develop -> main

Makefile

@@ -1,31 +1,30 @@
 ######## LCP Build Settings ########
-ZK_PROVER_CUDA ?= 0
+ZK_PROVER_CUDA  ?= 0
 APP_CARGO_FLAGS ?=
 
 ######## SGX SDK Settings ########
-SGX_SDK ?= /opt/sgxsdk
-SGX_MODE ?= HW
-SGX_DEBUG ?= 0
+SGX_SDK            ?= /opt/sgxsdk
+SGX_MODE           ?= HW
+SGX_DEBUG          ?= 0
 SGX_ENCLAVE_CONFIG ?= "enclave/Enclave.config.xml"
-SGX_SIGN_KEY ?= "enclave/Enclave_private.pem"
+SGX_SIGN_KEY       ?= "enclave/Enclave_private.pem"
 
-SGX_COMMON_CFLAGS := -m64
-SGX_LIBRARY_PATH := $(SGX_SDK)/lib64
+SGX_COMMON_CFLAGS  := -m64
+SGX_LIBRARY_PATH   := $(SGX_SDK)/lib64
 SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x64/sgx_sign
-SGX_EDGER8R := $(SGX_SDK)/bin/x64/sgx_edger8r
+SGX_EDGER8R        := $(SGX_SDK)/bin/x64/sgx_edger8r
 
 include buildenv.mk
 
 ifeq ($(SGX_DEBUG), 1)
-	# we build with cargo --release, even in SGX DEBUG mode
 	SGX_COMMON_CFLAGS += -O0 -g -ggdb
-	# cargo sets this automatically, cannot use 'debug'
-	OUTPUT_PATH := release
-	CARGO_TARGET := --release
+	# debug build
+	CARGO_TARGET      :=
+	OUTPUT_PATH       := debug
 else
 	SGX_COMMON_CFLAGS += -O2
-	OUTPUT_PATH := release
-	CARGO_TARGET := --release
+	CARGO_TARGET      := --release
+	OUTPUT_PATH       := release
 endif
 
 SGX_COMMON_CFLAGS += -fstack-protector

app/Cargo.toml

@@ -27,7 +27,7 @@ crypto = { path = "../modules/crypto" }
 keymanager = { path = "../modules/keymanager" }
 remote-attestation = { path = "../modules/remote-attestation" }
 attestation-report = { path = "../modules/attestation-report", features = ["dcap-quote-parser"] }
-zkdcap-risc0 = { git = "https://github.com/datachainlab/zkdcap", rev = "v0.0.3" }
+zkdcap-risc0 = { git = "https://github.com/datachainlab/zkdcap", rev = "v0.0.4" }
 
 [build-dependencies]
 git2 = { version = "0.20", default-features = false }

app/src/commands/service.rs

@@ -61,7 +61,7 @@ impl ServiceCmd {
                 let srv = AppService::new(opts.get_home(), enclave);
 
                 info!("start service: addr={addr} mrenclave={mrenclave}");
-                run_service(srv, rt, addr)
+                rt.block_on(async { run_service(srv, addr).await })
             }
         }
     }

enclave-modules/ecall-handler/src/lib.rs

@@ -1,3 +1,4 @@
+#![allow(clippy::result_large_err)]
 #![no_std]
 extern crate alloc;
 

enclave-modules/runtime/src/lib.rs

@@ -46,7 +46,6 @@ fn begin_panic_handler(info: &core::panic::PanicInfo<'_>) -> ! {
 
 #[cfg(not(test))]
 #[lang = "eh_personality"]
-#[no_mangle]
 unsafe extern "C" fn rust_eh_personality() {}
 
 static HOOK: AtomicPtr<()> = AtomicPtr::new(ptr::null_mut());

enclave/Enclave.lds

@@ -4,6 +4,8 @@ enclave.so
         g_global_data_sim;
         g_global_data;
         enclave_entry;
+        g_peak_heap_used;
+        g_peak_rsrv_mem_committed;
     local:
         *;
 };

modules/attestation-report/Cargo.toml

@@ -18,7 +18,7 @@ pem = { version = "2.0", default-features = false }
 webpki = { version = "0.22", features = ["alloc"] }
 anyhow = { version = "1", default-features = false }
 
-dcap-quote-verifier = { git = "https://github.com/datachainlab/zkdcap", rev = "v0.0.3", optional = true }
+dcap-quote-verifier = { git = "https://github.com/datachainlab/zkdcap", rev = "v0.0.4", optional = true }
 
 [dev-dependencies]
 tokio = { version = "1.0", default-features = false, features = ["macros"] }

modules/attestation-report/src/lib.rs

@@ -1,3 +1,4 @@
+#![allow(clippy::result_large_err)]
 #![cfg_attr(not(feature = "std"), no_std)]
 extern crate alloc;
 

modules/commitments/src/lib.rs

@@ -1,3 +1,4 @@
+#![allow(clippy::result_large_err)]
 #![cfg_attr(not(test), no_std)]
 extern crate alloc;
 

modules/crypto/src/lib.rs

@@ -1,3 +1,4 @@
+#![allow(clippy::result_large_err)]
 #![cfg_attr(not(feature = "std"), no_std)]
 extern crate alloc;
 

modules/enclave-api/src/lib.rs

@@ -1,3 +1,4 @@
+#![allow(clippy::result_large_err)]
 pub use api::{EnclaveCommandAPI, EnclavePrimitiveAPI, EnclaveProtoAPI};
 pub use enclave::{CommitStoreAccessor, Enclave, EnclaveInfo, HostStoreTxManager};
 pub use errors::Error;

modules/host-environment/src/lib.rs

@@ -15,11 +15,11 @@ impl Environment {
         Self { home, store }
     }
 
-    pub fn get_store(&self) -> RwLockReadGuard<HostStore> {
+    pub fn get_store(&self) -> RwLockReadGuard<'_, HostStore> {
         self.store.read().unwrap()
     }
 
-    pub fn get_mut_store(&self) -> RwLockWriteGuard<HostStore> {
+    pub fn get_mut_store(&self) -> RwLockWriteGuard<'_, HostStore> {
         self.store.write().unwrap()
     }
 }

modules/keymanager/src/lib.rs

@@ -1,3 +1,4 @@
+#![allow(clippy::result_large_err)]
 pub mod errors;
 pub use crate::errors::Error;
 use anyhow::anyhow;
@@ -173,7 +174,7 @@ impl EnclaveKeyManager {
                 .to_hex_string(),
             sealed_key.to_vec(),
             Mrenclave::from(report.body.mr_enclave).to_hex_string(),
-            serialize_bytes(&report),
+            serialize_bytes(&report).as_slice(),
             is_enclave_debug_enabled(&report.body),
             qe_type.as_u32()
         ])?;

modules/lcp-client/Cargo.toml

@@ -11,7 +11,7 @@ flex-error = { version = "0.4.4", default-features = false }
 tiny-keccak = { version = "2.0" }
 hex-literal = { version = "0.4.1" }
 alloy-sol-types = { version = "0.8", default-features = false }
-dcap-quote-verifier = { git = "https://github.com/datachainlab/zkdcap", rev = "v0.0.3" }
+dcap-quote-verifier = { git = "https://github.com/datachainlab/zkdcap", rev = "v0.0.4" }
 
 attestation-report = { path = "../attestation-report", default-features = false }
 remote-attestation = { path = "../remote-attestation", default-features = false }

modules/lcp-client/src/client_def.rs

@@ -233,6 +233,17 @@ impl LCPClient {
         } else {
             Default::default()
         };
+        if !client_state.operators.is_empty() {
+            assert!(
+                !operator.is_zero(),
+                "operator must be non-zero if operators are not empty"
+            );
+            assert!(
+                client_state.operators.contains(&operator),
+                "operator must be in the operators list"
+            );
+        }
+
         let expected_operator = report_data.operator();
         // check if the operator matches the expected operator in the report data
         assert!(expected_operator.is_zero() || operator == expected_operator);

modules/lcp-client/src/lib.rs

@@ -1,4 +1,5 @@
 #![allow(unused_variables)]
+#![allow(clippy::result_large_err)]
 #![cfg_attr(not(feature = "std"), no_std)]
 extern crate alloc;
 

modules/light-client/src/lib.rs

@@ -1,8 +1,8 @@
 #![no_std]
+#![allow(clippy::result_large_err)]
+#![allow(unused_imports)]
 extern crate alloc;
 
-#[allow(unused_imports)]
-
 mod prelude {
     pub use core::prelude::v1::*;
 

modules/mock-lc/src/lib.rs

@@ -1,3 +1,4 @@
+#![allow(clippy::result_large_err)]
 #![no_std]
 extern crate alloc;
 

modules/remote-attestation/Cargo.toml

@@ -27,9 +27,9 @@ serde_json = { version = "1.0", features = ["preserve_order"] }
 rsa = { version = "0.9.2", features = ["pem"], optional = true }
 chrono = { version = "0.4.38", features = ["now"], optional = true }
 
-dcap-quote-verifier = { git = "https://github.com/datachainlab/zkdcap", rev = "v0.0.3" }
-dcap-pcs = { git = "https://github.com/datachainlab/zkdcap", rev = "v0.0.3" }
-dcap-collaterals = { git = "https://github.com/datachainlab/zkdcap", rev = "v0.0.3" }
+dcap-quote-verifier = { git = "https://github.com/datachainlab/zkdcap", rev = "v0.0.4" }
+dcap-pcs = { git = "https://github.com/datachainlab/zkdcap", rev = "v0.0.4" }
+dcap-collaterals = { git = "https://github.com/datachainlab/zkdcap", rev = "v0.0.4" }
 
 lcp-types = { path = "../types" }
 crypto = { path = "../crypto", default-features = false }

modules/remote-attestation/src/lib.rs

@@ -1,4 +1,5 @@
-#[allow(clippy::doc_lazy_continuation)]
+#![allow(clippy::doc_lazy_continuation)]
+#![allow(clippy::result_large_err)]
 pub mod common;
 pub mod dcap;
 pub mod dcap_simulation;

modules/service/Cargo.toml

@@ -8,6 +8,7 @@ tonic = { version = "0.9", default-features = false }
 tonic-reflection = { version = "0.9" }
 tokio = { version = "1.0", features = ["full"] }
 anyhow = { version = "1.0.56" }
+log = { version = "0.4.8" }
 
 lcp-types = { path = "../types" }
 crypto = { path = "../crypto" }

modules/service/src/service.rs

@@ -4,9 +4,10 @@ use lcp_proto::lcp::service::{
     elc::v1::{msg_server::MsgServer as ELCMsgServer, query_server::QueryServer as ELCQueryServer},
     enclave::v1::query_server::QueryServer as EnclaveQueryServer,
 };
+use log::*;
 use std::{marker::PhantomData, net::SocketAddr, path::PathBuf, sync::Arc};
 use store::transaction::CommitStore;
-use tokio::runtime::Runtime;
+use tokio::signal::unix::{signal, SignalKind};
 use tonic::transport::Server;
 
 pub struct AppService<E, S>
@@ -47,7 +48,7 @@ where
     }
 }
 
-pub fn run_service<E, S>(srv: AppService<E, S>, rt: Arc<Runtime>, addr: SocketAddr) -> Result<()>
+pub async fn run_service<E, S>(srv: AppService<E, S>, addr: SocketAddr) -> Result<()>
 where
     S: CommitStore,
     E: EnclaveProtoAPI<S>,
@@ -59,15 +60,26 @@ where
         .register_encoded_file_descriptor_set(lcp_proto::FILE_DESCRIPTOR_SET)
         .build()
         .expect("failed to create gRPC reflection servicer");
-    rt.block_on(async {
-        Server::builder()
-            .add_service(elc_msg_srv)
-            .add_service(elc_query_srv)
-            .add_service(enclave_srv)
-            .add_service(reflection)
-            .serve(addr)
-            .await
-            .unwrap();
-    });
+
+    let mut sigint = signal(SignalKind::interrupt()).expect("failed to set SIGINT handler");
+    let mut sigterm = signal(SignalKind::terminate()).expect("failed to set SIGTERM handler");
+    let shutdown_signal = async {
+        let signal_type = tokio::select! {
+            _ = sigint.recv() => "SIGINT",
+            _ = sigterm.recv() => "SIGTERM",
+        };
+        info!(
+            "shutdown signal ({}) received, stopping server",
+            signal_type
+        );
+    };
+    Server::builder()
+        .add_service(elc_msg_srv)
+        .add_service(elc_query_srv)
+        .add_service(enclave_srv)
+        .add_service(reflection)
+        .serve_with_shutdown(addr, shutdown_signal)
+        .await?;
+    info!("server stopped");
     Ok(())
 }

modules/store/Cargo.toml

@@ -8,7 +8,7 @@ serde = { version = "1.0.184", default-features = false, features = ["alloc", "d
 log = { version = "0.4.8", default-features = false }
 flex-error = { version = "0.4.4", default-features = false }
 ouroboros = { version = "0.18.4", optional = true }
-rocksdb = { version = "0.21.0", optional = true }
+rocksdb = { version = "0.23.0", optional = true }
 
 [dev-dependencies]
 tempfile = "3"

modules/tendermint-lc/src/lib.rs

@@ -1,4 +1,5 @@
 #![allow(clippy::large_enum_variant)]
+#![allow(clippy::result_large_err)]
 #![no_std]
 extern crate alloc;
 

modules/types/src/transmuter.rs

@@ -1,5 +1,6 @@
 use crate::prelude::*;
 use alloc::string::ToString;
+use alloc::vec::Vec;
 use core::marker::PhantomData;
 use serde::Deserialize;
 use serde_with::{DeserializeAs, SerializeAs};
@@ -9,7 +10,6 @@ pub struct BytesTransmuter<T>(PhantomData<T>);
 
 impl<T> SerializeAs<T> for BytesTransmuter<T>
 where
-    [(); core::mem::size_of::<T>()]:,
     T: ContiguousMemory,
 {
     fn serialize_as<S>(source: &T, serializer: S) -> Result<S::Ok, S::Error>
@@ -22,7 +22,6 @@ where
 
 impl<'de, T> DeserializeAs<'de, T> for BytesTransmuter<T>
 where
-    [(); core::mem::size_of::<T>()]:,
     T: ContiguousMemory,
 {
     fn deserialize_as<D>(deserializer: D) -> Result<T, D::Error>
@@ -36,24 +35,28 @@ where
     }
 }
 
-pub fn serialize_bytes<T>(source: &T) -> [u8; core::mem::size_of::<T>()]
+pub fn serialize_bytes<T>(source: &T) -> Vec<u8>
 where
-    [(); core::mem::size_of::<T>()]:,
     T: ContiguousMemory,
 {
-    unsafe { core::mem::transmute_copy::<_, [u8; core::mem::size_of::<T>()]>(source) }
+    let size = core::mem::size_of::<T>();
+    let ptr = source as *const T as *const u8;
+    let slice = unsafe { core::slice::from_raw_parts(ptr, size) };
+    slice.to_vec()
 }
 
 pub fn deserialize_bytes<T>(bz: &[u8]) -> Result<T, (usize, usize)>
 where
-    [(); core::mem::size_of::<T>()]:,
     T: ContiguousMemory,
 {
-    let mut array = [0; core::mem::size_of::<T>()];
-    if bz.len() == array.len() {
-        array.copy_from_slice(bz);
-        Ok(unsafe { core::mem::transmute_copy(&array) })
+    let expected_size = core::mem::size_of::<T>();
+    if bz.len() == expected_size {
+        let mut value = core::mem::MaybeUninit::<T>::uninit();
+        let ptr = value.as_mut_ptr() as *mut u8;
+        let slice = unsafe { core::slice::from_raw_parts_mut(ptr, expected_size) };
+        slice.copy_from_slice(bz);
+        Ok(unsafe { value.assume_init() })
     } else {
-        Err((bz.len(), array.len()))
+        Err((bz.len(), expected_size))
     }
 }

modules/zkvm/Cargo.toml

@@ -4,7 +4,7 @@ version = "0.1.0"
 edition = "2021"
 
 [dependencies]
-risc0-zkvm = { version = "1.2.4", default-features = false }
+risc0-zkvm = { version = "3.0.3", default-features = false }
 flex-error = { version = "0.4.4", default-features = false }
 
 [features]

proto/src/lib.rs

@@ -6,6 +6,7 @@
 #![cfg_attr(not(feature = "std"), no_std)]
 #![deny(warnings, trivial_casts, trivial_numeric_casts, unused_import_braces)]
 #![allow(clippy::large_enum_variant)]
+#![allow(clippy::doc_overindented_list_items)]
 #![allow(rustdoc::bare_urls)]
 #![forbid(unsafe_code)]
 

rust-toolchain

@@ -1 +1 @@
-nightly-2024-09-05
+nightly-2025-08-25

tests/integration/Cargo.toml

@@ -35,7 +35,7 @@ attestation-report = { path = "../../modules/attestation-report" }
 keymanager = { path = "../../modules/keymanager" }
 remote-attestation = { path = "../../modules/remote-attestation" }
 
-zkdcap-risc0 = { git = "https://github.com/datachainlab/zkdcap", rev = "v0.0.3" }
+zkdcap-risc0 = { git = "https://github.com/datachainlab/zkdcap", rev = "v0.0.4" }
 
 [features]
 default = []