feat(tee): add tee/get_proof endpoint to TEE Prover Gateway

matter-labs · Jul 24, 2024 · cae9f0e · cae9f0e
1 parent 513b56e
commit cae9f0e
Show file tree

Hide file tree

Showing 5 changed files with 82 additions and 16 deletions.
diff --git a/core/lib/basic_types/src/tee_types.rs b/core/lib/basic_types/src/tee_types.rs
@@ -7,3 +7,17 @@ pub enum TeeType {
     #[strum(serialize = "sgx")]
     Sgx,
 }
+
+/// A "final" TEE proof that can be sent to the L1 contract.
+#[derive(Clone, PartialEq, Serialize, Deserialize)]
+pub struct TeeProof {
+    // signature generated within the TEE enclave, using the privkey corresponding to the pubkey
+    pub signature: Vec<u8>,
+    // pubkey used for signature verification; each key pair is attested by the TEE attestation
+    // stored in the db
+    pub pubkey: Vec<u8>,
+    // data that was signed
+    pub proof: Vec<u8>,
+    // type of TEE used for attestation
+    pub tee_type: TeeType,
+}
diff --git a/core/lib/dal/src/tee_proof_generation_dal.rs b/core/lib/dal/src/tee_proof_generation_dal.rs
@@ -7,7 +7,10 @@ use zksync_db_connection::{
     instrument::{InstrumentExt, Instrumented},
     utils::pg_interval_from_duration,
 };
-use zksync_types::{tee_types::TeeType, L1BatchNumber};
+use zksync_types::{
+    tee_types::{TeeProof, TeeType},
+    L1BatchNumber,
+};
 
 use crate::Core;
 
@@ -202,4 +205,32 @@ impl TeeProofGenerationDal<'_, '_> {
 
         Ok(())
     }
+
+    pub async fn get_proof(&mut self, block_number: L1BatchNumber) -> DalResult<Option<TeeProof>> {
+        let result: Option<TeeProof> = sqlx::query!(
+            r#"
+            SELECT
+                signature,
+                pubkey,
+                proof,
+                tee_type
+            FROM
+                tee_proof_generation_details
+            WHERE
+                l1_batch_number = $1
+            "#,
+            i64::from(block_number.0)
+        )
+        .fetch_optional(self.storage.conn())
+        .await
+        .unwrap()
+        .map(|row| TeeProof {
+            signature: row.signature,
+            pubkey: row.pubkey,
+            proof: row.proof,
+            tee_type: row.tee_type.parse().unwrap(),
+        });
+
+        Ok(result)
+    }
 }
diff --git a/core/lib/prover_interface/src/outputs.rs b/core/lib/prover_interface/src/outputs.rs
@@ -3,7 +3,11 @@ use core::fmt;
 use circuit_sequencer_api_1_5_0::proof::FinalProof;
 use serde::{Deserialize, Serialize};
 use zksync_object_store::{serialize_using_bincode, Bucket, StoredObject};
-use zksync_types::{protocol_version::ProtocolSemanticVersion, tee_types::TeeType, L1BatchNumber};
+use zksync_types::{
+    protocol_version::ProtocolSemanticVersion,
+    tee_types::{TeeProof, TeeType},
+    L1BatchNumber,
+};
 
 /// A "final" ZK proof that can be sent to the L1 contract.
 #[derive(Clone, Serialize, Deserialize)]
@@ -13,19 +17,7 @@ pub struct L1BatchProofForL1 {
     pub protocol_version: ProtocolSemanticVersion,
 }
 
-/// A "final" TEE proof that can be sent to the L1 contract.
-#[derive(Clone, PartialEq, Serialize, Deserialize)]
-pub struct L1BatchTeeProofForL1 {
-    // signature generated within the TEE enclave, using the privkey corresponding to the pubkey
-    pub signature: Vec<u8>,
-    // pubkey used for signature verification; each key pair is attested by the TEE attestation
-    // stored in the db
-    pub pubkey: Vec<u8>,
-    // data that was signed
-    pub proof: Vec<u8>,
-    // type of TEE used for attestation
-    pub tee_type: TeeType,
-}
+pub type L1BatchTeeProofForL1 = TeeProof;
 
 impl fmt::Debug for L1BatchProofForL1 {
     fn fmt(&self, formatter: &mut fmt::Formatter<'_>) -> fmt::Result {

diff --git a/core/node/proof_data_handler/src/lib.rs b/core/node/proof_data_handler/src/lib.rs
@@ -121,6 +121,15 @@ fn create_proof_processing_router(
                         .await
                 },
             ),
+        )
+        .route("tee/get_proof/:l1_batch_number",
+            post(
+                move |l1_batch_number: Path<u32>| async move {
+                    get_tee_proof_gen_processor
+                        .get_proof(l1_batch_number)
+                        .await
+                },
+            )
         );
     }
 

diff --git a/core/node/proof_data_handler/src/tee_request_processor.rs b/core/node/proof_data_handler/src/tee_request_processor.rs
@@ -7,7 +7,8 @@ use zksync_object_store::ObjectStore;
 use zksync_prover_interface::{
     api::{
         RegisterTeeAttestationRequest, RegisterTeeAttestationResponse, SubmitProofResponse,
-        SubmitTeeProofRequest, TeeProofGenerationDataRequest, TeeProofGenerationDataResponse,
+        SubmitTeeProofRequest, TeeProof, TeeProofGenerationDataRequest,
+        TeeProofGenerationDataResponse,
     },
     inputs::TeeVerifierInput,
 };
@@ -118,4 +119,23 @@ impl TeeRequestProcessor {
 
         Ok(Json(RegisterTeeAttestationResponse::Success))
     }
+
+    pub(crate) async fn get_proof(
+        &self,
+        Path(l1_batch_number): Path<u32>, // TODO replace u32 with L1BatchNumber
+    ) -> Result<Json<TeeProof>, RequestProcessorError> {
+        let mut connection = self
+            .pool
+            .connection()
+            .await
+            .map_err(RequestProcessorError::Dal)?;
+        let mut dal = connection.tee_proof_generation_dal();
+        let l1_batch_number = L1BatchNumber(l1_batch_number);
+        let tee_proof = dal
+            .get_proof(l1_batch_number)
+            .await
+            .map_err(RequestProcessorError::Dal)?;
+
+        Ok(Json(tee_proof))
+    }
 }