feat(tee): TEE Prover Gateway

core/bin/zksync_server/src/main.rs

@@ -14,7 +14,7 @@ use zksync_config::{
         ContractsConfig, DatabaseSecrets, FriProofCompressorConfig, FriProverConfig,
         FriProverGatewayConfig, FriWitnessGeneratorConfig, FriWitnessVectorGeneratorConfig,
         L1Secrets, ObservabilityConfig, PrometheusConfig, ProofDataHandlerConfig,
-        ProtectiveReadsWriterConfig, Secrets,
+        ProtectiveReadsWriterConfig, Secrets, TeeProverGatewayConfig,
     },
     ApiConfig, ContractVerifierConfig, DBConfig, EthConfig, EthWatchConfig, GasAdjusterConfig,
     GenesisConfig, ObjectStoreConfig, PostgresConfig, SnapshotsCreatorConfig,
@@ -270,5 +270,6 @@ fn load_env_config() -> anyhow::Result<TempConfigStore> {
         snapshot_creator: SnapshotsCreatorConfig::from_env().ok(),
         protective_reads_writer_config: ProtectiveReadsWriterConfig::from_env().ok(),
         core_object_store: ObjectStoreConfig::from_env().ok(),
+        tee_prover_gateway_config: TeeProverGatewayConfig::from_env().ok(),
     })
 }

core/lib/config/src/configs/general.rs

@@ -6,7 +6,7 @@ use crate::{
         vm_runner::ProtectiveReadsWriterConfig,
         FriProofCompressorConfig, FriProverConfig, FriProverGatewayConfig,
         FriWitnessGeneratorConfig, FriWitnessVectorGeneratorConfig, ObservabilityConfig,
-        PrometheusConfig, ProofDataHandlerConfig,
+        PrometheusConfig, ProofDataHandlerConfig, TeeProverGatewayConfig,
     },
     ApiConfig, ContractVerifierConfig, DBConfig, EthConfig, ObjectStoreConfig, PostgresConfig,
     SnapshotsCreatorConfig,
@@ -36,4 +36,5 @@ pub struct GeneralConfig {
     pub observability: Option<ObservabilityConfig>,
     pub protective_reads_writer_config: Option<ProtectiveReadsWriterConfig>,
     pub core_object_store: Option<ObjectStoreConfig>,
+    pub prover_tee_gateway: Option<TeeProverGatewayConfig>,
 }

core/lib/config/src/configs/mod.rs

@@ -19,6 +19,7 @@ pub use self::{
     proof_data_handler::ProofDataHandlerConfig,
     secrets::{DatabaseSecrets, L1Secrets, Secrets},
     snapshots_creator::SnapshotsCreatorConfig,
+    tee_prover_gateway::TeeProverGatewayConfig,
     utils::PrometheusConfig,
     vm_runner::ProtectiveReadsWriterConfig,
 };
@@ -46,6 +47,7 @@ pub mod observability;
 pub mod proof_data_handler;
 pub mod secrets;
 pub mod snapshots_creator;
+pub mod tee_prover_gateway;
 pub mod utils;
 pub mod vm_runner;
 pub mod wallets;

core/lib/config/src/configs/tee_prover_gateway.rs

@@ -0,0 +1,20 @@
+use std::time::Duration;
+
+use serde::Deserialize;
+
+#[derive(Debug, Deserialize, Clone, PartialEq)]
+pub struct TeeProverGatewayConfig {
+    pub api_url: String,
+    pub api_poll_duration_secs: u16,
+
+    /// Configurations for prometheus
+    pub prometheus_listener_port: u16,
+    pub prometheus_pushgateway_url: String,
+    pub prometheus_push_interval_ms: Option<u64>,
+}
+
+impl TeeProverGatewayConfig {
+    pub fn api_poll_duration(&self) -> Duration {
+        Duration::from_secs(self.api_poll_duration_secs as u64)
+    }
+}

core/lib/config/src/testonly.rs

@@ -461,6 +461,18 @@ impl Distribution<configs::FriProverGatewayConfig> for EncodeDist {
     }
 }
 
+impl Distribution<configs::TeeProverGatewayConfig> for EncodeDist {
+    fn sample<R: Rng + ?Sized>(&self, rng: &mut R) -> configs::TeeProverGatewayConfig {
+        configs::TeeProverGatewayConfig {
+            api_url: self.sample(rng),
+            api_poll_duration_secs: self.sample(rng),
+            prometheus_listener_port: self.sample(rng),
+            prometheus_pushgateway_url: self.sample(rng),
+            prometheus_push_interval_ms: self.sample(rng),
+        }
+    }
+}
+
 impl Sample for CircuitIdRoundTuple {
     fn sample(rng: &mut (impl Rng + ?Sized)) -> CircuitIdRoundTuple {
         CircuitIdRoundTuple {

core/lib/dal/src/models/storage_eth_tx.rs

@@ -77,7 +77,7 @@ impl From<StorageEthTx> for EthTx {
                 .expect("Incorrect address in db"),
             raw_tx: tx.raw_tx.clone(),
             tx_type: AggregatedActionType::from_str(&tx.tx_type).expect("Wrong agg type"),
-            created_at_timestamp: tx.created_at.timestamp() as u64,
+            created_at_timestamp: tx.created_at.and_utc().timestamp() as u64,
             predicted_gas_cost: tx.predicted_gas_cost as u64,
             from_addr: tx.from_addr.map(|f| Address::from_slice(&f)),
             blob_sidecar: tx.blob_sidecar.map(|b| {

core/lib/dal/src/models/storage_transaction.rs

@@ -295,7 +295,7 @@ impl From<StorageTransaction> for Transaction {
         let hash = H256::from_slice(&tx.hash);
         let execute = serde_json::from_value::<Execute>(tx.data.clone())
             .unwrap_or_else(|_| panic!("invalid json in database for tx {:?}", hash));
-        let received_timestamp_ms = tx.received_at.timestamp_millis() as u64;
+        let received_timestamp_ms = tx.received_at.and_utc().timestamp_millis() as u64;
         match tx.tx_format {
             Some(t) if t == i32::from(PRIORITY_OPERATION_L2_TX_TYPE) => Transaction {
                 common_data: ExecuteTransactionCommon::L1(tx.into()),

core/lib/env_config/src/lib.rs

@@ -19,6 +19,7 @@ pub mod object_store;
 mod observability;
 mod proof_data_handler;
 mod snapshots_creator;
+mod tee_prover_gateway;
 mod utils;
 
 mod genesis;

core/lib/env_config/src/tee_prover_gateway.rs

@@ -0,0 +1,42 @@
+use zksync_config::configs::TeeProverGatewayConfig;
+
+use crate::{envy_load, FromEnv};
+
+impl FromEnv for TeeProverGatewayConfig {
+    fn from_env() -> anyhow::Result<Self> {
+        envy_load("tee_prover_gateway", "TEE_PROVER_GATEWAY_")
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use crate::test_utils::EnvMutex;
+
+    static MUTEX: EnvMutex = EnvMutex::new();
+
+    fn expected_config() -> TeeProverGatewayConfig {
+        TeeProverGatewayConfig {
+            api_url: "http://private-dns-for-server".to_string(),
+            api_poll_duration_secs: 100,
+            prometheus_listener_port: 3316,
+            prometheus_pushgateway_url: "http://127.0.0.1:9091".to_string(),
+            prometheus_push_interval_ms: Some(100),
+        }
+    }
+
+    #[test]
+    fn from_env() {
+        let config = r#"
+            TEE_PROVER_GATEWAY_API_URL="http://private-dns-for-server"
+            TEE_PROVER_GATEWAY_API_POLL_DURATION_SECS="100"
+            TEE_PROVER_GATEWAY_PROMETHEUS_LISTENER_PORT=3316
+            TEE_PROVER_GATEWAY_PROMETHEUS_PUSHGATEWAY_URL="http://127.0.0.1:9091"
+            TEE_PROVER_GATEWAY_PROMETHEUS_PUSH_INTERVAL_MS=100
+        "#;
+        let mut lock = MUTEX.lock();
+        lock.set_env(config);
+        let actual = TeeProverGatewayConfig::from_env().unwrap();
+        assert_eq!(actual, expected_config());
+    }
+}

core/lib/protobuf_config/src/general.rs

@@ -22,6 +22,8 @@ impl ProtoRepr for proto::GeneralConfig {
                 .context("proof_compressor_config")?,
             prover_config: read_optional_repr(&self.prover).context("prover_config")?,
             prover_gateway: read_optional_repr(&self.prover_gateway).context("prover_gateway")?,
+            prover_tee_gateway: read_optional_repr(&self.prover_tee_gateway)
+                .context("prover_tee_gateway")?,
             witness_vector_generator: read_optional_repr(&self.witness_vector_generator)
                 .context("witness_vector_generator")?,
             prover_group_config: read_optional_repr(&self.prover_group)
@@ -61,6 +63,7 @@ impl ProtoRepr for proto::GeneralConfig {
             prover_group: this.prover_group_config.as_ref().map(ProtoRepr::build),
             witness_generator: this.witness_generator.as_ref().map(ProtoRepr::build),
             prover_gateway: this.prover_gateway.as_ref().map(ProtoRepr::build),
+            prover_tee_gateway: this.prover_tee_gateway.as_ref().map(ProtoRepr::build),
             witness_vector_generator: this.witness_vector_generator.as_ref().map(ProtoRepr::build),
             prometheus: this.prometheus_config.as_ref().map(ProtoRepr::build),
             data_handler: this

core/lib/protobuf_config/src/proto/config/general.proto

@@ -39,4 +39,5 @@ message GeneralConfig {
   optional config.observability.Observability observability = 32;
   optional config.vm_runner.ProtectiveReadsWriter protective_reads_writer = 33;
   optional config.object_store.ObjectStore core_object_store = 34;
+  optional config.prover.ProverTeeGateway prover_tee_gateway = 35;
 }

core/lib/protobuf_config/src/proto/config/prover.proto

@@ -70,6 +70,14 @@ message ProverGateway {
   optional uint64 prometheus_push_interval_ms = 5; // optional; ms
 }
 
+message ProverTeeGateway {
+  optional string api_url = 1; // required
+  optional uint32 api_poll_duration_secs = 2; // required; s
+  optional uint32 prometheus_listener_port = 3; // required; u16
+  optional string prometheus_pushgateway_url = 4; // required
+  optional uint64 prometheus_push_interval_ms = 5; // optional; ms
+}
+
 
 message WitnessGenerator {
   optional uint32 generation_timeout_in_secs = 1; // required;

core/lib/protobuf_config/src/prover.rs

@@ -157,6 +157,35 @@ impl ProtoRepr for proto::ProverGateway {
     }
 }
 
+impl ProtoRepr for proto::ProverTeeGateway {
+    type Type = configs::TeeProverGatewayConfig;
+    fn read(&self) -> anyhow::Result<Self::Type> {
+        Ok(Self::Type {
+            api_url: required(&self.api_url).context("api_url")?.clone(),
+            api_poll_duration_secs: required(&self.api_poll_duration_secs)
+                .and_then(|x| Ok((*x).try_into()?))
+                .context("api_poll_duration_secs")?,
+            prometheus_listener_port: required(&self.prometheus_listener_port)
+                .and_then(|x| Ok((*x).try_into()?))
+                .context("prometheus_listener_port")?,
+            prometheus_pushgateway_url: required(&self.prometheus_pushgateway_url)
+                .context("prometheus_pushgateway_url")?
+                .clone(),
+            prometheus_push_interval_ms: self.prometheus_push_interval_ms,
+        })
+    }
+
+    fn build(this: &Self::Type) -> Self {
+        Self {
+            api_url: Some(this.api_url.clone()),
+            api_poll_duration_secs: Some(this.api_poll_duration_secs.into()),
+            prometheus_listener_port: Some(this.prometheus_listener_port.into()),
+            prometheus_pushgateway_url: Some(this.prometheus_pushgateway_url.clone()),
+            prometheus_push_interval_ms: this.prometheus_push_interval_ms,
+        }
+    }
+}
+
 impl ProtoRepr for proto::WitnessGenerator {
     type Type = configs::FriWitnessGeneratorConfig;
     fn read(&self) -> anyhow::Result<Self::Type> {

core/lib/protobuf_config/src/tests.rs

@@ -42,6 +42,7 @@ fn test_encoding() {
     test_encode_all_formats::<ReprConv<proto::prover::ProofDataHandler>>(rng);
     test_encode_all_formats::<ReprConv<proto::snapshot_creator::SnapshotsCreator>>(rng);
     test_encode_all_formats::<ReprConv<proto::observability::Observability>>(rng);
+    test_encode_all_formats::<ReprConv<proto::prover::ProverTeeGateway>>(rng);
 }
 
 pub fn decode_yaml_repr<T: ProtoRepr>(

core/lib/prover_interface/Cargo.toml

@@ -10,6 +10,7 @@ keywords.workspace = true
 categories.workspace = true
 
 [dependencies]
+multivm.workspace = true
 zksync_object_store.workspace = true
 zksync_types.workspace = true
 
@@ -22,6 +23,6 @@ serde_with = { workspace = true, features = ["base64"] }
 chrono = { workspace = true, features = ["serde"] }
 
 [dev-dependencies]
-tokio = { workspace = true, features = ["full"] }
 bincode.workspace = true
 serde_json.workspace = true
+tokio = { workspace = true, features = ["full"] }

core/lib/prover_interface/src/api.rs

@@ -9,7 +9,7 @@ use zksync_types::{
 };
 
 use crate::{
-    inputs::PrepareBasicCircuitsJob,
+    inputs::{PrepareBasicCircuitsJob, TeeVerifierInput},
     outputs::{L1BatchProofForL1, L1BatchTeeProofForL1},
 };
 
@@ -31,6 +31,7 @@ pub enum GenericProofGenerationDataResponse<T> {
 }
 
 pub type ProofGenerationDataResponse = GenericProofGenerationDataResponse<ProofGenerationData>;
+pub type TeeProofGenerationDataResponse = GenericProofGenerationDataResponse<TeeVerifierInput>;
 
 #[derive(Debug, Serialize, Deserialize)]
 pub enum SimpleResponse {

core/lib/prover_interface/src/inputs.rs

@@ -1,9 +1,10 @@
 use std::{convert::TryInto, fmt::Debug};
 
+use multivm::interface::{L1BatchEnv, SystemEnv};
 use serde::{Deserialize, Serialize};
 use serde_with::{serde_as, Bytes};
 use zksync_object_store::{serialize_using_bincode, Bucket, StoredObject};
-use zksync_types::{L1BatchNumber, H256, U256};
+use zksync_types::{block::L2BlockExecutionData, L1BatchNumber, H256, U256};
 
 const HASH_LEN: usize = H256::len_bytes();
 
@@ -144,6 +145,55 @@ pub struct BasicCircuitWitnessGeneratorInput {
     pub merkle_paths_input: PrepareBasicCircuitsJob,
 }
 
+/// Version 1 of the data used as input for the TEE verifier.
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq)]
+pub struct V1TeeVerifierInput {
+    pub prepare_basic_circuits_job: PrepareBasicCircuitsJob,
+    pub l2_blocks_execution_data: Vec<L2BlockExecutionData>,
+    pub l1_batch_env: L1BatchEnv,
+    pub system_env: SystemEnv,
+    pub used_contracts: Vec<(H256, Vec<u8>)>,
+}
+
+/// Data used as input for the TEE verifier.
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq)]
+#[non_exhaustive]
+#[allow(clippy::large_enum_variant)]
+pub enum TeeVerifierInput {
+    /// `V0` suppresses warning about irrefutable `let...else` pattern
+    V0,
+    V1(V1TeeVerifierInput),
+}
+
+impl TeeVerifierInput {
+    pub fn new(
+        prepare_basic_circuits_job: PrepareBasicCircuitsJob,
+        l2_blocks_execution_data: Vec<L2BlockExecutionData>,
+        l1_batch_env: L1BatchEnv,
+        system_env: SystemEnv,
+        used_contracts: Vec<(H256, Vec<u8>)>,
+    ) -> Self {
+        TeeVerifierInput::V1(V1TeeVerifierInput {
+            prepare_basic_circuits_job,
+            l2_blocks_execution_data,
+            l1_batch_env,
+            system_env,
+            used_contracts,
+        })
+    }
+}
+
+impl StoredObject for TeeVerifierInput {
+    const BUCKET: Bucket = Bucket::TeeVerifierInput;
+    type Key<'a> = L1BatchNumber;
+
+    fn encode_key(key: Self::Key<'_>) -> String {
+        format!("tee_verifier_input_for_l1_batch_{key}.bin")
+    }
+
+    serialize_using_bincode!();
+}
+
 #[cfg(test)]
 mod tests {
     use super::*;