feat(raiko): Cherry-pick A7 updates(#182) (#197)

* feat(raiko): Sgx output print for better debug experience (#182) * update blob data format as some nodes return differently * code refine, print sgx guest output Signed-off-by: smtmfft <[email protected]> --------- Signed-off-by: smtmfft <[email protected]> * feat(raiko): make all enclave have the same signer (#183) * feat(raiko): put gramine-signer into docker structure to ensure all guest has the same signer Signed-off-by: smtmfft <[email protected]> * add .pem Signed-off-by: smtmfft <[email protected]> --------- Signed-off-by: smtmfft <[email protected]> * back compatible with a7 Signed-off-by: smtmfft <[email protected]> * fix fmt Signed-off-by: smtmfft <[email protected]> * use network instead of feature Signed-off-by: smtmfft <[email protected]> * fix merge conflict Signed-off-by: smtmfft <[email protected]> * use A7 behavior dynamically Signed-off-by: smtmfft <[email protected]> --------- Signed-off-by: smtmfft <[email protected]>
taikoxyz · May 14, 2024 · b3c2c1d · b3c2c1d
1 parent 250b9ea
commit b3c2c1d
Show file tree

Hide file tree

Showing 9 changed files with 78 additions and 13 deletions.
diff --git a/.dockerignore b/.dockerignore
@@ -6,6 +6,7 @@
 !/Cargo.toml
 !/config.json
 !/docker/entrypoint.sh
+!/docker/enclave-key.pem
 !/lib
 !/primitives
 !/provers

diff --git a/Dockerfile b/Dockerfile
@@ -52,11 +52,11 @@ COPY --from=builder /opt/raiko/host/config/config.sgx.json /etc/raiko/
 COPY --from=builder /opt/raiko/target/release/sgx-guest ./bin/
 COPY --from=builder /opt/raiko/target/release/raiko-host ./bin/
 COPY --from=builder /opt/raiko/target/release/raiko-setup ./bin/
+COPY --from=builder /opt/raiko/docker/enclave-key.pem /root/.config/gramine/enclave-key.pem
 
 ARG EDMM=0
 ENV EDMM=${EDMM}
 RUN cd ./bin && \
-    gramine-sgx-gen-private-key -f && \
     gramine-manifest -Dlog_level=error -Ddirect_mode=0 -Darch_libdir=/lib/x86_64-linux-gnu/ ../provers/sgx/config/sgx-guest.local.manifest.template sgx-guest.manifest && \
     gramine-sgx-sign --manifest sgx-guest.manifest --output sgx-guest.manifest.sgx && \
     gramine-sgx-sigstruct-view "sgx-guest.sig"

diff --git a/docker/enclave-key.pem b/docker/enclave-key.pem
@@ -0,0 +1,39 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIG4wIBAAKCAYEAy2c2h0zCLmynJY+E5wpHPjz9VoaCskcxNfQVM5E1cbf3/b4j
+7nPcSs/3oxvBFHTZGxnLIJY/A29Y/GKDjBIQdhT5f4p/Y2l7wAZZUEeyJs1dyybU
+F1dFKKZEOAmuXGE0p4g9pbE2RuYFfAug+SR3FDUedktg79Pa7Wn+IRG79xKrD4i0
+XR8wbxRZaubFtMJH/djC4EUBDQ1wkes0T1rvRvubqP3EdGsRBHg44B6D01pcfTUV
+5/Z9f+IjQLYGNSMJiwHrFmVD42gHvMKApe5tv4No19QNz78OiTh4lUlJBYcZlUzY
+UJNaH+tAaJ3zUrgHeACFqFJ72RURhD5Fr7MlAufefDK/ZvFm/ozIP9A6fSw3KMlk
+BYXeul7M4CA6RGLCyTxLAs94romrSvPzWr5qZryFVGr1xA39qcKHgDDkzpxCxQXs
+UjJ453RAZSni/CVd4ZiyKJMBwuHcKo6hs48ymK4EBXlKjg/DqmEZcF0YLHzUfXf7
+O38CL8vyQslrEw4JAgEDAoIBgCHmiRaMywe8xoZCliaBtopff45rwHML3Yj+A4iY
+M5Lz/qpKW1JopLciqUXZ9YNoztnZodrDtSs9OX9lwJdYWBOuKZVBv+Xm6fVWZDgL
+8wZ3j6HbzgPj4NwbtglW8mS63hvsCkZIM7Z7q5SsmtQwvoNeL75h5X1N+dI8VQWC
+9Kktxy1Bc2TaiBKDZDx7y54gYVT5ddALgCzXksL8iLfkfTZ/RJwqS2i8gtYUCXqv
+wKM5uhTeLlFTv5VQWzVzq7OF1p/4uWlrDXiCFSj+I7yCYtKyB5I7vB/Z6KKSsEmJ
+tFcYw6Syibw43tnTrAs9AeE+j5qwauLCUryKXxe+HtY9bDscCXxX5guaVw0AIOPR
+xJ299UVqwEAU2F6igYBT4eWCyAR3FzYiwMdKq50a6HHuwkC1LYIXFZcVite7XsPa
+Zx0Qgg1iKDDjCMgF3Q5wfOs0Wbyt1piofyZPLvYOmF6mrFoobKCCLOnM5xtZMw5E
+ik7VIm0obylJnRnHsKwgq1blIwKBwQD+4qA0hr0OGQuv0OAKZiZwNQFbKQwAKOwz
+4eXN58VRBe3IKyq2kfmzuDVvosCz2CPtUtIMK8o7A9zN+YuDAYECqMpVdP4QJT3F
+4rRRw9lLanoFLOngkDHGMfS5VbOiWFlGfYuInppxQrs+Mdwz9jTERpsUr4iKh8mr
+TJ6x8UMhasUaMk1xZjURzCvoI4Rmhmy0hJPqZzTL9UTrKGEhoAAMpJvPZvvMEKAU
+IhwdL5JA4I+Oj+F5qUgP35HETdHQuxUCgcEAzEryaVw2AkJ9FvzKMHn2XyI6D0SZ
+EHquheZxDidJqeyV8PJzMKwnUT0CtY0nV2iF6osyS5jBMtL6J9ABJ0EanZbbPK5d
+ES4e6qlOlyHFf039gxv4pHiavF3PJNM7QPm5Z/Q0NWBZkYbqXiCkey+oHjbZMzDr
+rwTy8BGwNyE2/s5xWoatu3oPJYTmJmNxEmTWwQEWqjjSERF9ew6uWgcobxbccwVB
+RzG48ifK/ZJIEp12X/V+yhwLhT48dbeVOPQlAoHBAKnsas2vKLQQsnU16rGZbvV4
+q5IbXVVwnXfr7olFLjYD89rHcc8L+80lePUXKyKQF/OMjAgdMXytPd6mXQIBAKxw
+huOjVArDfoPseDaCkNzxpq4d8UBgIS7L+HuOd8GQO4RTslsUZvYsfNQhPXf5eILZ
+vLh1BbGv28eIacv2LMDx2LwhiPZEI2Eyx/AXrZmu8yMDDUbveIf42JzFlhZqqrMY
+Z9+Z/TK1wA1sEr4fttXrCl8KllEbhV/qYS2JNosnYwKBwQCIMfbw6CQBgai5/dwg
+UU7qFtFfgxC1px8D7vYJb4ZxSGP19vd1yBo2KKx5CMTk8FlHB3bdEIDMjKbFNVYa
+K2cTued9yZNgyWnxxjRkwS5U3qkCEqXC+xHS6TTDN3zV+9Dv+CLOQDu2WfGUFcL8
+ynAUJJDMy0fKA0ygC8rPa3n/NEuRrx58/AoZA0QZl6C27eSAq2Rxeza2C6j8tHQ8
+BMWfZJL3WNYvdntMGodTttq3E6Q/+P8xaAeuKX2jz7jQosMCgcEAjGP7ZkAF1njP
+AymHlEOC0YQrn9QOSfd9jU00WP9wUSF4YAVS0IKrBhZrXLSDAd/6GU6QdS4SBSB1
+4OQwL19RhoN+RAiO37JSFi8WoBAGe1g6VYy6wktnysaBGgqoqCMKVfw+fCRXEV+b
+sQEOIJRGZvbrBU38Jm41386ZDnqOXGGlWjI12BvFarUIN6IPNytxuj4J0+BTwre/
+/YxlapRxEkmHTHZWMXF03Nhv5tPa63BVM6PNdP4xO3kJWwg1tPqF
+-----END RSA PRIVATE KEY-----
diff --git a/host/src/preflight.rs b/host/src/preflight.rs
@@ -309,6 +309,7 @@ async fn prepare_taiko_chain_input(
 
     // Create the transactions from the proposed tx list
     let transactions = generate_transactions(
+        &chain_spec,
         proposal_event.meta.blobUsed,
         &tx_data,
         Some(anchor_tx.clone()),

diff --git a/lib/src/builder/execute.rs b/lib/src/builder/execute.rs
@@ -92,6 +92,7 @@ impl TxExecStrategy for TkoTxExecStrategy {
             None
         };
         let mut transactions = generate_transactions(
+            chain_spec,
             block_builder.input.taiko.block_proposed.meta.blobUsed,
             &block_builder.input.taiko.tx_data,
             anchor_tx,

diff --git a/lib/src/utils.rs b/lib/src/utils.rs
@@ -16,7 +16,7 @@ use raiko_primitives::{keccak256, B256};
 #[cfg(not(feature = "std"))]
 use crate::no_std::*;
 use crate::{
-    consts::Network,
+    consts::{ChainSpec, Network},
     input::{decode_anchor, GuestInput},
 };
 
@@ -57,6 +57,7 @@ fn validate_calldata_tx_list(tx_list: &[u8]) -> bool {
 }
 
 pub fn generate_transactions(
+    chain_spec: &ChainSpec,
     is_blob_data: bool,
     tx_list: &[u8],
     anchor_tx: Option<AlloyTransaction>,
@@ -65,10 +66,23 @@ pub fn generate_transactions(
     let tx_list = &if is_blob_data {
         let compressed_tx_list = decode_blob_data(tx_list);
         zlib_decompress_data(&compressed_tx_list).unwrap_or_default()
-    } else if validate_calldata_tx_list(tx_list) {
-        zlib_decompress_data(tx_list).unwrap_or_default()
     } else {
-        vec![]
+        if chain_spec.network() == Some(Network::TaikoA7) {
+            // decompress the tx list first to align with A7 client
+            let de_tx_list: Vec<u8> = zlib_decompress_data(&tx_list.to_owned()).unwrap_or_default();
+            if validate_calldata_tx_list(&de_tx_list) {
+                de_tx_list
+            } else {
+                println!("validate_calldata_tx_list failed, use empty tx_list");
+                vec![]
+            }
+        } else {
+            if validate_calldata_tx_list(tx_list) {
+                zlib_decompress_data(tx_list).unwrap_or_default()
+            } else {
+                vec![]
+            }
+        }
     };
 
     // Decode the transactions from the tx list

diff --git a/provers/sgx/config/sgx-guest.docker.manifest.template b/provers/sgx/config/sgx-guest.docker.manifest.template
@@ -34,7 +34,7 @@ sgx.trusted_files = [
   "file:/usr/lib/ssl/certs/",
   "file:sgx-guest",
 ]
-sgx.max_threads = 16
+sgx.max_threads = 32
 sgx.remote_attestation = "dcap"
 sys.enable_extra_runtime_domain_names_conf = true
 sys.insecure__allow_eventfd = true

diff --git a/provers/sgx/config/sgx-guest.local.manifest.template b/provers/sgx/config/sgx-guest.local.manifest.template
@@ -45,7 +45,7 @@ sgx.trusted_files = [
   "file:/usr/lib/ssl/certs/",
   "file:sgx-guest",
 ]
-sgx.max_threads = 16
+sgx.max_threads = 32
 sgx.remote_attestation = "dcap"
 sys.enable_extra_runtime_domain_names_conf = true
 sys.insecure__allow_eventfd = true

diff --git a/provers/sgx/prover/src/lib.rs b/provers/sgx/prover/src/lib.rs
@@ -283,13 +283,22 @@ async fn prove(
             .spawn()
             .map_err(|e| format!("Could not spawn gramine cmd: {e}"))?;
         let stdin = child.stdin.as_mut().expect("Failed to open stdin");
-        bincode::serialize_into(stdin, &input).expect("Unable to serialize input");
+        let input_success = bincode::serialize_into(stdin, &input);
+        let output_success = child.wait_with_output();
 
-        let output = child
-            .wait_with_output()
-            .map_err(|e| handle_gramine_error("Could not run SGX guest prover", e))?;
-        handle_output(&output, "SGX prove")?;
-        Ok(parse_sgx_result(output.stdout)?)
+        match (input_success, output_success) {
+            (Ok(_), Ok(output)) => {
+                handle_output(&output, "SGX prove")?;
+                Ok(parse_sgx_result(output.stdout)?)
+            }
+            (Err(i), output_success) => Err(ProverError::GuestError(format!(
+                "Can not serialize input for SGX {}, output is {:?}",
+                i, output_success
+            ))),
+            (Ok(_), Err(output_err)) => Err(ProverError::GuestError(
+                handle_gramine_error("Could not run SGX guest prover", output_err).to_string(),
+            )),
+        }
     })
     .await
     .map_err(|e| ProverError::GuestError(e.to_string()))?