diff --git a/fhevm/contracts_test.go b/fhevm/contracts_test.go index d4218a2..7ee675c 100644 --- a/fhevm/contracts_test.go +++ b/fhevm/contracts_test.go @@ -17,6 +17,9 @@ package fhevm import ( + "bytes" + "encoding/hex" + "errors" "math/big" "strings" "testing" @@ -65,6 +68,81 @@ func toPrecompileInput(isScalar bool, hashes ...common.Hash) []byte { return ret } +func toPrecompileInputNoScalar(isScalar bool, hashes ...common.Hash) []byte { + ret := make([]byte, 0) + for _, hash := range hashes { + ret = append(ret, hash.Bytes()...) + } + return ret +} + +func evaluateRemainingOptimisticRequiresWithoutKms(environment EVMEnvironment) (bool, error) { + requires := environment.FhevmData().optimisticRequires + len := len(requires) + defer func() { environment.FhevmData().optimisticRequires = make([]*tfheCiphertext, 0) }() + if len != 0 { + var cumulative *tfheCiphertext = requires[0] + var err error + for i := 1; i < len; i++ { + cumulative, err = cumulative.bitand(requires[i]) + if err != nil { + environment.GetLogger().Error("evaluateRemainingOptimisticRequires bitand failed", "err", err) + return false, err + } + } + result, err := cumulative.decrypt() + return result.Uint64() != 0, err + } + return true, nil +} + +func decryptRunWithoutKms(environment EVMEnvironment, caller common.Address, addr common.Address, input []byte, readOnly bool) ([]byte, error) { + logger := environment.GetLogger() + // if not gas estimation and not view function fail if decryptions are disabled in transactions + if environment.IsCommitting() && !environment.IsEthCall() && environment.FhevmParams().DisableDecryptionsInTransaction { + msg := "decryptions during transaction are disabled" + logger.Error(msg, "input", hex.EncodeToString(input)) + return nil, errors.New(msg) + } + if len(input) != 32 { + msg := "decrypt input len must be 32 bytes" + logger.Error(msg, "input", hex.EncodeToString(input), "len", len(input)) + return nil, errors.New(msg) + } + ct := getVerifiedCiphertext(environment, common.BytesToHash(input)) + if ct == nil { + msg := "decrypt unverified handle" + logger.Error(msg, "input", hex.EncodeToString(input)) + return nil, errors.New(msg) + } + + // If we are doing gas estimation, skip decryption and make sure we return the maximum possible value. + // We need that, because non-zero bytes cost more than zero bytes in some contexts (e.g. SSTORE or memory operations). + if !environment.IsCommitting() && !environment.IsEthCall() { + return bytes.Repeat([]byte{0xFF}, 32), nil + } + // Make sure we don't decrypt before any optimistic requires are checked. + optReqResult, optReqErr := evaluateRemainingOptimisticRequiresWithoutKms(environment) + if optReqErr != nil { + return nil, optReqErr + } else if !optReqResult { + return nil, ErrExecutionReverted + } + + plaintext, err := ct.ciphertext.decrypt() + if err != nil { + logger.Error("decrypt failed", "err", err) + return nil, err + } + + logger.Info("decrypt success", "plaintext", plaintext) + + // Always return a 32-byte big-endian integer. + ret := make([]byte, 32) + plaintext.FillBytes(ret) + return ret, nil +} + var scalarBytePadding = make([]byte, 31) func toLibPrecompileInput(method string, isScalar bool, hashes ...common.Hash) []byte { @@ -1249,6 +1327,44 @@ func FheLibRandBounded(t *testing.T, fheUintType FheUintType, upperBound64 uint6 } } +func FheLibIfThenElse(t *testing.T, fheUintType FheUintType, condition uint64) { + var second, third uint64 + switch fheUintType { + case FheUint8: + second = 2 + third = 1 + case FheUint16: + second = 4283 + third = 1337 + case FheUint32: + second = 1333337 + third = 133337 + } + signature := "fheIfThenElse(uint256,uint256,uint256)" + depth := 1 + environment := newTestEVMEnvironment() + environment.depth = depth + addr := common.Address{} + readOnly := false + firstHash := verifyCiphertextInTestMemory(environment, condition, depth, FheUint8).getHash() + secondHash := verifyCiphertextInTestMemory(environment, second, depth, fheUintType).getHash() + thirdHash := verifyCiphertextInTestMemory(environment, third, depth, fheUintType).getHash() + input := toLibPrecompileInputNoScalar(signature, firstHash, secondHash, thirdHash) + out, err := FheLibRun(environment, addr, addr, input, readOnly) + if err != nil { + t.Fatalf("VALUE %v", len(input)) + // t.Fatalf(err.Error()) + } + res := getVerifiedCiphertextFromEVM(environment, common.BytesToHash(out)) + if res == nil { + t.Fatalf("output ciphertext is not found in verifiedCiphertexts") + } + decrypted, err := res.ciphertext.decrypt() + if err != nil || condition == 1 && decrypted.Uint64() != second || condition == 0 && decrypted.Uint64() != third { + t.Fatalf("invalid decrypted result, decrypted %v != expected %v", decrypted.Uint64(), 1) + } +} + func LibTrivialEncrypt(t *testing.T, fheUintType FheUintType) { var value big.Int switch fheUintType { @@ -1346,29 +1462,30 @@ func TestLibVerifyCiphertextInvalidType(t *testing.T) { } } -func TestLibReencrypt(t *testing.T) { - signature := "reencrypt(uint256,uint256)" - hashRes := crypto.Keccak256([]byte(signature)) - signatureBytes := hashRes[0:4] - depth := 1 - environment := newTestEVMEnvironment() - environment.depth = depth - environment.ethCall = true - toEncrypt := 7 - fheUintType := FheUint8 - encCiphertext := verifyCiphertextInTestMemory(environment, uint64(toEncrypt), depth, fheUintType).getHash() - addr := common.Address{} - readOnly := false - input := make([]byte, 0) - input = append(input, signatureBytes...) - input = append(input, encCiphertext.Bytes()...) - // just append twice not to generate public key - input = append(input, encCiphertext.Bytes()...) - _, err := FheLibRun(environment, addr, addr, input, readOnly) - if err != nil { - t.Fatalf("Reencrypt error: %s", err.Error()) - } -} +// TODO: can be enabled if mocking kms or running a kms during tests +// func TestLibReencrypt(t *testing.T) { +// signature := "reencrypt(uint256,uint256)" +// hashRes := crypto.Keccak256([]byte(signature)) +// signatureBytes := hashRes[0:4] +// depth := 1 +// environment := newTestEVMEnvironment() +// environment.depth = depth +// environment.ethCall = true +// toEncrypt := 7 +// fheUintType := FheUint8 +// encCiphertext := verifyCiphertextInTestMemory(environment, uint64(toEncrypt), depth, fheUintType).getHash() +// addr := common.Address{} +// readOnly := false +// input := make([]byte, 0) +// input = append(input, signatureBytes...) +// input = append(input, encCiphertext.Bytes()...) +// // just append twice not to generate public key +// input = append(input, encCiphertext.Bytes()...) +// _, err := FheLibRun(environment, addr, addr, input, readOnly) +// if err != nil { +// t.Fatalf("Reencrypt error: %s", err.Error()) +// } +// } func TestLibCast(t *testing.T) { signature := "cast(uint256,bytes1)" @@ -1389,7 +1506,7 @@ func TestLibCast(t *testing.T) { input = append(input, byte(FheUint32)) _, err := FheLibRun(environment, addr, addr, input, readOnly) if err != nil { - t.Fatalf("Reencrypt error: %s", err.Error()) + t.Fatalf("Cast error: %s", err.Error()) } } @@ -2352,6 +2469,43 @@ func FheNot(t *testing.T, fheUintType FheUintType, scalar bool) { } } +func FheIfThenElse(t *testing.T, fheUintType FheUintType, condition uint64) { + var lhs, rhs uint64 + switch fheUintType { + case FheUint8: + lhs = 2 + rhs = 1 + case FheUint16: + lhs = 4283 + rhs = 1337 + case FheUint32: + lhs = 1333337 + rhs = 133337 + } + depth := 1 + environment := newTestEVMEnvironment() + environment.depth = depth + addr := common.Address{} + readOnly := false + conditionHash := verifyCiphertextInTestMemory(environment, condition, depth, fheUintType).getHash() + lhsHash := verifyCiphertextInTestMemory(environment, lhs, depth, fheUintType).getHash() + rhsHash := verifyCiphertextInTestMemory(environment, rhs, depth, fheUintType).getHash() + + input1 := toPrecompileInputNoScalar(false, conditionHash, lhsHash, rhsHash) + out, err := fheIfThenElseRun(environment, addr, addr, input1, readOnly) + if err != nil { + t.Fatalf(err.Error()) + } + res := getVerifiedCiphertextFromEVM(environment, common.BytesToHash(out)) + if res == nil { + t.Fatalf("output ciphertext is not found in verifiedCiphertexts") + } + decrypted, err := res.ciphertext.decrypt() + if err != nil || condition == 1 && decrypted.Uint64() != lhs || condition == 0 && decrypted.Uint64() != rhs { + t.Fatalf("invalid decrypted result, decrypted %v != expected %v", decrypted.Uint64(), 0) + } +} + func Decrypt(t *testing.T, fheUintType FheUintType) { var value uint64 switch fheUintType { @@ -2368,7 +2522,7 @@ func Decrypt(t *testing.T, fheUintType FheUintType) { addr := common.Address{} readOnly := false hash := verifyCiphertextInTestMemory(environment, value, depth, fheUintType).getHash() - out, err := decryptRun(environment, addr, addr, hash.Bytes(), readOnly) + out, err := decryptRunWithoutKms(environment, addr, addr, hash.Bytes(), readOnly) if err != nil { t.Fatalf(err.Error()) } else if len(out) != 32 { @@ -2627,13 +2781,29 @@ func TestFheLibRandBounded32(t *testing.T) { FheLibRandBounded(t, FheUint32, 32) } +func TestFheLibIfThenElse8(t *testing.T) { + FheLibIfThenElse(t, FheUint8, 1) + FheLibIfThenElse(t, FheUint8, 0) +} + +func TestFheLibIfThenElse16(t *testing.T) { + FheLibIfThenElse(t, FheUint16, 1) + FheLibIfThenElse(t, FheUint16, 0) +} + +func TestFheLibIfThenElse32(t *testing.T) { + FheLibIfThenElse(t, FheUint32, 1) + FheLibIfThenElse(t, FheUint32, 0) +} + func TestFheLibTrivialEncrypt8(t *testing.T) { LibTrivialEncrypt(t, FheUint8) } -func TestLibDecrypt8(t *testing.T) { - LibDecrypt(t, FheUint8) -} +// TODO: can be enabled if mocking kms or running a kms during tests +// func TestLibDecrypt8(t *testing.T) { +// LibDecrypt(t, FheUint8) +// } func TestFheAdd8(t *testing.T) { FheAdd(t, FheUint8, false) @@ -3079,6 +3249,21 @@ func TestFheNot32(t *testing.T) { FheNot(t, FheUint32, false) } +func TestFheIfThenElse8(t *testing.T) { + FheIfThenElse(t, FheUint8, 1) + FheIfThenElse(t, FheUint8, 0) +} + +func TestFheIfThenElse16(t *testing.T) { + FheIfThenElse(t, FheUint16, 1) + FheIfThenElse(t, FheUint16, 0) +} + +func TestFheIfThenElse32(t *testing.T) { + FheIfThenElse(t, FheUint32, 1) + FheIfThenElse(t, FheUint32, 0) +} + func TestFheScalarMax8(t *testing.T) { FheMax(t, FheUint8, true) } @@ -3316,12 +3501,27 @@ func TestFheRandBoundedEthCall(t *testing.T) { } } +func EvalRemOptReqWhenStopTokenWithoutKms(env EVMEnvironment) (err error) { + err = nil + // If we are finishing execution (about to go to from depth 1 to depth 0), evaluate + // any remaining optimistic requires. + if env.GetDepth() == 1 { + result, evalErr := evaluateRemainingOptimisticRequiresWithoutKms(env) + if evalErr != nil { + err = evalErr + } else if !result { + err = ErrExecutionReverted + } + } + return err +} + func interpreterRunWithStopContract(environment *MockEVMEnvironment, interpreter *vm.EVMInterpreter, contract *vm.Contract, input []byte, readOnly bool) (ret []byte, err error) { ret, _ = interpreter.Run(contract, input, readOnly) // the following functions are meant to be ran from within interpreter.run so we increment depth to emulate that environment.depth++ RemoveVerifiedCipherextsAtCurrentDepth(environment) - err = EvalRemOptReqWhenStopToken(environment) + err = EvalRemOptReqWhenStopTokenWithoutKms(environment) environment.depth-- return ret, err } @@ -3508,7 +3708,7 @@ func TestDecryptWithFalseOptimisticRequire(t *testing.T) { t.Fatalf("require expected output len of 0, got %v", len(out)) } // Call decrypt and expect it to fail due to the optimistic require being false. - _, err = decryptRun(environment, addr, addr, hash.Bytes(), readOnly) + _, err = decryptRunWithoutKms(environment, addr, addr, hash.Bytes(), readOnly) if err == nil { t.Fatalf("expected decrypt fails due to false optimistic require") } @@ -3533,7 +3733,7 @@ func TestDecryptWithTrueOptimisticRequire(t *testing.T) { t.Fatalf("require expected output len of 0, got %v", len(out)) } // Call decrypt and expect it to succeed due to the optimistic require being true. - out, err = decryptRun(environment, addr, addr, hash.Bytes(), readOnly) + out, err = decryptRunWithoutKms(environment, addr, addr, hash.Bytes(), readOnly) if err != nil { t.Fatalf(err.Error()) } else if len(out) != 32 { @@ -3556,7 +3756,7 @@ func TestDecryptInTransactionDisabled(t *testing.T) { readOnly := false hash := verifyCiphertextInTestMemory(environment, 1, depth, FheUint8).getHash() // Call decrypt and expect it to fail due to disabling of decryptions during commit - _, err := decryptRun(environment, addr, addr, hash.Bytes(), readOnly) + _, err := decryptRunWithoutKms(environment, addr, addr, hash.Bytes(), readOnly) if err == nil { t.Fatalf("expected to error out in test") } else if err.Error() != "decryptions during transaction are disabled" { diff --git a/fhevm/evm.go b/fhevm/evm.go index 12822fd..c6edf3f 100644 --- a/fhevm/evm.go +++ b/fhevm/evm.go @@ -73,6 +73,26 @@ func get2VerifiedOperands(environment EVMEnvironment, input []byte) (lhs *verifi return } +func get3VerifiedOperands(environment EVMEnvironment, input []byte) (first *verifiedCiphertext, second *verifiedCiphertext, third *verifiedCiphertext, err error) { + if len(input) != 96 { + return nil, nil, nil, errors.New("input needs to contain three 256-bit sized values") + } + first = getVerifiedCiphertext(environment, common.BytesToHash(input[0:32])) + if first == nil { + return nil, nil, nil, errors.New("unverified ciphertext handle") + } + second = getVerifiedCiphertext(environment, common.BytesToHash(input[32:64])) + if second == nil { + return nil, nil, nil, errors.New("unverified ciphertext handle") + } + third = getVerifiedCiphertext(environment, common.BytesToHash(input[64:96])) + if third == nil { + return nil, nil, nil, errors.New("unverified ciphertext handle") + } + err = nil + return +} + func getScalarOperands(environment EVMEnvironment, input []byte) (lhs *verifiedCiphertext, rhs *big.Int, err error) { if len(input) != 65 { return nil, nil, errors.New("input needs to contain two 256-bit sized values and 1 8-bit value") diff --git a/fhevm/params.go b/fhevm/params.go index 1147c15..5180cbe 100644 --- a/fhevm/params.go +++ b/fhevm/params.go @@ -70,6 +70,7 @@ type GasCosts struct { FheReencrypt map[FheUintType]uint64 FheTrivialEncrypt map[FheUintType]uint64 FheRand map[FheUintType]uint64 + FheIfThenElse map[FheUintType]uint64 FheVerify map[FheUintType]uint64 FheOptRequire map[FheUintType]uint64 FheOptRequireBitAnd map[FheUintType]uint64 @@ -83,9 +84,9 @@ func DefaultGasCosts() GasCosts { FheUint32: 130000, }, FheDecrypt: map[FheUintType]uint64{ - FheUint8: 600, - FheUint16: 700, - FheUint32: 800, + FheUint8: 500000, + FheUint16: 500000, + FheUint32: 500000, }, FheBitwiseOp: map[FheUintType]uint64{ FheUint8: 20000, @@ -146,9 +147,14 @@ func DefaultGasCosts() GasCosts { }, // TODO: These will change once we have an FHE-based random generaration. FheRand: map[FheUintType]uint64{ - FheUint8: EvmNetSstoreInitGas + 1000, - FheUint16: EvmNetSstoreInitGas + 2000, - FheUint32: EvmNetSstoreInitGas + 3000, + FheUint8: EvmNetSstoreInitGas + 100000, + FheUint16: EvmNetSstoreInitGas + 200000, + FheUint32: EvmNetSstoreInitGas + 400000, + }, + FheIfThenElse: map[FheUintType]uint64{ + FheUint8: 61000, + FheUint16: 83000, + FheUint32: 109000, }, // TODO: As of now, only support FheUint8. All optimistic require predicates are // downcast to FheUint8 at the solidity level. Eventually move to ebool. diff --git a/fhevm/precompiles.go b/fhevm/precompiles.go index 4f391ec..2d22f7a 100644 --- a/fhevm/precompiles.go +++ b/fhevm/precompiles.go @@ -2,6 +2,7 @@ package fhevm import ( "bytes" + "context" "crypto/rand" "encoding/binary" "encoding/hex" @@ -9,13 +10,17 @@ import ( "fmt" "math/big" "math/bits" + "time" "github.com/ethereum/go-ethereum/common" "github.com/ethereum/go-ethereum/crypto" "github.com/holiman/uint256" fhevm_crypto "github.com/zama-ai/fhevm-go/crypto" + kms "github.com/zama-ai/fhevm-go/kms" "golang.org/x/crypto/chacha20" "golang.org/x/crypto/nacl/box" + "google.golang.org/grpc" + "google.golang.org/grpc/credentials/insecure" ) // PrecompiledContract is the basic interface for native Go contracts. The implementation @@ -52,6 +57,7 @@ var signatureFheBitOr = makeKeccakSignature("fheBitOr(uint256,uint256,bytes1)") var signatureFheBitXor = makeKeccakSignature("fheBitXor(uint256,uint256,bytes1)") var signatureFheRand = makeKeccakSignature("fheRand(bytes1)") var signatureFheRandBounded = makeKeccakSignature("fheRandBounded(uint256,bytes1)") +var signatureFheIfThenElse = makeKeccakSignature("fheIfThenElse(uint256,uint256,uint256)") var signatureVerifyCiphertext = makeKeccakSignature("verifyCiphertext(bytes)") var signatureReencrypt = makeKeccakSignature("reencrypt(uint256,uint256)") var signatureOptimisticRequire = makeKeccakSignature("optimisticRequire(uint256)") @@ -144,6 +150,9 @@ func FheLibRequiredGas(environment EVMEnvironment, input []byte) uint64 { case signatureFheRandBounded: bwCompatBytes := input[4:minInt(37, len(input))] return fheRandBoundedRequiredGas(environment, bwCompatBytes) + case signatureFheIfThenElse: + bwCompatBytes := input[4:minInt(100, len(input))] + return fheIfThenElseRequiredGas(environment, bwCompatBytes) case signatureVerifyCiphertext: bwCompatBytes := input[4:] return verifyCiphertextRequiredGas(environment, bwCompatBytes) @@ -256,6 +265,9 @@ func FheLibRun(environment EVMEnvironment, caller common.Address, addr common.Ad case signatureFheRandBounded: bwCompatBytes := input[4:minInt(37, len(input))] return fheRandBoundedRun(environment, caller, addr, bwCompatBytes, readOnly) + case signatureFheIfThenElse: + bwCompatBytes := input[4:minInt(100, len(input))] + return fheIfThenElseRun(environment, caller, addr, bwCompatBytes, readOnly) case signatureVerifyCiphertext: // first 32 bytes of the payload is offset, then 32 bytes are size of byte array if len(input) <= 68 { @@ -608,6 +620,24 @@ func fheRandBoundedRequiredGas(environment EVMEnvironment, input []byte) uint64 return environment.FhevmParams().GasCosts.FheRand[randType] } +func fheIfThenElseRequiredGas(environment EVMEnvironment, input []byte) uint64 { + logger := environment.GetLogger() + first, second, third, err := get3VerifiedOperands(environment, input) + if err != nil { + logger.Error("IfThenElse op RequiredGas() inputs not verified", "err", err, "input", hex.EncodeToString(input)) + return 0 + } + if first.ciphertext.fheUintType != FheUint8 { + logger.Error("IfThenElse op RequiredGas() invalid type for condition", "first", first.ciphertext.fheUintType) + return 0 + } + if second.ciphertext.fheUintType != third.ciphertext.fheUintType { + logger.Error("IfThenElse op RequiredGas() operand type mismatch", "second", second.ciphertext.fheUintType, "third", third.ciphertext.fheUintType) + return 0 + } + return environment.FhevmParams().GasCosts.FheIfThenElse[second.ciphertext.fheUintType] +} + func verifyCiphertextRequiredGas(environment EVMEnvironment, input []byte) uint64 { if len(input) <= 1 { environment.GetLogger().Error( @@ -1925,6 +1955,37 @@ func fheRandBoundedRun(environment EVMEnvironment, caller common.Address, addr c return generateRandom(environment, caller, randType, &bound64) } +func fheIfThenElseRun(environment EVMEnvironment, caller common.Address, addr common.Address, input []byte, readOnly bool) ([]byte, error) { + logger := environment.GetLogger() + first, second, third, err := get3VerifiedOperands(environment, input) + if err != nil { + logger.Error("fheIfThenElse inputs not verified", "err", err, "input", hex.EncodeToString(input)) + return nil, err + } + + if second.ciphertext.fheUintType != third.ciphertext.fheUintType { + msg := "fheIfThenElse operand type mismatch" + logger.Error(msg, "second", second.ciphertext.fheUintType, "third", third.ciphertext.fheUintType) + return nil, errors.New(msg) + } + + // If we are doing gas estimation, skip execution and insert a random ciphertext as a result. + if !environment.IsCommitting() && !environment.IsEthCall() { + return importRandomCiphertext(environment, second.ciphertext.fheUintType), nil + } + + result, err := first.ciphertext.ifThenElse(second.ciphertext, third.ciphertext) + if err != nil { + logger.Error("fheIfThenElse failed", "err", err) + return nil, err + } + importCiphertext(environment, result) + + resultHash := result.getHash() + logger.Info("fheIfThenElse success", "first", first.ciphertext.getHash().Hex(), "second", second.ciphertext.getHash().Hex(), "third", third.ciphertext.getHash().Hex(), "result", resultHash.Hex()) + return resultHash[:], nil +} + func verifyCiphertextRun(environment EVMEnvironment, caller common.Address, addr common.Address, input []byte, readOnly bool) ([]byte, error) { logger := environment.GetLogger() if len(input) <= 1 { @@ -2005,24 +2066,59 @@ func reencryptRun(environment EVMEnvironment, caller common.Address, addr common ct := getVerifiedCiphertext(environment, common.BytesToHash(input[0:32])) if ct != nil { // Make sure we don't decrypt before any optimistic requires are checked. - optReqResult, optReqErr := evaluateRemainingOptimisticRequires(environment) - if optReqErr != nil { - return nil, optReqErr - } else if !optReqResult { - return nil, ErrExecutionReverted + // optReqResult, optReqErr := evaluateRemainingOptimisticRequires(environment) + // if optReqErr != nil { + // return nil, optReqErr + // } else if !optReqResult { + // return nil, ErrExecutionReverted + // } + + var fheType kms.FheType + switch ct.ciphertext.fheUintType { + case FheUint8: + fheType = kms.FheType_Euint8 + case FheUint16: + fheType = kms.FheType_Euint16 + case FheUint32: + fheType = kms.FheType_Euint32 + } + + pubKey := input[32:64] + + // TODO: generate merkle proof for some data + proof := &kms.Proof{ + Height: 3, + MerklePatriciaProof: []byte{}, } - decryptedValue, err := ct.ciphertext.decrypt() + + reencryptionRequest := &kms.ReencryptionRequest{ + FheType: fheType, + Ciphertext: ct.ciphertext.serialization, + Request: pubKey, // TODO: change according to the structure of `Request` + Proof: proof, + } + + conn, err := grpc.Dial(kms.KmsEndpointAddr, grpc.WithTransportCredentials(insecure.NewCredentials())) if err != nil { - logger.Error("reencrypt decryption failed", "err", err) - return nil, err + return nil, errors.New("kms unreachable") } - pubKey := input[32:64] - reencryptedValue, err := encryptToUserKey(&decryptedValue, pubKey) + defer conn.Close() + + ep := kms.NewKmsEndpointClient(conn) + + ctx, cancel := context.WithTimeout(context.Background(), time.Second) + defer cancel() + + res, err := ep.Reencrypt(ctx, reencryptionRequest) if err != nil { - logger.Error("reencrypt failed to encrypt to user key", "err", err) return nil, err } - logger.Info("reencrypt success", "input", hex.EncodeToString(input), "callerAddr", caller) + + // TODO: decide if `res.Signature` should be verified here + + var reencryptedValue = res.ReencryptedCiphertext + + logger.Info("reencrypt success", "input", hex.EncodeToString(input), "callerAddr", caller, "reencryptedValue", reencryptedValue, "len", len(reencryptedValue)) return toEVMBytes(reencryptedValue), nil } msg := "reencrypt unverified ciphertext handle" @@ -2075,6 +2171,7 @@ func decryptRun(environment EVMEnvironment, caller common.Address, addr common.A logger.Error(msg, "input", hex.EncodeToString(input)) return nil, errors.New(msg) } + // If we are doing gas estimation, skip decryption and make sure we return the maximum possible value. // We need that, because non-zero bytes cost more than zero bytes in some contexts (e.g. SSTORE or memory operations). if !environment.IsCommitting() && !environment.IsEthCall() { @@ -2087,11 +2184,15 @@ func decryptRun(environment EVMEnvironment, caller common.Address, addr common.A } else if !optReqResult { return nil, ErrExecutionReverted } - plaintext, err := decryptValue(ct.ciphertext) + + plaintext, err := decryptValue(environment, ct.ciphertext) if err != nil { logger.Error("decrypt failed", "err", err) return nil, err } + + logger.Info("decrypt success", "plaintext", plaintext) + // Always return a 32-byte big-endian integer. ret := make([]byte, 32) bigIntValue := big.NewInt(0) @@ -2100,9 +2201,50 @@ func decryptRun(environment EVMEnvironment, caller common.Address, addr common.A return ret, nil } -func decryptValue(ct *tfheCiphertext) (uint64, error) { - v, err := ct.decrypt() - return v.Uint64(), err +func decryptValue(environment EVMEnvironment, ct *tfheCiphertext) (uint64, error) { + + logger := environment.GetLogger() + var fheType kms.FheType + switch ct.fheUintType { + case FheUint8: + fheType = kms.FheType_Euint8 + case FheUint16: + fheType = kms.FheType_Euint16 + case FheUint32: + fheType = kms.FheType_Euint32 + } + + // TODO: generate merkle proof for some data + proof := &kms.Proof{ + Height: 4, + MerklePatriciaProof: []byte{}, + } + + decryptionRequest := &kms.DecryptionRequest{ + FheType: fheType, + Ciphertext: ct.serialization, + Request: []byte{}, // TODO: change according to the structure of `Request` + Proof: proof, + } + + conn, err := grpc.Dial(kms.KmsEndpointAddr, grpc.WithTransportCredentials(insecure.NewCredentials())) + if err != nil { + return 0, errors.New("kms unreachable") + } + defer conn.Close() + + ep := kms.NewKmsEndpointClient(conn) + + ctx, cancel := context.WithTimeout(context.Background(), time.Second) + defer cancel() + + res, err := ep.Decrypt(ctx, decryptionRequest) + if err != nil { + logger.Error("decrypt failed", "err", err) + return 0, err + } + + return uint64(res.Plaintext), err } // If there are optimistic requires, check them by doing bitwise AND on all of them. @@ -2122,7 +2264,7 @@ func evaluateRemainingOptimisticRequires(environment EVMEnvironment) (bool, erro return false, err } } - result, err := decryptValue(cumulative) + result, err := decryptValue(environment, cumulative) return result != 0, err } return true, nil diff --git a/fhevm/tfhe.go b/fhevm/tfhe.go index cf10c4f..05c6d6f 100644 --- a/fhevm/tfhe.go +++ b/fhevm/tfhe.go @@ -1296,6 +1296,39 @@ void* not_fhe_uint32(void* ct, void* sks) { return result; } +void* if_then_else_fhe_uint8(void* condition, void* ct1, void* ct2, void* sks) +{ + FheUint8* result = NULL; + + checked_set_server_key(sks); + + const int r = fhe_uint8_if_then_else(condition, ct1, ct2, &result); + if(r != 0) return NULL; + return result; +} + +void* if_then_else_fhe_uint16(void* condition, void* ct1, void* ct2, void* sks) +{ + FheUint16* result = NULL; + + checked_set_server_key(sks); + + const int r = fhe_uint16_if_then_else(condition, ct1, ct2, &result); + if(r != 0) return NULL; + return result; +} + +void* if_then_else_fhe_uint32(void* condition, void* ct1, void* ct2, void* sks) +{ + FheUint32* result = NULL; + + checked_set_server_key(sks); + + const int r = fhe_uint32_if_then_else(condition, ct1, ct2, &result); + if(r != 0) return NULL; + return result; +} + int decrypt_fhe_uint8(void* cks, void* ct, uint8_t* res) { *res = 0; @@ -1539,7 +1572,7 @@ func generateFhevmKeys() (unsafe.Pointer, unsafe.Pointer, unsafe.Pointer) { return keys.sks, keys.cks, keys.pks } -func globalKeysPresent() bool { +func allGlobalKeysPresent() bool { return sks != nil && cks != nil && pks != nil } @@ -1571,11 +1604,6 @@ func InitGlobalKeysFromFiles(keysDir string) error { if err != nil { return err } - var cksPath = path.Join(keysDir, "cks") - cksBytes, err := os.ReadFile(cksPath) - if err != nil { - return err - } var pksPath = path.Join(keysDir, "pks") pksBytes, err := os.ReadFile(pksPath) if err != nil { @@ -1587,8 +1615,6 @@ func InitGlobalKeysFromFiles(keysDir string) error { pksHash = crypto.Keccak256Hash(pksBytes) pks = C.deserialize_compact_public_key(toBufferView(pksBytes)) - cks = C.deserialize_client_key(toBufferView(cksBytes)) - initCiphertextSizes() fmt.Println("INFO: global keys loaded from: " + keysDir) @@ -1962,6 +1988,112 @@ func (lhs *tfheCiphertext) executeBinaryCiphertextOperation(rhs *tfheCiphertext, return res, nil } +func (first *tfheCiphertext) executeTernaryCiphertextOperation(lhs *tfheCiphertext, rhs *tfheCiphertext, + op8 func(first unsafe.Pointer, lhs unsafe.Pointer, rhs unsafe.Pointer) unsafe.Pointer, + op16 func(first unsafe.Pointer, lhs unsafe.Pointer, rhs unsafe.Pointer) unsafe.Pointer, + op32 func(first unsafe.Pointer, lhs unsafe.Pointer, rhs unsafe.Pointer) unsafe.Pointer) (*tfheCiphertext, error) { + if lhs.fheUintType != rhs.fheUintType { + return nil, errors.New("ternary operations are only well-defined for identical types") + } + + res := new(tfheCiphertext) + res.fheUintType = lhs.fheUintType + res_ser := &C.Buffer{} + switch lhs.fheUintType { + case FheUint8: + lhs_ptr := C.deserialize_fhe_uint8(toBufferView((lhs.serialization))) + if lhs_ptr == nil { + return nil, errors.New("8 bit binary op deserialization failed") + } + rhs_ptr := C.deserialize_fhe_uint8(toBufferView((rhs.serialization))) + if rhs_ptr == nil { + C.destroy_fhe_uint8(lhs_ptr) + return nil, errors.New("8 bit binary op deserialization failed") + } + first_ptr := C.deserialize_fhe_uint8(toBufferView((first.serialization))) + if first_ptr == nil { + C.destroy_fhe_uint8(lhs_ptr) + C.destroy_fhe_uint8(rhs_ptr) + return nil, errors.New("8 bit binary op deserialization failed") + } + res_ptr := op8(first_ptr, lhs_ptr, rhs_ptr) + C.destroy_fhe_uint8(lhs_ptr) + C.destroy_fhe_uint8(rhs_ptr) + if res_ptr == nil { + return nil, errors.New("8 bit binary op failed") + } + ret := C.serialize_fhe_uint8(res_ptr, res_ser) + C.destroy_fhe_uint8(res_ptr) + if ret != 0 { + return nil, errors.New("8 bit binary op serialization failed") + } + res.serialization = C.GoBytes(unsafe.Pointer(res_ser.pointer), C.int(res_ser.length)) + C.destroy_buffer(res_ser) + case FheUint16: + lhs_ptr := C.deserialize_fhe_uint16(toBufferView((lhs.serialization))) + if lhs_ptr == nil { + return nil, errors.New("16 bit binary op deserialization failed") + } + rhs_ptr := C.deserialize_fhe_uint16(toBufferView((rhs.serialization))) + if rhs_ptr == nil { + C.destroy_fhe_uint16(lhs_ptr) + return nil, errors.New("16 bit binary op deserialization failed") + } + first_ptr := C.deserialize_fhe_uint8(toBufferView((first.serialization))) + if first_ptr == nil { + C.destroy_fhe_uint8(lhs_ptr) + C.destroy_fhe_uint8(rhs_ptr) + return nil, errors.New("8 bit binary op deserialization failed") + } + res_ptr := op16(first_ptr, lhs_ptr, rhs_ptr) + C.destroy_fhe_uint16(lhs_ptr) + C.destroy_fhe_uint16(rhs_ptr) + if res_ptr == nil { + return nil, errors.New("16 bit binary op failed") + } + ret := C.serialize_fhe_uint16(res_ptr, res_ser) + C.destroy_fhe_uint16(res_ptr) + if ret != 0 { + return nil, errors.New("16 bit binary op serialization failed") + } + res.serialization = C.GoBytes(unsafe.Pointer(res_ser.pointer), C.int(res_ser.length)) + C.destroy_buffer(res_ser) + case FheUint32: + lhs_ptr := C.deserialize_fhe_uint32(toBufferView((lhs.serialization))) + if lhs_ptr == nil { + return nil, errors.New("32 bit binary op deserialization failed") + } + rhs_ptr := C.deserialize_fhe_uint32(toBufferView((rhs.serialization))) + if rhs_ptr == nil { + C.destroy_fhe_uint32(lhs_ptr) + return nil, errors.New("32 bit binary op deserialization failed") + } + first_ptr := C.deserialize_fhe_uint8(toBufferView((first.serialization))) + if first_ptr == nil { + C.destroy_fhe_uint8(lhs_ptr) + C.destroy_fhe_uint8(rhs_ptr) + return nil, errors.New("8 bit binary op deserialization failed") + } + res_ptr := op32(first_ptr, lhs_ptr, rhs_ptr) + C.destroy_fhe_uint32(lhs_ptr) + C.destroy_fhe_uint32(rhs_ptr) + if res_ptr == nil { + return nil, errors.New("32 bit binary op failed") + } + ret := C.serialize_fhe_uint32(res_ptr, res_ser) + C.destroy_fhe_uint32(res_ptr) + if ret != 0 { + return nil, errors.New("32 bit binary op serialization failed") + } + res.serialization = C.GoBytes(unsafe.Pointer(res_ser.pointer), C.int(res_ser.length)) + C.destroy_buffer(res_ser) + default: + panic("binary op unexpected ciphertext type") + } + res.computeHash() + return res, nil +} + func (lhs *tfheCiphertext) executeBinaryScalarOperation(rhs uint64, op8 func(lhs unsafe.Pointer, rhs C.uint8_t) unsafe.Pointer, op16 func(lhs unsafe.Pointer, rhs C.uint16_t) unsafe.Pointer, @@ -2460,6 +2592,19 @@ func (lhs *tfheCiphertext) not() (*tfheCiphertext, error) { }) } +func (condition *tfheCiphertext) ifThenElse(lhs *tfheCiphertext, rhs *tfheCiphertext) (*tfheCiphertext, error) { + return condition.executeTernaryCiphertextOperation(lhs, rhs, + func(condition unsafe.Pointer, lhs unsafe.Pointer, rhs unsafe.Pointer) unsafe.Pointer { + return C.if_then_else_fhe_uint8(condition, lhs, rhs, sks) + }, + func(condition unsafe.Pointer, lhs unsafe.Pointer, rhs unsafe.Pointer) unsafe.Pointer { + return C.if_then_else_fhe_uint16(condition, lhs, rhs, sks) + }, + func(condition unsafe.Pointer, lhs unsafe.Pointer, rhs unsafe.Pointer) unsafe.Pointer { + return C.if_then_else_fhe_uint32(condition, lhs, rhs, sks) + }) +} + func (ct *tfheCiphertext) castTo(castToType FheUintType) (*tfheCiphertext, error) { if ct.fheUintType == castToType { return nil, errors.New("casting to same type is not supported") @@ -2586,6 +2731,9 @@ func (ct *tfheCiphertext) castTo(castToType FheUintType) (*tfheCiphertext, error } func (ct *tfheCiphertext) decrypt() (big.Int, error) { + if cks == nil { + return *new(big.Int).SetUint64(0), errors.New("cks is not initialized") + } var value uint64 var ret C.int switch ct.fheUintType { diff --git a/fhevm/tfhe_test.go b/fhevm/tfhe_test.go index 10968b2..b0da366 100644 --- a/fhevm/tfhe_test.go +++ b/fhevm/tfhe_test.go @@ -27,7 +27,7 @@ import ( // generate keys if not present func setup() { - if !globalKeysPresent() { + if !allGlobalKeysPresent() { fmt.Println("INFO: initializing global keys in tests") initGlobalKeysWithNewKeys() } @@ -1033,6 +1033,41 @@ func TfheNot(t *testing.T, fheUintType FheUintType) { } } +func TfheIfThenElse(t *testing.T, fheUintType FheUintType) { + var condition, condition2, a, b big.Int + condition.SetUint64(1) + condition2.SetUint64(0) + switch fheUintType { + case FheUint8: + a.SetUint64(2) + b.SetUint64(1) + case FheUint16: + a.SetUint64(4283) + b.SetUint64(1337) + case FheUint32: + a.SetUint64(1333337) + b.SetUint64(133337) + } + ctCondition := new(tfheCiphertext) + ctCondition.encrypt(condition, fheUintType) + ctCondition2 := new(tfheCiphertext) + ctCondition2.encrypt(condition2, fheUintType) + ctA := new(tfheCiphertext) + ctA.encrypt(a, fheUintType) + ctB := new(tfheCiphertext) + ctB.encrypt(b, fheUintType) + ctRes1, _ := ctCondition.ifThenElse(ctA, ctB) + ctRes2, _ := ctCondition2.ifThenElse(ctA, ctB) + res1, err1 := ctRes1.decrypt() + res2, err2 := ctRes2.decrypt() + if err1 != nil || res1.Uint64() != a.Uint64() { + t.Fatalf("%d != %d", 0, res1.Uint64()) + } + if err2 != nil || res2.Uint64() != b.Uint64() { + t.Fatalf("%d != %d", 0, res2.Uint64()) + } +} + func TfheCast(t *testing.T, fheUintTypeFrom FheUintType, fheUintTypeTo FheUintType) { var a big.Int switch fheUintTypeFrom { @@ -1558,6 +1593,17 @@ func TestTfheNot32(t *testing.T) { TfheNot(t, FheUint32) } +func TestTfheIfThenElse8(t *testing.T) { + TfheIfThenElse(t, FheUint8) +} + +func TestTfheIfThenElse16(t *testing.T) { + TfheIfThenElse(t, FheUint16) +} +func TestTfheIfThenElse32(t *testing.T) { + TfheIfThenElse(t, FheUint32) +} + func TestTfhe8Cast16(t *testing.T) { TfheCast(t, FheUint8, FheUint16) } diff --git a/go.mod b/go.mod index 98cc357..765e13a 100644 --- a/go.mod +++ b/go.mod @@ -5,7 +5,12 @@ go 1.20 require ( github.com/ethereum/go-ethereum v1.12.0 github.com/holiman/uint256 v1.2.2-0.20230321075855-87b91420868c - golang.org/x/crypto v0.1.0 + golang.org/x/crypto v0.16.0 +) + +require ( + golang.org/x/net v0.14.0 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d // indirect ) require ( @@ -25,7 +30,7 @@ require ( github.com/go-stack/stack v1.8.1 // indirect github.com/gofrs/flock v0.8.1 // indirect github.com/gogo/protobuf v1.3.2 // indirect - github.com/golang/protobuf v1.5.2 // indirect + github.com/golang/protobuf v1.5.3 // indirect github.com/golang/snappy v0.0.5-0.20220116011046-fa5810519dcb // indirect github.com/holiman/bloomfilter/v2 v2.0.3 // indirect github.com/klauspost/compress v1.15.15 // indirect @@ -45,7 +50,8 @@ require ( github.com/tklauser/go-sysconf v0.3.5 // indirect github.com/tklauser/numcpus v0.2.2 // indirect golang.org/x/exp v0.0.0-20230206171751-46f607a40771 // indirect - golang.org/x/sys v0.7.0 // indirect - golang.org/x/text v0.8.0 // indirect - google.golang.org/protobuf v1.28.1 // indirect + golang.org/x/sys v0.15.0 // indirect + golang.org/x/text v0.14.0 // indirect + google.golang.org/grpc v1.59.0 + google.golang.org/protobuf v1.31.0 ) diff --git a/go.sum b/go.sum index f5ef0f5..5acf759 100644 --- a/go.sum +++ b/go.sum @@ -107,8 +107,9 @@ github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvq github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8= github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= -github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw= github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= +github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= +github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/golang/snappy v0.0.5-0.20220116011046-fa5810519dcb h1:PBC98N2aIaM3XXiurYmW7fx4GZkL8feAMVq7nEjURHk= @@ -286,8 +287,8 @@ golang.org/x/crypto v0.0.0-20191227163750-53104e6ec876/go.mod h1:LzIPMQfyMNhhGPh golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.1.0 h1:MDRAIl0xIo9Io2xV565hzXHw3zVseKrJKodhohM5CjU= -golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw= +golang.org/x/crypto v0.16.0 h1:mMMrFzRSCF0GvB7Ne27XVtVAaXLrPmgPC7/v0tkwHaY= +golang.org/x/crypto v0.16.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20230206171751-46f607a40771 h1:xP7rWLUr1e1n2xkK5YB4LI0hPEy3LJC6Wk+D4pGlOJg= golang.org/x/exp v0.0.0-20230206171751-46f607a40771/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= @@ -318,7 +319,8 @@ golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwY golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= golang.org/x/net v0.0.0-20211008194852-3b03d305991f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ= +golang.org/x/net v0.14.0 h1:BONx9s002vGdD9umnlX1Po8vOZmrgH34qlHcD1MfK14= +golang.org/x/net v0.14.0/go.mod h1:PpSgVXXLK0OxS0F31C1/tv6XNguvCrnXIDrFMspZIUI= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -328,7 +330,7 @@ golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o= +golang.org/x/sync v0.3.0 h1:ftCYgMx6zT/asHUrPw8BLLscYtGznsLAnjq5RH9P66E= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -358,8 +360,8 @@ golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.7.0 h1:3jlCCIQZPdOYu1h8BkNvLz8Kgwtae2cagcG/VamtZRU= -golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc= +golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= @@ -367,8 +369,8 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -golang.org/x/text v0.8.0 h1:57P1ETyNKtuIjB4SRd15iJxuhj8Gc416Y78H3qgMh68= -golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= +golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= +golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/time v0.0.0-20201208040808-7e3f01d25324/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20181221001348-537d06c36207/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -395,12 +397,16 @@ google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoA google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= google.golang.org/genproto v0.0.0-20210624195500-8bfb893ecb84/go.mod h1:SzzZ/N+nwJDaO1kznhnlzqS8ocJICar6hYhVyhi++24= +google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d h1:uvYuEyMHKNt+lT4K3bN6fGswmK8qSvcreM3BwjDh+y4= +google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d/go.mod h1:+Bk1OCOj40wS2hwAMA+aCW9ypzm63QTBBHp6lQ3p+9M= google.golang.org/grpc v1.12.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= +google.golang.org/grpc v1.59.0 h1:Z5Iec2pjwb+LEOqzpB2MR12/eKFhDPhuqW91O+4bwUk= +google.golang.org/grpc v1.59.0/go.mod h1:aUPDwccQo6OTjy7Hct4AfBPD1GptF4fyUjIkQ9YtF98= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= @@ -412,8 +418,8 @@ google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpAD google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.28.1 h1:d0NfwRgPtno5B1Wa6L2DAG+KivqkdutMf1UhdNx175w= -google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= +google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8= +google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= diff --git a/kms/kms.pb.go b/kms/kms.pb.go new file mode 100644 index 0000000..26318df --- /dev/null +++ b/kms/kms.pb.go @@ -0,0 +1,591 @@ +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.31.0 +// protoc v4.25.1 +// source: kms.proto + +package kms + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type FheType int32 + +const ( + FheType_Bool FheType = 0 + FheType_Euint8 FheType = 1 + FheType_Euint16 FheType = 2 + FheType_Euint32 FheType = 3 +) + +// Enum value maps for FheType. +var ( + FheType_name = map[int32]string{ + 0: "Bool", + 1: "Euint8", + 2: "Euint16", + 3: "Euint32", + } + FheType_value = map[string]int32{ + "Bool": 0, + "Euint8": 1, + "Euint16": 2, + "Euint32": 3, + } +) + +func (x FheType) Enum() *FheType { + p := new(FheType) + *p = x + return p +} + +func (x FheType) String() string { + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) +} + +func (FheType) Descriptor() protoreflect.EnumDescriptor { + return file_kms_proto_enumTypes[0].Descriptor() +} + +func (FheType) Type() protoreflect.EnumType { + return &file_kms_proto_enumTypes[0] +} + +func (x FheType) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Use FheType.Descriptor instead. +func (FheType) EnumDescriptor() ([]byte, []int) { + return file_kms_proto_rawDescGZIP(), []int{0} +} + +type Proof struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Height uint32 `protobuf:"varint,1,opt,name=height,proto3" json:"height,omitempty"` + MerklePatriciaProof []byte `protobuf:"bytes,2,opt,name=merkle_patricia_proof,json=merklePatriciaProof,proto3" json:"merkle_patricia_proof,omitempty"` +} + +func (x *Proof) Reset() { + *x = Proof{} + if protoimpl.UnsafeEnabled { + mi := &file_kms_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *Proof) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Proof) ProtoMessage() {} + +func (x *Proof) ProtoReflect() protoreflect.Message { + mi := &file_kms_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Proof.ProtoReflect.Descriptor instead. +func (*Proof) Descriptor() ([]byte, []int) { + return file_kms_proto_rawDescGZIP(), []int{0} +} + +func (x *Proof) GetHeight() uint32 { + if x != nil { + return x.Height + } + return 0 +} + +func (x *Proof) GetMerklePatriciaProof() []byte { + if x != nil { + return x.MerklePatriciaProof + } + return nil +} + +type DecryptionRequest struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + FheType FheType `protobuf:"varint,1,opt,name=fhe_type,json=fheType,proto3,enum=kms.FheType" json:"fhe_type,omitempty"` + Ciphertext []byte `protobuf:"bytes,2,opt,name=ciphertext,proto3" json:"ciphertext,omitempty"` + Request []byte `protobuf:"bytes,3,opt,name=request,proto3" json:"request,omitempty"` + Proof *Proof `protobuf:"bytes,4,opt,name=proof,proto3" json:"proof,omitempty"` +} + +func (x *DecryptionRequest) Reset() { + *x = DecryptionRequest{} + if protoimpl.UnsafeEnabled { + mi := &file_kms_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *DecryptionRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*DecryptionRequest) ProtoMessage() {} + +func (x *DecryptionRequest) ProtoReflect() protoreflect.Message { + mi := &file_kms_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use DecryptionRequest.ProtoReflect.Descriptor instead. +func (*DecryptionRequest) Descriptor() ([]byte, []int) { + return file_kms_proto_rawDescGZIP(), []int{1} +} + +func (x *DecryptionRequest) GetFheType() FheType { + if x != nil { + return x.FheType + } + return FheType_Bool +} + +func (x *DecryptionRequest) GetCiphertext() []byte { + if x != nil { + return x.Ciphertext + } + return nil +} + +func (x *DecryptionRequest) GetRequest() []byte { + if x != nil { + return x.Request + } + return nil +} + +func (x *DecryptionRequest) GetProof() *Proof { + if x != nil { + return x.Proof + } + return nil +} + +type DecryptionResponse struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Signature []byte `protobuf:"bytes,1,opt,name=signature,proto3" json:"signature,omitempty"` + FheType FheType `protobuf:"varint,2,opt,name=fhe_type,json=fheType,proto3,enum=kms.FheType" json:"fhe_type,omitempty"` + Plaintext uint32 `protobuf:"varint,3,opt,name=plaintext,proto3" json:"plaintext,omitempty"` +} + +func (x *DecryptionResponse) Reset() { + *x = DecryptionResponse{} + if protoimpl.UnsafeEnabled { + mi := &file_kms_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *DecryptionResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*DecryptionResponse) ProtoMessage() {} + +func (x *DecryptionResponse) ProtoReflect() protoreflect.Message { + mi := &file_kms_proto_msgTypes[2] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use DecryptionResponse.ProtoReflect.Descriptor instead. +func (*DecryptionResponse) Descriptor() ([]byte, []int) { + return file_kms_proto_rawDescGZIP(), []int{2} +} + +func (x *DecryptionResponse) GetSignature() []byte { + if x != nil { + return x.Signature + } + return nil +} + +func (x *DecryptionResponse) GetFheType() FheType { + if x != nil { + return x.FheType + } + return FheType_Bool +} + +func (x *DecryptionResponse) GetPlaintext() uint32 { + if x != nil { + return x.Plaintext + } + return 0 +} + +type ReencryptionRequest struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + FheType FheType `protobuf:"varint,1,opt,name=fhe_type,json=fheType,proto3,enum=kms.FheType" json:"fhe_type,omitempty"` + Ciphertext []byte `protobuf:"bytes,2,opt,name=ciphertext,proto3" json:"ciphertext,omitempty"` + Request []byte `protobuf:"bytes,3,opt,name=request,proto3" json:"request,omitempty"` + Proof *Proof `protobuf:"bytes,4,opt,name=proof,proto3" json:"proof,omitempty"` +} + +func (x *ReencryptionRequest) Reset() { + *x = ReencryptionRequest{} + if protoimpl.UnsafeEnabled { + mi := &file_kms_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ReencryptionRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ReencryptionRequest) ProtoMessage() {} + +func (x *ReencryptionRequest) ProtoReflect() protoreflect.Message { + mi := &file_kms_proto_msgTypes[3] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ReencryptionRequest.ProtoReflect.Descriptor instead. +func (*ReencryptionRequest) Descriptor() ([]byte, []int) { + return file_kms_proto_rawDescGZIP(), []int{3} +} + +func (x *ReencryptionRequest) GetFheType() FheType { + if x != nil { + return x.FheType + } + return FheType_Bool +} + +func (x *ReencryptionRequest) GetCiphertext() []byte { + if x != nil { + return x.Ciphertext + } + return nil +} + +func (x *ReencryptionRequest) GetRequest() []byte { + if x != nil { + return x.Request + } + return nil +} + +func (x *ReencryptionRequest) GetProof() *Proof { + if x != nil { + return x.Proof + } + return nil +} + +type ReencryptionResponse struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + ReencryptedCiphertext []byte `protobuf:"bytes,1,opt,name=reencrypted_ciphertext,json=reencryptedCiphertext,proto3" json:"reencrypted_ciphertext,omitempty"` + FheType FheType `protobuf:"varint,2,opt,name=fhe_type,json=fheType,proto3,enum=kms.FheType" json:"fhe_type,omitempty"` +} + +func (x *ReencryptionResponse) Reset() { + *x = ReencryptionResponse{} + if protoimpl.UnsafeEnabled { + mi := &file_kms_proto_msgTypes[4] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ReencryptionResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ReencryptionResponse) ProtoMessage() {} + +func (x *ReencryptionResponse) ProtoReflect() protoreflect.Message { + mi := &file_kms_proto_msgTypes[4] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ReencryptionResponse.ProtoReflect.Descriptor instead. +func (*ReencryptionResponse) Descriptor() ([]byte, []int) { + return file_kms_proto_rawDescGZIP(), []int{4} +} + +func (x *ReencryptionResponse) GetReencryptedCiphertext() []byte { + if x != nil { + return x.ReencryptedCiphertext + } + return nil +} + +func (x *ReencryptionResponse) GetFheType() FheType { + if x != nil { + return x.FheType + } + return FheType_Bool +} + +var File_kms_proto protoreflect.FileDescriptor + +var file_kms_proto_rawDesc = []byte{ + 0x0a, 0x09, 0x6b, 0x6d, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x03, 0x6b, 0x6d, 0x73, + 0x22, 0x53, 0x0a, 0x05, 0x50, 0x72, 0x6f, 0x6f, 0x66, 0x12, 0x16, 0x0a, 0x06, 0x68, 0x65, 0x69, + 0x67, 0x68, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x06, 0x68, 0x65, 0x69, 0x67, 0x68, + 0x74, 0x12, 0x32, 0x0a, 0x15, 0x6d, 0x65, 0x72, 0x6b, 0x6c, 0x65, 0x5f, 0x70, 0x61, 0x74, 0x72, + 0x69, 0x63, 0x69, 0x61, 0x5f, 0x70, 0x72, 0x6f, 0x6f, 0x66, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, + 0x52, 0x13, 0x6d, 0x65, 0x72, 0x6b, 0x6c, 0x65, 0x50, 0x61, 0x74, 0x72, 0x69, 0x63, 0x69, 0x61, + 0x50, 0x72, 0x6f, 0x6f, 0x66, 0x22, 0x98, 0x01, 0x0a, 0x11, 0x44, 0x65, 0x63, 0x72, 0x79, 0x70, + 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x27, 0x0a, 0x08, 0x66, + 0x68, 0x65, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x0c, 0x2e, + 0x6b, 0x6d, 0x73, 0x2e, 0x46, 0x68, 0x65, 0x54, 0x79, 0x70, 0x65, 0x52, 0x07, 0x66, 0x68, 0x65, + 0x54, 0x79, 0x70, 0x65, 0x12, 0x1e, 0x0a, 0x0a, 0x63, 0x69, 0x70, 0x68, 0x65, 0x72, 0x74, 0x65, + 0x78, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0a, 0x63, 0x69, 0x70, 0x68, 0x65, 0x72, + 0x74, 0x65, 0x78, 0x74, 0x12, 0x18, 0x0a, 0x07, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x18, + 0x03, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x07, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x20, + 0x0a, 0x05, 0x70, 0x72, 0x6f, 0x6f, 0x66, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0a, 0x2e, + 0x6b, 0x6d, 0x73, 0x2e, 0x50, 0x72, 0x6f, 0x6f, 0x66, 0x52, 0x05, 0x70, 0x72, 0x6f, 0x6f, 0x66, + 0x22, 0x79, 0x0a, 0x12, 0x44, 0x65, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, + 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, + 0x75, 0x72, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x09, 0x73, 0x69, 0x67, 0x6e, 0x61, + 0x74, 0x75, 0x72, 0x65, 0x12, 0x27, 0x0a, 0x08, 0x66, 0x68, 0x65, 0x5f, 0x74, 0x79, 0x70, 0x65, + 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x0c, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x46, 0x68, 0x65, + 0x54, 0x79, 0x70, 0x65, 0x52, 0x07, 0x66, 0x68, 0x65, 0x54, 0x79, 0x70, 0x65, 0x12, 0x1c, 0x0a, + 0x09, 0x70, 0x6c, 0x61, 0x69, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0d, + 0x52, 0x09, 0x70, 0x6c, 0x61, 0x69, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x22, 0x9a, 0x01, 0x0a, 0x13, + 0x52, 0x65, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, + 0x65, 0x73, 0x74, 0x12, 0x27, 0x0a, 0x08, 0x66, 0x68, 0x65, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x0c, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x46, 0x68, 0x65, 0x54, + 0x79, 0x70, 0x65, 0x52, 0x07, 0x66, 0x68, 0x65, 0x54, 0x79, 0x70, 0x65, 0x12, 0x1e, 0x0a, 0x0a, + 0x63, 0x69, 0x70, 0x68, 0x65, 0x72, 0x74, 0x65, 0x78, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, + 0x52, 0x0a, 0x63, 0x69, 0x70, 0x68, 0x65, 0x72, 0x74, 0x65, 0x78, 0x74, 0x12, 0x18, 0x0a, 0x07, + 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x07, 0x72, + 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x20, 0x0a, 0x05, 0x70, 0x72, 0x6f, 0x6f, 0x66, 0x18, + 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0a, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x50, 0x72, 0x6f, 0x6f, + 0x66, 0x52, 0x05, 0x70, 0x72, 0x6f, 0x6f, 0x66, 0x22, 0x76, 0x0a, 0x14, 0x52, 0x65, 0x65, 0x6e, + 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, + 0x12, 0x35, 0x0a, 0x16, 0x72, 0x65, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x65, 0x64, 0x5f, + 0x63, 0x69, 0x70, 0x68, 0x65, 0x72, 0x74, 0x65, 0x78, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, + 0x52, 0x15, 0x72, 0x65, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x65, 0x64, 0x43, 0x69, 0x70, + 0x68, 0x65, 0x72, 0x74, 0x65, 0x78, 0x74, 0x12, 0x27, 0x0a, 0x08, 0x66, 0x68, 0x65, 0x5f, 0x74, + 0x79, 0x70, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x0c, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, + 0x46, 0x68, 0x65, 0x54, 0x79, 0x70, 0x65, 0x52, 0x07, 0x66, 0x68, 0x65, 0x54, 0x79, 0x70, 0x65, + 0x2a, 0x39, 0x0a, 0x07, 0x46, 0x68, 0x65, 0x54, 0x79, 0x70, 0x65, 0x12, 0x08, 0x0a, 0x04, 0x42, + 0x6f, 0x6f, 0x6c, 0x10, 0x00, 0x12, 0x0a, 0x0a, 0x06, 0x45, 0x75, 0x69, 0x6e, 0x74, 0x38, 0x10, + 0x01, 0x12, 0x0b, 0x0a, 0x07, 0x45, 0x75, 0x69, 0x6e, 0x74, 0x31, 0x36, 0x10, 0x02, 0x12, 0x0b, + 0x0a, 0x07, 0x45, 0x75, 0x69, 0x6e, 0x74, 0x33, 0x32, 0x10, 0x03, 0x32, 0xa3, 0x02, 0x0a, 0x0b, + 0x4b, 0x6d, 0x73, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x12, 0x47, 0x0a, 0x14, 0x56, + 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x5f, 0x61, 0x6e, 0x64, 0x5f, 0x64, 0x65, 0x63, 0x72, + 0x79, 0x70, 0x74, 0x12, 0x16, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x44, 0x65, 0x63, 0x72, 0x79, 0x70, + 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x17, 0x2e, 0x6b, 0x6d, + 0x73, 0x2e, 0x44, 0x65, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70, + 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x4d, 0x0a, 0x16, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, + 0x5f, 0x61, 0x6e, 0x64, 0x5f, 0x72, 0x65, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x12, 0x18, + 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x52, 0x65, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, + 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x19, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x52, + 0x65, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, + 0x6e, 0x73, 0x65, 0x12, 0x3a, 0x0a, 0x07, 0x44, 0x65, 0x63, 0x72, 0x79, 0x70, 0x74, 0x12, 0x16, + 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x44, 0x65, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x52, + 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x17, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x44, 0x65, 0x63, + 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, + 0x40, 0x0a, 0x09, 0x52, 0x65, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x12, 0x18, 0x2e, 0x6b, + 0x6d, 0x73, 0x2e, 0x52, 0x65, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x52, + 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x19, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x52, 0x65, 0x65, + 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, + 0x65, 0x42, 0x21, 0x5a, 0x1f, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, + 0x7a, 0x61, 0x6d, 0x61, 0x2d, 0x61, 0x69, 0x2f, 0x66, 0x68, 0x65, 0x76, 0x6d, 0x2d, 0x67, 0x6f, + 0x2f, 0x6b, 0x6d, 0x73, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, +} + +var ( + file_kms_proto_rawDescOnce sync.Once + file_kms_proto_rawDescData = file_kms_proto_rawDesc +) + +func file_kms_proto_rawDescGZIP() []byte { + file_kms_proto_rawDescOnce.Do(func() { + file_kms_proto_rawDescData = protoimpl.X.CompressGZIP(file_kms_proto_rawDescData) + }) + return file_kms_proto_rawDescData +} + +var file_kms_proto_enumTypes = make([]protoimpl.EnumInfo, 1) +var file_kms_proto_msgTypes = make([]protoimpl.MessageInfo, 5) +var file_kms_proto_goTypes = []interface{}{ + (FheType)(0), // 0: kms.FheType + (*Proof)(nil), // 1: kms.Proof + (*DecryptionRequest)(nil), // 2: kms.DecryptionRequest + (*DecryptionResponse)(nil), // 3: kms.DecryptionResponse + (*ReencryptionRequest)(nil), // 4: kms.ReencryptionRequest + (*ReencryptionResponse)(nil), // 5: kms.ReencryptionResponse +} +var file_kms_proto_depIdxs = []int32{ + 0, // 0: kms.DecryptionRequest.fhe_type:type_name -> kms.FheType + 1, // 1: kms.DecryptionRequest.proof:type_name -> kms.Proof + 0, // 2: kms.DecryptionResponse.fhe_type:type_name -> kms.FheType + 0, // 3: kms.ReencryptionRequest.fhe_type:type_name -> kms.FheType + 1, // 4: kms.ReencryptionRequest.proof:type_name -> kms.Proof + 0, // 5: kms.ReencryptionResponse.fhe_type:type_name -> kms.FheType + 2, // 6: kms.KmsEndpoint.Validate_and_decrypt:input_type -> kms.DecryptionRequest + 4, // 7: kms.KmsEndpoint.Validate_and_reencrypt:input_type -> kms.ReencryptionRequest + 2, // 8: kms.KmsEndpoint.Decrypt:input_type -> kms.DecryptionRequest + 4, // 9: kms.KmsEndpoint.Reencrypt:input_type -> kms.ReencryptionRequest + 3, // 10: kms.KmsEndpoint.Validate_and_decrypt:output_type -> kms.DecryptionResponse + 5, // 11: kms.KmsEndpoint.Validate_and_reencrypt:output_type -> kms.ReencryptionResponse + 3, // 12: kms.KmsEndpoint.Decrypt:output_type -> kms.DecryptionResponse + 5, // 13: kms.KmsEndpoint.Reencrypt:output_type -> kms.ReencryptionResponse + 10, // [10:14] is the sub-list for method output_type + 6, // [6:10] is the sub-list for method input_type + 6, // [6:6] is the sub-list for extension type_name + 6, // [6:6] is the sub-list for extension extendee + 0, // [0:6] is the sub-list for field type_name +} + +func init() { file_kms_proto_init() } +func file_kms_proto_init() { + if File_kms_proto != nil { + return + } + if !protoimpl.UnsafeEnabled { + file_kms_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*Proof); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_kms_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*DecryptionRequest); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_kms_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*DecryptionResponse); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_kms_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ReencryptionRequest); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_kms_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ReencryptionResponse); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_kms_proto_rawDesc, + NumEnums: 1, + NumMessages: 5, + NumExtensions: 0, + NumServices: 1, + }, + GoTypes: file_kms_proto_goTypes, + DependencyIndexes: file_kms_proto_depIdxs, + EnumInfos: file_kms_proto_enumTypes, + MessageInfos: file_kms_proto_msgTypes, + }.Build() + File_kms_proto = out.File + file_kms_proto_rawDesc = nil + file_kms_proto_goTypes = nil + file_kms_proto_depIdxs = nil +} diff --git a/kms/kms_grpc.pb.go b/kms/kms_grpc.pb.go new file mode 100644 index 0000000..f832c06 --- /dev/null +++ b/kms/kms_grpc.pb.go @@ -0,0 +1,225 @@ +// Code generated by protoc-gen-go-grpc. DO NOT EDIT. +// versions: +// - protoc-gen-go-grpc v1.3.0 +// - protoc v4.25.1 +// source: kms.proto + +package kms + +import ( + context "context" + "os" + + grpc "google.golang.org/grpc" + codes "google.golang.org/grpc/codes" + status "google.golang.org/grpc/status" +) + +// This is a compile-time assertion to ensure that this generated file +// is compatible with the grpc package it is being compiled against. +// Requires gRPC-Go v1.32.0 or later. +const _ = grpc.SupportPackageIsVersion7 + +// URL of the KMS gRPC endpoint +var KmsEndpointAddr = os.Getenv("KMS_ENDPOINT_ADDR") + +const ( + KmsEndpoint_ValidateAndDecrypt_FullMethodName = "/kms.KmsEndpoint/Validate_and_decrypt" + KmsEndpoint_ValidateAndReencrypt_FullMethodName = "/kms.KmsEndpoint/Validate_and_reencrypt" + KmsEndpoint_Decrypt_FullMethodName = "/kms.KmsEndpoint/Decrypt" + KmsEndpoint_Reencrypt_FullMethodName = "/kms.KmsEndpoint/Reencrypt" +) + +// KmsEndpointClient is the client API for KmsEndpoint service. +// +// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. +type KmsEndpointClient interface { + ValidateAndDecrypt(ctx context.Context, in *DecryptionRequest, opts ...grpc.CallOption) (*DecryptionResponse, error) + ValidateAndReencrypt(ctx context.Context, in *ReencryptionRequest, opts ...grpc.CallOption) (*ReencryptionResponse, error) + Decrypt(ctx context.Context, in *DecryptionRequest, opts ...grpc.CallOption) (*DecryptionResponse, error) + Reencrypt(ctx context.Context, in *ReencryptionRequest, opts ...grpc.CallOption) (*ReencryptionResponse, error) +} + +type kmsEndpointClient struct { + cc grpc.ClientConnInterface +} + +func NewKmsEndpointClient(cc grpc.ClientConnInterface) KmsEndpointClient { + return &kmsEndpointClient{cc} +} + +func (c *kmsEndpointClient) ValidateAndDecrypt(ctx context.Context, in *DecryptionRequest, opts ...grpc.CallOption) (*DecryptionResponse, error) { + out := new(DecryptionResponse) + err := c.cc.Invoke(ctx, KmsEndpoint_ValidateAndDecrypt_FullMethodName, in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *kmsEndpointClient) ValidateAndReencrypt(ctx context.Context, in *ReencryptionRequest, opts ...grpc.CallOption) (*ReencryptionResponse, error) { + out := new(ReencryptionResponse) + err := c.cc.Invoke(ctx, KmsEndpoint_ValidateAndReencrypt_FullMethodName, in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *kmsEndpointClient) Decrypt(ctx context.Context, in *DecryptionRequest, opts ...grpc.CallOption) (*DecryptionResponse, error) { + out := new(DecryptionResponse) + err := c.cc.Invoke(ctx, KmsEndpoint_Decrypt_FullMethodName, in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *kmsEndpointClient) Reencrypt(ctx context.Context, in *ReencryptionRequest, opts ...grpc.CallOption) (*ReencryptionResponse, error) { + out := new(ReencryptionResponse) + err := c.cc.Invoke(ctx, KmsEndpoint_Reencrypt_FullMethodName, in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +// KmsEndpointServer is the server API for KmsEndpoint service. +// All implementations must embed UnimplementedKmsEndpointServer +// for forward compatibility +type KmsEndpointServer interface { + ValidateAndDecrypt(context.Context, *DecryptionRequest) (*DecryptionResponse, error) + ValidateAndReencrypt(context.Context, *ReencryptionRequest) (*ReencryptionResponse, error) + Decrypt(context.Context, *DecryptionRequest) (*DecryptionResponse, error) + Reencrypt(context.Context, *ReencryptionRequest) (*ReencryptionResponse, error) + mustEmbedUnimplementedKmsEndpointServer() +} + +// UnimplementedKmsEndpointServer must be embedded to have forward compatible implementations. +type UnimplementedKmsEndpointServer struct { +} + +func (UnimplementedKmsEndpointServer) ValidateAndDecrypt(context.Context, *DecryptionRequest) (*DecryptionResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method ValidateAndDecrypt not implemented") +} +func (UnimplementedKmsEndpointServer) ValidateAndReencrypt(context.Context, *ReencryptionRequest) (*ReencryptionResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method ValidateAndReencrypt not implemented") +} +func (UnimplementedKmsEndpointServer) Decrypt(context.Context, *DecryptionRequest) (*DecryptionResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method Decrypt not implemented") +} +func (UnimplementedKmsEndpointServer) Reencrypt(context.Context, *ReencryptionRequest) (*ReencryptionResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method Reencrypt not implemented") +} +func (UnimplementedKmsEndpointServer) mustEmbedUnimplementedKmsEndpointServer() {} + +// UnsafeKmsEndpointServer may be embedded to opt out of forward compatibility for this service. +// Use of this interface is not recommended, as added methods to KmsEndpointServer will +// result in compilation errors. +type UnsafeKmsEndpointServer interface { + mustEmbedUnimplementedKmsEndpointServer() +} + +func RegisterKmsEndpointServer(s grpc.ServiceRegistrar, srv KmsEndpointServer) { + s.RegisterService(&KmsEndpoint_ServiceDesc, srv) +} + +func _KmsEndpoint_ValidateAndDecrypt_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(DecryptionRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(KmsEndpointServer).ValidateAndDecrypt(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: KmsEndpoint_ValidateAndDecrypt_FullMethodName, + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(KmsEndpointServer).ValidateAndDecrypt(ctx, req.(*DecryptionRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _KmsEndpoint_ValidateAndReencrypt_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(ReencryptionRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(KmsEndpointServer).ValidateAndReencrypt(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: KmsEndpoint_ValidateAndReencrypt_FullMethodName, + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(KmsEndpointServer).ValidateAndReencrypt(ctx, req.(*ReencryptionRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _KmsEndpoint_Decrypt_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(DecryptionRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(KmsEndpointServer).Decrypt(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: KmsEndpoint_Decrypt_FullMethodName, + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(KmsEndpointServer).Decrypt(ctx, req.(*DecryptionRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _KmsEndpoint_Reencrypt_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(ReencryptionRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(KmsEndpointServer).Reencrypt(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: KmsEndpoint_Reencrypt_FullMethodName, + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(KmsEndpointServer).Reencrypt(ctx, req.(*ReencryptionRequest)) + } + return interceptor(ctx, in, info, handler) +} + +// KmsEndpoint_ServiceDesc is the grpc.ServiceDesc for KmsEndpoint service. +// It's only intended for direct use with grpc.RegisterService, +// and not to be introspected or modified (even as a copy) +var KmsEndpoint_ServiceDesc = grpc.ServiceDesc{ + ServiceName: "kms.KmsEndpoint", + HandlerType: (*KmsEndpointServer)(nil), + Methods: []grpc.MethodDesc{ + { + MethodName: "Validate_and_decrypt", + Handler: _KmsEndpoint_ValidateAndDecrypt_Handler, + }, + { + MethodName: "Validate_and_reencrypt", + Handler: _KmsEndpoint_ValidateAndReencrypt_Handler, + }, + { + MethodName: "Decrypt", + Handler: _KmsEndpoint_Decrypt_Handler, + }, + { + MethodName: "Reencrypt", + Handler: _KmsEndpoint_Reencrypt_Handler, + }, + }, + Streams: []grpc.StreamDesc{}, + Metadata: "kms.proto", +} diff --git a/proto/kms.proto b/proto/kms.proto new file mode 100644 index 0000000..fe2cc7a --- /dev/null +++ b/proto/kms.proto @@ -0,0 +1,48 @@ +syntax = "proto3"; +package kms; +option go_package = "github.com/zama-ai/fhevm-go/kms"; + +service KmsEndpoint { + rpc Validate_and_decrypt(DecryptionRequest) returns (DecryptionResponse); + rpc Validate_and_reencrypt(ReencryptionRequest) + returns (ReencryptionResponse); + rpc Decrypt(DecryptionRequest) returns (DecryptionResponse); + rpc Reencrypt(ReencryptionRequest) returns (ReencryptionResponse); +} + +enum FheType { + Bool = 0; + Euint8 = 1; + Euint16 = 2; + Euint32 = 3; +} + +message Proof { + uint32 height = 1; + bytes merkle_patricia_proof = 2; +} + +message DecryptionRequest { + FheType fhe_type = 1; + bytes ciphertext = 2; + bytes request = 3; + Proof proof = 4; +} + +message DecryptionResponse { + bytes signature = 1; + FheType fhe_type = 2; + uint32 plaintext = 3; +} + +message ReencryptionRequest { + FheType fhe_type = 1; + bytes ciphertext = 2; + bytes request = 3; + Proof proof = 4; +} + +message ReencryptionResponse { + bytes reencrypted_ciphertext = 1; + FheType fhe_type = 2; +} \ No newline at end of file diff --git a/tfhe-rs b/tfhe-rs index c58b0a3..2f4d00b 160000 --- a/tfhe-rs +++ b/tfhe-rs @@ -1 +1 @@ -Subproject commit c58b0a3f6884e2af3110fd24505eb2f8bdb74ddb +Subproject commit 2f4d00b13a4bce89ca4990365effc5ea6e66bb2d