diff --git a/.env.mpc1.dist b/.env.mpc1.dist index 776f0b47b..d129f7b5e 100644 --- a/.env.mpc1.dist +++ b/.env.mpc1.dist @@ -22,6 +22,7 @@ SMPC__PARTY_ID=0 SMPC__REQUESTS_QUEUE_URL=https://sqs.eu-north-1.amazonaws.com/654654380399/mpc1.fifo SMPC__RESULTS_TOPIC_ARN=arn:aws:sns:eu-north-1:654654380399:mpc-results-topic SMPC__PROCESSING_TIMEOUT_SECS=60 +SMPC__PUBLIC_KEY_BASE_URL=https://d24uxaabh702ht.cloudfront.net # These can be either ARNs or IDs, in production multi account setup they are ARNs SMPC__KMS_KEY_ARNS='["077788e2-9eeb-4044-859b-34496cfd500b", "896353dc-5ea5-42d4-9e4e-f65dd8169dee", "42bb01f5-8380-48b4-b1f1-929463a587fb"]' diff --git a/.env.mpc2.dist b/.env.mpc2.dist index 3c0c676c0..5b25b36d1 100644 --- a/.env.mpc2.dist +++ b/.env.mpc2.dist @@ -22,6 +22,7 @@ SMPC__PARTY_ID=1 SMPC__REQUESTS_QUEUE_URL=https://sqs.eu-north-1.amazonaws.com/654654380399/mpc2.fifo SMPC__RESULTS_TOPIC_ARN=arn:aws:sns:eu-north-1:654654380399:mpc-results-topic SMPC__PROCESSING_TIMEOUT_SECS=60 +SMPC__PUBLIC_KEY_BASE_URL=https://d24uxaabh702ht.cloudfront.net # These can be either ARNs or IDs, in production multi account setup they are ARNs SMPC__KMS_KEY_ARNS='["077788e2-9eeb-4044-859b-34496cfd500b", "896353dc-5ea5-42d4-9e4e-f65dd8169dee", "42bb01f5-8380-48b4-b1f1-929463a587fb"]' diff --git a/.env.mpc3.dist b/.env.mpc3.dist index f7a58312d..4a7ab426a 100644 --- a/.env.mpc3.dist +++ b/.env.mpc3.dist @@ -22,6 +22,7 @@ SMPC__PARTY_ID=2 SMPC__REQUESTS_QUEUE_URL=https://sqs.eu-north-1.amazonaws.com/654654380399/mpc3.fifo SMPC__RESULTS_TOPIC_ARN=arn:aws:sns:eu-north-1:654654380399:mpc-results-topic SMPC__PROCESSING_TIMEOUT_SECS=60 +SMPC__PUBLIC_KEY_BASE_URL=https://d24uxaabh702ht.cloudfront.net # These can be either ARNs or IDs, in production multi account setup they are ARNs SMPC__KMS_KEY_ARNS='["077788e2-9eeb-4044-859b-34496cfd500b", "896353dc-5ea5-42d4-9e4e-f65dd8169dee", "42bb01f5-8380-48b4-b1f1-929463a587fb"]' diff --git a/deploy/stage/mpc1-stage/values-gpu-iris-mpc.yaml b/deploy/stage/mpc1-stage/values-gpu-iris-mpc.yaml index 132513d8a..7713e011a 100644 --- a/deploy/stage/mpc1-stage/values-gpu-iris-mpc.yaml +++ b/deploy/stage/mpc1-stage/values-gpu-iris-mpc.yaml @@ -62,8 +62,8 @@ env: - name: SMPC__PARTY_ID value: "0" - - name: SMPC__PUBLIC_KEY_BUCKET_NAME - value: "wf-smpcv2-stage-public-keys" - + - name: SMPC__PUBLIC_KEY_BASE_URL + value: "https://d24uxaabh702ht.cloudfront.net" + - name: SMPC__ENABLE_PROCESSING_ENCRYPTED_SHARES value: "false" diff --git a/deploy/stage/mpc2-stage/values-gpu-iris-mpc.yaml b/deploy/stage/mpc2-stage/values-gpu-iris-mpc.yaml index e634ba020..c6e6f15c1 100644 --- a/deploy/stage/mpc2-stage/values-gpu-iris-mpc.yaml +++ b/deploy/stage/mpc2-stage/values-gpu-iris-mpc.yaml @@ -62,8 +62,8 @@ env: - name: SMPC__PARTY_ID value: "1" - - name: SMPC__PUBLIC_KEY_BUCKET_NAME - value: "wf-smpcv2-stage-public-keys" + - name: SMPC__PUBLIC_KEY_BASE_URL + value: "https://d24uxaabh702ht.cloudfront.net" - name: SMPC__ENABLE_PROCESSING_ENCRYPTED_SHARES value: "false" diff --git a/deploy/stage/mpc3-stage/values-gpu-iris-mpc.yaml b/deploy/stage/mpc3-stage/values-gpu-iris-mpc.yaml index 7c40e6cf7..1f048006d 100644 --- a/deploy/stage/mpc3-stage/values-gpu-iris-mpc.yaml +++ b/deploy/stage/mpc3-stage/values-gpu-iris-mpc.yaml @@ -62,8 +62,8 @@ env: - name: SMPC__PARTY_ID value: "2" - - name: SMPC__PUBLIC_KEY_BUCKET_NAME - value: "wf-smpcv2-stage-public-keys" + - name: SMPC__PUBLIC_KEY_BASE_URL + value: "https://d24uxaabh702ht.cloudfront.net" - name: SMPC__ENABLE_PROCESSING_ENCRYPTED_SHARES value: "false" diff --git a/iris-mpc-common/src/config/mod.rs b/iris-mpc-common/src/config/mod.rs index 7147efb0c..23dc12320 100644 --- a/iris-mpc-common/src/config/mod.rs +++ b/iris-mpc-common/src/config/mod.rs @@ -47,7 +47,7 @@ pub struct Config { pub processing_timeout_secs: u64, #[serde(default)] - pub public_key_bucket_name: String, + pub public_key_base_url: String, #[serde(default)] pub enable_processing_encrypted_shares: bool, diff --git a/iris-mpc-common/src/helpers/key_pair.rs b/iris-mpc-common/src/helpers/key_pair.rs index 50d33deea..84499a4a1 100644 --- a/iris-mpc-common/src/helpers/key_pair.rs +++ b/iris-mpc-common/src/helpers/key_pair.rs @@ -81,8 +81,8 @@ impl SharesEncryptionKeyPair { let shared_config = aws_config::from_env().region(region_provider).load().await; let client = SecretsManagerClient::new(&shared_config); - let pk_b64_string = match download_public_key_from_s3( - config.public_key_bucket_name, + let pk_b64_string = match download_public_key( + config.public_key_base_url, config.party_id.to_string(), ) .await @@ -163,23 +163,27 @@ pub async fn download_private_key_from_asm( } } -pub async fn download_public_key_from_s3( - bucket_name: String, +pub async fn download_public_key( + base_url: String, node_id: String, ) -> Result { let client = reqwest::Client::new(); - // TODO: remove coupling to S3 - let url: String = format!( - "https://{}.s3.amazonaws.com/public-key-{}", - bucket_name, node_id - ); - let response = client.get(url).send().await; + let url: String = format!("{}/public-key-{}", base_url, node_id); + let response = client.get(url.clone()).send().await; match response { Ok(response) => { - let body = response.text().await; - match body { - Ok(body) => Ok(body), - Err(e) => Err(SharesDecodingError::RequestError(e)), + if response.status().is_success() { + let body = response.text().await; + match body { + Ok(body) => Ok(body), + Err(e) => Err(SharesDecodingError::RequestError(e)), + } + } else { + Err(SharesDecodingError::ResponseContent { + status: response.status(), + message: response.text().await.unwrap_or_default(), + url, + }) } } Err(e) => Err(SharesDecodingError::RequestError(e)),