From b3c2c1d9136348004f0a8653538cadf2743e8873 Mon Sep 17 00:00:00 2001 From: smtmfft <99081233+smtmfft@users.noreply.github.com> Date: Tue, 14 May 2024 11:24:46 +0800 Subject: [PATCH] feat(raiko): Cherry-pick A7 updates(#182) (#197) * feat(raiko): Sgx output print for better debug experience (#182) * update blob data format as some nodes return differently * code refine, print sgx guest output Signed-off-by: smtmfft --------- Signed-off-by: smtmfft * feat(raiko): make all enclave have the same signer (#183) * feat(raiko): put gramine-signer into docker structure to ensure all guest has the same signer Signed-off-by: smtmfft * add .pem Signed-off-by: smtmfft --------- Signed-off-by: smtmfft * back compatible with a7 Signed-off-by: smtmfft * fix fmt Signed-off-by: smtmfft * use network instead of feature Signed-off-by: smtmfft * fix merge conflict Signed-off-by: smtmfft * use A7 behavior dynamically Signed-off-by: smtmfft --------- Signed-off-by: smtmfft --- .dockerignore | 1 + Dockerfile | 2 +- docker/enclave-key.pem | 39 +++++++++++++++++++ host/src/preflight.rs | 1 + lib/src/builder/execute.rs | 1 + lib/src/utils.rs | 22 +++++++++-- .../config/sgx-guest.docker.manifest.template | 2 +- .../config/sgx-guest.local.manifest.template | 2 +- provers/sgx/prover/src/lib.rs | 21 +++++++--- 9 files changed, 78 insertions(+), 13 deletions(-) create mode 100644 docker/enclave-key.pem diff --git a/.dockerignore b/.dockerignore index 2dad39c9..f08b58e0 100644 --- a/.dockerignore +++ b/.dockerignore @@ -6,6 +6,7 @@ !/Cargo.toml !/config.json !/docker/entrypoint.sh +!/docker/enclave-key.pem !/lib !/primitives !/provers diff --git a/Dockerfile b/Dockerfile index 40ec1593..b464e7af 100644 --- a/Dockerfile +++ b/Dockerfile @@ -52,11 +52,11 @@ COPY --from=builder /opt/raiko/host/config/config.sgx.json /etc/raiko/ COPY --from=builder /opt/raiko/target/release/sgx-guest ./bin/ COPY --from=builder /opt/raiko/target/release/raiko-host ./bin/ COPY --from=builder /opt/raiko/target/release/raiko-setup ./bin/ +COPY --from=builder /opt/raiko/docker/enclave-key.pem /root/.config/gramine/enclave-key.pem ARG EDMM=0 ENV EDMM=${EDMM} RUN cd ./bin && \ - gramine-sgx-gen-private-key -f && \ gramine-manifest -Dlog_level=error -Ddirect_mode=0 -Darch_libdir=/lib/x86_64-linux-gnu/ ../provers/sgx/config/sgx-guest.local.manifest.template sgx-guest.manifest && \ gramine-sgx-sign --manifest sgx-guest.manifest --output sgx-guest.manifest.sgx && \ gramine-sgx-sigstruct-view "sgx-guest.sig" diff --git a/docker/enclave-key.pem b/docker/enclave-key.pem new file mode 100644 index 00000000..6ff4ce75 --- /dev/null +++ b/docker/enclave-key.pem @@ -0,0 +1,39 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIG4wIBAAKCAYEAy2c2h0zCLmynJY+E5wpHPjz9VoaCskcxNfQVM5E1cbf3/b4j +7nPcSs/3oxvBFHTZGxnLIJY/A29Y/GKDjBIQdhT5f4p/Y2l7wAZZUEeyJs1dyybU +F1dFKKZEOAmuXGE0p4g9pbE2RuYFfAug+SR3FDUedktg79Pa7Wn+IRG79xKrD4i0 +XR8wbxRZaubFtMJH/djC4EUBDQ1wkes0T1rvRvubqP3EdGsRBHg44B6D01pcfTUV +5/Z9f+IjQLYGNSMJiwHrFmVD42gHvMKApe5tv4No19QNz78OiTh4lUlJBYcZlUzY +UJNaH+tAaJ3zUrgHeACFqFJ72RURhD5Fr7MlAufefDK/ZvFm/ozIP9A6fSw3KMlk +BYXeul7M4CA6RGLCyTxLAs94romrSvPzWr5qZryFVGr1xA39qcKHgDDkzpxCxQXs +UjJ453RAZSni/CVd4ZiyKJMBwuHcKo6hs48ymK4EBXlKjg/DqmEZcF0YLHzUfXf7 +O38CL8vyQslrEw4JAgEDAoIBgCHmiRaMywe8xoZCliaBtopff45rwHML3Yj+A4iY +M5Lz/qpKW1JopLciqUXZ9YNoztnZodrDtSs9OX9lwJdYWBOuKZVBv+Xm6fVWZDgL +8wZ3j6HbzgPj4NwbtglW8mS63hvsCkZIM7Z7q5SsmtQwvoNeL75h5X1N+dI8VQWC +9Kktxy1Bc2TaiBKDZDx7y54gYVT5ddALgCzXksL8iLfkfTZ/RJwqS2i8gtYUCXqv +wKM5uhTeLlFTv5VQWzVzq7OF1p/4uWlrDXiCFSj+I7yCYtKyB5I7vB/Z6KKSsEmJ +tFcYw6Syibw43tnTrAs9AeE+j5qwauLCUryKXxe+HtY9bDscCXxX5guaVw0AIOPR +xJ299UVqwEAU2F6igYBT4eWCyAR3FzYiwMdKq50a6HHuwkC1LYIXFZcVite7XsPa +Zx0Qgg1iKDDjCMgF3Q5wfOs0Wbyt1piofyZPLvYOmF6mrFoobKCCLOnM5xtZMw5E +ik7VIm0obylJnRnHsKwgq1blIwKBwQD+4qA0hr0OGQuv0OAKZiZwNQFbKQwAKOwz +4eXN58VRBe3IKyq2kfmzuDVvosCz2CPtUtIMK8o7A9zN+YuDAYECqMpVdP4QJT3F +4rRRw9lLanoFLOngkDHGMfS5VbOiWFlGfYuInppxQrs+Mdwz9jTERpsUr4iKh8mr +TJ6x8UMhasUaMk1xZjURzCvoI4Rmhmy0hJPqZzTL9UTrKGEhoAAMpJvPZvvMEKAU +IhwdL5JA4I+Oj+F5qUgP35HETdHQuxUCgcEAzEryaVw2AkJ9FvzKMHn2XyI6D0SZ +EHquheZxDidJqeyV8PJzMKwnUT0CtY0nV2iF6osyS5jBMtL6J9ABJ0EanZbbPK5d +ES4e6qlOlyHFf039gxv4pHiavF3PJNM7QPm5Z/Q0NWBZkYbqXiCkey+oHjbZMzDr +rwTy8BGwNyE2/s5xWoatu3oPJYTmJmNxEmTWwQEWqjjSERF9ew6uWgcobxbccwVB +RzG48ifK/ZJIEp12X/V+yhwLhT48dbeVOPQlAoHBAKnsas2vKLQQsnU16rGZbvV4 +q5IbXVVwnXfr7olFLjYD89rHcc8L+80lePUXKyKQF/OMjAgdMXytPd6mXQIBAKxw +huOjVArDfoPseDaCkNzxpq4d8UBgIS7L+HuOd8GQO4RTslsUZvYsfNQhPXf5eILZ +vLh1BbGv28eIacv2LMDx2LwhiPZEI2Eyx/AXrZmu8yMDDUbveIf42JzFlhZqqrMY +Z9+Z/TK1wA1sEr4fttXrCl8KllEbhV/qYS2JNosnYwKBwQCIMfbw6CQBgai5/dwg +UU7qFtFfgxC1px8D7vYJb4ZxSGP19vd1yBo2KKx5CMTk8FlHB3bdEIDMjKbFNVYa +K2cTued9yZNgyWnxxjRkwS5U3qkCEqXC+xHS6TTDN3zV+9Dv+CLOQDu2WfGUFcL8 +ynAUJJDMy0fKA0ygC8rPa3n/NEuRrx58/AoZA0QZl6C27eSAq2Rxeza2C6j8tHQ8 +BMWfZJL3WNYvdntMGodTttq3E6Q/+P8xaAeuKX2jz7jQosMCgcEAjGP7ZkAF1njP +AymHlEOC0YQrn9QOSfd9jU00WP9wUSF4YAVS0IKrBhZrXLSDAd/6GU6QdS4SBSB1 +4OQwL19RhoN+RAiO37JSFi8WoBAGe1g6VYy6wktnysaBGgqoqCMKVfw+fCRXEV+b +sQEOIJRGZvbrBU38Jm41386ZDnqOXGGlWjI12BvFarUIN6IPNytxuj4J0+BTwre/ +/YxlapRxEkmHTHZWMXF03Nhv5tPa63BVM6PNdP4xO3kJWwg1tPqF +-----END RSA PRIVATE KEY----- diff --git a/host/src/preflight.rs b/host/src/preflight.rs index a1ef0db8..d6ea3241 100644 --- a/host/src/preflight.rs +++ b/host/src/preflight.rs @@ -309,6 +309,7 @@ async fn prepare_taiko_chain_input( // Create the transactions from the proposed tx list let transactions = generate_transactions( + &chain_spec, proposal_event.meta.blobUsed, &tx_data, Some(anchor_tx.clone()), diff --git a/lib/src/builder/execute.rs b/lib/src/builder/execute.rs index ecaebd9b..df9f71bb 100644 --- a/lib/src/builder/execute.rs +++ b/lib/src/builder/execute.rs @@ -92,6 +92,7 @@ impl TxExecStrategy for TkoTxExecStrategy { None }; let mut transactions = generate_transactions( + chain_spec, block_builder.input.taiko.block_proposed.meta.blobUsed, &block_builder.input.taiko.tx_data, anchor_tx, diff --git a/lib/src/utils.rs b/lib/src/utils.rs index b1d3f1d4..49d58615 100644 --- a/lib/src/utils.rs +++ b/lib/src/utils.rs @@ -16,7 +16,7 @@ use raiko_primitives::{keccak256, B256}; #[cfg(not(feature = "std"))] use crate::no_std::*; use crate::{ - consts::Network, + consts::{ChainSpec, Network}, input::{decode_anchor, GuestInput}, }; @@ -57,6 +57,7 @@ fn validate_calldata_tx_list(tx_list: &[u8]) -> bool { } pub fn generate_transactions( + chain_spec: &ChainSpec, is_blob_data: bool, tx_list: &[u8], anchor_tx: Option, @@ -65,10 +66,23 @@ pub fn generate_transactions( let tx_list = &if is_blob_data { let compressed_tx_list = decode_blob_data(tx_list); zlib_decompress_data(&compressed_tx_list).unwrap_or_default() - } else if validate_calldata_tx_list(tx_list) { - zlib_decompress_data(tx_list).unwrap_or_default() } else { - vec![] + if chain_spec.network() == Some(Network::TaikoA7) { + // decompress the tx list first to align with A7 client + let de_tx_list: Vec = zlib_decompress_data(&tx_list.to_owned()).unwrap_or_default(); + if validate_calldata_tx_list(&de_tx_list) { + de_tx_list + } else { + println!("validate_calldata_tx_list failed, use empty tx_list"); + vec![] + } + } else { + if validate_calldata_tx_list(tx_list) { + zlib_decompress_data(tx_list).unwrap_or_default() + } else { + vec![] + } + } }; // Decode the transactions from the tx list diff --git a/provers/sgx/config/sgx-guest.docker.manifest.template b/provers/sgx/config/sgx-guest.docker.manifest.template index 011bf7b9..17e0bbb1 100644 --- a/provers/sgx/config/sgx-guest.docker.manifest.template +++ b/provers/sgx/config/sgx-guest.docker.manifest.template @@ -34,7 +34,7 @@ sgx.trusted_files = [ "file:/usr/lib/ssl/certs/", "file:sgx-guest", ] -sgx.max_threads = 16 +sgx.max_threads = 32 sgx.remote_attestation = "dcap" sys.enable_extra_runtime_domain_names_conf = true sys.insecure__allow_eventfd = true diff --git a/provers/sgx/config/sgx-guest.local.manifest.template b/provers/sgx/config/sgx-guest.local.manifest.template index b6b24d5d..289b8fc0 100644 --- a/provers/sgx/config/sgx-guest.local.manifest.template +++ b/provers/sgx/config/sgx-guest.local.manifest.template @@ -45,7 +45,7 @@ sgx.trusted_files = [ "file:/usr/lib/ssl/certs/", "file:sgx-guest", ] -sgx.max_threads = 16 +sgx.max_threads = 32 sgx.remote_attestation = "dcap" sys.enable_extra_runtime_domain_names_conf = true sys.insecure__allow_eventfd = true diff --git a/provers/sgx/prover/src/lib.rs b/provers/sgx/prover/src/lib.rs index 7b3c234a..2a22f751 100644 --- a/provers/sgx/prover/src/lib.rs +++ b/provers/sgx/prover/src/lib.rs @@ -283,13 +283,22 @@ async fn prove( .spawn() .map_err(|e| format!("Could not spawn gramine cmd: {e}"))?; let stdin = child.stdin.as_mut().expect("Failed to open stdin"); - bincode::serialize_into(stdin, &input).expect("Unable to serialize input"); + let input_success = bincode::serialize_into(stdin, &input); + let output_success = child.wait_with_output(); - let output = child - .wait_with_output() - .map_err(|e| handle_gramine_error("Could not run SGX guest prover", e))?; - handle_output(&output, "SGX prove")?; - Ok(parse_sgx_result(output.stdout)?) + match (input_success, output_success) { + (Ok(_), Ok(output)) => { + handle_output(&output, "SGX prove")?; + Ok(parse_sgx_result(output.stdout)?) + } + (Err(i), output_success) => Err(ProverError::GuestError(format!( + "Can not serialize input for SGX {}, output is {:?}", + i, output_success + ))), + (Ok(_), Err(output_err)) => Err(ProverError::GuestError( + handle_gramine_error("Could not run SGX guest prover", output_err).to_string(), + )), + } }) .await .map_err(|e| ProverError::GuestError(e.to_string()))?