feat(raiko): Cherry-pick A7 updates(#182)

.dockerignore

@@ -6,6 +6,7 @@
 !/Cargo.toml
 !/config.json
 !/docker/entrypoint.sh
+!/docker/enclave-key.pem
 !/lib
 !/primitives
 !/provers

Dockerfile

@@ -52,11 +52,11 @@ COPY --from=builder /opt/raiko/host/config/config.sgx.json /etc/raiko/
 COPY --from=builder /opt/raiko/target/release/sgx-guest ./bin/
 COPY --from=builder /opt/raiko/target/release/raiko-host ./bin/
 COPY --from=builder /opt/raiko/target/release/raiko-setup ./bin/
+COPY --from=builder /opt/raiko/docker/enclave-key.pem /root/.config/gramine/enclave-key.pem
 
 ARG EDMM=0
 ENV EDMM=${EDMM}
 RUN cd ./bin && \
-    gramine-sgx-gen-private-key -f && \
     gramine-manifest -Dlog_level=error -Ddirect_mode=0 -Darch_libdir=/lib/x86_64-linux-gnu/ ../provers/sgx/config/sgx-guest.local.manifest.template sgx-guest.manifest && \
     gramine-sgx-sign --manifest sgx-guest.manifest --output sgx-guest.manifest.sgx && \
     gramine-sgx-sigstruct-view "sgx-guest.sig"

docker/enclave-key.pem

@@ -0,0 +1,39 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIG4wIBAAKCAYEAy2c2h0zCLmynJY+E5wpHPjz9VoaCskcxNfQVM5E1cbf3/b4j
+7nPcSs/3oxvBFHTZGxnLIJY/A29Y/GKDjBIQdhT5f4p/Y2l7wAZZUEeyJs1dyybU
+F1dFKKZEOAmuXGE0p4g9pbE2RuYFfAug+SR3FDUedktg79Pa7Wn+IRG79xKrD4i0
+XR8wbxRZaubFtMJH/djC4EUBDQ1wkes0T1rvRvubqP3EdGsRBHg44B6D01pcfTUV
+5/Z9f+IjQLYGNSMJiwHrFmVD42gHvMKApe5tv4No19QNz78OiTh4lUlJBYcZlUzY
+UJNaH+tAaJ3zUrgHeACFqFJ72RURhD5Fr7MlAufefDK/ZvFm/ozIP9A6fSw3KMlk
+BYXeul7M4CA6RGLCyTxLAs94romrSvPzWr5qZryFVGr1xA39qcKHgDDkzpxCxQXs
+UjJ453RAZSni/CVd4ZiyKJMBwuHcKo6hs48ymK4EBXlKjg/DqmEZcF0YLHzUfXf7
+O38CL8vyQslrEw4JAgEDAoIBgCHmiRaMywe8xoZCliaBtopff45rwHML3Yj+A4iY
+M5Lz/qpKW1JopLciqUXZ9YNoztnZodrDtSs9OX9lwJdYWBOuKZVBv+Xm6fVWZDgL
+8wZ3j6HbzgPj4NwbtglW8mS63hvsCkZIM7Z7q5SsmtQwvoNeL75h5X1N+dI8VQWC
+9Kktxy1Bc2TaiBKDZDx7y54gYVT5ddALgCzXksL8iLfkfTZ/RJwqS2i8gtYUCXqv
+wKM5uhTeLlFTv5VQWzVzq7OF1p/4uWlrDXiCFSj+I7yCYtKyB5I7vB/Z6KKSsEmJ
+tFcYw6Syibw43tnTrAs9AeE+j5qwauLCUryKXxe+HtY9bDscCXxX5guaVw0AIOPR
+xJ299UVqwEAU2F6igYBT4eWCyAR3FzYiwMdKq50a6HHuwkC1LYIXFZcVite7XsPa
+Zx0Qgg1iKDDjCMgF3Q5wfOs0Wbyt1piofyZPLvYOmF6mrFoobKCCLOnM5xtZMw5E
+ik7VIm0obylJnRnHsKwgq1blIwKBwQD+4qA0hr0OGQuv0OAKZiZwNQFbKQwAKOwz
+4eXN58VRBe3IKyq2kfmzuDVvosCz2CPtUtIMK8o7A9zN+YuDAYECqMpVdP4QJT3F
+4rRRw9lLanoFLOngkDHGMfS5VbOiWFlGfYuInppxQrs+Mdwz9jTERpsUr4iKh8mr
+TJ6x8UMhasUaMk1xZjURzCvoI4Rmhmy0hJPqZzTL9UTrKGEhoAAMpJvPZvvMEKAU
+IhwdL5JA4I+Oj+F5qUgP35HETdHQuxUCgcEAzEryaVw2AkJ9FvzKMHn2XyI6D0SZ
+EHquheZxDidJqeyV8PJzMKwnUT0CtY0nV2iF6osyS5jBMtL6J9ABJ0EanZbbPK5d
+ES4e6qlOlyHFf039gxv4pHiavF3PJNM7QPm5Z/Q0NWBZkYbqXiCkey+oHjbZMzDr
+rwTy8BGwNyE2/s5xWoatu3oPJYTmJmNxEmTWwQEWqjjSERF9ew6uWgcobxbccwVB
+RzG48ifK/ZJIEp12X/V+yhwLhT48dbeVOPQlAoHBAKnsas2vKLQQsnU16rGZbvV4
+q5IbXVVwnXfr7olFLjYD89rHcc8L+80lePUXKyKQF/OMjAgdMXytPd6mXQIBAKxw
+huOjVArDfoPseDaCkNzxpq4d8UBgIS7L+HuOd8GQO4RTslsUZvYsfNQhPXf5eILZ
+vLh1BbGv28eIacv2LMDx2LwhiPZEI2Eyx/AXrZmu8yMDDUbveIf42JzFlhZqqrMY
+Z9+Z/TK1wA1sEr4fttXrCl8KllEbhV/qYS2JNosnYwKBwQCIMfbw6CQBgai5/dwg
+UU7qFtFfgxC1px8D7vYJb4ZxSGP19vd1yBo2KKx5CMTk8FlHB3bdEIDMjKbFNVYa
+K2cTued9yZNgyWnxxjRkwS5U3qkCEqXC+xHS6TTDN3zV+9Dv+CLOQDu2WfGUFcL8
+ynAUJJDMy0fKA0ygC8rPa3n/NEuRrx58/AoZA0QZl6C27eSAq2Rxeza2C6j8tHQ8
+BMWfZJL3WNYvdntMGodTttq3E6Q/+P8xaAeuKX2jz7jQosMCgcEAjGP7ZkAF1njP
+AymHlEOC0YQrn9QOSfd9jU00WP9wUSF4YAVS0IKrBhZrXLSDAd/6GU6QdS4SBSB1
+4OQwL19RhoN+RAiO37JSFi8WoBAGe1g6VYy6wktnysaBGgqoqCMKVfw+fCRXEV+b
+sQEOIJRGZvbrBU38Jm41386ZDnqOXGGlWjI12BvFarUIN6IPNytxuj4J0+BTwre/
+/YxlapRxEkmHTHZWMXF03Nhv5tPa63BVM6PNdP4xO3kJWwg1tPqF
+-----END RSA PRIVATE KEY-----

host/Cargo.toml

@@ -75,6 +75,7 @@ ethers-core = { workspace = true }
 sp1 = ["dep:sp1-driver", "sp1-driver/enable"]
 risc0 = ["dep:risc0-driver", "risc0-driver/enable"]
 sgx = ["dep:sgx-prover", "sgx-prover/enable"]
+alpha-7 = [] # back compatible with a7
 
 [[bin]]
 name = "raiko-host"

lib/src/utils.rs

@@ -62,10 +62,23 @@ pub fn generate_transactions(
     let tx_list = &if is_blob_data {
         let compressed_tx_list = decode_blob_data(tx_list);
         zlib_decompress_data(&compressed_tx_list).unwrap_or_default()
-    } else if validate_calldata_tx_list(tx_list) {
-        zlib_decompress_data(tx_list).unwrap_or_default()
     } else {
-        vec![]
+        if cfg!(feature = "alpha-7") {
+            // decompress the tx list first to align with A7 client
+            let de_tx_list: Vec<u8> = zlib_decompress_data(&tx_list.to_owned()).unwrap_or_default();
+            if validate_calldata_tx_list(&de_tx_list) {
+                de_tx_list
+            } else {
+                println!("validate_calldata_tx_list failed, use empty tx_list");
+                vec![]
+            }
+        } else {
+            if validate_calldata_tx_list(tx_list) {
+                zlib_decompress_data(tx_list).unwrap_or_default()
+            } else {
+                vec![]
+            }
+        }
     };
 
     // Decode the transactions from the tx list

provers/sgx/config/sgx-guest.docker.manifest.template

@@ -34,7 +34,7 @@ sgx.trusted_files = [
   "file:/usr/lib/ssl/certs/",
   "file:sgx-guest",
 ]
-sgx.max_threads = 16
+sgx.max_threads = 32
 sgx.remote_attestation = "dcap"
 sys.enable_extra_runtime_domain_names_conf = true
 sys.insecure__allow_eventfd = true

provers/sgx/config/sgx-guest.local.manifest.template

@@ -45,7 +45,7 @@ sgx.trusted_files = [
   "file:/usr/lib/ssl/certs/",
   "file:sgx-guest",
 ]
-sgx.max_threads = 16
+sgx.max_threads = 32
 sgx.remote_attestation = "dcap"
 sys.enable_extra_runtime_domain_names_conf = true
 sys.insecure__allow_eventfd = true

provers/sgx/prover/src/lib.rs

@@ -283,13 +283,22 @@ async fn prove(
             .spawn()
             .map_err(|e| format!("Could not spawn gramine cmd: {e}"))?;
         let stdin = child.stdin.as_mut().expect("Failed to open stdin");
-        bincode::serialize_into(stdin, &input).expect("Unable to serialize input");
+        let input_success = bincode::serialize_into(stdin, &input);
+        let output_success = child.wait_with_output();
 
-        let output = child
-            .wait_with_output()
-            .map_err(|e| handle_gramine_error("Could not run SGX guest prover", e))?;
-        handle_output(&output, "SGX prove")?;
-        Ok(parse_sgx_result(output.stdout)?)
+        match (input_success, output_success) {
+            (Ok(_), Ok(output)) => {
+                handle_output(&output, "SGX prove")?;
+                Ok(parse_sgx_result(output.stdout)?)
+            }
+            (Err(i), output_success) => Err(ProverError::GuestError(format!(
+                "Can not serialize input for SGX {}, output is {:?}",
+                i, output_success
+            ))),
+            (Ok(_), Err(output_err)) => Err(ProverError::GuestError(
+                handle_gramine_error("Could not run SGX guest prover", output_err).to_string(),
+            )),
+        }
     })
     .await
     .map_err(|e| ProverError::GuestError(e.to_string()))?