proto @@ -3,32 +3,46 @@ package kms; option go_package = "github.com/zama-ai/fhevm-go/kms"; service KmsEndpoint { + rpc Validate_and_decrypt(DecryptionRequest) returns (DecryptionResponse); + rpc Validate_and_reencrypt(ReencryptionRequest) + returns (ReencryptionResponse); rpc Decrypt(DecryptionRequest) returns (DecryptionResponse); rpc Reencrypt(ReencryptionRequest) returns (ReencryptionResponse); } +enum FheType { + Bool = 0; + Euint8 = 1; + Euint16 = 2; + Euint32 = 3; +} + message Proof { uint32 height = 1; bytes merkle_patricia_proof = 2; } message DecryptionRequest { - bytes ciphertext = 1; - Proof proof = 2; + FheType fhe_type = 1; + bytes ciphertext = 2; + bytes request = 3; + Proof proof = 4; } message DecryptionResponse { - uint32 plaintext = 1; - bytes signature = 2; + bytes signature = 1; + FheType fhe_type = 2; + uint32 plaintext = 3; } message ReencryptionRequest { - bytes ciphertext = 1; - Proof proof = 2; - bytes public_key = 3; + FheType fhe_type = 1; + bytes ciphertext = 2; + bytes request = 3; + Proof proof = 4; } message ReencryptionResponse { bytes reencrypted_ciphertext = 1; - bytes signature = 2; + FheType fhe_type = 2; } \ No newline at end of file From 8ad3dfe7c34f334b62f114dcc8e471fa2200c7e0 Mon Sep 17 00:00:00 2001 From: Louis Tremblay Thibault Date: Thu, 14 Dec 2023 11:26:23 +0100 Subject: [PATCH 4/5] feat(): fetch kms endpoint address from env --- fhevm/precompiles.go | 2 +- kms/kms_grpc.pb.go | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/fhevm/precompiles.go b/fhevm/precompiles.go index e2f843e..44d53a9 100644 --- a/fhevm/precompiles.go +++ b/fhevm/precompiles.go @@ -1960,7 +1960,7 @@ func reencryptRun(environment EVMEnvironment, caller common.Address, addr common var reencryptedValue = res.ReencryptedCiphertext - logger.Info("reencrypt success", "input", hex.EncodeToString(input), "callerAddr", caller, "reencryptedValue", reencryptedValue) + logger.Info("reencrypt success", "input", hex.EncodeToString(input), "callerAddr", caller, "reencryptedValue", reencryptedValue, "len", len(reencryptedValue)) return toEVMBytes(reencryptedValue), nil } msg := "reencrypt unverified ciphertext handle" diff --git a/kms/kms_grpc.pb.go b/kms/kms_grpc.pb.go index f96d747..f832c06 100644 --- a/kms/kms_grpc.pb.go +++ b/kms/kms_grpc.pb.go @@ -8,6 +8,8 @@ package kms import ( context "context" + "os" + grpc "google.golang.org/grpc" codes "google.golang.org/grpc/codes" status "google.golang.org/grpc/status" @@ -19,7 +21,7 @@ import ( const _ = grpc.SupportPackageIsVersion7 // URL of the KMS gRPC endpoint -const KmsEndpointAddr = "kms.zama.ai:50051" +var KmsEndpointAddr = os.Getenv("KMS_ENDPOINT_ADDR") const ( KmsEndpoint_ValidateAndDecrypt_FullMethodName = "/kms.KmsEndpoint/Validate_and_decrypt" From 4c437dbc41cc34c94a71145fc0ed271f4260759a Mon Sep 17 00:00:00 2001 From: David Date: Wed, 20 Dec 2023 14:02:58 +0800 Subject: [PATCH 5/5] Add empty rust flags for portable executable --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index b8859d8..d83dff6 100644 --- a/Makefile +++ b/Makefile @@ -8,7 +8,7 @@ test: build-tfhe-rs-capi .PHONY: build-tfhe-rs-capi build-tfhe-rs-capi: - cd tfhe-rs && make build_c_api_experimental_deterministic_fft \ + cd tfhe-rs && RUSTFLAGS="" make build_c_api_experimental_deterministic_fft \ && cd target/release && rm -f *.dylib *.dll *.so .PHONY: clean